CN108512660B - Virtual card verification method - Google Patents

Virtual card verification method Download PDF

Info

Publication number
CN108512660B
CN108512660B CN201810268668.2A CN201810268668A CN108512660B CN 108512660 B CN108512660 B CN 108512660B CN 201810268668 A CN201810268668 A CN 201810268668A CN 108512660 B CN108512660 B CN 108512660B
Authority
CN
China
Prior art keywords
verification
data
user
network
virtual card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810268668.2A
Other languages
Chinese (zh)
Other versions
CN108512660A (en
Inventor
蔡燕
何欧翔
颜星
邵飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Zhongyu Education Card Application Big Data Engineering Research Co ltd
Hunan Dongfang Hualong Information Technology Co ltd
Original Assignee
Hunan Zhongyu Education Card Application Big Data Engineering Research Co ltd
Hunan Dongfang Hualong Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Zhongyu Education Card Application Big Data Engineering Research Co ltd, Hunan Dongfang Hualong Information Technology Co ltd filed Critical Hunan Zhongyu Education Card Application Big Data Engineering Research Co ltd
Priority to CN201810268668.2A priority Critical patent/CN108512660B/en
Publication of CN108512660A publication Critical patent/CN108512660A/en
Application granted granted Critical
Publication of CN108512660B publication Critical patent/CN108512660B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention provides a verification method of a virtual card; the method is applied to the intelligent terminal stored with a virtual card, the virtual card comprises user basic verification data and network identity verification data, and the method comprises the following steps: if receiving a verification request of the virtual card, analyzing a verification mode corresponding to the verification request; the verification mode comprises a basic verification mode and a network verification mode; if the verification mode is a basic verification mode, generating a first verification identifier according to the user basic verification data, and verifying the user of the virtual card by applying the first verification identifier; and if the verification mode is a network verification mode, generating a second verification identifier according to the network identity verification data, and verifying the user of the virtual card by applying the second verification identifier. The method improves the application safety of the virtual card by providing a plurality of verification modes of the virtual card.

Description

Virtual card verification method
Technical Field
The invention relates to the technical field of computer application, in particular to a verification method of a virtual card.
Background
With the development of technology, people increasingly commonly use various types of virtual cards in daily use. Common virtual cards are electronic identification cards, electronic driver's licenses, virtual credit cards, electronic social security cards, and the like. Some virtual cards are mainly used for identity authentication, some virtual cards are mainly used for transaction, and other virtual cards have the two functions.
The existing virtual card basically takes short message verification codes or identity card information verification as a main part, the verification mode is single, and the application safety of the virtual card is poor.
Disclosure of Invention
In view of the above, the present invention is directed to a method for verifying a virtual card, so as to improve the application security of the virtual card.
In a first aspect, an embodiment of the present invention provides a method for verifying a virtual card, where the method is applied to an intelligent terminal storing the virtual card, and the virtual card includes user basic verification data and network identity verification data, and the method includes: if receiving a verification request of the virtual card, analyzing a verification mode corresponding to the verification request; the verification mode comprises a basic verification mode and a network verification mode; if the verification mode is a basic verification mode, generating a first verification identifier according to the user basic verification data, and verifying the user of the virtual card by applying the first verification identifier; and if the verification mode is a network verification mode, generating a second verification identifier according to the network identity verification data, and verifying the user of the virtual card by applying the second verification identifier.
With reference to the first aspect, an embodiment of the present invention provides a first possible implementation manner of the first aspect, where the method further includes: if an application request of a virtual card of a user is received, acquiring user basic verification data of the user; applying for network certificate data to a server corresponding to the application request according to the user basic verification data; acquiring application identity data of a user; the application identity data comprises a biometric of the user; generating a virtual card comprising user basic authentication data and network authentication data for the user, the network authentication data comprising: network certificate data and application identity data.
With reference to the first aspect, an embodiment of the present invention provides a second possible implementation manner of the first aspect, where the step of generating the first authentication identifier according to the user basic authentication data includes: extracting user identification information from the user basic verification data, wherein the user identification information comprises at least one of the following information: plaintext identity information, privacy identity information and entity card information; and taking the plaintext or the code text of the extracted user identity information as a first verification identifier.
With reference to the first aspect, an embodiment of the present invention provides a third possible implementation manner of the first aspect, where the network authentication data includes: network certificate data and application identity data; the step of generating the second authentication identifier according to the network authentication data includes: and generating a second verification identifier based on the network certificate data and/or the application identity data in the network identity verification data.
With reference to the third possible implementation manner of the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where the step of generating the second verification identifier based on the network certificate data and/or the application identity data in the network identity verification data includes: if the network verification mode is two-dimension code authentication, sending a two-dimension code acquisition request to a server of the virtual card; receiving a random number returned by the server, and applying network certificate data and/or application identity data in the network identity verification data to sign the random number to obtain a certificate signature; sending the certificate signature to a server for signature verification; receiving a two-dimensional code returned by the server, wherein the two-dimensional code is generated by the server according to the card information of the virtual card after the signature verification is passed; and taking the two-dimensional code as a second verification identifier.
With reference to the first aspect, an embodiment of the present invention provides a fifth possible implementation manner of the first aspect, where the method further includes: if the first verification identifier or the second verification identifier passes the verification and receives the next verification request, continuing to perform subsequent verification according to the verification mode corresponding to the next verification request until the user verification of the virtual card is completed.
In a second aspect, an embodiment of the present invention provides an apparatus for verifying a virtual card, where the apparatus is disposed in an intelligent terminal storing the virtual card, and the virtual card includes user basic verification data and network identity verification data, and the apparatus includes: the verification mode analysis module is used for analyzing a verification mode corresponding to the verification request if the verification request of the virtual card is received; the verification mode comprises a basic verification mode and a network verification mode; the basic verification module is used for generating a first verification identifier according to the user basic verification data if the verification mode is the basic verification mode, and verifying the user of the virtual card by applying the first verification identifier; and the network verification module is used for generating a second verification identifier according to the network identity verification data and verifying the user of the virtual card by applying the second verification identifier if the verification mode is a network verification mode.
With reference to the second aspect, an embodiment of the present invention provides a first possible implementation manner of the second aspect, where the basic verification module is further configured to: extracting user identification information from the user basic verification data, wherein the user identification information comprises at least one of the following information: plaintext identity information, privacy identity information and entity card information; and taking the plaintext or the code text of the extracted user identity information as a first verification identifier.
With reference to the second aspect, an embodiment of the present invention provides a second possible implementation manner of the second aspect, where the network authentication data includes: network certificate data and application identity data; the network authentication module is further configured to: and generating a second verification identifier based on the network certificate data and/or the application identity data in the network identity verification data.
With reference to the second aspect, an embodiment of the present invention provides a third possible implementation manner of the second aspect, where the apparatus further includes: and the multidimensional verification module is used for continuing to perform subsequent verification according to a verification mode corresponding to the next verification request until the user verification of the virtual card is completed if the first verification identifier or the second verification identifier passes the verification and the next verification request is received.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention provides a virtual card verification method and a virtual card verification device, which are applied to an intelligent terminal stored with a virtual card, wherein the virtual card comprises user basic verification data and network identity verification data, and when the verification mode is a basic verification mode, a user of the virtual card is verified according to the user basic verification data; the verification mode is a network verification mode, and the user of the virtual card is verified according to the network identity verification data, so that the virtual card can provide different data for verification according to different verification modes, the diversity of the virtual card verification modes is further expanded, and the problem of single verification mode of the existing virtual card is solved. In addition, the diversified verification mode can select more appropriate data to verify according to the verification mode, so that the application safety of the virtual card is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention as set forth above.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a verification method for a virtual card according to an embodiment of the present invention;
fig. 2 is a flowchart of another virtual card verification method according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for generating a two-dimensional code verification identifier in network verification according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating partitioned storage of memory data of a virtual card according to an embodiment of the present invention;
fig. 5 is a flowchart of another method for generating a two-dimensional code verification identifier in network verification according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an authentication apparatus for a virtual card according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The verification method and the verification device for the virtual card provided by the embodiment of the invention can be applied to an intelligent terminal with the virtual card stored on the basis of the single verification mode and poor application safety of the virtual card.
To facilitate understanding of the present embodiment, a detailed description is first given of a virtual card verification method disclosed in the present embodiment.
Referring to a flowchart of a method for verifying a virtual card shown in fig. 1, the method is applied to an intelligent terminal storing the virtual card, where the intelligent terminal may be an intelligent communication device such as a mobile phone, or a handheld intelligent device (e.g., a PAD, etc.) or a computer, or may also be a wearable device, which is not described in detail herein. The virtual card in the embodiment of the invention can comprise user basic verification data and network identity verification data, wherein the user basic verification data can comprise general information such as name, identity card number, working information and the like, and the information is identification information of the actual identity of the user. The network identity verification data can comprise a network certificate issued by a server of the virtual card, such as a network identity signed by a network identity recognition system of a citizen of the Ministry of public Security; the network authentication data may also include a biometric identification (e.g., a fingerprint, voice print, facial features), etc. of the user holding the virtual card.
As shown in fig. 1, the method comprises the steps of:
step S100, if a verification request of the virtual card is received, analyzing a verification mode corresponding to the verification request; the verification mode comprises a basic verification mode and a network verification mode.
Authentication is typically required before the virtual card is used; when the use purposes are different, verification modes with different safety factors can be adopted. Based on this, the embodiment of the invention divides the verification mode into a basic verification mode and a network verification mode, wherein the safety factor of the basic verification mode is lower, and the safety factor of the network verification mode is higher. Of course, the specific division of the verification modes may not be limited to the two modes, and more detailed division may be performed according to the security requirement, for example, the division may be performed in three modes or more modes, which is not limited in the embodiment of the present invention.
And S102, if the verification mode is a basic verification mode, generating a first verification identifier according to the user basic verification data, and verifying the user of the virtual card by using the first verification identifier.
The basic user authentication data may be stored when applying for a virtual card, for example: when a user applies for a virtual card, the intelligent terminal provides the information to the server, and meanwhile, considering that some information in the user basic authentication data may relate to the privacy content of the user, the intelligent terminal can treat the data in the user basic authentication data differently, for example, the privacy and other coding processing is stored in a local storage area in a coding mode, and the non-privacy information is stored in a clear text mode.
In the process of generating the first verification identifier according to the user basic verification data, one or more combinations of the existing coding modes can be adopted for generation, for example, a hash algorithm is utilized to operate the user basic verification data to generate a hash code as the first verification identifier, or the user basic verification data can be directly used as the first verification identifier.
The first authentication mark can be a bar code, a two-dimensional code or other information marks, and is generally time-efficient.
And step S104, if the verification mode is a network verification mode, generating a second verification identifier according to the network identity verification data, and verifying the user of the virtual card by applying the second verification identifier.
The generation process of the second verification identifier can also be realized by adopting the existing codes, and the second verification identifier can be a bar code, a two-dimensional code or other information identifiers and generally has timeliness.
The user of the virtual card may be authenticated by using the first authentication identifier or the second authentication identifier, the first authentication identifier or the second authentication identifier may be provided to a sender of the authentication request for authentication, or the first authentication identifier or the second authentication identifier may be provided to a third party associated with the sender of the authentication request for authentication, which is not limited in the present invention.
Usually, the verifying party can generate a first verification identifier or a second verification identifier according to the locally stored virtual card information, and compare the generated first verification identifier or the second verification identifier with the first verification identifier or the second verification identifier provided by the intelligent terminal, so as to verify whether the user identity is legal.
The embodiment of the invention provides a virtual card verification method, which is applied to an intelligent terminal stored with a virtual card, wherein the virtual card comprises user basic verification data and network identity verification data, and when the verification mode is a basic verification mode, a user of the virtual card is verified according to the user basic verification data; the verification mode is a network verification mode, and the user of the virtual card is verified according to the network identity verification data, so that the virtual card can provide different data for verification according to different verification modes, the diversity of the virtual card verification modes is further expanded, and the problem of single verification mode of the existing virtual card is solved. In addition, the diversified verification mode can select more appropriate data to verify according to the verification mode, so that the application safety of the virtual card is improved
Referring to fig. 2, a flow chart of another virtual card verification method is shown, which is implemented on the basis of the method shown in fig. 1 and includes the following steps:
step S200, if the verification request of the virtual card is received, the verification mode corresponding to the verification request is analyzed.
Step S202, if the verification mode is a basic verification mode, extracting user identification information from the user basic verification data, wherein the user identification information comprises at least one of the following information: plaintext identity information, privacy identity information and entity card information; and taking the plaintext or the code text of the extracted user identity identification information as a first verification identifier, and verifying the user of the virtual card by using the first verification identifier.
Specifically, the plaintext information generally includes an ESN (Electronic Serial Number), an identity type, and the like. The confidentiality of the information displayed in the clear text is low, and the information leakage basically cannot cause loss. The privacy identity mainly comprises a name, an identity card number and the like, has certain confidentiality and is generally displayed as a coding graph when used as a verification identifier. The entity card information includes the card number of the entity card bound with the virtual card and related identity information, for example, the entity card information of the virtual education card includes the card number and the school address number of the entity education card. When the virtual card is registered, the three types of information are verified through corresponding official information. In general, basic verification mainly verifies information such as names, identification card numbers and the like, so as to determine the identity of a card holder.
Step S204, if the verification mode is a network verification mode, generating a second verification identifier based on network certificate data and/or application identity data in the network identity verification data, and verifying the user of the virtual card by applying the second verification identifier; wherein the network authentication data comprises: network certificate data and application identity data.
Specifically, the network certificate data includes a network identification card and the like, and the application identification data includes biometric features such as a portrait, a voiceprint, a fingerprint and the like, and also includes social security information, medical security information and the like. The biological characteristic data mainly exists in an application identity area of the virtual card, and a local data verification mode can also be adopted; the user only needs to collect the biological characteristic information according to a certain rule and compare the biological characteristic information with the information in the virtual card, and the verification function is completed if the comparison is passed. The application identity information shows that the virtual card has an industry attribute, such as an electronic social security card, a network education card, an electronic driving license and the like, and the identity can be used for the whole industry, such as medicine buying, retirement fund drawing and the like of social security.
If the second verification identifier is a two-dimensional code, the generation process of the two-dimensional code is shown in fig. 3, and specifically includes the following steps:
step S300, if the network verification mode is two-dimension code authentication, a two-dimension code acquisition request is sent to a server of the virtual card.
Specifically, after receiving a two-dimensional code acquisition request, the server generates a random number, which is generally 32 bits; and after storing the random number, the server sends the random number to the intelligent terminal.
Step S302, receiving the random number returned by the server, and applying the network certificate data and/or the application identity data in the network identity verification data to sign the random number to obtain a certificate signature.
Specifically, after receiving a random number returned by the server, generating a corresponding information input interface; receiving information input by a user, and signing the random number by using the information to obtain a signature result; the signature can be understood as an algorithm encryption, the algorithm used is an algorithm appointed with the server, and the signature result is also an algorithm result.
Step S304, sending the certificate signature to a server for signature verification; and receiving a two-dimensional code returned by the server, wherein the two-dimensional code is generated according to the card information of the virtual card after the server passes signature verification.
Specifically, a certificate signature or an algorithm result is sent to a server for verification, and the server verifies the signature; performing inverse operation by using an agreed algorithm to obtain a random number, comparing the random number with an initial random number stored in a server, and if the random number is consistent with the initial random number, passing the verification; after the verification is passed, the server generates the two-dimensional code according to a certain rule by using the information of the virtual card, and sends the two-dimensional code to the intelligent terminal.
And step S306, taking the two-dimensional code as a second verification identifier.
After receiving the two-dimensional code, the two-dimensional code can be displayed to other authentication parties for identity verification.
In practical application, the method further comprises registering the virtual card and inputting information, and is specifically realized in the following way:
(1) if an application request of a virtual card of a user is received, acquiring user basic verification data of the user;
(2) applying for network certificate data to a server corresponding to the application request according to the user basic verification data; acquiring application identity data of a user; the application identity data comprises a biometric of the user;
(3) generating a virtual card comprising user basic authentication data and network authentication data for the user, the network authentication data comprising: network certificate data and application identity data.
Specifically, referring to the schematic diagram of partitioned storage of memory data of a virtual card shown in fig. 4, the virtual card takes an education-related virtual card as an example, and after a user registers the virtual card, data in the virtual card mainly includes three types: basic identity data (i.e., data in a frame where the basic identity is located in the figure), network identity data (i.e., data in a frame where the network identity is located in the figure), and application identity data (i.e., data in a frame where the application identity is located in the figure), the virtual card of this embodiment is described by taking as an example a partition into three partitions, where the three partitions are respectively used to store data related to the basic identity, the network identity, and the application identity, and the data related to the basic identity generally includes an Electronic Serial Number (ESN), an identity type, a name, an identity Number, a student status Number, and the like, and these data are equivalent to the user basic verification data in the above embodiment; the ESN and the identity type are generally displayed in plaintext, which is also called plaintext information; the name and the ID card number are used as privacy information and are displayed in a code text mode; the student status number corresponds to the entity card information. The data related to the network IDentity generally includes an integrated certificate, a network certificate, an EID (electronic IDentity ), and the like; the identity data is stored in a partition corresponding to the network identity in the forms of certificate data, network certificate data and eID identification. The data related to the application identity mainly comprises personal characteristics, social security identity, education identity and the like; personal characteristics may include portrait, voiceprint, fingerprint, and the like; the content of the social security identity comprises a social security number, a password and the like. The data in the partition corresponding to the network identity and the application identity is equivalent to the network authentication data. The plurality of partitions all contain identity information, and when identity verification is carried out, more than one kind of identity data can be selected from the partitions to be verified respectively, and the multi-mode verification mode is also called multi-dimensional authentication.
After the virtual card is bound with the entity card, the server corresponding to the virtual card stores the information of the entity card corresponding to the virtual card, such as an electronic driving license and the like; fig. 5 shows a flowchart of another method for generating a two-dimensional code verification identifier in network verification for the virtual card, where the diagram relates to a user, a virtual card (i.e., a smart terminal), and a server (i.e., a server), and includes the following steps:
step S500, a user initiates an identity two-dimensional code generation request;
step S502, the intelligent terminal receives the application request and initiates a request for generating the identity two-dimensional code to the server;
step S504, the server generates and stores a 32-bit random number, and returns the random number to the intelligent terminal;
step S506, the intelligent terminal signs the random number by using the certificate of the network identity area; in practical application, the random number can be calculated by using other personal identification documents in the virtual card storage area to obtain an operation result;
step S508, the intelligent terminal transmits the personal information and the signature value of the basic identity area back to the server; or the personal information of the basic identity area and the operation result are transmitted back to the server;
step S510, the server verifies the validity of the signature value; if the verification is passed, inquiring corresponding entity card information according to the personal information of the basic identity area, generating two-dimensional code data according to a certain rule, and sending the data to the intelligent terminal; in practical application, when the server receives the operation result, the operation result is verified, if the operation result passes the verification, the corresponding entity card information is inquired according to the personal information of the basic identity area, two-dimensional code data is generated according to a certain rule, and the data is sent to the intelligent terminal;
s512, the intelligent terminal obtains two-dimensional code data and generates a two-dimensional code;
and step S514, the user provides the two-dimensional code to an authenticator to realize identity authentication.
When the user with the electronic driving license is required to show the driving license, the method can be applied to generate the two-dimensional code, and the two-dimensional code is shown so as to realize the driving identity authentication of the user.
The method provides various types of data for the verification of the virtual card; through the data, in addition to single identity card information verification, face scanning authentication, iris identification authentication, electronic signature authentication, identity card copy authentication, short message authentication, eid authentication, fingerprint identification authentication, finger vein biological identification and the like can be carried out; meanwhile, when the safety requirement of the verification request is higher, any two or more than two authentication modes can be used for combined verification, for example, when the face verification is carried out, fingerprints, irises, voiceprints and the like are simultaneously verified, so that the potential safety hazard similar to photo attack is avoided, a safer identity authentication system is established, and the problem of identity falsifying can be almost completely avoided.
For a scene with a higher security requirement, one-time verification is not enough to ensure the security of the scene, and a multidimensional verification mode can be considered to be introduced for verification, that is, a server issues different verification requests for multiple times, and each verification request specifically indicates the verification mode of the current verification and a specific verification means corresponding to the verification mode, for example: the verification mode of the first verification request is face recognition verification in a network verification mode, after the intelligent terminal receives the first verification request, face data on the virtual card is called to generate a second verification identifier, and the face recognition verification of the user is carried out by using the second verification identifier. If the face identification passes the verification, the server can also continue to issue a second verification request, the verification mode of the second verification request can be fingerprint identification verification in a network verification mode, and similarly, after the intelligent terminal receives the second verification request, the intelligent terminal calls the fingerprint data on the virtual card to generate a second verification identifier of this time, and the second verification identifier of this time is used for fingerprint identification verification of the user. And repeating the steps until the verification of the set mode is passed, and determining that the user of the intelligent terminal is legal.
Based on the multi-dimensional verification method, the method further comprises: if the first verification identifier or the second verification identifier passes the verification and receives the next verification request, continuing to perform subsequent verification according to the verification mode corresponding to the next verification request until the user verification of the virtual card is completed. By the multi-dimensional verification method, the safety of virtual card verification can be greatly improved.
Referring to fig. 6, a schematic structural diagram of a virtual card verification apparatus is shown, where the apparatus is disposed in an intelligent terminal storing a virtual card, the virtual card includes user basic verification data and network identity verification data, and the apparatus includes: the verification mode analyzing module 600 is configured to analyze a verification mode corresponding to the verification request if the verification request of the virtual card is received; the verification mode comprises a basic verification mode and a network verification mode; a basic verification module 602, configured to generate a first verification identifier according to the user basic verification data if the verification mode is a basic verification mode, and verify the user of the virtual card by using the first verification identifier; the network verification module 604 is configured to generate a second verification identifier according to the network authentication data if the verification mode is a network verification mode, and verify the user of the virtual card by using the second verification identifier.
Further, the basic verification module is further configured to: extracting user identification information from the user basic verification data, wherein the user identification information comprises at least one of the following information: plaintext identity information, privacy identity information and entity card information; and taking the plaintext or the code text of the extracted user identity information as a first verification identifier.
Typically, the network authentication data includes: network certificate data and application identity data; the network authentication module is further configured to: and generating a second verification identifier based on the network certificate data and/or the application identity data in the network identity verification data.
Further, the device further comprises a multidimensional verification module, configured to, if the first verification identifier or the second verification identifier passes verification and a next verification request is received, continue to perform subsequent verification according to a verification manner corresponding to the next verification request until user verification of the virtual card is completed.
The verification device for the virtual card provided by the embodiment of the invention has the same technical characteristics as the verification method for the virtual card provided by the embodiment, so that the same technical problems can be solved, and the same technical effects can be achieved.
The computer program product of the method and the apparatus for verifying a virtual card according to the embodiments of the present invention includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiments, and specific implementation may refer to the method embodiments, and will not be described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and/or the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (9)

1. A verification method of a virtual card is applied to an intelligent terminal stored with the virtual card, wherein the virtual card comprises user basic verification data and network identity verification data, and the method comprises the following steps:
if a verification request of the virtual card is received, analyzing a verification mode corresponding to the verification request; the verification mode comprises a basic verification mode and a network verification mode;
if the verification mode is the basic verification mode, generating a first verification identifier according to the user basic verification data, and verifying the user of the virtual card by applying the first verification identifier;
if the verification mode is the network verification mode, generating a second verification identifier according to the network identity verification data, and verifying the user of the virtual card by applying the second verification identifier;
wherein the method further comprises:
if an application request of a virtual card of a user is received, acquiring user basic verification data of the user;
applying for network certificate data to a server corresponding to the application request according to the user basic verification data;
acquiring application identity data of the user; the application identity data comprises a biometric of the user;
generating a virtual card including the user basic authentication data and network authentication data for the user, the network authentication data including: the network certificate data and the application identity data.
2. The method of claim 1, wherein the step of generating a first authentication identifier from the user base authentication data comprises:
extracting user identification information from the user basic verification data, wherein the user identification information comprises at least one of the following information: plaintext identity information, privacy identity information and entity card information;
and taking the plaintext or the code text of the extracted user identity information as a first verification identifier.
3. The method of claim 1, wherein the network authentication data comprises: network certificate data and application identity data;
the step of generating a second authentication identifier according to the network authentication data includes: and generating a second verification identifier based on the network certificate data and/or the application identity data in the network identity verification data.
4. The method according to claim 3, wherein the step of generating the second authentication identifier based on the network certificate data and/or the application identity data in the network identity authentication data comprises:
if the network verification mode is two-dimension code authentication, sending a two-dimension code acquisition request to a server of the virtual card;
receiving a random number returned by the server, and applying network certificate data and/or application identity data in the network identity verification data to sign the random number to obtain a certificate signature;
sending the certificate signature to the server for signature verification;
receiving a two-dimensional code returned by the server, wherein the two-dimensional code is generated by the server according to the card information of the virtual card after the signature verification is passed;
and taking the two-dimensional code as a second verification identifier.
5. The method of claim 1, further comprising:
and if the first verification identifier or the second verification identifier passes the verification and receives the next verification request, continuing to perform subsequent verification according to a verification mode corresponding to the next verification request until the user verification of the virtual card is completed.
6. The utility model provides a verification device of virtual card, its characterized in that, the device sets up in the intelligent terminal who keeps virtual card, virtual card includes user basic verification data and network authentication data, the device includes:
the verification mode analysis module is used for analyzing a verification mode corresponding to a verification request if the verification request of the virtual card is received; the verification mode comprises a basic verification mode and a network verification mode;
the basic verification module is used for generating a first verification identifier according to the user basic verification data if the verification mode is the basic verification mode, and verifying the user of the virtual card by applying the first verification identifier;
the network verification module is used for generating a second verification identifier according to the network identity verification data if the verification mode is the network verification mode, and verifying the user of the virtual card by applying the second verification identifier;
the apparatus is further configured to:
if an application request of a virtual card of a user is received, acquiring user basic verification data of the user;
applying for network certificate data to a server corresponding to the application request according to the user basic verification data;
acquiring application identity data of the user; the application identity data comprises a biometric of the user;
generating a virtual card including the user basic authentication data and network authentication data for the user, the network authentication data including: the network certificate data and the application identity data.
7. The apparatus of claim 6, wherein the base verification module is further configured to:
extracting user identification information from the user basic verification data, wherein the user identification information comprises at least one of the following information: plaintext identity information, privacy identity information and entity card information;
and taking the plaintext or the code text of the extracted user identity information as a first verification identifier.
8. The apparatus of claim 6, wherein the network authentication data comprises: network certificate data and application identity data;
the network authentication module is further configured to: and generating a second verification identifier based on the network certificate data and/or the application identity data in the network identity verification data.
9. The apparatus of claim 6, further comprising:
and the multidimensional verification module is used for continuing to perform subsequent verification according to a verification mode corresponding to the next verification request until the user verification of the virtual card is completed if the first verification identifier or the second verification identifier passes the verification and the next verification request is received.
CN201810268668.2A 2018-03-28 2018-03-28 Virtual card verification method Active CN108512660B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810268668.2A CN108512660B (en) 2018-03-28 2018-03-28 Virtual card verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810268668.2A CN108512660B (en) 2018-03-28 2018-03-28 Virtual card verification method

Publications (2)

Publication Number Publication Date
CN108512660A CN108512660A (en) 2018-09-07
CN108512660B true CN108512660B (en) 2021-03-16

Family

ID=63378998

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810268668.2A Active CN108512660B (en) 2018-03-28 2018-03-28 Virtual card verification method

Country Status (1)

Country Link
CN (1) CN108512660B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109493058A (en) * 2018-12-14 2019-03-19 深圳壹账通智能科技有限公司 A kind of personal identification method and relevant device based on block chain
CN110955858B (en) * 2019-11-12 2022-11-18 广州大白互联网科技有限公司 Information management method of network license platform
CN112416648A (en) * 2020-06-03 2021-02-26 上海哔哩哔哩科技有限公司 Data verification method and device
CN113255505A (en) * 2021-05-20 2021-08-13 中国联合网络通信集团有限公司 Certificate photo generation method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9135425B2 (en) * 2012-11-28 2015-09-15 Arnold Yau Method and system of providing authentication of user access to a computer resource on a mobile device
CN105429760A (en) * 2015-12-01 2016-03-23 神州融安科技(北京)有限公司 Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment)
CN105450416A (en) * 2014-09-01 2016-03-30 阿里巴巴集团控股有限公司 Security authentication method and apparatus
CN106372483A (en) * 2016-08-31 2017-02-01 厦门中控生物识别信息技术有限公司 Information verification method and system
CN107204974A (en) * 2017-04-14 2017-09-26 努比亚技术有限公司 The management method and mobile terminal of a kind of user cipher
CN107592308A (en) * 2017-09-13 2018-01-16 西安电子科技大学 A kind of two server multiple-factor authentication method towards mobile payment scene

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9135425B2 (en) * 2012-11-28 2015-09-15 Arnold Yau Method and system of providing authentication of user access to a computer resource on a mobile device
CN105450416A (en) * 2014-09-01 2016-03-30 阿里巴巴集团控股有限公司 Security authentication method and apparatus
CN105429760A (en) * 2015-12-01 2016-03-23 神州融安科技(北京)有限公司 Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment)
CN106372483A (en) * 2016-08-31 2017-02-01 厦门中控生物识别信息技术有限公司 Information verification method and system
CN107204974A (en) * 2017-04-14 2017-09-26 努比亚技术有限公司 The management method and mobile terminal of a kind of user cipher
CN107592308A (en) * 2017-09-13 2018-01-16 西安电子科技大学 A kind of two server multiple-factor authentication method towards mobile payment scene

Also Published As

Publication number Publication date
CN108512660A (en) 2018-09-07

Similar Documents

Publication Publication Date Title
US20220052852A1 (en) Secure biometric authentication using electronic identity
US20220058655A1 (en) Authentication system
US11068575B2 (en) Authentication system
CN109660501B (en) System and method for providing blockchain based multi-factor personal identity verification
CN107888557B (en) Method and system for generating protocol file
CN108512660B (en) Virtual card verification method
CN110098932B (en) Electronic document signing method based on safe electronic notarization technology
US10979421B2 (en) Identity authentication using a barcode
CN107800672B (en) Information verification method, electronic equipment, server and information verification system
CN109359601A (en) Authentication recognition methods, electronic device and computer readable storage medium
CN107294900A (en) Identity registration method and apparatus based on biological characteristic
CN105868970B (en) authentication method and electronic equipment
CN109829317A (en) A kind of method, apparatus and system generating electronic contract based on handwritten signature picture
US20230208637A1 (en) Key management method and apparatus
CN114491626A (en) Data use authorization method and equipment based on authorization center
CN111581624B (en) Intelligent terminal user identity authentication method
KR102375287B1 (en) Method of Registration And Access Control of Identity For Third-Party Certification
CN106559433B (en) Method and system for fixing electronic evidence and user identity by using digital certificate
US20130090059A1 (en) Identity verification
EP3217593A1 (en) Two-factor authentication method for increasing the security of transactions between a user and a transaction point or system
CN109981654A (en) Digital identity generation method and device
CN108471419A (en) Certificate sharing method based on trusted identity
CN113255505A (en) Certificate photo generation method, device, equipment and storage medium
CN112785410A (en) Relying party risk adjustment indicator systems and methods
CN110675170A (en) Credit-based certificate guarantee method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant