CN107872321A - The method and electronic identity terminal device of electronic identity authentication - Google Patents

The method and electronic identity terminal device of electronic identity authentication Download PDF

Info

Publication number
CN107872321A
CN107872321A CN201610852630.0A CN201610852630A CN107872321A CN 107872321 A CN107872321 A CN 107872321A CN 201610852630 A CN201610852630 A CN 201610852630A CN 107872321 A CN107872321 A CN 107872321A
Authority
CN
China
Prior art keywords
eid
cards
terminal devices
identification information
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610852630.0A
Other languages
Chinese (zh)
Other versions
CN107872321B (en
Inventor
郭辉
郭宏杰
刘海龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eidlink Information Technology Co Ltd
Original Assignee
Eidlink Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eidlink Information Technology Co Ltd filed Critical Eidlink Information Technology Co Ltd
Priority to CN201610852630.0A priority Critical patent/CN107872321B/en
Publication of CN107872321A publication Critical patent/CN107872321A/en
Application granted granted Critical
Publication of CN107872321B publication Critical patent/CN107872321B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides the method and eID terminal devices of eID certifications.A kind of method includes:EID terminal devices read the eID information of the identification information and eID cards of eID cards in eID cards from eID cards and carry out the first signature value that the first signature obtains by the eID card reading devices of eID terminal devices;EID terminal devices show eID information and the first signature value.Another method includes:EID terminal devices read the eID information of the identification information of eID cards, eID cards in eID cards from eID cards and carry out the first signature value, the UUID corresponding with the identification information of eID cards that the first signature obtains;EID terminal devices send the identification information and the first signature value of eID cards to identification service system;EID terminal devices show UUID.The technical scheme make it that the convenience for obtaining the eID information on eID cards and ease for use are higher, the final convenience for improving eID certifications.

Description

The method and electronic identity terminal device of electronic identity authentication
Technical field
The present invention relates to message area, more particularly to a kind of electronic identity (electronic Identity, eID) certification Method and eID terminal devices.
Background technology
With developing rapidly for computer and Internet technology, how the personal identification of user is effectively recognized in internet Card becomes the hot issue that business circles and academia pay close attention to jointly.In order to solve this problem, user notes in system of real name website It is passive to require to provide the privacy informations such as personal phone number, identification card number, home address during volume.This method can exist real The problems such as name profiteering privacy of user in website processed, server reveal privacy by assault.For these problems, it is proposed that pass through EID verifies the method for the validity of user identity.
EID is also known as network electronic identity, and referring to can be at a string of one user identity of cyberspace unique mark Electronic information.EID centers rely on the Ministry of Public Security to cover the national citizenship information bank of 1,300,000,000 populations, can be that user generates one group Unique network identifier and digital certificate, ensure the authenticity and uniqueness of user identity, meanwhile, the network identifier sum Word certificate does not include any personal identification privacy information.EID relevant informations are created by unified mechanism and management, so, can be true The authenticity of personal identification is protected, can effectively avoid subscriber identity information to be exposed caused by being carried at various network operators again Light and leakage.Moreover, user can also be avoided frequently to be manually entered username and password using eID, ensureing that identity security can Quick login and other trusted operations are realized on the premise of leaning on.
The eID of user is carried on smart cards under normal circumstances, the smart card for carrying eID information can be referred to as into eID Card.Some eID cards also have crypto-operation function.
At present, during using eID cards being verified to the electronic identity of user, a kind of method is that eID cards pass through card reader Connected with PC (Personal Computer, PC), the eID that then PC can be read on eID cards by card reader believes Breath, then carries out follow-up flow for authenticating ID.
The above method needs to use card reader, and the use limitation of card reader, and such as most of mobile terminal can not be from Card reader reads information so that the eID information convenience read on eID cards is affected, final to influence the convenient of eID certifications Property.
The content of the invention
The present invention provides method, eID terminal devices and the eID Verification Systems of eID certifications, it is possible to increase eID certifications are just Victory.
In a first aspect, the invention provides a kind of method of eID certifications, including:EID terminal devices are whole by the eID The eID card reading devices of end equipment, the eID of the identification information and eID cards of eID cards in the eID cards is read from eID cards Information carries out the first signature value that the first signature obtains;The eID terminal devices show the identification information and described of the eID One signature value.
In the embodiment of the present invention, eID terminal devices by the eID card reading devices of the eID terminal devices, directly from Information is read on eID cards, aids in obtaining the information on eID cards without this extra equipment of card reader, so that It is higher to obtain convenience and the ease for use of the eID information on eID cards, the final convenience for improving eID certifications.
Alternatively, eID terminal devices can read neck by the eID cards on the eID terminal devices, directly read slotting Enter the information in the eID cards of neck, or eID terminal devices can by the eID card reading devices of the eID terminal devices, Directly read the information in the eID cards in its smartcard identification region.
In a kind of possible implementation, the eID terminal devices are self service terminal of bank equipment.
Because self service terminal of bank device distribution is extensive, easily use, therefore set by self service terminal of bank It is standby directly to obtain the information on eID cards, the convenience for obtaining the information on eID cards can be further improved, and then improve eID The convenience of certification.
In a kind of possible implementation, eID terminal devices by the eID card reading devices of the eID terminal devices, The eID information of the identification information and eID cards of eID cards in the eID cards is read from eID cards and carries out what the first signature obtained First signature value, including:The eID terminal devices are by the eID card reading devices of the eID terminal devices, from the eID cards The upper identification information for reading the eID cards;The eID terminal devices determine to continue according to the identification information of the eID cards and institute State eID cartoon letters;The eID terminal devices send plaintext data to the eID cards, and it is whole that the plaintext data includes the eID The identification information of end equipment, the ground area code of the eID terminal devices, the sites number of the eID terminal devices, the eID cards The regular version information that identification information and eID generation Quick Response Codes will use;The eID terminal devices receive the eID Block the first signature value sent, the first signature value is that the eID cards sign to obtain to plaintext data progress eID EID signature values;The eID terminal devices show the eID information and the first signature value, including:The eID terminals are set It is standby to send the first signature value to identification service system;The eID terminal devices receive what the identification service system was sent Message authentication code MAC signature values, the MAC signatures value are that the identification service system carries out MAC label to the first signature value The signature value that name obtains;The eID terminal devices generation includes the plaintext data, the first signature value and MAC label The Quick Response Code of name value;The eID shows the Quick Response Code.
In the embodiment of the present invention, after eID terminal devices get the signing messages of eID cards, the signing messages is sent to Identification service system, in order to which identification service system carries out dual signature again to the signing messages.Recognize so as to further improve eID The security of card.And eID shows signing messages by Quick Response Code mode, other equipment can be improved and obtain the signing messages Convenience.
In a kind of possible implementation, the identification service system is public security eID centring systems.
In the embodiment of the present invention, dual signature is carried out come the signing messages generated to eID cards by public security eID centring systems, The security of eID certifications can further be improved.Alternatively, the identification service system can also be eID network identity servers Structure (Identity Service Provider, IDSP).
Second aspect, the invention provides a kind of method of eID certifications, including:EID terminal devices are whole by the eID The eID card reading devices of end equipment, the eID of the identification information, eID cards of eID cards in the eID cards is read from eID cards Information carries out the first signature value, the general unique identifier corresponding with the identification information of the eID cards that the first signature obtains (Universally Unique Identifier, UUID);The eID terminal devices send the eID to identification service system The identification information of card and the first signature value;The eID terminal devices show the UUID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
Alternatively, eID terminal devices can directly read the information in the eID cards for inserting its neck, or eID terminals are set The standby information that can be directly read in the eID cards in its smartcard identification region.
In a kind of possible implementation, the eID terminal devices are self service terminal of bank equipment.
Because self service terminal of bank device distribution is extensive, easily use, therefore set by self service terminal of bank It is standby directly to obtain the information on eID cards, the convenience for obtaining the information on eID cards can be further improved, and then improve eID The convenience of certification.
In a kind of possible implementation, the eID terminal devices are read by the eID cards of the eID terminal devices Device, the eID information progress first of the identification information, eID cards of eID cards in the eID cards is read from eID cards and is signed The first signature value for arriving, the UUID corresponding with the identification information of the eID cards, including:The eID terminal devices pass through described The eID card reading devices of eID terminal devices, the identification information of the eID cards is read from the eID cards;The eID terminals are set It is standby to determine to continue and the eID cartoon letters according to the identification information of the eID cards;The eID terminal devices are sent out to the eID cards Send plaintext data, the plaintext data include the identification information of the eID terminal devices, the eID terminal devices ground area code, The site number of the eID terminal devices, the identification information of the eID cards and eID generation Quick Response Codes are regular by what is used Version information;The the first signature value and the UUID that the eID terminal devices reception eID cards are sent, described first Signature value is that the eID cards carry out the eID signature values that eID signs to obtain to the plaintext data;Wherein, the eID terminals are set It is standby to send the identification information of the eID cards and the first signature value to identification service system, including:The eID terminal devices UUID, the plaintext data and the first signature value are sent to the identification service system;The eID terminal devices show Show the UUID, including:The eID terminal devices generation includes the Quick Response Code of the UUID;The eID terminal devices show institute State Quick Response Code.
In the embodiment of the present invention, eID terminal devices can to identification service system send signing messages, plaintext data and UUID, UUID is then shown by Quick Response Code, after the UUID that display is easily obtained in order to subscriber terminal equipment, can passed through The UUID is sent to identification service system, so that the label that identification service system can be sent according to eID terminal devices The authenticity for the UUID certifications eID that name information, plaintext data and UUID and subscriber terminal equipment are sent.
In a kind of possible implementation, the identification service system provides IDSP systems for intelligent dynamic service.
The third aspect, the invention provides a kind of eID terminal devices, the eID terminal devices include being used to perform first The module of fault handling method in the possible implementation of any one in aspect or first aspect.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
Fourth aspect, the invention provides a kind of eID terminal devices, the eID terminal devices include being used to perform second The module of fault handling method in the possible implementation of any one in aspect or second aspect.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
5th aspect, the invention provides a kind of eID terminal devices, including receiver, transmitter, processor and storage Device, the memory are used for store code, and the processor is used to perform the code in the memory, the receiver and hair Device is sent to be used to communicate with other equipment.When the code is performed, the processor calls the receiver and transmitter real Method in existing first aspect or first aspect in any one possible implementation.
6th aspect, the invention provides a kind of eID terminal devices, including receiver, transmitter, processor and storage Device, the memory are used for store code, and the processor is used to perform the code in the memory, the receiver and hair Device is sent to be used to communicate with other equipment.When the code is performed, the processor calls the receiver and transmitter real Method in existing second aspect or second aspect in any one possible implementation.
7th aspect, the invention provides a kind of computer-readable medium, the computer-readable medium storage is used for eID The program code that terminal device performs, described program code includes being used to perform in first aspect or any one in first aspect The instruction of method in possible implementation.
Eighth aspect, the invention provides a kind of computer-readable medium, the computer-readable medium storage is used for eID The program code that terminal device performs, described program code includes being used to perform in second aspect or any one in second aspect The instruction of method in possible implementation.
9th aspect, the invention provides a kind of eID Verification Systems, including the eID in the third aspect or fourth aspect whole End equipment.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, it will make below to required in the embodiment of the present invention Accompanying drawing is briefly described, it should be apparent that, drawings described below is only some embodiments of the present invention, for For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 is the exemplary scenario figure of the method for the eID certifications that can apply the embodiment of the present invention.
Fig. 2 is the indicative flowchart of the method for the eID certifications of one embodiment of the invention.
Fig. 3 is the indicative flowchart of the method for the eID certifications of another embodiment of the present invention.
Fig. 4 is the indicative flowchart of the method for the eID certifications of another embodiment of the present invention.
Fig. 5 is the indicative flowchart of the method for the eID certifications of another embodiment of the present invention.
Fig. 6 is the schematic block diagram of the eID certification terminal devices of one embodiment of the invention.
Fig. 7 is the schematic block diagram of the eID certification terminal devices of another embodiment of the present invention.
Fig. 8 is the schematic block diagram of the eID certification terminal devices of one embodiment of the invention.
Fig. 9 is the schematic block diagram of the eID certification terminal devices of another embodiment of the present invention.
Figure 10 is the schematic block diagram of the eID Verification Systems of one embodiment of the invention
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, rather than whole embodiments.Based on this hair Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made Example, belongs to the scope of protection of the invention.
In order to make it easy to understand, first description can apply the scene of the method for the eID certifications of the embodiment of the present invention on the whole Exemplary plot.It should be understood that the embodiment of the present invention is not limited in the system architecture shown in Fig. 1, in addition, the device in Fig. 1 can be with Hardware or the software or the above that functionally divide both combination.
In application scenarios shown in Fig. 1, including eID cards 110, mobile terminal device 120, the and of public security eID centring systems 130 IDSP systems 140.
EID cards 110 are the smart card for carrying eID information.Certainly, other information can be also carried on eID cards, such as numeral card Book, some eID cards also have crypto-operation function.The particular content of information of the present invention to being carried on eID cards is not restricted, only If the card for carrying eID information each falls within protection scope of the present invention.
Mobile terminal device 120 can be described as access terminal, terminal device, mobile device, user terminal, terminal, wireless again Communication equipment etc..Mobile terminal device 120 can also be the handheld device with radio communication function, mobile unit, wearable Terminal device in equipment and following 5G networks etc..Mobile terminal device in the embodiment of the present invention is exemplary illustration, It can also be non mobility equipment that the equipment in the scene of the method for the eID certifications of the embodiment of the present invention, which can be applied,.
Under normal circumstances, user in need is disposed on mobile terminal device 120 apply on the line of authentication or line Upper service.Applied in the embodiment of the present invention, on line or online service can refer to ubiquitous network service, it is necessary to eID network identities The application of identification and security service all can access eID identity services.
Public security eID centring systems 130 are the systems that the eID information of user is created and managed.
IDSP systems 140 are the third party systems in addition to mobile terminal device and public security eID centring systems, and it can be aided in Complete the certification of the eID information of user in public security eID centers 130.Alternatively, the eID certifications of the embodiment of the present invention can be applied Can there is no IDSP systems 140 in the scene of method.
ISDP systems can also be referred to as eID service organizations, and it specifically can be used for connecting eID network identity operating agencies With application service on line, eID network identity services can be provided to application service on line.
IDSP systems 140 can communicate with mobile terminal device 120 and public security eID centring systems 130.
Mechanism and/or eID networks can also be signed and issued in the scene of the method for the eID certifications of the embodiment of the present invention including eID Identity operating agency.EID, which signs and issues mechanism, can connect " Ministry of Public Security citizen network identity identifying system " in Ministry of Public Security's population storehouse, hold Carry on a shoulder pole registration and the distribution function of eID carriers, it is possible to provide load eID carrier, have extensive distribution channel and strict identity The mechanism of examination & verification and face label program can apply to become eID and sign and issue mechanism.EID network identity operating agencies (Identity Service Operator, IDSO), eID operating agencies can also be referred to as, connection eID signs and issues mechanism and eID network identities clothes Be engaged in mechanism, undertakes the identification infrastructure service of eID network identities, and with the service organization's cooperation of eID network identities to application service on line The public service of eID network identities and associated safety service are provided.
When user uses application or service on mobile terminal device 120, these applications or service may require that certification is used The identity at family, and the eID information that the identity of certification user needs to use is stored on eID cards 110, this when, mobile terminal was set The standby 120 eID information for needing to obtain on eID cards have carried out authentication.
In the prior art, it is necessary to which eID cards 110 are inserted in card reader, then card reader is communicated with PC, PC passes through Card reader reads the eID information in eID cards 110 and shown by way of Quick Response Code, and mobile terminal device 120 passes through camera Scan the Quick Response Code, obtain the eID information in Quick Response Code, then by the eID information be sent to public security eID centring systems 130 and/or IDSP systems 140 carry out authentication.
Because the above method needs to use card reader, therefore leverage and eID information is read from eID cards to carry out body The convenience of part certification.
Therefore, the present invention proposes a kind of method of new eID certifications, and eID information is read from eID cards to enter to improve The convenience of row authentication.
Fig. 2 is the exemplary process diagram of the method for the eID certifications of the embodiment of the present invention.It should be understood that Fig. 2 shows that eID recognizes The step of method of card or operation, but these steps or operation are only examples, and the embodiment of the present invention can also carry out other operations Or the deformation of each operation in Fig. 2.In addition, each step in Fig. 2 can be come according to the different orders presented from Fig. 2 Perform, and it is possible to do not really want to perform all operationss in Fig. 2.
S210, eID terminal device read eID cards by the eID card reading devices of the eID terminal devices from eID cards EID information in eID cards of identification information and eID cards carry out the first signature value that the first signature obtains.
In the embodiment of the present invention, eID terminal devices are by the eID card reading devices of the eID terminal devices, from eID cards The information such as the identification information or signing messages of upper reading eID cards, can refer to eID terminal devices by eID terminal devices can Read the module of the information on smart card or unit or device read information in eID cards directly from eID, as directly can be from The information in eID cards or eID terminal devices are read on the eID cards inserted in its neck can directly read close to its smart card Information in the eID cards of identification region so that user does not need extra card reader to realize, therefore can improve from eID cards It is upper to read information to carry out the convenience of authentication.
S220, eID terminal device show the identification information of the eID cards and the first signature value.
EID terminal devices show the signature value of the identification information of the eID cards and the eID information generation in the eID cards, The user equipment for disposing certification user identity in need allow according to the signing messages is obtained to carry out authentication.This Place, the user equipment for disposing certification user identity in need can be the mobile terminal device 120 shown in Fig. 1.
In the embodiment of the present invention, alternatively, eID terminal devices read the identification information and eID cards of eID cards from eID cards EID information in eID cards carries out the first specific implementation for signing the first obtained signature value:EID terminals Equipment reads the identification information of eID cards from eID cards;EID terminal devices determine to continue according to the identification information of eID cards and eID Cartoon letters;EID terminal devices send plaintext data to eID cards, and it is whole that plaintext data includes the identification information of eID terminal devices, eID The rule that the ground area code of end equipment, the site number of eID terminal devices, the identification information of eID cards and eID generation Quick Response Codes will use Version information;EID terminal devices receive the first signature value that eID cards are sent, and the first signature value is that eID cards enter to plaintext data Row eID signs, and obtains eID signature values.Correspondingly, eID terminal devices show the identification information and the first signature value of eID cards, bag Include:EID terminal devices send the first signature value to identification service system;EID terminal devices receive what identification service system was sent Message authentication code (Message Authentication Code, MAC) signature value, MAC signatures value are identification service system to the One signature value carries out the signature value that MAC signs to obtain;The generation of eID terminal devices includes plaintext data, the first signature value and MAC label The Quick Response Code of name value;EID shows the Quick Response Code.
Alternatively, the eID signatures that eID cards are carried out to plaintext data can be including the use of symmetrical Secret key arithmetic or using non-right Claim the signature of Secret key arithmetic, such as use Hash operation message authentication code (Hash-based Message Authentication Code, HMAC) HAMC signature or public infrastructure (Public Key Infrastructure, PKI) signature.PKI signs RSA (Ron Rivest, Adi Shamir, Leonard Adleman) or the close SM2 scheduling algorithms of state can be used.
In the embodiment of the present invention, after eID terminal devices get the signing messages of eID cards, the signing messages is sent to Identification service system, in order to which identification service system carries out dual signature again to the signing messages.Recognize so as to further improve eID The security of card.And eID shows signing messages by Quick Response Code mode, other equipment can be improved and obtain the signing messages Convenience.
Certainly, eID terminal devices can also generate including plaintext data, the first signature value and MAC signature values other are aobvious Show code and show the show code.As eID terminal devices can be generated including plaintext data, the first signature value and MAC signature values Bar code simultaneously shows the bar code.That is, side of the present invention to display plaintext data, the first signature value and MAC signature values Formula is not restricted.
Now, alternatively, the identification service system can be the public security eID centring systems 130 shown in Fig. 1.
In the embodiment of the present invention, alternatively, eID terminal devices determine to continue and eID cartoons according to the identification information of eID cards Letter, can be specifically:After eID terminal devices read the identification information of eID cards, eID terminal devices can carry out individual to the eID cards People's identification number (Personal Identification Number, PIN) verifies, and just continues to stick into eID when verifying successfully Row communication, such as sends information to eID cards, continues to read information etc. from eID cards.
The invention also provides the method for another eID certifications, indicative flowchart are as shown in Figure 3.It should be understood that Fig. 3 shows The step of having gone out the method for eID certifications or operation, but these steps or operation are only examples, and the embodiment of the present invention can also carry out Other operations or the deformation of each operation in Fig. 3.In addition, each step in Fig. 3 can be according to the difference presented with Fig. 3 Order perform, and it is possible to do not really want to perform all operationss in Fig. 3.
S310, eID terminal device read the eID letters of the identification information of eID cards, eID cards in eID cards from eID cards Breath carries out the first signature value, the UUID corresponding with the identification information of eID cards that the first signature obtains.
In the embodiment of the present invention, eID terminal devices read the letter such as identification information or signing messages of eID cards from eID cards Breath refers to that eID terminal devices are straight by the module that the information on smart card can be read on eID terminal devices or unit or device The information read from eID in eID cards is connect, as can be directly read the information in eID cards from the eID cards inserted in its neck Or eID terminal devices can directly read the information in the eID cards in its smartcard identification region so that user need not Extra card reader is realized, therefore can improve and information is read from eID cards to carry out the convenience of authentication.
S320, eID terminal device send the identification information and the first signature value of eID cards to identification service system.
S330, eID terminal device show the UUID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
In the embodiment of the present invention, eID terminal devices read the identification information of eID cards, eID cards according to eID cards from eID cards In eID information carry out the first signature value, the UUID corresponding with the identification information of eID cards that the first signature obtains it is a kind of specifically Implementation can be:EID terminal devices read the identification information of eID cards from eID cards;EID terminal devices are according to eID cards Identification information determine continue with eID cartoon letters;EID terminal devices send plaintext data to eID cards, and plaintext data includes eID The identification information of terminal device, the ground area code of eID terminal devices, the site number of eID terminal devices, eID cards identification information and The regular version information that eID generation Quick Response Codes will use;EID terminal devices receive the first signature value and the institute that eID cards are sent UUID is stated, the first signature value is that eID cards carry out the eID signature values that eID signs to obtain to plaintext data.Correspondingly, eID terminals are set It is standby to be specially to the identification information of identification service system transmission eID cards and the first signature value:EID terminal devices are to authentication service system System sends UUID, plaintext data and the first signature value;EID terminal devices show that UUID is specially:The generation of eID terminal devices includes UUID Quick Response Code;EID terminal device two-dimensional code displays.
Alternatively, the eID signatures that eID cards are carried out to plaintext data can be including the use of symmetrical Secret key arithmetic or using non-right Claim the signature of Secret key arithmetic, such as using HMAC HAMC signatures or PKI signatures.PKI signatures can use RSA or the close SM2 of state etc. Algorithm.
In the embodiment of the present invention, eID terminal devices can to identification service system send signing messages, plaintext data and UUID, UUID is then shown by Quick Response Code, after the UUID that display is easily obtained in order to subscriber terminal equipment, can passed through The UUID is sent to identification service system, so that the label that identification service system can be sent according to eID terminal devices The authenticity for the UUID certifications eID that name information, plaintext data and UUID and subscriber terminal equipment are sent.
Certainly, eID terminal devices can also generate other show codes including UUID and show the show code.As eID is whole End equipment can generate the bar code including UID and show the bar code.That is, the present invention is to showing UUID mode not It is restricted.
In the embodiment of the present invention, alternatively, identification service system can be IDSP systems, IDSP systems as shown in Figure 1 System 140.
In the method for eID certifications shown in Fig. 2 and Fig. 3, alternatively, eID terminal devices can be that self-service terminal is set It is standby.
Self-service terminal equipment is typically referred to " Self-Service " as system design philosophies, to alleviate traditional business hall people The problem of flow is excessive, the deficiency on the original business hours is made up, avoid customer from making customer in the worry of business hall transacting business Experience the terminal device of service that is light, convenient, showing consideration for.Business hall self-service terminal be to business hall service extension with Supplement.
Such as in financial industry, user can self service terminal of bank equipment carry out account inquiries, it is self-service transfer accounts, reconciliation Singles' print, recognize, the self-service business such as report the loss.In the communications industry, user can input telephone number by self-service terminating machine Carry out self-service mobile phone of handling and stop the basic services such as (multiple) machine, bill inquiry printing, payment, printing invoice, caller identification Start-stop is handled.
Self-service terminal equipment can be positioned over various business halls, collection charges point, station, harbour, airport, megastore etc. Public place.
Preferably, the eID service end devices in the embodiment of the present invention can be self service terminal of bank equipment, such as custom Enquiry machine or server of title etc..As long as there is the mould for the eID information that can directly read on eID cards on self service terminal of bank Block or unit or device, user's can only need to use the self-service terminal can to obtain for verifying that its eID's is true The signing messages of reality.
With reference to the self service terminal of bank equipment in Fig. 4, mobile terminal device, public security eID centring systems and IDSP systems, the method for the exemplary eID certifications being discussed in detail shown in Fig. 2.In Fig. 4 with identical reference table in Fig. 1 Show identical implication, for sake of simplicity, here is omitted.
When user needs to use the eID Information Authentication identity on eID cards, eID card insertions are entered bank self-help service eventually by it In the neck of end equipment, or the region by eID cards in self service terminal of bank equipment for identification intelligent card.
S402, self service terminal of bank equipment 401 read eID identification information by eID card reading devices thereon, And PIN verifications are carried out to eID cards.
S404, after self service terminal of bank equipment 401 verifies successfully to eID cards progress PIN, original text is sent to eID cards Data, plaintext data can include the identification information of eID cards, the identification information of self service terminal of bank equipment, current transaction Site number where ground area code and self service terminal of bank equipment and bank where time, self service terminal of bank equipment Self-service terminal equipment generates the regular version information (such as version number) used during Quick Response Code.
After the plaintext data that S406, eID clamping cash register row self-service terminal equipment are sent, the plaintext data is carried out EID signs, and obtains eID signature values.HMAC signatures are such as carried out to the plaintext data or PKI signs.
S408, eID card send eID signature values to self service terminal of bank equipment.
S410, after self service terminal of bank equipment 401 receives the eID signature values that eID cards are sent, to public security eID centers System 130 sends the eID signature values.
After S412, public security eID centring system 130 receives the eID signature values that self service terminal of bank equipment 401 is sent, MAC signatures can be carried out to the eID signatures value, obtain corresponding MAC signature values.
The MAC that S414, public security eID centring system 130 sends its generation to self service terminal of bank equipment 401 signs Value.
S416, after self service terminal of bank equipment 401 receives the MAC signature values that public security eID centring systems are sent, pass through Quick Response Code shows MAC signatures value, HMAC signatures value and plaintext data
S418, mobile terminal device 120 scan the Quick Response Code in self service terminal of bank equipment 301 by camera, Obtain the information in Quick Response Code.
S420, mobile terminal device 120 send the information obtained from Quick Response Code to IDSP systems 140.
S422, IDSP system 140 receives the information that mobile terminal device 120 is sent, and is believed according to the mark of eID cards therein Breath obtains eID information corresponding with the eID cards, then carries out eID signatures to plaintext data according to the eID information, if obtain EID signatures value is identical with the eID signature values in Quick Response Code, then carries out the eID signatures value that eID signs to obtain to IDSP again and carries out MAC is signed, and by obtained MAC signatures value compared with the MAC signature values in Quick Response Code, eID certifications success is represented if identical, no Then eID authentification failures.
S424, IDSP system 140 sends authentication result to mobile terminal device 120 and is success or failure.
Wherein, S422 and S424 specifically can also be:Online service on mobile terminal device 120 is by the letter in Quick Response Code Breath is sent to the background service of online service, and the information of Quick Response Code is sent to IDSP systems 140 by the background service again, by IDSP After system 140 carries out eID certifications to the information in Quick Response Code, IDSP systems 140 transmit verification result to background service, backstage Service is then forwarded to the online service on mobile terminal device 120, and the online service shows certification on mobile terminal device 120 As a result.
With reference to the self service terminal of bank equipment in Fig. 5, mobile terminal device, public security eID centring systems and IDSP systems, the method for the exemplary eID certifications being discussed in detail in Fig. 3.In Fig. 5 phase is represented with identical reference in Fig. 1 Same implication, for sake of simplicity, here is omitted.
When user needs to use the eID Information Authentication identity on eID cards, eID card insertions are entered bank self-help service eventually by it In the neck of end equipment, or the region by eID cards in self service terminal of bank equipment for identification intelligent card.
S502, the mark that self service terminal of bank equipment 501 obtains eID cards by eID card reading devices thereon are believed Breath, and PIN verifications are carried out to eID cards.
S504, after self service terminal of bank equipment 501 verifies successfully to eID cards PIN, plaintext data is sent to eID cards, Plaintext data can include the identification information of eID cards, the identification information of self service terminal of bank equipment, current exchange hour, Site number where ground area code and self service terminal of bank equipment and bank self-help where self service terminal of bank equipment Service end device generates the regular version information (such as version number) used during Quick Response Code.
After S506, eID card 110 receives the plaintext data that self service terminal of bank equipment 501 is sent, to the plaintext data EID signatures are carried out, obtain eID signature values.HMAC signatures are such as carried out to the plaintext data or PKI signs.
S508, eID card 110 sends eID signatures value and corresponding with the eID cards to self service terminal of bank equipment 501 UUID information.
S510, after self service terminal of bank equipment 501 receives the eID signatures value of eID cards transmission, UUID, to public security eID Centring system 130 sends plaintext data, eID signatures value and UUID.
S512, public security eID centring system 130 receives plaintext data, the eID that self service terminal of bank equipment 501 is sent After signature value and UUID, these information are passed through into IDSP systems 140.
S514, self service terminal of bank equipment 501 show UUID by Quick Response Code.
S516, mobile terminal device 120 scan the Quick Response Code in self service terminal of bank equipment 501 by camera, Obtain the UUID information in Quick Response Code.
S518, mobile terminal device 120 send the UUID information obtained from Quick Response Code to IDSP systems 140.
After S520, IDSP system 140 receives the UUID information that mobile terminal device 120 is sent, IDSP systems obtain and should The identification information of eID cards corresponding to UUID, eID information corresponding to the eID cards is then obtained, according to the eID information to original text number According to progress eID signatures, and by obtained eID signatures value compared with the eID signature values obtained in S514, if identical, mark EID certifications are successful, otherwise authentification failure.
S522, IDSP system 140 sends authentication result to mobile terminal device 120.
Wherein, S518 and S520 specifically can also be:Online service on mobile terminal device 120 is by Quick Response Code UUID is sent to the background service of online service, and UUID is sent to IDSP systems 140 by the background service again, by IDSP systems After 140 carry out eID certifications according to UUID, IDSP systems 140 transmit verification result to background service, and background service is then forwarded to Online service on mobile terminal device 120, the online service show authentication result on mobile terminal device 120.
The method of the eID certifications of the embodiment of the present invention is described above, introduces the present invention with reference to Fig. 6 to Figure 10 and implements The eID terminal devices of example.
Fig. 6 is the schematic block diagram of the eID terminal devices of one embodiment of the invention.It should be understood that the eID shown in Fig. 6 is whole End equipment 600 is only example, and the eID terminal devices of the embodiment of the present invention may also include other modules or unit, or including with Intimate module of modules in Fig. 6, or do not really want to include all modules in Fig. 6.
Read module 610, for from eID cards read eID cards identification information and eID cards according in the eID cards EID information carries out the first signature value that the first signature obtains.
Generation module 620, for the identification information for showing the eID and the first signature value.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
Alternatively, as one embodiment, the eID terminal devices are self service terminal of bank equipment.
Alternatively, it is specifically used for as one embodiment, the read module:The eID cards are read from the eID cards Identification information;Determine to continue and the eID cartoon letters according to the identification information of the eID cards.Wherein, the eID terminals are set It is standby also to include:Sending module, for sending plaintext data to the eID cards, the plaintext data includes the eID terminal devices Identification information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the eID cards mark letter The regular version information that breath and eID generation Quick Response Codes will use;Receiving module, for receiving the eID cards transmission The first signature value, the first signature value are that the eID cards carry out the eID label that eID signs to obtain to the plaintext data Name value;The sending module is additionally operable to send the first signature value to identification service system;The receiving module is additionally operable to connect The message authentication code MAC signature values that the identification service system is sent are received, the MAC signatures value is the identification service system pair The first signature value carries out the signature value that MAC signs to obtain;The display module is specifically used for:Generation includes the original text number According to the Quick Response Code of, the first signature value and the MAC signatures value;Show the Quick Response Code.
Alternatively, as one embodiment, the identification service system is public security eID centring systems.
Alternatively, eID signature includes HMAC signatures or PKI signatures, the PKI signatures can using RSA Algorithm or SM2 algorithms.
EID terminal devices 600 can perform each step performed in the method shown in Fig. 2 by eID terminal devices, in order to Succinctly, here is omitted.
Fig. 7 is the schematic block diagram of the eID terminal devices of one embodiment of the invention.It should be understood that the eID shown in Fig. 7 is whole End equipment 700 is only example, and the eID terminal devices of the embodiment of the present invention may also include other modules or unit, or including with Intimate module of modules in Fig. 7, or do not really want to include all modules in Fig. 7.
Read module 710, for reading the identification informations of eID cards, eID cards from eID cards according in the eID cards EID information carries out the first signature value, the general unique identifier corresponding with the identification information of the eID cards that the first signature obtains UUID;
Sending module 720, for the identification information that the eID cards are sent to identification service system and first signature Value;
Display module 730, for showing the UUID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
Alternatively, as one embodiment, the eID terminal devices are self service terminal of bank equipment.
Alternatively, it is specifically used for as one embodiment, the read module:The eID cards are read from the eID cards Identification information;Determine to continue and the eID cartoon letters according to the identification information of the eID cards;The sending module is additionally operable to Plaintext data is sent to the eID cards, the plaintext data includes the identification information of the eID terminal devices, the eID terminals The ground area code of equipment, the site number of the eID terminal devices, the identification information of the eID cards and eID generations Quick Response Code will The regular version information used;The eID terminal devices also include receiving module, the institute sent for receiving the eID cards The first signature value and the UUID are stated, the first signature value is that the eID cards sign to obtain to plaintext data progress eID EID signature values;Wherein, the sending module is specifically used for sending the UUID, the original text to the identification service system Data and the first signature value;The display module is specifically used for:Generation is included described in Quick Response Code and the display of the UUID Quick Response Code.
Alternatively, as one embodiment, the identification service system is IDSP systems.
Alternatively, eID signature includes HMAC signatures or PKI signatures, the PKI signatures can using RSA Algorithm or SM2 algorithms.
EID terminal devices 700 can perform each step performed in the method shown in Fig. 3 by eID terminal devices, in order to Succinctly, here is omitted.
Fig. 8 is the schematic block diagram of the eID terminal devices 800 of another embodiment of the present invention.EID terminal devices 800 wrap Include memory 810, processor 820, receiver 830 and transmitter 840.
Memory 810, for storage program.
Processor 820, the program stored for performing the memory 810.
When the processor 820 performs the program that the memory 810 stores, specifically for reading eID from eID cards EID information of the identification information and eID cards of card in the eID cards carries out the first signature value that the first signature obtains.
The processor 820 is additionally operable to identification information and the first signature value for showing the eID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
Alternatively, as one embodiment, the eID terminal devices 800 are self service terminal of bank equipment.
Alternatively, as one embodiment, the processor 820 is specifically used for reading the eID cards from the eID cards Identification information;Determine to continue and the eID cartoon letters according to the identification information of the eID cards.The transmitter 840 be used for The eID cards send plaintext data, and the plaintext data includes the identification information of the eID terminal devices, the eID terminals are set Standby ground area code, the site number of the eID terminal devices, the identification information of the eID cards and eID generation Quick Response Codes will make Regular version information;The receiver 830 is used for the first signature value for receiving eID cards transmission, and described the One signature value is that the eID cards carry out the eID signature values that eID signs to obtain to the plaintext data;The transmitter is additionally operable to The first signature value is sent to identification service system;The receiver is additionally operable to receive disappearing for the identification service system transmission Authentication code MAC signature values are ceased, the MAC signatures value is that the identification service system carries out MAC signatures to the first signature value Obtained signature value;The processor is specifically used for:Generation includes the plaintext data, the first signature value and the MAC The Quick Response Code of signature value;Show the Quick Response Code.
Alternatively, as one embodiment, the identification service system is public security eID centring systems.
Alternatively, eID signature includes HMAC signatures or PKI signatures, the PKI signatures can using RSA Algorithm or SM2 algorithms.
EID terminal devices 800 can perform each step performed in the method shown in Fig. 2 by eID terminal devices, and with The correspondence of eID terminal devices 600, for sake of simplicity, here is omitted.
Fig. 9 is the schematic block diagram of the eID terminal devices 900 of another embodiment of the present invention.EID terminal devices 900 wrap Include memory 910, processor 920, receiver 930 and transmitter 940.
Memory 910, for storage program.
Processor 920, the program stored for performing the memory 910.
When the processor 920 performs the program that the memory 910 stores, specifically for reading eID from eID cards The eID information of the identification information of card, eID cards in the eID cards carry out the first signature value that the first signature obtains, with it is described UUID corresponding to the identification informations of eID cards.
The transmitter 940 is used to send the identification information of the eID cards and first signature to identification service system Value.
The processor 920 is additionally operable to show the UUID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
Alternatively, as one embodiment, the eID terminal devices are self service terminal of bank equipment.
Alternatively, it is specifically used for as one embodiment, the processor:The eID cards are read from the eID cards Identification information;Determine to continue and the eID cartoon letters according to the identification information of the eID cards;The transmitter is additionally operable to institute State eID cards and send plaintext data, the plaintext data includes identification information, the eID terminal devices of the eID terminal devices Ground area code, the site number of the eID terminal devices, the identification information of the eID cards and the eID generation Quick Response Code will use Regular version information;The receiver is used to receive the first signature value and the UUID that the eID cards are sent, institute State the first signature value and carry out the eID signature values that eID signs to obtain to the plaintext data for the eID cards;Wherein, the transmission Implement body is used to send UUID, the plaintext data and the first signature value to the identification service system;The place Reason implement body is used for:Generation includes the Quick Response Code of the UUID and shows the Quick Response Code.
Alternatively, IDSP systems are provided for intelligent dynamic service as one embodiment, the identification service system.
Alternatively, eID signature includes HMAC signatures or PKI signatures, the PKI signatures can using RSA Algorithm or SM2 algorithms.
EID terminal devices 900 can perform each step performed in the method shown in Fig. 3 by eID terminal devices, and with The correspondence of eID terminal devices 700, for sake of simplicity, here is omitted.
Figure 10 is the schematic block diagram of the eID Verification Systems 1000 of the embodiment of the present invention.It should be understood that the eID shown in Figure 10 Verification System is only example, and the eID Verification Systems of the embodiment of the present invention may also include other modules or unit, or including with figure Intimate module of modules in 10, or do not really want to include all modules in Figure 10.
EID Verification Systems 1000 include eID terminal devices 1010, public security eID centring systems 1020 and IDSP systems 1030.
Wherein, eID terminal devices 1010 can be eID terminal devices 600 or eID terminal devices 700, public security eID centers System 1020 can be the public security eID centring systems 130 shown in Fig. 1, and IDSP systems 1030 can be the IDSP shown in Fig. 1 System 140, for sake of simplicity, here is omitted.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use It is higher, the final convenience for improving eID certifications.
It is appreciated that the processor in the embodiment of the present invention can be a kind of IC chip, there is the processing of signal Ability.In implementation process, each step of above method embodiment can pass through the integrated logic circuit of the hardware in processor Or the instruction of software form is completed.Above-mentioned processor can be general processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field Programmable Gate Array, FPGA) or other FPGAs Device, discrete gate or transistor logic, discrete hardware components.It can realize or perform the public affairs in the embodiment of the present invention Each method, step and the logic diagram opened.General processor can be microprocessor or the processor can also be it is any often Processor of rule etc..The step of method with reference to disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processor and hold Row is completed, or performs completion with the hardware in decoding processor and software module combination.Software module can be located at deposits at random Reservoir, flash memory, read-only storage, this area such as programmable read only memory or electrically erasable programmable memory, register In ripe storage medium.The storage medium is located at memory, and processor reads the information in memory, is completed with reference to its hardware The step of above method.
It is appreciated that the memory in the embodiment of the present invention can be volatile memory or nonvolatile memory, or It may include both volatibility and nonvolatile memory.Wherein, nonvolatile memory can be read-only storage (Read- Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), the read-only storage of erasable programmable Device (Erasable PROM, EPROM), Electrically Erasable Read Only Memory (Electrically EPROM, EEPROM) or Flash memory.Volatile memory can be random access memory (Random Access Memory, RAM), and it is used as outside high Speed caching.By exemplary but be not restricted explanation, the RAM of many forms can use, such as static RAM (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double Data Rate SDRAM, DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronized links Dynamic random access memory (Synchlink DRAM, SLDRAM) and direct rambus random access memory (Direct Rambus RAM, DR RAM).It should be noted that the memory of system and method described herein be intended to including but not limited to these and The memory of any other suitable type.
In addition, the terms " system " and " network " are often used interchangeably herein.The terms " and/ Or ", only a kind of incidence relation for describing affiliated partner, represents there may be three kinds of relations, for example, A and/or B, can be with table Show:Individualism A, while A and B be present, these three situations of individualism B.In addition, character "/" herein, is typicallyed represent front and rear Affiliated partner is a kind of relation of "or".
It should be understood that in embodiments of the present invention, " B " corresponding with A represents that B is associated with A, and B can be determined according to A.But It should also be understood that determining that B is not meant to determine B only according to A according to A, B can also be determined according to A and/or other information.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Member and algorithm steps, it can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually Performed with hardware or software mode, application-specific and design constraint depending on technical scheme.Professional and technical personnel Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, can be with Realize by another way.For example, device embodiment described above is only schematical, for example, the unit Division, only a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or The mutual coupling discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit Close or communicate to connect, can be electrical, mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (Read-Only Memory, ROM), arbitrary access are deposited Reservoir (Random Access Memory, RAM), magnetic disc or CD etc. are various can be with the medium of store program codes.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by scope of the claims.

Claims (17)

  1. A kind of 1. method of electronic identity eID certifications, it is characterised in that including:
    EID terminal devices are by the eID card reading devices of the eID terminal devices, the mark letter of reading eID cards from eID cards The eID information of breath and eID cards in the eID cards carries out the first signature value that the first signature obtains;
    The eID terminal devices show the identification information of the eID cards and the first signature value.
  2. 2. according to the method for claim 1, it is characterised in that the eID terminal devices set for self service terminal of bank It is standby.
  3. 3. method according to claim 1 or 2, it is characterised in that eID terminal devices pass through the eID terminal devices EID card reading devices, the eID information of the identification information and eID cards of eID cards in the eID cards is read from eID cards and is carried out The first signature value that first signature obtains, including:
    The eID terminal devices by the eID card reading devices of the eID terminal devices, read from the eID cards described in The identification information of eID cards;
    The eID terminal devices determine to continue and the eID cartoon letters according to the identification information of the eID cards;
    The eID terminal devices send plaintext data to the eID cards, and the plaintext data includes the eID terminal devices Identification information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the identification information of the eID cards The regular version information that will be used with eID generation Quick Response Codes;
    The eID terminal devices receive the first signature value that the eID cards are sent, and the first signature value is the eID Block the eID signature values for carrying out eID to the plaintext data and signing to obtain;
    The eID terminal devices show the identification information of the eID cards and the first signature value, including:
    The eID terminal devices send the first signature value to identification service system;
    The eID terminal devices receive the message authentication code MAC signature values that the identification service system is sent, the MAC signatures It is worth and carries out the signature value that MAC signs to obtain to the first signature value for the identification service system;
    The eID terminal devices generation includes the two dimension of the plaintext data, the first signature value and the MAC signatures value Code;
    The eID shows the Quick Response Code.
  4. 4. according to the method in any one of claims 1 to 3, it is characterised in that the identification service system is public security eID Centring system.
  5. A kind of 5. method of electronic identity eID certifications, it is characterised in that including:
    EID terminal devices are by the eID card reading devices of the eID terminal devices, the mark letter of reading eID cards from eID cards The eID information of breath, eID cards in the eID cards carries out the first signature value, the mark with the eID cards that the first signature obtains Know general unique identifier UUID corresponding to information;
    The eID terminal devices send the identification information of the eID cards and the first signature value to identification service system;
    The eID terminal devices show the UUID.
  6. 6. according to the method for claim 5, it is characterised in that the eID terminal devices set for self service terminal of bank It is standby.
  7. 7. the method according to claim 5 or 6, it is characterised in that the eID terminal devices are set by the eID terminals Standby eID card reading devices, the eID information of the identification information, eID cards of eID cards in the eID cards is read from eID cards The first signature value, the UUID corresponding with the identification information of the eID cards that the first signature obtains are carried out, including:
    The eID terminal devices by the eID card reading devices of the eID terminal devices, read from the eID cards described in The identification information of eID cards;
    The eID terminal devices determine to continue and the eID cartoon letters according to the identification information of the eID cards;
    The eID terminal devices send plaintext data to the eID cards, and the plaintext data includes the eID terminal devices Identification information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the identification information of the eID cards The regular version information that will be used with eID generation Quick Response Codes;
    The eID terminal devices receive the first signature value and the UUID that the eID cards are sent, the first signature value The eID signature values that eID signs to obtain are carried out to the plaintext data for the eID cards;
    Wherein, the eID terminal devices send the identification information of the eID cards and first signature to identification service system Value, including:
    The eID terminal devices send the UUID, the plaintext data and first signature to the identification service system Value;
    The eID terminal devices show the UUID, including:
    The eID terminal devices generation includes the Quick Response Code of the UUID;
    The eID terminal devices show the Quick Response Code.
  8. 8. the method according to any one of claim 5 to 7, it is characterised in that the identification service system is intelligent Dynamic service provides IDSP systems.
  9. A kind of 9. electronic identity eID terminal devices, it is characterised in that including:
    Read module, for reading the eID information of the identification information and eID cards of eID cards in the eID cards from eID cards Carry out the first signature value that the first signature obtains;
    Display module, for the identification information for showing the eID and the first signature value.
  10. 10. eID terminal devices according to claim 9, it is characterised in that the eID terminal devices take for bank self-help Business terminal device.
  11. 11. the eID terminal devices according to claim 9 or 10, it is characterised in that the read module is specifically used for:
    The identification information of the eID cards is read from the eID cards;
    Determine to continue and the eID cartoon letters according to the identification information of the eID cards;
    Wherein, the eID terminal devices also include:
    Sending module, for sending plaintext data to the eID cards, the plaintext data includes the mark of the eID terminal devices Know information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the eID cards identification information and The regular version information that the eID generations Quick Response Code will use;
    Receiving module, the first signature value sent for receiving the eID cards, the first signature value is the eID cards The eID signature values that eID signs to obtain are carried out to the plaintext data;
    The sending module is additionally operable to send the first signature value to identification service system;
    The receiving module is additionally operable to receive the message authentication code MAC signature values that the identification service system is sent, the MAC label Name value is that the identification service system carries out the signature value that MAC signs to obtain to the first signature value;
    The display module is specifically used for:
    Generation includes the Quick Response Code of the plaintext data, the first signature value and the MAC signatures value;
    Show the Quick Response Code.
  12. 12. the eID terminal devices according to any one of claim 9 to 11, it is characterised in that the identification service system For public security eID centring systems.
  13. A kind of 13. electronic identity eID terminal devices, it is characterised in that including:
    Read module, enter for reading the eID information of the identification information, eID cards of eID cards in the eID cards from eID cards Row first sign obtain the first signature value, the general unique identifier UUID corresponding with the identification information of the eID cards;
    Sending module, for sending the identification information of the eID cards and the first signature value to identification service system;
    Display module, for showing the UUID.
  14. 14. eID terminal devices according to claim 13, it is characterised in that the eID terminal devices take for bank self-help Business terminal device.
  15. 15. the eID terminal devices according to claim 13 or 14, it is characterised in that the read module is specifically used for:
    The identification information of the eID cards is read from the eID cards;
    Determine to continue and the eID cartoon letters according to the identification information of the eID cards;
    The sending module is additionally operable to send plaintext data to the eID cards, and the plaintext data includes the eID terminal devices Identification information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the eID cards mark letter The regular version information that breath and eID generation Quick Response Codes will use;
    The eID terminal devices also include receiving module, for receiving the first signature value that the eID cards send and described UUID, the first signature value are that the eID cards carry out the eID signature values that eID signs to obtain to the plaintext data;
    Wherein, the sending module is specifically used for sending UUID, the plaintext data and the institute to the identification service system State the first signature value;
    The display module is specifically used for:
    Generation includes the Quick Response Code of the UUID and shows the Quick Response Code.
  16. 16. the eID terminal devices according to any one of claim 13 to 15, it is characterised in that the authentication service system Unite and provide IDSP systems for intelligent dynamic service.
  17. 17. a kind of electronic identity eID Verification Systems, it is characterised in that including any one of claim 9 to claim 16 institute The eID terminal devices stated.
CN201610852630.0A 2016-09-26 2016-09-26 Electronic identity authentication method and electronic identity terminal equipment Active CN107872321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610852630.0A CN107872321B (en) 2016-09-26 2016-09-26 Electronic identity authentication method and electronic identity terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610852630.0A CN107872321B (en) 2016-09-26 2016-09-26 Electronic identity authentication method and electronic identity terminal equipment

Publications (2)

Publication Number Publication Date
CN107872321A true CN107872321A (en) 2018-04-03
CN107872321B CN107872321B (en) 2020-09-25

Family

ID=61751799

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610852630.0A Active CN107872321B (en) 2016-09-26 2016-09-26 Electronic identity authentication method and electronic identity terminal equipment

Country Status (1)

Country Link
CN (1) CN107872321B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108924838A (en) * 2018-09-11 2018-11-30 中国联合网络通信集团有限公司 Method for switching network, device, Provider Equipment and the terminal of cross operator
CN109068275A (en) * 2018-06-07 2018-12-21 国民技术股份有限公司 Drive safely control method, system and computer readable storage medium
CN112734556A (en) * 2020-12-31 2021-04-30 重庆银行股份有限公司 Multifunctional interactive terminal based on internet
US11496900B2 (en) * 2019-02-26 2022-11-08 Samsung Electronics Co., Ltd. Electronic device and method for storing user identification information

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080046747A1 (en) * 2006-07-28 2008-02-21 Brown Steven T Authorization system and method
US20080126810A1 (en) * 2006-11-06 2008-05-29 Li-Kuo Chiu Data protection method for optical storage media/device
CN101916485A (en) * 2010-07-21 2010-12-15 浪潮齐鲁软件产业有限公司 Method for accepting vehicle purchase tax declaration through self-service tax declaration terminal
CN102654896A (en) * 2011-03-04 2012-09-05 董建飞 Method for digital signature device to display key information of transaction data
CN103366111A (en) * 2013-07-10 2013-10-23 公安部第三研究所 Two-dimensional code based method for realizing extended authentication control of smart card on mobile equipment
CN103955829A (en) * 2013-11-06 2014-07-30 郑楠 Member management and payment system based on identity card
CN104601593A (en) * 2015-02-04 2015-05-06 公安部第三研究所 Anti-tracking method in network electronic identity authentication process based on challenge modes

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080046747A1 (en) * 2006-07-28 2008-02-21 Brown Steven T Authorization system and method
US20080126810A1 (en) * 2006-11-06 2008-05-29 Li-Kuo Chiu Data protection method for optical storage media/device
CN101916485A (en) * 2010-07-21 2010-12-15 浪潮齐鲁软件产业有限公司 Method for accepting vehicle purchase tax declaration through self-service tax declaration terminal
CN102654896A (en) * 2011-03-04 2012-09-05 董建飞 Method for digital signature device to display key information of transaction data
CN103366111A (en) * 2013-07-10 2013-10-23 公安部第三研究所 Two-dimensional code based method for realizing extended authentication control of smart card on mobile equipment
CN103955829A (en) * 2013-11-06 2014-07-30 郑楠 Member management and payment system based on identity card
CN104601593A (en) * 2015-02-04 2015-05-06 公安部第三研究所 Anti-tracking method in network electronic identity authentication process based on challenge modes

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109068275A (en) * 2018-06-07 2018-12-21 国民技术股份有限公司 Drive safely control method, system and computer readable storage medium
CN108924838A (en) * 2018-09-11 2018-11-30 中国联合网络通信集团有限公司 Method for switching network, device, Provider Equipment and the terminal of cross operator
CN108924838B (en) * 2018-09-11 2021-09-14 中国联合网络通信集团有限公司 Inter-operator network switching method and device, operator equipment and terminal
US11496900B2 (en) * 2019-02-26 2022-11-08 Samsung Electronics Co., Ltd. Electronic device and method for storing user identification information
CN112734556A (en) * 2020-12-31 2021-04-30 重庆银行股份有限公司 Multifunctional interactive terminal based on internet

Also Published As

Publication number Publication date
CN107872321B (en) 2020-09-25

Similar Documents

Publication Publication Date Title
Pourghomi et al. A proposed NFC payment application
RU2718229C1 (en) Establishing secure channel
US9818113B2 (en) Payment method using one-time card information
CN100534043C (en) A method, system and computer program product for secure ticketing in a communications device
US20170178116A1 (en) Remote transaction system, method and point of sale terminal
CN102088353B (en) Two-factor authentication method and system based on mobile terminal
US20080244714A1 (en) Secure RFID authentication system using non-trusted communications agents
CN111357025A (en) Secure QR code services
US20140081784A1 (en) Payment method, payment server performing the same and payment system performing the same
US20150142666A1 (en) Authentication service
US20150142669A1 (en) Virtual payment chipcard service
US20140289129A1 (en) Method for secure contactless communication of a smart card and a point of sale terminal
CN103400418A (en) Electronic ticket sale and check method based on NFC (Near Field Communication) mobile terminal
EP1142194B1 (en) Method and system for implementing a digital signature
CN104240074A (en) Prepaid card online payment system based on identity authentication and payment method of prepaid card online payment system
CN107872321A (en) The method and electronic identity terminal device of electronic identity authentication
JP6667498B2 (en) Remote transaction system, method and POS terminal
EP3151180A1 (en) Identification method and system
CN103426091A (en) Client information interaction method and system
US20170024729A1 (en) Secure Transmission of Payment Credentials
Kisore et al. A secure SMS protocol for implementing digital cash system
CN103023642B (en) A kind of mobile terminal and digital certificate functionality implementation method thereof
EP3853796A1 (en) A payment authentication device, a payment authentication system and a method of authenticating payment
GB2525423A (en) Secure Token implementation
Chang et al. An improved certificate mechanism for transactions using radio frequency identification enabled mobile phone

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant