CN107196965B - Secure network real name registration method - Google Patents

Secure network real name registration method Download PDF

Info

Publication number
CN107196965B
CN107196965B CN201710538924.0A CN201710538924A CN107196965B CN 107196965 B CN107196965 B CN 107196965B CN 201710538924 A CN201710538924 A CN 201710538924A CN 107196965 B CN107196965 B CN 107196965B
Authority
CN
China
Prior art keywords
website
public security
citizen
real
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201710538924.0A
Other languages
Chinese (zh)
Other versions
CN107196965A (en
Inventor
张艳洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yantai University
Original Assignee
Yantai University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yantai University filed Critical Yantai University
Priority to CN201710538924.0A priority Critical patent/CN107196965B/en
Publication of CN107196965A publication Critical patent/CN107196965A/en
Application granted granted Critical
Publication of CN107196965B publication Critical patent/CN107196965B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明实现了一种安全网络实名登记注册技术,本发明应用一系列数据加密、数字签名和身份认证信息安全技术使得发生实名登记注册的网站只能鉴别用户个人身份的真实性,但是无法破解获取用户个人真实身份信息,有效避免了一旦发生网站信息泄露可能带来的各种安全隐患。实现了当用户办理网络实名登记注册时,用户个人与网站之间的身份认证,即网站首先需向用户证实其身份的合法性,然后用户向网站证实其身份合法性,既防止虚假网站非法获取用户个人信息,又避免用户使用虚假信息在合法网站进行登记注册。如果发生注册用户在网络使用过程中产生纠纷或者涉及到法律问题,只有在公安机关的参与下,使用登记注册密文信息可以完全获取用户的真实身份。The invention realizes a security network real-name registration technology. The invention applies a series of data encryption, digital signature and identity authentication information security technologies so that the website where real-name registration occurs can only identify the authenticity of the user's personal identity, but cannot be obtained by cracking The user's personal real identity information can effectively avoid various security risks that may be caused by the leakage of website information. It realizes the identity authentication between the user and the website when the user goes through the online real-name registration, that is, the website first needs to confirm the legitimacy of his identity to the user, and then the user confirms the legitimacy of his identity to the website, which not only prevents false websites from illegally obtaining Users' personal information, and avoid users using false information to register on legitimate websites. If a registered user has a dispute or involves legal issues during the use of the network, only with the participation of the public security organs, the user's real identity can be fully obtained by using the registered ciphertext information.

Description

一种安全网络实名登记注册方法A security network real-name registration method

技术领域technical field

本发明涉及计算机技术领域中的网络信息安全技术,特别涉及采用数据加密与身份认证技术的一种安全网络实名登记注册方法,该方法实现网络实名登记注册时网站与用户之间的身份认证,充分保护用户个人隐私信息的安全。The invention relates to network information security technology in the field of computer technology, in particular to a secure network real-name registration method using data encryption and identity authentication technology. Protect the security of users' personal privacy information.

背景技术Background technique

通常情况下,用户在网站进行注册时需要填写用户名、密码、电话号码或者邮箱等信息,由于这部分信息并不能用于准确识别一个人的真实身份,人们在享受网络信息传输和交流的便捷性的同时,各种虚假信息甚至是恶意信息也通过网络迅速传播,由此带来一系列安全问题和社会问题,网络实名登记注册正是为了抵御这一现象的蔓延而采取的强制性措施。例如针对层出不穷的电信诈骗事件,国家相关部门明确规定手机用户必须进行实名登记。从长远来看用户实名登记注册是加强网络监管,防范公民游走法律边缘的重要措施,对维护正常稳定的网络秩序将会发挥积极作用,推广的层面亦会逐步扩大。但是实名登记注册需要用户准确填写个人姓名、身份证号码、家庭住址或者工作单位等敏感信息,由于这些信息属于公民个人隐私,它们的安全性受到人们的极大关注,一旦发生信息泄露后果难以预料,特别是在网络安全事件层出不穷的今天,实名登记注册增加了人们的抵触情绪。Usually, users need to fill in information such as user name, password, phone number or email when registering on the website. Since this part of the information cannot be used to accurately identify a person's true identity, people are enjoying the convenience of network information transmission and communication. At the same time, all kinds of false information and even malicious information spread rapidly through the network, which brings a series of security and social problems. Online real-name registration is a mandatory measure to prevent the spread of this phenomenon. For example, in response to the endless telecommunications fraud incidents, the relevant state departments clearly stipulate that mobile phone users must register with their real names. In the long run, user real-name registration is an important measure to strengthen network supervision and prevent citizens from wandering on the edge of the law. It will play a positive role in maintaining a normal and stable network order, and the level of promotion will gradually expand. However, real-name registration requires users to accurately fill in sensitive information such as personal name, ID number, home address or work unit. Since these information belong to citizens' personal privacy, their security has received great attention from people, and the consequences of information leakage are unpredictable. , especially in today's emerging network security incidents, real-name registration has increased people's resistance.

现行的网络实名登记注册由经过国家授权许可的网站或者机构对用户的真实身份信息进行核实,经过核实的用户给予开通相应网络功能,并且将实名登记信息进行独立存储。当用户需要在多个不同网站进行实名登记注册时,这种分散式实名登记信息管理办法将会大大增加信息泄露的风险。此外,在网络实名登记注册具体实施过程中存在着一系列来自用户和网站之间的矛盾。对于用户来说,如何确信网站是合法网站,避免在假冒网站填写个人信息造成信息泄露,以及如何打消用户对实名登记注册信息安全性的担忧;对于网站来说,如何有效验证用户实名登记注册信息的真实性,网站需要花费大量的时间和精力来核实用户登记注册信息的真实性,防止用户填写虚假个人实名信息,如何降低网站自身存储管理用户敏感个人隐私信息的安全负担是难以解决的实际问题,在某种程度上也限制了网络的发展。In the current online real-name registration, a website or institution authorized by the state verifies the user's real identity information, and the verified user is given the corresponding network function, and the real-name registration information is stored independently. When users need to perform real-name registration on multiple different websites, this decentralized real-name registration information management method will greatly increase the risk of information leakage. In addition, there are a series of contradictions between users and websites in the specific implementation process of online real-name registration. For users, how to be sure that the website is a legitimate website, avoid information leakage caused by filling in personal information on fake websites, and how to dispel users' concerns about the security of real-name registration information; for websites, how to effectively verify users' real-name registration information The website needs to spend a lot of time and energy to verify the authenticity of user registration information, prevent users from filling in false personal real-name information, and how to reduce the security burden of the website itself to store and manage users' sensitive personal privacy information is a practical problem that is difficult to solve. , to a certain extent also restricts the development of the network.

发明内容SUMMARY OF THE INVENTION

本发明针对这一迫切需要解决的实际问题,即分散式实名登记中存在的技术问题、对于用户如何确认网站是否合法的技术问题、网站如何验证注册用户真实性的技术问题以及如何降低网站自身存储敏感信息的安全负担的技术问题等。本发明的方法在具体实现过程中引入具有权威公信力的国家公安机关,公安机关自身掌握着全国所有合法公民的详细个人身份信息,能够证实公民身份的真实有效性,设其拥有的公开钥为KGP,私有密钥为KGS。为了进一步实现在网络环境下对公民身份进行安全管理,可以要求所有合法公民到公安机关申请登记一个与个人身份证号码绑定的密码,此密码对第三方保密并且不能随意泄露。The present invention aims at this practical problem that needs to be solved urgently, namely the technical problems existing in the decentralized real-name registration, the technical problem of how to confirm whether the website is legal for the user, the technical problem of how the website verifies the authenticity of the registered user, and how to reduce the storage of the website itself. Technical issues with the security burden of sensitive information, etc. The method of the present invention introduces a national public security organ with authority and credibility in the specific implementation process. The public security organ itself has the detailed personal identity information of all legal citizens in the country, and can verify the authenticity and validity of the citizenship. Let the public key possessed by it be K GP , the private key is K GS . In order to further realize the security management of citizens' identities in the network environment, all legal citizens can be required to apply to the public security organs to register a password bound to their personal ID number. This password is kept secret from third parties and cannot be leaked at will.

对于需要记录用户实名登记注册信息的网站或者管理机构来说,由公安机关针对这些网站的身份真实性进行核实,要求所有进行网络实名登记注册的网站首先需要在公安机关登记注册,以保证其所从事的用户登记注册业务受到执法部门的监管,合法性得到保障。合法合规的网站由公安机关分配具有身份标识作用的唯一性网站号码,此号码应该向网站所有浏览用户公开,并且公民可以在公安机关网站对该号码真伪性进行查询和验证。For websites or management agencies that need to record the real-name registration information of users, the public security organs shall verify the authenticity of the identities of these websites. All websites that conduct online real-name registration are required to be registered with the public security organs first to ensure that their The user registration business engaged in is subject to the supervision of the law enforcement department, and the legality is guaranteed. Legal and compliant websites are assigned a unique website number with identification function by the public security organ. This number should be disclosed to all users who browse the website, and citizens can check and verify the authenticity of the number on the public security organ website.

由于网站记录的实名登记注册信息极其敏感,与用户个人隐私密切相关,数据存储和管理的安全性受到人们的广泛关注,为了避免各种信息泄露可能导致的安全隐患,本发明在技术上实现公民身份信息与网络注册信息分散管理,对于非敏感网络注册信息如用户名和密码等由网站独立存储,但是对于用户实名登记的真实公民身份信息由公安机关进行认证和签名,采用信息安全技术建立两者的联系,进而实现公民在网络实名登记注册时,在网站留下的是由公安机关认证的个人身份密文信息,网站可以使用该密文信息核实注册用户的真实性,但是无法得知用户具体的身份信息,这样就实现了公民身份信息在公安机关处的集中安全管理。当网站需要获取某一注册用户的真实身份时,可以将该用户在网站留下的身份密文信息提交给公安机关,公安机关通过审核即可确认其真实身份,不会对公安机关执法造成任何障碍。Since the real-name registration information recorded on the website is extremely sensitive and closely related to the user's personal privacy, the security of data storage and management has received widespread attention. Identity information and network registration information are managed in a decentralized manner. Non-sensitive network registration information such as user names and passwords are stored independently by the website, but the real citizen identity information registered by the user's real name is authenticated and signed by the public security organ, and information security technology is used to establish both. In this way, when citizens register with their real names on the Internet, what they leave on the website is the personal identity ciphertext information authenticated by the public security organ. In this way, the centralized and secure management of citizens' identity information at the public security organs is realized. When the website needs to obtain the real identity of a registered user, the ciphertext information of the identity left by the user on the website can be submitted to the public security organ. obstacle.

本发明提供的一种新的网络实名登记注册方法,该方法有效实现了网络实名登记注册的安全性,避免了分散式实名登记中信息泄露的风险。The invention provides a new network real-name registration method, which effectively realizes the security of network real-name registration and avoids the risk of information leakage in decentralized real-name registration.

网络实名登记注册技术效果:对于网络注册用户来说,由于在注册过程中是网站首选向用户进行身份认证,消除了假冒伪造网站冒充合法网站非法获取用户实名信息的可能,同时由于网站所记载的实名登记注册信息在没有公安机关介入的情形下,任何人都无法解密,所以有效保护了用户重要私密信息的安全性;对于网站来说,由于所有注册用户的身份合法性能够得到具有权威公信力的公安机关核实,使得网站记录的实名信息都是真实有效的,极大地节约了网站验证用户真实身份的人力和物力成本,由于本技术打消了用户针对传统实名登记注册过程的种种安全疑虑,能够提高主动接受实名登记注册的参与意识和接受程度,对这项势在必行的网络安全要求的广泛推广具有促进作用,实现用户和网站双赢的局面。Technical effect of online real-name registration: For online registered users, since the website is the first choice to authenticate the user during the registration process, it eliminates the possibility of a fake website pretending to be a legitimate website to illegally obtain the user's real-name information. The real-name registration information cannot be decrypted by anyone without the intervention of the public security organs, thus effectively protecting the security of important private information of users; The public security organs verify that the real-name information recorded on the website is real and effective, which greatly saves the manpower and material costs of the website to verify the real identity of the user. Actively accepting the participation awareness and acceptance level of real-name registration will promote the widespread promotion of this imperative network security requirement and achieve a win-win situation for users and websites.

具体实施方式Detailed ways

一种安全网络实名登记注册方法,所述方法中引入具有权威公信力的国家公安机关,公安机关自身掌握着全国所有合法公民的详细个人身份信息,并且拥有公开钥KGP和私有密钥KGS,其中,公开钥KGP对外公开,私有密钥KGS只有公安机关知晓;A real-name registration method for a secure network, wherein a national public security organ with authority and credibility is introduced into the method, and the public security organ itself masters the detailed personal identity information of all legal citizens in the country, and has a public key K GP and a private key K GS , Among them, the public key K GP is disclosed to the public, and the private key K GS is only known to the public security organs;

同时,所有合法公民A到公安机关申请登记与个人身份证号码绑定的密钥 KA,KA为数据加密过程中使用的密钥,并且只有公民A和公安机关两者知道该密钥KAAt the same time, all legal citizens A apply to the public security organ to register the key K A bound to the personal ID number. K A is the key used in the data encryption process, and only citizen A and the public security organ know the key K A ;

对于需要记录用户实名登记注册信息的网站或者机构W,首先在公安机关登记注册,然后由公安机关针对上述网站或者机构W的身份真实性进行核实,核实后由公安机关分配具有唯一性身份标识作用的网站或机构W的身份标识 IDW和与身份标识IDW绑定的密钥KW,IDW对外公开并且在公安机关网站可查询验证真伪性,密钥KW只有W和公安机关知晓;For a website or institution W that needs to record the user's real-name registration information, first register with the public security organ, and then the public security organ will verify the authenticity of the identity of the above-mentioned website or institution W, and after verification, the public security organ will assign a unique identification function. The identification ID W of the website or organization W and the key K W bound to the identification ID W , ID W is open to the public and can be checked and verified on the website of the public security organ, and the key K W is only known by W and the public security organ ;

实名登记注册步骤如下,The steps for real-name registration are as follows:

第一步,公民A访问需要实名登记注册的网站或机构W,或者访问公安机关网站,获取公安机关颁发的身份标识IDWIn the first step, citizen A visits the website or organization W that requires real-name registration, or visits the website of the public security organ to obtain the ID W issued by the public security organ;

第二步,公民A向公安机关网站发送实名登记注册请求TA

Figure BDA0001341377380000041
其中,符号||表示将两个相邻信息拼接在一起,IDA为公民 A的身份证号码,E为双方事先约定的数据加密算法,并且数据加密算法E为公众所知晓;In the second step, citizen A sends a real-name registration request T A to the website of the public security organ,
Figure BDA0001341377380000041
Among them, the symbol || indicates that two adjacent pieces of information are spliced together, ID A is the ID number of citizen A, E is the data encryption algorithm agreed in advance by both parties, and the data encryption algorithm E is known to the public;

第三步,公安机关收到TA后,从其内部数据库根据公民A的身份证号码IDA检索与之关联的密钥KA,然后使用KA

Figure BDA0001341377380000042
解密得到IDA||IDW,其中,IDA为 TA的辅助身份核实信息,然后公安机关从所有在公安机关注册登记的网站数据库中找到身份标识为IDW的密钥KW;In the third step, after receiving T A , the public security organ retrieves the associated key K A from its internal database according to citizen A's ID number ID A , and then uses K A to
Figure BDA0001341377380000042
Decryption obtains ID A ||ID W , wherein, ID A is the auxiliary identity verification information of T A , and then the public security organ finds the key K W whose identity is ID W from all the website databases registered in the public security organ;

第四步,公安机关为公民A生成实名登记注册认证凭证T,

Figure BDA0001341377380000051
其中,
Figure BDA0001341377380000052
Figure BDA0001341377380000053
K为公安机关分配的密钥,Time为时间戳,用于表明T的申请日期及有效时间,同时Time与密钥K绑定当次有效,然后公安机关将密文T发送给公民A;In the fourth step, the public security organ generates a real-name registration authentication certificate T for citizen A,
Figure BDA0001341377380000051
in,
Figure BDA0001341377380000052
Figure BDA0001341377380000053
K is the key assigned by the public security organ, Time is the timestamp, which is used to indicate the application date and valid time of T, and the binding of Time and key K is valid at the time, and then the public security organ sends the ciphertext T to citizen A;

第五步,公民A收到T之后,使用其掌握的密钥KA将T解密,获得m1公民A从m1中获取由公安机关分配的密钥K以及公安机关使用其私有密钥KGS对密钥K的签名结果

Figure BDA0001341377380000055
In the fifth step, after citizen A receives T, it decrypts T with the key K A mastered by it to obtain m 1 and Citizen A obtains from m 1 the key K distributed by the public security organ and the result of the public security organ signing the key K using its private key K GS
Figure BDA0001341377380000055

第六步,公民A持公安机关生成的实名注册认证凭证T到网站或机构W实名登记注册,首先将密文

Figure BDA0001341377380000056
发送给网站或机构W,然后等待网站或机构W 向公民A证实网站或机构W的合法性,The sixth step, citizen A holds the real-name registration authentication certificate T generated by the public security organ to the website or institution W for real-name registration.
Figure BDA0001341377380000056
Send to website or agency W, then wait for website or agency W to confirm to citizen A the legitimacy of website or agency W,

网站或机构W使用KW解密

Figure BDA0001341377380000057
之后得到m2,从m2中得到由公安机关使用公开钥KGP加密的用户真实身份密文
Figure BDA0001341377380000058
Website or institution W decrypts using K W
Figure BDA0001341377380000057
Then, m 2 is obtained, and the ciphertext of the real identity of the user encrypted by the public key K GP by the public security organ is obtained from m 2
Figure BDA0001341377380000058

然后,网站或机构W使用公安机关的公开钥KGP

Figure BDA0001341377380000059
解密得到公安机关分配的密钥K,网站或机构W随机生成一个四位以上的整数n,然后生成验证码 V=EK[n],然后网站或机构W将
Figure BDA00013413773800000510
和V同时显示在用户注册页面上,等待A 完成实名登记注册;Then, the website or organization W uses the public key K GP of the public security organ to
Figure BDA0001341377380000059
Decrypt to obtain the key K distributed by the public security organ, the website or organization W randomly generates an integer n with more than four digits, and then generates the verification code V=E K [n], and then the website or organization W will
Figure BDA00013413773800000510
and V are displayed on the user registration page at the same time, waiting for A to complete the real-name registration;

第七步,公民A首先将网站或机构W页面上显示的

Figure BDA00013413773800000511
与自己解密T所获得的
Figure BDA00013413773800000512
对比验证是否一致,若两者一致,则确认网站或机构W的合法性;In the seventh step, citizen A first puts the displayed information on the website or institution W page
Figure BDA00013413773800000511
What you get by decrypting T with yourself
Figure BDA00013413773800000512
Compare and verify whether they are consistent, if the two are consistent, confirm the legitimacy of the website or organization W;

然后,公民A使用K将V=EK[n]解密获得n,A将自己选定的在网站或机构 W处的注册信息以及n一并填写到注册页面上并提交;Then, citizen A uses K to decrypt V=E K [n] to obtain n, and A fills in the registration information and n at the website or institution W selected by himself on the registration page and submits it;

第八步,网站或机构W收到公民A的注册信息后,首先核实A提交的验证码n是否正确,若验证码n正确,则确认公民A身份的真实合法性,然后网站或机构W将

Figure BDA0001341377380000061
作为A的实名登记信息连同其它注册信息记录到网站用户数据库中,公民A完成实名登记注册过程。The eighth step, after the website or institution W receives the registration information of citizen A, it firstly verifies whether the verification code n submitted by A is correct.
Figure BDA0001341377380000061
As A's real-name registration information and other registration information are recorded in the website user database, citizen A completes the real-name registration process.

若公民A在网站或机构W处有违法行为发生,网站或机构W将

Figure BDA0001341377380000062
告知公安机关,公安机关使用私有密钥KGS解密
Figure BDA0001341377380000063
获得公民A的真实个人身份。If Citizen A commits illegal acts at Website or Institution W, Website or Institution W will
Figure BDA0001341377380000062
Inform the public security organs, the public security organs use the private key K GS to decrypt
Figure BDA0001341377380000063
Obtain Citizen A's true personal identity.

优选,E为商用加密算法,如AES算法,或是公安机关专门设计的加密算法。Preferably, E is a commercial encryption algorithm, such as the AES algorithm, or an encryption algorithm specially designed by the public security organ.

本发明以具体的公民A实名登记注册的网站或机构W为具体实施例做出说明,具体实施例如下所述。The present invention is described by taking a specific website or institution W registered with the real name of citizen A as a specific embodiment, and the specific embodiment is as follows.

第一步公民A访问公安机关网站或者访问需要实名登记注册的网站或机构,此处用W进行表示,获取W由公安机关颁发的身份标识IDWIn the first step, citizen A visits the website of the public security organ or visits the website or institution that requires real-name registration, and is represented by W here, and obtains the identification ID W issued by the public security organ;

第二步公民A向公安机关网站发送实名登记注册请求:Step 2 Citizen A sends a real-name registration request to the public security organ website:

Figure BDA0001341377380000064
此处符号||表示将两个相邻信息拼接在一起,IDA为公民A 的身份证号码,E表示双方事先约定的某一数据加密算法,本例中E为AES算法, KA为数据加密过程中使用的密钥,并且只有A和公安机关两者知道该密钥;
Figure BDA0001341377380000064
The symbol || here means splicing two adjacent pieces of information together, ID A is the ID number of citizen A, and E means a data encryption algorithm agreed upon by both parties in advance. In this example, E is the AES algorithm, and K A is the data. The key used in the encryption process, and only known to both A and the public security authority;

第三步公安机关收到TA后,从其内部数据库根据公民A的身份证号码IDA检索与之关联的密钥KA,使用KA

Figure BDA0001341377380000065
解密可以得到IDA||IDW,其中IDA作为 TA的辅助身份核实信息,然后从所有在公安机关注册登记的网站数据库中找到身份标识为IDW的密钥KW;Step 3 After receiving T A , the public security organ retrieves the associated key K A from its internal database according to citizen A's ID number ID A , and uses K A to
Figure BDA0001341377380000065
Decryption can obtain ID A || ID W , wherein ID A is used as the auxiliary identity verification information of T A , and then the key K W whose identity is ID W is found from all website databases registered in the public security organs;

第四步公安机关为公民A生成实名登记注册认证凭证:其中

Figure BDA0001341377380000067
Time为时间戳用于表明T的申请日期及有效时间,然后将密文T发送给公民A,为便于使用T可以以二维码的方式生成;Step 4: The public security organ generates a real-name registration authentication certificate for citizen A: in
Figure BDA0001341377380000067
Time is a timestamp used to indicate the application date and valid time of T, and then send the ciphertext T to citizen A, which can be generated in the form of a two-dimensional code for the convenience of use;

第五步公民A收到T之后,可以使用其掌握的密钥KA将T解密,从而获得m1

Figure BDA0001341377380000071
公民A可以从m1中获取由公安机关分配的密钥K,以及公安机关使用其私有密钥KGS对密钥K的签名结果由于密钥K是与时间戳Time绑定的,只能当次有效,
Figure BDA0001341377380000073
是公安机关使用密钥KW加密生成的密文,由于A不知道密钥KW所以无法解密m2;Step 5 After citizen A receives T, he can decrypt T with the key K A mastered by him to obtain m 1 and
Figure BDA0001341377380000071
Citizen A can obtain the key K distributed by the public security organ from m 1 , and the result of the public security organ signing the key K using its private key K GS Since the key K is bound to the timestamp Time, it can only be valid for the current time.
Figure BDA0001341377380000073
is the ciphertext generated by the public security organ using the key K W to encrypt and generate, since A does not know the key K W , it cannot decrypt m 2 ;

第六步公民A持公安机关生成的实名注册认证凭证T到网站W实名登记注册时,首先输入密文

Figure BDA0001341377380000074
然后等待网站首先向A证实网站W的合法性,防止钓鱼网站以及未经过公安机关认证的网站非法获取用户个人信息。由于只有真实的网站W才知道密钥KW,使用KW解密
Figure BDA0001341377380000075
之后可以得到m2,从m2中可以得到由公安机关使用公开钥KGP加密的用户真实身份密文
Figure BDA0001341377380000076
由于网站 W不知道公安机关的私有密钥KGS,所以无法解密也就无法知晓A的真实身份证号码IDA。网站W使用公安机关的公开钥KGP
Figure BDA0001341377380000078
解密可以得到公安机关分配的密钥K,然后选择一个四位以上随机整数n,生成V=EK[n]作为验证码,将
Figure BDA0001341377380000079
和V同时显示在用户注册页面上,等待A完成实名登记注册;Step 6 When citizen A holds the real-name registration authentication certificate T generated by the public security organ, when he goes to the website W for real-name registration, he first enters the ciphertext
Figure BDA0001341377380000074
Then wait for the website to first confirm the legitimacy of website W to A, so as to prevent phishing websites and websites that have not been certified by the public security organ from illegally obtaining users' personal information. Since only the real website W knows the key KW, use KW to decrypt
Figure BDA0001341377380000075
Then m 2 can be obtained, from m 2 the user's real identity ciphertext encrypted by the public key K GP can be obtained by the public security organ
Figure BDA0001341377380000076
Since the website W does not know the private key K GS of the public security organ, it cannot decrypt it There is no way to know the real ID number ID A of A. Website W uses the public key K GP of the public security organ to
Figure BDA0001341377380000078
Decryption can obtain the key K distributed by the public security organ, and then select a random integer n of more than four digits to generate V=E K [n] as the verification code,
Figure BDA0001341377380000079
and V are displayed on the user registration page at the same time, waiting for A to complete the real-name registration;

第七步公民A首先将网站W页面上显示的

Figure BDA00013413773800000710
与自己解密T所获得的
Figure BDA00013413773800000711
进行对比验证,由于除公安机关之外的任何人均无法伪造签名
Figure BDA00013413773800000712
所以如果两者一致,网站W一定是经过公安机关认证的合法网站,从而网站首先向公民A证实了自身的合法性。由于A在第五步已经得到K,A使用K将V=EK[n] 解密可以获得n,A将自己选定的在网站W处的注册信息以及n一并填写到注册页面上点击提交;Step 7 Citizen A first puts the displayed on the W page of the website
Figure BDA00013413773800000710
What you get by decrypting T with yourself
Figure BDA00013413773800000711
Carry out comparative verification, because no one except the public security organs can forge the signature
Figure BDA00013413773800000712
Therefore, if the two are consistent, website W must be a legitimate website certified by the public security organ, so the website first confirms its legitimacy to citizen A. Since A has obtained K in the fifth step, A uses K to decrypt V=E K [n] to obtain n, and A fills in the registration information at the website W and n selected by himself on the registration page and clicks submit ;

第八步网站W收到公民A的注册信息后,首先核实A提交的验证码n是否正确,由于在第四步只有真实的公民A才能使用密钥K解密V=EK[n],所以公民 A向网站W证实了自身身份的真实合法性,W将

Figure BDA00013413773800000713
作为A的实名登记信息连同其它注册信息一起记录到网站用户数据库中,公民A完成实名登记注册过程;In the eighth step, after the website W receives the registration information of citizen A, it firstly verifies whether the verification code n submitted by A is correct. Since in the fourth step, only the real citizen A can use the key K to decrypt V=E K [n], so Citizen A has confirmed the authenticity and legitimacy of his identity to website W, and W will
Figure BDA00013413773800000713
As A's real-name registration information is recorded in the website user database together with other registration information, citizen A completes the real-name registration process;

第九步如果公民A在网站W处有违法行为发生,W只需将

Figure BDA0001341377380000081
告知公安机关,公安机关使用只由其自身掌握的私有密钥KGS解密
Figure BDA0001341377380000082
即可获得公民A的真实个人身份。Step 9 If citizen A commits an illegal act on website W, W only needs to
Figure BDA0001341377380000081
Inform the public security organs that the public security organs use the private key K GS only mastered by themselves to decrypt
Figure BDA0001341377380000082
The real personal identity of Citizen A can be obtained.

本发明所实现的技术通过网站与实名登记注册用户之间的身份认证,有效保护了各自的信息安全,同时为必要时刻公安机关介入调查提供了便利。The technology realized by the invention effectively protects their respective information security through the identity authentication between the website and the real-name registered users, and at the same time provides convenience for the public security organs to intervene in the investigation when necessary.

以上详细描述了本发明的优选实施方式,但是,本发明并不限于上述实施方式中的具体细节,在本发明的技术构思范围内,可以对本发明的技术方案进行多种等同变换,这些等同变换均属于本发明的保护范围。The preferred embodiments of the present invention have been described in detail above. However, the present invention is not limited to the specific details of the above-mentioned embodiments. Within the scope of the technical concept of the present invention, various equivalent transformations can be made to the technical solutions of the present invention. These equivalent transformations All belong to the protection scope of the present invention.

另外需要说明的是,在上述具体实施方式中所描述的各个具体技术特征,在不矛盾的情况下,可以通过任何合适的方式进行替换或组合。为了避免不必要的重复,本发明对各种可能的组合方式不再另行说明。In addition, it should be noted that each specific technical feature described in the above-mentioned specific implementation manner may be replaced or combined in any suitable manner under the circumstance that there is no contradiction. In order to avoid unnecessary repetition, the present invention will not describe various possible combinations.

Claims (4)

1. A secure network real name registration method is characterized in that,
the method introduces a national public security agency with authoritative public trust, and the public security agency masters the detailed personal identity information of all legal citizens in the country and has a public key K GPAnd a private key K GSWherein the public key K GPExternally public, private key K GSOnly public security authorities know;
at the same time, all legal citizens A apply for registration of the secret key K bound with the personal identification number to the public security organ A,K AIs a key used in the data encryption process and is known only to both citizen A and the public security agency A
For the website or mechanism W needing to record the registration information of the real name registration of the user, firstly registering and registering in the public security organization, then verifying the identity authenticity of the website or mechanism W by the public security organization, and distributing the identity ID of the website or mechanism W with the unique identity function by the public security organization after verification WAnd with the identity ID WBound key K W,ID WThe key K is published externally and can be inquired and verified at the website of the public security institution WOnly W and public security agencies know;
the real-name registration step is as follows,
firstly, a citizen A accesses a website or a mechanism W which needs real-name registration or accesses a website of a public security organization to acquire an identification ID issued by the public security organization W
Secondly, the citizen A sends a registration request T of real name registration to the website of the public security organization A
Figure FDA0002218218200000011
Wherein the symbol | | indicates that two adjacent pieces of information are spliced together, ID AThe ID card number of the citizen A is used as the ID card number of the citizen A, the ID card number E is a data encryption algorithm agreed by the two parties in advance, and the data encryption algorithm E is known by the public;
thirdly, the public security organization receives T AThen, the ID card number ID of the citizen A is selected from the internal database ARetrieving a key K associated therewith AThen use K AWill be provided with
Figure FDA0002218218200000012
Decrypting to obtain ID A‖ID WWherein ID AIs T AThen the public security organization finds the identity ID from all the website databases registered in the public security organization WKey K of W
Fourthly, the public security organization generates a real-name registration authentication certificate T for the citizen A,
Figure FDA0002218218200000013
wherein,
Figure FDA0002218218200000014
Figure FDA0002218218200000015
k isThe Time is a timestamp and is used for indicating the application date and the valid Time of the T, and meanwhile, the Time and the key K are bound to be valid at the same Time, and then the public security organization sends the authentication certificate T to the citizen A;
fifthly, after receiving T, citizen A uses the key K mastered by citizen A ADecrypting T to obtain m 1And
Figure FDA0002218218200000016
citizen A from m 1To obtain a secret key K distributed by a public security authority and to use its private secret key K by the public security authority GSSignature result on secret key K
Figure FDA0002218218200000017
Sixthly, the real-name registration authentication certificate T generated by the public security organization held by the citizen A is registered in the real-name registration of the website or the organization W, firstly, the ciphertext is registered
Figure FDA0002218218200000021
Sending the result to a website or a mechanism W, then waiting for the website or the mechanism W to confirm the legality of the website or the mechanism W to citizen A,
web site or organization W uses K WDecryption
Figure FDA0002218218200000022
Then m is obtained 2From m 2To obtain the public key K used by the public security organization GPEncrypted user true identity ciphertext
Figure FDA0002218218200000023
The web site or institution W then uses the public key K of the public security agency GPWill be provided with
Figure FDA0002218218200000024
Decrypting to obtain key K distributed by public security organization, randomly generating an integer n with more than four digits by website or organization W, and generating verification code V ═ E K[n]Then the web site or organization W will
Figure FDA0002218218200000025
Displaying the real name registration page and the real name registration page on a user registration page simultaneously, and waiting for the completion of the real name registration of the user A;
seventhly, citizen A displays the web site or organization W page
Figure FDA0002218218200000026
Obtained by decrypting T with itself
Figure FDA0002218218200000027
Comparing and verifying whether the two are consistent, and if the two are consistent, confirming the legality of the website or the mechanism W;
citizen a then uses K to set V ═ E K[n]Decrypting to obtain n, and filling the registration information selected by the user A at the website or the organization W and the n into a registration page and submitting the registration page;
eighthly, after receiving the registration information of the citizen A, the website or the mechanism W firstly verifies whether the verification code n submitted by the A is correct or not, if the verification code n is correct, the true validity of the identity of the citizen A is confirmed, and then the website or the mechanism W verifies that the identity of the citizen A is true or not
Figure FDA0002218218200000028
The real name registration information as A is recorded in the website user database together with other registration information, and the citizen A completes the real name registration process.
2. The method of claim 1, wherein if the citizen A has illegal activity at the website or organization W, the website or organization W will execute the illegal activity
Figure FDA0002218218200000029
Informing the public security agency that the public security agency uses the private key K GSDecryption
Figure FDA00022182182000000210
Obtaining trueness of citizen AThe identity of the individual.
3. Method according to claim 1 or 2, characterized in that the encryption algorithm E is the AES algorithm.
4. The method of claim 3, wherein T is generated as a two-dimensional code.
CN201710538924.0A 2017-07-04 2017-07-04 Secure network real name registration method Expired - Fee Related CN107196965B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710538924.0A CN107196965B (en) 2017-07-04 2017-07-04 Secure network real name registration method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710538924.0A CN107196965B (en) 2017-07-04 2017-07-04 Secure network real name registration method

Publications (2)

Publication Number Publication Date
CN107196965A CN107196965A (en) 2017-09-22
CN107196965B true CN107196965B (en) 2020-02-11

Family

ID=59881794

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710538924.0A Expired - Fee Related CN107196965B (en) 2017-07-04 2017-07-04 Secure network real name registration method

Country Status (1)

Country Link
CN (1) CN107196965B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108696508A (en) * 2018-04-11 2018-10-23 于志 System and method based on CN39 code authentication resident identification card numbers
CN108959883B (en) * 2018-06-25 2021-07-09 兴唐通信科技有限公司 Network identity real-name authentication method based on quick response matrix code
CN112733096B (en) * 2019-10-14 2024-02-27 深圳市红砖坊技术有限公司 User registration method, user login method and corresponding device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005017645A2 (en) * 2003-08-14 2005-02-24 Jay-Yeob Hwang Method of service to authenticate the person himself
WO2013150147A1 (en) * 2012-04-05 2013-10-10 Dunbridge Limited Authentication in computer networks
CN103401686A (en) * 2013-07-31 2013-11-20 陕西海基业高科技实业有限公司 User Internet identity authentication system and application method thereof
CN104683306A (en) * 2013-12-03 2015-06-03 中国人民公安大学 Safe and controllable internet real-name certification mechanism
CN104683307A (en) * 2013-12-03 2015-06-03 中国人民公安大学 Internet real-name authentication method based on temporary certificate
CN105681047A (en) * 2016-03-25 2016-06-15 中国互联网络信息中心 CA certificate issuance method and system
CN106850693A (en) * 2017-03-31 2017-06-13 深圳微众税银信息服务有限公司 The method and real-name authentication system of a kind of real-name authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005017645A2 (en) * 2003-08-14 2005-02-24 Jay-Yeob Hwang Method of service to authenticate the person himself
WO2013150147A1 (en) * 2012-04-05 2013-10-10 Dunbridge Limited Authentication in computer networks
CN103401686A (en) * 2013-07-31 2013-11-20 陕西海基业高科技实业有限公司 User Internet identity authentication system and application method thereof
CN104683306A (en) * 2013-12-03 2015-06-03 中国人民公安大学 Safe and controllable internet real-name certification mechanism
CN104683307A (en) * 2013-12-03 2015-06-03 中国人民公安大学 Internet real-name authentication method based on temporary certificate
CN105681047A (en) * 2016-03-25 2016-06-15 中国互联网络信息中心 CA certificate issuance method and system
CN106850693A (en) * 2017-03-31 2017-06-13 深圳微众税银信息服务有限公司 The method and real-name authentication system of a kind of real-name authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
网络实名制的隐私保护研究;程琳;《信息安全与通信保密》;20131110;第1-5页 *

Also Published As

Publication number Publication date
CN107196965A (en) 2017-09-22

Similar Documents

Publication Publication Date Title
CN109862041B (en) A digital identity authentication method, device, device, system and storage medium
CN110581768B (en) Registration login system based on block chain zero-knowledge proof and application
JP4625234B2 (en) User certificate / private key assignment in token-enabled public key infrastructure system
CN107196966A (en) The identity identifying method and system of multi-party trust based on block chain
EP2553894B1 (en) Certificate authority
AU2007286004B2 (en) Compliance assessment reporting service
CN106230784A (en) A kind of device authentication method and device
CN109450843B (en) A blockchain-based SSL certificate management method and system
CN106302312A (en) Obtain the method and device of e-file
CN105791259B (en) A kind of method of personal information protection
CN105187405B (en) Cloud computing identity management method based on prestige
EP3376708A1 (en) Anonymous communication system and method for subscribing to said communication system
GB2434724A (en) Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters
WO2011019906A1 (en) Layered protection and validation of identity data delivered online via multiple intermediate clients
CN107851142A (en) Method and apparatus for being authenticated to the service user for the service to be provided
CN107196965B (en) Secure network real name registration method
CN103281180B (en) User is protected to access the bill generation method of privacy in a kind of network service
KR20200016506A (en) Method for Establishing Anonymous Digital Identity
CN106533681B (en) A kind of attribute method of proof and system that support section is shown
CN106027254A (en) Secret key use method for identity card reading terminal in identity card authentication system
KR100822890B1 (en) Authentication security method through the substitution service of social security number on the Internet
CN111770081A (en) Role-based authentication method for accessing confidential files in big data
CN114329610B (en) Blockchain privacy identity protection method, device, storage medium and system
CN106027474A (en) Identity card reading terminal in identity card authentication system
CN104978633A (en) Corporate person credit management method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200211