CN110866232B - Multiparty data service authorization platform - Google Patents
Multiparty data service authorization platform Download PDFInfo
- Publication number
- CN110866232B CN110866232B CN201911089161.1A CN201911089161A CN110866232B CN 110866232 B CN110866232 B CN 110866232B CN 201911089161 A CN201911089161 A CN 201911089161A CN 110866232 B CN110866232 B CN 110866232B
- Authority
- CN
- China
- Prior art keywords
- authentication
- module
- unknown
- checking
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a multiparty data service authorization platform, which comprises a platform delegation admittance unit, an authentication platform, an authentication monitoring unit and a database; the platform delegation admittance unit is used for locking unknown personnel, acquiring delegation matters and opening an authentication channel; the authentication platform is sequentially provided with an identity information acquisition module communicated with the authentication channel and used for acquiring the identity information of unknown personnel; the identity verification module is also provided with an identity verification module for verifying the identity verification data and the identity information provided by the unknown personnel by calling the identity verification data from the database to obtain an identity verification result; the system is also provided with a delegation confirmation module for locking the staff, the staff receives delegation matters proposed by unknown staff in combination with an identity authentication result, confirms delegation relation, generates data service authority and starts data service; the authentication monitoring unit monitors and archives the identity authentication process in real time. The beneficial effects are that: the platform system is automatically authorized, the process of handling the program does not need to be declared in multiple stages, the program flow and time are shortened, and convenience is brought to the people.
Description
Technical Field
The invention relates to the technical field of system identity authentication, in particular to a multiparty data service authorization platform.
Background
In daily life, citizens often need to obtain the data service requirements of related data parties after proving their own identities through related identity certificates or files. Such as when the citizen is not carrying or losing the associated identification document due to various factors. In this case, the citizen will first think about identity verification or issuing an identification by providing some information of himself.
Because the staff of the relevant units provide the citizen with some materials (such as an account book, an identity card, a driving license or an identity instruction of the relevant units) which can prove the identity of the citizen when the staff of the relevant units provide the identity instruction for the citizen. If the related proving material is not available, the staff cannot confirm the identity of the unknown staff, and the staff does not have the supporting and proving material, so that the common staff does not have the authority of the identity proving. When meeting this special condition, even if the staff applies to the higher level, the staff can not authorize the exploitation because of no support material, so that the citizen can not obtain the self-proof material, which is very inconvenient.
Along with the development of science and technology, in the process of handling, updating and updating the identity card, systems such as banks, china, tax, administration, public security and the like begin to collect and store face and fingerprint data of citizens so that subsequent related units can be authenticated by connecting related systems. However, in the face recognition technology, the face is changed with the increase of the age of the person, and thus authentication may not be performed in the later authentication. For fingerprint identification, since the fingerprint collection time of the Chinese citizens is only started in the second-generation second-batch identity card handling process, in the existing personal identity authentication system, most citizens still have no fingerprint data. Resulting in inconvenience for most citizens.
Based on the above-mentioned problems, the existing identity authentication system has no method capable of solving the problems, so that it is necessary to propose a solution, which not only can ensure the reliability of the support proof of the issued identity card, but also can enable the staff to indirectly obtain the office authorization, and can avoid the occupational risk of the staff. This ensures both the rationality of data usage and the legitimacy of data query enablement.
Disclosure of Invention
Aiming at the problems, the invention provides a multiparty data service authorization platform, which solves the defect that the related units cannot provide related services for some special personnel due to incapability of confirming identities at present, and the intelligent platform is cleared, so that identity confirmation is realized, a entrusting relationship is established with the staff of the related units, a service channel is automatically opened, and the occupational risk of the staff is avoided.
In order to achieve the above purpose, the invention adopts the following specific technical scheme:
a multiparty data service authorization platform has the key technology that: the system comprises a platform delegation admittance unit, an authentication platform, an authentication monitoring unit and a database; the platform delegation admittance unit is used for locking unknown personnel, acquiring delegation matters proposed by the unknown personnel, and establishing a delegation relationship to be confirmed so as to open an authentication channel entering the authentication platform; the authentication platform is sequentially provided with an identity information acquisition module, an identity verification module and a consignment confirmation module; the identity information acquisition module is communicated with the authentication channel and is used for acquiring at least one item of unknown personnel identity information; the identity verification module is used for retrieving identity authentication data from the database and verifying and checking identity information provided by unknown personnel to obtain an identity authentication result; the entrusting confirmation module is used for locking the staff, the locked staff receives the entrusting matter by the unknown staff by combining the identity authentication result, and after confirming the entrusting relation of the two, the data service authority of the corresponding staff is generated, so that the data service is started; the authentication monitoring unit is used for monitoring all data generated in the identity authentication process in real time and correspondingly archiving the real-time process data.
Through the platform, when an unknown person enters a related unit to transact related matters, the unit can provide the platform for the unknown person, the platform is used for the unknown person to put forward entrusting matters and automatically start an authentication channel, and after the related information of the unknown person is obtained, the identity authentication is carried out on the unknown person by combining with the historical data stored in the database. After identity authentication, establishing a mutual entrusting relation with any legal staff, combining the entrusting relation and entrusting affairs between the two, and automatically opening corresponding affair data authority to the corresponding staff, so that the staff transacts relevant services for unknown staff according to the entrusting affair authority and the data service authority. The whole process is realized through the platform, and the staff only plays a role in cooperation, so that the affective factors of the staff and the like are avoided, the whole evaluation and authentication process is unfair and fair, the responsibility risk of the staff is avoided, and the phenomenon of maliciously taking the internal data of related units is prevented.
The platform system data or the data inside and outside the platform system can also be data provided by an external network with legal effect, such as child birth certificate data provided by a hospital, read-out certificate data provided by a school, transaction data provided by a bank, check-in record data provided by a hotel and the like.
In the present invention, the platform may be a public security platform system, a banking platform system, an administrative organ platform system, a government organ platform system, an enterprise platform system, a homeland platform system, a tax organ platform system, etc., a medical platform system, an education and teaching platform system, etc.
For the public security platform system, the corresponding entrusted matters can be as follows: handling identity cards, opening account books and the like. For a banking platform system, the corresponding consignment can be: and (5) the operations of bank card loss reporting, sales, and the like.
Still further technical scheme is: the platform entrusting and admitting unit is provided with an unknown person locking module which is used for locking the unknown person through the human body biological characteristics and the identity information of the unknown person; the human body biological characteristics are provided with at least one characteristic, and the characteristic comprises and is not limited to fingerprints, irises, face pictures and DNA data.
By acquiring the human body biological characteristics and the identity information of the unknown person and locking the unknown person, an initial identity file of the unknown person can be established for later identity authentication.
Because the identity of the unknown person is not confirmed before the identity authentication, the human body biological characteristics of the unknown person can reduce the population range, such as iris, fingerprint, DNA data and the like are unique, and the unknown person can be locked. Wherein the human biological feature may be one or more.
The identity information comprises, but is not limited to, the past names of unknown persons, the current names, the identity card numbers, the places where the household is located, family member information and real estate information.
The identity information is used as an access point of identity authentication, so that the authentication process can be conveniently unfolded.
The delegation confirmation module is provided with a delegation locking unit which is used for issuing an authentication delegation protocol template and acquiring an authentication delegation protocol signed by a worker and an unknown person; the staff signs the authentication entrusting protocol or feeds back a confirmation entrusting signal sent by the working account to the entrusting locking unit; or to provide the delegate locking unit with the human biometric of the staff; the mode that the unknown person signs the authentication entrusting protocol is that the entrusting locking module is provided with and is not limited to the human body biological characteristics corresponding to the unknown person or provided with and is not limited to the electronic image; or provide and not limited to electronic signatures.
By adopting the scheme, the consignment confirmation module realizes that the platform establishes consignment relation according to consignment affairs of unknown personnel, the consignment relation is authenticated by the platform, the platform needs to be combined with an identity authentication result of the unknown personnel and the working identity of the working personnel to identify before consignment establishment, and after the consignment relation is established, data service authority of the relevant affairs of the working personnel for the unknown personnel is automatically generated.
Still further, the method further includes a certification module for all data generated by the delegated relationship and the data service. And the data storage is realized, the historical data is left, and the data is convenient to call after the event.
Still further technical scheme is: the database is provided with at least three proofreading modules and a proofreading authentication scoring module; the three proofreading modules are sequentially arranged and respectively: the system comprises a basic characteristic correction module, an association social relation correction module and an action track correction module; the checking module is used for acquiring identity verification data provided by unknown personnel according to the sequence, and checking the identity verification data in the database to obtain a checking result; the checking authentication scoring module is used for checking and scoring the checking results of all the checking modules; when the score of any one of the proofreading modules is larger than or equal to the preset qualified score and is checked by staff, the certification result is passed; if the scores of all the calibration modules are smaller than the qualified scores, the authentication result is not passed; the basic characteristic correction module is used for acquiring the human body biological characteristics of unknown personnel and correcting; the association social relationship checking module is used for acquiring a social figure relationship network related to unknown personnel and checking; the action track checking module is used for acquiring and checking the action track of the history which can prove the identity in the history time provided by the unknown person.
By adopting the scheme, the setting level of the checking module is sequentially set according to the information convenience degree which can be provided by unknown personnel. A problem with the internal settings of the module is that it can be adapted with the data or information provided by unknown personnel. And the score of each topic in the module is changed along with the sequence of occurrence and the time node.
Still further technical scheme is: the human body biological characteristics of the unknown personnel obtained by the basic characteristic checking module are used for comparing with the human body biological characteristics stored in the database; the social person relationship network acquired by the association social relationship checking module is used for comparing with the content of the existing track database of the platform system; the platform system is also connected with the banking system, the human resources, the social security system and the hotel check-in system, wherein the action track comprises an electronic consumption record, a work unit record, a social security payment record and a hotel check-in record; the action track checking module acquires a historical action track for comparison with an actual action track stored in the platform system.
According to the scheme, the human body biological characteristics can be provided on site by unknown personnel, the provided data are often unique, the comparison mode is simple and convenient, and the reliability of the authentication result is high. The association social relationship can be compared and checked through the household registration network library of unknown personnel, and the data for comparison is easy to call. The action track of the unknown person is often required to be combined with the external network through a platform system so as to realize cross-network calling. For the cross-network data, the system acquires the external network data by adopting page shooting, and converts the external network data into two-dimensional codes, and after the platform system acquires and identifies the two-dimensional codes, a translated network page is obtained, wherein the two-dimensional code encryption mode is encrypted by adopting an encryption mode preset by the platform system. And if the external network page is too large, the page can be divided into a plurality of pictures and then is encrypted, converted and recovered respectively. And realizing cross-network data transmission. Wherein the extranet data must be what the platform system acknowledges.
Still further technical scheme is: the identity authentication result defines a use area, a use area and a use time start-stop date corresponding to the request by the unknown person. The method and the device limit the use content and the range, effectively prevent loss or injury caused by authentication errors, and prevent unknown personnel from abusing identity authentication results because the authentication results are only limited to the association units or institutions corresponding to the platform.
Still further described, the authentication platform is further provided with an auxiliary authentication module for performing remote authentication;
if the unknown person refers to the third person when providing the association social relationship, an auxiliary authentication module of the location of the unknown person or an authentication platform used for acquiring the location of the third person at the moment and sending an auxiliary authentication request to the location of the third person; the authentication platform of the third person location authenticates the third person, and the auxiliary authentication module of the third person location feeds back auxiliary evidence to the auxiliary authentication module of the unknown person location;
the auxiliary authentication module of the unknown person location can directly receive the authentication result of the third person, thereby starting remote authentication;
and the verification authentication scoring module is used for verifying the acquired auxiliary evidence.
By adopting the scheme, the auxiliary authentication module is arranged on all authentication platforms, so that the auxiliary authentication of a third person can be transmitted outwards, and the auxiliary authentication of the third person sent by the outside can be received. When an unknown person mentions a third person, or a third person needs to be assigned to transmit a relevant auxiliary proof on an authentication platform of a specified address. Or directly receiving the third person identity authentication result, wherein the received third person identity authentication result is authenticated by a platform where the sending place is located.
Still further, the third person or unit; or be an individual.
The third person may be an entity, such as a hospital, government entity, school, etc., that may have an associated social relationship with the unknown person. May be an individual, such as a guardian, an orthotopic, or the like.
The invention has the beneficial effects that: the automatic identity authentication platform is designed by combining the platform system, the information which can be proved is provided by an unknown person, and the data is acquired from the platform system and the automatic issuing of the identity proof is realized by combining the platform system. The staff only needs to assist authentication in the whole process platform, interference proof is avoided, occupational risk is avoided, and identity proof is guaranteed to be influenced by emotion factors, so that the method is fair and reasonable. The defect that the data of the existing platform system cannot be authorized is overcome. The method is particularly suitable for cross-linkage cooperative authentication among different administrative service departments and cross-region linkage authentication among different departments of the same service unit. And establishing a delegation relationship between the unknown personnel and the working personnel after identity authentication through the platform, and starting corresponding data service authority according to the delegation relationship and the delegation event.
