CN107302435B - Identity information processing method and system and corresponding server - Google Patents

Identity information processing method and system and corresponding server Download PDF

Info

Publication number
CN107302435B
CN107302435B CN201710601290.9A CN201710601290A CN107302435B CN 107302435 B CN107302435 B CN 107302435B CN 201710601290 A CN201710601290 A CN 201710601290A CN 107302435 B CN107302435 B CN 107302435B
Authority
CN
China
Prior art keywords
eid
information
server
identity
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710601290.9A
Other languages
Chinese (zh)
Other versions
CN107302435A (en
Inventor
董成根
严硕
刘海龙
郭宏杰
亓文华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eidlink Information Technology Co ltd
Original Assignee
Eidlink Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eidlink Information Technology Co ltd filed Critical Eidlink Information Technology Co ltd
Priority to CN201710601290.9A priority Critical patent/CN107302435B/en
Publication of CN107302435A publication Critical patent/CN107302435A/en
Application granted granted Critical
Publication of CN107302435B publication Critical patent/CN107302435B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of Internet, and provides an identity information processing method, an identity information processing system and a corresponding server thereof. According to the invention, the purposes of improving the authenticity and the safety of identity authentication while protecting the privacy of the real identity information of the user are realized, and the timely mastering and supervision of the identity information by the supervision server are ensured.

Description

Identity information processing method and system and corresponding server
Technical Field
The invention relates to the technical field of internet, in particular to an identity information processing method, an identity information processing system and a corresponding server.
Background
The eID coding is a short name of public network identity application identifier (apeIDcode) of the ministry of public security, refers to an identity code used by a user in a specific network application, and is widely used in the fields of privacy protection, real-name authentication and the like. The code is generated by the identity information through special equipment, and the same user can obtain different codes, namely, the apeIDcode, in different network applications. The apeIDcode can effectively prevent behavior data of a user in different network applications from being gathered, analyzed and tracked, and protect personal identity and privacy information to the maximum extent.
The method comprises the steps of providing an apeidcode corresponding to user identity information for an application through a foreground third-party app or a background service interface, and replacing the identity information with the apeidcode, so that the 'foreground anonymous background real name' of the user identity information is realized, and the risk of the retention, leakage or illegal acquisition of personal identity information such as names, identity card numbers and the like on the network is reduced.
There are several possible ways of real-name authentication in use on the market:
firstly, reading information in an identity card chip through a reader with an identity card reading function.
The mode of using the ID card reader is divided into 2 modes, namely an off-line mode or an on-line mode. The method is widely applied to the fields of banks, lodging, internet bars and the like.
In the offline mode, a special identity card core control module (SAM) is embedded in an identity card reader, after security verification and authentication are carried out on a special chip in a second generation identity card in a wireless transmission mode, personal information data in the chip are read and correspondingly output, and the information is uploaded to a computer through a USB interface of the computer. The information is decoded into text data and photos to be displayed, prompted and stored on the computer through the reading software installed on the computer.
In the online mode, the computer interacts with a cloud identity card core control module (SAM) through the Internet, then transmits a card reading instruction sent by the SAM to an identity card reader through the USB, transmits read ciphertext information in the identity card chip to the cloud SAM module, decrypts the ciphertext and transmits the decrypted ciphertext data information back to the computer, and the computer completes the storage of the plaintext information.
And secondly, reading the information printed on the front and back sides of the identity card in a manual mode.
And comparing the picture on the identity card with the goodness of fit of the person by the waiter, and determining the front and back information of the identity card manually input by the waiter.
And thirdly, comparing the characteristic values with the stored characteristic values in a correlation comparison or biological identification mode.
The method of 'correlation comparison' is that personal information such as 'name + identification card number' input by a user is transmitted to a background to compare the correctness of the personal information to identify the identity of the user; biometric identification is to compare the portrait or fingerprint of the user with the personal data corresponding to the background.
Fourthly, the real-name authentication is completed by adopting an eID carrier mode
The eID is a network electronic identity mark, is issued by a public network identity recognition system of the Ministry of public Security in a unified way, is issued to the public after being signed by an eID registration issuing mechanism (currently, the main registration issuing mechanism is a business bank), and is authenticated in real name by verifying an eID carrier and an eID password.
If the above methods are adopted, the identity information and the service information of the user need to be stored in the computer or the server, and once a system problem occurs, the privacy of the user may be leaked.
Although the adoption of the eID mode can avoid the illegal tracking of the personal identity, the recognition degree of the citizen on the eID is low due to the low activation amount of the eID carrier on the market, and the eID cannot be widely used.
Disclosure of Invention
The invention provides an identity information processing method, an identity information processing system and a corresponding server thereof, which are used for improving the authenticity of identity authentication while protecting the privacy of real identity information of a user and ensuring that a supervision server can master and supervise identity information in time.
The invention provides an identity information processing method which is applied to a cloud decoding server and comprises the following steps:
receiving an eID code registration request sent by a client, and acquiring identity card ciphertext information and an api carried in the eID code registration request;
determining corresponding eID codes and identity information according to the identity card ciphertext information and the appid;
and sending the eID codes and the identity information to a supervision server so that the supervision server performs service association according to the received service information, the eID codes and the identity information.
Preferably, the determining the corresponding eID code and the identity information according to the identity card ciphertext information and the appid includes:
decoding the identity card ciphertext information to obtain identity information;
and obtaining eID codes according to the identity information and the appid.
Preferably, the obtaining of the eID code according to the identity information and the apid specifically includes:
sending an eID code generation request to eID special equipment according to the identity information and the appid;
and receiving the eID code corresponding to the identity information and the appid returned by the eID special equipment.
Preferably, the eID code registration request does not carry service information, and the method further comprises:
and sending a notification message of successful decoding of the eID code and the identity card ciphertext information to the client so that the client sends the eID code and the service information to the supervision server through a client server for service association.
Preferably, the eID code registration request does not carry service information, and the method further comprises:
sending a notification message for successfully decoding the identity card ciphertext information to the client;
receiving an eID coding query request sent by a client server, wherein the eID coding query request carries a service serial number;
and sending an eID code corresponding to the service serial number to the client server so that the client server sends the eID code and the service information received from the client to the supervision server for service association.
Preferably, the eID code registration request carries service information, and the method further includes:
sending the service information to the supervision server;
and sending the service information, the eID codes and a notification message for successful decoding of the identity card ciphertext information to a client server.
Preferably, the method further comprises:
receiving a card reading instruction request for reading identity card ciphertext information sent by a client;
and returning a card reading command response, wherein the card reading command response carries a response message allowing reading of the identity card ciphertext information.
The invention also discloses an identity information processing method which is applied to the supervision server and comprises the following steps:
receiving eID codes and identity information sent by a cloud decoding server;
and performing service association according to the received service information and the eID codes and the identity information.
Preferably, the received service information is sent by the cloud decoding server or sent by a client server.
Preferably, when the received service information is sent by the cloud decoding server, the method further includes:
and sending the service information, the eID codes and a notification message that the cloud decoding server successfully decodes the identity card ciphertext information to a client server.
The invention also discloses a cloud decoding server, comprising:
the system comprises a first processing unit, a second processing unit and a third processing unit, wherein the first processing unit is used for receiving an eID code registration request sent by a client and acquiring identity card ciphertext information and an api carried in the eID code registration request;
the second processing unit is used for determining corresponding eID codes and identity information according to the identity card ciphertext information and the appid;
and the sending unit is used for sending the eID codes and the identity information to the supervision server.
Preferably, the first and second electrodes are formed of a metal,
the second processing unit is used for decoding the identity card ciphertext information to obtain identity information; and obtaining eID codes according to the identity information and the appid.
Preferably, the first and second electrodes are formed of a metal,
the sending unit is further configured to send an eID code generation request to the eID dedicated device according to the identity information and the api;
the second processing unit is specifically configured to receive the identity information and the eID code of the appid returned by the eID dedicated device.
Preferably, the eID code registration request does not carry service information,
the sending unit is further configured to send the eID code and a notification message that the decoding of the identity card ciphertext information is successful to the client.
Preferably, the eID code registration request does not carry service information,
the sending unit is further configured to send a notification message that the identification card ciphertext information is successfully decoded to the client;
the first processing unit is used for receiving an eID coding query request sent by a client server, wherein the eID coding query request carries a service serial number;
the sending unit is further configured to send the eID code corresponding to the service serial number to the client server.
Preferably, the eID code registration request carries service information,
the sending unit is further configured to send the service information to the monitoring server; and sending the service information, the eID codes and a notification message for successful decoding of the identity card ciphertext information to a client server.
Preferably, the first and second electrodes are formed of a metal,
the second processing unit is also used for receiving a card reading instruction request for reading the identity card ciphertext information sent by the client; and returning a card reading command response, wherein the card reading command response carries a response message allowing reading of the identity card ciphertext information.
The invention also discloses a monitoring server, comprising:
the receiving unit is used for receiving the eID codes and the identity information sent by the cloud decoding server;
and the processing unit is used for performing service association according to the received service information and the eID codes and the identity information.
Preferably, the service information received by the receiving unit is sent by the cloud decoding server or sent by a client server.
Preferably, when the service information received by the receiving unit is sent by the cloud decoding server, the method further includes:
and the sending unit is used for sending the service information, the eID codes and a notification message that the cloud decoding server successfully decodes the ID card ciphertext information to a client server.
The invention also discloses an identity information processing system, which comprises a cloud decoding server and a supervision server;
the cloud decoding server is used for receiving an eID code registration request sent by a client and acquiring identity card ciphertext information and an api carried in the eID code registration request; determining corresponding eID codes and identity information according to the identity card ciphertext information and the appid; sending the eID codes and identity information to a supervision server;
the monitoring server is used for receiving the eID codes and the identity information sent by the cloud decoding server; and performing service association according to the received service information and the eID codes and the identity information.
Preferably, the method further comprises the following steps:
the client is used for sending a card reading instruction request for reading the identity card ciphertext information; receiving a card reading instruction response returned by the cloud decoding server, wherein the card reading instruction response carries a response message allowing reading of the identity card ciphertext information; the identity card cryptograph information receiving module is also used for receiving identity card cryptograph information sent by the card reading terminal; sending an eID code registration request to the cloud decoding server, wherein the eID code registration request carries the identity card ciphertext information and the appid; receiving a notification message that the cloud decoding server successfully decodes the identity card ciphertext information, wherein the notification message is sent by the cloud decoding server or a client server;
the client server is used for sending an eID coding query request to the cloud decoding server, wherein the eID coding query request carries a service serial number; receiving eID codes corresponding to the service serial numbers and sent by the cloud decoding server, and sending the eID codes and the service information sent by the client to the supervision server; receiving a notification message that the cloud decoding server successfully decodes the identity card ciphertext information, wherein the notification message is sent by the cloud decoding server or the supervision server;
the eID special equipment is used for receiving an eID code generation request sent by the cloud decoding server; generating an eID code according to the identity information and the appid carried in the eID code generation request; sending the eID code to the cloud decoding server.
Compared with the prior art, the invention has at least the following advantages:
in the invention, the corresponding eID code and the identity information are determined through the identity card ciphertext information and the api, so that the purposes of protecting the privacy of the real identity information of a user and improving the authenticity and the safety of identity authentication are realized; and the received service information, eID codes and identity information are subjected to service association in the supervision server, so that the supervision server can master and supervise the identity information in time.
Drawings
Fig. 1 is a schematic flow chart of an identity information processing method applied to a cloud decoding server provided by the present invention;
FIG. 2 is a flow chart of an identity information processing method applied to a monitoring server provided by the invention;
FIG. 3 is a schematic diagram of an overall structure of an identity information processing system according to a first embodiment of the present invention;
fig. 4 is a flowchart illustrating an identity information processing method according to a first embodiment of the present invention;
fig. 5 is a schematic diagram of an overall structure of an identity information processing system according to a second embodiment of the present invention;
fig. 6 is a flowchart illustrating an identity information processing method according to a second embodiment of the present invention;
fig. 7 is a schematic diagram of an overall structure of an identity information processing system according to a third embodiment of the present invention;
fig. 8 is a flowchart illustrating an identity information processing method according to a third embodiment of the present invention;
FIG. 9 is a schematic diagram of an overall structure of an identity information processing system according to a fourth embodiment of the present invention;
fig. 10 is a schematic flowchart of an identity information processing method according to a fourth embodiment of the present invention;
fig. 11 is a schematic structural diagram of a cloud decoding server provided in the present invention;
fig. 12 is a schematic structural diagram of a supervision server provided by the present invention.
Detailed Description
The present invention provides an identity information processing method, system and corresponding server, and the following describes the specific embodiments of the present invention in detail with reference to the accompanying drawings.
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The invention provides an identity information processing system, which comprises a terminal (an identity card reader) with an identity card reading function, a client (an application program in a PC or an APP in a mobile phone and the like) for controlling the terminal to read an identity card and receiving undecoded identity card ciphertext information read by the terminal, a cloud decoding server for decoding and carrying out relevant processing on the undecoded identity card ciphertext information received by the client, an eID special device for generating eID codes, a client server for providing background service for the client, and a monitoring server for receiving the identity information, the eID codes and the like uploaded by the cloud decoding server, wherein the monitoring server is a monitoring means of a monitoring department.
Based on the identity information processing system provided by the present invention, the present invention provides an identity information processing method, as shown in fig. 1, which is applied to a cloud decoding server, and the method includes:
step 101, receiving an eID code registration request sent by a client, and acquiring identity card ciphertext information and an api carried in the eID code registration request.
Prior to this step, the method further comprises:
receiving a card reading instruction request for reading identity card ciphertext information sent by a client;
and returning a card reading command response, wherein the card reading command response carries a response message allowing reading of the identity card ciphertext information.
And step 102, determining corresponding eID codes and identity information according to the identity card ciphertext information and the appid.
In this step, determining the corresponding eID code and identity information according to the identity card ciphertext information and the appid includes:
decoding the identity card ciphertext information to obtain identity information;
and obtaining eID codes according to the identity information and the appid.
Further, the obtaining of the eID code according to the identity information and the apid specifically includes:
sending an eID code generation request to eID special equipment according to the identity information and the appid;
and receiving the eID code corresponding to the identity information and the appid returned by the eID special equipment.
Further, whether the service information is carried in the eID code registration request is separately described below.
The eID coding registration request does not carry service information, and the method further comprises the following steps:
and sending a notification message of successful decoding of the eID code and the identity card ciphertext information to the client so that the client sends the eID code and the service information to the supervision server through a client server for service association.
Or the like, or, alternatively,
the eID coding registration request does not carry service information, and the method further comprises the following steps:
sending a notification message for successfully decoding the identity card ciphertext information to the client;
receiving an eID coding query request sent by a client server, wherein the eID coding query request carries a service serial number;
and sending an eID code corresponding to the service serial number to the client server so that the client server sends the eID code and the service information received from the client to the supervision server for service association.
The eID coding registration request carries service information, and the method further comprises the following steps:
sending the service information to the supervision server;
and sending the service information, the eID codes and a notification message for successful decoding of the identity card ciphertext information to a client server.
Step 103, sending the eID code and the identity information to a supervision server, so that the supervision server performs service association according to the received service information, the eID code and the identity information.
In another identity information processing method provided by the present invention, as shown in fig. 2, the method is applied to a monitoring server, and includes:
step 201, receiving the eID code and the identity information sent by the cloud decoding server.
Step 202, performing service association according to the received service information and the eID code and identity information.
The received service information is sent by the cloud decoding server or sent by a client server.
Further, when the received service information is sent by the cloud decoding server, the method further includes:
and sending the service information, the eID codes and a notification message that the cloud decoding server successfully decodes the identity card ciphertext information to a client server.
Based on the above-mentioned identity information processing method and query system provided by the present invention, four specific embodiments are described in detail below.
Example one
In this embodiment, as shown in fig. 3 to 4, a schematic diagram of an overall architecture relationship and a business process step of this embodiment includes the following steps:
wherein, the cloud decoding server distributes an application number (appid) for the client in advance; and the cloud decoding server provides the service serial number generation rule for the client.
1. The identity card reader detects that the identity card can be read;
2. the client requests the cloud decoding server to obtain a card reading instruction and receives the returned card reading instruction;
3. the client sends a card reading instruction to an identity card reader for reading the information of the identity card;
4. the identity card reader sends the read undecoded identity card ciphertext information to the client, and the client sends the preassigned apid and the received undecoded identity card ciphertext information to the cloud decoding server;
the above 2-4 processes need to be executed for multiple times to complete information acquisition in the identity card chip after multiple card reading.
5. The cloud decoding server decodes the identity card ciphertext information, generates an eID code (apeIDcode), and informs the client of the information of successful decoding; the generation process of the eID code is as follows: the cloud decoding server transmits parameters such as the apid and the identity information to the eID special equipment for generating eID codes on the eID special equipment and receives the eID codes returned by the eID special equipment;
6. the client informs the client server of successful decoding and uploads a service flow number and service information (the service information is information for supervision required by a supervision department to be uploaded by an operator in the industry and may comprise hotel check-in information, express bill information and the like); the client server uploads the service serial number to a cloud decoding server for acquiring an eID code;
7. the cloud decoding server uploads the generated eID codes and identity information corresponding to the eID codes to a supervision server of a supervision department; meanwhile, the cloud decoding server returns the eID code to the client server to complete real-name authentication of the client server;
8. the client server uploads the service information and the eID code to the supervision server;
9. and the supervision server performs matching according to the eID codes of the cloud decoding server and the client server to complete the association of the service information and the identity information.
Of course, the cloud decoding server may also return the identity information to the client server, and the purpose of the identity information not being provided to the client server is for privacy protection.
Example two
In this embodiment, as shown in fig. 5 to 6, a schematic diagram of an overall architecture relationship and a business process step of this embodiment includes the following steps:
wherein, the cloud decoding server distributes an application number (appid) for the client in advance.
1. The identity card reader detects that the identity card can be read;
2. the client requests the cloud decoding server to obtain a card reading instruction and receives the returned card reading instruction;
3. the client sends a card reading instruction to an identity card reader for reading the information of the identity card;
4. the identity card reader sends the read undecoded identity card ciphertext information to the client, and the client sends the preassigned apid and the received undecoded identity card ciphertext information to the cloud decoding server;
the above 2-4 processes need to be executed for multiple times to complete information acquisition in the identity card chip after multiple card reading.
5. The cloud decoding server decodes the identity card ciphertext information and generates an eID code (apeIDcode); the generation process of the eID code is as follows: the cloud decoding server transmits parameters such as the apid and the identity information to the eID special equipment for generating eID codes on the eID special equipment and receives the eID codes returned by the eID special equipment;
6. the cloud decoding server uploads the generated eID codes and identity information corresponding to the eID codes to a supervision server of a supervision department; meanwhile, the cloud decoding server returns the eID codes to the client;
7. the client uploads eID codes and service information to a client server to complete real-name authentication of the client server; the client server forwards the eID codes and the service information to a supervision server of a supervision department;
8. and the supervision server performs matching according to the eID codes uploaded by the cloud decoding server and the eID codes uploaded by the client server, and completes the association of the service information and the identity information after the matching is successful.
Of course, the cloud decoding server may also return the identity information to the client server, and the purpose of the identity information not being provided to the client server is for privacy protection.
EXAMPLE III
In this embodiment, as shown in fig. 7 to 8, a schematic diagram of an overall architecture relationship and a business process step of this embodiment includes the following steps:
wherein, the cloud decoding server distributes an application number (appid) for the client in advance.
1. The identity card reader detects that the identity card can be read;
2. the client requests the cloud decoding server to obtain a card reading instruction and receives the returned card reading instruction;
3. the client sends a card reading instruction to an identity card reader for reading the information of the identity card;
4. the identity card reader sends the read undecoded identity card ciphertext information to the client, and the client sends pre-distributed appid, the received undecoded identity card ciphertext information and the service information to the cloud decoding server;
the above 2-4 processes need to be executed for multiple times to complete information acquisition in the identity card chip after multiple card reading.
5. The cloud decoding server decodes the identity card ciphertext information and generates an eID code (apeIDcode); the generation process of the eID code is as follows: the cloud decoding server transmits parameters such as the apid and the identity information to the eID special equipment for generating eID codes on the eID special equipment and receives the eID codes returned by the eID special equipment;
6. the cloud decoding server uploads the generated eID code, the identity information corresponding to the eID code and the service information to a monitoring server of a monitoring department to complete the association between the service information and the identity information; and informing the client server that the decoding is successful, simultaneously returning the eID code and the service information to the client server to finish the real-name authentication of the client server, and then sending a notification message that the association between the service information and the identity information is finished to the client by the client server.
Of course, the administrative server may also return identity information to the client server, where the identity information is not provided to the client server for privacy protection.
Example four
In this embodiment, as shown in fig. 9 to 10, a schematic diagram of an overall architecture relationship and a business process step of this embodiment includes the following steps:
wherein, the cloud decoding server distributes an application number (appid) for the client in advance.
1. The identity card reader detects that the identity card can be read;
2. the client requests the cloud decoding server to obtain a card reading instruction and receives the returned card reading instruction;
3. the client sends a card reading instruction to an identity card reader for reading the information of the identity card;
4. the identity card reader sends the read undecoded identity card ciphertext information to the client, and the client sends pre-distributed appid, the received undecoded identity card ciphertext information and the service information to the cloud decoding server;
the above 2-4 processes need to be executed for multiple times to complete information acquisition in the identity card chip after multiple card reading.
5. The cloud decoding server decodes the identity card ciphertext information and generates an eID code (apeIDcode); the generation process of the eID code is as follows: the cloud decoding server transmits parameters such as the apid and the identity information to the eID special equipment for generating eID codes on the eID special equipment and receives the eID codes returned by the eID special equipment;
6. the cloud decoding server uploads the generated eID code, the identity information corresponding to the eID code and the service information to a monitoring server of a monitoring department to complete the association between the service information and the identity information; and meanwhile, the cloud decoding server informs the client server that the decoding is successful, the eID codes and the service information are returned to the client server, the real-name authentication of the client server is completed, and then the client server sends a notification message that the association between the service information and the identity information is completed to the client.
Of course, the cloud decoding server may also return the identity information to the client server, and the purpose of the identity information not being provided to the client server is for privacy protection.
Based on the identity information processing method provided by the invention, the invention provides the corresponding cloud decoding server and the corresponding client server, and particularly,
the present invention also provides a cloud decoding server, as shown in fig. 11, including:
the first processing unit 1101 is configured to receive an eID code registration request sent by a client, and acquire identity card ciphertext information and an api carried in the eID code registration request;
the second processing unit 1102 is configured to determine corresponding eID codes and identity information according to the identity card ciphertext information and the api;
a sending unit 1103, configured to send the eID code and the identity information to a monitoring server.
The second processing unit 1102 is configured to decode the identity card ciphertext information to obtain identity information; and obtaining eID codes according to the identity information and the appid.
A sending unit 1103, configured to send an eID code generation request to the eID dedicated device according to the identity information and the api;
the second processing unit 1102 is specifically configured to receive the identity information and the eID code of the appid returned by the eID dedicated device.
When the eID coding registration request does not carry service information,
the sending unit 1103 is further configured to send, to the client, a notification message that the eID code and the identity card ciphertext information are successfully decoded.
Or, the sending unit 1103 is further configured to send, to the client, a notification message that the decoding of the identity card ciphertext information is successful;
the first processing unit 1101 is configured to receive an eID encoding query request sent by a client server, where the eID encoding query request carries a service serial number;
the sending unit 1103 is further configured to send, to the client server, an eID code corresponding to the service serial number.
When the eID code registration request carries service information,
the sending unit 1103 is further configured to send the service information to the monitoring server; and sending the service information, the eID codes and a notification message for successful decoding of the identity card ciphertext information to a client server.
Preferably, the first and second electrodes are formed of a metal,
the second processing unit 1102 is further configured to receive a card reading instruction request for reading the identity card ciphertext information, where the card reading instruction request is sent by the client; and returning a card reading command response, wherein the card reading command response carries a response message allowing reading of the identity card ciphertext information.
The present invention also provides a monitoring server, as shown in fig. 12, including:
the receiving unit 1201 is configured to receive the eID code and the identity information sent by the cloud decoding server;
and the processing unit 1202 is configured to perform service association according to the received service information and the eID code and identity information.
The service information received by the receiving unit is sent by the cloud decoding server or sent by the client server.
Wherein, when the service information received by the receiving unit is sent by the cloud decoding server, the method further includes:
a sending unit 1203, configured to send the service information, the eID code, and a notification message that the cloud decoding server successfully decodes the identity card ciphertext information to a client server.
The invention also provides an identity information processing system, which comprises:
the cloud decoding server is used for receiving an eID code registration request sent by a client and acquiring identity card ciphertext information and an api carried in the eID code registration request; determining corresponding eID codes and identity information according to the identity card ciphertext information and the appid; sending the eID codes and identity information to a supervision server;
the monitoring server is used for receiving the eID codes and the identity information sent by the cloud decoding server; and performing service association according to the received service information and the eID codes and the identity information.
The client is used for sending a card reading instruction request for reading the identity card ciphertext information; receiving a card reading instruction response returned by the cloud decoding server, wherein the card reading instruction response carries a response message allowing reading of the identity card ciphertext information; the identity card cryptograph information receiving module is also used for receiving identity card cryptograph information sent by the card reading terminal; sending an eID code registration request to the cloud decoding server, wherein the eID code registration request carries the identity card ciphertext information and the appid; receiving a notification message that the cloud decoding server successfully decodes the identity card ciphertext information, wherein the notification message is sent by the cloud decoding server or a client server;
the client server is used for sending an eID coding query request to the cloud decoding server, wherein the eID coding query request carries a service serial number; receiving eID codes corresponding to the service serial numbers and sent by the cloud decoding server, and sending the eID codes and the service information sent by the client to the supervision server; receiving a notification message that the cloud decoding server successfully decodes the identity card ciphertext information, wherein the notification message is sent by the cloud decoding server or the supervision server;
the eID special equipment is used for receiving an eID code generation request sent by the cloud decoding server; generating an eID code according to the identity information and the appid carried in the eID code generation request; sending the eID code to the cloud decoding server.
The identity information processing system provides a new mode for identity information acquisition, storage and supervision processing, and effectively avoids the false and transmission differences of information uploaded by the client by acquiring real identity card information.
Based on the identity information processing method, the identity information processing system and the corresponding server, the following purposes are achieved:
1. the eID codes are stored, so that the real-name authentication requirements required by a supervision department are met, the risk of privacy disclosure in the system is guaranteed, and even if the system is disclosed due to human or abnormal conditions, other people cannot correspond to the relationship between the eID codes and the identity of a citizen.
2. The processing system can effectively ensure the authenticity of the uploaded identity information by reading the information of the identity card chip, and is higher in ensuring the identity strength compared with the mode of manually reading the front and back information of the identity card, adopting correlation comparison and the like.
3. Because the quantity of eID carriers issued in the market is small, and citizens who know eID are very little, the adoption of the eID mode can avoid the illegal tracking of personal identity, but the eID mode cannot be widely used.
4. The identity card information is decoded through a cloud decoding server at the cloud end, and an eID coding mode is returned, so that the identity card information can be decrypted only by an SAM (access module) on the cloud decoding server approved by a public security department, and the eID coding information can be generated and pushed irreversibly only by an encryption device approved by the public security department; therefore, the system ensures that all identity information is processed in a secret way in the internet transmission process, the secret processing mode has extremely high difficulty in breaking, and compared with encryption modes such as soft keys and the like on the market, the system is safer in information confidentiality.
It will be understood by those within the art that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. Those skilled in the art will appreciate that the computer program instructions may be implemented by a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, implement the features specified in the block or blocks of the block diagrams and/or flowchart illustrations of the present disclosure.
The modules of the device can be integrated into a whole or can be separately deployed. The modules can be combined into one module, and can also be further split into a plurality of sub-modules.
Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present invention.
Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
The above-mentioned serial numbers of the present invention are for description only and do not represent the merits of the embodiments.
The above disclosure is only for a few specific embodiments of the present invention, but the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.

Claims (18)

1. An identity information processing method is applied to a cloud decoding server, and comprises the following steps:
receiving an eID code registration request of a public security department citizen network identity reference identifier (eID) sent by a client, and acquiring identity card ciphertext information and an application number appid carried in the eID code registration request;
determining corresponding eID codes and identity information according to the identity card ciphertext information and the appid;
sending the eID codes and the identity information to a supervision server so that the supervision server performs service association according to the received service information, the eID codes and the identity information;
determining corresponding eID codes and identity information according to the identity card ciphertext information and the appid, wherein the method comprises the following steps:
decoding the identity card ciphertext information to obtain identity information;
obtaining eID codes according to the identity information and the appid;
the eID coding registration request does not carry service information, and the method further comprises the following steps:
sending a notification message for successfully decoding the identity card ciphertext information to the client;
receiving an eID coding query request sent by a client server, wherein the eID coding query request carries a service serial number;
and sending an eID code corresponding to the service serial number to the client server so that the client server sends the eID code and the service information received from the client to the supervision server for service association.
2. The identity information processing method of claim 1, wherein obtaining the eID code according to the identity information and the apid specifically comprises:
sending an eID code generation request to eID special equipment according to the identity information and the appid;
and receiving the eID code corresponding to the identity information and the appid returned by the eID special equipment.
3. The identity information processing method of claim 1, wherein the eID encoded registration request does not carry service information, the method further comprising:
and sending a notification message of successful decoding of the eID code and the identity card ciphertext information to the client so that the client sends the eID code and the service information to the supervision server through a client server for service association.
4. The identity information processing method of claim 1, wherein the eID encoded registration request carries service information, the method further comprising:
sending the service information to the supervision server;
and sending the service information, the eID codes and a notification message for successful decoding of the identity card ciphertext information to a client server.
5. The identity information processing method of any one of claims 1-4, wherein the method further comprises:
receiving a card reading instruction request for reading identity card ciphertext information sent by a client;
and returning a card reading command response, wherein the card reading command response carries a response message allowing reading of the identity card ciphertext information.
6. An identity information processing method is applied to a supervision server, and comprises the following steps:
receiving a public security ministry citizen network identity reference identification eID code and identity information sent by a cloud decoding server;
performing service association according to the received service information and the eID codes and the identity information;
the eID codes and the identity information are determined by the cloud decoding server based on identity card ciphertext information and an application number appid carried in an eID code registration request sent by a client;
wherein the eID code registration request does not carry service information, the method further comprising:
receiving eID codes corresponding to the service serial number and service information sent by a client, which are sent by a client server;
and associating the eID codes with service information.
7. The identity information processing method of claim 6, wherein the received service information is transmitted by the cloud decoding server or transmitted by a client server.
8. The identity information processing method of claim 7, wherein when the received service information is transmitted by the cloud decoding server, the method further comprises:
and sending the service information, the eID codes and a notification message that the cloud decoding server successfully decodes the identity card ciphertext information to a client server.
9. A cloud decoding server, comprising:
the system comprises a first processing unit, a second processing unit and a third processing unit, wherein the first processing unit is used for receiving an eID (identity) code registration request of a public security department citizen network identity application identifier (eID) sent by a client, and acquiring identity card ciphertext information and an application number appid carried in the eID code registration request;
the second processing unit is used for determining corresponding eID codes and identity information according to the identity card ciphertext information and the appid;
the sending unit is used for sending the eID codes and the identity information to a supervision server;
the second processing unit is used for decoding the identity card ciphertext information to obtain identity information; obtaining eID codes according to the identity information and the appid;
the eID coding registration request does not carry service information,
the sending unit is further configured to send a notification message that the identification card ciphertext information is successfully decoded to the client;
the first processing unit is used for receiving an eID coding query request sent by a client server, wherein the eID coding query request carries a service serial number;
the sending unit is further configured to send the eID code corresponding to the service serial number to the client server.
10. The cloud decoding server of claim 9,
the sending unit is further configured to send an eID code generation request to the eID dedicated device according to the identity information and the api;
the second processing unit is specifically configured to receive the identity information and the eID code of the appid returned by the eID dedicated device.
11. The cloud decoding server of claim 9, wherein no service information is carried in the eID-encoded registration request,
the sending unit is further configured to send the eID code and a notification message that the decoding of the identity card ciphertext information is successful to the client.
12. The cloud decoding server of claim 9, wherein said eID-encoded registration request carries service information,
the sending unit is further configured to send the service information to the monitoring server; and sending the service information, the eID codes and a notification message for successful decoding of the identity card ciphertext information to a client server.
13. The cloud decoding server of any of claims 9-12, further comprising:
the second processing unit is used for receiving a card reading instruction request for reading the identity card ciphertext information sent by the client; and returning a card reading command response, wherein the card reading command response carries a response message allowing reading of the identity card ciphertext information.
14. An administration server, comprising:
the receiving unit is used for receiving the public security ministry citizen network identity application identifier eID code and the identity information sent by the cloud decoding server;
the processing unit is used for carrying out service association according to the received service information and the eID codes and the identity information;
the eID codes and the identity information are determined by the cloud decoding server based on identity card ciphertext information and an application number appid carried in an eID code registration request sent by a client;
the eID coding registration request does not carry service information,
receiving eID codes corresponding to the service serial number and service information sent by a client, which are sent by a client server;
and associating the eID codes with service information.
15. The policing server of claim 14, wherein the traffic information received by the receiving unit is sent by the cloud decoding server or sent by a client server.
16. The policing server of claim 15, wherein when the traffic information received by the receiving unit is sent by the cloud decoding server, further comprising:
and the sending unit is used for sending the service information, the eID codes and a notification message that the cloud decoding server successfully decodes the ID card ciphertext information to a client server.
17. An identity information processing system, characterized in that the processing system comprises a cloud decoding server and a supervision server;
the cloud decoding server is used for receiving an eID (identity identifier) coding registration request of a public security department citizen network identity application identifier sent by a client, and acquiring identity card ciphertext information and an api carried in the eID coding registration request; determining corresponding eID codes and identity information according to the identity card ciphertext information and the application number appid; sending the eID codes and identity information to a supervision server;
the monitoring server is used for receiving the eID codes and the identity information sent by the cloud decoding server; and performing service association according to the received service information and the eID codes and the identity information.
18. The identity information processing system of claim 17, further comprising:
the client is used for sending a card reading instruction request for reading the identity card ciphertext information; receiving a card reading instruction response returned by the cloud decoding server, wherein the card reading instruction response carries a response message allowing reading of the identity card ciphertext information; the identity card cryptograph information receiving module is also used for receiving identity card cryptograph information sent by the card reading terminal; sending an eID code registration request to the cloud decoding server, wherein the eID code registration request carries the identity card ciphertext information and the appid; receiving a notification message that the cloud decoding server successfully decodes the identity card ciphertext information, wherein the notification message is sent by the cloud decoding server or a client server;
the client server is used for sending an eID coding query request to the cloud decoding server, wherein the eID coding query request carries a service serial number; receiving eID codes corresponding to the service serial numbers and sent by the cloud decoding server, and sending the eID codes and the service information sent by the client to the supervision server; receiving a notification message that the cloud decoding server successfully decodes the identity card ciphertext information, wherein the notification message is sent by the cloud decoding server or the supervision server;
the eID special equipment is used for receiving an eID code generation request sent by the cloud decoding server; generating an eID code according to the identity information and the appid carried in the eID code generation request; sending the eID code to the cloud decoding server.
CN201710601290.9A 2017-07-21 2017-07-21 Identity information processing method and system and corresponding server Active CN107302435B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710601290.9A CN107302435B (en) 2017-07-21 2017-07-21 Identity information processing method and system and corresponding server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710601290.9A CN107302435B (en) 2017-07-21 2017-07-21 Identity information processing method and system and corresponding server

Publications (2)

Publication Number Publication Date
CN107302435A CN107302435A (en) 2017-10-27
CN107302435B true CN107302435B (en) 2020-12-04

Family

ID=60133060

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710601290.9A Active CN107302435B (en) 2017-07-21 2017-07-21 Identity information processing method and system and corresponding server

Country Status (1)

Country Link
CN (1) CN107302435B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107809432A (en) * 2017-11-06 2018-03-16 广州市森锐科技股份有限公司 A kind of acquisition of ID card information and anti-tamper system and method
CN109951423B (en) * 2017-12-20 2021-09-10 金联汇通信息技术有限公司 System, method and device for identity authentication and server
CN110300083B (en) * 2018-03-22 2021-02-12 华为技术有限公司 Method, terminal and verification server for acquiring identity information
CN108961485A (en) * 2018-05-07 2018-12-07 金联汇通信息技术有限公司 Intelligent door lock, auth method and device
CN109447029B (en) * 2018-11-12 2022-09-02 公安部第三研究所 Electronic identity card photo generation system and method
CN111506894A (en) * 2019-01-31 2020-08-07 金联汇通信息技术有限公司 Data processing method, system, electronic device and computer readable storage medium
CN110855606A (en) * 2019-09-27 2020-02-28 金联汇通信息技术有限公司 User identity authentication method, cloud decoding server, client and system
CN111885203A (en) * 2020-08-04 2020-11-03 浪潮云信息技术股份公司 Method for remote management based on CMSP
CN116319067B (en) * 2023-05-10 2023-08-29 金联汇通信息技术有限公司 Information verification method, terminal, cloud server, background and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868701A (en) * 2012-09-27 2013-01-09 公安部第三研究所 Method for achieving electronic identity (eID) state moving between eID carrier terminal and eID service system
CN104601593A (en) * 2015-02-04 2015-05-06 公安部第三研究所 Anti-tracking method in network electronic identity authentication process based on challenge modes
CN106713257A (en) * 2015-11-18 2017-05-24 北京奇虎科技有限公司 Method and device for service processing based on mobile device
CN106790070A (en) * 2016-12-21 2017-05-31 杨宪国 Electronic ID card identification service system based on authentication device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10164953B2 (en) * 2014-10-06 2018-12-25 Stmicroelectronics, Inc. Client accessible secure area in a mobile device security module
CN106487518A (en) * 2016-10-31 2017-03-08 金联汇通信息技术有限公司 A kind of real-name authentication system and method for express delivery industry

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868701A (en) * 2012-09-27 2013-01-09 公安部第三研究所 Method for achieving electronic identity (eID) state moving between eID carrier terminal and eID service system
CN104601593A (en) * 2015-02-04 2015-05-06 公安部第三研究所 Anti-tracking method in network electronic identity authentication process based on challenge modes
CN106713257A (en) * 2015-11-18 2017-05-24 北京奇虎科技有限公司 Method and device for service processing based on mobile device
CN106790070A (en) * 2016-12-21 2017-05-31 杨宪国 Electronic ID card identification service system based on authentication device

Also Published As

Publication number Publication date
CN107302435A (en) 2017-10-27

Similar Documents

Publication Publication Date Title
CN107302435B (en) Identity information processing method and system and corresponding server
US10681025B2 (en) Systems and methods for securely managing biometric data
US9864983B2 (en) Payment method, payment server performing the same and payment system performing the same
CN106559217B (en) A kind of dynamic encrypting method, terminal, server
US9646296B2 (en) Mobile-to-mobile transactions
CA2868583C (en) Concept for communicating between different entities using different data portions for different channels
EP3605997A1 (en) Method, apparatus and system for securing a mobile application
CN107798531B (en) Electronic payment method and system
EP1802155A1 (en) System and method for dynamic multifactor authentication
CN104065621A (en) Identify verification method for third-party service, client and system
CN105812366B (en) Server, anti-crawler system and anti-crawler verification method
EP2751733B1 (en) Method and system for authorizing an action at a site
US20200196143A1 (en) Public key-based service authentication method and system
US11455621B2 (en) Device-associated token identity
CN108667784B (en) System and method for protecting internet identity card verification information
CN105139205A (en) Payment verification method, terminal and server
CN108234126B (en) System and method for remote account opening
CN109687973A (en) A kind of the novel of legal documents is sent to method and device
US20240005820A1 (en) Content encryption and in-place decryption using visually encoded ciphertext
US20130090059A1 (en) Identity verification
CN104462926A (en) Intelligent card identity recognition method and system
KR102122555B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
WO2016013924A1 (en) System and method of mutual authentication using barcode
CN104113417A (en) Dynamic password identity authentication method and system based on near field communication (NFC)
CN107682161B (en) Offline authentication method and device for two-dimensional code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant