CN110400145A

CN110400145A - A kind of digital identity application system and method, identity authorization system and method

Info

Publication number: CN110400145A
Application number: CN201810776743.6A
Authority: CN
Inventors: 郑浩剑; 江盈义; 孟凡旭; 王博
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2018-07-13
Filing date: 2018-07-13
Publication date: 2019-11-01

Abstract

The invention discloses a kind of digital identity application system and methods, identity authorization system and method, belong to digital identity technical field, to improve the safety and validity of digital identity.In this scenario, pure online application digital identity and authentication procedures are realized using eID technology, based on authoritative possessed by eID technology itself, safety, universality and privacy, the reliability of digital identity can be improved, safety and validity, digital identity is reduced to be stolen, it distorts, the risk falsely used, ensure the identity information safety of user, simultaneously because user cost can be reduced by the way of pure online application, simultaneously the risks such as certificate loss caused by activating under line can be carried out to avoid entity certificate is carried, the universality of enhanced scheme, it is more conducive to use and promote.For authentication, platform only retains the eID coding signed and issued by credible platform, and does not save the real name information of user, can reduce the risk of the leakage of private information of user in this way.

Description

A kind of digital identity application system and method, identity authorization system and method

Technical field

The present invention relates to digital identity technical fields more particularly to a kind of digital identity application system and method, identity to recognize Demonstrate,prove system and method.

Background technique

The inconvenience of (such as identity card) is proved in order to reduce carrying entity identities, is proposed digital identity technology, that is, will use The proof of identification at family is carried on certain carriers (such as mobile phone) in a manner of digitizing identity information, when user needs using body When part proves, identity information directly is digitized using cell phone display, carrying entity identities not only can be saved The trouble of proof can also avoid the loss of entity identities proof and usurp, and improve the identity information safety of user.

To use digital identity technology, it is necessary first to generate digital identity mark, further also need to improve digital body The use of part mark, and digital identity is a kind of more important privacy information of user, so being directed to the safety of digital identity Effectively being one is worth the problem of thinking deeply.

Summary of the invention

The embodiment of the present invention provides a kind of digital identity application system and method, identity authorization system and method, for mentioning The safety and validity of high digital identity.

On the one hand, a kind of digital identity application system is provided, the system comprises terminal device and digital identity management are flat Platform, in which:

The terminal device is sent to the digital identity management platform for the digital identity of acquisition to be signed and issued request, In, the digital identity signs and issues request and signs and issues digital identity for requesting；

The digital identity management platform is used for after receiving the digital identity and signing and issuing request, obtains identity real name letter Breath；The identity real name information is sent to credible platform；Receive the eID coding that the credible platform is sent；And based on institute EID coding is stated, generates digital identity mark according to predetermined generating mode；Wherein, the identity real name information is used for unique identification One user, the credible platform is generated to be encoded with the unique corresponding eID of the identity real name information.

Optionally, operation has digital identity management client and small routine management client in the terminal device, described Digital identity management client is operated in a manner of small routine in the small routine management client；

The terminal device is also used to ask by the digital identity management client to the small routine management client Ask authorization；And the target user's communication identifier for registering the small routine management client is obtained according to authorization；And by described Target user's communication identifier is sent to the digital identity management platform by digital identity management client；

The digital identity management platform is used to obtain the destination financial payment mark of target user's communication identifier binding Know；And the user information of the destination financial pay mark is determined as the identity real name information.

Optionally, the digital identity management platform is used to obtain the payment account binding of the small routine management client Financial payment to be detected mark；

If user's communication identifier to be detected of the financial payment mark binding to be detected communicates mark with the target user It is sensible same, then the financial payment mark to be detected is determined as the destination financial pay mark.

Optionally, the digital identity management platform is used for:

Determine at least two financial payment marks to be detected of target user's communication identifier binding；

If the user information that at least two financial payment mark to be detected respectively includes corresponds to same user, will appoint One financial payment mark to be detected is determined as the destination financial pay mark；

If the user information that at least two financial payment mark to be detected respectively includes corresponds to different user, by institute It states at least two financial payment marks to be detected and is sent to the terminal device, and the user feedback that the terminal device is sent Selection result instruction financial payment to be detected mark be determined as the destination financial pay mark.

Optionally, the digital identity management platform is also used to the communication terminal for carrying target user's communication identifier Send short message verification code；

The terminal device is also used to show verifying interface by the digital identity management client；And in the verifying It is obtained in the verifying frame at interface and sends short-message verification to the digital identity management platform after the short message verification code and pass through information；

The digital identity management platform is used for after obtaining the short-message verification by information, determines the destination financial The corresponding user information of pay mark is the identity real name information.

The digital identity management platform is also used to delete the corresponding user information part of the destination financial pay mark It removes, and the remaining users information after the deletion of part is sent to the terminal device；

The terminal device is for showing the remaining users information by the digital identity management client；It receives The user information of the completion of user's input；And the user information of the completion is sent to the digital identity management and is put down Platform；

The digital identity management platform is used for when the user information of the completion is consistent with the user information of deletion, really Determining the corresponding user information of the destination financial pay mark is the identity real name information.

Optionally, the digital identity management platform is also used to send living body verifying instruction to the terminal device；And When obtaining the Liveness information that the terminal device is sent, the identity real name information and the digital identity are signed and issued into request It is sent to the credible platform；

The terminal device is also used to export living body checking request when receiving the living body verifying instruction；And in basis The user images information of acquisition, which determines, sends the Liveness information to the digital identity management platform when user is living body.

Optionally, the terminal device is also used to send facial image to the digital identity management platform；

The digital identity management platform is for the received facial image and the identity real name information to be sent to Population searching platform, to be verified by identity validity of the population searching platform to the user；And receiving institute When stating the effective query feedback of confirmation of population searching platform return, the identity real name information and the digital identity are signed and issued Request is sent to the credible platform.

Optionally, the received identity real name information is sent to population searching platform by the credible platform, to pass through The population searching platform verifies the validity of the identity real name information；And it is returned receiving the population searching platform When the effective query feedback of confirmation returned, generate and the unique corresponding eID coding of the identity real name information.

Optionally, the digital identity management platform is used for:

Strategy is determined according to predetermined risk, determines that the digital identity signs and issues the air control grade of request；

Safety verification is carried out based on the determining corresponding safety verification mode of air control grade；

After safety verification passes through by the identity real name information and the digital identity sign and issue request be sent to it is described can Believe platform.

Optionally, operation has digital identity management client in the terminal device, and the digital identity management platform is used In:

According to the client identification of the device identification of the terminal device and the digital identity management client, determine full Sufficient preset condition；

Export indicating risk information, wherein the indicating risk information is for prompting digital identity described in user to identify quilt Exception uses or nullifies the digital identity mark.

On the one hand, a kind of digital identity application method is provided, which comprises

The digital identity of acquisition is signed and issued request and is sent to the digital identity management platform by terminal device, wherein described Digital identity signs and issues request and signs and issues digital identity for requesting；

The digital identity management platform obtains identity real name information after receiving the digital identity and signing and issuing request；It will The identity real name information is sent to credible platform；Receive the eID coding that the credible platform is sent；And it is based on the eID Coding generates digital identity mark according to predetermined generating mode；Wherein, the identity real name information is used for one use of unique identification Family, the credible platform is generated to be encoded with the unique corresponding eID of the identity real name information.

The digital identity that receiving terminal apparatus is sent signs and issues request, wherein the digital identity signs and issues request for requesting Sign and issue digital identity；

Obtain identity real name information, wherein the identity real name information is used for one user of unique identification；

The identity real name information is sent to credible platform, to request the credible platform to generate and the identity real name Uniquely corresponding eID is encoded information；

Receive the eID coding that the credible platform is sent；

It is encoded based on the eID, generates digital identity mark according to predetermined generating mode.

It obtains digital identity and signs and issues request, wherein the digital identity signs and issues request and signs and issues digital identity for requesting；

The digital identity is signed and issued into request and is sent to digital identity management platform, so that the digital identity management platform Request is signed and issued based on the digital identity and obtains identity real name information, and the identity real name information is sent to credible platform, Wherein, the identity real name information is used for one user of unique identification；

Receive the eID coding that the digital identity management platform is sent, wherein the eID coding is the credible platform Uniquely corresponding eID is encoded with the identity real name information for generation；

On the one hand, a kind of identity authorization system is provided, the system comprises ID authentication request end, terminal device and numbers Identity management platform, operation has digital identity management client in the terminal device；Wherein:

The terminal device is used to obtain ID authentication request by the digital identity management client；And by the body Part certification request is sent to the digital identity management platform；Wherein, the digital identity management platform is stored with multiple networks Electronic identifications eID coding, each eID coding are that the identity real name information by credible platform based on a user is uniquely right It should generate, the identity real name information unique identification of each user user；

The digital identity management platform is used to be based on the ID authentication request, determining objective with the digital identity management The corresponding target eID coding of the client identification at family end；And pass through preset transmission mode for the target eID coding transmission to institute State ID authentication request end；

The target eID coding that the ID authentication request end is used to obtain is sent to the credible platform, with logical Whether effective cross the credible platform certification target eID coding；And it is effective receiving the certification that the credible platform is sent After notice, determine that authentication passes through.

Optionally, the digital identity management platform is used for after determining the target eID coding, is generated and the mesh It marks eID and encodes corresponding authorized certificate, and the authorized certificate is sent to the terminal device；

The terminal device is used to that the authorized certificate to be transferred to the body by the digital identity management client Part certification request end；

The ID authentication request end is used to the authorized certificate being sent to the digital identity management platform；

The digital identity management platform determines that the corresponding target eID is encoded based on the received authorized certificate, And target eID coding is sent to the ID authentication request end.

Optionally, the terminal device is also used to obtain the authentication request that the ID authentication request end is sent, the mirror The merchant identification that the ID authentication request end corresponds to trade company is carried in power request；And pass through the digital identity management client The authentication request is sent to the digital identity management platform；

The digital identity management platform is used to carry out Authority Verification to the trade company according to the merchant identification；And it is weighing The target eID is encoded after being verified and is sent to the ID authentication request end with the preset transmission mode by limit.

Optionally, the digital identity management platform is also used to:

After the Authority Verification of the trade company passes through, tested safely in a manner of the predetermined authentication arranged with the trade company Card；

The target eID coding identity is sent to the preset transmission mode after in safety verification to recognize Demonstrate,prove request end.

Optionally, the digital identity management platform is also used to:

After the Authority Verification of the trade company passes through, the target industry category of the trade company is determined according to the merchant identification Property；

According to the corresponding relationship of industry attribute and safety verification mode, with target corresponding with target industry attribute peace Full verification mode carries out safety verification；

Optionally, the digital identity management platform is also used to:

Strategy is determined according to predetermined risk, determines the air control grade of the ID authentication request；

The target eID is encoded after safety verification passes through, the authentication is sent to the preset transmission mode Request end.

Optionally, the ID authentication request end has data acquisition permission, and the data acquisition permission shows can be from The credible platform requests identity real name information；The ID authentication request end is used for:

Target eID coding and request of data are sent to the credible platform, to pass through the credible platform true The fixed target eID coding effectively feeds back target identities real name information corresponding with the target eID coding later；

Receive the target identities real name information that the credible platform is sent；

It is requested using the target identities real name information finishing service.

Optionally, the ID authentication request end is used for:

The preparatory identity real name information to be detected of user and target eID coding are sent to the credible platform, with Determining target eID coding effectively and then by the real name information to be detected and the mesh by the credible platform Mark eID encodes corresponding target identities real name information and is compared；

After the comparison for receiving the credible platform feedback unanimously notifies, completed using the identity real name information to be detected Service request.

Optionally, the ID authentication request end has CA certificate, the ID authentication request end and the credible platform Between the data transmitted be based on the CA certificate encryption.

On the one hand, a kind of terminal device is provided to obtain by the digital identity management client installed in the terminal device ID authentication request；And the ID authentication request is sent to digital identity management platform；Wherein, the digital identity management Platform is stored with multiple eID codings, and each eID coding is that the identity real name information by credible platform based on a user is unique Corresponding generation, the identity real name information unique identification of each user user；

The digital identity management platform is based on the ID authentication request, the determining and digital identity management client Client identification corresponding target eID coding；And the target eID coding transmission is recognized to identity by preset transmission mode Demonstrate,prove request end；

The target eID coding of acquisition is sent to the credible platform by the ID authentication request end, to pass through Whether effective state the credible platform certification target eID coding；And in the certification vaild notice for receiving the credible platform transmission Afterwards, determine that authentication passes through.

On the one hand, a kind of identity identifying method is provided, which comprises

The authentication that receiving terminal apparatus is sent by the digital identity management client installed in the terminal device Request；

Based on the ID authentication request, determined from multiple network electronic identity eID of storage coding with it is described The corresponding target eID coding of the client identification of digital identity management client, wherein each eID coding is by credible flat Stylobate uniquely corresponds to generation, the identity real name information unique identification of each user use in the identity real name information of a user Family；

The target eID coding transmission is given to ID authentication request end by preset transmission mode, so that the identity is recognized The target eID coding of acquisition is sent to the credible platform by card request end, to receive what the credible platform was sent After authenticating vaild notice, determine that authentication passes through.

Send ID authentication request；

It receives digital identity management platform to encode by the target eID that preset transmission mode is transmitted, wherein the number body Part management platform is stored with multiple eID codings, and each eID coding is the identity real name letter by credible platform based on a user The unique corresponding generation of breath, the identity real name information unique identification of each user user, the target eID coding is the number Word identity management platform is determined from the multiple eID coding based on the ID authentication request；

Target eID coding is sent to the credible platform, to authenticate the target eID by the credible platform It whether effective encodes；

After receiving the certification vaild notice that the credible platform is sent, determine that authentication passes through.

On the one hand, a kind of digital identity application device is provided, described device includes:

First receiving module, the digital identity sent for receiving terminal apparatus sign and issue request, wherein the digital identity It signs and issues request and signs and issues digital identity for requesting；

Module is obtained, for obtaining identity real name information, wherein the identity real name information is used for one use of unique identification Family；

Sending module, for the identity real name information to be sent to credible platform, to request the credible platform to generate Uniquely corresponding eID is encoded with the identity real name information；

Second receiving module, the eID coding sent for receiving the credible platform；

Generation module generates digital identity mark according to predetermined generating mode for encoding based on the eID.

Module is obtained, signs and issues request for obtaining digital identity, wherein the digital identity signs and issues request for that please draw lots before idols Send out digital identity；

Sending module is sent to digital identity management platform for the digital identity to be signed and issued request, so that the number Word identity management platform is based on the digital identity and signs and issues request acquisition identity real name information, and the identity real name information is sent out Give credible platform, wherein the identity real name information is used for one user of unique identification；

Receiving module, the eID coding sent for receiving the digital identity management platform, wherein the eID, which is encoded, is Uniquely corresponding eID is encoded with the identity real name information for the credible platform generation；

On the one hand, a kind of identification authentication system is provided, described device includes:

Receiving module is sent out for receiving terminal apparatus by the digital identity management client installed in the terminal device The ID authentication request sent；

Determining module, for being based on the ID authentication request, the determining and number from multiple eID of storage coding The corresponding target eID coding of the client identification of Identity Management client, wherein each eID coding is by credible platform base Generation, the identity real name information unique identification of each user user are uniquely corresponded in the identity real name information of a user；

Sending module was used for preset transmission mode for the target eID coding transmission and gives ID authentication request end, so that The target eID coding of acquisition is sent to the credible platform by the ID authentication request end, with described credible in reception After the certification vaild notice that platform is sent, determine that authentication passes through.

First sending module, for sending ID authentication request；

Receiving module, the target network electronics body transmitted for receiving digital identity management platform by preset transmission mode Part mark eID coding, wherein the digital identity management platform is stored with multiple eID coding, and each eID coding is by can Believe that identity real name information of the platform based on a user uniquely corresponds to generation, the identity real name information unique identification of each user The user, the target eID coding are that the digital identity management platform is based on the ID authentication request from the multiple eID It is determined in coding；

Second sending module, for target eID coding to be sent to the credible platform, by described credible flat Whether platform authenticates the target eID coding effective；

Determining module, for determining that authentication passes through after receiving the certification vaild notice that the credible platform is sent.

On the one hand, a kind of server is provided, the server includes:

Memory, for storing program instruction；

Processor executes above-mentioned for calling the program instruction stored in the memory according to the program instruction of acquisition Method described in various aspects includes the steps that.

On the one hand, a kind of terminal device is provided, the terminal device includes:

Memory, for storing program instruction；

On the one hand, a kind of storage medium is provided, the storage medium is stored with computer executable instructions, the computer Executable instruction includes the steps that for making computer execute method described in above-mentioned various aspects.

In the embodiment of the present invention, pure online application digital identity and authentication procedures are realized using eID technology, is based on Authority, safety possessed by eID technology itself, universality and privacy this several big feature, can be improved digital identity Reliability, safety and validity reduce the risk that digital identity is stolen, distorts, falsely using, it is ensured that the identity information of user is pacified Entirely, simultaneously because the operation on the spot of user can be saved by the way of pure online application, user cost is greatly reduced, together When can also avoid carry entity certificate carry out line under activate caused by certificate lose etc. risks, enhance the pervasive of scheme Property, so being more conducive to use and promote.For authentication, platform only retains by credible platform (such as three institute, the Ministry of Public Security) The eID coding signed and issued, and the real name information of user is not saved, the risk of the leakage of private information of user can be reduced in this way.

It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not The disclosure can be limited.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Inventive embodiments for those of ordinary skill in the art without creative efforts, can also be according to mentioning The attached drawing of confession obtains other attached drawings.

Figure 1A is a kind of schematic diagram for application scenarios that the digital identity application scheme in the embodiment of the present invention can be applicable in；

Figure 1B is a kind of schematic diagram for application scenarios that the digital identity application scheme in the embodiment of the present invention can be applicable in；

Fig. 1 C is a kind of schematic diagram for application scenarios that the digital identity application scheme in the embodiment of the present invention can be applicable in；

Fig. 2A is the architecture diagram of the digital identity application system in the embodiment of the present invention；

Fig. 2 B is an architecture diagram of the digital identity application system in the embodiment of the present invention；

Fig. 2 C is an architecture diagram of the digital identity application system in the embodiment of the present invention；

Fig. 3 is the interaction figure of the digital identity application method in the embodiment of the present invention；

Fig. 4 is the architecture diagram of the terminal device in the embodiment of the present invention；

Fig. 5 is the correspondence mappings schematic diagram of the terminal device and mobile phone in the embodiment of the present invention；

Fig. 6 is the schematic diagram of Xiang Weixin client request authorization in the embodiment of the present invention in digital identity application process；

Fig. 7 is the schematic diagram for needing user's completion information in the embodiment of the present invention；

Fig. 8 is that the living body in the embodiment of the present invention verifies schematic diagram；

Fig. 9 is the schematic diagram of the digital identity two dimensional code generated in the embodiment of the present invention；

Figure 10 is an interaction figure of the digital identity application method in the embodiment of the present invention；

Figure 11 is a kind of schematic diagram for application scenarios that the identity authentication scheme in the embodiment of the present invention can be applicable in；

Figure 12 is a kind of schematic diagram for application scenarios that the identity authentication scheme in the embodiment of the present invention can be applicable in；

Figure 13 is a kind of schematic diagram for application scenarios that the identity authentication scheme in the embodiment of the present invention can be applicable in；

Figure 14 A is the architecture diagram of the identity authorization system in the embodiment of the present invention；

Figure 14 B is an architecture diagram of the identity authorization system in the embodiment of the present invention；

Figure 14 C is an architecture diagram of the identity authorization system in the embodiment of the present invention；

Figure 14 D is an architecture diagram of the identity authorization system in the embodiment of the present invention；

Figure 15 is the interaction figure of the identity identifying method in the embodiment of the present invention；

Figure 16 is an interaction figure of the identity identifying method in the embodiment of the present invention；

Figure 17 is schematic diagram of the trade company's small routine in the embodiment of the present invention to certification small routine request authorization.

Figure 18 is a structural block diagram of the digital identity application device in the embodiment of the present invention；

Figure 19 is a structural block diagram of the digital identity application device in the embodiment of the present invention；

Figure 20 is a structural block diagram of the identification authentication system in the embodiment of the present invention；

Figure 21 is a structural block diagram of the identification authentication system in the embodiment of the present invention；

Figure 22 is the structural schematic diagram of the server in the embodiment of the present invention；

Figure 23 is a structural schematic diagram of the terminal device in the embodiment of the present invention；

Figure 24 is a structural schematic diagram of the terminal device in the embodiment of the present invention.

Specific embodiment

To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only It is a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.In In the case where not conflicting, the feature in embodiment and embodiment in the present invention can mutual any combination.Although also, flowing Logical order is shown in journey figure, but in some cases, it can be to be different from shown or described by sequence execution herein The step of.

Term " first " and " second " in description and claims of this specification and above-mentioned attached drawing are for distinguishing Different objects, not for description particular order.In addition, term " includes " and their any deformations, it is intended that covering is not Exclusive protection.Such as it contains the process, method, system, product or equipment of a series of steps or units and is not limited to The step of listing or unit, but optionally further comprising the step of not listing or unit, or optionally further comprising for these The intrinsic other step or units of process, method, product or equipment.

In the embodiment of the present invention, " multiple " can indicate at least two, for example, can be two, three or more, The embodiment of the present invention is with no restrictions.

In addition, the terms "and/or", only a kind of incidence relation for describing affiliated partner, indicates may exist Three kinds of relationships, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Separately Outside, character "/" herein typicallys represent the relationship that forward-backward correlation object is a kind of "or" in the case where not illustrating.

The part term being referred to herein is illustrated below, in order to those skilled in the art understand that.

1, digital identity, is the concept of opposite entity identities, and entity identities are some to be able to demonstrate that user's citizenship Physical objects, such as Chinese residents identity card, motor vehicle driving license, Hongkong and Macro's communication card, home return permit, etc. pass through entity body Part can directly obtain the plaintext identity information of user, and digital identity can be understood as the identity information by user with number The mode for changing information is presented.

2, digital identity identifies, i.e., the information-based of digital identity embodies, that is to say, that can be only by digital identity mark One determines that the identity of a user, digital identity mark are, for example, the character string of encryption or the coding, etc. for providing digit, number Identity can be carried on some carriers, such as can be carried by mobile terminals such as mobile phone, tablet computers, such as can By client identification module (Subscriber Identity Module, SIM) card, embedded user identification module (embedded Subscriber Identity Module, eSIM) chip, bank card, social security card carrying, etc..

3, real name information can be used in the identity information of one user of unique identification, such as a kind of possible real name information Including name and ID card No., perhaps alternatively possible real name information includes driver license number or alternatively possible Real name information includes name, ID card No. and user's facial image, etc..

4, identity real name information can be understood according to the identical understanding mode of above-mentioned real name information, in other words, certain The identity real name information of a user can be with the unique identification user.

Identity real name information to be detected, it can be understood as be the identity real name information that will be used to detect, such as need pair The identity real name information of user's first detects, then it is real that the identity real name information of user's first can be referred to as to identity to be detected Name information.

Target identities real name information, it can be understood as be some specific identity real name information, such as user's first has been determined For the target user found, then the identity real name information of user's first can be then referred to as to target identities real name information, and example As needed to be compared with other identity real name information using some identity real name information as benchmark, then as benchmark Identity real name information may also be referred to as target identities real name information, etc., in other words, target identities real name information can be managed It solves to be the identity real name information with certain purpose or purposes.

5, eID is encoded, wherein eID is the english abbreviation of Electronic Identity, a kind of possible translator of Chinese It is network electronic identity, or citizen's network electronic identity can also be translated into.

EID is using citizenship number as root, based on cryptographic technique, by " Ministry of Public Security's citizen's network identity identification system System " is signed and issued to the numeral mark (network electronic identity) of citizen based on cryptographic algorithm, when signing and issuing eID to user, such as It is that the coding for uniquely representing user identity, the i.e. network identity of user are calculated with individual subscriber identity information and nonce count Identification code (eID coding) online under the premise of not revealing identity information can remotely identify identity, every ensuring to be signed and issued to While the digital identity uniqueness of a citizen, it is possible to reduce the identity information of citizen's plaintext is in online propagation.

EID, with the advantage that other technologies are incomparable, can meet in terms of authority, safety, universality, privacy Citizen is in various security assurance requirements such as individual privacy, network trading and virtual assets.

Authoritative: eID is uniformly signed and issued, great authority by " Ministry of Public Security citizen network identity identifying system ", can carry out across Region, inter-trade network identity service；

Safety: eID contains a pair of unsymmetrical key generated by intelligent and safe chip interior, passes through high strength safe machine System ensures that it illegally can not be read, replicated, distorted or used；

Universality: eID is not limited by carrier physical aspect, as long as the safe intelligent chip in carrier meets eID carrier Relevant criterion；

Privacy: the unique identification of eID is generated using national commercial cipher algorithm, the personal identification without any plaintext Information, can be with effective protection citizenship information.

6, user's communication identifier, for supporting with the mark of the communication module communicated using terminal device, such as SIM Card number or the card number of eSIM card of card, etc., can simply be not understood as telephone number.

7, financial payment identifies, such as be also referred to as credit payment mark, bank paying mark, etc., it can be in this way Understand, is the mark of financial payment account, such as the corresponding bank card number of bank account.

Current digital identity application process, such as net card, generally can only online application lightweight black and white net card, and it is light The black and white net card of magnitude cannot generally be widely used in business application, if realizing the function, also need user Carry entity identities prove (such as identity card) line go down statutory regulation " trusted terminal " on activated on the spot, or Entity identities, which can also be carried, to be proved to realize activation after the place for going to statutory regulation carries out face core by staff, thus Upgrade to the color screen card of higher level, it is seen then that current digital identity application process includes on line, two parts under line, under line The user cost of activation is higher, is unfavorable for user and uses and promote, and in whole process user there is still a need for using entity certificate, There are the risks such as certificate loss, information leakage.

Also, current each platform is corresponded to after being signed using the encryption technology of itself to the identity information of user Digital identity information, such cipher mode reliability is low take, distort so that the digital identity information of user is easily stolen, Safety is poor.

By analyzing the prior art, the inventors found that existing digital identity application process is due to needing Want to activate under line, so the time that user can be spent more, user cost is higher, this be detrimental to the reason of using and promoting it One, simultaneously because its reliability and validity are lower, this is detrimental to the two of the reason of using and promoting.In consideration of it, of the invention People consider according to pure online application mode can then save as under line in the prior art activate upgrade, so as to Reduce user cost to a certain extent, meanwhile, the present inventor be additionally contemplates that in such a way that digital identity is signed and issued by authoritative institution come The reliability and validity of digital identity are improved, so as to ensure the privacy information safety of user as far as possible.Further, this hair Bright people considers current existing eID technology, since this is that authoritative higher digital identity signs and issues technology in current industry, institute Reliability and validity are improved can use the technology.

According to above-mentioned analysis and consideration, the present inventor devises a kind of pure online application number body of utilization eID technology realization Part technical solution can based on authority, safety possessed by eID technology itself, universality and privacy this several big feature To improve reliability, safety and the validity of digital identity, the risk that digital identity is stolen, distorts, falsely using is reduced, it is ensured that The identity information safety of user, simultaneously because the operation on the spot of user can be saved by the way of pure online application, significantly Ground reduces user cost, while carrying entity certificate can also be avoided to carry out the risks such as certificate loss caused by activating under line, The universality of scheme is enhanced, so being more conducive to use and promote.

After having introduced the design philosophy of the embodiment of the present invention, below to the digital identity application in the embodiment of the present invention The application scenarios that scheme can be applicable in do some simple introductions, it should be noted that application scenarios introduced below are only used for The bright embodiment of the present invention and it is non-limiting.In the specific implementation, it can neatly be mentioned according to actual needs using the embodiment of the present invention The technical solution of confession.

A referring to Figure 1, Figure 1A are a kind of applied field that the digital identity application scheme in the embodiment of the present invention can be applicable in Scape includes terminal device 101, terminal device 102, server 103 and server 104 in the application scenarios, wherein terminal is set Standby 101 is corresponding with user 1, it being interpreted as terminal device 101 is that user 1 is used, between terminal device 102 and user 2 Relationship can also so understand, terminal device 101 by network can with server 103 carry out information exchange, similarly, eventually End equipment 102 can also used network can pass through with 103 information exchange of server, terminal device 101 and terminal device 102 Consolidated network is interacted with server 103, such as passes through same Wireless Fidelity (Wireless Fidelity, WiFi) network and clothes Device 103 of being engaged in communicates, and can also either pass through different network (such as two different WiFi networks or respective mobile communication Network) communicated respectively with server 103, be in Figure 1A communicate with server 103 with different networks with the two be Example is illustrated.In addition, server 103 can be communicated by network with server 104, such as server 103 can lead to It crosses police network and signs and issues request and the identity real name information of user, etc. to the transmission digital identity of server 104.

User 1 can be used terminal device 101 and apply for digital identity, and specifically, user 1 can pass through terminal device The digital identity management client request digital identity installed in 101 is signed and issued, at this point, corresponding with the digital identity management client Digital identity application background server (i.e. server 103) can be obtained the digital identity of user 1 and sign and issue request, then obtain again The identity real name information of user 1 is obtained, the digital identity is further signed and issued into request again and the identity real name information passes through public security Network is sent to the server 104 that can sign and issue eID coding, and server 104 can be regarded as to Ministry of Public Security's third research at this time The background server of institute (three institute, the abbreviation Ministry of Public Security), and then request is signed and issued based on the digital identity of acquisition by server 104 again Uniquely corresponding eID is encoded with aforementioned identity real name information for generation, that is, completes signing and issuing to the digital identity of user 1, and then take The eID coding of generation directly or after encryption is sent to server 103 again by business device 104, and server 103 can then be based on receiving The eID coding or encrypted eID coding that the server 104 arrived is sent, the digital body of user 1 is generated according to predetermined generating mode Part mark, such as can encode or the digital identity of the mode presentation user 1 of two dimensional code mark.

Similarly, user 2 can also complete number using above-mentioned identical mode by terminal device 102 as user 1 The application of identity is just not repeated to illustrate herein, it should be appreciated that can also have more other users use with it is above-mentioned Identical mode applies for respective digital identity, for sake of simplicity, more examples are just not listed herein.

Referring back to Figure 1B, Figure 1B is another application that the digital identity application scheme in the embodiment of the present invention can be applicable in Scene, increases server 105 for Figure 1A, in Figure 1B, server 103 can by network and server 105 into Row communication continues above-mentioned user 1 and is applied for the example of digital identity by terminal device 101, and server 103 is by user 1 Identity real name information be sent to server 104 generate eID coding before, server 103 can also be by the identity real name information Server 105 is sent to judge whether the identity real name information is authentic and valid identity real name information, can will be taken at this time Business device 105 is not understood as the background server of population Help Center, the Ministry of Public Security, due to storing in population Help Center, the Ministry of Public Security There is the identity information of most citizens, so by this way, identity real name information can be sent to clothes by server 103 Ensure that the identity real name information is really, to ensure the authenticity of information, while it is also possible that digital body before business device 104 The application of part is true user's application.

Referring back to Fig. 1 C, Fig. 1 C is another application that the digital identity application scheme in the embodiment of the present invention can be applicable in Scene also can be carried out communication for Figure 1B between the server 104 in Fig. 1 C and server 105, also be to continue with above-mentioned User 1 applies for the example of digital identity by terminal device 101, based on the communication link between server 104 and server 105 Connect, population Help Center, the Ministry of Public Security and the Ministry of Public Security three between can carry out information exchange, such as by the Ministry of Public Security inside Network carries out information exchange, in order to carry out business collaboration between different departments, such as in a kind of possible situation, server 104 after receiving identity real name information transmitted by server 103, in order to ensure the identity real name information is genuine true Effectively (malice application is carried out possibly also with the identity real name information of forgery because of user 1 in practice), server 104 can also The identity real name information of acquisition is sent to server 105 in such a way that use is above-mentioned and carries out secondary veritification, further ensures that Shen Authenticity and validity please.

It should be noted that above-mentioned digital identity management client can be a kind of application program (Application, APP), the application program can be an independent APP, or be also possible to run in a manner of small routine Small routine on other platforms it, or the insertion functional module being also possible in some APP, e.g. operate in wechat Can apply for the small routine of digital identity, or be also possible to be embedded in the function that can apply for digital identity in Alipay Module, etc..And it is corresponding, server 103 can be regarded as the background server that the digital identity management client is safeguarded.

Terminal device 101 and terminal device 102 above-mentioned can be mobile phone, tablet computer, palm PC (Personal Digital Assistant, PDA), laptop, intelligent wearable equipment (such as smartwatch and Intelligent bracelet), individual Computer, etc., either which kind of equipment, can run digital identity management client in the device, so that with Family can pass through the digital identity management client application digital identity.And server 102 above-mentioned, 103 kimonos of server Business device 104 may each be personal computer, large and medium-sized computer, computer cluster, etc..

The digital identity application scheme provided for the embodiment of the present invention will be further explained, it is with reference to the accompanying drawing and specifically real It applies mode and this is described in detail.Although the embodiment of the invention provides as the following examples or method shown in the drawings behaviour Make step, but in the method may include more or less operation step based on routine or without creative labor Suddenly.In the step of logically there is no necessary causalities, the execution sequence of these steps is not limited to the embodiment of the present invention and mentions Confession executes sequence.The method can be according to embodiment or attached drawing when perhaps device executes in actual treatment process Shown in method sequence execute or parallel execute (such as application environment of parallel processor or multiple threads).

It refers to shown in Fig. 2A, the embodiment of the present invention provides a kind of digital identity application system, the digital identity application system System includes terminal device and digital identity management platform, or as shown in Figure 2 B, another kind number provided in an embodiment of the present invention Body part application system includes terminal device, digital identity management platform and credible platform, or as shown in fig. 2 c, the present invention Another digital identity application system that real embodiment provides include terminal device, digital identity management platform, credible platform and Population searching platform.Wherein, terminal device for example can be terminal device 101 or terminal device 102 above-mentioned, the terminal device Middle installation and operation has digital identity management client, and digital identity management platform for example can be server 103 above-mentioned, be used for The digital identity application of multiple users is responded, and credible platform for example can be server 104 above-mentioned, credible platform Unique corresponding eID coding can be generated based on the identity real name information of user, population searching platform for example can be above-mentioned Server 105, for carrying out validity check to identity real name information.

Digital identity application system in the embodiment of the present invention for example can be any one in Figure 1A-Fig. 1 C above-mentioned System composed by all devices included by application scenarios, just no longer illustrates one by one herein.

The present invention is implemented below in conjunction with the interaction figure of the digital identity application method in the embodiment of the present invention shown in Fig. 3 Digital identity application scheme in example is illustrated.

Step 301: terminal device obtains digital identity and signs and issues request.

In embodiments of the present invention, when user needs to apply digital identity, corresponding trigger request behaviour may be will do it Make, and the trigger action that terminal device can then be carried out based on user obtains corresponding identity and signs and issues request.

In the embodiment of the present invention, it is contemplated that the convenient use of user, by the application entrance of digital identity be set as one it is soft Part module, such as it is designed to that a kind of form of client (such as being referred to as digital identity management client) is mounted in terminal device In order to which user directly uses.In the specific implementation process, digital identity management client can be is operated in independent APP In terminal device, user will use number application function then to need first to download installation kit and be installed in terminal device, or Person, digital identity management client can also be operated in terminal device in a manner of small routine, that is, rely on other APP and nothing Need to install i.e. can be used, for example, see the terminal device in the embodiment of the present invention shown in Fig. 4, it is seen that it include operating system, Digital identity management client and small routine management client, wherein small routine management client can be used for carrying and managing The operation of multiple small routines, digital identity management client is exactly that small routine client is operated in a manner of small routine at this time In, and small routine management client and digital identity management client are provided with the interface interacted with operating system, in this way The ability that operating system can be used in terminal device realizes the prison to small routine management client and digital identity management client Control and management, meanwhile, it is also capable of calling physical layer interface communication between digital identity management client and small routine management client and hands over Mutually, such as a kind of specific interaction situation is: digital identity management client call interactive interface requests small routine managing customer End authorization, and then the registration information of small routine management client corresponding account and tying up for its payment account can be obtained based on authorization Card information, it is for instance possible to obtain the registration cell-phone number and account identification of small routine management client, and small routine can be obtained The bank card number of the payment account binding of management client, and the relevant user information, etc. of the corresponding bank card number.

For the ease of reader's intuitivism apprehension, then with the correspondence mappings schematic diagram of terminal device shown in fig. 5 and mobile phone into Row explanation, that is, can when being for the mobile phone for running Android operation system (Operating System, OS) with terminal device To regard the small routine management client in terminal device as run in mobile phone wechat client, and terminal can be set Digital identity management client in standby regards that ABC client, ABC client therein are to indicate to mention with the embodiment of the present invention as Digital identity management client designed by the digital identity application scheme of confession, the embodiment of the present invention only to facilitate description and It is subjected to schematical citing name with ABC client, so in the specific implementation process, can also be other titles, It is all its with digital identity management client designed by digital identity application scheme provided in an embodiment of the present invention should all this Within the protection scope of inventive embodiments.

Since wechat can be realized the function of small routine, so ABC client shown in Fig. 5 is also possible to small routine Mode is run, and ABC client can carry out bottom communication and ABC client and wechat client with wechat client It can be communicated with the Android OS of mobile phone.

After describing the terminal device in the embodiment of the present invention, the digital identity continued to explain in step 301 is signed and issued Request, in a kind of possible mode, user, which opens the ABC client in mobile phone and clicks, to be started to apply for button, mobile phone Correspondingly determine that digital identity signs and issues request, in alternatively possible mode, user passes through the interactive interface of ABC client When requesting wechat client authorization, mobile phone can correspondingly determine that digital identity signs and issues request, then in other some possibility Mode in, user can also trigger the application of digital identity by special sound or certain gestures or other ad hoc fashions, Accordingly, terminal device can determine that corresponding identity signs and issues request after detecting these specific operations.

In view of this convenient and fast presentation mode of small routine, when ABC client is to operate in wechat in a manner of small routine When in client, wechat client corresponding relevant information can be obtained and then to wechat client request authorization, it is a kind of Possible authorization schematic diagram is as shown in Figure 6, it is seen that by authorizing ABC client that can obtain the cell-phone number of wechat binding, i.e., micro- Bound cell-phone number when letter registration.In addition, terminal device is also when ABC client initiates authorization requests to wechat client It may determine that whether the login of wechat client fails, so naturally also can not just receive ABC client if failure Authorization requests, so the notice that wechat client logs in failure can be sent to ABC client at this time, and in wechat client When restoring to log in, then the notice for restoring to log in is sent to ABC client, can increase wechat client and ABC visitor by this method Interactive performance between the end of family improves interaction validity and timeliness.

Step 302: digital identity is signed and issued request and is sent to digital identity management platform by terminal device, and then passes through number The application of identity management platform progress digital identity.

It is integrated to the example of Fig. 5, digital identity management platform can be the background server of the corresponding maintenance of ABC client, Such as it is referred to as ABC background server, corresponding, wechat client can also correspond to the background server of maintenance wechat, such as claim Make wechat background server.

Step 303: after obtaining digital identity and signing and issuing request, determine that user needs to apply digital identity, it is digital at this time Identity management platform can then go to obtain identity real name information.

In embodiments of the present invention, the identity real name information of user is obtained approximately by two ways, one is straight Mode is connect, one is indirect modes.

1) direct mode.When it is desirable that applying for digital identity, user can be by digital identity management client (before such as The ABC client stated) be manually entered the identity real name information of oneself, such as input oneself name, identification card number, cell-phone number, The relevant informations such as home address, ABC client, can be in company with numbers after obtaining the identity real name information that user is manually entered Identity signs and issues request and is sent to digital identity management platform together, then digital identity management platform can then directly obtain user Identity real name information.

2) indirect mode.In this way, user may and be not manually entered identity real name information, then digital identity Management platform then needs to go to match by certain mode the identity real name information for determining user, will need in the embodiment of the present invention It adopts to go to match by some way and determines that the mode for the identity real name information that could obtain user is referred to as indirect mode, in a kind of possibility Embodiment in, such as other clients associated by ABC client (such as wechat client above-mentioned) can be passed through Payment data obtain the identity real name information of user, for example the financial payment mark of wechat binding (such as is referred to as target Financial payment mark, such as bank's card number) corresponding user information as it needs to be determined that identity real name information, because of financial industry The user information of (such as bank or securities broker company) is typically all to pass through the veritification of higher level, for example handling bank card When need to veritify the identity of user face to face by bank clerk and judge whether really, while can also be carried out with face recognition technology Auxiliary is veritified, so the reliability and authenticity of the identity information of the user veritified by financial relevant industries are higher, then will These identity informations veritified by financial relevant industries carry out the application of digital identity as final identity real name information It is the validity that can ensure it is authentic and valid application, and then ensure to apply.

It should be noted that in the indirect mode, user can also pre-enter identity real name information, but digital body The identity that part management platform still can obtain again the corresponding real name information of bank to input with user by this indirect mode is real Name information is compared, and is the equal of being veritified by bank data to the identity real name information that user inputs, it is ensured that information Validity.For some specific embodiments of indirect mode, will describe in detail later.

It is further to note that since the identity real name information obtained by indirect mode is matched by equipment oneself , it is likely that it is not to be filled in by user, so being counted to further be veritified to the identity real name information determined Word identity management platform sends out remaining users information after can deleting the identity real name message part obtained by indirect mode Terminal device is given, which is showed by user by the digital identity management client in terminal device, is allowed The deleted part of user's completion, such as shown in Fig. 7, last 4 of user's completion name and identification card number are needed, further Ground, after user's completion information, the information of completion can be then forwarded to digital identity management platform, digital body by terminal device Whether the information that part management platform judges completion is consistent completely with the information before deletion, can determine if being consistent completely logical The identity real name information for crossing indirect mode acquisition is true identity information corresponding to the user, and then may insure the accurate of information Property and validity, while being equivalent to by way of completion is also to have carried out one-time authentication to user itself, i.e., determination is user I, then (such as may falsely use others identity real name information applications number body due to not knowing if it is illegal user Part) relevant information of real user and lead to completion mistake, to be veritified to the identity reality of application user.

Step 304: after obtaining identity real name information, digital identity management platform can be by the identity real name of acquisition Information is sent to the veritification that population searching platform (such as population Help Center, the Ministry of Public Security) carries out validity.

Step 305: population searching platform, can be with after obtaining the identity real name information that digital identity management platform is sent Lookup is compared with itself citizen's information bank in it, if finding corresponding user information in citizen's information bank, that The identity real name information that can then determine that digital identity management platform is sent is necessary being, that is, is shown to be real user Identity real name information, and then the query feedback confirmed the validity is then sent to digital identity management platform.

In addition, digital identity management platform can also be to terminal device during carrying out the veritification of identity real name information Living body verifying instruction is sent, living body verifying instruction is used to indicate user and carries out the verifying of human body living body, further, terminal device After receiving living body verifying instruction, then living body checking request can be exported, such as prompt to use in the form of voice or text Family should carry out human body living body verifying, and accurately carry out living body verifying to user using a kind of living body verification mode, and obtain After the living body checking request for obtaining terminal device output, user then can be against terminal device, such as the finger according to terminal device Show that the camera of alignment terminal device blinks, reads aloud one section of character or number, carries out living body to modes such as multiple directions rotary heads Verifying, such as living body shown in Fig. 8 verify schematic diagram, and terminal device can be judged currently based on preset living body authentication policy Whether user is living body, when determination is living body, then Liveness information is sent to digital identity management platform, to inform number The current user of identity management platform is strictly living body.User can be examined on certain procedures in such a way that living body is verified is Living person, true man, it is ensured that the validity of digital identity application.

Meanwhile during carrying out living body verifying, terminal device can also obtain the facial image of user, and will obtain Facial image be sent to digital identity management platform, then digital identity management platform can will then obtain in step 304 Facial image and identity real name information send jointly to population searching platform carry out identity information and face complexion dual core It tests, further increases the validity of veritification.

For the veritification mode of the another possibility of identity real name information, the binding of wechat client can also be first obtained Cell-phone number when cell-phone number, i.e. registration wechat client, it is then short to cell-phone number transmission by digital identity management platform again Believe identifying code, while terminal device can show verifying interface (i.e. short-message verification interface) by digital identity management client, If can then obtain short message verification code if true legitimate user and input the short message of acquisition in the short-message verification interface Identifying code also can be determined that the voluntary application of user, true man to complete short-message verification by way of short-message verification Wish, and then the validity of digital identity application can be improved.

In the specific implementation process, can also be ensured using some other verification modes apply wish authenticity and Validity, the embodiment of the present invention will not enumerate.

Step 306: after no matter which kind of mode determining identity real name information by veritifying by, digital identity management platform It can then determine that identity real name information is effective.

Step 307: further, digital identity can be signed and issued request and the body by veritifying by digital identity management platform Part real name information is sent to credible platform (such as three institute, the Ministry of Public Security), to sign and issue eID coding by credible platform.

Credible platform the digital identity for receiving the transmission of digital identity management platform sign and issue request and identity real name information it Afterwards, determine that user is desired based on the identity real name information and signs and issues digital identity, still, credible platform may be to digital identity management The relevant information that platform is sent holds suspection, so credible platform then can be to the body of acquisition in order to ensure the validity of information Part real name information is further veritified.

Step 308: a kind of possible veritification mode of credible platform is that the identity real name information of acquisition is sent to population Searching platform, to carry out veritification again to identity real name information by population searching platform.

Step 309: similar with step 305, population searching platform carries out the identity real name information that credible platform is sent The verifying of validity, and the information that confirms the validity is generated when confirming the validity, and the information that this is confirmed the validity be sent to it is credible Platform.

Step 310: population searching platform sends the query feedback confirmed the validity to credible platform.

Step 311: credible platform, then can be true after obtaining the effective query feedback of confirmation that population searching platform is sent It is believable for recognizing the identity real name information, and then is and this by the identity real name information processing of acquisition based on own Encryption Algorithm Uniquely corresponding eID is encoded identity real name information, to complete signing and issuing to the digital identity of user.

Step 312: the eID signed and issued coding is returned to digital identity management platform by credible platform.

Since eID coding is believing with the identity real name of user of being signed and issued by the credible platform (such as three institute, the Ministry of Public Security) of authority Unique corresponding digital identity is ceased, so the digital identity being achieved in that is enough authority, can satisfy higher safety etc. Grade, and based on authority, safety possessed by eID technology itself, universality and privacy this several big feature, it can be improved Reliability, safety and the validity of digital identity reduce the risk that digital identity is stolen, distorts, falsely using, so that it is guaranteed that with The identity information safety at family.

Digital identity management platform can store in local, while can after obtaining the eID coding that credible platform is sent To generate digital identity mark according to predetermined generating mode based on the eID coding received.

In the specific implementation process, the specific appearance form of digital identity for example can directly be eID coding, or can be with It is encrypted eID coding, perhaps can be two dimensional code including eID coding or encrypted eID coding or can be with Have other presentation modes, wherein by way of two dimensional code convenient for it is subsequent using digital identity carry out authentication when Direct barcode scanning uses under line.

It is generated in addition, generating corresponding digital identity mark based on eID coding and can be by digital identity management platform, or Person can also be can be generated by terminal device generation, or both, specifically can be depending on actual use scene, the present invention Embodiment to this with no restriction.

Step 313: the eID coding of acquisition is sent to terminal device by digital identity management platform, or can also will be added EID coding after close is sent to terminal device, specifically, is destined to the digital identity management client run in terminal device End.

Step 314: after obtaining the eID coding that digital identity management platform is sent, terminal device can be directly based upon The eID coding or encrypted eID coding received generates digital identity two dimensional code, such as the digital identity two dimensional code of generation As shown in figure 9, and can show digital identity two dimensional code generated by digital identity management client.

Digital identity two dimensional code in the embodiment of the present invention can with periodic refreshing, such as refreshed at interval of 10 seconds it is primary, or Person can be according to the triggering manual refreshing of user, and can reduce the stolen brush of digital identity two dimensional code by way of refreshing can Can, the essence of refreshing be, for example, change two dimensional code presentation style, or be added in the two dimensional code updated every time update when Between, etc..In addition, the digital identity two dimensional code in the embodiment of the present invention can forbid screenshot, that is, if terminal device is current Showing interface is digital identity two dimensional code, and screenshotss instruction can be not responding to if detecting after screenshotss instruction, and The prompt information of screenshotss is forbidden in output, alternatively, current digital identity two dimensional code can also then be enabled to fail when detecting screenshotss, And new digital identity two dimensional code is regenerated, it can prevent the duplication of digital identity two dimensional code from stealing by a series of mode With, it is ensured that the safety of user information.

Step 315: in another mode, digital identity management platform oneself can be protected after obtaining eID coding It stays eID to encode, and corresponding authorization is generated according to the eID of acquisition coding and is identified, such as generate a token coding.

Step 316: the authorization mark of generation is sent to terminal device again by digital identity management platform, is specifically sent out Give the digital identity management client in terminal device.

Step 317: terminal device then can generate digital identity two based on authorization mark after receiving authorization mark Tie up code.

Token can be encoded and be not understood as the key for obtaining original eID coding, it is subsequent who need eID to encode When can then hold this key and asked for digital identity management platform.Such as it is generated in digital identity management client and includes After the two dimensional code of token coding, needs the trade company for carrying out authentication to user that can then scan the two dimensional code and then obtain Then the token coding of acquisition is sent to digital identity management platform again to request eID to encode by token coding.

Token coding can periodically update, for example update at interval of 5 hours once, but whether which type of is updated to Coding all knows the token updated coding and which corresponding, Jin Erke of eID coding for digital identity management platform Corresponding eID coding is accurately found with the token coding sent according to requestor, to ensure the accuracy of information.

By way of authorization mark, digital identity management platform can be passed not directly to terminal device (i.e. user front end) Defeated original eID coding transmits authorization mark using in front end because being easy to be stolen in front-end information, into And the mode that the authorization mark for recycling front end to transmit goes to backstage to search corresponding eID coding can ensure eID coding as far as possible Safety improves safety.

Step 318: digital identity management platform deletes identity real name information corresponding with the eID coding obtained.

That is, digital identity management platform can be in time by identity real name before after obtaining eID coding Information deletion is the real name information in order to save user not on platform as far as possible in this way, is stolen to prevent the real name information of user It is utilized with illegal, ensures the privacy information safety of user to the maximum extent.

In the specific implementation process, once digital identity management platform obtains after the eID coding that credible platform is sent Can will identity real name information deletion corresponding with eID coding, use can be reduced to the greatest extent by the processing mode deleted in time Preservation duration of the real name information at family on platform, thus the risk that the real name information for reducing user to the full extent is stolen.

By the way of foregoing description, the digital identity of a user is then completed by digital identity management platform Application and sign and issue, in practice, can also adopt and apply for other users in a similar manner and sign and issue digital identity, Huo Zheye It can be to have applied for that the user of digital identity applies for new digital identity again again, that is to say, that digital identity management is flat Platform is the equal of the platform of a digital identity for applying for and managing numerous users, since the platform is based entirely on pure line Mode completes the application of digital identity, can be used at once after the completion of application, without also needing user as the prior art The upgrading of line deactivating so that the universality of scheme is wider, more conducively practical application and pushes away so user cost is greatly reduced Extensively.

Further, it is further understood from for the ease of the indirect mode to foregoing description, below again with aforementioned ABC client The example of end and wechat client is simultaneously illustrated in conjunction with Figure 10.

Step 1001:ABC client is to wechat client request authorization, and the specific implementation about request authorization is in front By the agency of mistake, is just not repeated herein.

Step 1002: based on the request authorization to wechat client, ABC client can obtain wechat registration cell-phone number, The bank card number of binding user information corresponding with the bank card number.

The wechat of acquisition is registered the bank card number and the bank card card of cell-phone number, binding by step 1003:ABC client Number corresponding user information is all sent to ABC background server.

Step 1004:ABC background server judge wechat registration cell-phone number and the bank card binding cell-phone number whether one It causes, the binding cell-phone number of bank card is exactly to be reserved in the phone number of bank when applying for the bank card to bank (such as to be referred to as Bank reserves cell-phone number), the reserved cell-phone number of bank can be searched in the corresponding user information of the bank card to be obtained.

Step 1005: if if consistent, can largely show the user for currently carrying out digital identity application It is user, true man, the corresponding user information of the bank card is then determined as identity real name above-mentioned by ABC background server to be believed Breath, the i.e. user information for issuing credible platform to request eID to encode.

Step 1006: if if inconsistent, can largely show the use for currently carrying out digital identity application Family is not true user, then can voluntarily search the bank card of wechat registration cell-phone number binding at this time, such as can be looked into Find one or more bank card.

Alternatively, either whether consistent in the binding cell-phone number of wechat registration cell-phone number and bank card, ABC background server It can be using the above-mentioned described bank card for voluntarily searching wechat registration cell-phone number binding.

In the specific implementation process, ABC client can call the reference interface of itself to each big bank or specified All bank cards bound in wechat registration cell-phone number are searched by bank, or special searching platform can be entrusted to go to be looked into It askes, alternatively, ABC client can also go to search the silver bound using wechat background server reference interface mature at present Row card, etc..It is after no matter being searched using any mode, then available that the one of cell-phone number binding is registered with the wechat Kind or multiple bank cards.

Step 1007: if looking only for a bank card, ABC background server can be directly corresponding by the bank card User information is as identity real name information above-mentioned.

Step 1008: if finding multiple bank cards, ABC background server judges what all bank cards respectively included Whether user information corresponds to same user.

Because there is a kind of this situation in practice, such as Mrs Wang uses the cell-phone number of oneself in bank A and bank B It is each respectively to have applied for a bank card, and the husband of Mrs Wang has also applied for a Zhang Yin in bank C using the cell-phone number of Mrs Wang Row card, so in this case, corresponding three bank cards that the cell-phone number based on Mrs Wang is found are exactly two users, Based on this situation, following present corresponding solutions.

Step 1009: if corresponding same user, ABC background server select the user information of any one bank card to make For identity real name information above-mentioned.

Step 1010: if corresponding with different multiple users, ABC background server (can be with by multiple bank's card numbers Including corresponding Bank Name) send jointly to ABC client.

ABC client can show its whole user that user oneself is allowed to select after receiving these information, thus Obtain user feedback.

User feedback is returned to ABC background server by step 1011:ABC client.

Step 1012:ABC background server, and then can be by the corresponding silver of user feedback after receiving user feedback The real name information of row card is determined as identity real name information above-mentioned.

It illustrates to register the various processing modes that cell-phone number pulls bank card account by wechat by Figure 10, passes through difference The accuracy that identity real name information determines can be improved in the use of processing mode, while the universality of scheme also can be enhanced.

In entire application process, strategy can also be determined according to predetermined risk to determine that digital identity signs and issues the wind of request Control grade, specifically, can by digital identity management platform by interface call wechat background server air control interface come The judgement of air control grade is realized, because wechat background server has been provided with more mature air control technology at present, by this Mode may not need and carry out additional improvement to digital identity management platform, and cost is relatively low for air control, further, then based on determination The corresponding safety verification mode of air control grade carry out safety verification, it is assumed that air control grade be 1 grade, corresponding safety verification mode It is short-message verification, and assumes that air control grade is 4 grades, corresponding safety verification mode is that short-message verification adds human body living body to verify, etc. Deng, using corresponding safety verification mode carry out verifying and after being verified, digital identity management platform just will be aforementioned Identity real name information and digital identity sign and issue request and be sent to credible platform to request eID to encode.

The embodiment of the present invention carries out risk monitoring and control to entire application process by air control strategy, can be in each of application process A stage all avoids risk as far as possible, to improve the safety of application process.

Meanwhile in entire application process, device identification and the digital identity management visitor of terminal device can also be first obtained The client identification at family end (such as ABC client above-mentioned), wherein device identification is, for example, international mobile equipment identification number (International Mobile Equipment Identity, IMEI) or medium access control (Media Access Control, MAC) address, open id, etc. of the client identification for example as small routine.

If it is determined that device identification and client identification meet preset condition then show it is current there are security risks, such as send out The interior number of erroneous logons in other equipment of existing client identification short time, which reaches threshold value so, can then determine that satisfaction is default Condition, then shows the risk for having steal-number at this time, for example, hacker in the account for attempting to steal digital identity client to falsely use wherein EID coding, think that risk is larger at this time, it is possible to indicating risk information is exported, to prompt the number of the aforementioned generation of user Identity is used extremely, or the digital identity mark that can directly prompt user log off original application, etc. again again, In the specific implementation process, according to the difference of risk class, other prompts, herein just not reinflated theory can also be carried out to user It is illustrated, risk can be determined by way of device identification and client identification and then is effectively prompted, it can be in certain journey Avoid risk on degree, and can also the risk situation for occurring more verifying when (such as by steal-number) afterwards timely the carry out it is effective Processing, to reduce loss as far as possible.

Current authentication generally has following two mode:

The first, trade company access real name verification service agent, by agent return verifying real name information whether one It causes.In this way, real name information is authenticated by agent, and one side agent can cache the real name information of verifying, So as to cause user information to reveal, meanwhile, agent carries out real name verification for save the cost, using local caching, It is difficult to ensure the reliability of verification information.

It second, is demonstrate,proved by the current net released and carries out real-name authentication, there is net card to be divided into black and white net card and colour Net card, and the commercialization degree of black and white net card is lower, so being difficult to meet the certification demand of most of trade companies, also, net card is Directly by the real name information back of user to trade company, but the real name information is the letter that user is generated based on the encryption technology of itself Breath, so reliability is not high, is easy to be replicated, distort during storage, so the real name letter for having net card to return to trade company Breath is also not necessarily true real name information, and validity is relatively low.

By analyzing the prior art, the inventors found that the reliability of existing authentication is lower, And there are the risks that the real name information of user is stolen, distorts, and safety is poor, are unfavorable for the secret protection of user, so It is larger to promote difficulty.In consideration of it, present inventor considered that being improved by the way of the digital identity signed and issued by authoritative institution The security level of digital identity, so that reliability and validity are improved, meanwhile, real-name authentication platform itself does not save appointing for user What real name information, can prevent the real name information of user to be stolen and distort as far as possible in this way, protect the privacy information of user as far as possible.

By above-mentioned analysis and consideration, the present inventor devises a kind of side that digital identification authentication is realized using eID technology Number can be improved based on authority, safety possessed by eID technology itself, universality and privacy this several big feature in case Reliability, safety and the validity of identity reduce the risk that digital identity is stolen, distorts, falsely using, it is ensured that the identity of user Information security, meanwhile, real-name authentication platform only retains the eID coding signed and issued by credible platform (such as three institute, the Ministry of Public Security), and simultaneously The real name information for not saving user, can reduce the risk of the leakage of private information of user in this way.

After having introduced the design philosophy of the embodiment of the present invention, below to the digital identification authentication in the embodiment of the present invention The application scenarios that scheme can be applicable in do some simple introductions, it should be noted that application scenarios introduced below are only used for The bright embodiment of the present invention and it is non-limiting.In the specific implementation, it can neatly be mentioned according to actual needs using the embodiment of the present invention The technical solution of confession.

Identity authentication scheme in the embodiment of the present invention can be applied to any scene for needing to carry out real-name authentication, such as Real-name authentication, real name when industrial and commercial registration are sent by special delivery, hotel's real name is moved in, the certification of Internet bar's real name internet, buy various traffic tickets The real-name authentication of (such as plane ticket, high guaranteed votes, ferry ticket, train ticket, bus ticket), the library's real name of being engaged in handle readers' ID or Library card, bank's application bank card (opening a bank account), stock exchange transaction, purchase insurance, is bought the real-name authentication for exhibition of visiting a museum The various scenes for needing to carry out real-name authentication such as room.

It can be high field scape and feeble field scape, high field scape by these scene partitionings according to the requirement of real-name authentication scene height Real-name authentication rank be higher than feeble field scape, for example, needing name certification, authentication ids, face authentication for banking Corresponding verifying could be completed with the big verification mode of short-message verification four, high field scape can be understood as at this time, in another example removing figure Book shop checks out books card, then only needs name to authenticate and authentication ids, can be understood as feeble field scape, etc. at this time.

1, Figure 11 is a kind of application scenarios that the identity authentication scheme in the embodiment of the present invention can be applicable in referring to Figure 1, The application scenarios include user terminal 1101, merchant server 1102, real-name authentication server 1103 and credible platform server 1104.Wherein, in user terminal 1101 operation have digital identity management client (or may also be referred to as user client, or Person's authentication client), the corresponding APP of trade company (such as being referred to as vendor end) can also be run, so user terminal 1101 can communicate to connect with merchant server 1102 and real-name authentication server 1103 respectively respectively, specifically, trade company's clothes Business device 1102 is the server of maintenance corresponding with vendor end, and real-name authentication server 1103 is and digital identity management visitor The server of the corresponding maintenance in family end, in addition, merchant server 1102 can be communicated with credible platform server 1104, also, real Name certificate server 1103 can also be communicated with credible platform server 1104 and (is not shown in Figure 11).

That is, vendor end and digital identity management client operate in user terminal 1101 simultaneously, when with Family can click directly on trade company visitor when vendor end carries out business (such as the buying high guaranteed votes) for needing to carry out real-name authentication Verifying interface in the end of family directly jumps to digital identity management client from vendor end, and then realizes that the identity on line is recognized Card.

Referring back to Figure 12, Figure 12 is a kind of application scenarios that the identity authentication scheme in the embodiment of the present invention can be applicable in, The application scenarios include user terminal 1201, merchant tenninal 1202, merchant server 1203, real-name authentication server 1204 and can Believe Platform Server 1205, distinguishing with application scenarios shown in Figure 11 to be, vendor end and digital identity managing customer End separation operates in merchant tenninal 1202 and user terminal 1201, and merchant tenninal 1202 can be straight by way of barcode scanning at this time Obtain digital identity two dimensional code or user terminal 1201 shown in user terminal 1201 can also will wherein by network Digital identity two dimensional code be sent to merchant tenninal 1202.

Referring back to Figure 13, Figure 13 is a kind of application scenarios that the identity authentication scheme in the embodiment of the present invention can be applicable in, The application scenarios include user terminal 1301, trade company's barcode scanning gate 1302, merchant server 1303, real-name authentication server 1304 With credible platform server 1305, wherein trade company's barcode scanning gate 1302 can pass through number shown in scanning user terminal 1301 Body part two dimensional code and realize the authentication to user, and can permit when certification passes through user by gate.For example, User using digital identity two dimensional code on-line purchase train ticket, when go to the railway station used during taking train when just need to show digital identity Two dimensional code is to realize authentication, and the relevant information for the train ticket that the determining user is bought after authentication, after And allow its direct used during taking train, it thus goes to get and carry entity train ticket without user, reduces fiery entity ticket and lose Caused by economic loss and user information leakage.

User terminal 1101, user terminal 1201 and user terminal 1301 above-mentioned can be mobile phone, tablet computer, palm Computer, laptop, intelligent wearable equipment (such as smartwatch and Intelligent bracelet), personal computer, etc., earlier figures Servers-all in 11- Figure 13 may each be personal computer, large and medium-sized computer, computer cluster, etc..

The identity authentication scheme provided for the embodiment of the present invention will be further explained, with reference to the accompanying drawing and specific embodiment party This is described in detail in formula.Although the embodiment of the invention provides as the following examples or method shown in the drawings operation step It suddenly, but based on routine or in the method may include more or less operating procedure without creative labor. In the step of logically there is no necessary causalities, the execution sequence of these steps is not limited to provided in an embodiment of the present invention Execute sequence.The method can be according to shown in embodiment or attached drawing when perhaps device executes in actual treatment process Method sequence execute or parallel execute (such as application environment of parallel processor or multiple threads).

Referring to Figure 1 shown in 4A, the embodiment of the present invention provides a kind of identity authorization system, which includes body Part certification request end, terminal device and digital identity management platform；Or as shown in Figure 14B, it is provided in an embodiment of the present invention Another identity authorization system only includes terminal device and digital identity management platform；Or as shown in Figure 14 C, the present invention is real Another identity authorization system for applying example offer includes terminal device, digital identity management platform, credible platform and authentication Request end；Or as shown in fig. 14d, another kind identity authorization system provided in an embodiment of the present invention includes terminal device, number Word identity management platform and credible platform.In Figure 14 B and Figure 14 D, since terminal device and ID authentication request end are same Equipment, so just merely illustrating terminal device, that is to say, that in embodiments of the present invention, terminal device and ID authentication request End may be same equipment, or may be distinct device.

Identity authorization system in the embodiment of the present invention for example can be in Figure 14 A- Figure 14 D above-mentioned any one answer System composed by all devices included by scene, just no longer illustrates one by one herein.

Below in conjunction with the identity identifying method in the embodiment of the present invention shown in figure 15 interaction figure to the embodiment of the present invention In identity authentication scheme be illustrated.In order to make it easy to understand, be with ID authentication request end and terminal device in Figure 15 being point From two equipment be illustrated, in actually understanding, ID authentication request end can be not understood as trade company, it is specific come Say it is the corresponding merchant tenninal of trade company.

Step 1501: terminal device obtains the ID authentication request at ID authentication request end, and the ID authentication request is for example It is that ID authentication request end is sent to terminal device.

For example, user uses the mobile phone on-line purchase train ticket of oneself, then user can log in booking visitor on mobile phone Family end either searches booking small routine or booking public platform in wechat, and then reaches the booking page, in the mistake for carrying out booking Cheng Zhong, trade company can prompt user to carry out authentication, such as show one on booking interface and can jump directly to authenticate The control of client (i.e. digital identity management client), when needing to carry out authentication, user clicks the control later i.e. Can be from booking page jump to Authentication Client, and the operation that user clicks the control produces authentication above-mentioned and asks It asks.

Step 1502: the ID authentication request is just sent to number after obtaining ID authentication request by terminal device Identity management platform.

Multiple eID codings, each unique mark of eID coding are stored in digital identity management platform in the embodiment of the present invention Know a user, each eID coding, which is that the identity real name information by credible platform based on a user is uniquely corresponding, to be generated, The identity real name information unique identification of each user user.That is, digital identity management platform can be not understood as The platform of the eID coding of one multiple user of management then needs to come from the platform when some user needs to carry out authentication Obtain corresponding eID coding.

Step 1503: digital identity management platform, can be according to being sent to it this after obtaining the ID authentication request The client identification of the digital identity management client of ID authentication request operated in terminal device determines corresponding mesh Mark eID coding.

Due to that can determine corresponding target eID coding according to the client identification of digital identity management client, again Since every eID encodes one user of unique identification, so user itself and digital identity management client can be arranged in user in advance Unique binding relationship between the client at end, and then trade company can be made to pass through this unique binding relationship to correspond to from number Corresponding eID coding is obtained at identity management platform, to ensure that information is accurate.

Step 1504: the target eID found coding is sent to ID authentication request end by digital identity management platform, i.e., Return to trade company.

Step 1505: after obtaining target eID corresponding to the user coding, i.e., the digital identity for obtaining user it Afterwards, in order to carry out authentication to user, target eID can be encoded and is sent to credible platform to request credible platform pair by trade company EID coding carries out validation verification.

In the specific implementation process, the purpose that trade company carries out authentication to user may include: that (1) is only used for identity and tests Card, to judge that the digital identity of the user is authentic and valid；(2) body of acquisition user is also needed while carrying out authentication Part real name information.Illustrate respectively below for both situations.

Situation is planted for (1), due to being verifying purpose, trade company is as step 1505 is like that only by target eID at this time Coding is sent to credible platform, further, if executing step 1506 after being verified.

Step 1506: after determining target eID coding by verifying, credible platform can then have to trade company's return authentication Effect notice, to inform that target eID coding of the trade company transmitted by it is effective digital identity.

After being verified, trade company can then carry out business further, such as complete train ticket purchase or complete At handling for library card, or complete hotel occupancy registration, etc..

Situation is planted for (2), i.e., needs to obtain the situation of the identity identification information of user for trade company, can at least adopt It is realized with following two ways.

Mode 1

On the basis of above-mentioned (1) plants situation, if trade company, which has, to be believed from credible platform direct request identity real name If the data acquisition permission of breath, then can be requested again after determining target eID coding effectively and target eID coding pair The target identities identification information answered.Credible platform can determine that the trade company has number above-mentioned according to the title or code of trade company According to acquisition permission, and then target identities identification information corresponding with target eID coding can be sent to trade company.

Need to obtain target body alternatively, being also possible to send together while sending target eID coding to credible flat product The request of part real name information.Further, step 1507 is executed.

Step 1507: credible platform is after determining target eID coding effectively, i.e., to trade company, return authentication is effectively logical simultaneously Know and target identities identification information.Further, trade company can use the target identities identification information received and complete accordingly Business.

Mode 2

If trade company does not have data acquisition permission above-mentioned, then user can be required to fill in body to be detected manually in advance Part identification information, and then step 1508 is executed again.

Step 1508: target eID coding and identity real name information to be detected are sent to credible platform by trade company, can with request Letter platform verifies target eID coding, and encodes identity real name information to be detected and target eID after being verified Corresponding target identities real name information is compared.

Step 1509: credible platform is determining effective target eID coding and identity real name information to be detected and target identities When real name information comparison is consistent, is returned to trade company and compare consistent notice, to inform that trade company's identity real name information to be detected is true Available user information.

After receiving the consistent notice of comparison, that is, the identity real name information to be detected that can determine that user fills in is true for trade company It is available, further, then it can use identity identification information to be detected and complete relevant business.

In addition, for the safety of data transmission, all data transmitted between trade company and credible platform can be based on quotient The CA certificate at family is encrypted, and improves data safety.

In the embodiment of the present invention, signing and issuing and storing for digital identity is realized using eID technology, is based on eID technology institute itself This several big feature of authority, safety, universality and the privacy having, can be improved reliability, the safety of digital identity And validity, reduce the risk that digital identity is stolen, distorts, falsely using, it is ensured that the identity information safety of user, meanwhile, real name Authentication platform only retains the eID coding signed and issued by credible platform (such as three institute, the Ministry of Public Security), and does not save the real name letter of user Breath, can reduce the risk of the leakage of private information of user in this way.

Further, then to be illustrated in conjunction with Figure 16 to the identity authentication scheme in the embodiment of the present invention.

Step 1601: trade company's small routine is specific to authorize interface for example shown in Figure 17 to certification small routine request authorization.Tool For body, trade company's small routine can be by calling physical layer interface to realize the communication interaction between certification small routine.Wherein, trade company Small routine is, for example, the small routine of the trade company operated in wechat, and authenticating small routine for example is also the little Cheng run in wechat again Sequence, certification small routine are, for example, the digital identity management client being previously mentioned.

Step 1602: it is possible to further be authenticated to trade company, so, certification small routine can be asked to certification backstage It asks and trade company is authenticated.

Certification backstage is the platform being managed as one to the digital identity of user, only has cooperation with the platform The trade company of relationship could use the identity authentication function of the platform, thus by way of authentication can legitimacy to trade company into Row screening, only cooperating trade company could complete to authenticate, and not only can refuse the certification request of risk trade company, be also based on Cooperative relationship collects the certain maintenance cost of trade company, and then can bring certain income for platform.

Step 1603: certification backstage authenticates trade company.Such as can according to the principal name of trade company or cooperation code come Authenticated, the embodiment of the present invention to this with no restriction.

Step 1604: after the authentication is passed, certification backstage sends the feedback that the authentication is passed to certification small routine.

Step 1605: further, certification small routine can carry out safety verification.

In the specific implementation process, step 1605 can not be necessary step, specifically whether need to be implemented step 1605, And how safety verification is carried out, it can be selected according to following strategy.

If 1) trade company and platform have been made an appointment predetermined authentication mode, it is equivalent to trade company's just customization in advance in cooperation Safety verification mode, such as the verification mode of trade company A agreement is short-message verification and face verification, the authentication of trade company B agreement Formula is only face verification, etc., so if having an agreement and can be verified according to the verification mode made an appointment in advance.

If 2) trade company and platform are not made an appointment safety verification mode, then, platform can be according to the safety oneself defaulted Verification mode is verified, such as all carries out for all trade companies the identical safety verification side that short-message verification adds face verification Formula.

If 3) trade company and platform are not made an appointment safety verification mode, platform can be determined first according to the merchant identification of trade company The industry attribute of trade company, such as the industry attribute determined is referred to as target industry attribute, such as determine that trade company belongs to financial row Industry, perhaps belong to education sector or belong to trade run by individuals, etc., it is possible to further according to industry attribute and safety verification The corresponding relationship of mode determines and with target industry belongs to corresponding targeted security verification mode, if such as bank, just enable advanced Other safety verification mode, however, it is determined that be personal business, then enable the safety verification mode of low level.And then again to determine Safety verification mode completes safety verification.

Step 1606: after authorizing successfully, authorization mark corresponding with target eID coding, example is can be generated in certification backstage A token coding such as can be generated.

Step 1607: the authorization mark of generation is sent to certification small routine again by certification backstage.

Step 1608: authorization mark is sent to trade company's small routine by certification small routine.

Step 1609: authorization mark is then forwarded to trade company backstage by trade company's small routine.

Step 1610: authorization mark can be sent to certification backstage again after receiving authorization mark by trade company backstage.

Step 1611: certification backstage, can be from multiple eID of storage after receiving the authorization mark that trade company backstage is sent Target eID coding corresponding with authorization mark is determined in coding.

Step 1612: the target eID determined is encoded send trade company backstage again by certification backstage.

In the embodiment of the present invention, by way of authorization mark, digital identity management platform can be set not directly to terminal Standby (i.e. user front end) transmits original eID coding, because being easy to be stolen in front-end information, using in front end Transmission authorization mark, and then the mode for recycling the authorization mark of front end transmission that backstage is gone to search corresponding eID coding can be use up Amount ensures the safety of eID coding, improves safety.

In entire authentication procedures, strategy can also be determined according to predetermined risk to determine the wind of ID authentication request Control grade, specifically, can by digital identity management platform by interface call wechat background server air control interface come The judgement of air control grade is realized, because wechat background server has been provided with more mature air control technology at present, by this Mode may not need and carry out additional improvement to digital identity management platform, and cost is relatively low for air control, further, then based on determination The corresponding safety verification mode of air control grade carry out safety verification, it is assumed that air control grade be 1 grade, corresponding safety verification mode It is short-message verification, and assumes that air control grade is 4 grades, corresponding safety verification mode is that short-message verification adds human body living body to verify, etc. Deng carrying out verifying using corresponding safety verification mode and after being verified, digital identity management platform will just obtain Target eID coding be sent to trade company.

Based on the same inventive concept, shown in Figure 18, the embodiment of the present invention provides a kind of digital identity application device, The digital identity application device includes the first receiving module 1801, obtains module 1802, sending module 1803, the second receiving module 1804 and generation module 1805.Wherein:

First receiving module 1801, the digital identity sent for receiving terminal apparatus sign and issue request, wherein digital identity It signs and issues request and signs and issues digital identity for requesting；

Module 1802 is obtained, for obtaining identity real name information, wherein identity real name information is used for one use of unique identification Family；

Sending module 1803, for identity real name information to be sent to credible platform, to request credible platform to generate and body Uniquely corresponding eID is encoded part real name information；

Second receiving module 1804, for receiving the eID coding of credible platform transmission；

Generation module 1805 generates digital identity mark according to predetermined generating mode for encoding based on eID.

Based on the same inventive concept, shown in Figure 19, the embodiment of the present invention provides a kind of digital identity application device, The digital identity application device includes obtaining module 1901, sending module 1902, receiving module 1903 and generation module 1904.Its In:

Module 1901 is obtained, signs and issues request for obtaining digital identity, wherein digital identity signs and issues request for that please draw lots before idols Send out digital identity；

Sending module 1902 is sent to digital identity management platform for digital identity to be signed and issued request, so that digital body Part management platform is based on digital identity and signs and issues request acquisition identity real name information, and identity real name information is sent to credible put down Platform, wherein identity real name information is used for one user of unique identification；

Receiving module 1903, for receiving the eID coding of digital identity management platform transmission, wherein eID coding is credible Uniquely corresponding eID is encoded with identity real name information for platform generation；

Generation module 1904 generates digital identity mark according to predetermined generating mode for encoding based on eID.Wherein, preceding The related content for each step that the digital identity application method embodiment stated is related to can be quoted in the embodiment of the present invention The function of corresponding function module describes, and details are not described herein.

Based on the same inventive concept, shown in Figure 20, the embodiment of the present invention provides a kind of identification authentication system, the body Part authentication device includes receiving module 2001, determining module 2002 and sending module 2003.Wherein:

Receiving module 2001 is sent out for receiving terminal apparatus by the digital identity management client installed in terminal device The ID authentication request sent；

Determining module 2002 is used for identity-based certification request, the determining and digital identity from multiple eID of storage coding The corresponding target eID coding of the client identification of management client, wherein each eID coding is to be based on one by credible platform The identity real name information of a user uniquely corresponds to generation, the identity real name information unique identification of each user user；

Sending module 2003, for giving target eID coding transmission to ID authentication request end by preset transmission mode, with Make ID authentication request end that the target eID coding of acquisition is sent to credible platform, in the certification for receiving credible platform transmission After vaild notice, determine that authentication passes through.

Based on the same inventive concept, it refers to shown in Figure 21, the embodiment of the present invention provides a kind of identification authentication system, the body Part authentication device includes sending module 2101, receiving module 2102, sending module 2103 and determining module 2104.Wherein:

Sending module 2101, for sending ID authentication request；

Receiving module 2102 is compiled for receiving digital identity management platform by the target eID that preset transmission mode is transmitted Code, wherein digital identity management platform is stored with multiple eID codings, and each eID coding is to be based on a use by credible platform The identity real name information at family uniquely corresponds to generation, the identity real name information unique identification of each user user, and target eID is compiled Code is that digital identity management platform identity-based certification request is determined from multiple eID coding；

Sending module 2103, for target eID coding to be sent to credible platform, to authenticate target by credible platform Whether eID coding is effective；

Determining module 2104, for determining that authentication passes through after receiving the certification vaild notice that credible platform is sent.

Wherein, the related content for each step that identity identifying method embodiment above-mentioned is related to can quote the present invention The function of corresponding function module in embodiment describes, and details are not described herein.

It is schematical, only a kind of logical function partition to the division of module in the embodiment of the present invention, it is practical to realize When there may be another division manner, in addition, each functional module in each embodiment of the present invention can integrate at one It manages in device, is also possible to physically exist alone, can also be integrated in two or more modules in a module.It is above-mentioned integrated Module both can take the form of hardware realization, can also be realized in the form of software function module.

Based on the same inventive concept, the embodiment of the present invention also provides a kind of server, refers to Figure 22, and it illustrates this hairs The structural schematic diagram for the server that bright one embodiment provides, the server for example can be the server in Figure 1A-Fig. 1 C The real-name authentication server 1204 or Figure 13 in 1103 Figure 12 of real-name authentication server in 103 or Figure 11 In real-name authentication server 1304.Aforementioned digital identity application method and body may be implemented in server in the embodiment of the present invention Identity authentication method.Specifically:

The server includes the system storage of processor 2201, random access memory 2202 and read-only memory 2203 2204, and the system bus 2205 of connection system storage 2204 and processor 2201.The server further includes helping to calculate The basic input/output (I/O system) 2206 of information is transmitted between each device in machine, and is used for storage program area 2213, the mass-memory unit 2207 of application program 2222 and other program modules 2215.

Processor 2201 is the control centre of server, can use each of various interfaces and the entire server of connection A part is stored in memory (such as random access memory 2202 and read-only memory 2203) by running or executing The data that instruction and calling are stored in memory, the various functions and processing data of server, to be carried out to server Integral monitoring.

Optionally, processor 2201 may include one or more processing units, and processor 2201 can integrate application processor And modem processor, wherein the main processing operation system of application processor, user interface and application program etc., modulatedemodulate Processor is adjusted mainly to handle wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor In 2201.In some embodiments, processor 2201 and memory can be realized on the same chip, in some embodiments, They can also be realized respectively on independent chip.

Processor 2201 can be general processor, such as central processing unit (CPU), digital signal processor, dedicated collection At circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array or other Perhaps transistor logic, discrete hardware components may be implemented or execute the present invention in fact for programmable logic device, discrete gate Apply each method, step disclosed in example and logic diagram.General processor can be microprocessor or any conventional processing Device etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware processor and execute completion, or With in processor hardware and software module combination execute completion.

Memory as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software program, Non-volatile computer executable program and module.Memory may include the storage medium of at least one type, such as can With include flash memory, hard disk, multimedia card, card-type memory, random access storage device (Random Access Memory, RAM), Static random-access memory (Static Random Access Memory, SRAM), programmable read only memory (Programmable Read Only Memory, PROM), read-only memory (Read Only Memory, ROM), electrification can Erasable programmable read-only memory (EPROM) (Electrically Erasable Programmable Read-Only Memory, EEPROM), magnetic storage, disk, CD etc..Memory can be used for carrying or storing have instruction or data structure The desired program code of form and can by any other medium of computer access, but not limited to this.The embodiment of the present invention In memory can also be circuit or it is other arbitrarily can be realized the device of store function, for store program instruction and/ Or data.

Basic input/output 2206 includes display 2208 for showing information and inputs information for user Such as mouse, keyboard etc input equipment 2209.Wherein display 2208 and input equipment 2209 are all by being connected to The basic input/output 2206 of system bus 2205 is connected to processor 2201.The basic input/output 2206 is also It may include input and output controller to be set for receiving and handling from multiple other such as keyboard, mouse or electronic touch pen Standby input.Similarly, input and output controller also provides output to display screen, printer or other kinds of output equipment.

The mass-memory unit 2207 (is not shown by being connected to the bulk memory controller of system bus 2205 It is connected to processor 2201 out).The mass-memory unit 2207 and its associated computer-readable medium are the service Device packet provides non-volatile memories.That is, mass-memory unit 2207 may include that such as hard disk or CD-ROM drive The computer-readable medium (not shown) of dynamic device etc.

Without loss of generality, the computer-readable medium may include computer storage media and communication media.Computer Storage medium includes information such as computer readable instructions, data structure, program module or other data for storage The volatile and non-volatile of any method or technique realization, removable and irremovable medium.Computer storage medium includes RAM, ROM, EPROM, EEPROM, flash memory or other solid-state storages its technologies, CD-ROM, DVD or other optical storages, tape Box, tape, disk storage or other magnetic storage devices.Certainly, skilled person will appreciate that the computer storage medium It is not limited to above-mentioned several.

According to various embodiments of the present invention, which can also pass through the network connections such as internet to network On remote computer operation.Namely the server packet can be by the network interface list that is connected on the system bus 2205 Member 2211 is connected to network 2212, in other words, Network Interface Unit 2211 can be used also to be connected to other kinds of network Or remote computer system (not shown).

Based on the same inventive concept, the embodiment of the present invention also provides a kind of terminal device, which can be terminal Equipment, such as smart phone, tablet computer, PDA, laptop, mobile unit, intelligent wearable equipment etc..The terminal Equipment can be hardware configuration, software module or hardware configuration and add software module.The terminal device can be by chip system reality Existing, chip system can be made of chip, also may include chip and other discrete devices.

As shown in figure 23, the terminal device in the embodiment of the present invention includes at least one processor 231, and at least one The memory 232 of a processor connection does not limit specifically connecting between processor 231 and memory 232 in the embodiment of the present invention Medium is connect, is for passing through bus 230 between processor 231 and memory 232 and connect in Figure 23, bus 230 is in Figure 23 It is indicated with thick line, the connection type between other components is only to be schematically illustrated, does not regard it as and be limited.Bus 230 can be with It is divided into address bus, data/address bus, control bus etc., only to be indicated with a thick line in Figure 23 convenient for indicating, it is not intended that Only a bus or a type of bus.

In embodiments of the present invention, memory 232 is stored with the instruction that can be executed by least one processor 231, at least The instruction that one processor 231 is stored by executing memory 232, can execute the stroke controlling party in public transport above-mentioned Included step in method.

Wherein, processor 231 is the control centre of terminal device, can use various interfaces and the entire terminal of connection The various pieces of equipment are stored in memory 232 by running or executing the instruction being stored in memory 232 and calling Data, the various functions of terminal device and processing data, to carry out integral monitoring to terminal device.Optionally, processor 231 may include one or more processing units, and processor 231 can integrate application processor and modem processor, wherein answer With the main processing operation system of processor, user interface and application program etc., modem processor mainly handles wireless communication. It is understood that above-mentioned modem processor can not also be integrated into processor 231.In some embodiments, it handles Device 231 and memory 232 can realize that in some embodiments, they can also be on independent chip on the same chip It realizes respectively.

Processor 231 can be general processor, such as central processing unit (CPU), digital signal processor, dedicated integrated Circuit, field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware Component may be implemented or execute each method, step disclosed in the embodiment of the present invention and logic diagram.General processor can be with It is microprocessor or any conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can direct body Now executes completion for hardware processor, or in processor hardware and software module combine and execute completion.

Memory 232 is used as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software journey Sequence, non-volatile computer executable program and module.Memory 232 may include the storage medium of at least one type, It such as may include flash memory, hard disk, multimedia card, card-type memory, RAM, SRAM, PROM, ROM, EEPROM, magnetic storage Device, disk, CD etc..Memory 232 can be used for carry or store have instruction or data structure form it is desired Program code and can by any other medium of computer access, but not limited to this.Memory 232 in the embodiment of the present invention It can also be circuit or other devices that arbitrarily can be realized store function, for storing program instruction and/or data.

Another structural schematic diagram of terminal device shown in Figure 24 is referred to, which can also include input unit 243, display unit 244, radio frequency unit 245, voicefrequency circuit 246, loudspeaker 247, microphone 248, Wireless Fidelity (Wireless Fidelity, WiFi) components such as module 249, bluetooth module 2410, power supply 2411, external interface 2412, earphone jack 2412. It will be appreciated by persons skilled in the art that Figure 24 is only the citing of terminal device, the restriction to terminal device is not constituted, Terminal device may include perhaps combining certain components or different components than illustrating more or fewer components.

Input unit 243 can be used for receiving the number or character information of input, and generates and set with the user of terminal device It sets and the related key signals of function control inputs.For example, input unit 243 may include that touch screen 2431 and other inputs are set Standby 2432.Touch screen 2431 collects the touch operation of user on it or nearby, and (for example user is using finger, joint, stylus Etc. operation of any suitable object on touch screen 2431 or near touch screen 2431), i.e., touch screen 2431 can be used for examining Touch pressure and touch input position and touch input area are surveyed, and the corresponding connection dress of driving according to a pre-set procedure It sets.Touch screen 2431 can detecte user to the touch control operation of touch screen 2431, and touch control operation is converted to touching signals and is sent To processor 231, or it is interpreted as that the touch information of touch control operation can be sent to processor 231, and processor 231 can be received The order sent simultaneously is executed.Touch information at least may include in pressure size information and pressure duration information extremely Few one kind.Touch screen 2431 can provide input interface and output interface between terminal device and user.Furthermore, it is possible to using The multiple types such as resistance-type, condenser type, infrared ray and surface acoustic wave realize touch screen 2431.In addition to touch screen 2431, input Unit 243 can also include other input equipments 2432.For example, other input equipments 2432 can include but is not limited to secondary or physical bond One of disk, function key (such as volume control button, switch key etc.), trace ball, mouse, operating stick etc. are a variety of.

Display unit 244 can be used for showing information input by user or the information and terminal device that are supplied to user Various menus.Further, touch screen 2431 can cover display unit 244, when touch screen 2431 detect on it or near Touch control operation after, send processor 231 to the pressure information of determining touch control operation.In embodiments of the present invention, it touches Screen 2431 can integrate the input, output, display function for for a component and realizing terminal device with display unit 244.For just In description, the embodiment of the present invention is carried out so that touch screen 2431 represents the function set of touch screen 2431 and display unit 244 as an example It schematically illustrates, certainly in certain embodiments, touch screen 2431 and display unit 244 can also be used as two independent portions Part.

When display unit 244 and touch tablet in the form of layer it is superposed on one another to form touch screen 2431 when, display unit 244 It may be used as input unit and output device, when as output device, be displayed for image, such as realize to various views The broadcasting of frequency.Display unit 244 may include liquid crystal display (Liquid Crystal Display, LCD), thin film transistor (TFT) Liquid crystal display (Thin Film Transistor Liquid Crystal Display, TFT-LCD), organic light-emitting diodes Manage (Organic Light Emitting Diode, OLED) display, active matrix organic light-emitting diode (Active Matrix Organic Light Emitting Diode, AMOLED) display, plane conversion (In-Plane Switching, IPS) display, flexible display, at least one of 3D display device etc..Some in these displays can User is allowed to watch from outside to be configured to transparence, this is properly termed as transparent display, according to specific desired implementation Mode, terminal device may include two or more display units (or other display devices), for example, terminal device may include Outernal display unit (Figure 24 is not shown) and inner display unit (Figure 24 is not shown).

Radio frequency unit 245 can be used for receiving and sending messages or communication process in signal send and receive.In general, radio circuit packet Include but be not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier (Low Noise Amplifier, LNA), duplexer etc..In addition, radio frequency unit 245 can also by wireless communication with the network equipment and other set Standby communication.Any communication standard or agreement, including but not limited to global system for mobile communications (Global can be used in wireless communication System of Mobile communication, GSM), general packet radio service (General Packet Radio Service, GPRS), CDMA (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), long term evolution (Long Term Evolution, LTE), Email, short message service (Short Messaging Service, SMS) etc..

Voicefrequency circuit 246, loudspeaker 247, microphone 248 can provide the audio interface between user and terminal device.Sound Electric signal after the audio data received conversion can be transferred to loudspeaker 247, be converted to by loudspeaker 247 by frequency circuit 246 Voice signal output.On the other hand, the voice signal of collection is converted to electric signal by microphone 248, is received by voicefrequency circuit 246 After be converted to audio data, then by after the processing of audio data output processor 231, be sent to through radio frequency unit 245 such as another One electronic equipment, or audio data is exported to memory 232 to be further processed, voicefrequency circuit also may include earphone Jack 2412, for providing the connecting interface between voicefrequency circuit and earphone.

WiFi belongs to short range wireless transmission technology, and terminal device can help user to receive and dispatch electricity by WiFi module 249 Sub- mail, browsing webpage and access streaming video etc., it provides wireless broadband internet access for user.Although Figure 24 shows Go out WiFi module 249, but it is understood that, and it is not belonging to must be configured into for terminal device, it completely can be according to need It to omit within the scope of not changing the essence of the invention.

Bluetooth is a kind of short-distance wireless communication technology.Using Bluetooth technology, it can effectively simplify palm PC, notes Communication between the mobile communication terminal devices such as this computer and mobile phone also can successfully simplify the above equipment and internet (Internet) communication between, terminal device transmit the data between terminal device and internet by bluetooth module 2410 Become more efficient rapidly, to wirelessly communicate widening road.Bluetooth technology is that by opening for voice-and-data wireless transmission Putting property scheme.Although Figure 24 shows bluetooth module 2410, but it is understood that, and it is not belonging to the necessary of terminal device It constitutes, can according to need within the scope of not changing the essence of the invention and omit completely.

Terminal device can also include power supply 2411 (such as battery), be used to receive external power or in terminal device All parts power supply.Preferably, power supply 2411 can be logically contiguous by power-supply management system and processor 231, thus logical It crosses power-supply management system and realizes the functions such as management charging, electric discharge and power managed.

Terminal device can also include external interface 2412, which may include the Micro USB of standard Interface also may include multi-pin connector, can be used for connecting terminal device and is communicated with other equipment, the company of can be used for Charger is connect as terminal device charging.

Although being not shown, the terminal device in the embodiment of the present invention can also include other possibility such as camera, flash lamp Functional module, details are not described herein.

Based on the same inventive concept, the embodiment of the present invention also provides a kind of storage medium, which is stored with calculating Machine instruction, when the computer instruction is run on computers, so that computer executes digital identity application method as the aforementioned Or the step of identity identifying method.

Based on the same inventive concept, the embodiment of the present invention also provides a kind of digital identity application device, the public number body Part application device includes at least one processor and readable storage medium storing program for executing, when the instruction for including in the readable storage medium storing program for executing by this extremely When a few processor executes, the step of digital identity application method as the aforementioned can be executed.

Based on the same inventive concept, the embodiment of the present invention also provides a kind of identity and recognizes device, which includes At least one processor and readable storage medium storing program for executing, when the instruction for including in the readable storage medium storing program for executing is held by least one processor When row, the step of identity identifying method as the aforementioned can be executed.

Based on the same inventive concept, the embodiment of the present invention also provides a kind of chip system, which includes processor, It can also include memory, the step of for realizing digital identity application method as the aforementioned and identity identifying method.The chip System can be made of chip, also may include chip and other discrete devices.

In some possible embodiments, digital identity application method and identity identifying method provided by the invention is each A aspect is also implemented as a kind of form of program product comprising program code, when described program product on computers When operation, said program code is used to that the computer to be made to execute the exemplary embodiment party various according to the present invention for stating description above Step in the digital identity application method and identity identifying method of formula.

Based on the same inventive concept, the embodiment of the present invention also provides a kind of digital identity application device, and described device includes: Memory, for storing program instruction；Processor, for calling the program instruction stored in the memory, according to acquisition Program instruction executes the step in the digital identity application method for the illustrative embodiments various according to the present invention for stating description above Suddenly.

Based on the same inventive concept, the embodiment of the present invention also provides a kind of identification authentication system, and described device includes: storage Device, for storing program instruction；Processor, for calling the program instruction stored in the memory, according to the program of acquisition Instruction execution states the step in the identity identifying method of the illustrative embodiments various according to the present invention of description above.

Based on the same inventive concept, the embodiment of the present invention also provides a kind of storage medium, and the storage medium is stored with meter Calculation machine executable instruction, the computer executable instructions are for making computer execution state the various according to the present invention of description above Step in the digital identity application method and identity identifying method of illustrative embodiments.

It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.) Formula.

The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.

Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims

1. a kind of digital identity application system, which is characterized in that the system comprises terminal device and digital identity management platform, Wherein:

The terminal device is sent to the digital identity management platform for the digital identity of acquisition to be signed and issued request, wherein The digital identity signs and issues request and signs and issues digital identity for requesting；

The digital identity management platform is used for after receiving the digital identity and signing and issuing request, obtains identity real name information；It will The identity real name information is sent to credible platform；Receive the network electronic identity eID coding that the credible platform is sent； And encoded based on the eID, digital identity mark is generated according to predetermined generating mode；Wherein, the identity real name information is used In one user of unique identification, the credible platform is generated to be encoded with the unique corresponding eID of the identity real name information.

2. the system as claimed in claim 1, which is characterized in that operation has digital identity management client in the terminal device With small routine management client, the digital identity management client operates in the small routine managing customer in a manner of small routine In end；

The terminal device is also used to award by the digital identity management client to small routine management client request Power；And the target user's communication identifier for registering the small routine management client is obtained according to authorization；And pass through the number Target user's communication identifier is sent to the digital identity management platform by Identity Management client；

The digital identity management platform is used to obtain the destination financial pay mark of target user's communication identifier binding；And The user information of the destination financial pay mark is determined as the identity real name information.

3. a kind of digital identity application method, which is characterized in that the described method includes:

The digital identity of acquisition is signed and issued request and is sent to the digital identity management platform by terminal device, wherein the number Identity signs and issues request and signs and issues digital identity for requesting；

The digital identity management platform obtains identity real name information after receiving the digital identity and signing and issuing request；It will be described Identity real name information is sent to credible platform；Receive the network electronic identity eID coding that the credible platform is sent；And It is encoded based on the eID, generates digital identity mark according to predetermined generating mode；Wherein, the identity real name information is for only One one user of mark, the credible platform is generated to be encoded with the unique corresponding eID of the identity real name information.

4. a kind of digital identity application method, which is characterized in that the described method includes:

The digital identity that receiving terminal apparatus is sent signs and issues request, wherein the digital identity is signed and issued request and signed and issued for requesting Digital identity；

The identity real name information is sent to credible platform, to request the credible platform to generate and the identity real name information Unique corresponding network electronic identity eID coding；

Receive the eID coding that the credible platform is sent；

5. a kind of digital identity application method, which is characterized in that the described method includes:

The digital identity is signed and issued into request and is sent to digital identity management platform, so that the digital identity management platform is based on The digital identity signs and issues request and obtains identity real name information, and the identity real name information is sent to credible platform, wherein The identity real name information is used for one user of unique identification；

Receive the eID coding that the digital identity management platform is sent, wherein the eID coding is that the credible platform generates Uniquely corresponding eID is encoded with the identity real name information；

6. a kind of server, which is characterized in that the server includes:

Memory, for storing program instruction；

Processor requires 4 according to the program instruction perform claim of acquisition for calling the program instruction stored in the memory The method includes the steps that.

7. a kind of terminal device, which is characterized in that the terminal device includes:

Memory, for storing program instruction；

Processor requires 5 according to the program instruction perform claim of acquisition for calling the program instruction stored in the memory The method includes the steps that.

8. a kind of storage medium, which is characterized in that the storage medium is stored with computer executable instructions, and the computer can It executes instruction for making computer perform claim that any method in 3-5 be required to include the steps that.

9. a kind of identity authorization system, which is characterized in that the system comprises ID authentication request ends, terminal device sum number body Part management platform, operation has digital identity management client in the terminal device；Wherein:

The terminal device is used to obtain ID authentication request by the digital identity management client；And the identity is recognized Card request is sent to the digital identity management platform；Wherein, the digital identity management platform is stored with multiple network electronics Identity eID coding, each eID coding are the identity real name information uniquely corresponding lifes by credible platform based on a user At, the identity real name information unique identification of each user user；

The digital identity management platform is used to be based on the ID authentication request, the determining and digital identity management client Client identification corresponding target eID coding；And the target eID coding transmission is given to the body by preset transmission mode Part certification request end；

The target eID coding that the ID authentication request end is used to obtain is sent to the credible platform, to pass through Whether effective state the credible platform certification target eID coding；And in the certification vaild notice for receiving the credible platform transmission Afterwards, determine that authentication passes through.

10. a kind of identity identifying method, which is characterized in that the described method includes:

Terminal device obtains ID authentication request by the digital identity management client installed in the terminal device；And by institute It states ID authentication request and is sent to digital identity management platform；Wherein, the digital identity management platform is stored with multiple networks Electronic identifications eID coding, each eID coding are that the identity real name information by credible platform based on a user is uniquely right It should generate, the identity real name information unique identification of each user user；

The digital identity management platform is based on the ID authentication request, the determining visitor with the digital identity management client Family end identifies corresponding target eID coding；And the target eID coding transmission is asked to authentication by preset transmission mode Ask end；

The target eID of acquisition coding is sent to the credible platform by the ID authentication request end, with by it is described can Believe whether the coding of target eID described in platform authentication is effective；And after receiving the certification vaild notice that the credible platform is sent, really Determine authentication to pass through.

11. a kind of identity identifying method, which is characterized in that the described method includes:

The ID authentication request that receiving terminal apparatus is sent by the digital identity management client installed in the terminal device；

Based on the ID authentication request, the determining and number from multiple network electronic identity eID of storage coding The corresponding target eID coding of the client identification of Identity Management client, wherein each eID coding is by credible platform base Generation, the identity real name information unique identification of each user user are uniquely corresponded in the identity real name information of a user；

The target eID coding transmission is given to ID authentication request end by preset transmission mode, so that the authentication is asked Ask end that the target eID coding of acquisition is sent to the credible platform, in the certification for receiving the credible platform transmission After vaild notice, determine that authentication passes through.

12. a kind of identity identifying method, which is characterized in that the described method includes:

Send ID authentication request；

Digital identity management platform is received to encode by the target network electronic identifications eID that preset transmission mode is transmitted, In, the digital identity management platform is stored with multiple eID codings, and each eID coding is to be based on a use by credible platform The identity real name information at family uniquely corresponds to generation, the identity real name information unique identification of each user user, the target EID coding is that the digital identity management platform is determined from the multiple eID coding based on the ID authentication request；

Target eID coding is sent to the credible platform, is encoded with authenticating the target eID by the credible platform Whether effectively；

13. a kind of server, which is characterized in that the server includes:

Memory, for storing program instruction；

Processor, for calling the program instruction stored in the memory, according to the program instruction perform claim requirement of acquisition Method described in 11 includes the steps that.

14. a kind of terminal device, which is characterized in that the terminal device includes:

Memory, for storing program instruction；

Processor, for calling the program instruction stored in the memory, according to the program instruction perform claim requirement of acquisition Method described in 12 includes the steps that.

15. a kind of storage medium, which is characterized in that the storage medium is stored with computer executable instructions, the computer Executable instruction is used to make computer perform claim that any method of 10-12 be required to include the steps that.