CN109543399B - Method for preventing second-generation ID card reader OCX control from being tampered - Google Patents
Method for preventing second-generation ID card reader OCX control from being tampered Download PDFInfo
- Publication number
- CN109543399B CN109543399B CN201811339533.7A CN201811339533A CN109543399B CN 109543399 B CN109543399 B CN 109543399B CN 201811339533 A CN201811339533 A CN 201811339533A CN 109543399 B CN109543399 B CN 109543399B
- Authority
- CN
- China
- Prior art keywords
- ocx
- control
- card reader
- identity
- identity card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000007246 mechanism Effects 0.000 claims abstract description 4
- 238000012795 verification Methods 0.000 claims description 17
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 230000001419 dependent effect Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 4
- 230000000694 effects Effects 0.000 claims description 3
- 230000009466 transformation Effects 0.000 claims description 3
- 238000012856 packing Methods 0.000 claims description 2
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000002452 interceptive effect Effects 0.000 abstract 1
- 238000011835 investigation Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The invention discloses a method for preventing an OCX control of a second-generation ID card reader from being tampered, which is characterized in that the OCX control of the ID card reader is transformed with a server calling interface, the effectiveness of the OCX control is encrypted and authenticated, a system provides a server side check mechanism, the ID card reader provides a client side check interface, data is encrypted, and the authenticity and the effectiveness of the control and the data of the ID card are verified in an interactive mode; the invention has the beneficial effects that: the invention can ensure the compatibility of all identity card readers, improve the authenticity of data read by the identity card readers and improve the safety of a business support system under the condition of not influencing the uniform specification of identity card reading issued by the ministry of public security by less investment.
Description
Technical Field
The invention belongs to the technical field of internet data security and tamper prevention of an OCX control of a second-generation ID card reader, and particularly relates to a method for preventing the OCX control of the second-generation ID card reader from being tampered.
Background
In the process of checking and developing the real-name system special work, the telecom operator finds out part of suspected false identity card information and enters a service system of the telecom operator for service acceptance through auditing. For such information, the false identity information is confirmed through special checking and verification. The false information is finally determined to be caused by that an identity card reading simulator OCX control is illegally installed at a small part of business terminals and is read by bypassing a real identity card reader at a Web end by auditing and searching in a business system and combining field secret visit and investigation.
The reason why the information of the second generation identity card is tampered in the system is as follows: individual illegal persons develop fake plug-ins according to the plug-in specification issued by the ministry of public security, the plug-ins meet all interfaces in the specification, and however, the identity card information is not read from an identity card reader, is input manually, and even is generated automatically.
Disclosure of Invention
The invention aims to provide a method for preventing an OCX control of a second-generation ID card reader from being tampered, so as to solve the problem that part of suspected false ID card information provided in the background technology enters a service system of a telecommunication operator for service acceptance. For such information, the false identity information is confirmed by a special check. The method comprises the steps of auditing and searching in a business system, combining with on-site dark visit and investigation, and finally determining that the false information is caused by that an identification card reading simulator OCX control is illegally installed at a small part of business terminals and the reading is carried out by bypassing a real identification card reader at a Web end.
In order to achieve the purpose, the invention provides the following technical scheme: a method for preventing the second generation ID card reader OCX control from being tampered comprises an ID card reader, a business support system foreground page and a business support system background service, wherein:
the identity card reader comprises four blocks, namely identity card reading, secretKey corresponding to APPID generation, identity information packaging, SHA1 encryption by using the secretKey and identity information combination to generate an encryption string cloudSignature _ cli;
the business support system foreground page comprises a foreground identity card clicking identity card reading button, calling an OCX control cloudReadCar method, acquiring foreground identity information, comparing cloudSignature of an identity card reader and a server side in js, and judging whether five blocks pass verification or not;
the business support system background comprises three blocks, namely a background service generation APPID, a callback BSS service storage secertKey, an SHA1 encryption module, a server side storage identity information module and an encryption string cloudSignature _ str module, wherein the three blocks are used for SHA1 encryption and are combined with the identity information module to carry out SHA1 encryption;
the OCX control of the identity card reader is transformed with a server calling interface, the effectiveness of the OCX control is encrypted and authenticated, a system provides a server side verification mechanism, the identity card reader provides a client side verification interface, data is encrypted, and the authenticity and the effectiveness of the control and the identity card data are verified interactively by two parties.
The method comprises the following steps:
the method comprises the following steps: transformation of OCX controls: the method comprises the steps of OCX reliability, an encryption algorithm, OCX and background network communication, addition of an identity card checking and reading interface, control attribute modification and provision of a background service interface for a front section calling standard; wherein:
OCX reliability: OCX guarantees that dependent dlls are not replaced;
and (3) encryption algorithm: combining some fields in the identity card with secreteKey, and generating a signature by using SHA1 algorithm;
OCX and background network communication: an interface is provided for background services and https is supported, so that the safety of data is guaranteed;
adding a verification reading ID card interface, a cloudReadCard, a function verification necessary dynamic library file, reading ID card information, generating a signature, and calling back BSS service to return a secertKey;
modifying the control attribute, and adding a read signature generated by a clodSignature method, wherein other attributes are the same as the original specification;
step two: and (3) matching and modifying a service support system: updating a card reader driving program; the ReadCard () in the original standard control is abandoned completely, and the cloudReadCard function of the new control can be used for completely replacing the ReadCard () in the original standard control; providing an http interface for acquiring the appId for the plug-in to call, and returning to the appId; providing a baseUrl address for the control, and receiving a secreteKey generated by the control; providing an APPID request; providing a function with the same encryption mode as the plug-in, and encrypting the parameters Sex + Born + CardNo + Effect Date + secret Key read by the card reader by SHA 1;
step three: and integrating the whole business process, comparing the encryption results of the card reader and the business support system, and judging whether the verification is passed.
As a preferred technical solution of the present invention, in the step one, OCX ensures that dependent dll is not replaced, and is solved by checking the file through MD 5.
Compared with the prior art, the invention has the beneficial effects that: the invention can ensure the compatibility of all identity card readers, improve the authenticity of data read by the identity card readers and improve the safety of a business support system under the condition of not influencing the uniform specification of identity card reading issued by the ministry of public security by less investment.
Drawings
FIG. 1 is a flowchart of the encryption modification of an ID card reader of the present invention;
Detailed Description
A method for preventing the second generation ID card reader OCX control from being tampered comprises an ID card reader, a business support system foreground page and a business support system background service, wherein:
the identity card reader comprises four blocks, namely identity card reading, generating secretKey corresponding to the APPID, packing identity information, and using the secretKey and the identity information to be combined for SHA1 encryption to generate an encryption string cloudSignature _ cli;
the business support system foreground page comprises a foreground clicking identity card identification reading button, calling an OCX control cloudReadCar method, acquiring foreground identity information, comparing cloudSignature of an identity card reader and a server side in js, and judging whether five blocks pass verification or not;
the business support system background comprises three blocks, namely a background service generation APPID, a callback BSS service storage secertKey, an SHA1 encryption block, a server side storage identity information block and an encryption string clioSignature _ str block, wherein the APPID is generated by the background service, the secertKey is stored by the callback BSS service, and the shA1 encryption block is generated by combining the secertKey and the identity information block;
the OCX control of the identity card reader is transformed with a server calling interface, the effectiveness of the OCX control is encrypted and authenticated, a system provides a server side verification mechanism, the identity card reader provides a client side verification interface, data is encrypted, and the authenticity and the effectiveness of the control and the identity card data are verified interactively by two parties.
The method comprises the following steps:
the method comprises the following steps: transformation of OCX controls: the method comprises the steps of OCX reliability, an encryption algorithm, OCX and background network communication, addition of an identity card checking and reading interface, control attribute modification and provision of a background service interface for a front section calling standard; wherein:
OCX reliability: OCX ensures that the dependent dll is not replaced and can be solved by checking the file by MD 5;
and (3) encryption algorithm: combining some fields in the identity card with the secreteKey, and generating a signature by using an SHA1 algorithm;
OCX and background network communication: an interface is provided for background services and https is supported, so that the safety of data is guaranteed;
adding a checking and reading ID card interface, namely a cloudReadCard (QString param), a function checking necessary dynamic library file, reading ID card information and generating a signature, and calling back BSS service to transmit a secertKey;
modifying the control attribute, and adding a read signature generated by a clodSignature method, wherein other attributes are the same as the original specification;
step two: and (3) matching and modifying a service support system: updating a card reader driving program; the ReadCard () in the original standard control is abandoned completely, and the cloudReadCard function of the new control can be used for completely replacing the ReadCard () in the original standard control; providing an http interface for acquiring the appId for the plug-in to call, and returning to the appId; providing a baseUrl address to the control for receiving a secretKey generated by the control; provide an APPID request, such as: GET http:// 127.0.0.1; providing a function with the same encryption mode as the plug-in, and encrypting SHA1 for the parameters Sex + Born + CardNO + Effect dDate + secret Key read by the card reader;
step three: and integrating the whole business process, comparing the encryption results of the card reader and the business support system, judging whether the verification is passed, if so, considering that the reading of the identity card information is successful, and if not, giving a corresponding prompt.
FIG. 1 shows a flowchart of the encryption modification of an ID card reader: the method comprises the steps that an identity card authentication reading button is clicked on a foreground interface of a business support system, a background service in the background service of the business support system generates an APPID, the APPID is returned, an OCX control cloudReadCar method is called, an APPID card is transmitted to read an identity card, or an identity information request is transmitted to a foreground identity information acquisition block, the identity card reading block then enters a secretKey corresponding to the APPID, the identity information package is performed from the secretKey corresponding to the APPID, the other segment enters a callback BSS service to store a secretKey for SHA1 encryption, the foreground identity information acquisition block also enters identity information package, after the identity information package is performed, the secretKey and the identity information are combined to perform SHA1 encryption to generate an encryption string cloudSignature _ cli, or the identity information is stored in a server, the secretKey and the identity information are combined to perform SHA1 encryption to generate an encryption string CloudSignature information, whether the identity information passes through plaintext display is judged, and whether the plaintext is wrong identity information to be displayed or not.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (3)
1. A method for preventing the second generation ID card reader OCX control from being tampered is characterized by comprising an ID card reader, a business support system foreground page and a business support system background service, wherein:
the identity card reader comprises four blocks, namely identity card reading, generating secretKey corresponding to the APPID, packing identity information, and using the secretKey and the identity information to be combined for SHA1 encryption to generate an encryption string cloudSignature _ cli;
the business support system foreground page comprises a foreground identity card clicking identity card reading button, calling an OCX control cloudReadCar method, acquiring foreground identity information, comparing cloudSignature of an identity card reader and a server side in js, and judging whether five blocks pass verification or not;
the business support system background comprises three blocks, namely a background service generation APPID, a callback BSS service storage secertKey, an SHA1 encryption block, a server side storage identity information block and an encryption string clioSignature _ str block, wherein the APPID is generated by the background service, the secertKey is stored by the callback BSS service, and the shA1 encryption block is generated by combining the secertKey and the identity information block;
the OCX control of the identity card reader is transformed with a server calling interface, the effectiveness of the OCX control is encrypted and authenticated, the system provides a server side verification mechanism, the identity card reader provides a client side verification interface, data is encrypted, and the authenticity and the effectiveness of the control and the identity card data are verified interactively by two parties.
2. The method for preventing the OCX control of the second-generation ID card reader from being tampered with as claimed in claim 1, comprising the following steps:
the method comprises the following steps: transformation of OCX controls: the method comprises the steps of OCX reliability, an encryption algorithm, OCX and background network communication, addition of an identity card checking and reading interface, control attribute modification and provision of a background service interface for a front section calling standard; wherein:
OCX reliability: OCX guarantees that dependent dlls are not replaced;
and (3) encryption algorithm: combining some fields in the identity card with the secreteKey, and generating a signature by using an SHA1 algorithm;
OCX and background network communication: an interface is provided for background services and https is supported, so that the safety of data is guaranteed;
adding a verification reading ID card interface, a cloudReadCard, a function verification necessary dynamic library file, reading ID card information, generating a signature, and calling back BSS service to return a secertKey;
modifying the control attribute, adding a read signature generated by a clodSignature method, wherein other attributes are the same as the original specification;
step two: and (3) matching and modifying a service support system: updating a card reader driving program; the ReadCard () in the original standard control is abandoned completely, and the cloudReadCard function of the new control can be used for completely replacing the ReadCard () in the original standard control; providing an http interface for acquiring an APPID, calling a plug-in unit, and returning to the APPID; providing a baseUrl address for the control, and receiving a secreteKey generated by the control; providing an APPID request; providing a function with the same encryption mode as the plug-in, and encrypting the parameters Sex + Born + CardNo + Effect Date + secret Key read by the card reader by SHA 1;
step three: and integrating the whole business process, comparing the encryption results of the card reader and the business support system, and judging whether the verification is passed.
3. The method for preventing the second generation ID card reader OCX control from being tampered according to claim 2, wherein: in the first step, OCX ensures that the dependent dll is not replaced, and the problem is solved by checking the file through MD 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811339533.7A CN109543399B (en) | 2018-11-12 | 2018-11-12 | Method for preventing second-generation ID card reader OCX control from being tampered |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811339533.7A CN109543399B (en) | 2018-11-12 | 2018-11-12 | Method for preventing second-generation ID card reader OCX control from being tampered |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109543399A CN109543399A (en) | 2019-03-29 |
| CN109543399B true CN109543399B (en) | 2022-12-23 |
Family
ID=65846798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811339533.7A Active CN109543399B (en) | 2018-11-12 | 2018-11-12 | Method for preventing second-generation ID card reader OCX control from being tampered |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109543399B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110175305B (en) * | 2019-05-05 | 2022-03-11 | 中国银行股份有限公司 | Data processing method, data processing device, computer equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102117405A (en) * | 2011-03-02 | 2011-07-06 | 苏州圣桥华玺信息安全技术有限公司 | Identity card reader |
| CN104361489A (en) * | 2014-11-03 | 2015-02-18 | 上海众人科技有限公司 | Sensitive information identification system and sensitive information identification method |
| CN104573592A (en) * | 2015-01-07 | 2015-04-29 | 歌尔声学股份有限公司 | Integrating method and device for PEOPLESOFT HRMS platform and identity card reader |
| CN105187219A (en) * | 2015-09-30 | 2015-12-23 | 山东信通电子股份有限公司 | Method for preventing tampering of identity information in real name authentication |
| CN105915549A (en) * | 2016-06-20 | 2016-08-31 | 公安部第三研究所 | Secure communication system and method for online read of physical identity card |
| CN106027250A (en) * | 2015-11-10 | 2016-10-12 | 天地融科技股份有限公司 | Identity card information safety transmission method and system |
| CN107172008A (en) * | 2017-04-01 | 2017-09-15 | 北京芯盾时代科技有限公司 | A kind of system and method for carrying out multisystem certification and synchronization in a mobile device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8176563B2 (en) * | 2000-11-13 | 2012-05-08 | DigitalDoors, Inc. | Data security system and method with editor |
| CN101002217A (en) * | 2004-05-18 | 2007-07-18 | 西尔弗布鲁克研究有限公司 | Pharmaceutical product tracking |
| US8468244B2 (en) * | 2007-01-05 | 2013-06-18 | Digital Doors, Inc. | Digital information infrastructure and method for security designated data and with granular data stores |
-
2018
- 2018-11-12 CN CN201811339533.7A patent/CN109543399B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102117405A (en) * | 2011-03-02 | 2011-07-06 | 苏州圣桥华玺信息安全技术有限公司 | Identity card reader |
| CN104361489A (en) * | 2014-11-03 | 2015-02-18 | 上海众人科技有限公司 | Sensitive information identification system and sensitive information identification method |
| CN104573592A (en) * | 2015-01-07 | 2015-04-29 | 歌尔声学股份有限公司 | Integrating method and device for PEOPLESOFT HRMS platform and identity card reader |
| CN105187219A (en) * | 2015-09-30 | 2015-12-23 | 山东信通电子股份有限公司 | Method for preventing tampering of identity information in real name authentication |
| CN106027250A (en) * | 2015-11-10 | 2016-10-12 | 天地融科技股份有限公司 | Identity card information safety transmission method and system |
| CN105915549A (en) * | 2016-06-20 | 2016-08-31 | 公安部第三研究所 | Secure communication system and method for online read of physical identity card |
| CN107172008A (en) * | 2017-04-01 | 2017-09-15 | 北京芯盾时代科技有限公司 | A kind of system and method for carrying out multisystem certification and synchronization in a mobile device |
Non-Patent Citations (2)
| Title |
|---|
| History-based trust negotiation model;Yizhu Zhao;《Journal of Shanghai University(English Edition)》;20090415(第02期);244-250 * |
| 身份证识别系统行业解决方案;何兰;《警察技术》;20070507(第03期);135-141 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109543399A (en) | 2019-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103295046B (en) | The method and apparatus generated and use safe Quick Response Code | |
| CN112333198B (en) | Secure cross-domain login method, system and server | |
| AU2012345478B2 (en) | A method of generation and transmission of secure tokens based on tokens generated by TRNG and split into shares and the system thereof | |
| CN107124281B (en) | Data security method and related system | |
| US20070028111A1 (en) | Methods and apparatus for authentication of content delivery and playback applications | |
| WO2018145127A1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| CN109039652B (en) | Digital certificate generation and application method | |
| CN107633402B (en) | Method and system for aggregation authentication | |
| CN111343179B (en) | Real-time consensus method and device for authenticity of data on link | |
| CN113472521A (en) | Block chain-based real-name digital identity management method, signature device and verification device | |
| CN111753278A (en) | Comprehensive management system and method for electronic copyright authentication certificate | |
| CN108900472B (en) | Information transmission method and device | |
| CN104657860A (en) | Mobile banking security authentication method | |
| KR20130021126A (en) | Image-based user authentication method, and computer readable recording medium storing program for the same | |
| CN109543399B (en) | Method for preventing second-generation ID card reader OCX control from being tampered | |
| CN110677261A (en) | Credible two-dimensional code generation method and device, electronic equipment and storage medium | |
| CN111553450B (en) | Two-dimensional code generation and verification method and device | |
| CN112202794A (en) | Transaction data protection method and device, electronic equipment and medium | |
| GB2449240A (en) | Conducting secure online transactions using CAPTCHA | |
| CN115150193A (en) | Method and system for encrypting sensitive information in data transmission and readable storage medium | |
| CN110740112B (en) | Authentication method, apparatus and computer readable storage medium | |
| CN117097562B (en) | Safe centralized signature method and system | |
| CN114499902B (en) | Safety camera system based on digital watermarking technology and application method thereof | |
| CN115037744B (en) | Method and device for circulation of blockchain certificates, storage medium and management platform | |
| CN114978681B (en) | Service application authorization method and device based on block chain and processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |