CN107872321A - The method and electronic identity terminal device of electronic identity authentication - Google Patents
The method and electronic identity terminal device of electronic identity authentication Download PDFInfo
- Publication number
- CN107872321A CN107872321A CN201610852630.0A CN201610852630A CN107872321A CN 107872321 A CN107872321 A CN 107872321A CN 201610852630 A CN201610852630 A CN 201610852630A CN 107872321 A CN107872321 A CN 107872321A
- Authority
- CN
- China
- Prior art keywords
- eid
- cards
- terminal devices
- identification information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides the method and eID terminal devices of eID certifications.A kind of method includes:EID terminal devices read the eID information of the identification information and eID cards of eID cards in eID cards from eID cards and carry out the first signature value that the first signature obtains by the eID card reading devices of eID terminal devices;EID terminal devices show eID information and the first signature value.Another method includes:EID terminal devices read the eID information of the identification information of eID cards, eID cards in eID cards from eID cards and carry out the first signature value, the UUID corresponding with the identification information of eID cards that the first signature obtains;EID terminal devices send the identification information and the first signature value of eID cards to identification service system;EID terminal devices show UUID.The technical scheme make it that the convenience for obtaining the eID information on eID cards and ease for use are higher, the final convenience for improving eID certifications.
Description
Technical field
The present invention relates to message area, more particularly to a kind of electronic identity (electronic Identity, eID) certification
Method and eID terminal devices.
Background technology
With developing rapidly for computer and Internet technology, how the personal identification of user is effectively recognized in internet
Card becomes the hot issue that business circles and academia pay close attention to jointly.In order to solve this problem, user notes in system of real name website
It is passive to require to provide the privacy informations such as personal phone number, identification card number, home address during volume.This method can exist real
The problems such as name profiteering privacy of user in website processed, server reveal privacy by assault.For these problems, it is proposed that pass through
EID verifies the method for the validity of user identity.
EID is also known as network electronic identity, and referring to can be at a string of one user identity of cyberspace unique mark
Electronic information.EID centers rely on the Ministry of Public Security to cover the national citizenship information bank of 1,300,000,000 populations, can be that user generates one group
Unique network identifier and digital certificate, ensure the authenticity and uniqueness of user identity, meanwhile, the network identifier sum
Word certificate does not include any personal identification privacy information.EID relevant informations are created by unified mechanism and management, so, can be true
The authenticity of personal identification is protected, can effectively avoid subscriber identity information to be exposed caused by being carried at various network operators again
Light and leakage.Moreover, user can also be avoided frequently to be manually entered username and password using eID, ensureing that identity security can
Quick login and other trusted operations are realized on the premise of leaning on.
The eID of user is carried on smart cards under normal circumstances, the smart card for carrying eID information can be referred to as into eID
Card.Some eID cards also have crypto-operation function.
At present, during using eID cards being verified to the electronic identity of user, a kind of method is that eID cards pass through card reader
Connected with PC (Personal Computer, PC), the eID that then PC can be read on eID cards by card reader believes
Breath, then carries out follow-up flow for authenticating ID.
The above method needs to use card reader, and the use limitation of card reader, and such as most of mobile terminal can not be from
Card reader reads information so that the eID information convenience read on eID cards is affected, final to influence the convenient of eID certifications
Property.
The content of the invention
The present invention provides method, eID terminal devices and the eID Verification Systems of eID certifications, it is possible to increase eID certifications are just
Victory.
In a first aspect, the invention provides a kind of method of eID certifications, including:EID terminal devices are whole by the eID
The eID card reading devices of end equipment, the eID of the identification information and eID cards of eID cards in the eID cards is read from eID cards
Information carries out the first signature value that the first signature obtains;The eID terminal devices show the identification information and described of the eID
One signature value.
In the embodiment of the present invention, eID terminal devices by the eID card reading devices of the eID terminal devices, directly from
Information is read on eID cards, aids in obtaining the information on eID cards without this extra equipment of card reader, so that
It is higher to obtain convenience and the ease for use of the eID information on eID cards, the final convenience for improving eID certifications.
Alternatively, eID terminal devices can read neck by the eID cards on the eID terminal devices, directly read slotting
Enter the information in the eID cards of neck, or eID terminal devices can by the eID card reading devices of the eID terminal devices,
Directly read the information in the eID cards in its smartcard identification region.
In a kind of possible implementation, the eID terminal devices are self service terminal of bank equipment.
Because self service terminal of bank device distribution is extensive, easily use, therefore set by self service terminal of bank
It is standby directly to obtain the information on eID cards, the convenience for obtaining the information on eID cards can be further improved, and then improve eID
The convenience of certification.
In a kind of possible implementation, eID terminal devices by the eID card reading devices of the eID terminal devices,
The eID information of the identification information and eID cards of eID cards in the eID cards is read from eID cards and carries out what the first signature obtained
First signature value, including:The eID terminal devices are by the eID card reading devices of the eID terminal devices, from the eID cards
The upper identification information for reading the eID cards;The eID terminal devices determine to continue according to the identification information of the eID cards and institute
State eID cartoon letters;The eID terminal devices send plaintext data to the eID cards, and it is whole that the plaintext data includes the eID
The identification information of end equipment, the ground area code of the eID terminal devices, the sites number of the eID terminal devices, the eID cards
The regular version information that identification information and eID generation Quick Response Codes will use;The eID terminal devices receive the eID
Block the first signature value sent, the first signature value is that the eID cards sign to obtain to plaintext data progress eID
EID signature values;The eID terminal devices show the eID information and the first signature value, including:The eID terminals are set
It is standby to send the first signature value to identification service system;The eID terminal devices receive what the identification service system was sent
Message authentication code MAC signature values, the MAC signatures value are that the identification service system carries out MAC label to the first signature value
The signature value that name obtains;The eID terminal devices generation includes the plaintext data, the first signature value and MAC label
The Quick Response Code of name value;The eID shows the Quick Response Code.
In the embodiment of the present invention, after eID terminal devices get the signing messages of eID cards, the signing messages is sent to
Identification service system, in order to which identification service system carries out dual signature again to the signing messages.Recognize so as to further improve eID
The security of card.And eID shows signing messages by Quick Response Code mode, other equipment can be improved and obtain the signing messages
Convenience.
In a kind of possible implementation, the identification service system is public security eID centring systems.
In the embodiment of the present invention, dual signature is carried out come the signing messages generated to eID cards by public security eID centring systems,
The security of eID certifications can further be improved.Alternatively, the identification service system can also be eID network identity servers
Structure (Identity Service Provider, IDSP).
Second aspect, the invention provides a kind of method of eID certifications, including:EID terminal devices are whole by the eID
The eID card reading devices of end equipment, the eID of the identification information, eID cards of eID cards in the eID cards is read from eID cards
Information carries out the first signature value, the general unique identifier corresponding with the identification information of the eID cards that the first signature obtains
(Universally Unique Identifier, UUID);The eID terminal devices send the eID to identification service system
The identification information of card and the first signature value;The eID terminal devices show the UUID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
Alternatively, eID terminal devices can directly read the information in the eID cards for inserting its neck, or eID terminals are set
The standby information that can be directly read in the eID cards in its smartcard identification region.
In a kind of possible implementation, the eID terminal devices are self service terminal of bank equipment.
Because self service terminal of bank device distribution is extensive, easily use, therefore set by self service terminal of bank
It is standby directly to obtain the information on eID cards, the convenience for obtaining the information on eID cards can be further improved, and then improve eID
The convenience of certification.
In a kind of possible implementation, the eID terminal devices are read by the eID cards of the eID terminal devices
Device, the eID information progress first of the identification information, eID cards of eID cards in the eID cards is read from eID cards and is signed
The first signature value for arriving, the UUID corresponding with the identification information of the eID cards, including:The eID terminal devices pass through described
The eID card reading devices of eID terminal devices, the identification information of the eID cards is read from the eID cards;The eID terminals are set
It is standby to determine to continue and the eID cartoon letters according to the identification information of the eID cards;The eID terminal devices are sent out to the eID cards
Send plaintext data, the plaintext data include the identification information of the eID terminal devices, the eID terminal devices ground area code,
The site number of the eID terminal devices, the identification information of the eID cards and eID generation Quick Response Codes are regular by what is used
Version information;The the first signature value and the UUID that the eID terminal devices reception eID cards are sent, described first
Signature value is that the eID cards carry out the eID signature values that eID signs to obtain to the plaintext data;Wherein, the eID terminals are set
It is standby to send the identification information of the eID cards and the first signature value to identification service system, including:The eID terminal devices
UUID, the plaintext data and the first signature value are sent to the identification service system;The eID terminal devices show
Show the UUID, including:The eID terminal devices generation includes the Quick Response Code of the UUID;The eID terminal devices show institute
State Quick Response Code.
In the embodiment of the present invention, eID terminal devices can to identification service system send signing messages, plaintext data and
UUID, UUID is then shown by Quick Response Code, after the UUID that display is easily obtained in order to subscriber terminal equipment, can passed through
The UUID is sent to identification service system, so that the label that identification service system can be sent according to eID terminal devices
The authenticity for the UUID certifications eID that name information, plaintext data and UUID and subscriber terminal equipment are sent.
In a kind of possible implementation, the identification service system provides IDSP systems for intelligent dynamic service.
The third aspect, the invention provides a kind of eID terminal devices, the eID terminal devices include being used to perform first
The module of fault handling method in the possible implementation of any one in aspect or first aspect.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
Fourth aspect, the invention provides a kind of eID terminal devices, the eID terminal devices include being used to perform second
The module of fault handling method in the possible implementation of any one in aspect or second aspect.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
5th aspect, the invention provides a kind of eID terminal devices, including receiver, transmitter, processor and storage
Device, the memory are used for store code, and the processor is used to perform the code in the memory, the receiver and hair
Device is sent to be used to communicate with other equipment.When the code is performed, the processor calls the receiver and transmitter real
Method in existing first aspect or first aspect in any one possible implementation.
6th aspect, the invention provides a kind of eID terminal devices, including receiver, transmitter, processor and storage
Device, the memory are used for store code, and the processor is used to perform the code in the memory, the receiver and hair
Device is sent to be used to communicate with other equipment.When the code is performed, the processor calls the receiver and transmitter real
Method in existing second aspect or second aspect in any one possible implementation.
7th aspect, the invention provides a kind of computer-readable medium, the computer-readable medium storage is used for eID
The program code that terminal device performs, described program code includes being used to perform in first aspect or any one in first aspect
The instruction of method in possible implementation.
Eighth aspect, the invention provides a kind of computer-readable medium, the computer-readable medium storage is used for eID
The program code that terminal device performs, described program code includes being used to perform in second aspect or any one in second aspect
The instruction of method in possible implementation.
9th aspect, the invention provides a kind of eID Verification Systems, including the eID in the third aspect or fourth aspect whole
End equipment.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, it will make below to required in the embodiment of the present invention
Accompanying drawing is briefly described, it should be apparent that, drawings described below is only some embodiments of the present invention, for
For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is the exemplary scenario figure of the method for the eID certifications that can apply the embodiment of the present invention.
Fig. 2 is the indicative flowchart of the method for the eID certifications of one embodiment of the invention.
Fig. 3 is the indicative flowchart of the method for the eID certifications of another embodiment of the present invention.
Fig. 4 is the indicative flowchart of the method for the eID certifications of another embodiment of the present invention.
Fig. 5 is the indicative flowchart of the method for the eID certifications of another embodiment of the present invention.
Fig. 6 is the schematic block diagram of the eID certification terminal devices of one embodiment of the invention.
Fig. 7 is the schematic block diagram of the eID certification terminal devices of another embodiment of the present invention.
Fig. 8 is the schematic block diagram of the eID certification terminal devices of one embodiment of the invention.
Fig. 9 is the schematic block diagram of the eID certification terminal devices of another embodiment of the present invention.
Figure 10 is the schematic block diagram of the eID Verification Systems of one embodiment of the invention
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, rather than whole embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of protection of the invention.
In order to make it easy to understand, first description can apply the scene of the method for the eID certifications of the embodiment of the present invention on the whole
Exemplary plot.It should be understood that the embodiment of the present invention is not limited in the system architecture shown in Fig. 1, in addition, the device in Fig. 1 can be with
Hardware or the software or the above that functionally divide both combination.
In application scenarios shown in Fig. 1, including eID cards 110, mobile terminal device 120, the and of public security eID centring systems 130
IDSP systems 140.
EID cards 110 are the smart card for carrying eID information.Certainly, other information can be also carried on eID cards, such as numeral card
Book, some eID cards also have crypto-operation function.The particular content of information of the present invention to being carried on eID cards is not restricted, only
If the card for carrying eID information each falls within protection scope of the present invention.
Mobile terminal device 120 can be described as access terminal, terminal device, mobile device, user terminal, terminal, wireless again
Communication equipment etc..Mobile terminal device 120 can also be the handheld device with radio communication function, mobile unit, wearable
Terminal device in equipment and following 5G networks etc..Mobile terminal device in the embodiment of the present invention is exemplary illustration,
It can also be non mobility equipment that the equipment in the scene of the method for the eID certifications of the embodiment of the present invention, which can be applied,.
Under normal circumstances, user in need is disposed on mobile terminal device 120 apply on the line of authentication or line
Upper service.Applied in the embodiment of the present invention, on line or online service can refer to ubiquitous network service, it is necessary to eID network identities
The application of identification and security service all can access eID identity services.
Public security eID centring systems 130 are the systems that the eID information of user is created and managed.
IDSP systems 140 are the third party systems in addition to mobile terminal device and public security eID centring systems, and it can be aided in
Complete the certification of the eID information of user in public security eID centers 130.Alternatively, the eID certifications of the embodiment of the present invention can be applied
Can there is no IDSP systems 140 in the scene of method.
ISDP systems can also be referred to as eID service organizations, and it specifically can be used for connecting eID network identity operating agencies
With application service on line, eID network identity services can be provided to application service on line.
IDSP systems 140 can communicate with mobile terminal device 120 and public security eID centring systems 130.
Mechanism and/or eID networks can also be signed and issued in the scene of the method for the eID certifications of the embodiment of the present invention including eID
Identity operating agency.EID, which signs and issues mechanism, can connect " Ministry of Public Security citizen network identity identifying system " in Ministry of Public Security's population storehouse, hold
Carry on a shoulder pole registration and the distribution function of eID carriers, it is possible to provide load eID carrier, have extensive distribution channel and strict identity
The mechanism of examination & verification and face label program can apply to become eID and sign and issue mechanism.EID network identity operating agencies (Identity
Service Operator, IDSO), eID operating agencies can also be referred to as, connection eID signs and issues mechanism and eID network identities clothes
Be engaged in mechanism, undertakes the identification infrastructure service of eID network identities, and with the service organization's cooperation of eID network identities to application service on line
The public service of eID network identities and associated safety service are provided.
When user uses application or service on mobile terminal device 120, these applications or service may require that certification is used
The identity at family, and the eID information that the identity of certification user needs to use is stored on eID cards 110, this when, mobile terminal was set
The standby 120 eID information for needing to obtain on eID cards have carried out authentication.
In the prior art, it is necessary to which eID cards 110 are inserted in card reader, then card reader is communicated with PC, PC passes through
Card reader reads the eID information in eID cards 110 and shown by way of Quick Response Code, and mobile terminal device 120 passes through camera
Scan the Quick Response Code, obtain the eID information in Quick Response Code, then by the eID information be sent to public security eID centring systems 130 and/or
IDSP systems 140 carry out authentication.
Because the above method needs to use card reader, therefore leverage and eID information is read from eID cards to carry out body
The convenience of part certification.
Therefore, the present invention proposes a kind of method of new eID certifications, and eID information is read from eID cards to enter to improve
The convenience of row authentication.
Fig. 2 is the exemplary process diagram of the method for the eID certifications of the embodiment of the present invention.It should be understood that Fig. 2 shows that eID recognizes
The step of method of card or operation, but these steps or operation are only examples, and the embodiment of the present invention can also carry out other operations
Or the deformation of each operation in Fig. 2.In addition, each step in Fig. 2 can be come according to the different orders presented from Fig. 2
Perform, and it is possible to do not really want to perform all operationss in Fig. 2.
S210, eID terminal device read eID cards by the eID card reading devices of the eID terminal devices from eID cards
EID information in eID cards of identification information and eID cards carry out the first signature value that the first signature obtains.
In the embodiment of the present invention, eID terminal devices are by the eID card reading devices of the eID terminal devices, from eID cards
The information such as the identification information or signing messages of upper reading eID cards, can refer to eID terminal devices by eID terminal devices can
Read the module of the information on smart card or unit or device read information in eID cards directly from eID, as directly can be from
The information in eID cards or eID terminal devices are read on the eID cards inserted in its neck can directly read close to its smart card
Information in the eID cards of identification region so that user does not need extra card reader to realize, therefore can improve from eID cards
It is upper to read information to carry out the convenience of authentication.
S220, eID terminal device show the identification information of the eID cards and the first signature value.
EID terminal devices show the signature value of the identification information of the eID cards and the eID information generation in the eID cards,
The user equipment for disposing certification user identity in need allow according to the signing messages is obtained to carry out authentication.This
Place, the user equipment for disposing certification user identity in need can be the mobile terminal device 120 shown in Fig. 1.
In the embodiment of the present invention, alternatively, eID terminal devices read the identification information and eID cards of eID cards from eID cards
EID information in eID cards carries out the first specific implementation for signing the first obtained signature value:EID terminals
Equipment reads the identification information of eID cards from eID cards;EID terminal devices determine to continue according to the identification information of eID cards and eID
Cartoon letters;EID terminal devices send plaintext data to eID cards, and it is whole that plaintext data includes the identification information of eID terminal devices, eID
The rule that the ground area code of end equipment, the site number of eID terminal devices, the identification information of eID cards and eID generation Quick Response Codes will use
Version information;EID terminal devices receive the first signature value that eID cards are sent, and the first signature value is that eID cards enter to plaintext data
Row eID signs, and obtains eID signature values.Correspondingly, eID terminal devices show the identification information and the first signature value of eID cards, bag
Include:EID terminal devices send the first signature value to identification service system;EID terminal devices receive what identification service system was sent
Message authentication code (Message Authentication Code, MAC) signature value, MAC signatures value are identification service system to the
One signature value carries out the signature value that MAC signs to obtain;The generation of eID terminal devices includes plaintext data, the first signature value and MAC label
The Quick Response Code of name value;EID shows the Quick Response Code.
Alternatively, the eID signatures that eID cards are carried out to plaintext data can be including the use of symmetrical Secret key arithmetic or using non-right
Claim the signature of Secret key arithmetic, such as use Hash operation message authentication code (Hash-based Message Authentication
Code, HMAC) HAMC signature or public infrastructure (Public Key Infrastructure, PKI) signature.PKI signs
RSA (Ron Rivest, Adi Shamir, Leonard Adleman) or the close SM2 scheduling algorithms of state can be used.
In the embodiment of the present invention, after eID terminal devices get the signing messages of eID cards, the signing messages is sent to
Identification service system, in order to which identification service system carries out dual signature again to the signing messages.Recognize so as to further improve eID
The security of card.And eID shows signing messages by Quick Response Code mode, other equipment can be improved and obtain the signing messages
Convenience.
Certainly, eID terminal devices can also generate including plaintext data, the first signature value and MAC signature values other are aobvious
Show code and show the show code.As eID terminal devices can be generated including plaintext data, the first signature value and MAC signature values
Bar code simultaneously shows the bar code.That is, side of the present invention to display plaintext data, the first signature value and MAC signature values
Formula is not restricted.
Now, alternatively, the identification service system can be the public security eID centring systems 130 shown in Fig. 1.
In the embodiment of the present invention, alternatively, eID terminal devices determine to continue and eID cartoons according to the identification information of eID cards
Letter, can be specifically:After eID terminal devices read the identification information of eID cards, eID terminal devices can carry out individual to the eID cards
People's identification number (Personal Identification Number, PIN) verifies, and just continues to stick into eID when verifying successfully
Row communication, such as sends information to eID cards, continues to read information etc. from eID cards.
The invention also provides the method for another eID certifications, indicative flowchart are as shown in Figure 3.It should be understood that Fig. 3 shows
The step of having gone out the method for eID certifications or operation, but these steps or operation are only examples, and the embodiment of the present invention can also carry out
Other operations or the deformation of each operation in Fig. 3.In addition, each step in Fig. 3 can be according to the difference presented with Fig. 3
Order perform, and it is possible to do not really want to perform all operationss in Fig. 3.
S310, eID terminal device read the eID letters of the identification information of eID cards, eID cards in eID cards from eID cards
Breath carries out the first signature value, the UUID corresponding with the identification information of eID cards that the first signature obtains.
In the embodiment of the present invention, eID terminal devices read the letter such as identification information or signing messages of eID cards from eID cards
Breath refers to that eID terminal devices are straight by the module that the information on smart card can be read on eID terminal devices or unit or device
The information read from eID in eID cards is connect, as can be directly read the information in eID cards from the eID cards inserted in its neck
Or eID terminal devices can directly read the information in the eID cards in its smartcard identification region so that user need not
Extra card reader is realized, therefore can improve and information is read from eID cards to carry out the convenience of authentication.
S320, eID terminal device send the identification information and the first signature value of eID cards to identification service system.
S330, eID terminal device show the UUID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
In the embodiment of the present invention, eID terminal devices read the identification information of eID cards, eID cards according to eID cards from eID cards
In eID information carry out the first signature value, the UUID corresponding with the identification information of eID cards that the first signature obtains it is a kind of specifically
Implementation can be:EID terminal devices read the identification information of eID cards from eID cards;EID terminal devices are according to eID cards
Identification information determine continue with eID cartoon letters;EID terminal devices send plaintext data to eID cards, and plaintext data includes eID
The identification information of terminal device, the ground area code of eID terminal devices, the site number of eID terminal devices, eID cards identification information and
The regular version information that eID generation Quick Response Codes will use;EID terminal devices receive the first signature value and the institute that eID cards are sent
UUID is stated, the first signature value is that eID cards carry out the eID signature values that eID signs to obtain to plaintext data.Correspondingly, eID terminals are set
It is standby to be specially to the identification information of identification service system transmission eID cards and the first signature value:EID terminal devices are to authentication service system
System sends UUID, plaintext data and the first signature value;EID terminal devices show that UUID is specially:The generation of eID terminal devices includes
UUID Quick Response Code;EID terminal device two-dimensional code displays.
Alternatively, the eID signatures that eID cards are carried out to plaintext data can be including the use of symmetrical Secret key arithmetic or using non-right
Claim the signature of Secret key arithmetic, such as using HMAC HAMC signatures or PKI signatures.PKI signatures can use RSA or the close SM2 of state etc.
Algorithm.
In the embodiment of the present invention, eID terminal devices can to identification service system send signing messages, plaintext data and
UUID, UUID is then shown by Quick Response Code, after the UUID that display is easily obtained in order to subscriber terminal equipment, can passed through
The UUID is sent to identification service system, so that the label that identification service system can be sent according to eID terminal devices
The authenticity for the UUID certifications eID that name information, plaintext data and UUID and subscriber terminal equipment are sent.
Certainly, eID terminal devices can also generate other show codes including UUID and show the show code.As eID is whole
End equipment can generate the bar code including UID and show the bar code.That is, the present invention is to showing UUID mode not
It is restricted.
In the embodiment of the present invention, alternatively, identification service system can be IDSP systems, IDSP systems as shown in Figure 1
System 140.
In the method for eID certifications shown in Fig. 2 and Fig. 3, alternatively, eID terminal devices can be that self-service terminal is set
It is standby.
Self-service terminal equipment is typically referred to " Self-Service " as system design philosophies, to alleviate traditional business hall people
The problem of flow is excessive, the deficiency on the original business hours is made up, avoid customer from making customer in the worry of business hall transacting business
Experience the terminal device of service that is light, convenient, showing consideration for.Business hall self-service terminal be to business hall service extension with
Supplement.
Such as in financial industry, user can self service terminal of bank equipment carry out account inquiries, it is self-service transfer accounts, reconciliation
Singles' print, recognize, the self-service business such as report the loss.In the communications industry, user can input telephone number by self-service terminating machine
Carry out self-service mobile phone of handling and stop the basic services such as (multiple) machine, bill inquiry printing, payment, printing invoice, caller identification
Start-stop is handled.
Self-service terminal equipment can be positioned over various business halls, collection charges point, station, harbour, airport, megastore etc.
Public place.
Preferably, the eID service end devices in the embodiment of the present invention can be self service terminal of bank equipment, such as custom
Enquiry machine or server of title etc..As long as there is the mould for the eID information that can directly read on eID cards on self service terminal of bank
Block or unit or device, user's can only need to use the self-service terminal can to obtain for verifying that its eID's is true
The signing messages of reality.
With reference to the self service terminal of bank equipment in Fig. 4, mobile terminal device, public security eID centring systems and
IDSP systems, the method for the exemplary eID certifications being discussed in detail shown in Fig. 2.In Fig. 4 with identical reference table in Fig. 1
Show identical implication, for sake of simplicity, here is omitted.
When user needs to use the eID Information Authentication identity on eID cards, eID card insertions are entered bank self-help service eventually by it
In the neck of end equipment, or the region by eID cards in self service terminal of bank equipment for identification intelligent card.
S402, self service terminal of bank equipment 401 read eID identification information by eID card reading devices thereon,
And PIN verifications are carried out to eID cards.
S404, after self service terminal of bank equipment 401 verifies successfully to eID cards progress PIN, original text is sent to eID cards
Data, plaintext data can include the identification information of eID cards, the identification information of self service terminal of bank equipment, current transaction
Site number where ground area code and self service terminal of bank equipment and bank where time, self service terminal of bank equipment
Self-service terminal equipment generates the regular version information (such as version number) used during Quick Response Code.
After the plaintext data that S406, eID clamping cash register row self-service terminal equipment are sent, the plaintext data is carried out
EID signs, and obtains eID signature values.HMAC signatures are such as carried out to the plaintext data or PKI signs.
S408, eID card send eID signature values to self service terminal of bank equipment.
S410, after self service terminal of bank equipment 401 receives the eID signature values that eID cards are sent, to public security eID centers
System 130 sends the eID signature values.
After S412, public security eID centring system 130 receives the eID signature values that self service terminal of bank equipment 401 is sent,
MAC signatures can be carried out to the eID signatures value, obtain corresponding MAC signature values.
The MAC that S414, public security eID centring system 130 sends its generation to self service terminal of bank equipment 401 signs
Value.
S416, after self service terminal of bank equipment 401 receives the MAC signature values that public security eID centring systems are sent, pass through
Quick Response Code shows MAC signatures value, HMAC signatures value and plaintext data
S418, mobile terminal device 120 scan the Quick Response Code in self service terminal of bank equipment 301 by camera,
Obtain the information in Quick Response Code.
S420, mobile terminal device 120 send the information obtained from Quick Response Code to IDSP systems 140.
S422, IDSP system 140 receives the information that mobile terminal device 120 is sent, and is believed according to the mark of eID cards therein
Breath obtains eID information corresponding with the eID cards, then carries out eID signatures to plaintext data according to the eID information, if obtain
EID signatures value is identical with the eID signature values in Quick Response Code, then carries out the eID signatures value that eID signs to obtain to IDSP again and carries out
MAC is signed, and by obtained MAC signatures value compared with the MAC signature values in Quick Response Code, eID certifications success is represented if identical, no
Then eID authentification failures.
S424, IDSP system 140 sends authentication result to mobile terminal device 120 and is success or failure.
Wherein, S422 and S424 specifically can also be:Online service on mobile terminal device 120 is by the letter in Quick Response Code
Breath is sent to the background service of online service, and the information of Quick Response Code is sent to IDSP systems 140 by the background service again, by IDSP
After system 140 carries out eID certifications to the information in Quick Response Code, IDSP systems 140 transmit verification result to background service, backstage
Service is then forwarded to the online service on mobile terminal device 120, and the online service shows certification on mobile terminal device 120
As a result.
With reference to the self service terminal of bank equipment in Fig. 5, mobile terminal device, public security eID centring systems and
IDSP systems, the method for the exemplary eID certifications being discussed in detail in Fig. 3.In Fig. 5 phase is represented with identical reference in Fig. 1
Same implication, for sake of simplicity, here is omitted.
When user needs to use the eID Information Authentication identity on eID cards, eID card insertions are entered bank self-help service eventually by it
In the neck of end equipment, or the region by eID cards in self service terminal of bank equipment for identification intelligent card.
S502, the mark that self service terminal of bank equipment 501 obtains eID cards by eID card reading devices thereon are believed
Breath, and PIN verifications are carried out to eID cards.
S504, after self service terminal of bank equipment 501 verifies successfully to eID cards PIN, plaintext data is sent to eID cards,
Plaintext data can include the identification information of eID cards, the identification information of self service terminal of bank equipment, current exchange hour,
Site number where ground area code and self service terminal of bank equipment and bank self-help where self service terminal of bank equipment
Service end device generates the regular version information (such as version number) used during Quick Response Code.
After S506, eID card 110 receives the plaintext data that self service terminal of bank equipment 501 is sent, to the plaintext data
EID signatures are carried out, obtain eID signature values.HMAC signatures are such as carried out to the plaintext data or PKI signs.
S508, eID card 110 sends eID signatures value and corresponding with the eID cards to self service terminal of bank equipment 501
UUID information.
S510, after self service terminal of bank equipment 501 receives the eID signatures value of eID cards transmission, UUID, to public security eID
Centring system 130 sends plaintext data, eID signatures value and UUID.
S512, public security eID centring system 130 receives plaintext data, the eID that self service terminal of bank equipment 501 is sent
After signature value and UUID, these information are passed through into IDSP systems 140.
S514, self service terminal of bank equipment 501 show UUID by Quick Response Code.
S516, mobile terminal device 120 scan the Quick Response Code in self service terminal of bank equipment 501 by camera,
Obtain the UUID information in Quick Response Code.
S518, mobile terminal device 120 send the UUID information obtained from Quick Response Code to IDSP systems 140.
After S520, IDSP system 140 receives the UUID information that mobile terminal device 120 is sent, IDSP systems obtain and should
The identification information of eID cards corresponding to UUID, eID information corresponding to the eID cards is then obtained, according to the eID information to original text number
According to progress eID signatures, and by obtained eID signatures value compared with the eID signature values obtained in S514, if identical, mark
EID certifications are successful, otherwise authentification failure.
S522, IDSP system 140 sends authentication result to mobile terminal device 120.
Wherein, S518 and S520 specifically can also be:Online service on mobile terminal device 120 is by Quick Response Code
UUID is sent to the background service of online service, and UUID is sent to IDSP systems 140 by the background service again, by IDSP systems
After 140 carry out eID certifications according to UUID, IDSP systems 140 transmit verification result to background service, and background service is then forwarded to
Online service on mobile terminal device 120, the online service show authentication result on mobile terminal device 120.
The method of the eID certifications of the embodiment of the present invention is described above, introduces the present invention with reference to Fig. 6 to Figure 10 and implements
The eID terminal devices of example.
Fig. 6 is the schematic block diagram of the eID terminal devices of one embodiment of the invention.It should be understood that the eID shown in Fig. 6 is whole
End equipment 600 is only example, and the eID terminal devices of the embodiment of the present invention may also include other modules or unit, or including with
Intimate module of modules in Fig. 6, or do not really want to include all modules in Fig. 6.
Read module 610, for from eID cards read eID cards identification information and eID cards according in the eID cards
EID information carries out the first signature value that the first signature obtains.
Generation module 620, for the identification information for showing the eID and the first signature value.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
Alternatively, as one embodiment, the eID terminal devices are self service terminal of bank equipment.
Alternatively, it is specifically used for as one embodiment, the read module:The eID cards are read from the eID cards
Identification information;Determine to continue and the eID cartoon letters according to the identification information of the eID cards.Wherein, the eID terminals are set
It is standby also to include:Sending module, for sending plaintext data to the eID cards, the plaintext data includes the eID terminal devices
Identification information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the eID cards mark letter
The regular version information that breath and eID generation Quick Response Codes will use;Receiving module, for receiving the eID cards transmission
The first signature value, the first signature value are that the eID cards carry out the eID label that eID signs to obtain to the plaintext data
Name value;The sending module is additionally operable to send the first signature value to identification service system;The receiving module is additionally operable to connect
The message authentication code MAC signature values that the identification service system is sent are received, the MAC signatures value is the identification service system pair
The first signature value carries out the signature value that MAC signs to obtain;The display module is specifically used for:Generation includes the original text number
According to the Quick Response Code of, the first signature value and the MAC signatures value;Show the Quick Response Code.
Alternatively, as one embodiment, the identification service system is public security eID centring systems.
Alternatively, eID signature includes HMAC signatures or PKI signatures, the PKI signatures can using RSA Algorithm or
SM2 algorithms.
EID terminal devices 600 can perform each step performed in the method shown in Fig. 2 by eID terminal devices, in order to
Succinctly, here is omitted.
Fig. 7 is the schematic block diagram of the eID terminal devices of one embodiment of the invention.It should be understood that the eID shown in Fig. 7 is whole
End equipment 700 is only example, and the eID terminal devices of the embodiment of the present invention may also include other modules or unit, or including with
Intimate module of modules in Fig. 7, or do not really want to include all modules in Fig. 7.
Read module 710, for reading the identification informations of eID cards, eID cards from eID cards according in the eID cards
EID information carries out the first signature value, the general unique identifier corresponding with the identification information of the eID cards that the first signature obtains
UUID;
Sending module 720, for the identification information that the eID cards are sent to identification service system and first signature
Value;
Display module 730, for showing the UUID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
Alternatively, as one embodiment, the eID terminal devices are self service terminal of bank equipment.
Alternatively, it is specifically used for as one embodiment, the read module:The eID cards are read from the eID cards
Identification information;Determine to continue and the eID cartoon letters according to the identification information of the eID cards;The sending module is additionally operable to
Plaintext data is sent to the eID cards, the plaintext data includes the identification information of the eID terminal devices, the eID terminals
The ground area code of equipment, the site number of the eID terminal devices, the identification information of the eID cards and eID generations Quick Response Code will
The regular version information used;The eID terminal devices also include receiving module, the institute sent for receiving the eID cards
The first signature value and the UUID are stated, the first signature value is that the eID cards sign to obtain to plaintext data progress eID
EID signature values;Wherein, the sending module is specifically used for sending the UUID, the original text to the identification service system
Data and the first signature value;The display module is specifically used for:Generation is included described in Quick Response Code and the display of the UUID
Quick Response Code.
Alternatively, as one embodiment, the identification service system is IDSP systems.
Alternatively, eID signature includes HMAC signatures or PKI signatures, the PKI signatures can using RSA Algorithm or
SM2 algorithms.
EID terminal devices 700 can perform each step performed in the method shown in Fig. 3 by eID terminal devices, in order to
Succinctly, here is omitted.
Fig. 8 is the schematic block diagram of the eID terminal devices 800 of another embodiment of the present invention.EID terminal devices 800 wrap
Include memory 810, processor 820, receiver 830 and transmitter 840.
Memory 810, for storage program.
Processor 820, the program stored for performing the memory 810.
When the processor 820 performs the program that the memory 810 stores, specifically for reading eID from eID cards
EID information of the identification information and eID cards of card in the eID cards carries out the first signature value that the first signature obtains.
The processor 820 is additionally operable to identification information and the first signature value for showing the eID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
Alternatively, as one embodiment, the eID terminal devices 800 are self service terminal of bank equipment.
Alternatively, as one embodiment, the processor 820 is specifically used for reading the eID cards from the eID cards
Identification information;Determine to continue and the eID cartoon letters according to the identification information of the eID cards.The transmitter 840 be used for
The eID cards send plaintext data, and the plaintext data includes the identification information of the eID terminal devices, the eID terminals are set
Standby ground area code, the site number of the eID terminal devices, the identification information of the eID cards and eID generation Quick Response Codes will make
Regular version information;The receiver 830 is used for the first signature value for receiving eID cards transmission, and described the
One signature value is that the eID cards carry out the eID signature values that eID signs to obtain to the plaintext data;The transmitter is additionally operable to
The first signature value is sent to identification service system;The receiver is additionally operable to receive disappearing for the identification service system transmission
Authentication code MAC signature values are ceased, the MAC signatures value is that the identification service system carries out MAC signatures to the first signature value
Obtained signature value;The processor is specifically used for:Generation includes the plaintext data, the first signature value and the MAC
The Quick Response Code of signature value;Show the Quick Response Code.
Alternatively, as one embodiment, the identification service system is public security eID centring systems.
Alternatively, eID signature includes HMAC signatures or PKI signatures, the PKI signatures can using RSA Algorithm or
SM2 algorithms.
EID terminal devices 800 can perform each step performed in the method shown in Fig. 2 by eID terminal devices, and with
The correspondence of eID terminal devices 600, for sake of simplicity, here is omitted.
Fig. 9 is the schematic block diagram of the eID terminal devices 900 of another embodiment of the present invention.EID terminal devices 900 wrap
Include memory 910, processor 920, receiver 930 and transmitter 940.
Memory 910, for storage program.
Processor 920, the program stored for performing the memory 910.
When the processor 920 performs the program that the memory 910 stores, specifically for reading eID from eID cards
The eID information of the identification information of card, eID cards in the eID cards carry out the first signature value that the first signature obtains, with it is described
UUID corresponding to the identification informations of eID cards.
The transmitter 940 is used to send the identification information of the eID cards and first signature to identification service system
Value.
The processor 920 is additionally operable to show the UUID.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
Alternatively, as one embodiment, the eID terminal devices are self service terminal of bank equipment.
Alternatively, it is specifically used for as one embodiment, the processor:The eID cards are read from the eID cards
Identification information;Determine to continue and the eID cartoon letters according to the identification information of the eID cards;The transmitter is additionally operable to institute
State eID cards and send plaintext data, the plaintext data includes identification information, the eID terminal devices of the eID terminal devices
Ground area code, the site number of the eID terminal devices, the identification information of the eID cards and the eID generation Quick Response Code will use
Regular version information;The receiver is used to receive the first signature value and the UUID that the eID cards are sent, institute
State the first signature value and carry out the eID signature values that eID signs to obtain to the plaintext data for the eID cards;Wherein, the transmission
Implement body is used to send UUID, the plaintext data and the first signature value to the identification service system;The place
Reason implement body is used for:Generation includes the Quick Response Code of the UUID and shows the Quick Response Code.
Alternatively, IDSP systems are provided for intelligent dynamic service as one embodiment, the identification service system.
Alternatively, eID signature includes HMAC signatures or PKI signatures, the PKI signatures can using RSA Algorithm or
SM2 algorithms.
EID terminal devices 900 can perform each step performed in the method shown in Fig. 3 by eID terminal devices, and with
The correspondence of eID terminal devices 700, for sake of simplicity, here is omitted.
Figure 10 is the schematic block diagram of the eID Verification Systems 1000 of the embodiment of the present invention.It should be understood that the eID shown in Figure 10
Verification System is only example, and the eID Verification Systems of the embodiment of the present invention may also include other modules or unit, or including with figure
Intimate module of modules in 10, or do not really want to include all modules in Figure 10.
EID Verification Systems 1000 include eID terminal devices 1010, public security eID centring systems 1020 and IDSP systems 1030.
Wherein, eID terminal devices 1010 can be eID terminal devices 600 or eID terminal devices 700, public security eID centers
System 1020 can be the public security eID centring systems 130 shown in Fig. 1, and IDSP systems 1030 can be the IDSP shown in Fig. 1
System 140, for sake of simplicity, here is omitted.
In the embodiment of the present invention, eID terminal devices directly read information from eID cards, without this volume of card reader
Outer equipment come aid in obtain eID cards on information so that acquisition eID cards on eID information convenience and ease for use
It is higher, the final convenience for improving eID certifications.
It is appreciated that the processor in the embodiment of the present invention can be a kind of IC chip, there is the processing of signal
Ability.In implementation process, each step of above method embodiment can pass through the integrated logic circuit of the hardware in processor
Or the instruction of software form is completed.Above-mentioned processor can be general processor, digital signal processor (Digital
Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit,
ASIC), ready-made programmable gate array (Field Programmable Gate Array, FPGA) or other FPGAs
Device, discrete gate or transistor logic, discrete hardware components.It can realize or perform the public affairs in the embodiment of the present invention
Each method, step and the logic diagram opened.General processor can be microprocessor or the processor can also be it is any often
Processor of rule etc..The step of method with reference to disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processor and hold
Row is completed, or performs completion with the hardware in decoding processor and software module combination.Software module can be located at deposits at random
Reservoir, flash memory, read-only storage, this area such as programmable read only memory or electrically erasable programmable memory, register
In ripe storage medium.The storage medium is located at memory, and processor reads the information in memory, is completed with reference to its hardware
The step of above method.
It is appreciated that the memory in the embodiment of the present invention can be volatile memory or nonvolatile memory, or
It may include both volatibility and nonvolatile memory.Wherein, nonvolatile memory can be read-only storage (Read-
Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), the read-only storage of erasable programmable
Device (Erasable PROM, EPROM), Electrically Erasable Read Only Memory (Electrically EPROM, EEPROM) or
Flash memory.Volatile memory can be random access memory (Random Access Memory, RAM), and it is used as outside high
Speed caching.By exemplary but be not restricted explanation, the RAM of many forms can use, such as static RAM
(Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory
(Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double Data Rate
SDRAM, DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronized links
Dynamic random access memory (Synchlink DRAM, SLDRAM) and direct rambus random access memory (Direct
Rambus RAM, DR RAM).It should be noted that the memory of system and method described herein be intended to including but not limited to these and
The memory of any other suitable type.
In addition, the terms " system " and " network " are often used interchangeably herein.The terms " and/
Or ", only a kind of incidence relation for describing affiliated partner, represents there may be three kinds of relations, for example, A and/or B, can be with table
Show:Individualism A, while A and B be present, these three situations of individualism B.In addition, character "/" herein, is typicallyed represent front and rear
Affiliated partner is a kind of relation of "or".
It should be understood that in embodiments of the present invention, " B " corresponding with A represents that B is associated with A, and B can be determined according to A.But
It should also be understood that determining that B is not meant to determine B only according to A according to A, B can also be determined according to A and/or other information.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein
Member and algorithm steps, it can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
Performed with hardware or software mode, application-specific and design constraint depending on technical scheme.Professional and technical personnel
Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed
The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Division, only a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The mutual coupling discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit
Close or communicate to connect, can be electrical, mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (Read-Only Memory, ROM), arbitrary access are deposited
Reservoir (Random Access Memory, RAM), magnetic disc or CD etc. are various can be with the medium of store program codes.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by scope of the claims.
Claims (17)
- A kind of 1. method of electronic identity eID certifications, it is characterised in that including:EID terminal devices are by the eID card reading devices of the eID terminal devices, the mark letter of reading eID cards from eID cards The eID information of breath and eID cards in the eID cards carries out the first signature value that the first signature obtains;The eID terminal devices show the identification information of the eID cards and the first signature value.
- 2. according to the method for claim 1, it is characterised in that the eID terminal devices set for self service terminal of bank It is standby.
- 3. method according to claim 1 or 2, it is characterised in that eID terminal devices pass through the eID terminal devices EID card reading devices, the eID information of the identification information and eID cards of eID cards in the eID cards is read from eID cards and is carried out The first signature value that first signature obtains, including:The eID terminal devices by the eID card reading devices of the eID terminal devices, read from the eID cards described in The identification information of eID cards;The eID terminal devices determine to continue and the eID cartoon letters according to the identification information of the eID cards;The eID terminal devices send plaintext data to the eID cards, and the plaintext data includes the eID terminal devices Identification information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the identification information of the eID cards The regular version information that will be used with eID generation Quick Response Codes;The eID terminal devices receive the first signature value that the eID cards are sent, and the first signature value is the eID Block the eID signature values for carrying out eID to the plaintext data and signing to obtain;The eID terminal devices show the identification information of the eID cards and the first signature value, including:The eID terminal devices send the first signature value to identification service system;The eID terminal devices receive the message authentication code MAC signature values that the identification service system is sent, the MAC signatures It is worth and carries out the signature value that MAC signs to obtain to the first signature value for the identification service system;The eID terminal devices generation includes the two dimension of the plaintext data, the first signature value and the MAC signatures value Code;The eID shows the Quick Response Code.
- 4. according to the method in any one of claims 1 to 3, it is characterised in that the identification service system is public security eID Centring system.
- A kind of 5. method of electronic identity eID certifications, it is characterised in that including:EID terminal devices are by the eID card reading devices of the eID terminal devices, the mark letter of reading eID cards from eID cards The eID information of breath, eID cards in the eID cards carries out the first signature value, the mark with the eID cards that the first signature obtains Know general unique identifier UUID corresponding to information;The eID terminal devices send the identification information of the eID cards and the first signature value to identification service system;The eID terminal devices show the UUID.
- 6. according to the method for claim 5, it is characterised in that the eID terminal devices set for self service terminal of bank It is standby.
- 7. the method according to claim 5 or 6, it is characterised in that the eID terminal devices are set by the eID terminals Standby eID card reading devices, the eID information of the identification information, eID cards of eID cards in the eID cards is read from eID cards The first signature value, the UUID corresponding with the identification information of the eID cards that the first signature obtains are carried out, including:The eID terminal devices by the eID card reading devices of the eID terminal devices, read from the eID cards described in The identification information of eID cards;The eID terminal devices determine to continue and the eID cartoon letters according to the identification information of the eID cards;The eID terminal devices send plaintext data to the eID cards, and the plaintext data includes the eID terminal devices Identification information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the identification information of the eID cards The regular version information that will be used with eID generation Quick Response Codes;The eID terminal devices receive the first signature value and the UUID that the eID cards are sent, the first signature value The eID signature values that eID signs to obtain are carried out to the plaintext data for the eID cards;Wherein, the eID terminal devices send the identification information of the eID cards and first signature to identification service system Value, including:The eID terminal devices send the UUID, the plaintext data and first signature to the identification service system Value;The eID terminal devices show the UUID, including:The eID terminal devices generation includes the Quick Response Code of the UUID;The eID terminal devices show the Quick Response Code.
- 8. the method according to any one of claim 5 to 7, it is characterised in that the identification service system is intelligent Dynamic service provides IDSP systems.
- A kind of 9. electronic identity eID terminal devices, it is characterised in that including:Read module, for reading the eID information of the identification information and eID cards of eID cards in the eID cards from eID cards Carry out the first signature value that the first signature obtains;Display module, for the identification information for showing the eID and the first signature value.
- 10. eID terminal devices according to claim 9, it is characterised in that the eID terminal devices take for bank self-help Business terminal device.
- 11. the eID terminal devices according to claim 9 or 10, it is characterised in that the read module is specifically used for:The identification information of the eID cards is read from the eID cards;Determine to continue and the eID cartoon letters according to the identification information of the eID cards;Wherein, the eID terminal devices also include:Sending module, for sending plaintext data to the eID cards, the plaintext data includes the mark of the eID terminal devices Know information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the eID cards identification information and The regular version information that the eID generations Quick Response Code will use;Receiving module, the first signature value sent for receiving the eID cards, the first signature value is the eID cards The eID signature values that eID signs to obtain are carried out to the plaintext data;The sending module is additionally operable to send the first signature value to identification service system;The receiving module is additionally operable to receive the message authentication code MAC signature values that the identification service system is sent, the MAC label Name value is that the identification service system carries out the signature value that MAC signs to obtain to the first signature value;The display module is specifically used for:Generation includes the Quick Response Code of the plaintext data, the first signature value and the MAC signatures value;Show the Quick Response Code.
- 12. the eID terminal devices according to any one of claim 9 to 11, it is characterised in that the identification service system For public security eID centring systems.
- A kind of 13. electronic identity eID terminal devices, it is characterised in that including:Read module, enter for reading the eID information of the identification information, eID cards of eID cards in the eID cards from eID cards Row first sign obtain the first signature value, the general unique identifier UUID corresponding with the identification information of the eID cards;Sending module, for sending the identification information of the eID cards and the first signature value to identification service system;Display module, for showing the UUID.
- 14. eID terminal devices according to claim 13, it is characterised in that the eID terminal devices take for bank self-help Business terminal device.
- 15. the eID terminal devices according to claim 13 or 14, it is characterised in that the read module is specifically used for:The identification information of the eID cards is read from the eID cards;Determine to continue and the eID cartoon letters according to the identification information of the eID cards;The sending module is additionally operable to send plaintext data to the eID cards, and the plaintext data includes the eID terminal devices Identification information, the ground area code of the eID terminal devices, the site number of the eID terminal devices, the eID cards mark letter The regular version information that breath and eID generation Quick Response Codes will use;The eID terminal devices also include receiving module, for receiving the first signature value that the eID cards send and described UUID, the first signature value are that the eID cards carry out the eID signature values that eID signs to obtain to the plaintext data;Wherein, the sending module is specifically used for sending UUID, the plaintext data and the institute to the identification service system State the first signature value;The display module is specifically used for:Generation includes the Quick Response Code of the UUID and shows the Quick Response Code.
- 16. the eID terminal devices according to any one of claim 13 to 15, it is characterised in that the authentication service system Unite and provide IDSP systems for intelligent dynamic service.
- 17. a kind of electronic identity eID Verification Systems, it is characterised in that including any one of claim 9 to claim 16 institute The eID terminal devices stated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610852630.0A CN107872321B (en) | 2016-09-26 | 2016-09-26 | Electronic identity authentication method and electronic identity terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610852630.0A CN107872321B (en) | 2016-09-26 | 2016-09-26 | Electronic identity authentication method and electronic identity terminal equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107872321A true CN107872321A (en) | 2018-04-03 |
CN107872321B CN107872321B (en) | 2020-09-25 |
Family
ID=61751799
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610852630.0A Active CN107872321B (en) | 2016-09-26 | 2016-09-26 | Electronic identity authentication method and electronic identity terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107872321B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108924838A (en) * | 2018-09-11 | 2018-11-30 | 中国联合网络通信集团有限公司 | Method for switching network, device, Provider Equipment and the terminal of cross operator |
CN109068275A (en) * | 2018-06-07 | 2018-12-21 | 国民技术股份有限公司 | Drive safely control method, system and computer readable storage medium |
CN112734556A (en) * | 2020-12-31 | 2021-04-30 | 重庆银行股份有限公司 | Multifunctional interactive terminal based on internet |
US11496900B2 (en) * | 2019-02-26 | 2022-11-08 | Samsung Electronics Co., Ltd. | Electronic device and method for storing user identification information |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080046747A1 (en) * | 2006-07-28 | 2008-02-21 | Brown Steven T | Authorization system and method |
US20080126810A1 (en) * | 2006-11-06 | 2008-05-29 | Li-Kuo Chiu | Data protection method for optical storage media/device |
CN101916485A (en) * | 2010-07-21 | 2010-12-15 | 浪潮齐鲁软件产业有限公司 | Method for accepting vehicle purchase tax declaration through self-service tax declaration terminal |
CN102654896A (en) * | 2011-03-04 | 2012-09-05 | 董建飞 | Method for digital signature device to display key information of transaction data |
CN103366111A (en) * | 2013-07-10 | 2013-10-23 | 公安部第三研究所 | Two-dimensional code based method for realizing extended authentication control of smart card on mobile equipment |
CN103955829A (en) * | 2013-11-06 | 2014-07-30 | 郑楠 | Member management and payment system based on identity card |
CN104601593A (en) * | 2015-02-04 | 2015-05-06 | 公安部第三研究所 | Anti-tracking method in network electronic identity authentication process based on challenge modes |
-
2016
- 2016-09-26 CN CN201610852630.0A patent/CN107872321B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080046747A1 (en) * | 2006-07-28 | 2008-02-21 | Brown Steven T | Authorization system and method |
US20080126810A1 (en) * | 2006-11-06 | 2008-05-29 | Li-Kuo Chiu | Data protection method for optical storage media/device |
CN101916485A (en) * | 2010-07-21 | 2010-12-15 | 浪潮齐鲁软件产业有限公司 | Method for accepting vehicle purchase tax declaration through self-service tax declaration terminal |
CN102654896A (en) * | 2011-03-04 | 2012-09-05 | 董建飞 | Method for digital signature device to display key information of transaction data |
CN103366111A (en) * | 2013-07-10 | 2013-10-23 | 公安部第三研究所 | Two-dimensional code based method for realizing extended authentication control of smart card on mobile equipment |
CN103955829A (en) * | 2013-11-06 | 2014-07-30 | 郑楠 | Member management and payment system based on identity card |
CN104601593A (en) * | 2015-02-04 | 2015-05-06 | 公安部第三研究所 | Anti-tracking method in network electronic identity authentication process based on challenge modes |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109068275A (en) * | 2018-06-07 | 2018-12-21 | 国民技术股份有限公司 | Drive safely control method, system and computer readable storage medium |
CN108924838A (en) * | 2018-09-11 | 2018-11-30 | 中国联合网络通信集团有限公司 | Method for switching network, device, Provider Equipment and the terminal of cross operator |
CN108924838B (en) * | 2018-09-11 | 2021-09-14 | 中国联合网络通信集团有限公司 | Inter-operator network switching method and device, operator equipment and terminal |
US11496900B2 (en) * | 2019-02-26 | 2022-11-08 | Samsung Electronics Co., Ltd. | Electronic device and method for storing user identification information |
CN112734556A (en) * | 2020-12-31 | 2021-04-30 | 重庆银行股份有限公司 | Multifunctional interactive terminal based on internet |
Also Published As
Publication number | Publication date |
---|---|
CN107872321B (en) | 2020-09-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Pourghomi et al. | A proposed NFC payment application | |
RU2718229C1 (en) | Establishing secure channel | |
US9818113B2 (en) | Payment method using one-time card information | |
CN100534043C (en) | A method, system and computer program product for secure ticketing in a communications device | |
US20170178116A1 (en) | Remote transaction system, method and point of sale terminal | |
CN102088353B (en) | Two-factor authentication method and system based on mobile terminal | |
US20080244714A1 (en) | Secure RFID authentication system using non-trusted communications agents | |
CN111357025A (en) | Secure QR code services | |
US20140081784A1 (en) | Payment method, payment server performing the same and payment system performing the same | |
US20150142666A1 (en) | Authentication service | |
US20150142669A1 (en) | Virtual payment chipcard service | |
US20140289129A1 (en) | Method for secure contactless communication of a smart card and a point of sale terminal | |
CN103400418A (en) | Electronic ticket sale and check method based on NFC (Near Field Communication) mobile terminal | |
EP1142194B1 (en) | Method and system for implementing a digital signature | |
CN104240074A (en) | Prepaid card online payment system based on identity authentication and payment method of prepaid card online payment system | |
CN107872321A (en) | The method and electronic identity terminal device of electronic identity authentication | |
JP6667498B2 (en) | Remote transaction system, method and POS terminal | |
EP3151180A1 (en) | Identification method and system | |
CN103426091A (en) | Client information interaction method and system | |
US20170024729A1 (en) | Secure Transmission of Payment Credentials | |
Kisore et al. | A secure SMS protocol for implementing digital cash system | |
CN103023642B (en) | A kind of mobile terminal and digital certificate functionality implementation method thereof | |
EP3853796A1 (en) | A payment authentication device, a payment authentication system and a method of authenticating payment | |
GB2525423A (en) | Secure Token implementation | |
Chang et al. | An improved certificate mechanism for transactions using radio frequency identification enabled mobile phone |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |