CN108959883A - A kind of network identity real name identification method based on quick response matrix code - Google Patents

A kind of network identity real name identification method based on quick response matrix code Download PDF

Info

Publication number
CN108959883A
CN108959883A CN201810664215.1A CN201810664215A CN108959883A CN 108959883 A CN108959883 A CN 108959883A CN 201810664215 A CN201810664215 A CN 201810664215A CN 108959883 A CN108959883 A CN 108959883A
Authority
CN
China
Prior art keywords
real
name
network identity
user
quick response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810664215.1A
Other languages
Chinese (zh)
Other versions
CN108959883B (en
Inventor
蔡子凡
张萌
刘硕
刘瑞鹏
贾东睿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Data Communication Institute Of Science And Technology
XINGTANG COMMUNICATIONS CO Ltd
Original Assignee
Data Communication Institute Of Science And Technology
XINGTANG COMMUNICATIONS CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Data Communication Institute Of Science And Technology, XINGTANG COMMUNICATIONS CO Ltd filed Critical Data Communication Institute Of Science And Technology
Priority to CN201810664215.1A priority Critical patent/CN108959883B/en
Publication of CN108959883A publication Critical patent/CN108959883A/en
Application granted granted Critical
Publication of CN108959883B publication Critical patent/CN108959883B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Abstract

The present invention relates to a kind of network identity real name identification method based on quick response matrix code, belongs to field of information security technology, solves the problems, such as that the prior art can not really realize " testimony of a witness is same " and effective protection individual subscriber personal secrets.Network identity real name identification method disclosed by the invention based on quick response matrix code, the information exchange of Internet application and network identity server is carried out by quick response matrix code, and the network user's name registered in true identity information based on user and internet applications has carried out encryption mapping, personalized network identity mark can be obtained, is realized internet " testimony of a witness is same ".Since network identity mark is unreducible, can not calculate, and unique subscriber is only corresponded to, therefore protect subscriber identity information safe from revealing and using to a certain extent.Published method of the present invention is not only convenient for making network identity real name inhibition and generation, but also can effective protection individual subscriber personal secrets.

Description

A kind of network identity real name identification method based on quick response matrix code
Technical field
The present invention relates to field of information security technology more particularly to a kind of network identity based on quick response matrix code are real Name authentication method.
Background technique
The identity information that network identity is shown when referring to citizen using internet applications is usually answered in the internet With the network account registered, registered in software.Under normal conditions, network identity is anonymous, cannot directly with society Citizen's individual is directly linked, therefore brings some possible hidden danger, and the delinquent event in internet is commonplace.
In order to build good network environment, need to allow to lock in society by network identity real name inhibition and generation Fixed corresponding individual citizens.
Currently, China's internet applications mainly carry out real-name management using following three kinds of modes:
1) user is manually entered the crucial identity information such as the ID card No. of oneself, name in internet applications, Carry out the registration of network identity real name;
2) user is taken pictures identity card using the internet applications photographing module, or uploads identity card front and back sides Photo completes the registration of network identity real name by artificial or optical character identification (OCR) technical treatment from the background;
3) user uploads the photo of oneself hand-held identity card, by the manual or automatic processing in backstage, realizes that network identity is real Name registration.
The registration of current network account real name has following defects that firstly, being unable to ensure user uses my identity letter Breath, although for example, the identity information of user is obtained, without veritifying the real effectiveness of identity information, the identity information It may forge, moreover, even with authentic and valid identity information, but the same of the identity information and user can not be veritified Property, cause identity information to be easy to be bought and sold and falsely used.
Above-mentioned three kinds of modes, there is privacy leakage hidden danger in actual use, can not carry out to privacy of user effective Protection.As it can be seen that currently lacking a kind of effective network identity real name identification method, the personal identification of society can be believed Breath is credibly mapped in Internet application, while can sufficiently ensure individual privacy safety again, and this is maintenance network activity Order, specification network behavior morals, the basis for ensuring cyberspace safety.
Summary of the invention
In view of above-mentioned analysis, it is real that the embodiment of the present invention is intended to provide a kind of network identity based on quick response matrix code Name authentication method, to solve the problems, such as that the prior art can not fast implement real-name authentication and protection privacy of user.
On the one hand, the embodiment of the invention provides a kind of network identity real-name authentication side based on quick response matrix code Method includes the following steps:
Client sends real-name authentication request to network identity server end;
The request of real-name authentication described in the network identity received server-side sends real-name authentication request really to client Recognize information;
The client receives the confirmation message, and verifies the confirmation message;If the confirmation message To pass through, then the confirmation message is converted into quick response matrix code, and shows the quick response matrix code;Otherwise, eventually Only real-name authentication process;
The client identifies the quick response matrix code, starts to interact with the network identity server end, carries out Real-name authentication operation.
Above-mentioned technical proposal has the beneficial effect that: above-mentioned technical proposal is actually a kind of using quick response matrix code The method for carrying out network identity real-name authentication includes an independent network identity server end, serves the reality of network identity Name verification process.During real-name authentication, client using quick response matrix code carry out Internet application with network body The interaction of part server end.The genuine cyber identification authentication result with secret protection is externally provided after completing real-name authentication process.It should Genuine cyber identification authentication result without it is any it is explicit can association user individual any identity information, but unique identification one shows The individual subscriber to grow directly from seeds in living, can transfer all letters associated with the individual subscriber in judicial evidence collection etc. in special circumstances Breath, i.e. network identity mark can be relevant with ID card information, and cannot retrodict ID card information.Individual subscriber is realized mutual Movable backstage " real name " in networking, the i.e. user are holding for identity card used in real-name authentication or other real name identity documents People, while subscriber identity information wide-scale distribution caused by existing real name mode is effectively prevented again.By quick response matrix Code applied between interaction, there is very strong versatility, suitability, it is not only easy-to-use, but also can be reduced the biography of identity information The defeated frequency, while identity information being avoided to directly display in Internet application.
Network identity real name identification method in another embodiment based on the above method based on quick response matrix code, The client includes network identity service terminal software and internet applications;
The internet applications are executed, are verified for receiving the confirmation message, and to the confirmation message; If the confirmation message is to pass through, the confirmation message is converted into quick response matrix code, and show the quick sound Answer square matrix code;Otherwise, real-name authentication process is terminated;
The network identity service terminal software is executed, for identification the quick response matrix code, and by recognition result It is sent to the internet applications.
Above-mentioned technical proposal has the beneficial effect that: when internet applications need to verify the corresponding user of network account Real name identity when, initiate real-name authentication request to network identity server end, network account owner (the i.e. described user) is logical The information interaction for crossing network identity service terminal software and network identity server end completes real-name authentication process, then network Identity server end provides the genuine cyber identification authentication result with secret protection to internet applications.Genuine cyber identification certification knot Fruit can not backstepping, unreducible, corresponding unique subscriber.
Further, the network identity real name identification method based on quick response matrix code further includes following steps:
Typing network user's name, logs in internet applications;
User identity is verified, verification method uses fingerprint recognition, Identification of Images, retina identification, voice recognition, PIN code At least one of verifying;
It is verified, network user's name is sent to the network identity server end by internet applications.
Above-mentioned further scheme has the beneficial effect that: the verifying user identity step in above-mentioned technical proposal can guarantee Safety of subscriber identity information during real-name authentication, confidentiality.When the step is placed in login Internet application, it may be verified that The network identity of user, such as setting PIN identifying code, input password when logging in every time, it may be verified that whether active user is registration User guarantees the identity of registration user, active user, authentication user.The step is applied to network identity service eventually It holds in software verification, can be verified, the identity information of user will be verified to public security Population System through networking, in this way should Identity information is impossible to forge, moreover, ID card information and the identity of user can be veritified by subscriber authentication, because This is not easy to be falsely used by other people, steal wealth etc..
Further, the real-name authentication operation includes the following steps:
Typing user's real name identity information, user's real name identity information include user biological characteristic information, Gong Minshen Part information, card information;
Bind corresponding network user's name;
Corresponding network identity mark is generated according to user's real name identity information and corresponding network user name;
Record real-name authentication business serial number.
Above-mentioned further scheme has the beneficial effect that: after real-name authentication, network identity mark is taken by network identity Business device end provides.Network identity mark is a string of random words joint numbers that are unreducible, can not calculating, does not show that user's is any Identity information, but can be proved to be simultaneously to internet applications real people's real name it is true I.Internet applications make Used time does not directly acquire and shows real name identity information, but obtains and show the network identity mark.
Further, the user biological characteristic information includes fingerprint, sound, iris, face phase, DNA;
The citizenship information includes citizen's name, identification card number, gender, nationality, date of birth, address, effective day Phase;
The card information includes card body mark.
Above-mentioned further scheme has the beneficial effect that: by the citizenship information and card on identity card, can obtain It identifying to network identity, is identified by the network identity, specific people such as public security organ personnel can lock individual subscriber, And the personal all information recorded when obtaining user's registration, and other people include that Internet application quotient can not obtain.
Further, the citizenship information and card information are obtained by China second-generation identity card, and the card information passes through Card reader of ID card typing;
The output interface of the card reader of ID card includes at least one of USB interface, blue tooth interface and OTG interface.
Above-mentioned further scheme has the beneficial effect that: user identity card packet can be read directly by card reader of ID card The citizenship information and card information contained, does not need to be manually entered again, time saving and labor saving, while protecting to a certain extent yet Information security is protected.
Further, the confirmation message of the real-name authentication request is that will have agreed to or disagree, and carries out encryption life by code key At character string;
The confirmation message that the real-name authentication is requested is decrypted by the key for internet applications, is solved Close result:
If decrypted result is to agree to, the confirmation message that the real-name authentication is requested is converted into fastly by internet applications Fast response matrix code, and the quick response matrix code is shown;
If decrypted result is to disagree, internet applications terminate this real-name authentication process.
Above-mentioned further scheme has the beneficial effect that: the above process is actually to carry out core to internet applications It is real, it is ensured that the internet applications for issuing the internet applications of certification request and information of accepting confirmation are same software, Prevent fake site from illegally extracting personal information.
Further, after the completion of real-name authentication operation, the network identity is identified and is sent by the network identity server end To internet applications;
The network identity mark is unreducible, can not calculate, only corresponding unique subscriber.
Above-mentioned further scheme has the beneficial effect that: network identity real-name authentication result can not fall back personal identification letter Breath.The real name identity information of user is not directly displayed in internet applications, but shows network identity mark.By described Network identity mark, specific people such as public security organ personnel can lock individual subscriber, and obtain individual subscriber all information. By the network ID authentication as a result, Internet application can determine user be real name reality people it is true I, but can not obtain Its true identity information is taken, therefore using safe.
Further, the internet applications include at least two authentication strengths, and the authentication strength is by the user It is configured according to personal security's demand.
Above-mentioned further scheme has the beneficial effect that: by the way that different authentication strengths is arranged, authorizing selection to recognize by user Content is demonstrate,proved, guarantees that real-name authentication result is controllable to a certain extent, which is embodied in quick response matrix code.For example, Advanced real-name authentication intensity needs to authenticate more contents, and the safe coefficient needed is higher, it is desirable that the network identity real name of generation Authentication result is more complicated, therefore Internet application can authorize it to use more functions, such as quick payment function, and low Rank real-name authentication intensity, the content for needing to authenticate is less, and the safe coefficient needed is slightly weak, therefore Internet application can authorize It is only capable of using basic function, in this way, not only protecting privacy of user, but also makes verification process more humanized.
Further, corresponding network identity mark is generated according to user's real name identity information and corresponding network user name The step of knowledge includes:
The network application user name of the user is converted into character string 1;
The real name identity information of the user is converted into character string 2;
Encryption mapping is carried out to the character string 1 and character string 2 using SM3 cryptographic Hash algorithm, obtains the user's Network identity mark.
Above-mentioned further scheme has the beneficial effect that: the network identity mark obtained by SM3 cryptographic Hash algorithm process Knowledge is a string of random words joint numbers that are unreducible, can not calculating, and subscriber identity information can be protected safe.The network of the user is answered With any failure in user name and real name identity information, network identity mark can all fail, need to regenerate.Namely It says, report the loss, in user identity card more than after validity period, network identity mark ceases to be in force automatically immediately, when user identity card is made up Afterwards, real name authentication need to be re-started, new network identity mark is generated.
It in the present invention, can also be combined with each other between above-mentioned each technical solution, to realize more preferred assembled schemes.This Other feature and advantage of invention will illustrate in the following description, also, certain advantages can become from specification it is aobvious and It is clear to, or understand through the implementation of the invention.The objectives and other advantages of the invention can by specification, claims with And it is achieved and obtained in specifically noted content in attached drawing.
Detailed description of the invention
Attached drawing is only used for showing the purpose of specific embodiment, and is not to be construed as limiting the invention, in entire attached drawing In, identical reference symbol indicates identical component.
Fig. 1 is 1 network identity real name identification method process of the embodiment of the present invention;
Fig. 2 is the relationship of 2 network identity server end and Internet application of the embodiment of the present invention;
Fig. 3 is 3 network identity real name identification method process of the embodiment of the present invention;
Fig. 4 is the relationship of 3 network identity server end and Internet application of the embodiment of the present invention;
Fig. 5 is 3 real-name authentication operating process of the embodiment of the present invention.
Specific embodiment
Specifically describing the preferred embodiment of the present invention with reference to the accompanying drawing, wherein attached drawing constitutes the application a part, and Together with embodiments of the present invention for illustrating the principle of the present invention, it is not intended to limit the scope of the present invention.
Embodiment 1
As shown in Figure 1, a specific embodiment of the invention, discloses a kind of network body based on quick response matrix code Part real name identification method, includes the following steps:
S1. client sends real-name authentication request to network identity server end.The client includes network identity clothes The Internet application of business client, the network identity service client and user can be not provided on the same device.
S2. after network identity received server-side to real-name authentication request, real-name authentication request is sent to client Confirmation message.The confirmation message includes to agree or disagree with information, and being will be described same by presetting the Encryption Algorithm of code key It anticipates or disagrees information and carry out the character string that encryption mapping generates.The character string is unreducible, no in unknown key It can calculate.Specifically, i.e., only Internet application quotient and the business of network identity server is first signed and has cooperation agreement, the internet Application software, which just qualifies, carries out real-name authentication, the confirmation message packet described in the case using the network identity server What is contained is approval information.Otherwise, internet applications are not had qualification and are recognized using network identity server progress real name Card, what the confirmation message included is to disagree information.
S3. after client receives the confirmation message, the confirmation message is verified immediately;I.e. according to above-mentioned key It is decrypted, if the result that decryption operation obtains is agreement, the confirmation message is converted into quick response matrix code, and Show the quick response matrix code;Otherwise, real-name authentication process is terminated.
S4. client identifies the quick response matrix code by scan module or scanning device, with the network identity Server end starts to interact, and carries out real-name authentication operation, and after completing real-name authentication operation, network identity server end passes through encryption The real name identity information of user is generated network identity mark by algorithm, and the network identity is sent to Internet application. The network identity mark is unreducible, can not calculate, only corresponding unique subscriber.
Compared with prior art, the present embodiment is actually a kind of using quick response matrix code progress network identity real name The method of certification includes an independent network identity server end, separates with all internet applications of client Come, special service in the real-name authentication of network identity, be suitble to Internet application staff and some real-name authentications require compared with Low occasion.During real-name authentication, client is interacted using quick response matrix code with network identity server end. The genuine cyber identification authentication result with secret protection is externally provided after completing real-name authentication process, genuine cyber identification authentication result passes through Encryption is to realize.Due to the genuine cyber identification authentication result do not include it is any it is explicit can association user individual identity information, but But one real-life individual subscriber of unique identification can be transferred and the individual subscriber in special circumstances in judicial evidence collection etc. Associated all information.I.e. network identity mark can be relevant with subscriber identity information and retrodicts identity information.Cause This, realizes individual subscriber movable backstage " real name " on the internet, while effectively preventing existing real name mode and being made At subscriber identity information wide-scale distribution.
Embodiment 2
As shown in Fig. 2, optimizing on the basis of the above embodiments, client includes network identity service terminal software And internet applications, the two softwares are set in same equipment, such as the two is set on the same mobile phone of user, is carried out Different operations.
Preferably, in step S2, after network identity received server-side to the real-name authentication is requested, to Internet application Software sends the confirmation message of real-name authentication request.The confirmation message is to will have agreed to or disagree generate by predetermined encryption algorithm A string of meaningless random strings, to guarantee not obtained by other people in unknown key.The preset algorithm can use Existing algorithm, such as MD5 algorithm, code key are known by network identity server quotient and internet applications quotient.Step S2 is real It is the confirmation and verification to internet applications legitimacy on border.
Preferably, internet applications are sent the network identity server end by the above-mentioned key known to it Confirmation message be decrypted, if decrypted result is to agree to, carry out the authentication strength selected according to user for the confirmation Information is converted into quick response matrix code, and shows the quick response matrix code, and no person terminates verification process.Internet application Software should include at least two authentication strengths, and the authentication strength is configured by the user according to personal security's demand.Fastly It include authentication grade information in fast response matrix code.
User can see the quick response matrix code in the internet applications interface.The quick response matrix code It is a kind of form of two dimensional code, will confirm that information is converted into the conversion method of quick response matrix code can be using the prior art, example Such as, the method that 102810170 B of patent CN is mentioned.Internet applications and network body are carried out by quick response matrix code Interaction between part service terminal software has very strong versatility, suitability, not only easy-to-use, but also can be reduced identity information The transmission frequency, while identity information being avoided to directly display in internet applications interface.
Preferably, network identity service terminal software identifies the quick response square by scan module or scanning software Horizontal and vertical parity check code, and recognition result is sent to the internet applications through network identity server end.The quick response matrix For code by network identity service terminal software scans, Internet application, which enters, waits real-name authentication result phase.
Preferably, real-name authentication operating process includes:
S41. user inputs real name identity information on network identity service terminal software, the real name identity information of input by Network identity service terminal software is sent to network identity service platform.
S42. the real name identity information is converted into real-name authentication knot by predetermined encryption algorithm by network identity platform Fruit, and the real-name authentication result is sent to Internet application.SM3 algorithm can be used in predetermined encryption algorithm.
S43. Internet application continues follow-up business process using this real-name authentication result.
When implementation, when internet applications need to carry out real-name authentication, from internet applications to network identity Server end initiates real-name authentication request, as shown in Figure 2.Eliminate the Internet application server herein, when practical application, interconnection Net application software initiates real-name authentication request to network identity server end by the Internet application server, for the omission sheet Field technical staff is it is understood that not technical point involved in the present embodiment.
Compared with Example 1, user identifies the quick response matrix code using network identity service terminal software, not makes With the scan module of the non-internet applications, and the typing personal information in network identity service terminal software, then will The personal information is sent to network identity server, is may be implemented in this way by user's real name identity information and internet applications It thoroughly separates, individual subscriber identity information is relatively reliable safely in verification process, is suitble to most of use Internet applications User uses.The information of real-name authentication operation is being carried out due to concealing user, this increases network reality to a certain extent The information security of name certification.
Embodiment 3
As shown in figure 3, optimize on the basis of embodiment 1, client include network identity service terminal software and Internet applications, the two softwares are respectively arranged in different equipment, such as internet applications are set to user On mobile phone, network identity service terminal software is set on user computer.
Network identity service terminal software identifies the quick response matrix code, and recognition result is taken through network identity Business device end is sent to the internet applications.
The confirmation message that the network identity server end is sent is converted into quick response matrix by internet applications Code, and show the quick response matrix code.After displaying, if by after the scanning of network identity service client, Internet application It will enter and wait real-name authentication result phase, after real-name authentication result is sent to Internet application by network identity service platform, Internet application continues follow-up business process, as shown in Figure 4.
Preferably, step S3 can be divided into following steps:
S31. it after internet applications receive the confirmation message, is preset by it with what network identity service provider arranged The confirmation message is decrypted key, obtains decrypted result.The confirmation message is that will have agreed to or disagree by default Code key carries out the character string of encryption generation.The preset-key is known by Internet application quotient and network identity server quotient.
S32. if decrypted result is to agree to, internet applications convert the confirmation message according to default authentication strength It is shown at quick response matrix code, and by the quick response matrix code.If decrypted result is to disagree, client Internet applications terminate this real-name authentication process.
Step S31 and S32, which are completed, verifies internet applications, it is ensured that answers the internet for issuing certification request Internet applications with software and information of accepting confirmation are same software, prevent fake site from illegally extracting individual subscriber letter Breath.
Preferably, ID the or IP information of client where the certification request may include internet applications, simultaneously Also include corresponding ID or IP information in the quick response matrix code, verifies the corresponding ID or IP information of the two, can be confirmed two Whether person's (internet applications of the internet applications of certification request and information of accepting confirmation out) is located at same client End and same entry address, lock specific position of above-mentioned client etc..Internet application carries out ID the or IP information Cryptographic calculation, in unknown key, other people can not obtain ID the or IP information for including in the quick response matrix code. The key is known by Internet application quotient and network identity server quotient.
Network identity real name identification method based on quick response matrix code further includes following steps,
S-1. in internet applications client typing network user's name, the internet applications are logged in, such as Fig. 3 institute Show;
S0. user identity is verified, verification method uses fingerprint recognition, Identification of Images, retina identification, voice recognition, PIN At least one of code verifying, default problem verifying, position can be put with as shown in figure 3, also with public security organ's systems connection It is verified during real-name authentication.
By S0 step, can effectively veritify whether active user is registration user, thus network identity information be not easy by It falsely uses.
Preferably, Identification of Images can obtain the face head portrait of user using camera, by preset algorithm to the use The face head portrait at family is compared with the face head portrait in China second-generation identity card certificate photo, obtains the similarity of the two.If the phase It is greater than default similarity like degree, judges that user meets with China second-generation identity card, network identity server is sent out to internet applications Authentication pass information out;Otherwise, judgement is not met, and network identity server is issued to internet applications terminates certification letter Breath.
Preferably, as shown in figure 5, real-name authentication operation includes the following steps:
S41. typing user real name identity information, user's real name identity information include user biological characteristic information, public affairs People's identity information, card information.User biological characteristic information includes fingerprint, sound, iris, face phase, DNA etc..Citizenship letter Breath includes citizen's name, identification card number, gender, nationality, date of birth, address, validity date etc..Card information includes card body mark Know etc..
S42. user's real name identity information is bound with corresponding network user's name, network user name is not generally User's Real Name.In corresponding internet applications, other people are it is seen that network identity of the invention, i.e. network Identity, rather than network user's name.Network identity mark is a string of random words joint numbers that are unreducible, can not calculating, one As for, even if network user's name is its Real Name, since Internet application hides network user name, he People can not also directly read.
S43. corresponding network identity is generated according to user's real name identity information and corresponding network user name to identify. Specifically, for national secret algorithm, key is known the method used by public security organ.
S44. real-name authentication business serial number is recorded, response business tine is tracked in order to subsequent.
Preferably, the citizenship information can be directly read on China second-generation identity card surface, and the card information passes through body Part card card reader typing, does not need to be manually entered, and saves the time of real name registration, and the output interface packet of card reader of ID card USB interface, blue tooth interface and OTG interface are included, the network identity server end of the various interfaces is suitable for can be convenient.
Preferably, using SM3 cryptographic Hash algorithm to the body of the virtual form of network user's name and the user Part mark carries out encryption mapping, obtains the network identity mark of the user.The net obtained by SM3 cryptographic Hash algorithm process Network identity is a string of random words joint numbers that are unreducible, can not calculating, and individual subscriber identity information can be protected safe. SM3 hash algorithm is the cryptographic Hash algorithm of China's autonomous Design, the digital signature and verifying suitable for commercial cipher application The generation of message authentication code and verifying and the generation of random number, can meet the demand for security of a variety of cipher applications.The process packet Include following steps:
S431. the network application user name of user is converted by a string of character string ID using preset algorithm 1A.It is described default Algorithm 1 is existing known algorithm.
S432. the citizenship information of user and card information are converted by character string ID using preset algorithm 2 respectivelyBWith Character string IDC.The preset algorithm 2 is existing known algorithm.
S433. character string ID S431, S432 step generated using SM3 cryptographic Hash algorithmA, character string IDBAnd character String IDCEncryption mapping is carried out, network identity is generated and identifies T
T=E1{IDA||E2[IDB||IDC]}
In formula, E1、E2It is known algorithm for the data encryption algorithm in SM3 cryptographic Hash algorithm;| | it is adjacent by two The algorithm that information is stitched together.
Obtained by SM3 cryptographic Hash algorithm process network identity mark T be a string it is unreducible, can not calculate with Machine byte number can protect individual subscriber identity information safe.The network application user name of the user and the card body of virtual form Any failure in mark, network identity mark can all fail, need to regenerate.
Preferably, after the completion of real-name authentication operation, network identity mark is sent to interconnection by network identity server end Net application software carries out next application operating.Network identity mark is unreducible, can not calculate, only corresponding unique use Family.
Optionally, internet applications should include at least two authentication strengths, and the authentication strength is by user's root It is configured according to personal security's demand.Under high level authentication strength, individual inputs more privacy informations and is verified, example It may include such as home address, work unit, social relationships, hobby, more Internet application information can be carried out Operation.Such as quick payment.And under the authentication strength of low level, individual only needs input basic information to be verified, such as public People's name, identification card number, can only carry out the Internet application operation on basis, such as be unable to quick payment.Described two certifications are strong In the present quick response matrix code of confirmation imformosome of degree, as described in example 2 above.
When implementation, the network identity of different user identifies different, each corresponding unique subscriber of network identity mark.It is i.e. same One user can choose in different application to be identified using universal network identity and different network identities, according to need Flexible choice is wanted, but each network identity mark can only correspond to a user and a China second-generation identity card.Real-name authentication knot Shu Hou, identity real name authentication result are provided by network identity server end.The identity real name authentication result be a string it is unreducible, The random words joint number that can not be calculated does not show any identity information of user, but can be proved to be real to Internet application simultaneously People's real name it is true I.
Compared with embodiment 1 and embodiment 2, the network identity real name provided in this embodiment based on quick response matrix code User's real name information security highest that authentication method obtains, can be credibly credible by the entity of society personal (user) Ground is mapped in network, while can ensure individual privacy safety again, this is maintenance network activity order, specification network behavior road Moral, the basis for ensuring cyberspace safety.The present embodiment follows the principle on " foreground voluntarily, backstage real name ", it is ensured that " foreground can pacify It is entirely anonymous ", realize genuine cyber identification truly.Present embodiments provide general genuine cyber identification identity and for difference The different genuine cyber identification identity of application, special personnel can effectively realize behavioural analysis, trajectory track in practical applications, both Convenient for network identity real name, and effective protection individual subscriber privacy.
It will be understood by those skilled in the art that realizing all or part of the process of above-described embodiment method, meter can be passed through Calculation machine program is completed to instruct relevant hardware, and the program can be stored in computer readable storage medium.Wherein, institute Stating computer readable storage medium is disk, CD, read-only memory or random access memory etc..
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art, It should be covered by the protection scope of the present invention.

Claims (10)

1. a kind of network identity real name identification method based on quick response matrix code, which comprises the steps of:
Client sends real-name authentication request to network identity server end;
The request of real-name authentication described in the network identity received server-side sends the confirmation letter that real-name authentication is requested to client Breath;
The client receives the confirmation message, and verifies the confirmation message;If the confirmation message is logical It crosses, then the confirmation message is converted into quick response matrix code, and show the quick response matrix code;Otherwise, it terminates real Name verification process;
The client identifies the quick response matrix code, starts to interact with the network identity server end, carries out real name Authentication operation.
2. the network identity real name identification method according to claim 1 based on quick response matrix code, which is characterized in that The client includes network identity service terminal software and internet applications;
The internet applications are executed, are verified for receiving the confirmation message, and to the confirmation message;If The confirmation message is to pass through, then the confirmation message is converted into quick response matrix code, and show the quick response square Horizontal and vertical parity check code;Otherwise, real-name authentication process is terminated;
The network identity service terminal software is executed, for identification the quick response matrix code, and recognition result is sent To the internet applications.
3. the network identity real name identification method according to claim 2 based on quick response matrix code, which is characterized in that Further include following steps:
Typing network user's name, logs in internet applications;
User identity is verified, verification method is using fingerprint recognition, Identification of Images, retina identification, voice recognition, PIN code verifying At least one of;
It is verified, network user's name is sent to the network identity server end by internet applications.
4. the network identity real name identification method according to claim 3 based on quick response matrix code, which is characterized in that The real-name authentication operation includes the following steps:
Typing user's real name identity information, user's real name identity information include user biological characteristic information, citizenship letter Breath, card information;
Bind corresponding network user's name;
Corresponding network identity mark is generated according to user's real name identity information and corresponding network user name;
Record real-name authentication business serial number.
5. the network identity real name identification method according to claim 4 based on quick response matrix code, which is characterized in that The user biological characteristic information includes fingerprint, sound, iris, face phase, DNA;
The citizenship information includes citizen's name, identification card number, gender, nationality, date of birth, address, validity date;
The card information includes card body mark.
6. the network identity real name identification method according to claim 4 or 5 based on quick response matrix code, feature exist In the citizenship information and card information are obtained by China second-generation identity card, and the card information passes through card reader of ID card Typing;
The output interface of the card reader of ID card includes at least one of USB interface, blue tooth interface and OTG interface.
7. according to the network identity real name identification method based on quick response matrix code any in claim 2-5, It is characterized in that, the confirmation message of the real-name authentication request is that will have agreed to or disagree, and the word of encryption generation is carried out by code key Symbol string;
The confirmation message that the real-name authentication is requested is decrypted by the key for internet applications, obtains decryption knot Fruit:
If decrypted result is to agree to, the confirmation message that the real-name authentication is requested is converted into quick sound by internet applications Square matrix code is answered, and the quick response matrix code is shown;
If decrypted result is to disagree, internet applications terminate this real-name authentication process.
8. the network identity real name identification method according to claim 4 or 5 based on quick response matrix code, feature exist In after the completion of real-name authentication operation, network identity mark is sent to Internet application by the network identity server end Software;
The network identity mark is unreducible, can not calculate, only corresponding unique subscriber.
9. according to the network identity real name identification method based on quick response matrix code any in claim 2-5, It is characterized in that, the internet applications include at least two authentication strengths, and the authentication strength is by the user according to a People's demand for security is configured.
10. the network identity real name identification method according to claim 4 or 5 based on quick response matrix code, feature The step of being, generating corresponding network identity mark according to user's real name identity information and corresponding network user name wraps It includes:
The network application user name of the user is converted into character string 1;
The real name identity information of the user is converted into character string 2;
Encryption mapping is carried out to the character string 1 and character string 2 using SM3 cryptographic Hash algorithm, obtains the network of the user Identity.
CN201810664215.1A 2018-06-25 2018-06-25 Network identity real-name authentication method based on quick response matrix code Active CN108959883B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810664215.1A CN108959883B (en) 2018-06-25 2018-06-25 Network identity real-name authentication method based on quick response matrix code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810664215.1A CN108959883B (en) 2018-06-25 2018-06-25 Network identity real-name authentication method based on quick response matrix code

Publications (2)

Publication Number Publication Date
CN108959883A true CN108959883A (en) 2018-12-07
CN108959883B CN108959883B (en) 2021-07-09

Family

ID=64486636

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810664215.1A Active CN108959883B (en) 2018-06-25 2018-06-25 Network identity real-name authentication method based on quick response matrix code

Country Status (1)

Country Link
CN (1) CN108959883B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109829722A (en) * 2019-02-22 2019-05-31 兴唐通信科技有限公司 A kind of user identity real name identification method of electronic fare payment system
CN111182497A (en) * 2019-12-27 2020-05-19 国家计算机网络与信息安全管理中心 V2X anonymous authentication method, device and storage medium
CN113918918A (en) * 2021-12-10 2022-01-11 四川华鲲振宇智能科技有限责任公司 System and method for online unlocking of social security card and password resetting
CN117218684A (en) * 2023-09-26 2023-12-12 广州像素数据技术股份有限公司 Identity verification method, system and storage medium based on nested matrix codes
CN117218684B (en) * 2023-09-26 2024-04-26 广州像素数据技术股份有限公司 Identity verification method, system and storage medium based on nested matrix codes

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102468959A (en) * 2010-11-01 2012-05-23 刘延鹏 Identity identification method based on QR code, internet and short message
CN105049945A (en) * 2015-08-13 2015-11-11 中国科学院信息工程研究所 Safety payment system and method based on smart TV multi-screen interaction
CN107196965A (en) * 2017-07-04 2017-09-22 烟台大学 A kind of secure network real name registers technology

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102468959A (en) * 2010-11-01 2012-05-23 刘延鹏 Identity identification method based on QR code, internet and short message
CN105049945A (en) * 2015-08-13 2015-11-11 中国科学院信息工程研究所 Safety payment system and method based on smart TV multi-screen interaction
CN107196965A (en) * 2017-07-04 2017-09-22 烟台大学 A kind of secure network real name registers technology

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109829722A (en) * 2019-02-22 2019-05-31 兴唐通信科技有限公司 A kind of user identity real name identification method of electronic fare payment system
CN111182497A (en) * 2019-12-27 2020-05-19 国家计算机网络与信息安全管理中心 V2X anonymous authentication method, device and storage medium
CN113918918A (en) * 2021-12-10 2022-01-11 四川华鲲振宇智能科技有限责任公司 System and method for online unlocking of social security card and password resetting
CN117218684A (en) * 2023-09-26 2023-12-12 广州像素数据技术股份有限公司 Identity verification method, system and storage medium based on nested matrix codes
CN117218684B (en) * 2023-09-26 2024-04-26 广州像素数据技术股份有限公司 Identity verification method, system and storage medium based on nested matrix codes

Also Published As

Publication number Publication date
CN108959883B (en) 2021-07-09

Similar Documents

Publication Publication Date Title
CN111552955B (en) Personal identity authentication method and device based on block chain and IPFS
CN103679436B (en) A kind of electronic contract security system and method based on biological information identification
CN104270338B (en) Method and its system that a kind of electronic identity registration and certification are logged in
US7409543B1 (en) Method and apparatus for using a third party authentication server
CN110086608A (en) User authen method, device, computer equipment and computer readable storage medium
US20080313707A1 (en) Token-based system and method for secure authentication to a service provider
CN103985036A (en) Two-dimension code payment method with biological characteristics
CN101957898A (en) Messaging device, information processing method and program
CN108880822A (en) A kind of identity identifying method, device, system and a kind of intelligent wireless device
CN109067766A (en) A kind of identity identifying method, server end and client
CN101577917A (en) Safe dynamic password authentication method based on mobile phone
CN105554018B (en) Genuine cyber identification verification method
CN109741800A (en) The method for security protection of medical data intranet and extranet interaction based on block chain technology
CN108959883A (en) A kind of network identity real name identification method based on quick response matrix code
CN113515756B (en) High-credibility digital identity management method and system based on block chain
CN112002436B (en) Block chain-based medical question answering method, device and medium
CN110545274A (en) Method, device and system for UMA service based on people and evidence integration
CN103297237B (en) Identity registration and authentication method, system, personal authentication apparatus and certificate server
CN109067702B (en) Method for generating and protecting real-name system network identity
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
CN110855664A (en) Network certificate system
CN112383401B (en) User name generation method and system for providing identity authentication service
CN1409234A (en) Outward leakage preventing system for secrete information
CN107104792B (en) Portable mobile password management system and management method thereof
CN110995661B (en) Network card platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant