CN109743322A - Identity identifying method, identity authorization system - Google Patents
Identity identifying method, identity authorization system Download PDFInfo
- Publication number
- CN109743322A CN109743322A CN201910006474.XA CN201910006474A CN109743322A CN 109743322 A CN109743322 A CN 109743322A CN 201910006474 A CN201910006474 A CN 201910006474A CN 109743322 A CN109743322 A CN 109743322A
- Authority
- CN
- China
- Prior art keywords
- user
- identity
- certified
- private network
- virtual private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention belongs to Virtual Private Network technical fields, are related to identity identifying method and system.This method comprises: building includes the Virtual Private Network of multiple identity informations for having authenticated user, prestored in Virtual Private Network it is multinomial in the identity record including identification card number, name and user's head portrait for having authenticated user, and user's head portrait in the identity record according to default trigger password be set as encryption head portrait;The identity information for including at least the identification card number of user to be certified is received, and accesses the Virtual Private Network;According to the identification card number of the user to be certified inquired in the Virtual Private Network it is matching described in authenticated user, the identity of the user to be certified is authenticated.The identity identifying method, identity authorization system realize authentication based on Virtual Private Network, eliminate the inconvenience that user's moment carries identity document, guarantee the authenticity and validity of user identity, and the guarantee degree authenticated by identity information encryption reinforcement.
Description
Technical field
The invention belongs to Virtual Private Network technical fields, and in particular to a kind of identity identifying method, identity authorization system.
Background technique
Identity card is the certificate for proving holder's identity, and identification card number is that each citizen is unique, unchangeable
Identity code, will with holder's all one's life, such as: admission, employment, marriage, driving license, participation social security, exit formalities, hotel are lived
Bank card is handled etc. in place, is both needed to use citizen ID certificate.For moving in hotel, needs to move in personnel and identity card, hotel are provided
Foreground personnel can be that the personnel of moving in handle registration, including verify identity card and duplicate identity card according to identity card, to moving in people
Member recommends house type, moves in personnel and delivers cash pledge etc., user can move in after everything is ready;And when checking out, user equally needs root
It checks out and the return of down-payment according to identity card.
But hotel will verify identity card and must be equipped with identity card card-reading apparatus, otherwise can not read the identity card of user
Information;If the accident that identity card is lost occurs for user, handled using Copy of ID Card when checking in, the authenticity of identity card
It is unable to get real-time confirmation;And make up interim identity card is influenced and a troublesome thing by time, region etc..
Currently, identification authentication mode needs user to carry identity card, once identity card loss can be to the daily of user
Life brings many problems, or even there is the risk assumed another's name, and very big security risk is brought to user.Therefore, to current
Identification authentication mode, which improves, has become technical problem urgently to be resolved.
Summary of the invention
The technical problem to be solved by the present invention is to provide a kind of authentication side for above-mentioned deficiency in the prior art
Method, identity authorization system realize authentication based on Virtual Private Network, and eliminating user's moment carries identity document not
Just, guarantee the authenticity and validity of user identity, and encrypt the guarantee degree for reinforcing certification by identity information.
Solving technical solution used by present invention problem is the identity identifying method, comprising steps of
Building includes the Virtual Private Network of multiple identity informations for having authenticated user, is prestored in the Virtual Private Network
Have it is multinomial in the identity record including identification card number, name and user's head portrait for having authenticated user, and in the identity record
User's head portrait according to default trigger password be set as encryption head portrait;
The identity information for including at least the identification card number of user to be certified is received, and accesses the Virtual Private Network;
Matching institute is inquired in the Virtual Private Network according to the identification card number of the user to be certified
It states and has authenticated user, the identity of the user to be certified is authenticated.
Preferably, building includes the steps that the Virtual Private Network of multiple identity informations for having authenticated user, comprising:
User registers in the Virtual Private Network, in registration information including at least the identification card number of user, name and
The identity information of user's head portrait;
The Virtual Private Network generates encryption key and corresponding decruption key to the identity information of the user;
The Virtual Private Network connects Identity Management node, and by the Identity Management node to the institute of the user
Identity information is stated to be inquired, matched and verified;
After the authenticity of the identity information of the user described in the Identity Management node verification, by the body of the user
Part information at least carries out encryption using the encryption key and generates identity record, and the identity record is in the Virtual Private Network
The data information of each node keeps synchronous in real time.
Preferably, it before at least encrypting the identity information of the user using the encryption key, also wraps
Include: user's head portrait in the identity message encrypted according to default trigger password, the default trigger password for institute
State the password that the name of user generates.
Preferably, the step of receiving the identity information for including at least the identification card number of user to be certified, comprising:
The user to be certified provides the identification card number by oral account or handwriting mode, in the Virtual Private Network
Access terminal inputs the identification card number of the user to be certified;
Alternatively, the user to be certified shows identity card to the authenticating party, it is whole in the access of the Virtual Private Network
The identity card is scanned at end, and the identification card number of the user to be certified is extracted from the identity card.
Preferably, it is inquired therewith in the Virtual Private Network according to the identification card number of the user to be certified
Matched described the step of having authenticated user, the identity of the user to be certified is authenticated, comprising:
Extract the identity record for having authenticated user;
The identity record obtained to extraction is at least decrypted using the decruption key;
Compare the relevant identity record of the identification card number inquired from the Virtual Private Network and solution
Whether the decryption head portrait obtained after close and the identity information that the side to be certified provides are consistent, and to the user to be certified
Identity confirmed.
Preferably, the identity record is at least decrypted using the decruption key include: also according to it is described to
The name for authenticating user generates triggering decruption key, and according to the triggering decruption key to it is described authenticated user use account
As being decrypted, are as follows:
From the identity information identification obtain the name of the user to be certified, alternatively, according to receiving to
The identification card number of certification user matches to obtain the name of the user to be certified;
Name based on the user to be certified and the decipherment algorithm made an appointment, generate for the user's to be certified
The triggering decruption key of the encryption head portrait;
The encryption head portrait in the identity record is decrypted using the triggering decruption key.
A kind of identity authorization system comprising building mould group, receiving module, certification mould group, in which:
The building mould group, it is described for constructing the Virtual Private Network including multiple identity informations for having authenticated user
It is prestored in Virtual Private Network more in the identity record including identification card number, name and user's head portrait for having authenticated user
, and user's head portrait in the identity record is set as encryption head portrait according to default trigger password;
The receiving module for receiving the identity information for including at least the identification card number of user to be certified, and accesses institute
State Virtual Private Network;
The certification mould group, for according to the identification card number of the user to be certified in the Virtual Private Network
Inquire it is matching it is described authenticated user, the identity of the user to be certified is authenticated.
Preferably, the building mould group includes registration module, cipher key module, authentication module, synchronization module, in which:
The registration module is included at least in registration information and is used for registering in the Virtual Private Network for user
The identity information of the identification card number at family, name and user's head portrait;
The cipher key module, it is close for generating encryption for the identity information of the Virtual Private Network to the user
Key and corresponding decruption key;
The authentication module for connecting Identity Management node for the Virtual Private Network, and passes through the identity pipe
Reason node is inquired, matches and is verified to the identity information of the user;
The synchronization module, for the true of the identity information for the user described in the Identity Management node verification
Property after, the identity information of the user is at least subjected to encryption using the encryption key and generates identity record, identity note
The data information recorded in each node of the Virtual Private Network keeps synchronous in real time.
Preferably, the cipher key module includes encryption unit, further includes triggering encryption unit, the triggering encryption unit
For being encrypted to user's head portrait in the identity message according to default trigger password, the default trigger password for institute
State the password that the name of user generates.
Preferably, the receiving module includes input module or scan module, in which:
The input module, for providing the identification card number by oral account or handwriting mode for the user to be certified,
The identification card number of the user to be certified is inputted in the access terminal of the Virtual Private Network;
The scan module, for showing identity card to the authenticating party for the user to be certified, described virtual special
The identity card is scanned with the access terminal of network, the identity card of the user to be certified is extracted from the identity card
Number.
Preferably, the certification mould group includes enquiry module, deciphering module, contrast module, in which:
The enquiry module, for according to the identification card number of the user to be certified in the Virtual Private Network
Inquire it is matching it is described authenticated user, and extract the identity record for having authenticated user;
The deciphering module, the identity record for obtaining to extraction are at least solved using the decruption key
It is close;
The contrast module, for comparing the relevant institute of the identification card number inquired from the Virtual Private Network
It is whether consistent with the identity information of side's offer to be certified to state the decryption head portrait obtained after identity record and decryption,
And the identity of the user to be certified is confirmed.
Preferably, the deciphering module includes decryption unit, further includes being generated according to the name of the user to be certified
Trigger decruption key, and the triggering solution that the user's head portrait for having authenticated user is decrypted according to the triggering decruption key
Close unit, the triggering decryption unit include identification matching part, generate lsb decoder, decryption part, in which:
The identification matching part is configured to the identification from the identity information and obtains the name of the user to be certified, or
Person matches to obtain the name of the user to be certified according to the identification card number of the user to be certified received;
The generation lsb decoder is configured to the name of the user to be certified and the decipherment algorithm made an appointment, raw
At the triggering decruption key of the encryption head portrait for the user to be certified;
The decryption part, be configured to using the triggering decruption key to the encryption head portrait in the identity record into
Row decryption.
The beneficial effects of the present invention are:
Identity identifying method, identity authorization system in the present invention are realized authentication based on Virtual Private Network, are exempted
User's moment carries the inconvenience of identity document, guarantees the authenticity and validity of user identity, and add by identity information
The close guarantee degree for reinforcing certification.
Detailed description of the invention
Fig. 1 is a kind of flow chart of identity identifying method in the embodiment of the present invention;
Fig. 2 be Fig. 1 in step S1) step flow chart;
Fig. 3 be Fig. 1 in step S3) step flow chart;
Fig. 4 is a kind of structural block diagram of identity authorization system in the embodiment of the present invention;
Fig. 5 is the structural block diagram that mould group is constructed in this Fig. 4;
Fig. 6 is the structural block diagram of receiving module in this Fig. 4;
Fig. 7 is the structural block diagram that mould group is authenticated in this Fig. 4;
In attached drawing mark:
1- constructs mould group;11- registration module;12- cipher key module;121- encryption unit;122- triggers encryption unit;13-
Authentication module;14- synchronization module;
2- receiving module;21- input module;22- scan module;
3- authenticates mould group;31- enquiry module;32- deciphering module;321- decryption unit;322- triggers decryption unit;33-
Contrast module.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, with reference to the accompanying drawing and specific embodiment party
Formula is described in further detail identity identifying method of the present invention, identity authorization system.
Identity identifying technology is the process of confirmation operation person's identity and the effective workaround that generates in a computer network.
All information include that the identity information of user is all indicated with one group of specific data in the computer network world, computer
It can only identify the digital identity of user, the authorization of all couples of users is also the authorization for number identity.Authentication skill
Art be exactly in order to solve and guarantee the operator operated with digital identity i.e. this digital identity lawful owner, that is,
It says and guarantees that the physical identity of operator is corresponding with digital identity, first pass of the identity identifying technology as protected network assets
Mouthful, play the role of very important.
To solve the above-mentioned problems, the present invention provides a kind of identity identifying method, identity authorization system, passes through network identity
The method without card registration that carries out (can also be using the network identification card on mobile phone) be demonstrate,proved, when user or trade company face that identity need to be carried out
When the scene of verifying, for example move in hotel and handle when register, user without providing entity identities card, hotel without
Identity card card-reading apparatus etc., it is only necessary to which trade company, which is linked into Virtual Private Network, can be obtained verification result, greatly facilitate
The authentication of both sides.
As shown in Figure 1, the identity identifying method comprising steps of
Step S1): building includes the Virtual Private Network of multiple identity informations for having authenticated user, in Virtual Private Network
Prestore it is multinomial in the identity record including identification card number, name and user's head portrait for having authenticated user, and in identity record
User's head portrait according to default trigger password be set as encryption head portrait.
Here, Virtual Private Network (Virtual Private Network, abbreviation VPN) refers in common network
Establish the technology of dedicated network.It is virtual why it is known as, and is because between any two node of entire Virtual Private Network
Connection there is no physical link end to end needed for traditional private network, but framework net provided by common network service provider
Logic Networks on network platform, such as Internet (internet), ATM (asynchronous transfer mode), Frame Relay (frame relay)
Network, user data transmit in logical links.It covers encapsulation, encryption and authentication across shared network or public network
The extension of the dedicated network of link.Virtual Private Network mainly use tunneling technique, encryption and decryption technology, key management technology and
User and equipment identities authentication techniques.
In order to realize that bottom data is supported, enjoyment Virtual Private Network bring is convenient, this need to be added in participating user in advance
Virtual Private Network, and actually pass through the verifying of predetermined mechanisms.In this step, building includes multiple identity for having authenticated user
The step of Virtual Private Network of information, as shown in Figure 2, comprising:
Step S11): user registers in Virtual Private Network, and identification card number, the surname of user are included at least in registration information
The identity information of name and user's head portrait.
Step S12): Virtual Private Network generates encryption key and corresponding decruption key to the identity information of user.
Step S13): Virtual Private Network connects Identity Management node, and by Identity Management node to the identity of user
Information is inquired, matched and is verified.
Step S14): after the authenticity of the identity information of Identity Management node verification user, by the identity information of user
Encryption at least is carried out using encryption key and generates identity record, and identity record is real in the data information of each node of Virtual Private Network
When keep synchronize.
Here Identity Management node is substantially a node of Virtual Private Network, and the node linked database collection is
The database of the Ministry of Public Security.The user of certification in the Virtual Private Network can be used virtual special in subsequent authentication process itself
With the mode of network authentication, without providing entity identities certificate.
The identity identifying method of the present embodiment has abandoned previous encryption-and has been encrypted in the different sides independently carried out stage by stage
Formula will encrypt in verification process, and decrypt and use with together, and can further strengthen the guarantee degree of certification.Preferably, it will use
Before the identity information at family is at least encrypted using encryption key, further includes: to user's head portrait in identity message according to pre-
If trigger password is encrypted, presetting trigger password is the password generated with the name of user.Identity is believed in verification process
Encryption for information, decryption are mixed together, can further strengthen the guarantee degree of certification.
Step S2): receive the identity information for including at least the identification card number of user to be certified, and access virtual special network
Network.
In this step, the step of receiving the identity information for including at least the identification card number of user to be certified, comprising:
User to be certified provides identification card number by oral account or handwriting mode, inputs in the access terminal of Virtual Private Network
The identification card number of user to be certified;
Alternatively, user to be certified shows identity card to authenticating party, identity card is scanned in the access terminal of Virtual Private Network,
The identification card number of user to be certified is extracted from identity card.
It is illustrated with the scene that user moves in hotel's progress authentication.Identity card can not be shown by moving in user,
Identity card can be shown.In this step, the mode of access virtual private network, after the completion of being configured to Virtual Private Network,
After client or terminal send request, system background carries out automatically.
Step S3): matching certification is inquired in Virtual Private Network according to the identification card number of user to be certified
User authenticates the identity of user to be certified.
In this step, it is inquired and matching has been recognized in Virtual Private Network according to the identification card number of user to be certified
User is demonstrate,proved, the step of certification to the identity of user to be certified, as shown in Figure 3, comprising:
Step S31): extract the identity record for having authenticated user.
Step S32): the identity record obtained to extraction is at least decrypted using decruption key.
Preferably, step S32) in identity record is at least decrypted using decruption key includes: also according to wait recognize
The name for demonstrate,proving user generates triggering decruption key, and is solved according to triggering decruption key to the user's head portrait for having authenticated user
It is close, are as follows:
Step S321): identification obtains the name of user to be certified from identity information, alternatively, according to receiving wait recognize
The identification card number of card user matches to obtain the name of user to be certified.
Step S322): the name based on user to be certified and the decipherment algorithm made an appointment generate and are directed to user to be certified
Encryption head portrait triggering decruption key.
Step S323): the encryption head portrait in identity record is decrypted using triggering decruption key.
Virtual Private Network in the step is matched according to identification card number, generates triggering decruption key and to identity
The process that user's head portrait in record is decrypted, carries out without manual operation automatically in Virtual Private Network.Authenticating party
The name of user to be certified need to be only input in the terminal of oneself, Virtual Private Network can be based on the true of user to be certified
Name and the decipherment algorithm made an appointment generate the triggering decruption key for user's head portrait of user to be certified and decrypt.
Step S33): the relevant identity record of identification card number and decryption that comparison is inquired from Virtual Private Network
Whether the identity information that decryption head portrait and the side to be certified obtained afterwards provides is consistent, and carries out to the identity of user to be certified true
Recognize.
In this step, the identity of user to be certified is confirmed, comprising:
If the identity record inquired from Virtual Private Network is identical as the identity information that the side of being certified provides, and solves
Close head portrait is consistent with user to be certified length, then the authentication of user to be certified passes through;
Conversely, the authentication of user to be certified cannot pass through.
Confirmation of the authenticating party to the side's of being certified identity can carry out automated graphics identification by client or terminal program
With providing as a result, can also artificially be judged by authenticating party, here without limitation.
Wherein, the identity information of user to be certified further include: the birthdate of user, gender, identity card validity period, family
At least one of in the address of front yard.That is, the identity card that identity information and inquiry that authenticating party is provided according to user to be certified obtain
Whether the decryption head portrait obtained after number relevant identity information and user's head portrait and decryption matches, to the body of user to be certified
Part is confirmed.
The premise of the identity identifying method is that authenticating party such as reception counter of hotel is connected in a Virtual Private Network, preceding
The data information of platform terminal real-time synchronization and storage Virtual Private Network possesses in the Virtual Private Network and each wants using service
The user as the side of being certified identity information, and the information carries out password label after the database authentication of the Ministry of Public Security passes through
Name, is then stored in Virtual Private Network.That is, user is if it is desired to use the identity card based on Virtual Private Network
Authentication mode need to only be registered and the Virtual Private Network is added, and the verifying of identity card be carried out in Virtual Private Network, as long as user
Identity card by the database authentication of the Ministry of Public Security by and the information of cryptographic signatures be just recorded in Virtual Private Network, with
It further relates to the identity after being authenticated by Virtual Private Network rule can be called to believe at any time using the scene of identity card afterwards
Breath is checked at any time, verifies and is used convenient for later any mechanism such as reception counter of hotel, which user do not need away, and all band is really at any time
The identity document of body.
In the present embodiment, authenticating party is protected by terminal as the data information of a node and Virtual Private Network in real time
Hold synchronization;Authenticating party include hotel, airport, railway station, etc. occasions.Based on the identity identifying method, there is authentication demand
Any unit or individual, access the Virtual Private Network using a client or terminal, can easily carry out identity and test
Card, guarantees the authenticity and validity of user identity.
As another aspect of the present invention, the present embodiment also provides a kind of identity authorization system, as shown in figure 4, the identity
Verification System includes building mould group 1, receiving module 2, certification mould group 3, in which:
Mould group 1 is constructed, for constructing the Virtual Private Network including multiple identity informations for having authenticated user, virtual private
Multinomial in the identity record including identification card number, name and user's head portrait for having authenticated user, and identity is prestored in network
User's head portrait in record is set as encryption head portrait according to default trigger password.
Receiving module 2, for receiving the identity information for including at least the identification card number of user to be certified, and access of virtual is special
Use network.
Mould group 3 is authenticated, it is matching for being inquired in Virtual Private Network according to the identification card number of user to be certified
User has been authenticated, the identity of user to be certified has been authenticated.
Wherein, as shown in figure 5, building mould group 1 includes registration module 11, cipher key module 12, authentication module 13, synchronization module
14, in which:
Registration module 11 includes at least the body of user for registering in Virtual Private Network for user in registration information
The identity information of part card number, name and user's head portrait.
Cipher key module 12, for generating encryption key and corresponding decryption for identity information of the Virtual Private Network to user
Key.
Authentication module 13, for for Virtual Private Network connect Identity Management node, and by Identity Management node to
The identity information at family is inquired, matched and is verified.
Synchronization module 14, for supplying after the authenticity of the identity information of Identity Management node verification user, by user's
Identity information at least carries out encryption using encryption key and generates identity record, number of the identity record in each node of Virtual Private Network
It is believed that breath keeps synchronizing in real time.
The identity identifying method of the present embodiment has abandoned previous encryption-and has been encrypted in the different sides independently carried out stage by stage
Formula, it is in verification process that identity information encryption, decryption is mixed together, the guarantee degree of certification can be further strengthened.Preferably
It is that cipher key module 12 includes encryption unit 121, further includes triggering encryption unit 122, triggering encryption unit 122 is used for identity
User's head portrait in message is encrypted according to default trigger password, and it is close with the generation of the name of user for presetting trigger password
Code.
As shown in fig. 6, receiving module 2 includes input module 21 or scan module 22, in which:
Input module 21, for providing identification card number by oral account or handwriting mode for user to be certified, in virtual private
The access terminal of network inputs the identification card number of user to be certified.Input module 21 be to provide for authenticating party one to it is virtual specially
The interface of the necessary identity information of user to be certified is provided with network.
Scan module 22, it is whole in the access of Virtual Private Network for showing identity card to authenticating party for user to be certified
End scanning identity card, extracts the identification card number of user to be certified from identity card.
As shown in fig. 7, certification mould group 3 realizes certification of each node to user identity in entire Virtual Private Network automatically,
Authenticating mould group 3 includes enquiry module 31, deciphering module 32, contrast module 33, in which:
Enquiry module 31, it is matching for being inquired in Virtual Private Network according to the identification card number of user to be certified
User has been authenticated, and has extracted the identity record for having authenticated user.
Deciphering module 32, the identity record for obtaining to extraction are at least decrypted using decruption key.
Preferably, deciphering module 32 includes decryption unit 321, further includes being generated to trigger according to the name of user to be certified
Decruption key, and the triggering decryption unit 322 that the user's head portrait for having authenticated user is decrypted according to triggering decruption key, touching
Decryption unit 322 is sent out to include identification matching part, generate lsb decoder, decryption part, in which:
It identifies matching part, is configured to the identification from identity information and obtains the name of user to be certified, alternatively, according to receiving
The identification card number of user to be certified match to obtain the name of user to be certified;
Generate lsb decoder, be configured to user to be certified name and the decipherment algorithm made an appointment, generate for
Authenticate the triggering decruption key of the encryption head portrait of user;
Decryption part is configured to that the encryption head portrait in identity record is decrypted using triggering decruption key.
Contrast module 33, for compare the relevant identity record of identification card number inquired from Virtual Private Network, with
And whether the identity information that obtained decryption head portrait and side to be certified provide after decryption consistent, and to the identity of user to be certified into
Row confirmation.
For providing the mode of authentication result automatically, by comparing the identity inquired from Virtual Private Network
Whether the decryption head portrait obtained after card number relevant identity record and decryption and the identity information that the side of being certified provides are consistent;
If the identity record inquired from Virtual Private Network is identical as the identity information that the side of being certified provides, and decrypt head portrait with
User's length to be certified is consistent, then the authentication of user to be certified passes through;Conversely, the authentication of user to be certified is not
It can pass through.
Based on above-mentioned identity identifying method and identity authorization system, the scene of hotel not is moved in user and is illustrated.This
When reception counter of hotel terminal as a terminal, it is only necessary to vpn client is installed, is not necessarily to any configuration, so that it may long-range
The Virtual Private Network for accessing the authentication checks the data information of various authorization access.User can not provide when moving in
Identity card can also provide identity card, will be illustrated respectively below.
The case where not providing identity card for user: user does not provide identity card when reception counter of hotel verifies identity and only provides
Identification card number (can be the mode of oral account);Reception counter of hotel input identification card number inquiry real-time update is virtual special with synchronous storage
With network data, which is matched with Virtual Private Network internal information;It can be looked by Virtual Private Network
The corresponding identity record of the identification card number is ask, identity record includes the Real Name of the corresponding identity card of the identification card number, goes out
The other informations such as raw date, gender, user encryption head portrait, identity card validity period, home address;Reception counter of hotel staff's root
According to the Real Name of the user of extraction or the Real Name of inquiry user, the name of user is also input to reception counter of hotel terminal
In, reception counter of hotel terminal the Real Name based on the user and the decipherment algorithm made an appointment, generates the user encryption head portrait
Trigger decruption key;Reception counter of hotel terminal using the triggering decruption key generated come the encryption head portrait in decrypted user identity card,
Then reception counter of hotel staff compares according to user's head portrait after decryption with user's appearance, if unanimously, it should
The authentication of user passes through, and reception counter of hotel staff thinks that the identity card of the user is effective.
The case where providing identity card for user: identity card is supplied to reception counter of hotel, reception counter of hotel staff by user
The identity card of the user is scanned, reception counter of hotel terminal automatically extracts out the identification card number, name and photo of the identity card.Subsequent mistake
Journey does not provide the case where identity card with user, and reception counter of hotel staff is by the end of information input access virtual private network
In end, be compared with the identity record of the user in Virtual Private Network, if comparison after find name, identification card number and
User's head portrait all compares unanimously, then the authentication of the user passes through, and reception counter of hotel staff thinks the identity card of the user
Effectively.
During the entire process of the above-mentioned progress authentication to the user moved in, compared without the database with the Ministry of Public Security
To and interaction, it is only necessary to the access Virtual Private Network after Ministry of Public Security's database authentication identity has been saved a large amount of
Waiting and data transmission period, improve the efficiency of user identity authentication, and greatly reduce the visit of the database of the Ministry of Public Security
The amount of asking and workload.
Identity identifying method, identity authorization system in the present invention, be suitable for bank, school, hotel, airport, railway station,
The multiple pairs of authentications such as museum, social security, marriage, driving license have the occasion of demand, can be realized according to the identification card number of user
Authentication is equipped with identity card card-reading apparatus without businessman, and can highly guarantee the validity of authentication, either to work
For authenticating party hotel still to the individual as user to be certified, both provide great convenience.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from
In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (12)
1. a kind of identity identifying method, which is characterized in that comprising steps of
Building includes the Virtual Private Network of multiple identity informations for having authenticated user, is prestored in the Virtual Private Network
It is multinomial in the identity record including identification card number, name and user's head portrait of certification user, and the use in the identity record
Account picture is set as encryption head portrait according to default trigger password;
The identity information for including at least the identification card number of user to be certified is received, and accesses the Virtual Private Network;
According to the identification card number of the user to be certified inquired in the Virtual Private Network it is matching described in
User is authenticated, the identity of the user to be certified is authenticated.
2. identity identifying method according to claim 1, which is characterized in that building includes multiple identity for having authenticated user
The step of Virtual Private Network of information, comprising:
User registers in the Virtual Private Network, and identification card number, name and the user of user are included at least in registration information
The identity information of head portrait;
The Virtual Private Network generates encryption key and corresponding decruption key to the identity information of the user;
The Virtual Private Network connects Identity Management node, and by the Identity Management node to the body of the user
Part information is inquired, matched and is verified;
After the authenticity of the identity information of the user described in the Identity Management node verification, the identity of the user is believed
Breath at least carries out encryption using the encryption key and generates identity record, and the identity record is respectively saved in the Virtual Private Network
The data information of point keeps synchronous in real time.
3. identity identifying method according to claim 2, which is characterized in that at least make by the identity information of the user
Before being encrypted with the encryption key, further includes: to user's head portrait in the identity message according to default trigger password
It is encrypted, the default trigger password is the password generated with the name of the user.
4. identity identifying method according to claim 2, which is characterized in that receive the identity for including at least user to be certified
The step of identity information of card number, comprising:
The user to be certified provides the identification card number by oral account or handwriting mode, in the access of the Virtual Private Network
Terminal inputs the identification card number of the user to be certified;
Alternatively, the user to be certified shows identity card to the authenticating party, swept in the access terminal of the Virtual Private Network
The identity card is retouched, the identification card number of the user to be certified is extracted from the identity card.
5. identity identifying method according to claim 2, which is characterized in that according to the identity of the user to be certified
Card number inquired in the Virtual Private Network it is matching described in authenticated user, to the identity of the user to be certified into
The step of row certification, comprising:
Extract the identity record for having authenticated user;
The identity record obtained to extraction is at least decrypted using the decruption key;
After comparing the relevant identity record of the identification card number inquired from the Virtual Private Network and decryption
Whether obtained decryption head portrait and the identity information that the side to be certified provides are consistent, and to the body of the user to be certified
Part is confirmed.
6. identity identifying method according to claim 5, which is characterized in that at least use the solution to the identity record
It includes: to generate triggering decruption key also according to the name of the user to be certified that key, which is decrypted, and according to the triggering
The user's head portrait for having authenticated user is decrypted in decruption key, are as follows:
Identification obtains the name of the user to be certified from the identity information, alternatively, described to be certified according to what is received
The identification card number of user matches to obtain the name of the user to be certified;
Name based on the user to be certified and the decipherment algorithm made an appointment, generate for the described of the user to be certified
Encrypt the triggering decruption key of head portrait;
The encryption head portrait in the identity record is decrypted using the triggering decruption key.
7. a kind of identity authorization system, which is characterized in that including building mould group, receiving module, certification mould group, in which:
The building mould group, it is described virtual for constructing the Virtual Private Network including multiple identity informations for having authenticated user
Prestored in dedicated network it is multinomial in the identity record including identification card number, name and user's head portrait for having authenticated user, and
User's head portrait in the identity record is set as encryption head portrait according to default trigger password;
The receiving module for receiving the identity information for including at least the identification card number of user to be certified, and accesses the void
Quasi- dedicated network;
The certification mould group, for being inquired in the Virtual Private Network according to the identification card number of the user to be certified
It is matching it is described authenticated user, the identity of the user to be certified is authenticated.
8. identity authorization system according to claim 7, which is characterized in that the building mould group includes registration module, close
Key module, authentication module, synchronization module, in which:
The registration module, for being registered in the Virtual Private Network for user, including at least user's in registration information
The identity information of identification card number, name and user's head portrait;
The cipher key module, for for the Virtual Private Network to the identity information of the user generate encryption key and
Corresponding decruption key;
The authentication module for connecting Identity Management node for the Virtual Private Network, and passes through the Identity Management section
Point is inquired, matches and is verified to the identity information of the user;
The synchronization module, the authenticity for the identity information for the user described in the Identity Management node verification
Afterwards, the identity information of the user is at least subjected to encryption using the encryption key and generates identity record, the identity record
Keep synchronous in real time in the data information of each node of the Virtual Private Network.
9. identity authorization system according to claim 8, which is characterized in that the cipher key module includes encryption unit, also
Including triggering encryption unit, the triggering encryption unit is used for close according to default triggering to user's head portrait in the identity message
Code is encrypted, and the default trigger password is the password generated with the name of the user.
10. identity authorization system according to claim 8, which is characterized in that the receiving module include input module or
Scan module, in which:
The input module, for providing the identification card number by oral account or handwriting mode for the user to be certified, in institute
The access terminal for stating Virtual Private Network inputs the identification card number of the user to be certified;
The scan module, for showing identity card to the authenticating party for the user to be certified, in the Virtual Private Network
The access terminal of network scans the identity card, and the identification card number of the user to be certified is extracted from the identity card.
11. identity authorization system according to claim 8, which is characterized in that the certification mould group includes enquiry module, solution
Close module, contrast module, in which:
The enquiry module, for being inquired in the Virtual Private Network according to the identification card number of the user to be certified
It is matching it is described authenticated user, and extract the identity record for having authenticated user;
The deciphering module, the identity record for obtaining to extraction are at least decrypted using the decruption key;
The contrast module, for comparing the relevant body of the identification card number inquired from the Virtual Private Network
Whether the decryption head portrait obtained after part record and decryption and the identity information that the side to be certified provides are consistent and right
The identity of the user to be certified confirms.
12. identity authorization system according to claim 11, which is characterized in that the deciphering module includes decryption unit,
Further include according to the name of the user to be certified generate triggering decruption key, and according to the triggering decruption key to it is described
The triggering decryption unit that user's head portrait of certification user is decrypted, the triggering decryption unit include identification matching part, generate
Lsb decoder, decryption part, in which:
The identification matching part is configured to the identification from the identity information and obtains the name of the user to be certified, alternatively, root
It matches to obtain the name of the user to be certified according to the identification card number of the user to be certified received;
The generation lsb decoder is configured to the name of the user to be certified and the decipherment algorithm made an appointment, and generates needle
To the triggering decruption key of the encryption head portrait of the user to be certified;
The decryption part is configured to solve the encryption head portrait in the identity record using the triggering decruption key
It is close.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910006474.XA CN109743322A (en) | 2019-01-04 | 2019-01-04 | Identity identifying method, identity authorization system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910006474.XA CN109743322A (en) | 2019-01-04 | 2019-01-04 | Identity identifying method, identity authorization system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109743322A true CN109743322A (en) | 2019-05-10 |
Family
ID=66363363
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910006474.XA Pending CN109743322A (en) | 2019-01-04 | 2019-01-04 | Identity identifying method, identity authorization system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109743322A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111385794A (en) * | 2020-03-19 | 2020-07-07 | 中国电子科技集团公司第三十研究所 | Mobile communication network privacy protection method and system for industry users |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102104589A (en) * | 2010-01-13 | 2011-06-22 | 刘文祥 | Private network series |
| US20130254437A1 (en) * | 2004-04-30 | 2013-09-26 | Research In Motion Limited | System and Method for Handling Peripheral Connections to Mobile Devices |
| CN104717073A (en) * | 2015-03-19 | 2015-06-17 | 张文 | Personal information sharing, personal information sharing method and identity authentication method |
| CN106157025A (en) * | 2016-07-05 | 2016-11-23 | 清华大学深圳研究生院 | The mobile terminal safety method of payment of identity-based card and system |
| CN107835176A (en) * | 2017-11-10 | 2018-03-23 | 中汇通联科技有限公司 | A kind of network authentication method and platform based on eID |
| CN108205781A (en) * | 2017-09-07 | 2018-06-26 | 新疆惠恩金融服务有限公司 | Internet Electronic Finance authentification of message system |
| CN109039655A (en) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | Real name identity identifying method and device, identity block chain based on block chain |
-
2019
- 2019-01-04 CN CN201910006474.XA patent/CN109743322A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130254437A1 (en) * | 2004-04-30 | 2013-09-26 | Research In Motion Limited | System and Method for Handling Peripheral Connections to Mobile Devices |
| CN102104589A (en) * | 2010-01-13 | 2011-06-22 | 刘文祥 | Private network series |
| CN104717073A (en) * | 2015-03-19 | 2015-06-17 | 张文 | Personal information sharing, personal information sharing method and identity authentication method |
| CN106157025A (en) * | 2016-07-05 | 2016-11-23 | 清华大学深圳研究生院 | The mobile terminal safety method of payment of identity-based card and system |
| CN108205781A (en) * | 2017-09-07 | 2018-06-26 | 新疆惠恩金融服务有限公司 | Internet Electronic Finance authentification of message system |
| CN107835176A (en) * | 2017-11-10 | 2018-03-23 | 中汇通联科技有限公司 | A kind of network authentication method and platform based on eID |
| CN109039655A (en) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | Real name identity identifying method and device, identity block chain based on block chain |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111385794A (en) * | 2020-03-19 | 2020-07-07 | 中国电子科技集团公司第三十研究所 | Mobile communication network privacy protection method and system for industry users |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11658961B2 (en) | Method and system for authenticated login using static or dynamic codes | |
| CN111552955B (en) | Personal identity authentication method and device based on block chain and IPFS | |
| JP4776245B2 (en) | Opinion registration application for universal pervasive transaction framework | |
| JP4603252B2 (en) | Security framework and protocol for universal general transactions | |
| CA2451491C (en) | A distributed network system using biometric authentication access | |
| CN109448197A (en) | A kind of cloud intelligent lock system and key management method based on multi-enciphering mode | |
| CN110046521A (en) | Decentralization method for secret protection | |
| WO2015161699A1 (en) | Secure data interaction method and system | |
| TW202117603A (en) | Two-dimensional code processing method, device and system | |
| US20080215890A1 (en) | System and method for secure remote biometric authentication | |
| US20090187980A1 (en) | Method of authenticating, authorizing, encrypting and decrypting via mobile service | |
| CN108712389B (en) | Intelligent lock system | |
| CN109040139A (en) | A kind of identity authorization system and method based on block chain and intelligent contract | |
| JPH10327147A (en) | Electronic authenticating and notarizing method and its system | |
| JP2002032344A (en) | Method and device for providing contents | |
| JP2005010826A (en) | Authentication terminal device, biometrics information authentication system and biometrics information acquisition system | |
| CN109150535A (en) | A kind of identity identifying method, equipment, computer readable storage medium and device | |
| KR20080040932A (en) | Device and method of e-voting using mobile terminal | |
| EP3376708A1 (en) | Anonymous communication system and method for subscribing to said communication system | |
| JP7172716B2 (en) | Authorization system, management server and authorization method | |
| CN109962890A (en) | A kind of the authentication service device and node access, user authen method of block chain | |
| WO2014141263A1 (en) | Asymmetric otp authentication system | |
| CN109359444A (en) | Live auth method, apparatus and system | |
| CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
| CN109743322A (en) | Identity identifying method, identity authorization system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190510 |