CN108173870B - Network card generation method and system for identity authentication - Google Patents
Network card generation method and system for identity authentication Download PDFInfo
- Publication number
- CN108173870B CN108173870B CN201810036252.8A CN201810036252A CN108173870B CN 108173870 B CN108173870 B CN 108173870B CN 201810036252 A CN201810036252 A CN 201810036252A CN 108173870 B CN108173870 B CN 108173870B
- Authority
- CN
- China
- Prior art keywords
- platform
- network
- access platform
- intelligent terminal
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention provides a method for generating a network card for identity authentication, which comprises the following steps: s1, when the intelligent terminal receives the identity authentication request of the user, the living body detection is carried out on the portrait of the user, and a scene portrait photo is obtained; s2, the intelligent terminal sends a generating element to the access platform, wherein the generating element comprises the name, the identification card number and/or the portrait photo of the user; s3, the access platform sends the user information to the trusted platform and receives the user information and confirms whether the user information is the personnel in the database of the trusted platform; and S4, if the person is a person in the library, the intelligent terminal initiates a network certificate opening request to the access platform, the access platform signs based on the generated element to generate a network certificate, the access platform simultaneously sends the network certificate and the generated element to the trusted platform, the trusted platform is requested to authenticate the network certificate based on the generated element, and if the authentication is successful, the access platform returns the network certificate and the authentication result to the intelligent terminal. The invention solves the problem of transmitting identity information on the Internet.
Description
Technical Field
The invention relates to an identity authentication technology, in particular to a network card generation method and a network card generation system for identity authentication based on a WeChat public platform.
Background
The existing identity authentication based on identity card number, name and face uses the sensitive information of the user (identity card number, name and portrait picture collected in real-name scene) to initiate authentication. And the authentication information is transmitted in multiple layers, response identification numbers are searched in the comparison source database, names are compared, then the pictures of the comparison source database are taken out, the pictures and the collected pictures are compared by using a portrait comparison engine for similarity comparison, and whether the pictures are the same person is determined according to a set threshold value.
In the prior art, index search is performed based on the plaintext of the identification number and the name, so that a set of matched identification number, name and portrait information needs to be transmitted on the internet among various related organizations and companies to realize authentication. A set of matched identity card numbers, names and portrait information are transmitted on the Internet, which is a huge threat to the privacy and safety of citizens and may cause the legal identity of users to be stolen and stolen.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to reduce the information of identity card numbers and names transmitted among interconnected organizations or companies. The method and the system protect citizen privacy information while providing authentication service.
Therefore, the invention provides a network card generating method and a system for identity authentication, which comprise the following steps:
s1, when the intelligent terminal receives the identity authentication request of the user, the living body detection is carried out on the portrait of the user, and a scene portrait photo is obtained; s2, the intelligent terminal sends generating elements to the access platform, wherein the generating elements comprise the name, the identification card number and the portrait photo of the user; s3, the access platform sends the user information to the trusted platform and receives the user information and confirms whether the user information is the personnel in the database of the trusted platform; and S4, if the person is a person in the library, the intelligent terminal initiates a network certificate opening request to the access platform, the access platform signs based on the generated element to generate a network certificate, the access platform simultaneously sends the network certificate and the generated element to the trusted platform, the trusted platform is requested to authenticate the network certificate based on the generated element, and if the authentication is successful, the access platform returns the network certificate and the authentication result to the intelligent terminal.
The invention also proposes a system for generating a network card for identity authentication, the system comprising one or more access platforms configured to:
s1, receiving a generating element sent by the intelligent terminal, wherein the generating element comprises a name, an identification number and/or a portrait photo of a user, and when the intelligent terminal receives an identity authentication request of the user, performing living body detection on the portrait of the user and acquiring a field portrait photo;
s2, the access platform sends the user information to the trusted platform and receives the user information and confirms whether the user information is the personnel in the database of the trusted platform;
and S3, if the person is a person in the library, the intelligent terminal initiates a network certificate opening request to the access platform, the access platform signs based on the generated element to generate a network certificate, the access platform simultaneously sends the network certificate and the generated element to the trusted platform, the trusted platform is requested to authenticate the network certificate based on the generated element, and if the authentication is successful, the access platform returns the network certificate and the authentication result to the intelligent terminal.
The beneficial effects of the invention include:
the invention does not transmit the name and the identity card number in the authentication process, thereby solving the problem of transmitting identity information in the internet in the identity authentication process based on the identity card number, the name and the face; the problem that the third party unit retains the user sensitive information is solved.
Drawings
Fig. 1 is a flowchart of a part of a network card generation method for identity authentication according to the present invention.
Fig. 2 is a flowchart of a part of a network card generating method for identity authentication according to the present invention.
Fig. 3 is a flowchart illustrating a method for generating a network card for identity authentication according to the present invention.
Detailed Description
Embodiments of the present invention will now be described with reference to the drawings, wherein like parts are designated by like reference numerals. The embodiments described below and the technical features of the embodiments may be combined with each other without conflict.
The identity authentication method of the invention comprises an internet-based intelligent terminal or terminal application (such as WeChat), and the invention is described below by taking WeChat as an example.
And S1, when the WeChat receives the identity authentication request of the user (the user opens the WeChat, clicks a key on the interface, and starts the identity authentication function), starting a portrait living body detection program of the WeChat, and starting the living body detection and acquiring a field portrait photo by the WeChat.
S2, sending the generating element (name + ID number or name + ID number + portrait) to the access platform by the WeChat.
S3, the access platform sends the generating elements (name + ID number or name + ID number + portrait) to the credible platform (such as the department of public Security), and receives the confirmation result of the credible platform, namely whether the generating elements are the persons in the database of the credible platform.
And S4, if the person is a person in the library, the WeChat sends a request for opening the lightweight network certificate to the access platform. The access platform generates the network certificate, and the generation mode of the network certificate is as follows: the access platform signs the generating elements (name, identity card, portrait, etc.) with its own private key. The access platform simultaneously sends the network card and the generated elements (name, identity card, portrait, etc.) to the trusted platform, and requests the trusted platform to authenticate the network card based on the generated elements. If the authentication result is passed, the access platform returns the network certificate and the authentication result to the WeChat, meanwhile, the access platform packs the network certificate and the opening elements (name, identity card, portrait, and the like) and sends the network certificate and the opening elements to the trusted platform through a private network (such as a public security network), and the trusted platform does not need to check the generated elements. And if the authentication result is failed, the access platform fails to issue the certificate to the WeChat feedback network.
And S5, if the user is not a person in the library, the WeChat checks the identity of the user and judges the identity checking result. The verification process of the WeChat on the user identity comprises the following steps: sending the 'name + identity card number' to a trusted platform (such as the institute of public Security department); or the name, the identity card number and the portrait, and receives the confirmation result of the trusted platform to determine whether the user is the person.
And S51, if the identity verification passes, sending a network card opening request to the access platform by the WeChat, and simultaneously sending the request which also comprises name, identity card number and portrait information. The access platform directly generates the network card and returns the network card to the WeChat, and meanwhile, the access platform packages the network card and the generated elements (name, identity card, valid period, portrait, management information and the like) and sends the network card and the generated elements to the trusted platform through a private network (public security network). And the trusted platform checks the generated elements again and feeds back the check result to the WeChat through the access platform. Or when the access platform requests, the trusted platform checks the opening element, the check result can provide state inquiry for the access platform in a mode of inquiring the service interface, and the access platform feeds back the invalid network certificate to the WeChat after inquiring.
And S52, if the credit investigation interface feeds back that the identity verification fails, the user is informed of the failure of the identity authentication by WeChat.
FIG. 1 shows a more detailed flowchart of the steps of S1-S4.
A1, judging whether the platform is a member in the library of the trusted platform.
A2, if it is a person in the library, the WeChat will make living body detection to the user and collect the portrait.
A3, sending the request for opening the network ID card, name, ID card number and portrait information to the access platform by the WeChat.
A4, the access platform sends the network certificate, name, ID card number and portrait information to the trusted platform, and requests the trusted platform to authenticate.
A5, the trusted platform authenticates the network certificate, the name, the ID card number and the portrait information, and returns the authentication result to the access platform.
A6, if the trusted platform is successfully authenticated, the access platform generates a certificate.
A7, the access platform returns the authentication result and the network certificate to the WeChat
A8, the access platform sends the network certificate and the name, the ID card number and the portrait information (generating element) to the trusted platform.
A9, if the trusted platform fails to authenticate, the access platform returns the result to the WeChat.
Fig. 2 shows a more detailed flowchart of step S5.
And B1, judging whether the platform is a warehouse staff of the trusted platform.
B2, the WeChat checks the identity of the user.
And B3, sending a request for opening the network certificate, the name, the identity card number and the portrait information to the access platform by the WeChat.
B4, generating a certificate by the access platform.
B5, the access platform returns the certificate to the WeChat.
B6, the access platform sends the network certificate, name, ID card number and portrait information to the credible platform.
B7, in the subsequent process, the access platform may send a request to the trusted platform when needed, requesting the trusted platform to verify the network certificate.
And B8, the trusted platform returns the verification result to the access platform.
B9, the access platform returns the verification result to the WeChat.
The usage flow of the netwitness of the present invention is described below with reference to fig. 3.
The network certificate of the invention is 'real person authentication', namely the matching verification of the real service user and the user corresponding to the network certificate. The application process of the network certificate is as follows:
c1, the third party invokes the WeChat jsapi or the loaded applet api (without entering identity information).
C2, starting the living body detection and acquiring the live portrait picture.
And C3, sending the corresponding network certificate and the portrait picture of the user to the access platform by the WeChat, and initiating authentication.
And C4, the access platform sends the authentication request to the trusted platform by using the existing authentication link to obtain the authentication result.
And C5, the trusted platform authenticates and returns the authentication result to the access platform.
And C6, the access platform feeds back the authentication result to the WeChat. Thus, the WeChat can feed back the authentication result to the third party.
Before the trusted platform checks the opening element of the network certificate again, the photo used by the portrait comparison is the photo sent when the network certificate is issued. After validation by the trusted platform, the public security certificate photo may be used (except without the public security certificate photo).
The above-described embodiments are merely preferred embodiments of the present invention, and general changes and substitutions by those skilled in the art within the technical scope of the present invention are included in the protection scope of the present invention.
Claims (6)
1. A method for generating a network card for identity authentication is characterized by comprising the following steps:
s1, when the intelligent terminal receives the identity authentication request of the user, the living body detection is carried out on the portrait of the user, and a scene portrait photo is obtained;
s2, the intelligent terminal sends a generating element to the access platform, wherein the generating element comprises the name, the identification card number and/or the portrait photo of the user;
s3, the access platform sends the user information to the trusted platform and receives the user information and confirms whether the user information is the personnel in the database of the trusted platform;
s4, if the person is a person in the library, the intelligent terminal sends a request for opening the network certificate to the access platform, the access platform signs based on the generated element to generate the network certificate, the access platform simultaneously sends the network certificate and the generated element to the trusted platform, the trusted platform is requested to authenticate the network certificate based on the generated element, and if the authentication is successful, the access platform returns the network certificate and the authentication result to the intelligent terminal;
s5, if not, the intelligent terminal checks the identity of the user and judges the identity checking result: the intelligent terminal sends the name and the identity card number of the user or the name, the identity card number and the portrait of the user to the trusted platform, and receives a confirmation result of the trusted platform to determine whether the user is the person or not; if the identity verification passes, the intelligent terminal sends a network card opening request to the access platform, and meanwhile, the network card opening request is sent to the access platform, the generated elements are generated, the access platform generates the network card and returns the network card to the intelligent terminal, meanwhile, the access platform sends the network card and the generated elements to the trusted platform through the private network, the trusted platform subsequently checks the generated elements again, and the checked result is fed back to the intelligent terminal through the access platform.
2. The method for generating a network certificate for identity authentication according to claim 1, further comprising, in step S4:
and after the authentication is successful, the access platform sends the network authentication and the opening element to the trusted platform through the private network.
3. The method for generating a network certificate for identity authentication according to claim 1, characterized by comprising:
when the access platform requests, the trusted platform checks the generated elements, the check result can provide state inquiry for the access platform in a mode of inquiring a service interface, and the access platform feeds back the invalid network certificate to the intelligent terminal after inquiring.
4. A system for generating a network card for identity authentication, the system comprising one or more access platforms configured to:
s1, receiving a generating element sent by the intelligent terminal, wherein the generating element comprises a name, an identification number and/or a portrait photo of a user, and when the intelligent terminal receives an identity authentication request of the user, performing living body detection on the portrait of the user and acquiring a field portrait photo;
s2, the access platform sends the user information to the trusted platform and receives the user information and confirms whether the user information is the personnel in the database of the trusted platform;
s3, if the person is a person in the library, the intelligent terminal sends a request for opening the network certificate to the access platform, the access platform signs based on the generated element to generate the network certificate, the access platform simultaneously sends the network certificate and the generated element to the trusted platform, the trusted platform is requested to authenticate the network certificate based on the generated element, and if the authentication is successful, the access platform returns the network certificate and the authentication result to the intelligent terminal;
if the user is not a person in the warehouse, the intelligent terminal conducts identity verification on the user and judges an identity verification result: the intelligent terminal sends the name and the identity card number of the user or the name, the identity card number and the portrait of the user to the trusted platform, and receives a confirmation result of the trusted platform to determine whether the user is the person or not; if the identity verification passes, the intelligent terminal sends a network card opening request to the access platform, and meanwhile, the network card opening request is sent to the access platform, the generated elements are generated, the access platform generates the network card and returns the network card to the intelligent terminal, meanwhile, the access platform sends the network card and the generated elements to the trusted platform through the private network, the trusted platform subsequently checks the generated elements again, and the checked result is fed back to the intelligent terminal through the access platform.
5. System for generation of a network card for identity authentication according to claim 4, characterized in that,
in step S2, after the authentication is successful, the access platform sends the network authentication and the provisioning element to the trusted platform through the private network.
6. System for generation of a network card for identity authentication according to claim 4, characterized in that,
when the access platform requests, the trusted platform checks the generated elements, the check result can provide state inquiry for the access platform in a mode of inquiring a service interface, and the access platform feeds back the invalid network certificate to the intelligent terminal after inquiring.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810036252.8A CN108173870B (en) | 2018-01-15 | 2018-01-15 | Network card generation method and system for identity authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810036252.8A CN108173870B (en) | 2018-01-15 | 2018-01-15 | Network card generation method and system for identity authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108173870A CN108173870A (en) | 2018-06-15 |
| CN108173870B true CN108173870B (en) | 2021-02-19 |
Family
ID=62514412
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810036252.8A Active CN108173870B (en) | 2018-01-15 | 2018-01-15 | Network card generation method and system for identity authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173870B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110795737A (en) * | 2018-08-03 | 2020-02-14 | 华为技术有限公司 | Method and terminal equipment for upgrading service application range of electronic identity card |
| CN110135137A (en) * | 2019-05-08 | 2019-08-16 | 北京科蓝软件系统股份有限公司 | A kind of mobile device-based network identity validation method and device |
| CN110557366B (en) * | 2019-07-15 | 2022-04-12 | 安徽继远软件有限公司 | Identity authentication system and method based on cross-network transmission and CTID (computer telephony integration) network card authentication |
| CN110443740A (en) * | 2019-07-30 | 2019-11-12 | 广州大白互联网科技有限公司 | A kind of identity identifying method and system |
| CN110995659B (en) * | 2019-11-12 | 2022-02-22 | 广州大白互联网科技有限公司 | Method and system for generating network authentication data |
| CN110855664A (en) * | 2019-11-12 | 2020-02-28 | 广州大白互联网科技有限公司 | Network certificate system |
| CN110955858B (en) * | 2019-11-12 | 2022-11-18 | 广州大白互联网科技有限公司 | Information management method of network license platform |
| CN110868467B (en) * | 2019-11-12 | 2022-06-03 | 广州大白互联网科技有限公司 | Network certificate synchronization method, system and storage medium based on network certificate platform |
| CN110995661B (en) * | 2019-11-12 | 2022-04-01 | 广州大白互联网科技有限公司 | Network card platform |
| CN111539752A (en) * | 2020-04-29 | 2020-08-14 | 中国银行股份有限公司 | Identity authentication method and device, storage medium and electronic equipment |
| CN111563243A (en) * | 2020-04-29 | 2020-08-21 | 中国人民解放军海军航空大学 | Credible identity authentication platform based on WeChat applet |
| CN114095211B (en) * | 2021-10-29 | 2023-08-22 | 新大陆(福建)公共服务有限公司 | Trusted digital identity personnel verification method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105429986A (en) * | 2015-11-30 | 2016-03-23 | 兴唐通信科技有限公司 | System for network real-name authentication and privacy protection |
| CN105554018A (en) * | 2015-12-31 | 2016-05-04 | 兴唐通信科技有限公司 | Network real name verification method |
| EP3151180A1 (en) * | 2015-09-29 | 2017-04-05 | STH Development & Design AB | Identification method and system |
| CN107016127A (en) * | 2017-05-04 | 2017-08-04 | 杭州悉点科技有限公司 | A kind of electronics temporary identity authentication method and system based on biological identification technology |
-
2018
- 2018-01-15 CN CN201810036252.8A patent/CN108173870B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3151180A1 (en) * | 2015-09-29 | 2017-04-05 | STH Development & Design AB | Identification method and system |
| CN105429986A (en) * | 2015-11-30 | 2016-03-23 | 兴唐通信科技有限公司 | System for network real-name authentication and privacy protection |
| CN105554018A (en) * | 2015-12-31 | 2016-05-04 | 兴唐通信科技有限公司 | Network real name verification method |
| CN107016127A (en) * | 2017-05-04 | 2017-08-04 | 杭州悉点科技有限公司 | A kind of electronics temporary identity authentication method and system based on biological identification technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108173870A (en) | 2018-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108173870B (en) | Network card generation method and system for identity authentication | |
| CN108881290B (en) | Block chain based digital certificate use method, system and storage medium | |
| CN105763521B (en) | A kind of device authentication method and device | |
| JP5654642B1 (en) | Authentication system and program | |
| RU2320009C2 (en) | Systems and methods for protected biometric authentication | |
| US7613929B2 (en) | Method and system for biometric identification and authentication having an exception mode | |
| CN105187431B (en) | Login method, server, client and the communication system of third-party application | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| KR20130107188A (en) | Server and method for authentication using sound code | |
| KR102137122B1 (en) | Security check method, device, terminal and server | |
| KR102227578B1 (en) | Method for serving certificate based on zero knowledge proof by using blockchain network, and server and terminal for using them | |
| CN110545274A (en) | Method, device and system for UMA service based on people and evidence integration | |
| CN102868702A (en) | System login device and system login method | |
| JP2017102842A (en) | Personal identification system, personal identification information output system, authentication server, personal identification method, personal identification information output method, and program | |
| KR101297118B1 (en) | User authentication method using biometric one-time password | |
| CN105187417B (en) | Authority acquiring method and apparatus | |
| US11949689B2 (en) | Unified authentication system for decentralized identity platforms | |
| KR101133167B1 (en) | Method and apparatus for user verifing process with enhanced security | |
| KR102284876B1 (en) | System and method for federated authentication based on biometrics | |
| KR102187545B1 (en) | Document management apparatus for providing secure document through user authentication based on face recognition and operating method thereof | |
| JP2003233595A (en) | User authentifying system and method for cell phone terminal as well as user authentifying program | |
| CN110768985A (en) | Code scanning authentication method initiated by access terminal, access terminal and authentication system | |
| KR20120010602A (en) | Method for user verifing process with enhanced security by mobile communication system and mobile communication terminal for use therein | |
| CN114499896B (en) | Real name authentication method and system based on block chain | |
| KR20120003619A (en) | Method for processing financial transactions with enhanced security by mobile communication system and mobile communication terminal for use therein |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |