CN108959883A - A kind of network identity real name identification method based on quick response matrix code - Google Patents
A kind of network identity real name identification method based on quick response matrix code Download PDFInfo
- Publication number
- CN108959883A CN108959883A CN201810664215.1A CN201810664215A CN108959883A CN 108959883 A CN108959883 A CN 108959883A CN 201810664215 A CN201810664215 A CN 201810664215A CN 108959883 A CN108959883 A CN 108959883A
- Authority
- CN
- China
- Prior art keywords
- real
- name
- network identity
- user
- quick response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Abstract
The present invention relates to a kind of network identity real name identification method based on quick response matrix code, belongs to field of information security technology, solves the problems, such as that the prior art can not really realize " testimony of a witness is same " and effective protection individual subscriber personal secrets.Network identity real name identification method disclosed by the invention based on quick response matrix code, the information exchange of Internet application and network identity server is carried out by quick response matrix code, and the network user's name registered in true identity information based on user and internet applications has carried out encryption mapping, personalized network identity mark can be obtained, is realized internet " testimony of a witness is same ".Since network identity mark is unreducible, can not calculate, and unique subscriber is only corresponded to, therefore protect subscriber identity information safe from revealing and using to a certain extent.Published method of the present invention is not only convenient for making network identity real name inhibition and generation, but also can effective protection individual subscriber personal secrets.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of network identity based on quick response matrix code are real
Name authentication method.
Background technique
The identity information that network identity is shown when referring to citizen using internet applications is usually answered in the internet
With the network account registered, registered in software.Under normal conditions, network identity is anonymous, cannot directly with society
Citizen's individual is directly linked, therefore brings some possible hidden danger, and the delinquent event in internet is commonplace.
In order to build good network environment, need to allow to lock in society by network identity real name inhibition and generation
Fixed corresponding individual citizens.
Currently, China's internet applications mainly carry out real-name management using following three kinds of modes:
1) user is manually entered the crucial identity information such as the ID card No. of oneself, name in internet applications,
Carry out the registration of network identity real name;
2) user is taken pictures identity card using the internet applications photographing module, or uploads identity card front and back sides
Photo completes the registration of network identity real name by artificial or optical character identification (OCR) technical treatment from the background;
3) user uploads the photo of oneself hand-held identity card, by the manual or automatic processing in backstage, realizes that network identity is real
Name registration.
The registration of current network account real name has following defects that firstly, being unable to ensure user uses my identity letter
Breath, although for example, the identity information of user is obtained, without veritifying the real effectiveness of identity information, the identity information
It may forge, moreover, even with authentic and valid identity information, but the same of the identity information and user can not be veritified
Property, cause identity information to be easy to be bought and sold and falsely used.
Above-mentioned three kinds of modes, there is privacy leakage hidden danger in actual use, can not carry out to privacy of user effective
Protection.As it can be seen that currently lacking a kind of effective network identity real name identification method, the personal identification of society can be believed
Breath is credibly mapped in Internet application, while can sufficiently ensure individual privacy safety again, and this is maintenance network activity
Order, specification network behavior morals, the basis for ensuring cyberspace safety.
Summary of the invention
In view of above-mentioned analysis, it is real that the embodiment of the present invention is intended to provide a kind of network identity based on quick response matrix code
Name authentication method, to solve the problems, such as that the prior art can not fast implement real-name authentication and protection privacy of user.
On the one hand, the embodiment of the invention provides a kind of network identity real-name authentication side based on quick response matrix code
Method includes the following steps:
Client sends real-name authentication request to network identity server end;
The request of real-name authentication described in the network identity received server-side sends real-name authentication request really to client
Recognize information;
The client receives the confirmation message, and verifies the confirmation message;If the confirmation message
To pass through, then the confirmation message is converted into quick response matrix code, and shows the quick response matrix code;Otherwise, eventually
Only real-name authentication process;
The client identifies the quick response matrix code, starts to interact with the network identity server end, carries out
Real-name authentication operation.
Above-mentioned technical proposal has the beneficial effect that: above-mentioned technical proposal is actually a kind of using quick response matrix code
The method for carrying out network identity real-name authentication includes an independent network identity server end, serves the reality of network identity
Name verification process.During real-name authentication, client using quick response matrix code carry out Internet application with network body
The interaction of part server end.The genuine cyber identification authentication result with secret protection is externally provided after completing real-name authentication process.It should
Genuine cyber identification authentication result without it is any it is explicit can association user individual any identity information, but unique identification one shows
The individual subscriber to grow directly from seeds in living, can transfer all letters associated with the individual subscriber in judicial evidence collection etc. in special circumstances
Breath, i.e. network identity mark can be relevant with ID card information, and cannot retrodict ID card information.Individual subscriber is realized mutual
Movable backstage " real name " in networking, the i.e. user are holding for identity card used in real-name authentication or other real name identity documents
People, while subscriber identity information wide-scale distribution caused by existing real name mode is effectively prevented again.By quick response matrix
Code applied between interaction, there is very strong versatility, suitability, it is not only easy-to-use, but also can be reduced the biography of identity information
The defeated frequency, while identity information being avoided to directly display in Internet application.
Network identity real name identification method in another embodiment based on the above method based on quick response matrix code,
The client includes network identity service terminal software and internet applications;
The internet applications are executed, are verified for receiving the confirmation message, and to the confirmation message;
If the confirmation message is to pass through, the confirmation message is converted into quick response matrix code, and show the quick sound
Answer square matrix code;Otherwise, real-name authentication process is terminated;
The network identity service terminal software is executed, for identification the quick response matrix code, and by recognition result
It is sent to the internet applications.
Above-mentioned technical proposal has the beneficial effect that: when internet applications need to verify the corresponding user of network account
Real name identity when, initiate real-name authentication request to network identity server end, network account owner (the i.e. described user) is logical
The information interaction for crossing network identity service terminal software and network identity server end completes real-name authentication process, then network
Identity server end provides the genuine cyber identification authentication result with secret protection to internet applications.Genuine cyber identification certification knot
Fruit can not backstepping, unreducible, corresponding unique subscriber.
Further, the network identity real name identification method based on quick response matrix code further includes following steps:
Typing network user's name, logs in internet applications;
User identity is verified, verification method uses fingerprint recognition, Identification of Images, retina identification, voice recognition, PIN code
At least one of verifying;
It is verified, network user's name is sent to the network identity server end by internet applications.
Above-mentioned further scheme has the beneficial effect that: the verifying user identity step in above-mentioned technical proposal can guarantee
Safety of subscriber identity information during real-name authentication, confidentiality.When the step is placed in login Internet application, it may be verified that
The network identity of user, such as setting PIN identifying code, input password when logging in every time, it may be verified that whether active user is registration
User guarantees the identity of registration user, active user, authentication user.The step is applied to network identity service eventually
It holds in software verification, can be verified, the identity information of user will be verified to public security Population System through networking, in this way should
Identity information is impossible to forge, moreover, ID card information and the identity of user can be veritified by subscriber authentication, because
This is not easy to be falsely used by other people, steal wealth etc..
Further, the real-name authentication operation includes the following steps:
Typing user's real name identity information, user's real name identity information include user biological characteristic information, Gong Minshen
Part information, card information;
Bind corresponding network user's name;
Corresponding network identity mark is generated according to user's real name identity information and corresponding network user name;
Record real-name authentication business serial number.
Above-mentioned further scheme has the beneficial effect that: after real-name authentication, network identity mark is taken by network identity
Business device end provides.Network identity mark is a string of random words joint numbers that are unreducible, can not calculating, does not show that user's is any
Identity information, but can be proved to be simultaneously to internet applications real people's real name it is true I.Internet applications make
Used time does not directly acquire and shows real name identity information, but obtains and show the network identity mark.
Further, the user biological characteristic information includes fingerprint, sound, iris, face phase, DNA;
The citizenship information includes citizen's name, identification card number, gender, nationality, date of birth, address, effective day
Phase;
The card information includes card body mark.
Above-mentioned further scheme has the beneficial effect that: by the citizenship information and card on identity card, can obtain
It identifying to network identity, is identified by the network identity, specific people such as public security organ personnel can lock individual subscriber,
And the personal all information recorded when obtaining user's registration, and other people include that Internet application quotient can not obtain.
Further, the citizenship information and card information are obtained by China second-generation identity card, and the card information passes through
Card reader of ID card typing;
The output interface of the card reader of ID card includes at least one of USB interface, blue tooth interface and OTG interface.
Above-mentioned further scheme has the beneficial effect that: user identity card packet can be read directly by card reader of ID card
The citizenship information and card information contained, does not need to be manually entered again, time saving and labor saving, while protecting to a certain extent yet
Information security is protected.
Further, the confirmation message of the real-name authentication request is that will have agreed to or disagree, and carries out encryption life by code key
At character string;
The confirmation message that the real-name authentication is requested is decrypted by the key for internet applications, is solved
Close result:
If decrypted result is to agree to, the confirmation message that the real-name authentication is requested is converted into fastly by internet applications
Fast response matrix code, and the quick response matrix code is shown;
If decrypted result is to disagree, internet applications terminate this real-name authentication process.
Above-mentioned further scheme has the beneficial effect that: the above process is actually to carry out core to internet applications
It is real, it is ensured that the internet applications for issuing the internet applications of certification request and information of accepting confirmation are same software,
Prevent fake site from illegally extracting personal information.
Further, after the completion of real-name authentication operation, the network identity is identified and is sent by the network identity server end
To internet applications;
The network identity mark is unreducible, can not calculate, only corresponding unique subscriber.
Above-mentioned further scheme has the beneficial effect that: network identity real-name authentication result can not fall back personal identification letter
Breath.The real name identity information of user is not directly displayed in internet applications, but shows network identity mark.By described
Network identity mark, specific people such as public security organ personnel can lock individual subscriber, and obtain individual subscriber all information.
By the network ID authentication as a result, Internet application can determine user be real name reality people it is true I, but can not obtain
Its true identity information is taken, therefore using safe.
Further, the internet applications include at least two authentication strengths, and the authentication strength is by the user
It is configured according to personal security's demand.
Above-mentioned further scheme has the beneficial effect that: by the way that different authentication strengths is arranged, authorizing selection to recognize by user
Content is demonstrate,proved, guarantees that real-name authentication result is controllable to a certain extent, which is embodied in quick response matrix code.For example,
Advanced real-name authentication intensity needs to authenticate more contents, and the safe coefficient needed is higher, it is desirable that the network identity real name of generation
Authentication result is more complicated, therefore Internet application can authorize it to use more functions, such as quick payment function, and low
Rank real-name authentication intensity, the content for needing to authenticate is less, and the safe coefficient needed is slightly weak, therefore Internet application can authorize
It is only capable of using basic function, in this way, not only protecting privacy of user, but also makes verification process more humanized.
Further, corresponding network identity mark is generated according to user's real name identity information and corresponding network user name
The step of knowledge includes:
The network application user name of the user is converted into character string 1;
The real name identity information of the user is converted into character string 2;
Encryption mapping is carried out to the character string 1 and character string 2 using SM3 cryptographic Hash algorithm, obtains the user's
Network identity mark.
Above-mentioned further scheme has the beneficial effect that: the network identity mark obtained by SM3 cryptographic Hash algorithm process
Knowledge is a string of random words joint numbers that are unreducible, can not calculating, and subscriber identity information can be protected safe.The network of the user is answered
With any failure in user name and real name identity information, network identity mark can all fail, need to regenerate.Namely
It says, report the loss, in user identity card more than after validity period, network identity mark ceases to be in force automatically immediately, when user identity card is made up
Afterwards, real name authentication need to be re-started, new network identity mark is generated.
It in the present invention, can also be combined with each other between above-mentioned each technical solution, to realize more preferred assembled schemes.This
Other feature and advantage of invention will illustrate in the following description, also, certain advantages can become from specification it is aobvious and
It is clear to, or understand through the implementation of the invention.The objectives and other advantages of the invention can by specification, claims with
And it is achieved and obtained in specifically noted content in attached drawing.
Detailed description of the invention
Attached drawing is only used for showing the purpose of specific embodiment, and is not to be construed as limiting the invention, in entire attached drawing
In, identical reference symbol indicates identical component.
Fig. 1 is 1 network identity real name identification method process of the embodiment of the present invention;
Fig. 2 is the relationship of 2 network identity server end and Internet application of the embodiment of the present invention;
Fig. 3 is 3 network identity real name identification method process of the embodiment of the present invention;
Fig. 4 is the relationship of 3 network identity server end and Internet application of the embodiment of the present invention;
Fig. 5 is 3 real-name authentication operating process of the embodiment of the present invention.
Specific embodiment
Specifically describing the preferred embodiment of the present invention with reference to the accompanying drawing, wherein attached drawing constitutes the application a part, and
Together with embodiments of the present invention for illustrating the principle of the present invention, it is not intended to limit the scope of the present invention.
Embodiment 1
As shown in Figure 1, a specific embodiment of the invention, discloses a kind of network body based on quick response matrix code
Part real name identification method, includes the following steps:
S1. client sends real-name authentication request to network identity server end.The client includes network identity clothes
The Internet application of business client, the network identity service client and user can be not provided on the same device.
S2. after network identity received server-side to real-name authentication request, real-name authentication request is sent to client
Confirmation message.The confirmation message includes to agree or disagree with information, and being will be described same by presetting the Encryption Algorithm of code key
It anticipates or disagrees information and carry out the character string that encryption mapping generates.The character string is unreducible, no in unknown key
It can calculate.Specifically, i.e., only Internet application quotient and the business of network identity server is first signed and has cooperation agreement, the internet
Application software, which just qualifies, carries out real-name authentication, the confirmation message packet described in the case using the network identity server
What is contained is approval information.Otherwise, internet applications are not had qualification and are recognized using network identity server progress real name
Card, what the confirmation message included is to disagree information.
S3. after client receives the confirmation message, the confirmation message is verified immediately;I.e. according to above-mentioned key
It is decrypted, if the result that decryption operation obtains is agreement, the confirmation message is converted into quick response matrix code, and
Show the quick response matrix code;Otherwise, real-name authentication process is terminated.
S4. client identifies the quick response matrix code by scan module or scanning device, with the network identity
Server end starts to interact, and carries out real-name authentication operation, and after completing real-name authentication operation, network identity server end passes through encryption
The real name identity information of user is generated network identity mark by algorithm, and the network identity is sent to Internet application.
The network identity mark is unreducible, can not calculate, only corresponding unique subscriber.
Compared with prior art, the present embodiment is actually a kind of using quick response matrix code progress network identity real name
The method of certification includes an independent network identity server end, separates with all internet applications of client
Come, special service in the real-name authentication of network identity, be suitble to Internet application staff and some real-name authentications require compared with
Low occasion.During real-name authentication, client is interacted using quick response matrix code with network identity server end.
The genuine cyber identification authentication result with secret protection is externally provided after completing real-name authentication process, genuine cyber identification authentication result passes through
Encryption is to realize.Due to the genuine cyber identification authentication result do not include it is any it is explicit can association user individual identity information, but
But one real-life individual subscriber of unique identification can be transferred and the individual subscriber in special circumstances in judicial evidence collection etc.
Associated all information.I.e. network identity mark can be relevant with subscriber identity information and retrodicts identity information.Cause
This, realizes individual subscriber movable backstage " real name " on the internet, while effectively preventing existing real name mode and being made
At subscriber identity information wide-scale distribution.
Embodiment 2
As shown in Fig. 2, optimizing on the basis of the above embodiments, client includes network identity service terminal software
And internet applications, the two softwares are set in same equipment, such as the two is set on the same mobile phone of user, is carried out
Different operations.
Preferably, in step S2, after network identity received server-side to the real-name authentication is requested, to Internet application
Software sends the confirmation message of real-name authentication request.The confirmation message is to will have agreed to or disagree generate by predetermined encryption algorithm
A string of meaningless random strings, to guarantee not obtained by other people in unknown key.The preset algorithm can use
Existing algorithm, such as MD5 algorithm, code key are known by network identity server quotient and internet applications quotient.Step S2 is real
It is the confirmation and verification to internet applications legitimacy on border.
Preferably, internet applications are sent the network identity server end by the above-mentioned key known to it
Confirmation message be decrypted, if decrypted result is to agree to, carry out the authentication strength selected according to user for the confirmation
Information is converted into quick response matrix code, and shows the quick response matrix code, and no person terminates verification process.Internet application
Software should include at least two authentication strengths, and the authentication strength is configured by the user according to personal security's demand.Fastly
It include authentication grade information in fast response matrix code.
User can see the quick response matrix code in the internet applications interface.The quick response matrix code
It is a kind of form of two dimensional code, will confirm that information is converted into the conversion method of quick response matrix code can be using the prior art, example
Such as, the method that 102810170 B of patent CN is mentioned.Internet applications and network body are carried out by quick response matrix code
Interaction between part service terminal software has very strong versatility, suitability, not only easy-to-use, but also can be reduced identity information
The transmission frequency, while identity information being avoided to directly display in internet applications interface.
Preferably, network identity service terminal software identifies the quick response square by scan module or scanning software
Horizontal and vertical parity check code, and recognition result is sent to the internet applications through network identity server end.The quick response matrix
For code by network identity service terminal software scans, Internet application, which enters, waits real-name authentication result phase.
Preferably, real-name authentication operating process includes:
S41. user inputs real name identity information on network identity service terminal software, the real name identity information of input by
Network identity service terminal software is sent to network identity service platform.
S42. the real name identity information is converted into real-name authentication knot by predetermined encryption algorithm by network identity platform
Fruit, and the real-name authentication result is sent to Internet application.SM3 algorithm can be used in predetermined encryption algorithm.
S43. Internet application continues follow-up business process using this real-name authentication result.
When implementation, when internet applications need to carry out real-name authentication, from internet applications to network identity
Server end initiates real-name authentication request, as shown in Figure 2.Eliminate the Internet application server herein, when practical application, interconnection
Net application software initiates real-name authentication request to network identity server end by the Internet application server, for the omission sheet
Field technical staff is it is understood that not technical point involved in the present embodiment.
Compared with Example 1, user identifies the quick response matrix code using network identity service terminal software, not makes
With the scan module of the non-internet applications, and the typing personal information in network identity service terminal software, then will
The personal information is sent to network identity server, is may be implemented in this way by user's real name identity information and internet applications
It thoroughly separates, individual subscriber identity information is relatively reliable safely in verification process, is suitble to most of use Internet applications
User uses.The information of real-name authentication operation is being carried out due to concealing user, this increases network reality to a certain extent
The information security of name certification.
Embodiment 3
As shown in figure 3, optimize on the basis of embodiment 1, client include network identity service terminal software and
Internet applications, the two softwares are respectively arranged in different equipment, such as internet applications are set to user
On mobile phone, network identity service terminal software is set on user computer.
Network identity service terminal software identifies the quick response matrix code, and recognition result is taken through network identity
Business device end is sent to the internet applications.
The confirmation message that the network identity server end is sent is converted into quick response matrix by internet applications
Code, and show the quick response matrix code.After displaying, if by after the scanning of network identity service client, Internet application
It will enter and wait real-name authentication result phase, after real-name authentication result is sent to Internet application by network identity service platform,
Internet application continues follow-up business process, as shown in Figure 4.
Preferably, step S3 can be divided into following steps:
S31. it after internet applications receive the confirmation message, is preset by it with what network identity service provider arranged
The confirmation message is decrypted key, obtains decrypted result.The confirmation message is that will have agreed to or disagree by default
Code key carries out the character string of encryption generation.The preset-key is known by Internet application quotient and network identity server quotient.
S32. if decrypted result is to agree to, internet applications convert the confirmation message according to default authentication strength
It is shown at quick response matrix code, and by the quick response matrix code.If decrypted result is to disagree, client
Internet applications terminate this real-name authentication process.
Step S31 and S32, which are completed, verifies internet applications, it is ensured that answers the internet for issuing certification request
Internet applications with software and information of accepting confirmation are same software, prevent fake site from illegally extracting individual subscriber letter
Breath.
Preferably, ID the or IP information of client where the certification request may include internet applications, simultaneously
Also include corresponding ID or IP information in the quick response matrix code, verifies the corresponding ID or IP information of the two, can be confirmed two
Whether person's (internet applications of the internet applications of certification request and information of accepting confirmation out) is located at same client
End and same entry address, lock specific position of above-mentioned client etc..Internet application carries out ID the or IP information
Cryptographic calculation, in unknown key, other people can not obtain ID the or IP information for including in the quick response matrix code.
The key is known by Internet application quotient and network identity server quotient.
Network identity real name identification method based on quick response matrix code further includes following steps,
S-1. in internet applications client typing network user's name, the internet applications are logged in, such as Fig. 3 institute
Show;
S0. user identity is verified, verification method uses fingerprint recognition, Identification of Images, retina identification, voice recognition, PIN
At least one of code verifying, default problem verifying, position can be put with as shown in figure 3, also with public security organ's systems connection
It is verified during real-name authentication.
By S0 step, can effectively veritify whether active user is registration user, thus network identity information be not easy by
It falsely uses.
Preferably, Identification of Images can obtain the face head portrait of user using camera, by preset algorithm to the use
The face head portrait at family is compared with the face head portrait in China second-generation identity card certificate photo, obtains the similarity of the two.If the phase
It is greater than default similarity like degree, judges that user meets with China second-generation identity card, network identity server is sent out to internet applications
Authentication pass information out;Otherwise, judgement is not met, and network identity server is issued to internet applications terminates certification letter
Breath.
Preferably, as shown in figure 5, real-name authentication operation includes the following steps:
S41. typing user real name identity information, user's real name identity information include user biological characteristic information, public affairs
People's identity information, card information.User biological characteristic information includes fingerprint, sound, iris, face phase, DNA etc..Citizenship letter
Breath includes citizen's name, identification card number, gender, nationality, date of birth, address, validity date etc..Card information includes card body mark
Know etc..
S42. user's real name identity information is bound with corresponding network user's name, network user name is not generally
User's Real Name.In corresponding internet applications, other people are it is seen that network identity of the invention, i.e. network
Identity, rather than network user's name.Network identity mark is a string of random words joint numbers that are unreducible, can not calculating, one
As for, even if network user's name is its Real Name, since Internet application hides network user name, he
People can not also directly read.
S43. corresponding network identity is generated according to user's real name identity information and corresponding network user name to identify.
Specifically, for national secret algorithm, key is known the method used by public security organ.
S44. real-name authentication business serial number is recorded, response business tine is tracked in order to subsequent.
Preferably, the citizenship information can be directly read on China second-generation identity card surface, and the card information passes through body
Part card card reader typing, does not need to be manually entered, and saves the time of real name registration, and the output interface packet of card reader of ID card
USB interface, blue tooth interface and OTG interface are included, the network identity server end of the various interfaces is suitable for can be convenient.
Preferably, using SM3 cryptographic Hash algorithm to the body of the virtual form of network user's name and the user
Part mark carries out encryption mapping, obtains the network identity mark of the user.The net obtained by SM3 cryptographic Hash algorithm process
Network identity is a string of random words joint numbers that are unreducible, can not calculating, and individual subscriber identity information can be protected safe.
SM3 hash algorithm is the cryptographic Hash algorithm of China's autonomous Design, the digital signature and verifying suitable for commercial cipher application
The generation of message authentication code and verifying and the generation of random number, can meet the demand for security of a variety of cipher applications.The process packet
Include following steps:
S431. the network application user name of user is converted by a string of character string ID using preset algorithm 1A.It is described default
Algorithm 1 is existing known algorithm.
S432. the citizenship information of user and card information are converted by character string ID using preset algorithm 2 respectivelyBWith
Character string IDC.The preset algorithm 2 is existing known algorithm.
S433. character string ID S431, S432 step generated using SM3 cryptographic Hash algorithmA, character string IDBAnd character
String IDCEncryption mapping is carried out, network identity is generated and identifies T
T=E1{IDA||E2[IDB||IDC]}
In formula, E1、E2It is known algorithm for the data encryption algorithm in SM3 cryptographic Hash algorithm;| | it is adjacent by two
The algorithm that information is stitched together.
Obtained by SM3 cryptographic Hash algorithm process network identity mark T be a string it is unreducible, can not calculate with
Machine byte number can protect individual subscriber identity information safe.The network application user name of the user and the card body of virtual form
Any failure in mark, network identity mark can all fail, need to regenerate.
Preferably, after the completion of real-name authentication operation, network identity mark is sent to interconnection by network identity server end
Net application software carries out next application operating.Network identity mark is unreducible, can not calculate, only corresponding unique use
Family.
Optionally, internet applications should include at least two authentication strengths, and the authentication strength is by user's root
It is configured according to personal security's demand.Under high level authentication strength, individual inputs more privacy informations and is verified, example
It may include such as home address, work unit, social relationships, hobby, more Internet application information can be carried out
Operation.Such as quick payment.And under the authentication strength of low level, individual only needs input basic information to be verified, such as public
People's name, identification card number, can only carry out the Internet application operation on basis, such as be unable to quick payment.Described two certifications are strong
In the present quick response matrix code of confirmation imformosome of degree, as described in example 2 above.
When implementation, the network identity of different user identifies different, each corresponding unique subscriber of network identity mark.It is i.e. same
One user can choose in different application to be identified using universal network identity and different network identities, according to need
Flexible choice is wanted, but each network identity mark can only correspond to a user and a China second-generation identity card.Real-name authentication knot
Shu Hou, identity real name authentication result are provided by network identity server end.The identity real name authentication result be a string it is unreducible,
The random words joint number that can not be calculated does not show any identity information of user, but can be proved to be real to Internet application simultaneously
People's real name it is true I.
Compared with embodiment 1 and embodiment 2, the network identity real name provided in this embodiment based on quick response matrix code
User's real name information security highest that authentication method obtains, can be credibly credible by the entity of society personal (user)
Ground is mapped in network, while can ensure individual privacy safety again, this is maintenance network activity order, specification network behavior road
Moral, the basis for ensuring cyberspace safety.The present embodiment follows the principle on " foreground voluntarily, backstage real name ", it is ensured that " foreground can pacify
It is entirely anonymous ", realize genuine cyber identification truly.Present embodiments provide general genuine cyber identification identity and for difference
The different genuine cyber identification identity of application, special personnel can effectively realize behavioural analysis, trajectory track in practical applications, both
Convenient for network identity real name, and effective protection individual subscriber privacy.
It will be understood by those skilled in the art that realizing all or part of the process of above-described embodiment method, meter can be passed through
Calculation machine program is completed to instruct relevant hardware, and the program can be stored in computer readable storage medium.Wherein, institute
Stating computer readable storage medium is disk, CD, read-only memory or random access memory etc..
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art,
It should be covered by the protection scope of the present invention.
Claims (10)
1. a kind of network identity real name identification method based on quick response matrix code, which comprises the steps of:
Client sends real-name authentication request to network identity server end;
The request of real-name authentication described in the network identity received server-side sends the confirmation letter that real-name authentication is requested to client
Breath;
The client receives the confirmation message, and verifies the confirmation message;If the confirmation message is logical
It crosses, then the confirmation message is converted into quick response matrix code, and show the quick response matrix code;Otherwise, it terminates real
Name verification process;
The client identifies the quick response matrix code, starts to interact with the network identity server end, carries out real name
Authentication operation.
2. the network identity real name identification method according to claim 1 based on quick response matrix code, which is characterized in that
The client includes network identity service terminal software and internet applications;
The internet applications are executed, are verified for receiving the confirmation message, and to the confirmation message;If
The confirmation message is to pass through, then the confirmation message is converted into quick response matrix code, and show the quick response square
Horizontal and vertical parity check code;Otherwise, real-name authentication process is terminated;
The network identity service terminal software is executed, for identification the quick response matrix code, and recognition result is sent
To the internet applications.
3. the network identity real name identification method according to claim 2 based on quick response matrix code, which is characterized in that
Further include following steps:
Typing network user's name, logs in internet applications;
User identity is verified, verification method is using fingerprint recognition, Identification of Images, retina identification, voice recognition, PIN code verifying
At least one of;
It is verified, network user's name is sent to the network identity server end by internet applications.
4. the network identity real name identification method according to claim 3 based on quick response matrix code, which is characterized in that
The real-name authentication operation includes the following steps:
Typing user's real name identity information, user's real name identity information include user biological characteristic information, citizenship letter
Breath, card information;
Bind corresponding network user's name;
Corresponding network identity mark is generated according to user's real name identity information and corresponding network user name;
Record real-name authentication business serial number.
5. the network identity real name identification method according to claim 4 based on quick response matrix code, which is characterized in that
The user biological characteristic information includes fingerprint, sound, iris, face phase, DNA;
The citizenship information includes citizen's name, identification card number, gender, nationality, date of birth, address, validity date;
The card information includes card body mark.
6. the network identity real name identification method according to claim 4 or 5 based on quick response matrix code, feature exist
In the citizenship information and card information are obtained by China second-generation identity card, and the card information passes through card reader of ID card
Typing;
The output interface of the card reader of ID card includes at least one of USB interface, blue tooth interface and OTG interface.
7. according to the network identity real name identification method based on quick response matrix code any in claim 2-5,
It is characterized in that, the confirmation message of the real-name authentication request is that will have agreed to or disagree, and the word of encryption generation is carried out by code key
Symbol string;
The confirmation message that the real-name authentication is requested is decrypted by the key for internet applications, obtains decryption knot
Fruit:
If decrypted result is to agree to, the confirmation message that the real-name authentication is requested is converted into quick sound by internet applications
Square matrix code is answered, and the quick response matrix code is shown;
If decrypted result is to disagree, internet applications terminate this real-name authentication process.
8. the network identity real name identification method according to claim 4 or 5 based on quick response matrix code, feature exist
In after the completion of real-name authentication operation, network identity mark is sent to Internet application by the network identity server end
Software;
The network identity mark is unreducible, can not calculate, only corresponding unique subscriber.
9. according to the network identity real name identification method based on quick response matrix code any in claim 2-5,
It is characterized in that, the internet applications include at least two authentication strengths, and the authentication strength is by the user according to a
People's demand for security is configured.
10. the network identity real name identification method according to claim 4 or 5 based on quick response matrix code, feature
The step of being, generating corresponding network identity mark according to user's real name identity information and corresponding network user name wraps
It includes:
The network application user name of the user is converted into character string 1;
The real name identity information of the user is converted into character string 2;
Encryption mapping is carried out to the character string 1 and character string 2 using SM3 cryptographic Hash algorithm, obtains the network of the user
Identity.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810664215.1A CN108959883B (en) | 2018-06-25 | 2018-06-25 | Network identity real-name authentication method based on quick response matrix code |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810664215.1A CN108959883B (en) | 2018-06-25 | 2018-06-25 | Network identity real-name authentication method based on quick response matrix code |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108959883A true CN108959883A (en) | 2018-12-07 |
CN108959883B CN108959883B (en) | 2021-07-09 |
Family
ID=64486636
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810664215.1A Active CN108959883B (en) | 2018-06-25 | 2018-06-25 | Network identity real-name authentication method based on quick response matrix code |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108959883B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109829722A (en) * | 2019-02-22 | 2019-05-31 | 兴唐通信科技有限公司 | A kind of user identity real name identification method of electronic fare payment system |
CN111182497A (en) * | 2019-12-27 | 2020-05-19 | 国家计算机网络与信息安全管理中心 | V2X anonymous authentication method, device and storage medium |
CN113918918A (en) * | 2021-12-10 | 2022-01-11 | 四川华鲲振宇智能科技有限责任公司 | System and method for online unlocking of social security card and password resetting |
CN117218684A (en) * | 2023-09-26 | 2023-12-12 | 广州像素数据技术股份有限公司 | Identity verification method, system and storage medium based on nested matrix codes |
CN117218684B (en) * | 2023-09-26 | 2024-04-26 | 广州像素数据技术股份有限公司 | Identity verification method, system and storage medium based on nested matrix codes |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102468959A (en) * | 2010-11-01 | 2012-05-23 | 刘延鹏 | Identity identification method based on QR code, internet and short message |
CN105049945A (en) * | 2015-08-13 | 2015-11-11 | 中国科学院信息工程研究所 | Safety payment system and method based on smart TV multi-screen interaction |
CN107196965A (en) * | 2017-07-04 | 2017-09-22 | 烟台大学 | A kind of secure network real name registers technology |
-
2018
- 2018-06-25 CN CN201810664215.1A patent/CN108959883B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102468959A (en) * | 2010-11-01 | 2012-05-23 | 刘延鹏 | Identity identification method based on QR code, internet and short message |
CN105049945A (en) * | 2015-08-13 | 2015-11-11 | 中国科学院信息工程研究所 | Safety payment system and method based on smart TV multi-screen interaction |
CN107196965A (en) * | 2017-07-04 | 2017-09-22 | 烟台大学 | A kind of secure network real name registers technology |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109829722A (en) * | 2019-02-22 | 2019-05-31 | 兴唐通信科技有限公司 | A kind of user identity real name identification method of electronic fare payment system |
CN111182497A (en) * | 2019-12-27 | 2020-05-19 | 国家计算机网络与信息安全管理中心 | V2X anonymous authentication method, device and storage medium |
CN113918918A (en) * | 2021-12-10 | 2022-01-11 | 四川华鲲振宇智能科技有限责任公司 | System and method for online unlocking of social security card and password resetting |
CN117218684A (en) * | 2023-09-26 | 2023-12-12 | 广州像素数据技术股份有限公司 | Identity verification method, system and storage medium based on nested matrix codes |
CN117218684B (en) * | 2023-09-26 | 2024-04-26 | 广州像素数据技术股份有限公司 | Identity verification method, system and storage medium based on nested matrix codes |
Also Published As
Publication number | Publication date |
---|---|
CN108959883B (en) | 2021-07-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111552955B (en) | Personal identity authentication method and device based on block chain and IPFS | |
CN103679436B (en) | A kind of electronic contract security system and method based on biological information identification | |
CN104270338B (en) | Method and its system that a kind of electronic identity registration and certification are logged in | |
US7409543B1 (en) | Method and apparatus for using a third party authentication server | |
CN110086608A (en) | User authen method, device, computer equipment and computer readable storage medium | |
US20080313707A1 (en) | Token-based system and method for secure authentication to a service provider | |
CN103985036A (en) | Two-dimension code payment method with biological characteristics | |
CN101957898A (en) | Messaging device, information processing method and program | |
CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
CN109067766A (en) | A kind of identity identifying method, server end and client | |
CN101577917A (en) | Safe dynamic password authentication method based on mobile phone | |
CN105554018B (en) | Genuine cyber identification verification method | |
CN109741800A (en) | The method for security protection of medical data intranet and extranet interaction based on block chain technology | |
CN108959883A (en) | A kind of network identity real name identification method based on quick response matrix code | |
CN113515756B (en) | High-credibility digital identity management method and system based on block chain | |
CN112002436B (en) | Block chain-based medical question answering method, device and medium | |
CN110545274A (en) | Method, device and system for UMA service based on people and evidence integration | |
CN103297237B (en) | Identity registration and authentication method, system, personal authentication apparatus and certificate server | |
CN109067702B (en) | Method for generating and protecting real-name system network identity | |
CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
CN110855664A (en) | Network certificate system | |
CN112383401B (en) | User name generation method and system for providing identity authentication service | |
CN1409234A (en) | Outward leakage preventing system for secrete information | |
CN107104792B (en) | Portable mobile password management system and management method thereof | |
CN110995661B (en) | Network card platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |