CN108769011A - A kind of electronic signature equipment, auth method and system - Google Patents

A kind of electronic signature equipment, auth method and system Download PDF

Info

Publication number
CN108769011A
CN108769011A CN201810531248.9A CN201810531248A CN108769011A CN 108769011 A CN108769011 A CN 108769011A CN 201810531248 A CN201810531248 A CN 201810531248A CN 108769011 A CN108769011 A CN 108769011A
Authority
CN
China
Prior art keywords
information
identity card
client
application server
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810531248.9A
Other languages
Chinese (zh)
Inventor
李金剑
王建林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huada Zhibao Electronic System Co Ltd
Original Assignee
Beijing Huada Zhibao Electronic System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huada Zhibao Electronic System Co Ltd filed Critical Beijing Huada Zhibao Electronic System Co Ltd
Priority to CN201810531248.9A priority Critical patent/CN108769011A/en
Publication of CN108769011A publication Critical patent/CN108769011A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Abstract

This application discloses a kind of electronic signature equipment, auth method and system, which includes safety chip, close range wireless communication NFC chip, physical characteristics collecting module and baseband chip;NFC chip is connect with safety chip, and physical characteristics collecting module is connect with safety chip, and safety chip is connect with baseband chip;Electronic signature equipment realizes the authentication of equipment holder by safety chip, is equivalent to and verifies whether the permission with verification client identity, and specification electronic signature equipment verifies the use of client identity;By being encrypted to ciphertext using safety chip after the identity card cleartext information of NFC chip and physical characteristics collecting module acquisition client, identity card cipher-text information and biological information, ciphertext and positioning address are directly sent to application server by baseband chip and carry out client identity verification, the remote validation for realizing client identity information " testimony of a witness unification " is prevented customer's identity card information stolen and is demonstrate,proved the security risk brought using false identities.

Description

A kind of electronic signature equipment, auth method and system
Technical field
This application involves electronic science and technology field more particularly to a kind of electronic signature equipment, auth method and it is System.
Background technology
Currently, since identity card is a kind of legal certificate for proving holder's identity, often need in daily life User identity is provided and demonstrate,proves information to prove that user identity is legal, for example, opening a bank account, buying ticket, hospital sees a doctor, password is looked for Situations such as returning, being required to offer user identity card information proves that user identity is legal.
In the prior art, user identity card information is provided under each scene proves that user identity is legal, generally by defeated Access customer identification card number information carries out personally identifiable information certification using electronic signature equipment.Wherein, by inputting user Identification card number information carries out personally identifiable information certification refers to whether legal according to user identity card information inquiry user identity; It refers to that polyelectron signature device is bound with subscriber identity information to carry out personally identifiable information certification using electronic signature equipment, is utilized The digital certificate obtained when applying for electronic signature device, which completes personal part authentification of message, proves that user identity is legal.
It, only cannot by input identification card number information inventor has found that identification card number information relatively discloses It realizes testimony of a witness unification, there is the security risk for usurping identity card or identity card falseness;Electronic signature equipment is although convenient and efficient, But be only capable of to applicant carry out identity authentication function it is single, cause application scenarios limited, frequency of usage is relatively low, is not suitable for Verify the application scenarios of other people identity informations.
Invention content
Technical problems to be solved in this application are to provide a kind of electronic signature equipment, auth method and system, test It is the no permission with verification client identity of equipment holder to have demonstrate,proved, and specification electronic signature equipment verification client identity makes With;Realize the remote validation of client identity information " testimony of a witness unification ", it is therefore prevented that customer's identity card information is stolen and using false The security risk that identity card is brought.
In a first aspect, the embodiment of the present application provides a kind of electronic signature equipment, which includes:
Safety chip, close range wireless communication NFC chip, physical characteristics collecting module and baseband chip;The NFC chip Connect with the safety chip, the physical characteristics collecting module is connect with the safety chip, the safety chip with it is described Baseband chip connects;
The safety chip, the authentication for carrying out own user obtain client identity certification power if certification passes through Limit;
The NFC chip, for reading the identity card cleartext information and identity card cipher-text information that obtain client;
The physical characteristics collecting module obtains the biological information of client for identification;
The safety chip, be additionally operable to using private key by the identity card cleartext information, the identity card cipher-text information and Generation ciphertext is encrypted in the biological information;
The baseband chip carries out client identity verification, described in reception for the ciphertext to be sent to application server The feedback information of application server, and position acquisition current address and be sent to the application server, the client identity verification Refer to decrypting the identity card cipher-text information, if successful decryption, biological information and base described in contrast verification using SAM devices In the target biometric information that the identity card plaintext information searching obtains, the identity card cipher-text information, the biology are special Reference ceases and the identity card cleartext information is that the application server is obtained using ciphertext described in public key decryptions.
Preferably, the electronic signature equipment is Internet of Things shield.
Preferably, the baseband chip is additionally operable to obtain current time and/or applied business is sent to the application service Device.
Preferably, the biological characteristic includes finger print information, sound, original handwriting and/or iris.
Preferably, further include display module, the display module is connect with the safety chip;
The display module, the feedback information for showing the application server.
Preferably, the display module is additionally operable to the identity card cleartext information and identity card ciphertext that the client is read in display The prompt message of information;And/or display identifies the prompt message of the biological information of the client.
Preferably, further include button, the button is connect with the safety chip, and the button is for starting the safety Chip carries out the authentication of own user;And/or
The button is used to start the NFC chip and reads the identity card cleartext information for obtaining client and identity card ciphertext letter Breath;And/or
The button is used to start the biological information that the physical characteristics collecting module identification obtains client.
Second aspect, the embodiment of the present application provide a kind of method of authentication, are applied to described in any one of the above embodiments Electronic signature equipment, this method include:
Carry out the authentication of own user;
If certification passes through, identity card cleartext information, identity card cipher-text information and the biological information of client are obtained;
The identity card cleartext information, the identity card cipher-text information and the biological information are carried out using private key Encryption generates ciphertext;
Positioning obtains current address and is sent to application server;
The ciphertext is sent to the application server and carries out client identity verification, receives the anti-of the application server Feedforward information, the client identity verification refers to decrypting the identity card cipher-text information using SAM devices, if successful decryption, comparison The target biometric information verified the biological information and obtained based on the identity card plaintext information searching, the body Part card cipher-text information, the biological information and the identity card cleartext information are that the application server utilizes public key decryptions What the ciphertext obtained.
Preferably, further include:
It obtains current time and/or applied business is sent to application server.
Preferably, further include:
Prompt own user reads the identity card cleartext information and identity card cipher-text information of the client;And/or
Prompt own user identifies the biological information of the client.
The third aspect, the embodiment of the present application provide a kind of system of authentication, which includes:Any of the above-described institute Electronic signature equipment, application server, SAM devices and the public security server stated;
The electronic signature equipment, the authentication for carrying out own user obtain the identity of client if certification passes through Cleartext information, identity card cipher-text information and biological information are demonstrate,proved, generation ciphertext is encrypted using private key, the ciphertext is sent out It gives application server and carries out client identity verification, receive the feedback information of the application server, and position and obtain current position Location is sent to the application server;
The application server, for the ciphertext is decrypted using public key obtain the identity card cleartext information, The identity card cipher-text information is sent to the SAM devices simultaneously by the identity card cipher-text information and the biological information The feedback information for receiving the SAM devices is identified also according to the corresponding target terminal of the identity card plaintext information searching, to institute It states target terminal and sends the current address;
The SAM devices are sent to the application service for decrypting the identity card cipher-text information acquisition decrypted result Device;
The application server, if the feedback information for being additionally operable to the SAM devices is successful decryption, by the proof of identification Literary information is sent to the public security server and obtains target biometric information, biological information and target described in contrast verification Biological information, and transmit verification result to the electronic signature equipment;
The public security server, for obtaining target biometric information according to the identity card plaintext information searching.
Preferably, the electronic signature equipment is additionally operable to obtain current time and/or applied business is sent to the application Server;
Accordingly, the application server is additionally operable to send the current time to the target terminal and/or applies industry Business.
Preferably, fail if the feedback information that the application server is additionally operable to the SAM devices is decryption, directly by institute The feedback information for stating SAM devices is sent to the electronic signature equipment.
Preferably, the application server is additionally operable to send random verification code to the target terminal.
Compared with prior art, the application has at least the following advantages:
Using the technical solution of the embodiment of the present application, electronic signature equipment includes safety chip, close range wireless communication NFC Chip, physical characteristics collecting module and baseband chip;NFC chip is connect with safety chip, physical characteristics collecting module and safety Chip connects, and safety chip is connect with baseband chip;If the authentication of own user passes through, the identity card of client is obtained in plain text Information, identity card cipher-text information and biological information;Generation ciphertext is encrypted using private key, positioning obtains current address, Current address and ciphertext are sent to application server and carry out client identity verification, and receives the feedback information of application server, Client identity verification refers to demonstrate,proving cipher-text information, if successful decryption, contrast verification biological information using SAM device decryption identities Prove the target biometric information that literary information searching obtains with identity-based, identity card cipher-text information, biological information and Identity card cleartext information is that application server is obtained using public key decryptions ciphertext.It can be seen that the electronic signature equipment passes through Built-in safety chip realizes the authentication of equipment holder, is equivalent to the power for demonstrating and whether having verification client identity Limit, the use of specification electronic signature equipment verification client identity;Client is obtained by NFC chip and physical characteristics collecting module Identity card cleartext information, using safety chip be encrypted to ciphertext after identity card cipher-text information and biological information, pass through base Ciphertext and positioning address directly can be sent to application server and carry out client identity verification by microarray strip, to realize client identity The remote validation of information " testimony of a witness unification ", it is therefore prevented that ID card information is stolen and the safety brought using false identities card is hidden Suffer from, and reduces the risk that information is illegally accessed.
Description of the drawings
It is required in being described below to the embodiment of the present application in order to illustrate more clearly of the technical solution of the embodiment of the present application Attached drawing to be used is briefly described, it should be apparent that, the accompanying drawings in the following description is only some described in the application Embodiment for those of ordinary skill in the art without creative efforts, can also be attached according to these Figure obtains other attached drawings.
Fig. 1 is a kind of structural schematic diagram of electronic signature equipment provided by the embodiments of the present application;
Fig. 2 is the structural schematic diagram of another electronic signature equipment provided by the embodiments of the present application;
Fig. 3 is the structural schematic diagram of another electronic signature equipment provided by the embodiments of the present application;
Fig. 4 is a kind of flow diagram of auth method provided by the embodiments of the present application;
Fig. 5 is a kind of structural schematic diagram of authentication system provided by the embodiments of the present application.
Specific implementation mode
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application Attached drawing, technical solutions in the embodiments of the present application are clearly and completely described, it is clear that described embodiment is only this Apply for a part of the embodiment, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art exist The every other embodiment obtained under the premise of creative work is not made, shall fall in the protection scope of this application.
Inventor has found that in daily life, for example, opening a bank account, buying ticket, hospital sees a doctor, password It gives for change, it is desirable to provide when user identity demonstrate,proves information to prove that user identity is legal, generally by input user identity card number Whether information is legal according to user identity card information inquiry user identity, or is based on applying for electronic using electronic signature equipment The digital certificate obtained when signature device completes people's identity information and carries out personally identifiable information certification, wherein electronic signature equipment It is bound with subscriber identity information.But since identification card number information relatively discloses, only by input identification card number information cannot It realizes testimony of a witness unification, there is the security risk for usurping identity card or identity card falseness;Electronic signature equipment is although convenient and efficient, Can be only capable of to applicant carry out identity authentication function it is single, cause application scenarios limited, frequency of usage is relatively low, is not suitable for verifying The application scenarios of other people identity informations.
In order to solve this problem, in the embodiment of the present application, electronic signature equipment includes safety chip, near radio Communicate NFC chip, physical characteristics collecting module and baseband chip;NFC chip is connect with safety chip, physical characteristics collecting module It is connect with safety chip, safety chip is connect with baseband chip;If the authentication of own user passes through, the identity of client is obtained Demonstrate,prove cleartext information, identity card cipher-text information and biological information;Generation ciphertext is encrypted using private key, positioning obtains current Current address and ciphertext are sent to application server and carry out client identity verification, and receive the feedback of application server by address Information, client identity verification refers to demonstrate,proving cipher-text information using SAM device decryption identities, if successful decryption, contrast verification biology is special Reference ceases and identity-based proves the target biometric information that literary information searching obtains, identity card cipher-text information, biological characteristic Information and identity card cleartext information are that application server is obtained using public key decryptions ciphertext.It can be seen that the electronic signature is set The standby authentication that equipment holder is realized by built-in safety chip is equivalent to and demonstrates whether have verification client's body Part permission, the use of specification electronic signature equipment verification client identity;It is obtained by NFC chip and physical characteristics collecting module Be encrypted to ciphertext using safety chip after the identity card cleartext information of client, identity card cipher-text information and biological information, Can ciphertext and positioning address be directly sent to application server by baseband chip and carry out client identity verification, to realize visitor The remote validation of family identity information " testimony of a witness unification ", it is therefore prevented that ID card information is stolen and the peace brought is demonstrate,proved using false identities Full hidden danger, and reduce the risk that information is illegally accessed.
Below in conjunction with the accompanying drawings, electronic signature equipment in the embodiment of the present application, authentication are described in detail by embodiment The specific implementation of the method and apparatus of method and system.
Example devices
Referring to Fig. 1, a kind of structural schematic diagram of electronic signature equipment in the embodiment of the present application is shown.In the present embodiment In, the electronic signature equipment for example may include the following contents:
Safety chip 101, close range wireless communication NFC chip 102, physical characteristics collecting module 103 and baseband chip 104;The NFC chip 102 is connect with the safety chip 101, the physical characteristics collecting module 103 and the safety chip 101 connections, the safety chip 101 are connect with the baseband chip 104;
The safety chip 101, the authentication for carrying out own user obtain client identity and recognize if certification passes through Demonstrate,prove permission;
The NFC chip 102, for reading the identity card cleartext information and identity card cipher-text information that obtain client;
The physical characteristics collecting module 103 obtains the biological information of client for identification;
The safety chip 101 is additionally operable to utilize private key by the identity card cleartext information, the identity card cipher-text information Generation ciphertext is encrypted with the biological information;
The baseband chip 104 carries out client identity verification for the ciphertext to be sent to application server, receives institute The feedback information of application server is stated, and positions acquisition current address and is sent to the application server, the client identity is tested Card refers to decrypting the identity card cipher-text information using SAM devices, if successful decryption, biological information described in contrast verification and Based on the target biometric information that the identity card plaintext information searching obtains, the identity card cipher-text information, the biology Characteristic information and the identity card cleartext information are that the application server is obtained using ciphertext described in public key decryptions.
It is understood that electronic signature equipment carries out the technology of the authentication of own user using safety chip 101 Identical as existing electronic signature equipment identity identifying technology, details are not described herein, only when the authentication of own user passes through When, it can just think that own user, that is, the user for holding electronic signature equipment are legal, the characteristic based on the user, Ke Yishou Give the user obtain other people i.e. client identity information carry out authentication permission.
It will also be appreciated that baseband chip 104 can directly and server progress information exchange, therefore, in this implementation In example, user terminal is not needed as intermediate equipment, electronic signature equipment can directly and application service by baseband chip 104 Device is communicated, and device resource is saved.
It should be noted that it is common it is portable be both Internet of Things but also with the equipment of digital name certificate containing baseband chip Net shield.Therefore, in some embodiments of the present embodiment, the electronic signature equipment for example can be Internet of Things shield.
Certainly, baseband chip 104 is also equipped with the function of positioning, can directly position and obtain current address, it is contemplated that When reading the identity card cleartext information and identity card cipher-text information that obtain client, it should the notice affiliated people of identity card in time, therefore, Current address is sent to application server together in company with ciphertext, so that application server finds the end of the affiliated people of identity card End, the address for notifying identity card to be read in time, prevents ID card information to be stolen the case where bringing security risk.
It should be noted that other than obtaining current address, the affiliated people of identity card wishes that clearly more identity cards are read The case where taking, for example, the time that identity card is read, identity card be read after application.Therefore, in some realities of the present embodiment It applies in mode, the baseband chip 104 is additionally operable to obtain current time and/or applied business is sent to the application server.
It is understood that identification obtain client biological information purpose be in order to verify identity card holder and Whether the affiliated people of identity card is consistent, to realize that " testimony of a witness unification " is verified, avoids the stolen safety brought of ID card information hidden Suffer from.Then the biological information should be the unique biological information of client, the common unique mankind life being easily obtained Object feature has fingerprint, sound, original handwriting and iris etc..Therefore, in some embodiments of the present embodiment, the biological characteristic letter Breath includes finger print information, voiceprint, original handwriting information and/or iris information.
It should be noted that carrying out client's body by baseband chip 104 and application server communication in electronic signature equipment After part verification, electronic signature equipment needs to know the verification result of client identity, therefore, a display module can be arranged, and shows Show the verification result of the client identity of application server feedback.The structural representation of another electronic signature equipment as shown in Figure 2 Figure, increases display module 201, the display module 201 is connect with the safety chip 101 on the basis of Fig. 1, that is, In some embodiments of the present embodiment, the electronic signature equipment further includes display module 201, the display module 201 with The safety chip 101 connects;The display module 201, the feedback information for showing the application server.
It should be noted that in the authentication for completing own user, after certification is by obtaining client identity certification permission, Client identity verification is carried out using the electronic signature equipment in order to facilitate user, can be utilized under above-mentioned display module prompt user One step uses the flow of the electronic signature equipment, so that user is according to the content of the clear next step of prompt message.Therefore, in this reality In some embodiments for applying example, the display module 201 be additionally operable to display read the client identity card cleartext information and The prompt message of identity card cipher-text information;And/or display identifies the prompt message of the biological information of the client.
It should be noted that electronic signature equipment after the power is turned on, based on subsequent demand firstly the need of carry out own user Authentication, that is, the authentication of electronic signature equipment holder, for example, when handling certain business using user terminal Firstly the need of the authentication for carrying out own user, user terminal communicated with application server, application server again with electricity Sub- signature device communication informs that electronic signature equipment carries out the authentication of own user.The certification when is triggered in order to clear, The button being connect with safety chip 101 can be increased in electronic signature equipment, the operation of the button is pressed in response to user, touched It sends out the safety chip 101 built in electronic signature equipment and starts its function.Therefore, in some embodiments of the present embodiment In, further include button, the button is connect with the safety chip 101;The button for start the safety chip 101 into The authentication of row own user.
It should also be noted that, after the authentication of own user passes through, application server is logical with electronic signature equipment Letter informs that electronic signature equipment carries out client identity verification, that is, electronic signature equipment needs to read the proof of identification for obtaining client Literary information and identity card cipher-text information, and identify the biological information for obtaining client.Due to safety chip 101 and NFC chip 102 connections, the operation of the button is pressed in response to user, and the NFC chip 102 that can also trigger electronic signature equipment starts its work( It can effect.That is, in some embodiments of the present embodiment, the button is additionally operable to start the reading acquisition of the NFC chip 102 The identity card cleartext information and identity card cipher-text information of client.
It can similarly obtain, since safety chip 101 is connect with physical characteristics collecting module 103, press this in response to user and press The operation of key, the physical characteristics collecting module 103 that can also trigger electronic signature equipment start its function.Therefore, at this In some embodiments of embodiment, the button 301 is also connect with the physical characteristics collecting module 103;The button, also The biological information of client is obtained for starting the identification of the physical characteristics collecting module 103.
For example, the structural schematic diagram of another electronic signature equipment as shown in Figure 3, increased on the basis of Fig. 1 by Key 301, the button 301 are connect with the safety chip 101.
For example, the embodiment of the present application can be applied in following scene:User is financial institution employee, the user hand Above-mentioned electronic signature equipment is held, there is the digital certificate of the user, the user only to need to carry above-mentioned electronics label inside the equipment Name equipment, which can be completed, certain specifically makes house calls.The user utilizes the built-in security chip 101 of the electronic signature equipment Carry out the authentication of own user;If certification passes through, client is obtained using NFC chip 102 and physical characteristics collecting module 103 Identity card cleartext information, identity card cipher-text information and biological information;And it is encrypted using the private key of safety chip 101 Ciphertext is generated, position acquisition current address by baseband chip 104 is sent to application server progress client identity in company with ciphertext Verification, and receive the feedback information of application server.Application server is close using the identity card that ciphertext described in public key decryptions obtains Literary information, biological information and identity card cleartext information;SAM devices are recycled to decrypt the identity card cipher-text information;According to The corresponding target terminal mark of identity card plaintext information searching, the current address is sent to the target terminal.If SAM devices Successful decryption, biological information described in application server contrast verification and is obtained based on the identity card plaintext information searching Target biometric information.When client identity is verified, can carry out credit card handle, stock, financing, security it is open-minded Etc. business.
It is understood that above-mentioned scene is only a Sample Scenario provided by the embodiments of the present application, the embodiment of the present application It is not limited to this scene.
The various embodiments provided through this embodiment, electronic signature equipment include that safety chip, near radio are logical Interrogate NFC chip, physical characteristics collecting module and baseband chip;NFC chip is connect with safety chip, physical characteristics collecting module with Safety chip connects, and safety chip is connect with baseband chip;If the authentication of own user passes through, the identity card of client is obtained Cleartext information, identity card cipher-text information and biological information;Generation ciphertext is encrypted using private key, positioning obtains current position Current address and ciphertext are sent to application server and carry out client identity verification, and receive the feedback letter of application server by location Breath, client identity verification refer to demonstrate,proving cipher-text information, if successful decryption, contrast verification biological characteristic using SAM device decryption identities Information and identity-based prove the target biometric information that literary information searching obtains, identity card cipher-text information, biological characteristic letter Breath and identity card cleartext information are that application server is obtained using public key decryptions ciphertext.It can be seen that the electronic signature equipment The authentication that equipment holder is realized by built-in safety chip is equivalent to and demonstrates whether have verification client identity Permission, the use of specification electronic signature equipment verification client identity;It is obtained by NFC chip and physical characteristics collecting module After the identity card cleartext information of client, identity card cipher-text information and biological information, it can be directly transmitted by baseband chip Client identity verification is carried out to application server, to realize the remote validation of client identity information " testimony of a witness unification ", it is therefore prevented that body Part card information is stolen and the security risk brought is demonstrate,proved using false identities, and reduces the risk that information is illegally accessed.
Illustrative methods
Referring to Fig. 4, a kind of flow diagram of auth method in the embodiment of the present application is shown.In the present embodiment In, the method for example may comprise steps of:
Step 401:Carry out the authentication of own user.
Step 402:If certification passes through, identity card cleartext information, identity card cipher-text information and the biological characteristic of client are obtained Information.
Step 403:Using private key by the identity card cleartext information, the identity card cipher-text information and the biological characteristic Generation ciphertext is encrypted in information.
Step 404:Positioning obtains current address and is sent to application server.
Step 405:The ciphertext is sent to the application server and carries out client identity verification, receives the application clothes The feedback information of business device, the client identity verification refers to decrypting the identity card cipher-text information using SAM devices, if being decrypted into Work(, biological information described in contrast verification and the target biometric letter obtained based on the identity card plaintext information searching Breath, the identity card cipher-text information, the biological information and the identity card cleartext information are the application server profits What the ciphertext described in public key decryptions obtained.
It is understood that baseband chip built in electronic signature equipment, and baseband chip has the function of positioning, Ke Yizhi It connects positioning and obtains current address, it is contemplated that when reading the identity card cleartext information and identity card cipher-text information that obtain client, answer Therefore current address is sent to application server, so that application takes by the affiliated people of timely notice identity card together in company with ciphertext Business device finds the address that the terminal of the affiliated people of identity card notifies identity card to be read in time, and ID card information is avoided to be stolen band The security risk come.
It should be noted that other than obtaining current address, the affiliated people of identity card wishes that clearly more identity cards are read The case where taking, for example, the time that identity card is read, identity card be read after application.Therefore, in some realities of the present embodiment It applies in mode, further includes:It obtains current time and/or applied business is sent to application server.That is, can will both work as Preceding address, current time are sent to application server;Current address, applied business can also be sent to application server;Also Current address, current time can be answered, be sent to application server with business.
It should be noted that in the authentication for completing own user, after certification is by obtaining client identity certification permission, Client identity verification is carried out using the electronic signature equipment in order to facilitate user, user can be prompted to use the electronics label in next step The flow of name equipment, so that user is according to the content of the clear next step of prompt message.Therefore, in some embodiment party of the present embodiment In formula, further include:Prompt own user reads the identity card cleartext information and identity card cipher-text information of the client;And/or it carries Show that own user identifies the biological information of the client.
The various embodiments provided through this embodiment obtain the body of client if the authentication of own user passes through Part card cleartext information, identity card cipher-text information and biological information;Generation ciphertext is encrypted using private key, positioning, which obtains, works as Current address and ciphertext are sent to application server and carry out client identity verification, and receive the anti-of application server by preceding address Feedforward information, client identity verification refers to demonstrate,proving cipher-text information using SAM device decryption identities, if successful decryption, contrast verification biology Characteristic information and identity-based prove that the target biometric information that literary information searching obtains, identity card cipher-text information, biology are special Reference ceases and identity card cleartext information is that application server is obtained using public key decryptions ciphertext.It can be seen that the electronic signature Equipment realizes the authentication of equipment holder by built-in safety chip, is equivalent to and demonstrates whether have verification client The permission of identity, the use of specification electronic signature equipment verification client identity;Pass through NFC chip and physical characteristics collecting module It, can be direct by baseband chip after the identity card cleartext information, identity card cipher-text information and the biological information that obtain client Be sent to application server progress client identity verification is prevented with realizing the remote validation of client identity information " testimony of a witness unification " ID card information is stolen and the security risk brought is demonstrate,proved using false identities, and reduces the wind that information is illegally accessed Danger.
Exemplary system
Referring to Fig. 5, a kind of structural schematic diagram of authentication system in the embodiment of the present application is shown.In the present embodiment In, described device for example can specifically include:
Any one electronic signature equipment 501, application server 502, SAM devices 503 and public affairs in foregoing individual embodiments Pacify server 504;
The electronic signature equipment 501, the authentication for carrying out own user obtain client's if certification passes through Generation ciphertext is encrypted using private key in identity card cleartext information, identity card cipher-text information and biological information, will be described close Text is sent to the application server 502 and carries out client identity verification, receives the feedback information of the application server 502, and Positioning obtains current address and is sent to the application server 502;
The application server 502 obtains identity card letter in plain text for the ciphertext to be decrypted using public key Breath, the identity card cipher-text information and the biological information, the SAM devices are sent to by the identity card cipher-text information 503 and the feedback informations of the SAM devices 503 is received, also according to the corresponding target terminal of the identity card plaintext information searching Mark sends the current address to the target terminal;
The SAM devices 503 are sent to the application clothes for decrypting the identity card cipher-text information acquisition decrypted result Business device 502;
The application server 502, if the feedback information for being additionally operable to the SAM devices 503 is successful decryption, by the body Part card cleartext information is sent to the public security server 504 and obtains target biometric information, biological characteristic described in contrast verification Information and target biometric information, and transmit verification result to the electronic signature equipment 501;
The public security server 504, for obtaining target biometric information according to the identity card plaintext information searching.
It is understood that if SAM devices 503 can demonstrate,prove cipher-text information with decryption identity, then decrypted result is to be decrypted into Work(feeds back to application server 502, and it is true identity to indicate that electronic signature equipment 501 reads the identity card cipher-text information obtained The cipher-text information of card.In the case, application server 502 needs to verify the fingerprint letter that the identification of electronic signature equipment 501 obtains Whether breath is consistent with the pre-stored finger print information of the real identity card, realizes " testimony of a witness unification " verification, avoids customer's identity card Information is stolen.
It should be noted that if being that SAM devices 503 are unable to decryption identity card cipher-text information, then decrypted result is that decryption is lost It loses and feeds back to application server 502, it is that there are problems to indicate that electronic signature equipment 501 reads the identity card cipher-text information obtained , that is, the identity card cipher-text information may be the cipher-text information of false identities card.In the case, application server 502 is not required to Finger print information is verified again, decryption is unsuccessfully directly fed back into electronic signature equipment 501, so that electronic signature equipment 501 is timely Specifying client uses false identities to demonstrate,prove.Therefore, in some embodiments of the present embodiment, the application server is also used If being that decryption fails in the feedback information of the SAM devices 503, the feedback information of the SAM devices 503 is directly sent to institute State electronic signature equipment 501.
It should be noted that SAM devices 503 can also be to be integrated in application server 503 either self-existent On.
It is understood that baseband chip built in electronic signature equipment 501, and baseband chip has the function of positioning, it can Current address is obtained directly to position, it is contemplated that the identity card cleartext information and identity card cipher-text information for obtaining client are being read, The affiliated people of identity card should be notified in time.Therefore, current address is sent to application server 501 together in company with ciphertext, so as to Application server 502 finds the address that the terminal of the affiliated people of identity card notifies identity card to be read in time, and identity card is avoided to believe The stolen security risk brought of breath.
It should be noted that other than obtaining current address, the affiliated people of identity card wishes that clearly more identity cards are read The case where taking, for example, the time that identity card is read, identity card be read after application.Therefore, in some realities of the present embodiment It applies in mode, the electronic signature equipment 501 is additionally operable to obtain current time and/or applied business is sent to the application service Device 502;Accordingly, the application server 502 is additionally operable to send the current time and/or application to the target terminal Business.
It should be noted that after according to the corresponding target terminal mark of the identity card plaintext information searching, may be used also By sending random verification code to the target terminal of the affiliated people of identity card, to be verified with random verification code and realize " testimony of a witness unification ", Avoid the stolen security risk brought of ID card information.Therefore, in some embodiments of the present embodiment, the application clothes Business device 502 is additionally operable to send random verification code to the target terminal.
The various embodiments provided through this embodiment, the identity that electronic signature equipment realizes equipment holder are recognized Card, is equivalent to the permission for demonstrating and whether having verification client identity, and specification electronic signature equipment verification client identity makes With;By identity card cleartext information, identity card cipher-text information and the biological information of acquisition client, current address is positioned, then Generation ciphertext is encrypted using private key, ciphertext and current address, which are sent directly to application server progress client identity, to be tested Card.After application server decrypts ciphertext, identity card cipher-text information authenticity verification is carried out using SAM devices, to corresponding proof of identification The target terminal of literary information sends the current address, and identity-based proves that literary use of information public security server carries out fingerprint inspection Card notifies the affiliated people's identity card of identity card to read address in time to realize the remote validation of client identity information " testimony of a witness unification ", It prevents ID card information stolen and demonstrate,proves the security risk brought using false identities, and reduce what information was illegally accessed Risk.
Each embodiment is described by the way of progressive in this specification, the highlights of each of the examples are with other The difference of embodiment, just to refer each other for identical similar portion between each embodiment.For device disclosed in embodiment For, since it is corresponded to the methods disclosed in the examples, so description is fairly simple, related place is said referring to method part It is bright.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, depends on the specific application and design constraint of technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think to exceed scope of the present application.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.The terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or equipment including a series of elements includes not only those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including institute State in the process, method, article or equipment of element that there is also other identical elements.
The above is only the preferred embodiment of the application, is not made any form of restriction to the application.Though Right the application is disclosed above with preferred embodiment, however is not limited to the application.It is any to be familiar with those skilled in the art Member, in the case where not departing from technical scheme ambit, all using the methods and technical content of the disclosure above to the application Technical solution makes many possible changes and modifications, or is revised as the equivalent embodiment of equivalent variations.Therefore, it is every without departing from The content of technical scheme, technical spirit any simple modification made to the above embodiment of foundation the application are equal Variation and modification, still fall within technical scheme protection in the range of.

Claims (14)

1. a kind of electronic signature equipment, which is characterized in that including:Safety chip, close range wireless communication NFC chip, biology are special Levy acquisition module and baseband chip;The NFC chip is connect with the safety chip, the physical characteristics collecting module with it is described Safety chip connects, and the safety chip is connect with the baseband chip;
The safety chip, the authentication for carrying out own user obtain client identity certification permission if certification passes through;
The NFC chip, for reading the identity card cleartext information and identity card cipher-text information that obtain client;
The physical characteristics collecting module obtains the biological information of client for identification;
The safety chip is additionally operable to the identity card cleartext information, the identity card cipher-text information and described using private key Generation ciphertext is encrypted in biological information;
The baseband chip carries out client identity verification for the ciphertext to be sent to application server, receives the application The feedback information of server, and position acquisition current address and be sent to the application server, the client identity verification refers to The identity card cipher-text information is decrypted using SAM devices, if successful decryption, biological information described in contrast verification and is based on institute State the target biometric information of identity card plaintext information searching acquisition, the identity card cipher-text information, biological characteristic letter Breath and the identity card cleartext information are that the application server is obtained using ciphertext described in public key decryptions.
2. electronic signature equipment according to claim 1, which is characterized in that the electronic signature equipment is Internet of Things shield.
3. electronic signature equipment according to claim 1, which is characterized in that when the baseband chip is additionally operable to obtain current Between and/or applied business be sent to the application server.
4. electronic signature equipment according to claim 1, which is characterized in that the biological characteristic includes finger print information, sound Sound, original handwriting and/or iris.
5. electronic signature equipment according to claim 1, which is characterized in that further include display module, the display module It is connect with the safety chip;
The display module, the feedback information for showing the application server.
6. electronic signature equipment according to claim 5, which is characterized in that the display module is additionally operable to display and reads institute State the prompt message of the identity card cleartext information and identity card cipher-text information of client;And/or display identifies the biology of the client The prompt message of characteristic information.
7. electronic signature equipment according to claim 1, which is characterized in that further include button, the button and the peace Full chip connection, the button are used to start the authentication that the safety chip carries out own user;And/or
The button is used to start the NFC chip and reads the identity card cleartext information and identity card cipher-text information for obtaining client; And/or
The button is used to start the biological information that the physical characteristics collecting module identification obtains client.
8. a kind of method of authentication, which is characterized in that set applied to the electronic signature of claim 1-7 any one of them It is standby, including:
Carry out the authentication of own user;
If certification passes through, identity card cleartext information, identity card cipher-text information and the biological information of client are obtained;
The identity card cleartext information, the identity card cipher-text information and the biological information are encrypted using private key Generate ciphertext;
Positioning obtains current address and is sent to application server;
The ciphertext is sent to the application server and carries out client identity verification, receives the feedback letter of the application server Breath, the client identity verification refers to decrypting the identity card cipher-text information, if successful decryption, contrast verification using SAM devices The biological information and the target biometric information obtained based on the identity card plaintext information searching, the identity card Cipher-text information, the biological information and the identity card cleartext information are the application servers using described in public key decryptions What ciphertext obtained.
9. according to the method described in claim 8, it is characterized in that, further including:
It obtains current time and/or applied business is sent to application server.
10. according to the method described in claim 8, it is characterized in that, further including:
Prompt own user reads the identity card cleartext information and identity card cipher-text information of the client;And/or
Prompt own user identifies the biological information of the client.
11. a kind of system of authentication, which is characterized in that including:The electronic signature of claim 1-7 any one of them is set Standby, application server, SAM devices and public security server;
The electronic signature equipment, the authentication for carrying out own user obtain the proof of identification of client if certification passes through Literary information, identity card cipher-text information and biological information are encrypted generation ciphertext using private key, the ciphertext are sent to Application server carries out client identity verification, receives the feedback information of the application server, and positions and obtain current address hair Give the application server;
The application server obtains the identity card cleartext information, described for the ciphertext to be decrypted using public key The identity card cipher-text information is sent to the SAM devices and received by identity card cipher-text information and the biological information The feedback information of the SAM devices is identified also according to the corresponding target terminal of the identity card plaintext information searching, to the mesh It marks terminal and sends the current address;
The SAM devices are sent to the application server for decrypting the identity card cipher-text information acquisition decrypted result;
The application server believes the identity card if the feedback information for being additionally operable to the SAM devices is successful decryption in plain text It ceases and is sent to the public security server acquisition target biometric information, biological information and target organism described in contrast verification Characteristic information, and transmit verification result to the electronic signature equipment;
The public security server, for obtaining target biometric information according to the identity card plaintext information searching.
12. system according to claim 11, which is characterized in that the electronic signature equipment is additionally operable to obtain current time And/or applied business is sent to the application server;
Accordingly, the application server is additionally operable to send the current time and/or applied business to the target terminal.
13. system according to claim 11, which is characterized in that if the application server is additionally operable to the SAM devices Feedback information be decryption fail, the feedback information of the SAM devices is directly sent to the electronic signature equipment.
14. system according to claim 11, which is characterized in that the application server is additionally operable to the target terminal Send random verification code.
CN201810531248.9A 2018-05-29 2018-05-29 A kind of electronic signature equipment, auth method and system Pending CN108769011A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810531248.9A CN108769011A (en) 2018-05-29 2018-05-29 A kind of electronic signature equipment, auth method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810531248.9A CN108769011A (en) 2018-05-29 2018-05-29 A kind of electronic signature equipment, auth method and system

Publications (1)

Publication Number Publication Date
CN108769011A true CN108769011A (en) 2018-11-06

Family

ID=64003416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810531248.9A Pending CN108769011A (en) 2018-05-29 2018-05-29 A kind of electronic signature equipment, auth method and system

Country Status (1)

Country Link
CN (1) CN108769011A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110225034A (en) * 2019-06-11 2019-09-10 捷德(中国)信息科技有限公司 Guard method, device, equipment and the storage medium of ID card information
CN113873488A (en) * 2021-10-26 2021-12-31 深圳市心链科技有限公司 Anti-counterfeiting method based on NFC

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN204791052U (en) * 2015-06-08 2015-11-18 阿克苏智安信息技术有限公司 System is compared to portrait identity based on ID card
CN105141615A (en) * 2015-09-07 2015-12-09 天地融科技股份有限公司 Method and system for opening account remotely, authentication method and system
CN105224842A (en) * 2014-06-04 2016-01-06 中兴通讯股份有限公司 The method of user identification confirmation and device in a kind of VTM system
CN105373924A (en) * 2015-10-10 2016-03-02 北京思比科微电子技术股份有限公司 System facing terminal equipment and providing safety payment function
CN106101138A (en) * 2016-07-29 2016-11-09 深圳市银雁金融服务有限公司 Method for processing business based on mobile terminal and device
CN108091011A (en) * 2017-04-24 2018-05-29 孟庆国 Method and system of the verification technique to equipment progress permission control is unified by the testimony of a witness

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105224842A (en) * 2014-06-04 2016-01-06 中兴通讯股份有限公司 The method of user identification confirmation and device in a kind of VTM system
CN204791052U (en) * 2015-06-08 2015-11-18 阿克苏智安信息技术有限公司 System is compared to portrait identity based on ID card
CN105141615A (en) * 2015-09-07 2015-12-09 天地融科技股份有限公司 Method and system for opening account remotely, authentication method and system
CN105373924A (en) * 2015-10-10 2016-03-02 北京思比科微电子技术股份有限公司 System facing terminal equipment and providing safety payment function
CN106101138A (en) * 2016-07-29 2016-11-09 深圳市银雁金融服务有限公司 Method for processing business based on mobile terminal and device
CN108091011A (en) * 2017-04-24 2018-05-29 孟庆国 Method and system of the verification technique to equipment progress permission control is unified by the testimony of a witness

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110225034A (en) * 2019-06-11 2019-09-10 捷德(中国)信息科技有限公司 Guard method, device, equipment and the storage medium of ID card information
CN113873488A (en) * 2021-10-26 2021-12-31 深圳市心链科技有限公司 Anti-counterfeiting method based on NFC

Similar Documents

Publication Publication Date Title
US10127378B2 (en) Systems and methods for registering and acquiring E-credentials using proof-of-existence and digital seals
US9900309B2 (en) Methods for using digital seals for non-repudiation of attestations
CN110741369B (en) Secure biometric authentication using electronic identity
CN105429760B (en) A kind of auth method and system of the digital certificate based on TEE
CN103679436B (en) A kind of electronic contract security system and method based on biological information identification
KR101378504B1 (en) Privacy enhanced identity scheme using an un-linkable identifier
JP4511684B2 (en) Biometrics identity verification service provision system
Burr et al. Electronic authentication guideline
CN108462725A (en) A kind of electronic signature equipment, auth method and system
CN104321777B (en) Public identifier is generated to verify the personal method for carrying identification object
JPWO2003069489A1 (en) Identification method
JP2009510644A (en) Method and configuration for secure authentication
CN107231331A (en) Obtain, issue the implementation method and device of electronic certificate
JP2000222362A (en) Method and device for realizing multiple security check point
JP2000242750A (en) Personal authentication system, and portable device and storage medium used for the same
CN1618199A (en) Method for registering and enabling PKI functionalities
JP2007200367A (en) System for providing biometrics individual confirmation service
CN108769011A (en) A kind of electronic signature equipment, auth method and system
CN208190680U (en) A kind of electronic signature equipment and authentication system
CN208754328U (en) A kind of electronic signature equipment and authentication system
CN114978521B (en) Trusted attendance checking method
Kiat et al. Analysis of OPACITY and PLAID Protocols for Contactless Smart Cards
Sedaghat et al. The management of citizen identity in electronic government
Fiebig Identity in the age of social networks and digitalisation
JP2006011681A (en) Identification system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination