CN107506635B - Online function opening method for identity card, mobile phone, trusted terminal and verification server - Google Patents

Online function opening method for identity card, mobile phone, trusted terminal and verification server Download PDF

Info

Publication number
CN107506635B
CN107506635B CN201710729028.2A CN201710729028A CN107506635B CN 107506635 B CN107506635 B CN 107506635B CN 201710729028 A CN201710729028 A CN 201710729028A CN 107506635 B CN107506635 B CN 107506635B
Authority
CN
China
Prior art keywords
mobile phone
user
trusted terminal
biological information
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710729028.2A
Other languages
Chinese (zh)
Other versions
CN107506635A (en
Inventor
续磊
黄健雄
张楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou White Internet Technology Co Ltd
Original Assignee
Guangzhou White Internet Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou White Internet Technology Co Ltd filed Critical Guangzhou White Internet Technology Co Ltd
Priority to CN201710729028.2A priority Critical patent/CN107506635B/en
Publication of CN107506635A publication Critical patent/CN107506635A/en
Application granted granted Critical
Publication of CN107506635B publication Critical patent/CN107506635B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to an online function opening method of an identity card, a mobile phone, a trusted terminal and a verification server, wherein the method comprises the following steps: s1, providing a credible terminal, receiving the connection request of the mobile phone; s2, the trusted terminal generates a public-private key pair and returns the public key to the mobile phone; s3, the trusted terminal receives the encrypted ID sent by the mobile phone, and the encrypted ID is obtained as follows: the mobile phone sends the collected user biological information and the public key to a verification server, the verification server generates an ID corresponding to the user biological information, the ID is encrypted by using the public key and the ID is returned to the mobile phone; s4, the trusted terminal decrypts the encrypted ID by using the private key; s5, the credible terminal sends the ID to the verification server and obtains the user biological information corresponding to the ID from the verification server; and S6, the trusted terminal opens the online function of the identity card based on the biological information of the user and the identity information of the user in the identity card. The method of the invention can be adapted to various environments and occasions.

Description

Online function opening method for identity card, mobile phone, trusted terminal and verification server
Technical Field
The invention relates to the technology of internet of things and internet communication, in particular to an online function opening method of a resident identification card, a mobile phone, a trusted terminal and a verification server.
Background
In order to facilitate the online activities of citizens, promote the construction of a citizen credit system, promote the healthy development of the internet, ensure the security of national network information, implement the national 'internet +' strategy, in 7 months in 2014, central network trust issues a task of 'development thinking and policy research of a national network trusted system' to the public security department, requires the public security department to research the requirements of the national internet development and management on network trust, and provides strategic targets, strategic ideas, policy principles, key tasks and policy measures for the national network trusted system development and the status and the role of resident identity cards in the network trusted system development. In 2016, 3 months, the national development and reform committee established an "internet +" major engineering support project, and required the ministry of public security to establish an "internet +" credible identity authentication platform, so as to provide uniform, credible and multistage network identity service for internet service. The 'resident identification card online function' project which is responsible for construction by the first institute of public security department is the landing practice of the requirements, the project gives full play to the advantages of the resident identification card as a national major information infrastructure, an online certificate which is only corresponding to the resident identification card is generated based on the resident identification card, a network identification authentication information system is built, the resident identification card becomes a basic trust root of a network trust system with Chinese characteristics, and integration of online and offline identity trust is realized. The application can provide uniform, authoritative and multistage credible identity authentication service for system users in internet industries such as network finance, network operators, electronic commerce, e-government affairs, credit investigation, traffic and the like, and solves the problems of identity 'embezzlement' and 'impersonation' in the existing internet identity authentication mode under the principles that the existing security mechanism of the identity card is not changed, identity information is not stored and transmitted on the internet, the privacy security of a bearer is ensured, an information carrier is not additionally added, and the economic burden of citizens is not increased.
As shown in fig. 1, the "online function of the resident identification card" system uses the resident identification card as a basic trust root of a network trusted system with chinese characteristics, and issues an online certificate uniquely corresponding to the entity identification card in the public security intranet system depending on the data resource of the resident identification card for serving as a core element of the "internet +" trusted identification authentication service. The online certificate is based on identity card making information, identity card registration items (name, identity card number, validity period, portrait photo and the like) are used as elements for mapping, an online characteristic set of the resident identity card is formed through digital signature and used for remotely verifying the authenticity and validity of the identity card, the online characteristic set is used as a retrieval basis, authentication data collected by a front end is bound during authentication, and the authentication data is returned to an intranet for comparison.
The online certificate is an electronic file with the data volume less than 1K, can be downloaded to front-end equipment by a user after being issued and generated by a public security intranet system, and is supported to be written into card body chips such as a traffic IC card and the like for use. Because the online certificate is generated by the first institute of public security department after irreversible encryption algorithm processing is carried out on the DN code of the resident identification card (namely the initialization code of the identification card), the online certificate does not carry any personal identification information of the citizen, and therefore the transmission and the storage of the privacy information in the authentication process can be thoroughly avoided. Even if the equipment carrying the online certificate is lost or the electronic document of the online certificate is stolen, the personal identity information of the citizen cannot be revealed, and the illegal person cannot perform any impersonation authentication operation under the condition of only holding the electronic document. At the moment, the user can limit illegal use behaviors in real time by remotely freezing the online certificate, and can also issue a brand new online certificate to continue using the identity authentication service by remotely resetting the online certificate.
Opening function description of' resident identification card on-line function
The citizen can hold the resident identification card of the citizen, go to the 'credible acceptance point' configured with the 'online function opening equipment of the resident identification card', acquire the portrait of the living body for biological feature comparison by reading the verification information of the entity identification card, and then set the eight-bit authentication code (namely the on-line certificate password), thus completing the application operation of the on-line certificate. Through the application, the 'internet +' credible identity authentication service can be used in a 'resident identity card online function' system at any time and any place without being divided into regions and services. After citizens claim the on-line certificate, the on-line certificate can be downloaded to the front-end equipment for authentication operation in a remote real-time manner by the identity card of the citizens or by the identity information and the authentication code of the citizens.
Currently, the residents need to open the required running environment and hardware equipment (camera) in a designated all-in-one machine or tablet computer (the equipment provides the function of "application on the identity card network"), and all operations are completed on the all-in-one machine or tablet computer.
The existing equipment for supporting the opening of the online function of the resident identification card is basically provided in a mode of using an all-in-one machine, and has the defects of large volume (inconvenient carrying to all occasions for providing services for the public) and high cost (high purchasing cost, and difficult popularization of opening the online function of the resident identification card).
Disclosure of Invention
The invention aims to provide a method for opening the online function of a resident identification card, which is flexible and suitable for various environments and occasions.
The method and the equipment of the invention use the user mobile phone as data acquisition equipment, transmit data to the 'trusted terminal' (actual operation equipment for opening the on-line function of the resident identification card) through Bluetooth and the Internet, and the 'trusted terminal' performs 'opening' operation and returns the result to the user mobile phone.
The invention discloses a method for opening the online function of a resident identification card, which comprises the following steps:
s1, providing a trusted terminal, wherein the trusted terminal receives a connection request of a mobile phone;
s2, the trusted terminal generates a pair of public and private key pairs encrypted asymmetrically for the user to be opened, and returns the public key to the mobile phone;
s3, the trusted terminal receives an opening request of the mobile phone and an encrypted ID sent by the mobile phone, wherein the encrypted ID is obtained through the following processes: the mobile phone sends the collected user biological information and the stored public key to a verification server, the verification server generates an ID corresponding to the user biological information, the ID is encrypted by using the public key and the ID is returned to the mobile phone;
and S4, the trusted terminal decrypts the encrypted ID by using the private key to obtain the ID.
S5, the trusted terminal sends the ID to the verification server and obtains the user biological information corresponding to the ID from the verification server;
and S6, the trusted terminal opens the online function of the identity card based on the biological information of the user and the identity information of the user in the identity card.
The invention also provides a mobile phone with the function of opening the identity card online, which is provided with a memory and a processor, wherein the memory stores an executable program, and the program completes the following steps when being executed:
s1, the mobile phone sends a connection request to a trusted terminal;
s2, the mobile phone receives a public key of a public-private key pair aiming at the mobile phone generated by the trusted terminal, wherein the public key corresponds to a user to be opened;
s3, the mobile phone sends an encrypted ID and an opening request to the trusted terminal, wherein the encrypted ID is obtained through the following processes: the mobile phone sends the collected user biological information and the stored public key to a verification server, the verification server generates an ID corresponding to the user biological information, the ID is encrypted by using the public key, and the ID is returned to the mobile phone.
The invention also provides a trusted terminal with the function opened on the identity card network, which is provided with a memory and a processor, wherein the memory stores an executable program, and the program completes the following steps when executed:
s1, the trusted terminal receives a connection request of the mobile phone;
s2, the trusted terminal generates a pair of asymmetric encrypted public and private secret key pairs for the newly connected user, and returns the public key to the mobile phone;
s3, the trusted terminal receives an opening request of the mobile phone and an encrypted ID sent by the mobile phone, wherein the encrypted ID is obtained through the following processes: the mobile phone sends the collected user biological information and the stored public key to a verification server, the verification server generates an ID corresponding to the user biological information, the ID is encrypted by using the public key and the ID is returned to the mobile phone;
and S4, the trusted terminal decrypts the encrypted ID by using the private key to obtain the ID.
S5, the trusted terminal sends the ID to the verification server and obtains the user biological information corresponding to the ID from the verification server;
and S6, the trusted terminal opens the online function of the identity card based on the biological information of the user and the identity information of the user in the identity card.
The invention provides a verification server for opening functions on an identity card network, which is provided with a memory and a processor, wherein the memory stores an executable program, and the program completes the following steps when being executed:
s1, the authentication server receives a request of the mobile phone, wherein the request comprises the biological information of the user collected by the mobile phone and a public key of a trusted terminal;
s2, the authentication server generates an ID corresponding to the user biological information, encrypts the ID by using the public key and returns the ID to the mobile phone;
and S3, the authentication server receives an authentication request sent by the trusted terminal, wherein the request contains the ID, and the authentication server returns the user biological information corresponding to the ID to the trusted terminal.
The beneficial effects of the invention include:
1. the credible terminal used in the method has the characteristic of small volume and extremely high portability.
2. The method uses the mobile phone application to carry out the in vivo detection, so that the position and the angle can be conveniently adjusted when a user carries out the in vivo detection, and the method has higher flexibility compared with the method of using a fixed camera by an all-in-one machine.
Drawings
Fig. 1 is a schematic diagram of a resident identification card and a network application function certificate.
Fig. 2 is a business flow diagram of the method of the present invention.
Fig. 3 is an architecture diagram of the system of the present invention.
Fig. 4 is a block diagram of the system of the present invention.
Detailed Description
Embodiments of the present invention will now be described with reference to the drawings, wherein like parts are designated by like reference numerals. The embodiments described below and the technical features of the embodiments may be combined with each other without conflict.
Fig. 2 shows a service flow chart of the method for activating the on-line function of the resident identification card according to the present invention. Fig. 3 shows the topological relationship between the handset, the trusted terminal and the authentication server. Fig. 4 shows an application architecture diagram of the method of the invention. The invention is described below with reference to fig. 2-4.
The mobile phone is provided with a user interaction unit, a Bluetooth communication unit, an internet communication unit, a living body detection and human image acquisition unit, a background interaction unit and a camera. These units may be implemented by an application or a wechat applet.
The user interaction unit is used for starting a request, displaying a processing result, receiving user input, prompting user information and the like.
The user scans the two-dimensional code of the trusted terminal through a user interaction unit (which can be a mobile phone application or a WeChat 'applet' entering 'function on resident identification card network' opening interface), and then performs subsequent data interaction with the trusted terminal through an internet communication unit, or performs subsequent data interaction with the trusted terminal through a Bluetooth communication unit by selecting 'no two-dimensional code connection'.
The living body detection and portrait acquisition unit is used for carrying out living body detection on the user and simultaneously acquiring the portrait of the user. Wherein the in vivo detection includes: the user is designated to act on the camera or read out a designated sentence.
The credible terminal: the system comprises an internet communication unit, a low-power-consumption Bluetooth communication unit and a background interaction unit. The internet communication unit is used for communicating with the mobile phone or the authentication server. The Bluetooth communication unit is used for communicating with the mobile phone. And the background interaction unit is used for processing related processes of the on-line function opening of the resident identification card.
The verification server opens the equipment server for resident identification card online function, and it includes: the device comprises an internet communication unit, a background processing unit and a device detection unit. The equipment detection unit is used for reporting the running state of the trusted terminal to the verification server, including the position information of the trusted terminal, the trusted terminal opens the statistical information of the online functions of the resident identification card, and obtains the program updating information from the verification server, obtains the updating program and completes the automatic updating of the program. The internet communication unit is used for interacting with the user mobile phone and the 'trusted terminal' through the internet. The background processing unit is used for processing relevant processes of the on-line function opening of the resident identification card.
The specific process is described below.
A1, the resident identification card online function opening device (hereinafter referred to as "trusted terminal") receives the connection request sent by the mobile phone.
Specifically, a user interaction unit of the mobile phone receives an opening requirement of a user, submits a request to a background interaction unit, the background interaction unit generates a request packet, the bluetooth communication unit or an internet communication unit sends the request packet to a bluetooth communication unit of the trusted terminal, and then the request packet is sent to the background interaction unit of the trusted terminal.
A2, the trusted terminal generates a pair of asymmetric encrypted public and private secret keys for the newly connected user, and returns the device information (including device number, device running program version) and the public key of the trusted terminal to the mobile phone.
Specifically, the background interaction unit of the trusted terminal generates a pair of asymmetrically encrypted public and private secret key pairs for a newly connected user, and returns the device information and the public key of the trusted terminal to the mobile phone through the bluetooth communication unit or the internet communication unit.
A3, the mobile phone application judges whether the trusted terminal is a "trusted device" according to the device information returned by the trusted terminal (by sending a verification request to the verification server), and stores the public key.
Specifically, the mobile phone transmits the device information and the public key received by the bluetooth communication unit or the internet communication unit to a background interaction unit of the mobile phone, and the background interaction unit verifies the device information. And storing the public key in its own secure area.
A4, the mobile phone performs living body detection on the user and acquires a portrait picture of the user in the living body detection operation process.
Specifically, a background interaction unit of the mobile phone commands a living body detection and portrait acquisition unit to perform living body detection and acquire portrait pictures of the user. And transmitting the detection result and the portrait picture to the background interaction unit.
A5, the mobile phone sends the portrait picture and the public key to the verification server.
Specifically, the background interaction unit of the mobile phone sends the portrait picture and the public key to the internet communication unit of the verification server through the internet communication unit.
A6, the authentication server stores the received portrait picture and generates the corresponding ID, then uses the public key to encrypt the ID, and returns the ID to the mobile phone.
Specifically, the internet communication unit of the verification server sends the received portrait picture and the public key to the background interaction unit, the background interaction unit stores the portrait picture and generates a corresponding ID (corresponding to the portrait picture one by one), then the public key is used for encrypting the ID, and the ID is returned to the mobile phone through the internet communication unit.
After above-mentioned process is accomplished, the user can open the identity information acquisition of "resident identification card online function", specifically includes:
b1, the mobile phone receives the information needed by the user to input 'opening'. The information includes: the mobile phone number and 8 digits form an authentication code.
Specifically, the user interaction unit of the mobile phone receives the relevant information input by the user, and transmits the relevant information to the trusted terminal through the bluetooth communication unit (or through the internet communication unit).
B2, the user interaction unit of the mobile phone prompts the user to place the identity card in the card reading area of the trusted terminal.
B3, the mobile phone sends the information input by the user in B1 to the trusted terminal together with the encrypted ID obtained in step A6.
B4, the trusted terminal uses its own private key to decrypt the encrypted ID.
Specifically, the background interaction unit of the trusted terminal uses its own private key to decrypt the encrypted ID transmitted in step B3.
And B5, the trusted terminal sends the decrypted ID to the verification server, and acquires the portrait picture corresponding to the ID from the verification server.
Specifically, the internet communication unit of the trusted terminal sends the decrypted ID to the authentication server, and the background processing unit of the authentication server obtains the corresponding portrait image from the database according to the ID, and then returns the portrait image to the trusted terminal through the internet communication unit.
After the above-mentioned process is accomplished, the user can open "resident identification card online function" through the cell-phone, specifically includes:
c1, the trusted terminal reads the user identity information in the identity card.
And C2, the trusted terminal opens the online function of the resident identification card based on the information obtained in the step B3, the portrait picture obtained in the step B5 and the user identity information in the step C1.
Specifically, in one mode, the trusted terminal performs the following process: opening the on-line function of the resident identification card, entering the opening page, completing the reading of the identification card, inputting the portrait picture, filling in the mobile phone number and the authentication code information, and finally clicking the confirmation button, wherein the method is to send the notification information to a credible server to complete the opening. Or the trusted terminal completes opening based on the information.
And C3, the trusted terminal returns the opening result to the mobile phone, and the opening result is presented to the user by the mobile phone.
In addition, only the portrait picture is used as the verification information, and other biometric information of the user, such as an iris, a fingerprint, and the like, may be used. Provided that the identity card stores such biometric information.
The above-described embodiments are merely preferred embodiments of the present invention, and general changes and substitutions by those skilled in the art within the technical scope of the present invention are included in the protection scope of the present invention.

Claims (10)

1. An online function opening method for an identity card is characterized by comprising the following steps:
s1, providing a trusted terminal, wherein the trusted terminal receives a connection request of a mobile phone;
s2, the trusted terminal generates a pair of public and private key pairs encrypted asymmetrically for a user to be opened, and returns the public key to the mobile phone, the trusted terminal returns the own equipment information to the mobile phone, and the mobile phone performs identity authentication on the trusted terminal based on the equipment information;
s3, the trusted terminal receives an opening request of the mobile phone and an encrypted ID sent by the mobile phone, wherein the encrypted ID is obtained through the following processes: the mobile phone sends the collected user biological information and the stored public key to a verification server, the verification server generates an ID corresponding to the user biological information, the public key is used for encrypting the ID corresponding to the user biological information, and the ID is returned to the mobile phone;
s4, the trusted terminal decrypts the encrypted ID by the private key to obtain the ID corresponding to the user biological information;
s5, the trusted terminal sends the ID corresponding to the user biometric information to the authentication server, and obtains the user biometric information corresponding to the ID from the authentication server;
s6, the trusted terminal opens the online function of the ID card based on the user biological information and the user identity information in the ID card, including:
c1, the trusted terminal receives the user mobile phone number, the authentication code and the encrypted ID sent by the mobile phone, and reads the identity information in the user identity card; and C2, the trusted terminal opens the online function of the resident identification card based on the information obtained in the step C1, the information obtained by decrypting the encrypted ID with the private key of the trusted terminal, and the portrait picture obtained from the verification server.
2. The method for opening function on ID card network according to claim 1,
the user biological information comprises a portrait picture of the user, an iris or a fingerprint of the user.
3. The method for opening function on ID card network according to claim 1,
in S3, the trusted terminal also receives user input information sent by the handset,
in S6, the trusted terminal activates an online function of the identity card based on the user identity information, the user identity information in the identity card, and the user input information from the mobile phone.
4. An identity card on-line function opening mobile phone, characterized in that, the mobile phone has a memory and a processor, the memory stores an executable program, the program when executed performs the following steps:
s1, the mobile phone sends a connection request to a trusted terminal;
s2, the mobile phone receives a public key of a public-private key pair aiming at the mobile phone generated by the trusted terminal, wherein the public key corresponds to a user to be opened;
s3, the mobile phone sends an encrypted ID and an opening request to the trusted terminal, wherein the encrypted ID is obtained through the following processes: the mobile phone sends the collected user biological information and the stored public key to a verification server, the verification server generates an ID corresponding to the user biological information, the ID corresponding to the user biological information is encrypted by using the public key and is returned to the mobile phone,
and S4, the mobile phone sends the user mobile phone number, the authentication code and the encrypted ID to the trusted terminal, and the online function of the identity card is opened.
5. The mobile phone with the function opened on the identity card network as claimed in claim 4, further comprising:
in S3, the mobile phone performs a living body test while collecting the user biological information, and collects the user biological information during the living body test.
6. A trusted terminal for online provisioning of identity cards, the trusted terminal having a memory and a processor, the memory storing an executable program that, when executed, performs the steps of:
s1, the trusted terminal receives a connection request of the mobile phone;
s2, the trusted terminal generates a pair of asymmetric encrypted public and private secret key pairs for the newly connected user, and returns the public key to the mobile phone;
s3, the trusted terminal receives an opening request of the mobile phone and an encrypted ID sent by the mobile phone, wherein the encrypted ID is obtained through the following processes: the mobile phone sends the collected user biological information and the stored public key to a verification server, the verification server generates an ID corresponding to the user biological information, the public key is used for encrypting the ID corresponding to the user biological information, and the ID is returned to the mobile phone;
s4, the trusted terminal decrypts the encrypted ID by the private key to obtain the ID corresponding to the user biological information;
s5, the trusted terminal sends the ID corresponding to the user biometric information to the authentication server, and obtains the user biometric information corresponding to the ID from the authentication server;
s6, the trusted terminal opens the online function of the ID card based on the user biological information and the user identity information in the ID card, including: c1, the trusted terminal receives the user mobile phone number, the authentication code and the encrypted ID sent by the mobile phone, and reads the identity information in the user identity card; and C2, the trusted terminal opens the online function of the resident identification card based on the information obtained in the step C1, the information obtained by decrypting the encrypted ID with the private key of the trusted terminal, and the portrait picture obtained from the verification server.
7. The on-line provisioning of trusted terminal for identity cards according to claim 6,
the user biological information comprises a portrait picture of the user, an iris or a fingerprint of the user.
8. The on-line provisioning of trusted terminal for identity cards according to claim 6,
in S3, the mobile phone performs a living body test while collecting the user biological information, and collects the user biological information during the living body test.
9. An on-line, feature-opening authentication server for an identification card, the authentication server having a memory and a processor, the memory storing an executable program that when executed performs the steps of:
s1, the authentication server receives a request of the mobile phone, wherein the request comprises the biological information of the user collected by the mobile phone and a public key of a trusted terminal;
s2, the authentication server generates an ID corresponding to the user biological information, encrypts the ID corresponding to the user biological information by using the public key and returns the ID to the mobile phone;
and S3, the authentication server receives an authentication request sent by the trusted terminal, wherein the request contains the ID corresponding to the user biological information, and the authentication server returns the user biological information corresponding to the ID corresponding to the user biological information to the trusted terminal.
10. The on-line functionalizing authentication server of identity card according to claim 9,
the user biological information comprises a portrait picture of the user, an iris or a fingerprint of the user.
CN201710729028.2A 2017-08-23 2017-08-23 Online function opening method for identity card, mobile phone, trusted terminal and verification server Active CN107506635B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710729028.2A CN107506635B (en) 2017-08-23 2017-08-23 Online function opening method for identity card, mobile phone, trusted terminal and verification server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710729028.2A CN107506635B (en) 2017-08-23 2017-08-23 Online function opening method for identity card, mobile phone, trusted terminal and verification server

Publications (2)

Publication Number Publication Date
CN107506635A CN107506635A (en) 2017-12-22
CN107506635B true CN107506635B (en) 2020-02-14

Family

ID=60692362

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710729028.2A Active CN107506635B (en) 2017-08-23 2017-08-23 Online function opening method for identity card, mobile phone, trusted terminal and verification server

Country Status (1)

Country Link
CN (1) CN107506635B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110460580B (en) * 2019-07-11 2022-02-22 中国银联股份有限公司 Image acquisition device, server and encryption and decryption methods
CN110443740A (en) * 2019-07-30 2019-11-12 广州大白互联网科技有限公司 A kind of identity identifying method and system
CN110855664A (en) * 2019-11-12 2020-02-28 广州大白互联网科技有限公司 Network certificate system
CN110955858B (en) * 2019-11-12 2022-11-18 广州大白互联网科技有限公司 Information management method of network license platform
CN111429131B (en) * 2020-03-26 2022-12-06 支付宝(杭州)信息技术有限公司 Two-dimensional code opening and payment processing method, device and system thereof, and electronic equipment
CN115001716B (en) * 2022-08-02 2022-12-06 长沙朗源电子科技有限公司 Network data processing method and system of education all-in-one machine and education all-in-one machine

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599832A (en) * 2008-06-05 2009-12-09 北京思创银联科技有限公司 A kind of personal identification method and system that realize the network system login
GB2500560A (en) * 2011-11-03 2013-10-02 Proxama Ltd Authorising transactions in a mobile device
CN105207774A (en) * 2014-05-30 2015-12-30 北京奇虎科技有限公司 Key negotiation method and device of verification information
CN105227316A (en) * 2015-09-01 2016-01-06 深圳市创想一登科技有限公司 Based on mobile Internet account login system and the method for facial image authentication
CN106373290A (en) * 2016-11-04 2017-02-01 深圳市亚略特生物识别科技有限公司 Intelligent certificate handling device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599832A (en) * 2008-06-05 2009-12-09 北京思创银联科技有限公司 A kind of personal identification method and system that realize the network system login
GB2500560A (en) * 2011-11-03 2013-10-02 Proxama Ltd Authorising transactions in a mobile device
CN105207774A (en) * 2014-05-30 2015-12-30 北京奇虎科技有限公司 Key negotiation method and device of verification information
CN105227316A (en) * 2015-09-01 2016-01-06 深圳市创想一登科技有限公司 Based on mobile Internet account login system and the method for facial image authentication
CN106373290A (en) * 2016-11-04 2017-02-01 深圳市亚略特生物识别科技有限公司 Intelligent certificate handling device

Also Published As

Publication number Publication date
CN107506635A (en) 2017-12-22

Similar Documents

Publication Publication Date Title
CN107506635B (en) Online function opening method for identity card, mobile phone, trusted terminal and verification server
CN110602089B (en) Block chain-based medical data storage method, device, equipment and storage medium
US9531710B2 (en) Behavioral authentication system using a biometric fingerprint sensor and user behavior for authentication
CN106487511B (en) Identity authentication method and device
CN102714591B (en) Proximity based biometric identification systems and methods
CN108809659B (en) Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system
ES2596308T3 (en) Method and provision for secure authentication
US9954687B2 (en) Establishing a wireless connection to a wireless access point
CA2829256C (en) Mobile device-based system for automated, real time health record exchange
CN110291754A (en) It is accessed using the system of mobile device
JP2021504860A (en) Extension of secure key storage for transaction verification and cryptocurrencies
CN110462658A (en) For providing system and method for the digital identity record to verify the identity of user
CN106330442B (en) Identity authentication method, device and system
CN109509518A (en) Management method, server and the computer storage medium of electronic health record
US20040044625A1 (en) Digital contents issuing system and digital contents issuing method
CN105684483A (en) Registry apparatus, agent device, application providing apparatus and corresponding methods
WO2010002541A1 (en) Trusted service manager (tsm) architectures and methods
TW201121280A (en) Network security verification method and device and handheld electronic device verification method.
CN109992949A (en) A kind of equipment authentication method, air card-writing method and apparatus authentication device
CN102638471A (en) Password protection and management method
US11282071B2 (en) Digital identity management device
CN106650372B (en) The activating method and device of administrator right
US20220005039A1 (en) Delegation method and delegation request managing method
US20230050280A1 (en) Computer-implemented user identity verification method
CN108989331B (en) Use authentication method of data storage device, device and storage medium thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant