CN109635654A - A kind of certificate chain electronic agent card system - Google Patents

Abstract

A kind of certificate chain electronic agent card system, the system carry out authentication, biometric authentication and certificate verification to business administration people by multicenter authentication module, pass through the storage verifying of multicenter memory module and record；Administrator initiates to generate electronic agent card in electronic agent card terminal or electronics joins card request, electronic agent card server receives request, authorization business-electronic license ID and authorized business-electronic license ID is obtained by more certificate center modules, business-electronic license ID will be authorized, it is authorized to business-electronic license ID and authorization message, pass through the combination of Encryption Algorithm combination random number, it generates unique business-electronic agent certificate or business-electronic joins card, authentication can be with the identity information for the true and false and verifying holder that real-time verification electronic agent is demonstrate,proved, prevent letter of attorment to be forged, the phenomenon that being tampered.

Description

A kind of certificate chain electronic agent card system

Technical field

The present invention relates to electronics license technical fields, more specifically, are related to a kind of certificate chain electronic agent card system.

Background technique

Letter of attorment is to prove that agent has the written confirmation of attorneyship, and in agency by agreement, the act of authorization is used In writing form be letter of authority be letter of attorment, in legal agency, letter of attorment, which refers to, is able to demonstrate that agent's identity Documentary evidence, such as the certificate of identity of residence booklet, public security organ；In authorized agency, law court or specified organ it is specified Book is letter of attorment.And there are shortcoming and defect below for common papery letter of attorment:

1, papery letter of attorment has greatly not portable, the easy to be lost, risk that is tampered, forges.In papery agent certificate Using in management process, found much to forge agent certificate, site administrator is hard to distinguish between the true and false；

2, papery letter of attorment cannot effectively identify devolution enterprise and authorized agency shop, i.e., can not distinguish and hold generation Whether the agent of reason certificate is veritably authorized；

3, papery letter of attorment does not have effective discrimination method that trans-departmental and cross-system uses；

4, the terminal data collecting efficiency of papery letter of attorment relies on artificial mode substantially, and efficiency and accuracy rate are lower.Therefore, It is necessary to the generations to existing letter of attorment to be further improved with verifying.

Summary of the invention

In the presence of overcoming the shortcomings of the prior art, the present invention provides a kind of certificate chain electronic agent card system, solution Never portable, easy to be lost, easy forgery and easy the problem of distorting, efficiency and accuracy rate are high.

In order to solve the above-mentioned technical problem, the technical scheme adopted by the invention is as follows:

A kind of certificate chain electronic agent card system, which includes electronic agent card terminal and electronic agent demonstrate,proves server, described Electronic agent card terminal is provided with information acquisition module, multicenter authentication module and multicenter memory module, the electronic agent Card server is provided with more certificate center modules, and the electronic agent card system terminal wirelessly connects with electronic agent card server It connects；

The information acquisition module includes identity information acquisition device, biomedical information acquisition device and certificate-information acquiring device, described Identity information acquisition device is used to acquire the ID card information of registrant, the biomedical information acquisition device include face acquisition unit with Fingerprint collecting unit, the certificate-information acquiring device is for acquiring enterprise's certificate information and proxy information；

The multicenter authentication module includes identity authenticating unit, biometric verification unit and certificate verification unit, and the identity is tested Demonstrate,prove comparison of the unit for the identity information of identity information acquisition device acquisition and the face information of biomedical information acquisition device acquisition, institute It states biometric verification unit and is used for the finger print information of biomedical information acquisition device acquisition and the finger print information for being reserved in biological information library It compares, the certificate verification unit is used for the audit of enterprise's certificate information；

The multicenter memory module is used to store the acquisition information of information acquisition module, the verifying note of multicenter authentication module Record；

The electronic agent card server obtains authorization business-electronic license ID and authorized enterprise by more certificate center modules Electronics license ID by authorization business-electronic license ID, is authorized to business-electronic license ID and authorization message, passes through Encryption Algorithm knot Random number is closed, unique business-electronic agent certificate is generated or business-electronic joins card.Random number is automatic by Generating Random Number It generates, the business-electronic agent certificate or business-electronic of generation are joined card and presented with quick response code form, and random number can guarantee two dimension Code is dynamic, safe.

Further, Encryption Algorithm is combined using existing symmetric encipherment algorithm AES and rivest, shamir, adelman RSA Key algorithm.

Further, the terminal include processor, it is memory, the information acquisition module, multicenter authentication module, more Certificate center module and the storage of multicenter memory module on a memory, and can be run in the processor.

Further, the identity information acquisition device, biomedical information acquisition device and certificate-information acquiring device are and electronics generation Reason card terminal passes through the specific installation being electrically connected or the component being integrated into a whole with electronic agent card terminal device.

Further, a kind of certificate chain electronic agent demonstrate,proves system, and registration, electronic agent card including electronic agent card are tested The cancellation that card, the change of electronic agent card and electronic agent are demonstrate,proved.

Further, electronic agent card registration the following steps are included:

The administrator that S1, business entity authorize demonstrate,proves terminal by electronic agent and enters electronic agent card system, applies in the terminal It is registered；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology The face acquisition unit for ceasing collector obtains face information, is identified to face, feature extraction, and extract corresponding face Characteristic information；Finger print information is obtained by fingerprint collecting unit, extracts fingerprint feature information from the finger print information of acquisition, Face characteristic information and fingerprint feature information are transferred to multicenter authentication module, and initiate identity information to multicenter authentication module It is requested with biometric information verification；

S3, multicenter authentication module the identity authenticating unit face information and identity card that will acquire on human face photo compared It is right, it is stored by multicenter memory module and saves comparison record；Biometric verification unit will verify finger print information, and reserved Finger print information in biological information library is compared, and saves verifying record by multicenter memory module；

If S4, identity information and biometric information verification pass through, administrator enters electronic agent card terminal, passes through information collection mould The certificate-information acquiring device of block connection acquires enterprise's certificate information, and initiates checking request to multicenter authentication module；

S5, multicenter authentication module certificate verification unit enterprise's certificate information will be verified, save verifying record；If License is verified, then stores verifying record by multicenter memory module, verification result is returned to electronic agent and demonstrate,proves terminal；

The certificate-information acquiring device typing proxy information or join information that S6, administrator are connected by information acquisition module, including It authorizes enterprise, be authorized to enterprise, authorization time and authorized content, and initiate proxy information audit to electronic agent card server and ask It asks, electronic agent card server audits the agency to enterprise or the authorization message joined, if with proxy information data Proxy information in library or the information of joining joined in database match, then audit passes through, and are deposited by multicenter memory module Store up audit logging；

S7, electronic agent card server obtain the electronics license ID for authorizing enterprise and authorized enterprise by more certificate center modules Electronics license ID, will authorization business-electronic license ID, be authorized to business-electronic license ID, authorization time and authorized content, lead to Encryption Algorithm combination random number is crossed, unique electronic agent card is generated or electronics joins card, electronic agent card or electronics are joined Card returns to electronic agent and demonstrate,proves terminal；

If business administration people applies generating agent certificate service, business-electronic agent certificate is generated；If administrator's application is joined Card service, then generate business-electronic and join card；

S8, administrator receive the prompting message that registration is completed in electronic agent card terminal, then succeed in registration.

Further, electronic agent card verifying the following steps are included:

S1, authentication demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application is verified；

S2, the ID card information that authentication is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology It ceases collector and obtains face information and finger print information, and asked to multicenter authentication module initiation identity information and biometric information verification It asks；

S3, multicenter authentication module the identity authenticating unit face information and identity card that will acquire on human face photo compared It is right, it is stored by multicenter memory module and compares record, biometric verification unit will verify finger print information, and be reserved in life The finger print information of object information bank is compared, and saves verifying record by multicenter memory module；

If S4, identity information are consistent with biological information comparison, the identity real name certification of authentication passes through, and verification result is returned Telegram in reply sub-agent demonstrate,proves terminal；Authentication enters the verifying application of electronic agent card terminal, and scanning is verified the electronic agent of enterprise Card two dimensional code or electronics join card two dimensional code；

S5, the electronic agent for being verified enterprise is demonstrate,proved two-dimensional barcode information to electronic agent card server or electronics joins card two dimensional code letter Breath is decoded operation, by decoded authorization enterprise's license ID, is authorized to information progress of enterprise's license ID with certificate database Matching, decoded proxy information is matched with the information in proxy database；

Verified if authentication joins card to business-electronic, electronic agent card server electronics will be joined card two dimensional code into Row parsing, matching operation, if decoded, to join information consistent with the information matches joined in database, is verified；

If S6, matching are consistent, it is proved to be successful, verifying record is stored by multicenter memory module, verification result is returned Telegram in reply sub-agent card terminal, authentication and be verified enterprise, authentication and be verified enterprise can be by multicenter memory module Check verifying record.

Further, electronic agent card change the following steps are included:

S1, business administration people demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application changes；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology Collector acquisition face information and finger print information are ceased, and is asked to multicenter authentication module initiation identity information and biometric information verification It asks；

S3, multicenter authentication module identity authenticating unit will to the human face photo of acquisition carry out testimony of a witness uniformity comparison, biology Authentication unit will verify finger print information, store verifying record by multicenter memory module；If the identity of administrator Real-name authentication passes through, and verification result is returned to electronic agent and demonstrate,proves terminal；

S4, administrator need devolution information to be changed or authorization by the information acquisition device typing that information acquisition module connects Join information, and initiates the signal auditing request that authorizes a change to electronic agent card server；

S5, electronic agent card server will audit modification information, save audit logging by multicenter memory module；Such as Fruit audit passes through, and auditing result is returned to electronic agent and demonstrate,proves terminal, electronic agent demonstrate,proves the electronic agent that server will generate change Card or the electronics of change join card, and change electronic agent card or change electronics are joined card and are sent to electronic agent card terminal and pipe Manage people；

S6, administrator receive the prompting message that change is completed in electronic agent card terminal, then change completion.

Further, electronic agent card cancellation the following steps are included:

S1, business administration people demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application is unregistered；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology The face acquisition unit for ceasing collector obtains face information, extracts face characteristic information, passes through the finger of biomedical information acquisition device Line acquisition unit obtains finger print information, and the characteristic information that takes the fingerprint, and sends face characteristic information and fingerprint feature information to Multicenter authentication module；

The identity authenticating unit face information and identity authenticating unit that acquire biometric verification unit of S3, multicenter authentication module The human face photo of the identity card of acquisition is compared, by the finger print information of biometric verification unit acquisition and the finger print information reserved It is compared, is stored by multicenter memory module and compare record；

If S4, identity information are consistent with biological information comparison, verification result is returned into electronic agent and demonstrate,proves terminal, administrator is logical Identity real name certification is crossed, initiates de-registration request in electronic agent card terminal；

S5, electronic agent card server receive de-registration request, the data of de-registration request will be audited, will nullify data with The data reserved in proxy database are matched, if matching is consistent, electronic agent card terminal backstage will freeze authorization enterprise Industry, the proxy information for being authorized to enterprise；

S6, administrator receive the prompting message nullified and completed in electronic agent card terminal, then nullifying terminates.

Further, the multicenter memory module is stored using distributed storage mode.

Compared with prior art, the advantageous effect of present invention is that:

The present invention provides a kind of certificate chain electronic agents to demonstrate,prove system, carries out body to business administration people by multicenter authentication module Part verifying, biometric authentication and certificate verification pass through multicenter memory module and store verifying record；Administrator demonstrate,proves eventually in electronic agent End initiates to generate electronic agent card request, and electronic agent card server receives request, awarded by the acquisition of more certificate center modules Business-electronic license ID and authorized business-electronic license ID is weighed, by authorization business-electronic license ID, is authorized to business-electronic card Unique business-electronic agent certificate is generated by the combination of Encryption Algorithm combination random number according to ID and agent certificate information, it can To realize anti-counterfeiting, anti-tamper, authentication can with the identity information for the true and false and verifying holder that real-time verification electronic agent is demonstrate,proved, Market surpervision department can some sale for acting on behalf of commodity of real-time monitoring, prevented the phenomenon that letter of attorment is forged, is tampered, beaten Illegal agency is hit, a transparent, just environment is provided for the commodity purchasing of people and transaction, is provided for social market order Good guarantee.

Detailed description of the invention

Fig. 1 is the product process schematic diagram of certificate chain electronic agent of the present invention card；

Fig. 2 is the verifying flow diagram of certificate chain electronic agent of the present invention card；

Fig. 3 is the changing process schematic diagram of certificate chain electronic agent of the present invention card；

Fig. 4 is the logout flow path schematic diagram of certificate chain electronic agent of the present invention card.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

A kind of certificate chain electronic agent card system, the system include that electronic agent card terminal and electronic agent demonstrate,prove server, The electronic agent card terminal is provided with information acquisition module, multicenter authentication module and multicenter memory module, the electronics Agent certificate server is provided with more certificate center modules, and the electronic agent card system terminal and electronic agent card server are wireless Connection；

The information acquisition module includes identity information acquisition device, biomedical information acquisition device and certificate-information acquiring device, described Identity information acquisition device is used to acquire the ID card information of registrant, the biomedical information acquisition device include face acquisition unit with Fingerprint collecting unit, the certificate-information acquiring device is for acquiring enterprise's certificate information and proxy information；

The multicenter authentication module includes identity authenticating unit, biometric verification unit and certificate verification unit, and the identity is tested Demonstrate,prove comparison of the unit for the identity information of identity information acquisition device acquisition and the face information of biomedical information acquisition device acquisition, institute It states biometric verification unit and is used for the finger print information of biomedical information acquisition device acquisition and the finger print information for being reserved in biological information library It compares, the certificate verification unit is used for the audit of enterprise's certificate information；

The multicenter memory module is used to store the acquisition information of information acquisition module, the verifying note of multicenter authentication module Record；

The electronic agent card server obtains authorization business-electronic license ID and authorized enterprise by more certificate center modules Electronics license ID by authorization business-electronic license ID, is authorized to business-electronic license ID and authorization message, passes through Encryption Algorithm knot The combination for closing random number, generates unique business-electronic agent certificate or business-electronic joins card.

In the present embodiment, the Encryption Algorithm uses existing symmetric encipherment algorithm AES and rivest, shamir, adelman RSA The key algorithm combined, encryption encrypt data to be encrypted first with AES key；Then RSA public key pair is utilized AES key is encrypted；Decryption is decrypted the AES key by encryption using RSA private key；Recycle AES key decryption Ciphertext obtains in plain text.

In the present embodiment, electronic agent card terminal includes processor, memory, the information acquisition module, more Central authentication module and the storage of multicenter memory module on a memory, and can be run in the processor.Wherein processor One or more can be used with memory, program is stored in memory, and is configured to be executed by processor, processing When device executes the program, the step of electronic agent demonstrate,proves the application method of system is realized.

The electronic agent card terminal device can be portable telephone terminal, desktop PC, notebook, palm electricity Brain and cloud server etc. calculate equipment.The electronic agent card terminal device may include, but be not limited only to, processor, storage Device, such as electronic agent card terminal device can also include input-output equipment, network access equipment, bus etc..It is described Electronic agent demonstrate,proves terminal when being computer, and computer program can be divided into one or more modules in computer, and described one A or multiple modules are stored in the memory, and are executed by the processor, to complete the present invention.It is one or Multiple modules can be the series of computation machine program instruction section that can complete specific function, the instruction segment by describe it is described based on Implementation procedure of the calculation machine program in electronic agent card terminal device.For example, the computer program can be divided into Information acquisition module, multicenter authentication module and multicenter memory module.

The processor can be central processing unit (Central Processing Unit, CPU), can also be it His general processor, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic device Part, discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processing Device etc., the processor is the control centre of the electronic agent card terminal device, entire using various interfaces and connection The various pieces of electronic agent card terminal device.

The memory can be used for storing the module, and the processor is stored in the memory by operation or execution Interior module, and the data being stored in memory are called, realize the various functions of the electronic agent card.The memory It can mainly include storing program area and storage data area, wherein storing program area can storage program area, at least one function institute The application program (such as fingerprint recognition, fingerprint authentication etc.) etc. needed；Storage data area can be stored to be created according to using for mobile phone Data (such as finger print information, electronics certificate information etc.) etc..In addition, memory may include high-speed random access memory, It can also include nonvolatile memory, such as hard disk, memory, plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card), at least one disk storage Device, flush memory device or other volatile solid-state parts.

In the present embodiment, the identity information acquisition device, biomedical information acquisition device and certificate-information acquiring device are existing Equipment or module, the identity information acquisition device, biomedical information acquisition device and certificate-information acquiring device can be, but be not limited only to Identity card reader, fingerprint capturer, camera, scanner；The identity information acquisition device, biomedical information acquisition device and certificate Information acquisition device is to pass through the specific installation being electrically connected with electronic agent card terminal or demonstrate,prove terminal device with electronic agent to be combined into The component of one entirety.

A kind of registration of certificate chain electronic agent card system electronic agent certificate the following steps are included:

The administrator that S1, business entity authorize demonstrate,proves terminal by electronic agent and enters electronic agent card system, applies in the terminal It is registered；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology The face acquisition unit for ceasing collector obtains face information, is identified to face, feature extraction, and extract corresponding face Characteristic information；Finger print information is obtained by fingerprint collecting unit, extracts fingerprint feature information from the finger print information of acquisition, Face characteristic information and fingerprint feature information are transferred to multicenter authentication module, and initiate identity information to multicenter authentication module It is requested with biometric information verification；

S3, multicenter authentication module the identity authenticating unit face information and identity card that will acquire on human face photo compared It is right, it is stored by multicenter memory module and saves comparison record；Biometric verification unit will verify finger print information, and reserved Finger print information in biological information library is compared, and saves verifying record by multicenter memory module；

If S4, identity information and biometric information verification pass through, administrator enters electronic agent card terminal, passes through information collection mould The certificate-information acquiring device of block connection acquires enterprise's certificate information, and initiates checking request to multicenter authentication module；

S5, multicenter authentication module certificate verification unit enterprise's certificate information will be verified, save verifying record；If License is verified, then stores verifying record by multicenter memory module, verification result is returned to electronic agent and demonstrate,proves terminal；

The certificate-information acquiring device typing proxy information or join information that S6, administrator are connected by information acquisition module, including It authorizes enterprise, be authorized to enterprise, authorization time and authorized content, and initiate proxy information audit to electronic agent card server and ask It asks, electronic agent card server audits the agency to enterprise or the authorization message joined, if with proxy information data Proxy information in library or the information of joining joined in database match, then audit passes through, and are deposited by multicenter memory module Store up audit logging；

S7, electronic agent card server obtain the electronics license ID for authorizing enterprise and authorized enterprise by more certificate center modules Electronics license ID, will authorization business-electronic license ID, be authorized to business-electronic license ID, authorization time and authorized content, lead to The combination for crossing Encryption Algorithm combination random number, generates unique electronic agent card or electronics joins card, and electronic agent is demonstrate,proved Or electronics joins card and returns to electronic agent card terminal；

If business administration people applies generating agent certificate service, business-electronic agent certificate is generated；If administrator's application is joined Card service, then generate business-electronic and join card；

S8, administrator receive the prompting message that registration is completed in electronic agent card terminal, then succeed in registration.

As shown in Fig. 2, the verifying of certificate chain electronic agent card system electronic agent certificate the following steps are included:

S1, authentication demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application is verified；

S2, the ID card information that authentication is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology It ceases collector and obtains face information and finger print information, and asked to multicenter authentication module initiation identity information and biometric information verification It asks；

S3, multicenter authentication module the identity authenticating unit face information and identity card that will acquire on human face photo compared It is right, it is stored by multicenter memory module and compares record, biometric verification unit will verify finger print information, and be reserved in life The finger print information of object information bank is compared, and saves verifying record by multicenter memory module；

If S4, identity information are consistent with biological information comparison, the identity real name certification of authentication passes through, and verification result is returned Telegram in reply sub-agent demonstrate,proves terminal；Authentication enters the verifying application of electronic agent card terminal, and scanning is verified the electronic agent of enterprise Card two dimensional code or electronics join card two dimensional code；

S5, the electronic agent for being verified enterprise is demonstrate,proved two-dimensional barcode information to electronic agent card server or electronics joins card two dimensional code letter Breath is decoded operation, by decoded authorization enterprise's license ID, is authorized to information progress of enterprise's license ID with certificate database Matching, decoded proxy information is matched with the information in proxy database；

Verified if authentication joins card to business-electronic, electronic agent card server electronics will be joined card two dimensional code into Row parsing, matching operation, if decoded, to join information consistent with the information matches joined in database, is verified；

If S6, matching are consistent, it is proved to be successful, verifying record is stored by multicenter memory module, verification result is returned Telegram in reply sub-agent card terminal, authentication and be verified enterprise, authentication and be verified enterprise can be by multicenter memory module Check verifying record.

As shown in figure 3, the change of certificate chain electronic agent card system electronic agent certificate the following steps are included:

S1, business administration people demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application changes；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology Collector acquisition face information and finger print information are ceased, and is asked to multicenter authentication module initiation identity information and biometric information verification It asks；

S3, multicenter authentication module identity authenticating unit will to the human face photo of acquisition carry out testimony of a witness uniformity comparison, biology Authentication unit will verify finger print information, store verifying record by multicenter memory module；If the identity of administrator Real-name authentication passes through, and verification result is returned to electronic agent and demonstrate,proves terminal；

S4, administrator need devolution information to be changed or authorization by the information acquisition device typing that information acquisition module connects Join information, and initiates the signal auditing request that authorizes a change to electronic agent card server；

S5, electronic agent card server will audit modification information, save audit logging by multicenter memory module；Such as Fruit audit passes through, and auditing result is returned to electronic agent and demonstrate,proves terminal, electronic agent demonstrate,proves the electronic agent that server will generate change Card or the electronics of change join card, and change electronic agent card or change electronics are joined card and are sent to electronic agent card terminal and pipe Manage people；

S6, administrator receive the prompting message that change is completed in electronic agent card terminal, then change completion.

As shown in figure 4, the cancellation of certificate chain electronic agent card system electronic agent certificate the following steps are included:

S1, business administration people demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application is unregistered；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology The face acquisition unit for ceasing collector obtains face information, extracts face characteristic information, passes through the finger of biomedical information acquisition device Line acquisition unit obtains finger print information, and the characteristic information that takes the fingerprint, and sends face characteristic information and fingerprint feature information to Multicenter authentication module；

The identity authenticating unit face information and identity authenticating unit that acquire biometric verification unit of S3, multicenter authentication module The human face photo of the identity card of acquisition is compared, by the finger print information of biometric verification unit acquisition and the finger print information reserved It is compared, is stored by multicenter memory module and compare record；

If S4, identity information are consistent with biological information comparison, verification result is returned into electronic agent and demonstrate,proves terminal, administrator is logical Identity real name certification is crossed, initiates de-registration request in electronic agent card terminal；

S5, electronic agent card server receive de-registration request, the data of de-registration request will be audited, will nullify data with The data reserved in proxy database are matched, if matching is consistent, electronic agent card terminal backstage will freeze authorization enterprise Industry, the proxy information for being authorized to enterprise；

S6, administrator receive the prompting message nullified and completed in electronic agent card terminal, then nullifying terminates.

In the present embodiment, the multicenter memory module is stored using distributed storage mode.

General processor, digital signal processor (DSP), dedicated integrated electricity can be used in the various modules of the present embodiment description It is road (ASIC), FPGA field programmable gate array (FPGA) or other programmable logic device, discrete door or transistor logic, discrete Hardware component or its any combination for being designed to carry out function described herein realize or execute.General processor can be with It is microprocessor, but in alternative, which can be any conventional processor, controller, microcontroller or shape State machine.Processor is also implemented as calculating the combination of equipment, for example, the combination of DSP and microprocessor, multi-microprocessor, The one or more microprocessors to cooperate with DSP core or any other such configuration.

If the integrated module of the electronic agent card terminal device is realized in the form of SFU software functional unit and as only Vertical product when selling or using, can store in a computer readable storage medium.Based on this understanding, this hair The bright all or part of the process realized in above-mentioned implementation method, can also instruct relevant hardware come complete by computer program At the computer program can be stored in a computer readable storage medium, which is being executed by processor When, it can be achieved that the step of above-described embodiment.Wherein, the computer program includes computer program code, the computer journey Sequence code can be source code form, object identification code form, executable file or certain intermediate forms etc..It is described computer-readable Medium may include: any entity or device, recording medium, USB flash disk, mobile hard that can carry the computer program code Disk, magnetic disk, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It needs to illustrate It is that the content that the computer-readable medium includes can be fitted according to the requirement made laws in jurisdiction with patent practice When increase and decrease.

It can directly in hardware or be stored in terminal chip in the method or algorithm of the present embodiment description, be held by processor It is embodied in capable software module or in combination of the two.Software module can reside in RAM memory, flash memory, ROM storage In device, register, hard disk, removable disk or this field in the storage medium of other forms.Exemplary storage medium couples everywhere Device is managed so that information can be written from the read information or to the storage medium in the processor.

Only presently preferred embodiments of the present invention is explained in detail above, but the present invention is not limited to above-described embodiment, Within the knowledge of a person skilled in the art, it can also make without departing from the purpose of the present invention each Kind variation, various change should all be included in the protection scope of the present invention.

Claims (10)

1. a kind of certificate chain electronic agent demonstrate,proves system, it is characterised in that the system includes electronic agent card terminal and electronic agent card Server, the electronic agent card terminal are provided with information acquisition module, multicenter authentication module and multicenter memory module, institute It states electronic agent card server and is provided with more certificate center modules, the electronic agent card system terminal and electronic agent card service Device is wirelessly connected；

The information acquisition module includes identity information acquisition device, biomedical information acquisition device and certificate-information acquiring device, described Identity information acquisition device is used to acquire the ID card information of registrant, the biomedical information acquisition device include face acquisition unit with Fingerprint collecting unit, the certificate-information acquiring device is for acquiring enterprise's certificate information and proxy information；

The multicenter authentication module includes identity authenticating unit, biometric verification unit and certificate verification unit, and the identity is tested Demonstrate,prove ratio of the unit for the identity information comparison of identity information acquisition device acquisition and the face information of biomedical information acquisition device acquisition Right, finger print information of the biometric verification unit for the acquisition of biomedical information acquisition device is believed with the fingerprint for being reserved in biological information library The comparison of breath, the certificate verification unit are used for the audit of enterprise's certificate information；

The multicenter memory module is used to store the acquisition information of information acquisition module, the verifying note of multicenter authentication module Record；

The electronic agent card server obtains authorization business-electronic license ID and authorized enterprise by more certificate center modules Electronics license ID by authorization business-electronic license ID, is authorized to business-electronic license ID and authorization message, passes through Encryption Algorithm knot Random number is closed, unique business-electronic agent certificate is generated or business-electronic joins card.

2. certificate chain electronic agent according to claim 1 demonstrate,proves system, it is characterised in that the Encryption Algorithm is using symmetrical The key algorithm that Encryption Algorithm AES and rivest, shamir, adelman RSA are combined.

3. certificate chain electronic agent according to claim 1 demonstrate,proves system, it is characterised in that the multicenter memory module is adopted It is stored with distributed storage mode.

4. certificate chain electronic agent according to any one of claim 1-3 demonstrate,proves system, it is characterised in that the electronics generation Reason card terminal includes processor, memory, and the information acquisition module, multicenter authentication module and multicenter memory module are deposited Storage on a memory, and can be run in the processor.

5. certificate chain electronic agent according to any one of claim 1-3 demonstrate,proves system, it is characterised in that the identity letter Breath collector, biomedical information acquisition device and certificate-information acquiring device are to pass through the specific installation being electrically connected with electronic agent card terminal Or the component being integrated into a whole with electronic agent card terminal device.

6. certificate chain electronic agent according to any one of claim 1-3 demonstrate,proves system, it is characterised in that including electronics generation Manage the cancellation of the registration of card, the verifying of electronic agent card, the change of electronic agent card and electronic agent card.

7. certificate chain electronic agent according to claim 6 demonstrate,proves system, it is characterised in that the registration of the electronic agent card The following steps are included:

The administrator that S1, business entity authorize demonstrate,proves terminal by electronic agent and enters electronic agent card system, applies in the terminal It is registered；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology The face acquisition unit for ceasing collector obtains face information, is identified to face, feature extraction, and extract corresponding face Characteristic information；Finger print information is obtained by fingerprint collecting unit, extracts fingerprint feature information from the finger print information of acquisition, Face characteristic information and fingerprint feature information are transferred to multicenter authentication module, and initiate identity information to multicenter authentication module It is requested with biometric information verification；

S3, multicenter authentication module the identity authenticating unit face information and identity card that will acquire on human face photo compared It is right, it is stored by multicenter memory module and saves comparison record；Biometric verification unit will verify finger print information, and reserved Finger print information in biological information library is compared, and saves verifying record by multicenter memory module；

If S4, identity information and biometric information verification pass through, administrator enters electronic agent card terminal, passes through information collection mould The certificate-information acquiring device of block connection acquires enterprise's certificate information, and initiates checking request to multicenter authentication module；

S5, multicenter authentication module certificate verification unit enterprise's certificate information will be verified, save verifying record；If License is verified, then stores verifying record by multicenter memory module, verification result is returned to electronic agent and demonstrate,proves terminal；

The certificate-information acquiring device typing proxy information or join information that S6, administrator are connected by information acquisition module, including It authorizes enterprise, be authorized to enterprise, authorization time and authorized content, and initiate proxy information audit to electronic agent card server and ask It asks, electronic agent card server audits the agency to enterprise or the authorization message joined, if with proxy information data Proxy information in library or the information of joining joined in database match, then audit passes through, and are deposited by multicenter memory module Store up audit logging；

S7, electronic agent card server obtain the electronics license ID for authorizing enterprise and authorized enterprise by more certificate center modules Electronics license ID, will authorization business-electronic license ID, be authorized to business-electronic license ID, authorization time and authorized content, lead to Encryption Algorithm combination random number is crossed, unique electronic agent card is generated or electronics joins card, electronic agent card or electronics are joined Card returns to electronic agent and demonstrate,proves terminal；

If business administration people applies generating agent certificate service, business-electronic agent certificate is generated；If administrator's application is joined Card service, then generate business-electronic and join card；

S8, administrator receive the prompting message that registration is completed in electronic agent card terminal, then succeed in registration.

8. a kind of certificate chain electronic agent according to claim 6 demonstrate,proves system, it is characterised in that the electronic agent card Verifying the following steps are included:

S1, authentication demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application is verified；

S2, the ID card information that authentication is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology It ceases collector and obtains face information and finger print information, and asked to multicenter authentication module initiation identity information and biometric information verification It asks；

S3, multicenter authentication module the identity authenticating unit face information and identity card that will acquire on human face photo compared It is right, it is stored by multicenter memory module and compares record, biometric verification unit will verify finger print information, and be reserved in life The finger print information of object information bank is compared, and saves verifying record by multicenter memory module；

If S4, identity information are consistent with biological information comparison, the identity real name certification of authentication passes through, and verification result is returned Telegram in reply sub-agent demonstrate,proves terminal；Authentication enters the verifying application of electronic agent card terminal, and scanning is verified the electronic agent of enterprise Card two dimensional code or electronics join card two dimensional code；

S5, the electronic agent for being verified enterprise is demonstrate,proved two-dimensional barcode information to electronic agent card server or electronics joins card two dimensional code letter Breath is decoded operation, by decoded authorization enterprise's license ID, is authorized to information progress of enterprise's license ID with certificate database Matching, decoded proxy information is matched with the information in proxy database；

Verified if authentication joins card to business-electronic, electronic agent card server electronics will be joined card two dimensional code into Row parsing, matching operation, if decoded, to join information consistent with the information matches joined in database, is verified；

If S6, matching are consistent, it is proved to be successful, verifying record is stored by multicenter memory module, verification result is returned Telegram in reply sub-agent card terminal, authentication and be verified enterprise, authentication and be verified enterprise can be by multicenter memory module Check verifying record.

9. a kind of certificate chain electronic agent according to claim 6 demonstrate,proves system, it is characterised in that the change of electronic agent card The following steps are included:

S1, business administration people demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application changes；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology Collector acquisition face information and finger print information are ceased, and is asked to multicenter authentication module initiation identity information and biometric information verification It asks；

S3, multicenter authentication module identity authenticating unit will to the human face photo of acquisition carry out testimony of a witness uniformity comparison, biology Authentication unit will verify finger print information, store verifying record by multicenter memory module；If the identity of administrator Real-name authentication passes through, and verification result is returned to electronic agent and demonstrate,proves terminal；

S4, administrator need devolution information to be changed or authorization by the information acquisition device typing that information acquisition module connects Join information, and initiates the signal auditing request that authorizes a change to electronic agent card server；

S5, electronic agent card server will audit modification information, save audit logging by multicenter memory module；Such as Fruit audit passes through, and auditing result is returned to electronic agent and demonstrate,proves terminal, electronic agent demonstrate,proves the electronic agent that server will generate change Card or the electronics of change join card, and change electronic agent card or change electronics are joined card and are sent to electronic agent card terminal and pipe Manage people；

S6, administrator receive the prompting message that change is completed in electronic agent card terminal, then change completion.

10. certificate chain electronic agent according to claim 6 demonstrate,proves system, it is characterised in that the cancellation of the electronic agent card The following steps are included:

S1, business administration people demonstrate,prove terminal by electronic agent and enter electronic agent card system, and application is unregistered；

S2, the ID card information that administrator is obtained by the identity information acquisition device that information acquisition module connects, are believed by biology The face acquisition unit for ceasing collector obtains face information, extracts face characteristic information, passes through the finger of biomedical information acquisition device Line acquisition unit obtains finger print information, and the characteristic information that takes the fingerprint, and sends face characteristic information and fingerprint feature information to Multicenter authentication module；

The identity authenticating unit face information and identity authenticating unit that acquire biometric verification unit of S3, multicenter authentication module The human face photo of the identity card of acquisition is compared, by the finger print information of biometric verification unit acquisition and the finger print information reserved It is compared, is stored by multicenter memory module and compare record；

If S4, identity information are consistent with biological information comparison, verification result is returned into electronic agent and demonstrate,proves terminal, administrator is logical Identity real name certification is crossed, initiates de-registration request in electronic agent card terminal；

S5, electronic agent card server receive de-registration request, the data of de-registration request will be audited, will nullify data with The data reserved in proxy database are matched, if matching is consistent, electronic agent card terminal backstage will freeze authorization enterprise Industry, the proxy information for being authorized to enterprise；

S6, administrator receive the prompting message nullified and completed in electronic agent card terminal, then nullifying terminates.