CN109951422B

CN109951422B - Identity authentication method, system, device and server

Info

Publication number: CN109951422B
Application number: CN201711385497.3A
Authority: CN
Inventors: 董成根; 严硕; 刘海龙; 金苑苑; 王鑫; 郭宏杰; 亓文华
Original assignee: Eidlink Information Technology Co ltd
Current assignee: Eidlink Information Technology Co ltd
Priority date: 2017-12-20
Filing date: 2017-12-20
Publication date: 2022-07-15
Anticipated expiration: 2037-12-20
Also published as: CN109951422A

Abstract

The invention provides an identity authentication method, which is applied to an identity verification system and comprises the following steps: receiving identity verification information of an identity document holder; verifying the identity verification information, and if the identity verification information passes the verification, generating an identity identifier corresponding to the identity information in the identity verification information; receiving an identity authentication request from an application server, wherein the identity authentication request comprises an identity to be verified; and verifying the identity identifier to be verified, and if the identity identifier passes the verification, determining that the identity authentication passes. Meanwhile, the invention also provides a system, a device and a server for identity authentication. By the scheme provided by the invention, the mobile phone client can replace the identity document to perform the identity certification function, and the safety and the portability of the identity document are improved.

Description

Identity authentication method, system, device and server

Technical Field

The invention relates to the field of identity authentication, in particular to a method, a system, a device and a server for identity authentication.

Background

The second generation identity card can read identity information through a reading device at present, but most of the reading devices can only be used in fixed places, and meanwhile, the identity card needs to be carried about, so that the convenience is poor, and the loss of the identity card is easily caused. Since the identity card is approved to be used in most occasions after being lost, the loss of the identity card causes irreversible influence. The existing identity authentication technology has the problems that personal information is leaked, the consistency of a certificate holder and a certificate cannot be guaranteed, and the like, so that the existing identity authentication technology needs to be improved and developed.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides the method, the system device and the server for identity authentication, which can enable the mobile phone client to replace the identity document to perform the identity authentication function and improve the safety and the portability of the identity document.

The embodiment of the invention provides an identity authentication method, which is applied to an identity verification system and comprises the following steps:

receiving identity verification information of an identity document holder;

verifying the identity verification information, and if the identity verification information passes the verification, generating an identity identifier corresponding to the identity information in the identity verification information;

receiving an identity authentication request from an application server, wherein the identity authentication request comprises an identity to be verified;

and verifying the identity identifier to be verified, and if the identity identifier passes the verification, determining that the identity authentication passes.

Further, the receiving of the authentication information of the identity document holder includes:

receiving identity characteristic information of an identity document holder;

the identity characteristic information of the identity document holder comprises at least one of the following items: a photograph of the holder of the identity document, and a fingerprint of the holder of the identity document.

Further, the method also comprises the following steps:

receiving encrypted identity document information and decrypting the encrypted identity document information;

the verifying the identity authentication information specifically includes:

judging whether the identity characteristic information of the identity document holder corresponds to the identity characteristic information in the decrypted identity document information or not;

and if the identity characteristic information of the identity document holder corresponds to the identity characteristic information in the decrypted identity document information, the verification is passed.

Further, the encrypted identity document information is obtained by at least one of: identity cards, eID vectors.

Further, the verifying the identity to be verified specifically includes:

decoding the identity to be verified;

and judging whether the information obtained after decoding the identity to be verified meets the preset condition or not.

Further, the preset condition includes at least one of the following conditions:

the identity to be verified is used for the first time;

the current time is within the valid time range of the identity to be verified;

and the check code included in the identity to be verified is valid, wherein the check code is generated by encrypting the serial number of the identity information and the valid time range of the identity according to a preset encryption rule.

Further, the identity authentication request from the application server is transmitted to the corresponding application server after the application client acquires the identity to be verified, and is forwarded by the application server.

Further, the determining that the identity authentication passes further includes:

and sending the result of passing the identity authentication and the key information for acquiring the corresponding identity to the application server.

Further, the identity mark comprises graphic identification information; the graphical identification information includes a two-dimensional code or a bar code.

Further, the method also comprises the following steps:

receiving an identity acquisition request from an application server, wherein the identity acquisition request comprises key information for acquiring a corresponding identity;

generating a corresponding identity according to the key information, and returning the identity to the application server;

receiving an identity authentication request from an identity user server, wherein the identity authentication request comprises an identity to be verified;

and verifying the identity to be verified, and if the identity passes the verification, determining that the identity passes the verification.

Further, the generating a corresponding identity according to the key information includes:

Decrypting the key information, extracting identity information from the decrypted key information, and generating a corresponding identity according to the identity information;

or searching the corresponding identity information from the identity information storage record according to the key information, and generating the corresponding identity identifier according to the searched identity information.

Further, the verifying the identity to be verified specifically includes,

decoding the identity to be checked; and judging whether the information obtained after the identity identifier to be checked is decoded meets a preset condition or not.

the identity to be verified is used for the first time;

the current time is within the effective time range of the identity to be verified;

and the check code included in the identity to be checked is valid, wherein the check code is generated by encrypting the serial number of the identity information and the valid time range of the identity according to a preset encryption rule.

Further, the verifying the identity to be verified, and if the identity passes the verification, determining that the identity verification passes, further includes:

and sending the result of passing the identity verification and/or the identity information corresponding to the corresponding identity identification to the identity user equipment.

Further, the identity to be verified is obtained by the identity using side device collecting the identity displayed on the application client; and the identity displayed on the application client is sent to the application client after the application server receives the identity returned by the identity verification system.

The embodiment of the invention also provides an identity authentication method which is applied to the acquisition equipment server and comprises the following steps:

receiving a message which passes authentication of authentication information including identity information from an authentication system;

generating a corresponding identity according to the identity information;

Further, the verifying the identity to be verified specifically includes:

decoding the identity to be verified;

the identity to be verified is used for the first time;

The current time is within the valid time range of the identity to be verified;

sending the result of passing the identity authentication and key information used for requesting a corresponding identity mark from an identity verification system to the application server;

and sending the result of passing the identity authentication to the application server, wherein the result of passing the identity authentication comprises identity information.

Further, the identity authentication system and the application server comprise the following steps:

the acquisition equipment sends authentication information to an authentication system;

the identity authentication system receives the identity authentication information, authenticates the identity authentication information, and generates an identity identifier corresponding to the identity information in the identity authentication information if the authentication is passed;

The application server sends an identity authentication request to an identity verification system, wherein the identity authentication request comprises an identity to be verified;

and the identity verification system responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Further, the verifying the identity to be verified specifically includes:

the identity authentication system decodes the identity to be authenticated;

Further, the system also comprises an acquisition equipment server;

if the authentication passes, generating an identity identifier corresponding to the identity information in the identity authentication information, and then:

the identity authentication system sends a message that the identity authentication information including the identity identification passes the authentication to the acquisition equipment server;

the acquisition equipment server sends the identity to acquisition equipment;

and the acquisition equipment displays the received identity.

Further, an application client is also included;

wherein, the application server sends an identity authentication request to an identity verification system, which comprises:

And the application client acquires the identity identifier displayed by the acquisition equipment to obtain the identity identifier to be verified, and sends the identity identifier to an application server.

the identity authentication system sends the result of passing the identity authentication and the key information for acquiring the corresponding identity to the application server;

and the application server sends the received key information to the application client.

Further, the method also comprises the following steps:

the application server sends an identity obtaining request to an identity verification system, wherein the identity obtaining request comprises key information used for obtaining corresponding identity;

the identity authentication system responds to the identity identification acquisition request, generates a corresponding identity identification according to the secret key information, and returns the identity identification to the application server;

the identity user equipment sends an identity verification request to an identity verification system, wherein the identity verification request comprises an identity to be verified;

and the identity authentication system responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

the identity authentication system decrypts the key information, extracts identity information from the decrypted key information, and generates a corresponding identity according to the identity information;

or the identity authentication system searches the corresponding identity information from the identity information storage record according to the key information, and generates the corresponding identity identification according to the searched identity information.

Further, the verifying the identity to be verified specifically includes,

the identity authentication system decodes the identity to be authenticated;

and judging whether the information obtained after the identity identifier to be verified is decoded meets a preset condition or not.

Further, the verifying the identity to be verified, and if the identity passes the verification, determining that the identity passes the verification, further includes:

and the identity authentication system sends the result of passing the identity authentication and/or the identity information corresponding to the corresponding identity identification to the identity user equipment.

Further, the sending, by the identity consumer device, an authentication request to an authentication system, previously comprising:

the application server receives an identity returned by the identity verification system and sends the identity to the application client;

The application client displays the received identity;

and the identity user equipment acquires the identity displayed by the application client to obtain the identity to be verified.

the identity verification system sends the result of passing identity authentication to the application server, wherein the result of passing identity authentication comprises identity information;

and the application server stores the identity information, generates key information for acquiring a related identity according to the identity information, and sends the key information to the application client.

Further, still include:

an application client sends an identity acquisition request to an application server, wherein the identity acquisition request comprises key information for acquiring a corresponding identity;

the application server responds to the identity identification obtaining request and generates a corresponding identity identification according to the secret key information;

the identity user equipment sends an identity verification request to an application server, wherein the identity verification request comprises an identity to be verified;

and the application server responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

the application server decrypts the key information, extracts identity information from the decrypted key information, and generates a corresponding identity mark according to the identity information;

or the application server searches the corresponding identity information from the identity information storage record according to the key information, and generates the corresponding identity identifier according to the searched identity information.

Further, the verifying the identity to be verified specifically includes,

the application server decodes the identity to be verified;

Further, the verifying the identity to be verified, and if the identity to be verified passes the verification, determining that the identity verification passes, further includes:

and the application server sends the result of passing the identity verification and/or the identity information corresponding to the corresponding identity identification to the identity user equipment.

Further, the identity consumer device sends an authentication request to the application server, which previously includes:

the application server returns the identity to the application client;

The application client displays the received identity;

The embodiment of the invention also provides an identity authentication system according to another aspect, which comprises an acquisition device server, an identity verification system and an application server, and is characterized by comprising:

the identity authentication system sends a message that the identity authentication information including the identity information passes the authentication to the acquisition equipment server;

the acquisition equipment server receives the information that the authentication information passes the authentication, and generates a corresponding identity according to the identity information;

the method comprises the steps that an application server sends an identity authentication request to an acquisition equipment server, wherein the identity authentication request comprises an identity to be verified;

and the acquisition equipment server responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Further, the verifying the identity to be verified specifically includes:

the method comprises the steps that an acquisition equipment server decodes an identity to be verified;

Further, the device also comprises acquisition equipment;

the authentication system sends a message that authentication information including identity information passes authentication to the acquisition device server, and the message comprises the following steps:

the acquisition equipment sends identity verification information to an identity verification system;

and the identity authentication system receives the identity authentication information, authenticates the identity authentication information, and generates an identity authentication information authentication passing message including the identity information in the identity authentication information if the identity authentication information passes the authentication.

Further, the generating a corresponding identity according to the identity information includes:

the acquisition equipment server sends the identity to acquisition equipment;

and the acquisition equipment displays the received identity.

Further, an application client is also included; the application server sends an identity authentication request to the acquisition device server, and the method comprises the following steps:

and the application client acquires the identity displayed by the acquisition equipment to obtain the identity to be verified, and sends the identity to an application server.

the acquisition equipment server sends the result of passing the identity authentication and the key information used for acquiring the corresponding identity identifier from the identity verification system to the application server;

Further, still include:

the identity authentication system responds to the identity identification obtaining request, generates a corresponding identity identification according to the secret key information, and returns the identity identification to the application server;

and the identity authentication system responds to the identity authentication request, verifies the identity identification to be verified, and if the identity identification passes the verification, the identity authentication is determined to pass.

Further, the verifying the identity to be verified specifically includes,

the identity authentication system decodes the identity to be authenticated;

and the acquisition equipment server sends the result of passing the identity verification and/or the identity information corresponding to the corresponding identity identification to the identity user equipment.

the application server receives an identity identifier returned by the identity verification system and sends the identity identifier to the application client;

the application client displays the received identity;

Further, the method also comprises the following steps:

the application server decrypts the key information, extracts identity information from the decrypted key information, and generates a corresponding identity according to the identity information;

Further, the verifying the identity to be verified specifically includes,

the application server decodes the identity to be verified;

the application server returns the identity to the application client;

the application client displays the received identity;

The embodiment of the invention also provides an identity authentication device, which comprises:

the identity authentication information receiving module is used for receiving identity authentication information of an identity document holder;

the identity authentication information verification module is used for verifying the identity authentication information and generating an identity identifier corresponding to the identity information in the identity authentication information if the identity authentication information passes the verification;

The identity authentication request receiving module is used for receiving an identity authentication request from an application client, wherein the identity authentication request comprises an identity identifier to be verified;

and the identity identification authentication module is used for verifying the identity identification to be verified, and if the identity identification passes the verification, the identity authentication is determined to pass.

The embodiment of the invention also provides a server, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the identity authentication method applied to the identity authentication system or the identity authentication method applied to the acquisition equipment server. The technical scheme of the invention is as follows: the identity verification system verifies whether the holder of the identity document is consistent with the owner of the identity document, an identity mark corresponding to the identity information is generated after the verification is passed, the application client sends the acquired identity mark to the identity verification system for identity authentication, and the application client can replace the identity document to perform an identity authentication function after the identity authentication is passed.

The beneficial effects are that: before the identity is generated, whether the holder of the identity document is consistent with the owner of the identity document needs to be verified, so that the loss caused by the falsifying of the identity document by other people can be effectively avoided; in the identity authentication process, the interaction between the identity verification system and the application client uses the identity identification instead of directly using the identity information, so that the transmission of the identity information in a network is avoided, and the safety of the identity information is further ensured. On the other hand, in the form of the identity identification, the application client can easily collect the identity identification, and the problem of the support rate of the application equipment is effectively solved.

The mobile phone client can replace the identity document to perform the identity certification function, and the safety and the portability of the identity document are improved. The identity authentication system is adopted to generate the identity, the identity information corresponding to the identity can not be sent to the identity information acquisition system and the application server, and only the identity information is transmitted to the identity user when in use, so that the transmission of the identity in the network is effectively avoided. And secondly, the data is issued to the mobile phone of the user in the form of the identity, so that the problem of the support rate of the application equipment is effectively solved.

Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.

Drawings

The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:

FIG. 1 is a flow chart of a method of identity authentication;

FIG. 2 is a flow diagram illustrating one embodiment of a method for identity authentication;

FIG. 3 is a flow chart of identity verification in a method of identity authentication;

FIG. 4 is a flow diagram illustrating one embodiment of identity verification in a method of identity authentication;

fig. 5 is a schematic diagram of an authentication flow of a preferred embodiment of an eID carrier;

FIG. 6 is a schematic diagram of an apparatus for identity authentication;

fig. 7 is a detailed structural diagram of the identity authentication device.

Detailed Description

Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.

As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.

It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

As will be appreciated by those skilled in the art, a "terminal" as used herein includes both devices having a wireless signal receiver, which are devices having only a wireless signal receiver without transmit capability, and devices having receive and transmit hardware, which have devices having receive and transmit hardware capable of two-way communication over a two-way communication link. Such a device may include: a cellular or other communications device having a single line display or a multi-line display or a cellular or other communications device without a multi-line display; PCS (PerSonal CommunicationS Service), which may combine voice, data processing, facsimile and/or data communication capabilities; a PDA (personal digital ASSiStant), which may include a radio frequency receiver, a pager, internet/intranet access, web browser, notepad, calendar, and/or GPS (Global PoSitioning SyStem) receiver; a conventional laptop and/or palmtop computer or other appliance having and/or including a radio frequency receiver. As used herein, a "terminal" or "terminal device" may be portable, transportable, installed in a vehicle (aeronautical, maritime, and/or land-based), or situated and/or configured to operate locally and/or in a distributed fashion at any other location(s) on earth and/or in space. As used herein, a "terminal Device" may also be a communication terminal, a web terminal, a music/video playing terminal, such as a PDA, an MID (Mobile Internet Device) and/or a Mobile phone with music/video playing function, or a smart tv, a set-top box, etc.

Those skilled in the art can understand that the eID code is a short name of a national network identity application identifier (apeidcode) of ministry of public security, refers to an identity identifier used by a user in a specific network application, and is widely used in the fields of privacy protection, real-name authentication and the like. The code is generated by the identity information through special equipment, and the same user can obtain different codes, namely the apeIDcode, in different network applications. The apeIDcode can effectively prevent the behavior data of the user in different network applications from being gathered, analyzed and tracked, and protect the personal identity and privacy information to the maximum extent.

In view of the above problems, embodiments of the present invention provide an identity authentication method, which enables a mobile phone client to replace an identity document to perform an identity authentication function, thereby improving the security and portability of the identity document. The flow diagram of the method is shown in fig. 1, and specifically comprises the following steps:

step S110: the identity verification system receives identity verification information of an identity document holder;

step S120: the identity authentication system authenticates the identity authentication information, and if the authentication is passed, an identity identifier corresponding to the identity information in the identity authentication information is generated;

Step S130: the identity authentication system receives an identity authentication request from an application client, wherein the identity authentication request comprises an identity identifier to be authenticated;

step S140: and the identity verification system verifies the identity to be verified, and if the identity passes the verification, the identity authentication is determined to pass.

The identity authentication method provided by the embodiment of the invention has the following beneficial effects:

before the identity is generated, whether a holder of the identity document is consistent with the owner of the identity document needs to be verified, so that loss caused by the fact that the identity document is falsely used by others can be effectively avoided; in the identity authentication process, the interaction between the identity verification system and the application client uses the identity identification instead of directly using the identity information, so that the transmission of the identity information in a network is avoided, and the safety of the identity information is further ensured. And by using the form of the identity identification, the application client can easily collect the data, thereby effectively solving the problem of the support rate of the application equipment.

The mobile phone client of the user can replace the identity document to perform the identity certification function, and the safety and the portability of the identity document are improved. The identity authentication system is adopted to generate the identity, the identity information corresponding to the identity can not be sent to the identity information acquisition system and the application server, and only the identity information is transmitted to the identity user when in use, so that the transmission of the identity in the network is effectively avoided. And secondly, the information is issued to the mobile phone of the user in the form of the identity, so that the problem of the support rate of the application equipment is effectively solved.

The following takes the authentication system as an execution subject, and further describes specific implementation of the above steps.

Step S110: the authentication system receives authentication information of a holder of the identity document.

As shown in fig. 2, the authentication information comes from the acquisition device. The collecting device is used for collecting the identity verification information of the identity document holder. The identity verification information comprises identity characteristic information of an identity document holder, and the identity characteristic information of the identity document holder comprises at least one of the following items: a photograph of the holder of the identity document, and a fingerprint of the holder of the identity document. The identity characteristic information can be acquired by the acquisition equipment in the past and stored in the acquisition equipment server or can be acquired in real time.

The authentication information also includes identity document information. If the server of the identity verification system stores the identity document information collected by the collecting device before, the collecting device is not required to send the identity document information again.

In one embodiment, as shown in fig. 2, the server of the authentication system does not store the identity document information, and the identity document information and the identity characteristic information of the identity document holder may be sent to the authentication system together or separately. The identity document information sent to the identity verification system may be previously collected by the collecting device and stored in the collecting device server, or may be read from the identity card by the collecting device using the NFC module. The identity document information stored in the acquisition equipment server or acquired by the acquisition equipment in real time is in an encrypted state, and only the identity authentication system has a decryption mode, so that the safety of the identity document information can be effectively guaranteed.

In another embodiment, identity document information can be obtained through an eID carrier, a user needs to input an eID carrier password on the collection equipment, if the password is correct, the collection equipment can obtain the eID carrier information and transmit the obtained eID carrier information to the identity verification system through the collection equipment server to request eID verification, the eID carrier information can be stored in the collection equipment server, and the efficiency of submitting the identity verification information to the identity verification system can be improved.

Step S120: and the identity authentication system authenticates the identity authentication information, and if the authentication passes, an identity identifier corresponding to the identity information in the identity authentication information is generated.

If the server of the identity verification system stores identity document information, directly judging whether the received identity feature information of the identity document holder corresponds to the identity feature information of the identity document information stored by the server of the identity verification system; if the server of the identity verification system does not store the identity document information, after the encrypted identity document information is received, the encrypted identity document information needs to be decrypted, and then whether the identity characteristic information of the identity document holder corresponds to the identity characteristic information in the decrypted identity document information is judged. If the identity information in the identity authentication information corresponds to the identity information in the identity authentication information, the authentication passes, and the identity authentication system generates the identity corresponding to the identity information in the identity authentication information. The identity mark comprises graphic identification information, and the graphic identification information comprises a two-dimensional code or a bar code; the identity may also be a code. The identity mark is generated by the serial number of the identity information, the effective time range of the identity mark and the check code according to a preset coding rule, wherein the check code is generated by encrypting the serial number of the identity information and the effective time range of the identity mark according to a preset encryption rule.

Step S130: the identity authentication system receives an identity authentication request from an application server, wherein the identity authentication request comprises an identity to be authenticated.

After the identity authentication system passes the identity authentication information authentication, the identity authentication system sends the information that the identity authentication information including the identity identification passes the identity authentication to the acquisition equipment server; the acquisition equipment server sends the identity to acquisition equipment; and the acquisition equipment displays the received identity. And the application client acquires the identity displayed by the acquisition equipment to obtain the identity to be verified, and sends the identity to an application server. And after receiving the identity identifier to be verified, the application server sends an identity authentication request comprising the identity identifier to be verified to an identity verification system.

The identity to be verified may be acquired by scanning the identity displayed by the identity information acquisition system by the client; or the user inputs the identity identifier at the application client, and the application client sends the identity identifier input by the user to the application server and forwards the identity identifier to the identity authentication system.

Step S140: and the identity verification system verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Step S140 includes, step S141: the identity authentication system decodes the identity to be authenticated; step S142: and the identity verification system judges whether the information obtained after decoding the identity identifier to be verified meets the preset condition.

The preset conditions in step S142 include at least one of the following:

the identity to be verified is used for the first time;

the current time is within the valid time range of the identity to be verified;

and the check code included in the identity to be verified is valid, wherein the check code is generated by encrypting the serial number of the identity information and the valid time range of the graphic identification information according to a preset encryption rule.

Through the three judgment modes, the potential safety hazard of the identity can be comprehensively detected, and the safety of identity information is guaranteed. And when the identity identification fails, the reason that the identity identification verification fails can be quickly found out according to the judging mode, and the efficiency of obtaining the identity verification information again is improved.

The identity can be set to be effective within a certain time range, namely effective when the identity needs to be proved, so that the identity can be effectively prevented from being stolen by other people, and the safety of identity information is improved.

Step S140 further includes step S143:

and the identity verification system sends the result of passing the identity authentication and the key information for acquiring the corresponding identity to the application server.

The key information is generated by encrypting the information related to the identity information by using a preset encryption mode through the identity authentication system. The encryption mode is only known by the identity authentication system, when the application server needs to acquire the identity, the application server only needs to send the key information to the identity authentication system, the identity authentication system decrypts the key information, the related identity information can be found according to the information related to the identity information extracted from the key information, and then the related identity information is encrypted to form the identity. The information related to the identity information comprises related information such as the name of the identity document owner, the place of registration of the user, the number of the identity document or the serial number of the identity information.

After receiving the result that the identity authentication passes, the application client prompts a user to set a password for entering the application client, so that the condition that other people carelessly or intentionally enter the application client to acquire an identity label and identity information is leaked is prevented.

Fig. 3 is a flowchart illustrating that the application client performs identity verification after the application client passes identity authentication. The identity authentication method specifically comprises the following steps:

Step S150: the identity authentication system receives an identity acquisition request from an application server, wherein the identity acquisition request comprises key information for acquiring a corresponding identity;

step S160: the identity authentication system generates a corresponding identity according to the key information and returns the identity to the application client;

step S170: the identity authentication system receives an identity authentication request from identity user equipment, wherein the identity authentication request comprises an identity to be verified;

step S180: and the identity authentication system verifies the identity identifier to be verified, and if the identity identifier to be verified passes the verification, the identity authentication is determined to pass.

Through the authentication process, the function of driving the identity certificate by using the application client instead of the identity certificate can be successfully realized. The following is a further description of specific implementations of the above steps.

Step S150: the identity authentication system receives an identity acquisition request from an application server, wherein the identity acquisition request comprises key information for acquiring a corresponding identity.

As shown in fig. 4, after the user enters the application client using the login password, the application client sends an identity obtaining request to the application server, where the identity obtaining request includes key information for obtaining a corresponding identity. Or after entering the application client, the user inputs key information for acquiring the response identity, including the name of the identity card owner, the household location or the identity card number or the identity information number and the like. And after receiving the key information input by the user, the application client sends an identity acquisition request to the application server.

Step S160: and the identity authentication system generates a corresponding identity according to the key information and returns the identity to the application server.

Wherein, step S160 includes:

step S161: the authentication system decrypts the key information;

step S162: the identity authentication system extracts identity information from the decrypted key information;

step S163: and the identity authentication system generates a corresponding identity according to the identity information.

In one embodiment, the identity verification system searches the corresponding identity information from the identity information storage record according to the key information, and generates the corresponding identity identifier according to the searched identity information.

Step S170: the identity verification system receives an identity verification request from identity user equipment, wherein the identity verification request comprises an identity to be verified.

Specifically, the identity to be verified is obtained by the identity consumer device acquiring an identity displayed on an application client; and the identity displayed on the application client is sent to the application client after the application server receives the identity returned by the identity verification system.

Wherein, step S180 includes:

step S181: the identity verification system decodes the identity to be verified;

step S182: and the identity verification system judges whether the information obtained after decoding the identity identifier to be verified meets a preset condition.

In step S182, the preset condition includes at least one of the following:

the identity to be verified is used for the first time;

the current time is within the valid time range of the identity to be verified;

Step S180 further includes step S183;

step S183: and the identity authentication system sends the result of passing the identity authentication and/or the identity information corresponding to the corresponding identity identification to the identity user equipment.

Fig. 5 is a schematic diagram illustrating an authentication process of an embodiment of an eID carrier according to the present invention.

If the application client has the eID carrier acquisition function, the application client can replace an acquisition device in an identity information acquisition system to acquire eID carrier information in the identity authentication process of the eID carrier. The specific process is as follows:

1. The user inputs an eID carrier password on the application client, and if the password is correct, the application client acquires eID carrier information;

2. the application client transmits the acquired eID carrier information to an identity verification system through an application server to request eID verification;

3. the identity authentication system receives the request, verifies the eID information, and returns an eID authentication result, the eID information or key information for acquiring the eID information to the application server if the eID information passes the verification;

4. the application server stores the eID information or the key information and informs the application client of the message that the eID verification is successful;

5. setting an application password on an application client by a user; and completing identity authorization.

The embodiment of the invention also provides an identity authentication method applied to the acquisition equipment server. The method specifically comprises the following steps:

step S210: the acquisition equipment server receives a message which passes authentication of authentication information including identity information from an authentication system;

step S220: the acquisition equipment server generates a corresponding identity according to the identity information;

step S230: the method comprises the steps that an acquisition equipment server receives an identity authentication request from an application server, wherein the identity authentication request comprises an identity to be verified;

Step S240: and the acquisition equipment server verifies the identity to be verified, and if the identity passes the verification, the identity authentication is determined to pass.

The following provides a further description of the specific implementation of the above steps.

Step S210: the acquisition equipment server receives a message which is from an identity verification system and passes the verification of identity verification information including identity information;

specifically, step S210 includes, before sending, by the acquisition device, the authentication information to the authentication system; and the identity authentication system receives the identity authentication information, authenticates the identity authentication information, and generates an identity authentication information authentication passing message including the identity information in the identity authentication information if the identity authentication information passes the authentication.

Specifically, the identity verification information includes identity characteristic information of an identity document holder, and the identity characteristic information of the identity document holder includes at least one of: a photograph of the holder of the identity document, and a fingerprint of the holder of the identity document. The identity characteristic information can be acquired by the acquisition equipment before and stored in the acquisition equipment server, or can be acquired in real time. The authentication information also includes identity document information.

specifically, the identity authentication request from the application server is transmitted to the corresponding application server after the application client acquires the identity to be verified, and is forwarded by the application server.

Specifically, the acquiring device server checks the identity to be verified, and specifically includes:

decoding the identity to be verified; and judging whether the information obtained after decoding the identity to be verified meets the preset condition or not.

More specifically, the preset condition includes at least one of the following:

the identity to be verified is used for the first time;

the current time is within the valid time range of the identity to be verified;

Step S240 further includes:

and the acquisition equipment server sends the result of passing the identity authentication and key information used for requesting a corresponding identity mark from the identity verification system to the application server.

In a preferred embodiment, after the acquiring device server determines that the identity authentication passes, the method further includes: and the acquisition equipment server sends the result of passing the identity authentication to the application server, wherein the result of passing the identity authentication comprises identity information.

The embodiment of the invention also provides an identity authentication system, which comprises acquisition equipment in the identity information acquisition system, an identity verification system and an application server in the application system, and specifically comprises the following steps:

step S310: the acquisition equipment sends identity verification information to an identity verification system;

step S320: the identity authentication system receives the identity authentication information, authenticates the identity authentication information, and generates an identity identifier corresponding to the identity information in the identity authentication information if the authentication is passed;

step S330: the application server sends an identity authentication request to an identity verification system, wherein the identity authentication request comprises an identity identifier to be verified;

step S340: and the identity verification system responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Step S310: and the acquisition equipment sends the authentication information to the authentication system.

Specifically, the identity verification information includes identity characteristic information of the identity document holder, and the identity characteristic information of the identity document holder includes at least one of: a photograph of the holder of the identity document, and a fingerprint of the holder of the identity document. The identity characteristic information can be acquired by the acquisition equipment in the past and stored in an acquisition equipment server in the identity information acquisition system, or can be acquired in real time. The authentication information also includes identity document information.

Step S320: and the identity authentication system receives the identity authentication information, authenticates the identity authentication information, and generates an identity identifier corresponding to the identity information in the identity authentication information if the authentication is passed.

Step S330: the application server sends an identity authentication request to an identity verification system, wherein the identity authentication request comprises an identity to be verified.

Specifically, the sending, by the application server, an identity authentication request to an identity verification system includes: and an application client in the application system collects the identity displayed by the acquisition equipment to obtain the identity to be verified, and sends the identity to an application server.

Specifically, the verifying the identity to be verified specifically includes:

the identity authentication system decodes the identity to be authenticated;

Preferably, if the authentication passes, the identity authentication system generates an identity identifier corresponding to the identity information in the identity authentication information, and then further includes:

the identity authentication system sends the information which passes the authentication of the identity authentication information including the identity identification to the acquisition equipment server; the acquisition equipment server sends the identity to acquisition equipment; and the acquisition equipment displays the received identity.

In a preferred embodiment, after the identity verification system determines that the identity authentication is passed, the identity verification system further comprises: the identity authentication system sends the result of passing the identity authentication and the key information for acquiring the corresponding identity to the application server; and the application server sends the received key information to the application client. On the basis, the system for identity authentication also comprises an interactive process of identity verification.

Specifically, the method comprises the following steps: step S351, step S361, step S371, and step S381.

Step S351: the method comprises the steps that an application server sends an identity identification obtaining request to an identity verification system, wherein the identity identification obtaining request comprises secret key information used for obtaining corresponding identity identifications.

Step S361: and the identity verification system responds to the identity acquisition request, generates a corresponding identity according to the key information and returns the identity to the application server.

Specifically, the generating a corresponding identity according to the key information includes:

and the identity authentication system decrypts the key information, extracts identity information from the decrypted key information, and generates a corresponding identity according to the identity information.

Preferably, the identity verification system searches the corresponding identity information from the identity information storage record according to the key information, and generates the corresponding identity identifier according to the searched identity information.

Step S371: the identity user equipment sends an identity verification request to an identity verification system, wherein the identity verification request comprises an identity to be verified.

Specifically, the sending, by the identity consumer device, an authentication request to an authentication system previously includes:

the application client displays the received identity;

Step S381: and the identity authentication system responds to the identity authentication request, verifies the identity identification to be verified, and if the identity identification passes the verification, the identity authentication is determined to pass.

Specifically, the verifying the identity to be verified specifically includes,

the identity authentication system decodes the identity to be authenticated;

More specifically, if the authentication system passes the verification, the authentication system determines that the authentication passes, further comprising:

In another preferred embodiment, the inventor also proposes a way of generating and auditing the identity identifier by the application server during the identity verification, so as to alleviate part of the computational load of the identity verification system, considering that in actual operation, all the identity identifiers are generated and audited by the identity verification system, and the computational load of the identity verification system is too large. The application server has a generation rule and an audit rule which are configured with the identity in advance.

Specifically, after the identity verification system determines that the identity authentication passes, the method further comprises: the identity authentication system sends a result of passing identity authentication to the application server, wherein the result of passing identity authentication comprises identity information; the application server stores the identity information, generates key information for acquiring a related identity according to the identity information, and sends the key information to the application client.

On the basis, the system for identity authentication also comprises an interactive process of identity verification. Specifically, the method comprises the following steps: step S352, step S362, step S372, and step S382.

Step S352: the application client sends an identity acquisition request to the application server, wherein the identity acquisition request comprises key information for acquiring a corresponding identity.

Step S362: the application server responds to the identity identification acquisition request and generates a corresponding identity identification according to the key information;

the application server decrypts the key information, extracts identity information from the decrypted key information, and generates a corresponding identity mark according to the identity information.

Preferably, the application server searches the corresponding identity information from the identity information storage record according to the key information, and generates the corresponding identity identifier according to the searched identity information.

Step S372: the identity user equipment sends an identity verification request to the application server, wherein the identity verification request comprises an identity to be verified.

Specifically, the sending, by the identity consumer device, the authentication request to the application server previously includes:

the application server returns the identity to the application client;

the application client displays the received identity;

Step S382: and the application server responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Specifically, the verifying the identity to be verified by the application server specifically includes,

the application server decodes the identity to be verified;

More specifically, if the application server passes the verification, the application server determines that the authentication passes, further comprising:

The invention also provides an identity authentication system according to another aspect, which comprises an acquisition device server, an identity verification system and an application server, and specifically comprises the following steps:

step S410: the identity authentication system sends a message that the identity authentication information including the identity information passes the authentication to the acquisition equipment server;

step S420: the acquisition equipment server receives the information that the authentication information passes the authentication, and generates a corresponding identity according to the identity information;

step S430: the method comprises the steps that an application server sends an identity authentication request to an acquisition equipment server, wherein the identity authentication request comprises an identity to be verified;

step S430: and the acquisition equipment server responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Step S410: and the identity authentication system sends a message that the identity authentication information including the identity information passes the authentication to the acquisition equipment server.

Specifically, the authentication system sends a message that the authentication information including the identity information passes the authentication to the collection device server, and the method includes:

and the identity authentication system receives the identity authentication information, authenticates the identity authentication information, and generates an identity authentication information authentication passing message comprising the identity information in the identity authentication information if the identity authentication information passes the authentication.

Step S420: and the acquisition equipment server receives the information passing the authentication of the identity authentication information and generates a corresponding identity according to the identity information.

Specifically, the acquiring device server generates a corresponding identity according to the identity information, and then includes: the acquisition equipment server sends the identity to acquisition equipment; and the acquisition equipment displays the received identity.

Step S430: the application server sends an identity authentication request to the acquisition equipment server, wherein the identity authentication request comprises an identity to be verified.

Specifically, the sending, by the application server, the identity authentication request to the collection device server includes:

Step S440: and the acquisition equipment server responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Specifically, the verifying the identity to be verified by the acquisition device server specifically includes:

In a preferred embodiment, the acquiring device server determines that the identity authentication passes, and then further includes: the acquisition equipment server sends the result of passing the identity authentication and the key information for acquiring the corresponding identity identifier from the identity verification system to the application server; and the application server sends the received key information to the application client.

On the basis, the system for identity authentication also comprises an interactive process of identity verification. Specifically, the method comprises the following steps: step S451, step S461, step S471, and step S481.

Step S451: the application server sends an identity obtaining request to an identity verification system, wherein the identity obtaining request comprises key information used for obtaining corresponding identity.

Step S461: and the identity authentication system responds to the identity identification acquisition request, generates a corresponding identity identification according to the key information and returns the identity identification to the application server.

Specifically, the generating of the corresponding identity identifier by the identity verification system according to the key information includes:

Step S471: the identity user equipment sends an identity verification request to an identity verification system, wherein the identity verification request comprises an identity to be verified.

Specifically, the sending, by the identity consumer device, an authentication request to the authentication system includes:

the application client displays the received identity;

Step S481: and the identity authentication system responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Specifically, the identity verification system verifies the identity to be verified, and specifically comprises,

the identity authentication system decodes the identity to be authenticated;

More specifically, the verifying the identity to be verified, and if the identity to be verified passes the verification, determining that the identity verification passes, further includes:

In another preferred embodiment, the inventor also proposes a way of generating and auditing the identity identifier by the application server during the authentication, so as to alleviate part of the computational load of the authentication system, considering that in actual operation, all the identity identifiers are generated and audited by the authentication system, and the computational load of the authentication system is too large. The application server has a generation rule and an auditing rule which are configured with the identity in advance.

Specifically, the step of the collecting device server determining that the identity authentication is passed further comprises: the method comprises the steps that an acquisition equipment server sends a result of passing identity authentication to an application server, wherein the result of passing identity authentication comprises identity information; and the application server stores the identity information, generates key information for acquiring a related identity according to the identity information, and sends the key information to the application client.

On the basis, the system for identity authentication also comprises an interactive process of identity verification. Specifically, the method comprises the following steps: step S452, step S462, step S472, and step S482.

Step S452: the application client sends an identity acquisition request to the application server, wherein the identity acquisition request comprises key information for acquiring a corresponding identity.

Step S462: and the application server responds to the identity acquisition request and generates a corresponding identity according to the key information.

Specifically, the generating, by the application server, the corresponding identity according to the key information includes:

the application server decrypts the key information, extracts identity information from the decrypted key information, and generates a corresponding identity according to the identity information.

Step S472: the identity user equipment sends an identity verification request to the application server, wherein the identity verification request comprises an identity to be verified.

the application server returns the identity to the application client;

the application client displays the received identity;

Step S482: and the application server responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

Specifically, the verifying the identity to be verified includes,

the application server decodes the identity to be verified;

More specifically, if the application server passes the verification, the authentication is determined to be passed, and the method further includes:

In order to further explain the identity authentication method applied to the identity verification system in the embodiment of the present invention in a modular manner, the present application provides an identity authentication apparatus, as shown in fig. 7, including: an authentication information receiving module 100, an authentication information verifying module 200, an authentication request receiving module 300, and an identification authentication module 400.

The identity verification information receiving module 100 is used for receiving identity verification information of an identity document holder.

The identity authentication information comes from an identity information acquisition system which mainly comprises acquisition equipment and an acquisition equipment server. The collecting device is used for collecting the identity verification information of the identity document holder. The identity verification information comprises identity characteristic information of an identity document holder, and the identity characteristic information of the identity document holder comprises at least one of the following items: a captured photograph of the holder of the identity document, and a captured fingerprint of the holder of the identity document. The identity characteristic information can be acquired by the identity information acquisition system and stored in the server, or can be acquired in real time.

The authentication information also includes identity document information. If the server of the identity verification system stores the identity document information collected by the previous collecting device, the identity document information does not need to be sent by the identity information collecting system.

In one embodiment, the server of the authentication system does not store the identity document information and needs the identity information collection system to send it. The identity card information sent to the identity verification system may be previously acquired by the identity information acquisition system and stored in the acquisition device server, or may be read from the identity card by the acquisition device using the NFC module. The identity document information stored in the acquisition equipment server or acquired by the acquisition equipment in real time is in an encrypted state, and only the identity authentication system has a decryption mode, so that the safety of the identity document information can be effectively guaranteed.

In another embodiment, the identity document information may also be obtained via an eID carrier. The user needs to input the eID carrier password on the acquisition equipment, if the password is correct, the acquisition equipment can acquire eID carrier information and transmit the acquired eID carrier information to the authentication system through the acquisition equipment server, eID authentication is requested, the eID carrier information can be stored in the acquisition equipment server, and the efficiency of submitting authentication information to the authentication system can be improved.

And the authentication information verification module 200 is configured to verify the authentication information, and if the authentication passes, generate an identity identifier corresponding to the identity information in the authentication information.

If the server of the identity verification system stores identity document information, directly judging whether the received identity feature information of the identity document holder corresponds to the identity feature information of the identity document information stored by the server of the identity verification system; if the server of the identity verification system does not store the identity document information, after receiving the encrypted identity document information, the encrypted identity document information needs to be decrypted, and then whether the identity characteristic information of the identity document holder corresponds to the identity characteristic information in the decrypted identity document information is judged. If the identity information in the identity authentication information corresponds to the identity information in the identity authentication information, the authentication passes, and the identity authentication system generates the identity identifier corresponding to the identity information in the identity authentication information. The identity mark comprises graphic identification information, and the graphic identification information comprises a two-dimensional code or a bar code; the identity may also be a code. The identity identification is generated by the serial number of the identity information, the valid time range of the identity identification and the check code according to a preset coding rule, wherein the check code is generated by encrypting the serial number of the identity information and the valid time range of the identity identification according to a preset encryption rule.

The identity authentication request receiving module 300 is configured to receive an identity authentication request from an application client, where the identity authentication request includes an identity to be verified.

After acquiring the identity, the application client sends an identity authentication request to the identity verification system. The identity to be verified can be acquired by scanning the identity displayed by the identity information acquisition system by the client; it is also possible that the user inputs the identity at the application client, and the application client sends the identity input by the user to the authentication system.

And the identity authentication module 400 is configured to verify the identity to be verified, and if the identity passes the verification, determine that the identity authentication passes.

The identity authentication module 400 includes an identity decoding sub-module 410: a sub-module 420 for decoding the identity to be verified and the preset condition: and the method is used for judging whether the information obtained after decoding the identity identifier to be verified meets the preset condition or not.

The preset condition determining submodule 420 includes at least one of the following components:

a number-of-use determination unit: the device is used for judging whether the identity to be verified is used for the first time;

an effective time determination unit: the system is used for judging whether the current time is within the valid time range of the identity to be verified;

Check code judging unit: the verification code is generated by encrypting the serial number of the identity information and the valid time range of the graphic identification information according to a preset encryption rule.

The identity authentication module 400 further includes an identity authentication result notification sub-module 430:

and the key information is used for sending the result of passing the identity authentication and obtaining the corresponding identity identification to the application client.

The key information is generated by the identity authentication system by encrypting the information related to the identity information by using a preset encryption mode. The encryption mode is only known by the identity authentication system, when the application client needs to acquire the identity, the application client only needs to send the key information to the identity authentication system, the identity authentication system decrypts the key information, the relevant identity information can be found according to the information which is extracted from the key information and is relevant to the identity information, and then the relevant identity information is encrypted to form the identity. The information related to the identity information comprises related information such as the name of the identity document owner, the place of the household registration or the number of the identity document or the number of the identity information.

After receiving the result that the identity authentication passes, the application client prompts a user to set a password for entering the application client, so that the condition that identity information is leaked due to the fact that other people carelessly or intentionally enter the application client to acquire an identity is prevented.

As shown in fig. 7, the identity authenticated device further comprises an identity verification module.

The identity obtaining request receiving module 500: the system comprises a client and a server, and is used for receiving an identity acquisition request from an application client, wherein the identity acquisition request comprises key information for acquiring a corresponding identity.

After a user enters an application client, the application client automatically sends an identity obtaining request to the application client, wherein the identity obtaining request comprises key information used for obtaining a corresponding identity. Or after entering the application client, the user inputs key information for acquiring the response identity, wherein the key information comprises the name of the identity card owner, the household location or the identity card number or the identity information code and the like. And after receiving the key information input by the user, the application client sends an identity obtaining request to the application client.

The identity generation module 600: and the system is used for generating a corresponding identity according to the key information and returning the identity to the application client.

The identity generating module 600 includes:

the key information decryption sub-module 610: for decrypting said key information;

identity information extraction submodule 620: the key information decryption module is used for decrypting the key information;

the identity generation sub-module 630: and the identity module is used for generating a corresponding identity according to the identity information.

The authentication request receiving module 700: the authentication method comprises the steps of receiving an authentication request from identity user equipment, wherein the authentication request comprises an identity to be authenticated, and the identity to be authenticated is obtained by acquiring the identity displayed on an application client by the identity user equipment.

The identity verification module 800: and the authentication server is used for verifying the identity identifier to be verified, and if the identity identifier to be verified passes the verification, the identity verification is determined to pass.

The identity verification module 800 includes:

the identity decoding sub-module 410: the system is used for decoding the identity to be verified;

the preset condition judgment sub-module 420: and the authentication module is used for judging whether the information obtained after the identity identifier to be verified is decoded meets the preset condition or not.

The preset condition judgment submodule 420 comprises at least one of the following components:

A number-of-use determination unit: the identity authentication device is used for judging whether the identity to be authenticated is used for the first time;

The identity verification module 800 further comprises:

the identity verification result informing submodule: and the identity authentication module is used for sending the result of passing the identity authentication and/or the identity information corresponding to the corresponding identity identification to the identity user equipment.

According to another aspect, an embodiment of the present invention further provides a server, including: the identity authentication method comprises the following steps of storing a program, storing a processor and a computer program which is stored on the memory and can run on the processor, and realizing the identity authentication method when the processor executes the program.

Those skilled in the art will appreciate that the present invention includes apparatus directed to performing one or more of the operations described in the present application. These devices may be specially designed and manufactured for the required purposes, or they may comprise known devices in general-purpose computers. These devices have stored therein computer programs that are selectively activated or reconfigured. Such a computer program may be stored in a device (e.g., computer) readable medium, including, but not limited to, any type of disk including floppy disks, hard disks, optical disks, CD-ROMs, and magnetic-optical disks, ROMs (Read-Only memories), RAMs (Random AcceSS memories), EPROMs (EraSable Programmable Read-Only memories), EEPROMs (Electrically EraSable Programmable Read-Only memories), flash memories, magnetic cards, or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a bus. That is, a readable medium includes any medium that stores or transmits information in a form readable by a device (e.g., a computer).

It will be understood by those within the art that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. Those skilled in the art will appreciate that the computer program instructions may be implemented by a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, implement the aspects specified in the block diagrams and/or flowchart block or blocks of the present disclosure.

Those skilled in the art will appreciate that the various operations, methods, steps, measures, arrangements of steps in the flow, which have been discussed in the present application, may be alternated, modified, combined, or eliminated. Further, various operations, methods, steps in the flows, which have been discussed in the present disclosure, may also be alternated, modified, rearranged, split, combined, or deleted. Further, steps, measures, schemes in various operations, methods, procedures disclosed in the prior art and the present invention can also be alternated, changed, rearranged, decomposed, combined, or deleted.

The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims

1. An identity authentication method is characterized in that the method is applied to an identity verification system and comprises the following steps:

receiving identity verification information of an identity document holder;

receiving an identity authentication request which is sent by an application client and carries an identity identifier to be verified;

verifying the identity identifier to be verified carried by the identity authentication request, and if the identity identifier passes the verification, determining that the identity authentication passes;

after the identity authentication is confirmed to pass, receiving an identity obtaining request from an application server, wherein the identity obtaining request comprises key information used for obtaining corresponding identity;

Receiving an identity authentication request which is sent by identity user equipment and carries an identity identifier to be authenticated;

and verifying the identity identifier to be verified carried by the identity verification request, and if the identity identifier to be verified passes the verification, determining that the identity verification passes.

2. The method of identity authentication of claim 1, wherein the receiving identity verification information of the identity document holder comprises:

receiving identity characteristic information of an identity document holder;

the identity characteristic information of the identity document holder comprises at least one of the following items: a captured photograph of the holder of the identity document, and a captured fingerprint of the holder of the identity document.

3. The method of identity authentication of claim 2, further comprising:

the verifying the identity authentication information specifically includes:

4. A method of identity authentication in accordance with claim 3, wherein the encrypted identity document information is obtained by at least one of: identity cards, eID vectors.

5. The identity authentication method according to claim 1, wherein the verifying the identity to be verified carried in the identity authentication request or the verifying the identity to be verified carried in the identity authentication request specifically comprises:

decoding the identity to be verified carried by the identity authentication request, or decoding the identity to be verified carried by the identity authentication request to obtain a corresponding identity to be verified;

and judging whether the corresponding identity to be verified meets a preset condition or not.

6. The identity authentication method of claim 1, wherein the identity authentication request from the application server is forwarded by the application server after the application client collects the identity to be verified and sends the identity to the corresponding application server.

7. The method of identity authentication of claim 1, wherein the determining that the identity authentication passed further comprises:

8. The method of identity authentication of claim 1, wherein the identity comprises graphical identification information; the graphical identification information includes a two-dimensional code or a bar code.

9. The method for identity authentication according to claim 1, wherein the generating the corresponding identity according to the key information comprises:

or searching the corresponding identity information from the identity information storage record according to the key information, and generating the corresponding identity identification according to the searched identity information.

10. The method of identity authentication of claim 5, wherein the preset condition comprises at least one of:

the corresponding identity to be verified is used for the first time;

the current time is within the valid time range of the corresponding identity to be verified;

and the corresponding identity to be verified comprises a valid check code, wherein the check code is generated by encrypting the serial number of the identity information and the valid time range of the identity according to a preset encryption rule.

11. The method for authenticating identity according to claim 1, wherein the identity to be verified carried in the authentication request is verified, and if the identity is verified, it is determined that the identity is verified, further comprising:

12. The identity authentication method according to claim 1, wherein the identity to be verified carried in the identity verification request is obtained by the identity consumer device collecting an identity displayed on an application client; and the identity displayed on the application client is sent to the application client after the application server receives the identity returned by the identity verification system.

13. An identity authentication method is applied to a collection equipment server and comprises the following steps:

receiving a message that authentication information including identity information from an authentication system passes authentication;

generating a corresponding identity according to the identity information;

receiving an identity authentication request which is sent by an application server and carries an identity identifier to be verified;

the key information is sent to an application client by an application server; sending an identity acquisition request to an application server by an application client, wherein the identity acquisition request comprises key information for acquiring a corresponding identity; responding to the identity acquisition request by the application server, and generating a corresponding identity according to the key information; sending an identity authentication request to an application server by identity user equipment, wherein the identity authentication request comprises an identity to be verified; and the application server responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass.

14. The identity authentication method according to claim 13, wherein the verifying the identity to be verified carried in the identity authentication request specifically comprises:

Decoding the identity identifier to be verified carried by the identity authentication request to obtain a corresponding identity identifier to be verified;

15. The method of identity authentication of claim 14, wherein the preset condition comprises at least one of:

the corresponding identity to be verified is used for the first time;

and the check code included in the corresponding identity to be verified is valid, wherein the check code is generated by encrypting the serial number of the identity information and the valid time range of the identity according to a preset encryption rule.

16. The method for identity authentication according to claim 13, wherein the identity authentication request from the application server is forwarded by the application server after the application client collects the identity to be verified and sends the identity to the corresponding application server.

17. An identity authentication system is characterized by comprising acquisition equipment, an identity verification system and an application server, and comprises the following steps:

the application server sends an identity authentication request carrying an identity to be authenticated to an identity authentication system;

the identity authentication system responds to the identity authentication request, verifies the identity identifier to be verified carried by the identity authentication request, and if the identity authentication request passes the verification, the identity authentication is determined to pass;

after the identity authentication is confirmed to pass, the identity authentication system sends the result of passing the identity authentication and key information for acquiring a corresponding identity to the application server;

the application server sends the received key information to an application client;

The identity using side equipment sends an identity verification request carrying an identity to be verified to an identity verification system;

and the identity authentication system responds to the identity authentication request, verifies the identity identifier to be verified carried by the identity authentication request, and if the identity identifier passes the verification, the identity authentication is determined to pass.

18. The identity authentication system according to claim 17, wherein the verifying the identity to be verified carried in the identity authentication request, or the verifying the identity to be verified carried in the identity authentication request specifically comprises:

the identity verification system decodes the identity to be verified carried by the identity authentication request or decodes the identity to be verified carried by the identity verification request to obtain a corresponding identity to be verified;

19. The system for identity authentication of claim 17, further comprising a collection device server;

if the authentication is passed, generating an identity identifier corresponding to the identity information in the identity authentication information, and then:

The identity authentication system sends the information which passes the authentication of the identity authentication information including the identity identification to the acquisition equipment server;

the acquisition equipment server sends the identity to acquisition equipment;

and the acquisition equipment displays the received identity.

20. The system of identity authentication of claim 19, further comprising an application client;

wherein, the application server sends the identity authentication request to the identity verification system, which comprises the following steps:

21. The system for identity authentication according to claim 17, wherein the generating the corresponding identity according to the key information comprises:

the identity authentication system decrypts the key information, extracts identity information from the decrypted key information, and generates a corresponding identity label according to the identity information;

22. The system for authenticating identity according to claim 17, wherein the verifying the identity to be verified, and if the verification is passed, determining that the identity verification is passed further comprises:

23. The system for identity authentication of claim 17, wherein the identity consumer device sends an authentication request to an authentication system, preceded by:

the application client displays the received identity;

24. The system for identity authentication of claim 17, wherein the determining that the identity authentication passed further comprises:

25. The identity authentication system of claim 24, further comprising:

the identity user equipment sends an identity verification request to the application server, wherein the identity verification request comprises an identity to be verified;

26. The system for identity authentication of claim 24, wherein the generating the corresponding identity from the key information comprises:

27. The identity authentication system of claim 24, wherein the verifying the identity to be verified comprises,

the application server decodes the identity to be verified;

28. The system for identity authentication according to claim 24, wherein the verifying the identity to be verified, and if the verification is passed, determining that the identity verification is passed further comprises:

29. The system for identity authentication of claim 24, wherein the identity consumer device sends an authentication request to an application server, previously comprising:

the application server returns the identity to the application client;

the application client displays the received identity;

30. An identity authentication system comprises an acquisition equipment server, an identity verification system and an application server, and is characterized by comprising:

the acquisition equipment server responds to the identity authentication request, verifies the identity identifier to be verified, and if the identity identifier passes the verification, the identity authentication is determined to pass;

the acquisition equipment server sends the result of passing the identity authentication and the key information for acquiring the corresponding identity identification to the application server;

the application server sends the key information to an application client;

31. The system for identity authentication according to claim 30, wherein the verifying the identity to be verified specifically comprises:

32. The identity authentication system of claim 30 further comprising a collection device;

33. The system for identity authentication of claim 30, wherein the generating of the corresponding identity from the identity information comprises:

The acquisition equipment server sends the identity to acquisition equipment;

and the acquisition equipment displays the received identity.

34. The system of identity authentication of claim 33, further comprising an application client; the application server sends an identity authentication request to the acquisition equipment server, and the method comprises the following steps:

35. The system for identity authentication of claim 30, wherein the determining that the identity authentication passed further comprises:

36. The system for identity authentication of claim 35, further comprising:

the application server sends an identity acquisition request to an identity verification system, wherein the identity acquisition request comprises key information for acquiring a corresponding identity;

37. The system for identity authentication of claim 36, wherein the generating the corresponding identity from the key information comprises:

38. The system for identity authentication according to claim 36, wherein said verifying the identity to be verified comprises,

The identity authentication system decodes the identity to be authenticated;

39. The system for identity authentication according to claim 36, wherein the checking of the identity to be verified is performed, and if the checking is passed, it is determined that the identity verification is passed, further comprising:

40. The system for identity authentication of claim 36, wherein the identity consumer device sends an authentication request to an authentication system preceded by:

the application client displays the received identity;

41. The system for identity authentication of claim 30, when the application server sends the key information to the application client, further comprising:

The application server stores the identity information.

42. The system for identity authentication of claim 30, wherein the generating the corresponding identity from the key information comprises:

43. The system for identity authentication according to claim 30, wherein said verifying the identity to be verified comprises,

the application server decodes the identity to be verified;

44. The system for identity authentication according to claim 30, wherein the verifying the identity to be verified, and if the verification is passed, determining that the identity verification is passed further comprises:

45. The system for identity authentication of claim 30, wherein the identity consumer device sends an authentication request to the application server, previously comprising:

the application server returns the identity to the application client;

the application client displays the received identity;

46. An apparatus for identity authentication, comprising:

the identity authentication module is used for verifying the identity to be verified, and if the identity passes the verification, the identity authentication is determined to pass;

the identity identification obtaining request receiving module is used for receiving an identity identification obtaining request from an application client after identity authentication is passed, wherein the identity identification obtaining request comprises key information used for obtaining a corresponding identity identification;

The identity generating module is used for generating a corresponding identity according to the key information and returning the identity to the application client;

the identity authentication request receiving module is used for receiving an identity authentication request which is sent by the identity user server and carries an identity identifier to be authenticated;

and the identity identification verification module is used for verifying the identity identification to be verified carried by the identity verification request, and if the identity identification passes the verification, the identity verification is determined to pass.

47. A server comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of identity authentication of any one of claims 1-12 or claims 13-16 when executing the program.