CN108959883B - Network identity real-name authentication method based on quick response matrix code - Google Patents
Network identity real-name authentication method based on quick response matrix code Download PDFInfo
- Publication number
- CN108959883B CN108959883B CN201810664215.1A CN201810664215A CN108959883B CN 108959883 B CN108959883 B CN 108959883B CN 201810664215 A CN201810664215 A CN 201810664215A CN 108959883 B CN108959883 B CN 108959883B
- Authority
- CN
- China
- Prior art keywords
- real
- identity
- user
- network
- name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Abstract
The invention relates to a network identity real-name authentication method based on a quick response matrix code, belongs to the technical field of information security, and solves the problems that the prior art can not really realize the identity of a certificate and can not effectively protect the personal privacy security of a user. The invention discloses a network identity real-name authentication method based on a quick response matrix code, which is characterized in that information interaction between internet application and a network identity server is carried out by means of the quick response matrix code, and encryption mapping is carried out on the basis of real identity information of a user and a network user name registered in internet application software, so that personalized network identity can be obtained, and the identity of the network ID is realized. The network identity identification is irreducible and unpredictable and only corresponds to a unique user, so that the user identity information is protected from being leaked and the use safety is protected to a certain extent. The method disclosed by the invention is convenient for making the network identity be real-named, and can effectively protect the personal privacy security of the user.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a network identity real-name authentication method based on a quick response matrix code.
Background
The network identity refers to identity information displayed when a citizen uses internet application software, and is generally a network account registered and registered in the internet application software. In general, the network identity is anonymous and cannot be directly associated with citizens in the real society, so that potential hidden dangers are brought, and internet illegal criminal events are frequent.
In order to create a good network environment, it is necessary to make the network identity real-name so that it can lock the corresponding citizen in the real society.
Currently, internet application software in China mainly adopts the following three modes to carry out real-name management:
1) a user manually inputs key identity information such as own identity card number, name and the like in internet application software to register the real name of the network identity;
2) the user uses the Internet application software camera module to take a picture of the identity card, or uploads the positive and negative pictures of the identity card, and the real-name registration of the network identity is completed after the processing of background manual work or Optical Character Recognition (OCR) technology;
3) the user uploads the picture of the own hand-held identity card, and the real-name registration of the network identity card is realized through manual or automatic processing of a background.
The current network account real-name registration has the following defects: first, it is not possible to ensure that the user uses the personal identification information, for example, although the identification information of the user is acquired, the true validity of the identification information is not verified, the identification information may be falsified, and even if the true valid identification information is used, the identity of the identification information and the user cannot be verified, resulting in the identification information being easily bought and sold and being falsely used.
Above-mentioned three kinds of modes, all there is the privacy to reveal the hidden danger in-service use, can't carry out effectual protection to user's privacy. It is clear that there is no effective real-name network identity authentication method currently, which can map the personal identity information of the real society to the internet application trustinely, and can fully guarantee the personal privacy security, which is the basis for maintaining the network activity order, standardizing the network behavior morality, and ensuring the network space security.
Disclosure of Invention
In view of the foregoing analysis, embodiments of the present invention provide a network identity real-name authentication method based on a quick response matrix code, so as to solve the problem that the prior art cannot quickly implement real-name authentication and protect user privacy.
On one hand, the embodiment of the invention provides a network identity real-name authentication method based on a quick response matrix code, which comprises the following steps:
the client sends a real-name authentication request to a network identity server;
the network identity server receives the real-name authentication request and sends confirmation information of the real-name authentication request to the client;
the client receives the confirmation information and verifies the confirmation information; if the confirmation information is passed, converting the confirmation information into a quick response matrix code, and displaying the quick response matrix code; otherwise, terminating the real-name authentication process;
and the client identifies the quick response matrix code, starts to interact with the network identity server and performs real-name authentication operation.
The beneficial effects of the above technical scheme are as follows: the technical scheme is a method for performing real-name authentication of network identity by adopting a quick response matrix code, and the method comprises an independent network identity server side serving for the real-name authentication process of network identity. In the real-name authentication process, the client side adopts the quick response matrix code to carry out interaction between the internet application and the network identity server side. And after the real-name authentication process is finished, a network real-name authentication result with privacy protection is provided for the outside. The network real-name authentication result does not contain any explicit identity information which can be associated with the user, but uniquely identifies the user in real life, and can call all information associated with the user under special conditions of judicial evidence taking and the like, namely, the network identity identification can be associated with the identity card information and cannot reverse the identity card information. The method realizes the background real-name of the personal activity of the user on the Internet, namely the user is the holder of the identity card or other real-name identity cards used for real-name authentication, and simultaneously effectively avoids the wide spread of the user identity information caused by the existing real-name mode. The method has the advantages that the interaction between applications is carried out by means of the quick response matrix code, the universality and the adaptability are very strong, the convenience and the easiness in use are realized, the transmission frequency of the identity information can be reduced, and meanwhile, the direct display of the identity information in the internet application is avoided.
In another embodiment based on the method, the network identity real-name authentication method based on the quick response matrix code comprises a client and a server, wherein the client comprises network identity service terminal software and internet application software;
executing the internet application software for receiving the confirmation information and verifying the confirmation information; if the confirmation information is passed, converting the confirmation information into a quick response matrix code, and displaying the quick response matrix code; otherwise, terminating the real-name authentication process;
and executing the network identity service terminal software, identifying the quick response matrix code and sending the identification result to the Internet application software.
The beneficial effects of the above technical scheme are as follows: when the Internet application software needs to verify the real-name identity of a user corresponding to the network account, a real-name authentication request is sent to the network identity server, a network account owner (namely the user) completes the real-name authentication process through information interaction between the network identity service terminal software and the network identity server, and then the network identity server provides a network real-name authentication result with privacy protection for the Internet application software. The network real-name authentication result is irreversible and irreducible and only corresponds to a unique user.
Further, the network identity real-name authentication method based on the quick response matrix code further comprises the following steps:
inputting a network user name, and logging in internet application software;
verifying the identity of the user, wherein the verification method adopts at least one of fingerprint identification, portrait identification, retina identification, voice identification and PIN code verification;
and after the verification is passed, the Internet application software sends the network user name to the network identity server.
The beneficial effects of the above further scheme are as follows: the step of verifying the user identity in the technical scheme can ensure the safety and confidentiality of the user identity information in the real-name authentication process. When the step is placed in the process of logging in the internet application, the network identity of the user can be verified, for example, a PIN verification code is set, a password is input during logging in each time, whether the current user is a registered user or not can be verified, and the identity of the registered user, the current user and the identity authentication user is ensured. The step is applied to the software verification of the network identity service terminal, can be verified to a public security population system through networking, and can verify the identity information of the user, so that the identity information cannot be forged, and the identity of the identity information and the user can be verified through the user identity verification, so that the identity information is not easy to be faked by other people, money and money are not easy to steal, and the like.
Further, the real-name authentication operation includes the steps of:
inputting user real-name identity information, wherein the user real-name identity information comprises user biological characteristic information, citizen identity information and card information;
binding a corresponding network user name;
generating a corresponding network identity according to the user real-name identity information and a corresponding network user name;
and recording the serial number of the real-name authentication service.
The beneficial effects of the above further scheme are as follows: after the real-name authentication is finished, the network identity identification is provided by the network identity server. The network identity mark is a string of unrecoverable and non-deductible random byte numbers, does not display any identity information of a user, and can prove to internet application software that the network identity mark is a real person with a real name. When the Internet application software is used, the real-name identity information is not directly acquired and displayed, but the network identity mark is acquired and displayed.
Further, the user biological characteristic information comprises fingerprints, voice, irises, facies and DNA;
the citizen identity information comprises a citizen name, an identity card number, a gender, a ethnicity, a birth date, an address and an effective date;
the card information comprises a card body identification.
The beneficial effects of the above further scheme are as follows: through the citizen identity information and the card on the identity card, a network identity can be obtained, through the network identity, specific personnel such as public security officers can lock the user individuals and obtain all personal information recorded during user registration, and other people including internet application providers cannot obtain the personal information.
Further, the citizen identity information and the card information are acquired through a second-generation identity card, and the card information is input through an identity card reader;
the output interface of the identity card reader comprises at least one of a USB interface, a Bluetooth interface and an OTG interface.
The beneficial effects of the above further scheme are as follows: the citizen identity information and the card information contained in the user identity card can be directly read through the identity card reader without manual input, so that time and labor are saved, and the information safety is protected to a certain extent.
Further, the confirmation information of the real-name authentication request is a character string which is generated by encrypting the agreement or disagreement through a secret key;
the internet application software decrypts the confirmation information of the real-name authentication request through the secret key to obtain a decryption result:
if the decryption result is agreement, the Internet application software converts the confirmation information of the real-name authentication request into a quick response matrix code and displays the quick response matrix code;
if the decryption result is not approved, the Internet application software terminates the real-name authentication process.
The beneficial effects of the above further scheme are as follows: the above process is actually to verify the internet application software, so as to ensure that the internet application software sending the authentication request and the internet application software receiving the confirmation information are the same software, and prevent the illegal extraction of personal information by a false website.
Further, after the real-name authentication operation is completed, the network identity server side sends the network identity identification to internet application software;
the network identity identification can not be restored and calculated and only corresponds to a unique user.
The beneficial effects of the above further scheme are as follows: the network identity real-name authentication result can not reverse the personal identity information. The internet application software does not directly display the real-name identity information of the user, but displays the network identity mark. Through the network identification, a specific person such as a public security organ person can lock the user person and obtain all information of the user person. Through the network identity authentication result, the internet application can determine that the user is the real person of the real famous real person, but cannot acquire the real identity information of the user, so the use is safe.
Further, the internet application software comprises at least two authentication strengths, and the authentication strengths are set by the user according to personal security requirements.
The beneficial effects of the above further scheme are as follows: by setting different authentication strengths, the user authorizes and selects the authentication content, the control of the real-name authentication result is ensured to a certain extent, and the authentication strength is embodied in the quick response matrix code. For example, the high-level real-name authentication strength needs to authenticate more contents, the required security degree is higher, and the generated network identity real-name authentication result is required to be more complex, so that the internet application can authorize the internet application to use more functions, such as a quick payment function, while the low-level real-name authentication strength needs less contents to be authenticated, and the required security degree is slightly weaker, so that the internet application can authorize the internet application to use only basic functions, thereby protecting the user privacy and enabling the authentication process to be more humanized.
Further, the step of generating a corresponding network identity according to the user real-name identity information and the corresponding network user name includes:
converting the network application user name of the user into a character string 1;
converting the real-name identity information of the user into a character string 2;
and carrying out encryption mapping on the character string 1 and the character string 2 by adopting an SM3 password hash algorithm to obtain the network identity of the user.
The beneficial effects of the above further scheme are as follows: the network identity obtained by SM3 cryptographic hash algorithm processing is a string of unrecoverable and non-deductible random byte number, which can protect the security of user identity information. Any one of the network application user name and the real name identity information of the user is invalid, and the network identity identifier is invalid and needs to be regenerated. That is, after the user identification card is reported to be lost and exceeds the valid period, the network identification mark is automatically invalid immediately, and after the user identification card is subsidized, real-name identification authentication needs to be performed again to generate a new network identification mark.
In the invention, the technical schemes can be combined with each other to realize more preferable combination schemes. Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The drawings are only for purposes of illustrating particular embodiments and are not to be construed as limiting the invention, wherein like reference numerals are used to designate like parts throughout.
Fig. 1 is a flow chart of a network identity real-name authentication method in embodiment 1 of the present invention;
fig. 2 is a relationship between a network identity server and an internet application in embodiment 2 of the present invention;
fig. 3 is a flow chart of a network identity real-name authentication method according to embodiment 3 of the present invention;
fig. 4 shows a relationship between a network identity server and an internet application according to embodiment 3 of the present invention;
fig. 5 is a flow of an operation of real-name authentication in embodiment 3 of the present invention.
Detailed Description
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate preferred embodiments of the invention and together with the description, serve to explain the principles of the invention and not to limit the scope of the invention.
Example 1
As shown in fig. 1, a specific embodiment of the present invention discloses a network identity real-name authentication method based on a quick response matrix code, which includes the following steps:
s1, a client sends a real-name authentication request to a network identity server. The client comprises a network identity service client, and the network identity service client and the internet application of the user may not be arranged on the same device.
And S2, after receiving the real-name authentication request, the network identity server side sends confirmation information of the real-name authentication request to the client side. The confirmation information comprises agreement or disagreement information and is a character string generated by carrying out encryption mapping on the agreement or disagreement information through an encryption algorithm of a preset secret key. The character string is irreducible and irreducible under the condition of unknown key. Specifically, only if the internet application and the network identity server have a cooperative agreement in advance, the internet application is qualified to perform real-name authentication using the network identity server, and in this case, the confirmation information includes agreement information. Otherwise, the Internet application software is not qualified to use the network identity server for real-name authentication, and the confirmation information comprises the non-consent information.
S3, after receiving the confirmation information, the client side immediately verifies the confirmation information; decrypting according to the key, if the result obtained by the decryption operation is agreement, converting the confirmation information into a quick response matrix code, and displaying the quick response matrix code; otherwise, the real name authentication process is terminated.
And S4, the client identifies the quick response matrix code through a scanning module or scanning equipment, the quick response matrix code and the network identity server start to interact to perform real-name authentication operation, after the real-name authentication operation is completed, the network identity server generates a network identity mark from the real-name identity information of the user through an encryption algorithm, and the network identity mark is sent to the Internet application. The network identity identification can not be restored and calculated and only corresponds to a unique user.
Compared with the prior art, the embodiment is a method for performing real-name authentication of network identity by adopting a quick response matrix code, comprises an independent network identity server side, is separated from all internet application software of a client side, is specially used for real-name authentication of network identity, and is suitable for internet application workers and occasions with lower real-name authentication requirements. In the real-name authentication process, the client side adopts a quick response matrix code to interact with the network identity server side. And after the real-name authentication process is finished, a network real-name authentication result with privacy protection is provided for the outside, and the network real-name authentication result is realized by encryption. Because the network real-name authentication result does not contain any explicit identification information which can be associated with the user, but uniquely identifies the user in real life, all information associated with the user can be called under special conditions of judicial evidence collection and the like. Namely, the network identity can be related to the user identity information and cannot be used for backward pushing the identity information. Therefore, the background real-name of the user's personal activities on the Internet is realized, and the wide spread of the user's identity information caused by the existing real-name mode is effectively avoided.
Example 2
As shown in fig. 2, based on the above embodiment, the client is optimized, and includes network identity service terminal software and internet application software, which are installed on the same device, for example, on the same mobile phone of the user, to perform different operations.
Preferably, in step S2, after receiving the real-name authentication request, the network identity server sends confirmation information of the real-name authentication request to the internet application software. The confirmation information is a meaningless random character string generated by a preset encryption algorithm to be agreed or not agreed so as to ensure that the secret key is not acquired by others when unknown. The preset algorithm may be an existing algorithm, such as the MD5 algorithm, and the key is known by the network identity server and the internet application software provider. Step S2 is actually a confirmation and verification of the legitimacy of the internet application software.
Preferably, the internet application software decrypts the confirmation information sent by the network identity server side through the known secret key, and if the decryption result is agreement, converts the confirmation information into a quick response matrix code according to the authentication strength selected by the user, displays the quick response matrix code, and terminates the authentication process if the user does not. The internet application software should include at least two authentication strengths that are set by the user according to personal security requirements. The quick response matrix code includes authentication level information.
The user may see the quick response matrix code within the internet application software interface. The quick response matrix code is a two-dimensional code, and the conversion method for converting the identification information into the quick response matrix code may utilize the prior art, for example, the method disclosed in patent CN 102810170B. The interaction between the Internet application software and the network identity service terminal software is carried out by means of the quick response matrix code, the universality and the adaptability are very strong, the convenience and the easiness in use are realized, the transmission frequency of the identity information can be reduced, and meanwhile, the identity information is prevented from being directly displayed in an Internet application software interface.
Preferably, the network identity service terminal software recognizes the quick response matrix code through a scanning module or scanning software, and sends the recognition result to the internet application software through the network identity server. And the quick response matrix code is scanned by the network identity service terminal software, and the Internet application enters a state of waiting for a real-name authentication result.
Preferably, the real-name authentication operation process includes:
s41, the user inputs real-name identity information on the network identity service terminal software, and the input real-name identity information is sent to the network identity service platform by the network identity service terminal software.
And S42, the network identity platform converts the real-name identity information into a real-name authentication result through a preset encryption algorithm and sends the real-name authentication result to the Internet for application. The preset encryption algorithm may employ the SM3 algorithm.
S43, the Internet application uses the real-name authentication result to continue the subsequent business process.
In implementation, when the internet application software needs to perform real-name authentication, the internet application software initiates a real-name authentication request to the network identity server, as shown in fig. 2. An internet application server is omitted here, and in practical application, internet application software initiates a real-name authentication request to a network identity server through the internet application server.
Compared with the embodiment 1, the user uses the network identity service terminal software to identify the quick response matrix code, a scanning module other than the internet application software is not used, personal information is input into the network identity service terminal software, and then the personal information is sent to the network identity server, so that the user real-name identity information and the internet application software can be thoroughly separated, the user personal identity information is safe and reliable in the authentication process, and the method is suitable for most users using internet application. Because the information that the user is carrying out the real-name authentication operation is hidden, the information security of the network real-name authentication is increased to a certain extent.
Example 3
As shown in fig. 3, the optimization is performed based on embodiment 1, and the client includes network identity service terminal software and internet application software, which are respectively installed on different devices, for example, the internet application software is installed on a user mobile phone, and the network identity service terminal software is installed on a user computer.
And the network identity service terminal software identifies the quick response matrix code and sends an identification result to the internet application software through the network identity server.
And the Internet application software converts the confirmation information sent by the network identity server into a quick response matrix code and displays the quick response matrix code. After the display, if the internet application is scanned by the network identity service client, the internet application enters a state of waiting for a real-name authentication result, and after the network identity service platform sends the real-name authentication result to the internet application, the internet application continues a subsequent business process, as shown in fig. 4.
Preferably, step S3 may be divided into the following steps:
and S31, after receiving the confirmation information, the Internet application software decrypts the confirmation information through a preset secret key agreed with the network identity service provider to obtain a decryption result. The confirmation information is a character string generated by encrypting the agreement or disagreement through a preset secret key. The pre-set key is known to the internet application provider and the network identity server provider.
And S32, if the decryption result is agreement, the Internet application software converts the confirmation information into a quick response matrix code according to the preset authentication strength, and displays the quick response matrix code. And if the decryption result is not approved, the Internet application software of the client ends the real-name authentication process.
Steps S31 and S32 complete verification of the internet application software, ensuring that the internet application software that issued the authentication request is the same as the internet application software that received the confirmation information, preventing a false website from illegally collecting the user' S personal information.
Preferably, the authentication request may include an ID or IP information of a client where the internet application software is located, and the quick response matrix code also includes corresponding ID or IP information, and verifies the ID or IP information corresponding to the two, so as to confirm whether the two (the internet application software that issues the authentication request and the internet application software that receives the confirmation information) are located at the same client, and the same login address, and lock the specific location of the client. The internet application carries out encryption operation on the ID or IP information, and under the condition of unknown key, others cannot acquire the ID or IP information contained in the quick response matrix code. The key is known to both the internet application provider and the network identity server provider.
The network identity real-name authentication method based on the quick response matrix code further comprises the following steps,
s-1, a network user name is input into an Internet application software client, and the Internet application software is logged in, as shown in figure 3;
s0. the user identity is verified by at least one of fingerprint identification, portrait identification, retina identification, voice identification, PIN code verification, and preset question verification, and the position of the user identity can be as shown in FIG. 3, or networked with public security system, and verified in real name authentication process.
Through the step of S0, it can be effectively verified whether the current user is a registered user, and therefore the network identity information is not easy to be falsely used.
Preferably, the face recognition may adopt a camera to obtain a face portrait of the user, and the face portrait of the user is compared with a face portrait in the second-generation identification card photo through a preset algorithm to obtain similarity between the face portrait of the user and the face portrait. If the similarity is larger than the preset similarity, judging that the user is in accordance with the second-generation identity card, and sending authentication passing information to the Internet application software by the network identity server; otherwise, judging that the terminal does not accord with the authentication information, and sending the authentication information to the Internet application software by the network identity server.
Preferably, as shown in fig. 5, the real-name authentication operation includes the steps of:
s41, inputting user real-name identity information, wherein the user real-name identity information comprises user biological characteristic information, citizen identity information and card information. The user biometric information includes fingerprint, voice, iris, facial phase, DNA, etc. The citizen identity information comprises citizen name, identity card number, gender, ethnicity, date of birth, address, effective date and the like. The card information comprises card body identification and the like.
And S42, binding the real-name identity information of the user with a corresponding network user name, wherein the network user name is not the real name of the user generally. In the corresponding internet application software, the network identity, namely the network identity identification, of the invention can be seen by others, but not the network user name. The network identity is a string of unrecoverable and non-deductible random bytes, and generally speaking, even if the network user name is the real name of the network user name, the network user name cannot be directly read by others due to the fact that the internet application hides the network user name.
S43, generating a corresponding network identity according to the user real-name identity information and the corresponding network user name. Specifically, the adopted method is a national cryptographic algorithm, and the secret key is known by public security authorities.
And S44, recording the serial number of the real-name authentication service so as to facilitate the follow-up tracking of the content of the response service.
Preferably, the citizen identity information can be directly read on the surface of the second generation identity card, the card information is input through an identity card reader without manual input, the real-name registration time is saved, and the output interface of the identity card reader comprises a USB interface, a Bluetooth interface and an OTG interface, and can be conveniently applied to network identity server ends of various interfaces.
Preferably, an SM3 cryptographic hash algorithm is used to perform encryption mapping on the network user name and the virtual identity of the user, so as to obtain the network identity of the user. The network identity obtained by SM3 cryptographic hash algorithm processing is a string of unrecoverable and non-deductible random byte number, which can protect the security of user personal identity information. The SM3 hash algorithm is a cipher hash algorithm independently designed in China, is suitable for generation and verification of digital signature and verification message authentication codes and generation of random numbers in commercial cipher application, and can meet the safety requirements of various cipher applications. The process comprises the following steps:
s431, converting the network application user name of the user into a string of character string IDs by adopting a preset algorithm 1A. The preset algorithm 1 is a known algorithm.
S432, citizen identity information and card information of the user are respectively converted into character strings ID by adopting a preset algorithm 2BAnd a character string IDC. The preset algorithm 2 is a known algorithm.
S433, adopting SM3 cipher hashing algorithm to carry out hash on the character string ID generated in the steps S431 and S432AID of character stringBAnd a character string IDCCarrying out encryption mapping to generate a network identity T
T=E1{IDA||E2[IDB||IDC]}
In the formula, E1、E2The method is a data encryption algorithm in an SM3 cryptographic hash algorithm, and is a known algorithm; and | l is an algorithm for splicing two adjacent pieces of information together.
The network identity T obtained through SM3 cryptographic hash algorithm processing is a string of unrecoverable and non-deductible random byte numbers, and the security of the user personal identity information can be protected. Any one of the user name of the network application of the user and the card body identification in the virtual form is invalid, and the network identity identification is invalid and needs to be regenerated.
Preferably, after the real-name authentication operation is completed, the network identity server sends the network identity identifier to the internet application software, and performs the next application operation. The network identity identification is irreducible and unpredictable and only corresponds to a unique user.
Optionally, the internet application software should include at least two authentication strengths, which are set by the user according to personal security requirements. Under the high-level authentication strength, a person inputs more privacy information for verification, such as possibly including home addresses, work units, social relations, interests and hobbies, and can perform more internet application information operations. Such as quick payments. Under the low-level authentication strength, an individual only needs to input basic information for verification, such as a citizen name and an identification number, and only can perform basic internet application operation, such as quick payment. The confirmation information of the two authentication strengths is embodied in a quick response matrix code, as described in example 2.
In implementation, the network identification of different users are different, and each network identification only corresponds to a unique user. That is, the same user can select and use the universal network identification and different network identifications in different applications, and the network identifications can be flexibly selected according to needs, but each network identification can only correspond to one user and one second-generation identification card. After the real-name authentication is finished, the identity real-name authentication result is provided by the network identity server. The identity real-name authentication result is a string of irreducible and non-deductible random byte numbers, does not display any identity information of the user, and can prove that the identity real-name authentication result is the real person of the real person real name to internet application.
Compared with the embodiments 1 and 2, the network identity real-name authentication method based on the quick response matrix code provided by the embodiment has the highest security of the user real-name information, can credibly map the entity individuals (users) of the real society into the network, and can guarantee the personal privacy security, which is the basis for maintaining the network activity order, standardizing the network behavior morality and ensuring the network space security. The embodiment follows the principle of 'foreground voluntary and background real name', ensures 'foreground can be safely anonymous', and realizes real network real name. The embodiment provides a universal network real-name identity and different network real-name identities aiming at different applications, and special personnel can effectively realize behavior analysis and track tracking in practical application, so that the network identity real-name is facilitated, and the individual privacy of a user is effectively protected.
Those skilled in the art will appreciate that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program, which is stored in a computer readable storage medium, to instruct related hardware. The computer readable storage medium is a magnetic disk, an optical disk, a read-only memory or a random access memory.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention.
Claims (8)
1. A network identity real name authentication method based on a quick response matrix code is characterized by comprising the following steps:
when the internet application software client needs to verify the real-name identity of the user corresponding to the network account, sending a real-name authentication request to a network identity server;
after receiving the real-name authentication request, the network identity server side sends confirmation information of the real-name authentication request to the Internet application software client side; the confirmation information is used for confirming the legality of the Internet application software, and only an Internet application provider and a network identity server provider sign a cooperation protocol in advance, wherein the confirmation information is passed; otherwise, the confirmation information is failed;
the internet application software client receives the confirmation information and verifies the confirmation information; if the confirmation information is passed, converting the confirmation information into a quick response matrix code, and displaying the quick response matrix code; otherwise, terminating the real-name authentication process; the quick response matrix code is used for interaction between the Internet application software client and the network identity service terminal software;
the network identity service terminal software client side starts to interact with the network identity server side by scanning and identifying the quick response matrix code, and performs real-name authentication operation, wherein the real-name authentication operation comprises the following steps: inputting user real-name identity information, wherein the user real-name identity information comprises user biological characteristic information, citizen identity information and card information, and the citizen identity information comprises an address and an effective date; the citizen identity information and the card information are acquired through a second-generation identity card; binding a corresponding network user name; generating a corresponding network identity according to the user real-name identity information and a corresponding network user name; recording the serial number of the real-name authentication service;
after the real-name authentication operation is completed, the network identity server side sends the network identity identification to the internet application software client side; the network identity identification is irreducible and non-calculable, does not display any identity information of the user, and only corresponds to a unique user; the same user can use the common network identification or different network identifications in the application of different internet application software.
2. The network identity real-name authentication method based on the quick response matrix code according to claim 1, wherein the internet application software is executed for receiving the confirmation information and verifying the confirmation information; if the confirmation information is passed, converting the confirmation information into a quick response matrix code, and displaying the quick response matrix code; otherwise, terminating the real-name authentication process;
and executing the network identity service terminal software, identifying the quick response matrix code and sending the identification result to the Internet application software.
3. The network identity real-name authentication method based on the quick response matrix code according to claim 2, further comprising the following steps:
inputting a network user name, and logging in internet application software;
verifying the identity of the user, wherein the verification method adopts at least one of fingerprint identification, portrait identification, retina identification, voice identification and PIN code verification;
and after the verification is passed, the Internet application software sends the network user name to the network identity server.
4. The network identity real-name authentication method based on the quick response matrix code according to claim 1, wherein the user biometric information comprises fingerprint, voice, iris, facial facies, DNA;
the citizen identity information comprises a citizen name, an identity card number, a gender, a ethnicity and a date of birth;
the card information comprises a card body identification.
5. The network identity real-name authentication method based on the quick response matrix code according to claim 1 or 4, characterized in that the card information is entered through an identity card reader;
the output interface of the identity card reader comprises at least one of a USB interface, a Bluetooth interface and an OTG interface.
6. The network identity real-name authentication method based on the quick response matrix code according to any one of claims 2-4, characterized in that the confirmation information of the real-name authentication request is a character string generated by encrypting with a secret key to be agreed or not agreed;
the internet application software decrypts the confirmation information of the real-name authentication request through the secret key to obtain a decryption result:
if the decryption result is agreement, the Internet application software converts the confirmation information of the real-name authentication request into a quick response matrix code and displays the quick response matrix code;
if the decryption result is not approved, the Internet application software terminates the real-name authentication process.
7. The network identity real-name authentication method based on the quick response matrix code according to any one of claims 2-4, wherein the Internet application software comprises at least two authentication strengths, and the authentication strengths are set by the user according to personal security requirements.
8. The network identity real-name authentication method based on the quick response matrix code according to claim 1 or 4, wherein the step of generating the corresponding network identity according to the user real-name identity information and the corresponding network user name comprises:
converting the network application user name of the user into a character string 1;
converting the real-name identity information of the user into a character string 2;
and carrying out encryption mapping on the character string 1 and the character string 2 by adopting an SM3 password hash algorithm to obtain the network identity of the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810664215.1A CN108959883B (en) | 2018-06-25 | 2018-06-25 | Network identity real-name authentication method based on quick response matrix code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810664215.1A CN108959883B (en) | 2018-06-25 | 2018-06-25 | Network identity real-name authentication method based on quick response matrix code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108959883A CN108959883A (en) | 2018-12-07 |
| CN108959883B true CN108959883B (en) | 2021-07-09 |
Family
ID=64486636
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810664215.1A Active CN108959883B (en) | 2018-06-25 | 2018-06-25 | Network identity real-name authentication method based on quick response matrix code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108959883B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109829722B (en) * | 2019-02-22 | 2021-01-29 | 兴唐通信科技有限公司 | User identity real-name authentication method of electronic payment system |
| CN111182497A (en) * | 2019-12-27 | 2020-05-19 | 国家计算机网络与信息安全管理中心 | V2X anonymous authentication method, device and storage medium |
| CN113918918B (en) * | 2021-12-10 | 2022-04-08 | 四川华鲲振宇智能科技有限责任公司 | System and method for online unlocking of social security card and password resetting |
| CN117218684A (en) * | 2023-09-26 | 2023-12-12 | 广州像素数据技术股份有限公司 | Identity verification method, system and storage medium based on nested matrix codes |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102468959A (en) * | 2010-11-01 | 2012-05-23 | 刘延鹏 | Identity identification method based on QR code, internet and short message |
| CN105049945A (en) * | 2015-08-13 | 2015-11-11 | 中国科学院信息工程研究所 | Safety payment system and method based on smart TV multi-screen interaction |
| CN107196965A (en) * | 2017-07-04 | 2017-09-22 | 烟台大学 | A kind of secure network real name registers technology |
-
2018
- 2018-06-25 CN CN201810664215.1A patent/CN108959883B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102468959A (en) * | 2010-11-01 | 2012-05-23 | 刘延鹏 | Identity identification method based on QR code, internet and short message |
| CN105049945A (en) * | 2015-08-13 | 2015-11-11 | 中国科学院信息工程研究所 | Safety payment system and method based on smart TV multi-screen interaction |
| CN107196965A (en) * | 2017-07-04 | 2017-09-22 | 烟台大学 | A kind of secure network real name registers technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108959883A (en) | 2018-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10127378B2 (en) | Systems and methods for registering and acquiring E-credentials using proof-of-existence and digital seals | |
| US9900309B2 (en) | Methods for using digital seals for non-repudiation of attestations | |
| CN107070667B (en) | Identity authentication method | |
| CN108959883B (en) | Network identity real-name authentication method based on quick response matrix code | |
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| US20080120707A1 (en) | Systems and methods for authenticating a device by a centralized data server | |
| US20080120698A1 (en) | Systems and methods for authenticating a device | |
| EP1802155A1 (en) | System and method for dynamic multifactor authentication | |
| JP2005010826A (en) | Authentication terminal device, biometrics information authentication system and biometrics information acquisition system | |
| CA2362321A1 (en) | Digital signature providing non-repudiation based on biological indicia | |
| CN109067766A (en) | A kind of identity identifying method, server end and client | |
| WO2014141263A1 (en) | Asymmetric otp authentication system | |
| WO1999012144A1 (en) | Digital signature generating server and digital signature generating method | |
| CN109150547A (en) | A kind of system and method for the digital asset real name registration based on block chain | |
| CN112039665A (en) | Key management method and device | |
| US20080250245A1 (en) | Biometric-based document security | |
| CN109067702B (en) | Method for generating and protecting real-name system network identity | |
| CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
| KR100974815B1 (en) | System for Authenticating a Living Body Doubly | |
| WO2022042745A1 (en) | Key management method and apparatus | |
| CN110995661B (en) | Network card platform | |
| CN112329004A (en) | Method and device for face recognition and face password | |
| JP2008502045A (en) | Secure electronic commerce | |
| CN115967581A (en) | Login verification method and device, electronic equipment and storage medium | |
| JP2020024603A (en) | Authentication management device and authentication management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |