CN106034031B - Method, device, terminal and cloud authentication platform for acquiring identity information - Google Patents

Method, device, terminal and cloud authentication platform for acquiring identity information Download PDF

Info

Publication number
CN106034031B
CN106034031B CN201610041095.0A CN201610041095A CN106034031B CN 106034031 B CN106034031 B CN 106034031B CN 201610041095 A CN201610041095 A CN 201610041095A CN 106034031 B CN106034031 B CN 106034031B
Authority
CN
China
Prior art keywords
information
identity
identity card
plaintext
reading terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610041095.0A
Other languages
Chinese (zh)
Other versions
CN106034031A (en
Inventor
李明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201610041095.0A priority Critical patent/CN106034031B/en
Publication of CN106034031A publication Critical patent/CN106034031A/en
Application granted granted Critical
Publication of CN106034031B publication Critical patent/CN106034031B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a method, a device, a terminal and a cloud authentication platform for acquiring identity information. The method comprises the following steps: and acquiring the identity card information plaintext and the identification information of the identity card reading terminal. The method comprises the steps of obtaining at least two types of identity information in identity card information plaintext, obtaining information feedback strategies according to identification information, and selecting at least one group of identity information with the same type corresponding to the identification information from the information feedback strategies. The information feedback strategy comprises the following steps: the corresponding relation between each identity information and the category in the identity card information plaintext and the corresponding relation between the identification information and the category. And sending the selected at least one group of identity information with the same category to the identity card information acquisition equipment. When the method provided by the invention is used for handling the service needing to read the identity information, the leakage of the identity information which is not needed by the service can be prevented, and the inconvenience brought to the service handling by the redundant identity information which is not needed by the service is avoided.

Description

Method, device, terminal and cloud authentication platform for acquiring identity information
Technical Field
The invention relates to the technical field of electronics, in particular to a method, a device, a terminal and a cloud authentication platform for acquiring identity information.
Background
The identification card contains important identification information (such as name, identification card number, address, etc.) of citizens, which can be used to handle different services, such as: the method comprises the steps of SIM card purchase, train ticket purchase, express real-name check, bank account opening, citizen safety check and the like. For example, the identity card information real-name system checking service (for example, a train ticket purchasing service) which does not relate to public security only needs to confirm the identity card number of the citizen. The existing identity card reading device can read all identity information in an identity card, so that some identity information required by non-business can be leaked, and in addition, the service handling is inconvenient due to a large amount of identity information required by the non-business. Therefore, it is desirable to provide a method for reading the identity information necessary for the service from the identity card for different services.
Disclosure of Invention
The present invention is directed to solving one of the problems set forth above.
The invention mainly aims to provide a method for acquiring identity information.
Another object of the present invention is to provide an identity information acquiring apparatus.
The invention further aims to provide the identity card reading terminal.
Still another object of the present invention is to provide a cloud authentication platform.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides an identity information obtaining method, including: acquiring identity card information plaintext and identification information of an identity card reading terminal, wherein the identity card information plaintext is obtained by decrypting an identity card information ciphertext acquired from the identity card reading terminal by a cloud authentication platform; acquiring the types of each piece of identity information in the identity card information plaintext, wherein the types of the identity information at least comprise two types; acquiring an information feedback strategy according to the identification information, and selecting at least one group of identity information of the same category corresponding to the identification information from the information feedback strategy; wherein, the information feedback strategy comprises: the corresponding relation between each identity information and the category in the identity card information plaintext and the corresponding relation between the identification information and the category; and sending the selected at least one group of identity information with the same category to the identity card information acquisition equipment.
In addition, the identity card information plaintext at least comprises the following identity information: name, identification card number, validity period, gender, ethnicity, date of birth, address and issuing authority.
In addition, the correspondence between each identity information in the identity card information plaintext and the category includes: and mapping relation between fields corresponding to each identity information in the identity card information plaintext and the categories.
Another aspect of the present invention provides an identity information acquiring apparatus, including: the system comprises an acquisition module, a cloud authentication platform and a storage module, wherein the acquisition module is used for acquiring identity card information plaintext and identification information of an identity card reading terminal, and the identity card information plaintext is obtained by decrypting an identity card information ciphertext acquired from the identity card reading terminal by the cloud authentication platform; the safety control module is used for acquiring the types of each piece of identity information in the identity card information plaintext, wherein the types of the identity information at least comprise two types, acquiring an information feedback strategy according to the identification information, and selecting at least one group of identity information with the same type corresponding to the identification information from the information feedback strategy; wherein, the information feedback strategy comprises: the corresponding relation between each identity information and the category in the identity card information plaintext and the corresponding relation between the identification information and the category; and the sending module is used for sending the selected at least one group of identity information with the same category to the identity card information acquisition equipment.
In addition, the identity card information plaintext at least comprises the following identity information: name, identification card number, validity period, gender, ethnicity, date of birth, address and issuing authority.
In addition, the correspondence between each identity information in the identity card information plaintext and the category includes: and mapping relation between fields corresponding to each identity information in the identity card information plaintext and the categories.
In another aspect, the present invention provides an identity card reading terminal, including: the reading module is used for reading the identity card information ciphertext from the resident identity card; the communication module is used for at least sending the identity card information ciphertext to the cloud authentication platform and receiving the identity card information plaintext sent by the cloud authentication platform; and the identity information acquisition device.
In addition, the identity card reading terminal further comprises: and the safety module is used for receiving the authentication information of the user on the displayed at least one group of identity information with the same category before the identity information acquisition device sends the selected at least one group of identity information with the same category to the identity card information acquisition equipment.
Another aspect of the present invention provides a cloud authentication platform, including: and the scheduling server is used for distributing a corresponding authentication and verification security module for the identity card reading terminal. And the authentication and verification safety module is used for acquiring the identity card information ciphertext and the identification information of the identity card reading terminal and decrypting the identity card information ciphertext to obtain the identity card information plaintext, and the authentication and verification safety module comprises the identity information acquisition device.
According to the technical scheme provided by the invention, the invention provides a method for acquiring identity information, an identity information acquisition device, an identity card reading terminal and a cloud authentication platform. By adopting the technical scheme provided by the invention, when a user transacts the related service needing to read the identity information, the identity information acquisition device screens the identity information in the identity card information plaintext after acquiring the identity card information plaintext to obtain the identity information necessary for transacting the service, and only the screened information is used for transacting the related service, so that the leakage of the identity information not required by the service can be effectively prevented, and the inconvenience brought to the transaction of the service by the redundant identity information not required by the service is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of an identity information obtaining method according to embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of an identity information acquiring apparatus according to embodiment 2 of the present invention;
fig. 3 is a schematic structural diagram of an identity card reading terminal according to embodiment 3 of the present invention;
fig. 4 is a schematic structural diagram of a cloud authentication platform according to embodiment 4 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
Fig. 1 is a flowchart of an identity information obtaining method provided in this embodiment, where the method embodiment shown in fig. 1 includes the following steps:
and step S11, acquiring identity card information plaintext and identification information of the identity card reading terminal, wherein the identity card information plaintext is obtained by decrypting the identity card information ciphertext acquired from the identity card reading terminal by the cloud authentication platform.
In an optional implementation manner of this embodiment, the identity card reading terminal reads an identity card information ciphertext from a resident identity card of a user, sends the identity card ciphertext to the cloud authentication platform, and the cloud authentication platform decrypts the identity card ciphertext to obtain an identity card information plaintext. The identification information of the identity card reading terminal is used for identifying the type of the identity card reading terminal, different types of identity card reading terminals are used for handling different services which need to read the identity information in the user identity card, and specifically, the types of the identity card reading terminals include but are not limited to: the system comprises an identity card reading terminal for bank account opening, an identity card reading terminal for security check registration and an identity card reading terminal for train ticket purchasing. Therefore, a basis is provided for screening the identity card information plaintext according to the equipment identification of the identity card reading terminal.
Step S12, obtaining the type of each identity information in the identity card information plaintext, where the type of the identity information includes at least two types.
In an optional implementation manner of this embodiment, the identity card information plaintext at least includes the following identity information: name, identification card number, validity period, gender, ethnicity, date of birth, address and issuing authority. As an alternative implementation, for example, the identity card information may include two categories of identity information in plaintext, where the two categories are a first category and a second category, respectively, where the first category includes the following identity information: name, identification card number, validity period and gender; the second category includes the following identity information: nationality, date of birth, address and issuing authority. Of course, the identity information may be classified in other manners, and the categories of the identity information may also be three or four, and the like, and the specific classification manner of the identity information is not limited herein.
Step S13, obtaining an information feedback strategy according to the identification information, and selecting at least one group of identity information with the same category corresponding to the identification information from the information feedback strategy; wherein, the information feedback strategy comprises: the corresponding relation between each identity information and the category in the identity card information plaintext and the corresponding relation between the identification information and the category.
In an optional implementation manner of this embodiment, obtaining the information feedback policy according to the identification information at least includes: and acquiring a prestored information feedback strategy matched with the identification information according to the identification information. As an optional implementation, for example, the information feedback policy may specifically include: the first identification information corresponds to a first category, wherein the first identification information is identification information of an identity card reading terminal used for train ticket purchasing; the first category includes the following identity information: name, identification card number, expiration date and gender. Therefore, the identity information (name, identity card number, validity period and gender) corresponding to the first identification information can be selected from the information feedback strategy. For another example, the information feedback policy may further specifically include: the second identification information corresponds to the first category and the second category, wherein the second identification information is identification information of an identity card reading terminal used for bank account opening; the first category includes the following identity information: name, identification card number, expiration date and gender, and the second category includes the following identity information: nationality, date of birth, address and issuing authority. Thus, the identity information (name, identification card number, validity period, sex, ethnicity, date of birth, address and issuing authority) corresponding to the second identification information can be selected from the information feedback strategy. Aiming at different types of identity card reading terminals, only the identity information corresponding to the identification information of the identity card reading terminal is screened from the identity card information plain text, so that the output of non-business related identity information is prevented, and the safety of the identity information in the reading process is improved. Furthermore, only the identity information related to the service is screened, redundant identity information is reduced, and the service handling efficiency can be improved.
In an optional implementation manner of this embodiment, the correspondence between each identity information in the identity card information plaintext and the category includes: and mapping relation between fields corresponding to each identity information in the identity card information plaintext and the categories. Each identity information in the plaintext of the identity card information has a corresponding field in the data for storing the identity information, for example, the field corresponding to the name can be 1 to 8 bytes, and the field corresponding to the gender can be 9 to 10 bytes. Therefore, the field of the identity information of at least one group of same categories corresponding to the identification information can be selected from the information feedback strategy.
And step S14, sending the selected at least one group of identity information of the same category to the identity card information acquisition equipment.
In an optional implementation manner of this embodiment, sending the selected at least one group of identity information of the same category to the identity card information obtaining device specifically includes: and sending the selected at least one group of fields of the identity information of the same category to the identity card information acquisition equipment. Therefore, the identity card information acquisition equipment can acquire the field of the identity information corresponding to the identification information.
In an optional implementation manner of this embodiment, the identification card information acquiring device is used for handling a service related to the identification information. The identity card information acquisition equipment is external equipment connected with the identity card reading terminal; or, the identity card information obtaining device may also be an identity card reading terminal itself, and the identity card reading terminal at least includes a palm intelligent terminal (PDA). Therefore, the identity card information acquisition equipment can acquire the identity information of the user related to the service to handle the service.
By adopting the method provided by the embodiment, when the related service needing to read the identity information is handled, the identity card information plaintext can be obtained, the identity information in the identity card information plaintext is screened according to the information feedback strategy, the field of the identity information necessary for handling the service is obtained, and only the screened information is sent to the identity card information obtaining equipment for handling the related service, so that the identity information required by the non-service can be effectively prevented from being leaked, and the inconvenience brought by the redundant identity information required by the non-service for handling the service is avoided.
Example 2
The present embodiment provides an identity information acquiring apparatus, as shown in fig. 2, the identity information acquiring apparatus 20 includes: an acquisition module 201, a security control module 202 and a transmission module 203. Wherein:
the obtaining module 201 is configured to obtain an identity card information plaintext and identification information of an identity card reading terminal, where the identity card information plaintext is obtained by decrypting, by a cloud authentication platform, an identity card information ciphertext obtained from the identity card reading terminal.
In this embodiment, the obtaining module 201 sends the obtained identity card information plaintext and the identification information of the identity card reading terminal to the security control module 202.
In an optional implementation manner of this embodiment, the identity card reading terminal reads an identity card information ciphertext from a resident identity card of a user, sends the identity card ciphertext to the cloud authentication platform, the cloud authentication platform decrypts the identity card ciphertext to obtain an identity card information plaintext, and the obtaining module 201 obtains the identity card information plaintext. The identification information of the identity card reading terminal is used for identifying the type of the identity card reading terminal, different types of identity card reading terminals are used for handling different services which need to read the identity information in the user identity card, and specifically, the types of the identity card reading terminals include but are not limited to: the system comprises an identity card reading terminal for bank account opening, an identity card reading terminal for security check registration and an identity card reading terminal for train ticket purchasing. Therefore, a basis is provided for screening the identity card information plaintext according to the equipment identification of the identity card reading terminal.
The safety control module 202 is used for acquiring the categories of each identity information in the identity card information plaintext, wherein the categories of the identity information at least comprise two categories, acquiring an information feedback strategy according to the identification information, and selecting at least one group of identity information with the same category corresponding to the identification information from the information feedback strategy; wherein, the information feedback strategy comprises: the corresponding relation between each identity information and the category in the identity card information plaintext and the corresponding relation between the identification information and the category.
In this embodiment, the security control module 202 obtains the identity card information plaintext and the identification information of the identity card reading terminal from the obtaining module 201, and sends at least one group of identity information of the same category corresponding to the selected identification information to the sending module 203.
In an optional implementation manner of this embodiment, the identity card information plaintext at least includes the following identity information: name, identification card number, validity period, gender, ethnicity, date of birth, address and issuing authority. As an alternative implementation, for example, the identity card information may include two categories of identity information in plaintext, where the two categories are a first category and a second category, respectively, where the first category includes the following identity information: name, identification card number, validity period and gender; the second category includes the following identity information: nationality, date of birth, address and issuing authority. Of course, the identity information may be classified in other manners according to different application scenarios, and the categories of the identity information may also be three or four, and the like, and the specific classification manner of the identity information is not limited herein.
In an optional implementation manner of this embodiment, obtaining the information feedback policy according to the identification information at least includes: and acquiring a prestored information feedback strategy matched with the identification information according to the identification information. As an optional implementation, for example, the information feedback policy may specifically include: the first identification information corresponds to a first category, wherein the first identification information is identification information of an identity card reading terminal used for train ticket purchasing; the first category includes the following identity information: name, identification card number, expiration date and gender. Thus, the security control module 202 may select the identity information (name, identification number, validity period, and gender) corresponding to the first identification information from the information feedback policy. For another example, the information feedback policy may further specifically include: the second identification information corresponds to the first category and the second category, wherein the second identification information is identification information of an identity card reading terminal used for bank account opening; the first category includes the following identity information: name, identification card number, expiration date and gender, and the second category includes the following identity information: nationality, date of birth, address and issuing authority. Thus, the security control module 202 may select the identity information (name, identification number, validity period, gender, ethnicity, date of birth, address, and issuing authority) corresponding to the second identification information from the information feedback policy. For different types of identity card reading terminals, the security control module 202 only filters the identity information corresponding to the identification information of the identity card reading terminal from the identity card information plaintext, so that the non-service related identity information is prevented from being output, and the security of the identity information in the reading process is improved. Furthermore, only the identity information related to the service is displayed, redundant identity information is reduced, and the service handling efficiency can be improved.
In an optional implementation manner of this embodiment, the correspondence between each identity information in the identity card information plaintext and the category includes: and mapping relation between fields corresponding to each identity information in the identity card information plaintext and the categories. Each identity information in the plaintext of the identity card information has a corresponding field in the data for storing the identity information, for example, the field corresponding to the name can be 1 to 8 bytes, and the field corresponding to the gender can be 9 to 10 bytes. Thereby, it can be realized that the security control module 202 selects at least one group of fields of identity information of the same category corresponding to the identification information from the information feedback policy.
The sending module 203 is configured to send the selected at least one group of identity information of the same category to the identity card information obtaining device.
In this embodiment, the sending module 203 obtains at least one group of identity information of the same category to be selected from the security control module 202.
In an optional implementation manner of this embodiment, the sending module 203 is configured to send at least one group of identity information of the same category selected by the security control module 202 to the identity card information obtaining device, and specifically includes: the sending module 203 sends the fields of the identity information of at least one group of the same category selected by the security control module 202 to the identity card information acquisition device. Therefore, the identity card information acquisition equipment can acquire the field of the identity information corresponding to the identification information.
In an optional implementation manner of this embodiment, the identification card information acquiring device is used for handling a service related to the identification information. The identity card information acquisition equipment is external equipment connected with the identity card reading terminal, or the identity card information acquisition equipment can also be the identity card reading terminal, and the identity card reading terminal at least comprises a palm intelligent terminal (PDA). Therefore, the identity card information acquisition equipment can acquire the identity information of the user related to the service to handle the service.
By adopting the identity information acquisition device provided by the embodiment, when related services needing to read identity information are handled, the plaintext of the identity card information can be acquired, the identity information in the plaintext of the identity card information is screened according to an information feedback strategy, a field of the identity information necessary for handling the services is obtained, and only the screened information is sent to the identity card information acquisition equipment to handle the related services, so that the identity information required by non-services can be effectively prevented from being leaked, and inconvenience brought to the handling of the services by redundant identity information required by the non-services is avoided.
Example 3
In this embodiment, a schematic structural diagram of an identity card reading terminal is provided, as shown in fig. 3, the identity card reading terminal 30 includes: a reading module 301, a communication module 302 and an identity information acquisition device 20. In this embodiment, the identity information acquiring apparatus 20 adopts the identity information acquiring apparatus provided in embodiment 2.
The reading module 301 is configured to read an identity card information ciphertext from a resident identity card.
In this embodiment, the reading module 301 sends the read identification card information ciphertext to the communication module 302.
In an optional implementation manner of this embodiment, the reading module 301 obtains the information ciphertext of the resident identification card through a non-contact communication manner, where the non-contact communication manner at least includes an NFC manner, that is, the reading module 301 at least includes an NFC chip.
The communication module 302 is configured to at least send the identity card information ciphertext to the cloud authentication platform, and receive the identity card information plaintext sent by the cloud authentication platform.
In this embodiment, the communication module 302 obtains the id card information ciphertext from the reading module 301, and sends the received id card information plaintext to the id information obtaining apparatus 20.
In an optional implementation manner of this embodiment, the identity card information plaintext is obtained by decrypting the identity card information ciphertext by a verification security module (SAM) in the cloud authentication platform, and the identity card reading terminal 30 does not have the verification security module, that is, the identity card reading terminal 30 cannot decrypt the read identity card information ciphertext. Therefore, the illegal identity card reading terminal can be prevented from decrypting the identity card information ciphertext, and the safety of the identity card decryption process is improved.
In an optional implementation manner of this embodiment, the communication module 302 may be connected to an external device, the external device establishes a connection with the cloud authentication platform, and the communication module 302 sends the id card information ciphertext to the cloud authentication platform through the external device and receives the id card information plaintext returned by the cloud authentication platform through the external device. As an alternative embodiment, the external devices connected to the communication module 302 include, but are not limited to: a PC, a cell phone, or a tablet. Therefore, through the external device connected to the communication module 302, the communication module 302 can complete sending of the id card information ciphertext and receiving of the id card information plaintext.
In another optional implementation manner of this embodiment, the communication module 302 may directly establish a connection with the cloud authentication platform, where the connection between the communication module 302 and the cloud authentication platform includes a wireless network connection or a wired network connection. The communication module 302 at least sends the identity card information ciphertext to the cloud authentication platform through a wireless network or a wired network, and receives the identity card information plaintext returned by the cloud authentication platform through the wireless network or the wired network. Therefore, the communication module 302 can independently complete the interaction process with the cloud authentication platform without an external device.
In an optional implementation manner of this embodiment, the identity card reading terminal 30 further includes a security module (not shown in the figure) for receiving authentication information of the user on the displayed at least one group of identity information of the same category before the identity information acquiring apparatus 20 sends the selected at least one group of identity information of the same category to the identity card information acquiring device. As an alternative embodiment, the security module acquires the selected at least one group of identity information of the same category from the identity information acquiring device 20, and receives authentication information of the user for the displayed at least one group of identity information of the same category. The authentication information of at least one group of identity information of the same category can be displayed by a display screen of the identity card reading terminal 30 or by a display screen of an external device connected with the communication module 302. Of course, the display screen of the id card reading terminal 30 and the display screen of the external device connected to the communication module 302 may also be used for combined display, for example, the display screen of the id card reading terminal 30 displays text information in the identity information, where the text information includes name, id card number, address, and the like; the picture information in the identity information is displayed by a display screen of the external device connected with the communication module 302, wherein the picture information comprises a photo. Thereby, at least one set of authentication information of the same category of identity information can be displayed.
In an optional implementation manner of this embodiment, a manner in which the security module receives authentication information of the user on the displayed identity information includes: the security module receives authentication information through keys arranged on the identity card reading terminal 30; or, the security module receives authentication information such as a pin code, a fingerprint, or a voiceprint input by the user through the input component, where the input component may be disposed on the id card reading terminal 30, or may be disposed on an external device connected to the communication module 302, and the security module receives authentication information such as a pin code, a fingerprint, or a voiceprint input by the user from the external device through the communication module 302. Therefore, at least one group of identity information of the same category is displayed to the user, the user can confirm the identity information, if the identity information is tampered, the tampered error information can be immediately found by the user, the user does not input authentication information to the identity card reading terminal 30 any more, and the card reading operation is terminated. Meanwhile, the authentication information of the user on the displayed identity information is received, and the purpose of determining whether the card reading operation meets the real intention of the user can be achieved, so that the identity card is prevented from being stolen and brushed under the condition that the user does not know.
In an optional implementation manner of this embodiment, the security module may further receive, through the communication module 302, feedback information carrying the identity card information plaintext from the cloud authentication platform, where the feedback information is obtained by the cloud authentication platform encrypting the identity card information plaintext using a session key negotiated with the identity card reading terminal 30 to obtain a ciphertext M1, and then signing the ciphertext M1 using a private key stored in the cloud authentication platform itself. The security module checks the received feedback information by using the public key of the cloud authentication platform, and after the check passes, the session key is used for decrypting the feedback information to obtain the identity card information plaintext. Therefore, the safety of the process that the identity card reading terminal receives identity card information plaintext from the cloud authentication platform can be improved.
In an alternative implementation manner of this embodiment, the security module includes a security chip, and the security chip (for example, Z8D64U (national secret lot number SSX43) and Z32 (national secret lot number SSX20) of national technical stock limited company) has a separate processor and storage unit inside, and can store PKI digital certificates and keys, and other feature data, perform encryption and decryption operations on the data, provide data encryption and identity security authentication services for users, and protect business privacy and data security.
By adopting the identity card reading terminal provided by the embodiment, when the related service needing to read the identity information is handled, the plaintext of the identity card information can be obtained, the identity information in the plaintext of the identity card information is screened according to the information feedback strategy prestored in the identity card reading terminal, the field of the identity information necessary for handling the service is obtained, and the screened information is only sent to the identity card information obtaining equipment to handle the related service.
Example 4
Another aspect of the present invention provides a cloud authentication platform, as shown in fig. 4, the cloud authentication platform 40 includes: a dispatch server 401 and an authentication verification security module 402.
And the scheduling server 401 is configured to allocate a corresponding authentication and verification security module 402 to the identity card reading terminal. And the authentication and verification security module 402 is configured to obtain the identity card information ciphertext and the identification information of the identity card reading terminal, and decrypt the identity card information ciphertext to obtain the identity card information plaintext.
In an optional implementation manner of this embodiment, the authentication and verification security module 402 includes an authentication security control module and a verification security module. The authentication security control module and the verification security module are respectively connected with the scheduling server 301; alternatively, the verification security module is connected to the authentication security control module, and the authentication security control module is connected to the dispatch server 301. The authentication security module is used for receiving the identity card information ciphertext and decrypting the identity card information ciphertext to obtain an identity card information plaintext; the authentication security control module includes the identity information acquisition device 20 provided in embodiment 2.
As an optional implementation manner, the scheduling server 401 is configured to obtain an identity card information ciphertext and identification information of the identity card reading terminal from the identity card reading terminal, allocate a corresponding authentication and verification security module 402 to the identity card reading terminal according to a preset load balancing policy, and send the identity card information ciphertext and the identification information of the identity card reading terminal to the authentication and verification security module 402 allocated by the scheduling server 401. And the authentication and verification security module 402 is configured to obtain the identity card information ciphertext and the identification information of the identity card reading terminal from the scheduling server 401, and decrypt the identity card information ciphertext by using the verification security module to obtain the identity card information plaintext. After the authentication and verification security module 402 acquires at least one group of identity information of the same category by using the identity information acquisition device therein, the acquired at least one group of identity information of the same category is sent to the identity card reading terminal through the scheduling server 401. Before at least one group of acquired identity information of the same category is sent to the identity card reading terminal, the authentication security control module in the authentication and verification security module 402 may further encrypt at least one group of identity information of the same category by using a session key negotiated with the identity card reading terminal to obtain a ciphertext M2, sign the ciphertext M2 by using a private key stored in the authentication security control module itself to obtain feedback identity information, and send the feedback identity information to the identity card reading terminal through the scheduling server 401. Therefore, the cloud authentication platform can send the screened identity information to the identity card reading terminal, and carries out encryption signature operation on the screened identity information, so that the identity information is safer in the transmission process.
As another optional implementation manner, the scheduling server 301 is configured to allocate a corresponding authentication and verification security module 402 to an identity card reading terminal according to an access request of the identity card reading terminal and according to a preset load balancing policy, where the authentication and verification security module 402 obtains an identity card information ciphertext and identification information of the identity card reading terminal from the identity card reading terminal that sends the access request, decrypts the identity card information ciphertext by using the verification security module therein to obtain an identity card information plaintext, obtains at least one group of identity information of the same category by using an identity information obtaining device therein, and sends the obtained at least one group of identity information of the same category to the identity card reading terminal. Before sending the acquired at least one group of identity information of the same category to the identity card reading terminal, the authentication security control module in the authentication and verification security module 402 may further encrypt the at least one group of identity information of the same category by using a session key negotiated with the identity card reading terminal to obtain a ciphertext M2, sign the ciphertext M2 by using a private key stored in the authentication security control module itself to obtain feedback identity information, and send the feedback identity information to the identity card reading terminal. Therefore, the cloud authentication platform can send the screened identity information to the identity card reading terminal, and carries out encryption signature operation on the screened identity information, so that the identity information is safer in the transmission process.
Certainly, in this embodiment, the manner in which the authentication and verification security module 402 obtains the identity card information ciphertext and the identification information of the identity card reading terminal is not limited to the above two embodiments, and the manner in which at least one group of identity information of the same category is sent to the identity card reading terminal is not limited to the above two embodiments, and other embodiments also belong to the protection scope of the present invention.
By adopting the cloud authentication platform provided by the embodiment, when related services needing to read identity information are handled, the identity card information plaintext can be acquired, the identity information in the identity card information plaintext is screened according to an information feedback strategy, a field of the identity information necessary for handling the services is obtained, and only the screened information is sent to the identity card information acquisition equipment to handle the related services, so that the identity information required by non-services can be effectively prevented from being leaked, and inconvenience brought to the handling of the services by redundant identity information required by the non-services is avoided.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (9)

1. An identity information acquisition method, characterized in that the method comprises:
acquiring identity card information plaintext and identification information of an identity card reading terminal, wherein the identity card information plaintext is obtained by decrypting an identity card information ciphertext acquired from the identity card reading terminal by a cloud authentication platform;
acquiring the types of each identity information in the identity card information plaintext, wherein the types of the identity information at least comprise two types;
acquiring an information feedback strategy according to the identification information, and selecting at least one group of identity information of the same category corresponding to the identification information from the information feedback strategy; wherein the information feedback strategy comprises: the corresponding relation between each identity information in the identity card information plaintext and the category and the corresponding relation between the identification information and the category;
and sending the selected at least one group of identity information of the same category to identity card information acquisition equipment, wherein the identity card information acquisition equipment is external equipment connected with the identity card reading terminal.
2. The method of claim 1, wherein the identity card information plaintext includes at least the following identity information: name, identification card number, validity period, gender, ethnicity, date of birth, address and issuing authority.
3. The method according to claim 1 or 2, wherein the correspondence between each of the identity information in the identity card information plaintext and the category comprises:
and mapping relation between fields corresponding to the identity information in the identity card information plaintext and the categories.
4. An identity information acquisition apparatus, characterized in that the apparatus comprises:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring identity card information plaintext and identification information of an identity card reading terminal, wherein the identity card information plaintext is obtained by decrypting an identity card information ciphertext acquired from the identity card reading terminal by a cloud authentication platform;
the safety control module is used for acquiring the categories of each identity information in the identity card information plain text, wherein the categories of the identity information at least comprise two categories, acquiring an information feedback strategy according to the identity information, and selecting at least one group of identity information with the same category corresponding to the identity information from the information feedback strategy; wherein the information feedback strategy comprises: the corresponding relation between each identity information in the identity card information plaintext and the category and the corresponding relation between the identification information and the category;
and the sending module is used for sending the selected at least one group of identity information of the same category to identity card information acquisition equipment, wherein the identity card information acquisition equipment is external equipment connected with the identity card reading terminal.
5. The apparatus according to claim 4, wherein the identity card information plaintext includes at least the following identity information: name, identification card number, validity period, gender, ethnicity, date of birth, address and issuing authority.
6. The apparatus according to claim 4 or 5, wherein the correspondence between each of the identity information in the identity card information plaintext and the category comprises:
and mapping relation between fields corresponding to the identity information in the identity card information plaintext and the categories.
7. An identity card reading terminal, comprising:
the reading module is used for reading the identity card information ciphertext from the resident identity card;
the communication module is used for at least sending the identity card information ciphertext to a cloud authentication platform and receiving the identity card information plaintext sent by the cloud authentication platform;
and an identity information acquisition apparatus according to any one of claims 4 to 6.
8. The identity card reading terminal of claim 7, further comprising:
and the safety module is used for receiving authentication information of the identity information of the at least one group of same categories displayed by the user before the identity information acquisition device sends the selected identity information of the at least one group of same categories to the identity card information acquisition equipment.
9. A cloud authentication platform, the cloud authentication platform comprising:
the scheduling server is used for distributing a corresponding authentication and verification security module for the identity card reading terminal;
the authentication and verification security module is used for acquiring an identity card information ciphertext and identification information of the identity card reading terminal and decrypting the identity card information ciphertext to obtain an identity card information plaintext;
the authentication and verification security module comprises the identity information acquisition device according to any one of claims 4 to 6.
CN201610041095.0A 2016-01-21 2016-01-21 Method, device, terminal and cloud authentication platform for acquiring identity information Active CN106034031B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610041095.0A CN106034031B (en) 2016-01-21 2016-01-21 Method, device, terminal and cloud authentication platform for acquiring identity information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610041095.0A CN106034031B (en) 2016-01-21 2016-01-21 Method, device, terminal and cloud authentication platform for acquiring identity information

Publications (2)

Publication Number Publication Date
CN106034031A CN106034031A (en) 2016-10-19
CN106034031B true CN106034031B (en) 2020-04-21

Family

ID=57149280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610041095.0A Active CN106034031B (en) 2016-01-21 2016-01-21 Method, device, terminal and cloud authentication platform for acquiring identity information

Country Status (1)

Country Link
CN (1) CN106034031B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12095900B2 (en) 2022-01-27 2024-09-17 International Business Machines Corporation Linking a physical identifier to a digital identifier

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110300083B (en) * 2018-03-22 2021-02-12 华为技术有限公司 Method, terminal and verification server for acquiring identity information
CN111223022B (en) * 2018-11-27 2024-02-09 天地融科技股份有限公司 Method and system for realizing cloud identity card
CN112995160B (en) * 2021-02-07 2022-05-06 北京声智科技有限公司 Data decryption system and method, terminal, server and non-transient storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618115A (en) * 2015-01-27 2015-05-13 李明 Identity card information obtaining method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101324942A (en) * 2007-06-13 2008-12-17 阿里巴巴集团控股有限公司 Payment system and method performing trade by identification card including IC card

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618115A (en) * 2015-01-27 2015-05-13 李明 Identity card information obtaining method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12095900B2 (en) 2022-01-27 2024-09-17 International Business Machines Corporation Linking a physical identifier to a digital identifier

Also Published As

Publication number Publication date
CN106034031A (en) 2016-10-19

Similar Documents

Publication Publication Date Title
US20190122212A1 (en) Methods and systems for provisioning payment credentials
CN104618115B (en) ID card information acquisition methods and system
KR101612751B1 (en) Providing digital certificates
CN107231235B (en) Electronic receipt generating method, business handling system and intelligent secret key equipment
US10769627B2 (en) Systems, methods and devices for transacting
US20140358777A1 (en) Method for secure atm transactions using a portable device
KR20230008206A (en) Transaction messaging
CN106022081B (en) A kind of card reading method of identity card card-reading terminal, identity card card-reading terminal and system
CN106034031B (en) Method, device, terminal and cloud authentication platform for acquiring identity information
AU2014353151A1 (en) Automated account provisioning
WO2010002541A1 (en) Trusted service manager (tsm) architectures and methods
CN107181714A (en) Verification method and device, the generation method of service code and device based on service code
CN104639542A (en) Method and system for obtaining identity card information
EP3151180A1 (en) Identification method and system
KR102574524B1 (en) Remote transaction system, method and point of sale terminal
CN106033571A (en) Trading method of electronic signature devices, electronic signature devices and trading system
KR101240231B1 (en) A mobile phone id card security system
CN107872321B (en) Electronic identity authentication method and electronic identity terminal equipment
CN111523869A (en) Off-line transaction method and system for digital currency
CN108848061B (en) User information transmission method and terminal equipment
US20170024729A1 (en) Secure Transmission of Payment Credentials
WO2015162276A2 (en) Secure token implementation
GB2525424A (en) Secure token implementation
CN207503367U (en) A kind of self-service dealing system
KR101773875B1 (en) App-to-app user direct payment system, method and application for mobile terminal therefor

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220425

Address after: Tiantianrong building, No. 1, Zhongguancun, Beiqing Road, Haidian District, Beijing 100094

Patentee after: TENDYRON Corp.

Address before: 100086 room 603, building 12, taiyueyuan, Haidian District, Beijing

Patentee before: Li Ming

TR01 Transfer of patent right