Drawings
FIG. 1 is a block diagram of the system architecture of the present invention;
Detailed Description
The following describes the embodiments and working principles of the present invention in further detail with reference to the drawings.
As can be seen in connection with fig. 1, a multiparty data service authorization platform includes a platform delegated admission unit, an authentication platform, an authentication monitoring unit and a database;
the platform delegation admittance unit is used for locking unknown personnel, acquiring delegation matters proposed by the unknown personnel, and establishing a delegation relationship to be confirmed so as to open an authentication channel entering the authentication platform;
in this embodiment, the platform delegated access unit is provided with an unknown person locking module, where the unknown person locking module is configured to lock the unknown person through the human body biological feature and identity information of the unknown person;
wherein the human body biological characteristics are at least provided with one characteristic, and the characteristic comprises and is not limited to fingerprints, irises, face pictures and DNA data.
As can be seen from fig. 1, in this embodiment, the authentication platform is sequentially provided with an identity information acquisition module, an identity verification module, and a delegated confirmation module.
The identity information acquisition module is communicated with the authentication channel and is used for acquiring at least one item of unknown personnel identity information;
the identity information comprises, but is not limited to, the great-use name, the current name, the identity card number, the place where the household is located, family member information and real estate information of unknown personnel.
The identity verification module is used for retrieving identity authentication data from the database and verifying and checking identity information provided by unknown personnel to obtain an identity authentication result;
the entrusting confirmation module is used for locking the staff, the locked staff receives the entrusting matter by the unknown staff by combining the identity authentication result, and after confirming the entrusting relation of the two, the data service authority of the corresponding staff is generated, so that the data service is started;
the delegation confirmation module is provided with a delegation locking unit which is used for issuing an authentication delegation protocol template and acquiring an authentication delegation protocol signed by a worker and an unknown person; the staff signs the authentication entrusting protocol or feeds back a confirmation entrusting signal sent by the working account to the entrusting locking unit; or to provide the delegate locking unit with the human biometric of the staff; the mode that the unknown person signs the authentication entrusting protocol is that the entrusting locking module is provided with and is not limited to the human body biological characteristics corresponding to the unknown person or provided with and is not limited to the electronic image; or provide and not limited to electronic signatures.
The authentication monitoring unit is used for monitoring all data generated in the identity authentication process in real time and correspondingly archiving the real-time process data.
As can be seen in connection with fig. 1, the platform further comprises a certification module for all data generated by the delegated relationship and the data service.
In this embodiment, the database is provided with at least three proofreading modules and a proofreading authentication scoring module;
the three proofreading modules are sequentially arranged and respectively: the system comprises a basic characteristic correction module, an association social relation correction module and an action track correction module; the checking module is used for acquiring identity verification data provided by unknown personnel according to the sequence, and checking the identity verification data in the database to obtain a checking result; the checking authentication scoring module is used for checking and scoring the checking results of all the checking modules; when the score of any one of the proofreading modules is larger than or equal to the preset qualified score and is checked by staff, the certification result is passed; if the scores of all the calibration modules are smaller than the qualified scores, the authentication result is not passed; the basic characteristic correction module is used for acquiring the human body biological characteristics of unknown personnel and correcting; the association social relationship checking module is used for acquiring a social figure relationship network related to unknown personnel and checking; the action track checking module is used for acquiring and checking the action track of the history which can prove the identity in the history time provided by the unknown person.
The basic characteristic checking module acquires the human body biological characteristics of unknown personnel and compares the human body biological characteristics with the human body biological characteristics stored in the database; the social person relationship network acquired by the association social relationship checking module is used for comparing with the content of the existing track database of the platform system; the platform system is also connected with the banking system, the human resources, the social security system and the hotel check-in system, wherein the action track comprises an electronic consumption record, a work unit record, a social security payment record and a hotel check-in record; the action track checking module acquires a historical action track for comparison with an actual action track stored in the platform system.
In this embodiment, the identity authentication result defines a use area, a use area, and a use time start/end date corresponding to the request by the unknown person.
In this embodiment, the authentication platform is further provided with an auxiliary authentication module, where the auxiliary authentication module is used for performing remote authentication; if the unknown person refers to the third person when providing the association social relationship, an auxiliary authentication module of the location of the unknown person or an authentication platform used for acquiring the location of the third person at the moment and sending an auxiliary authentication request to the location of the third person; the authentication platform of the third person location authenticates the third person, and the auxiliary authentication module of the third person location feeds back auxiliary evidence to the auxiliary authentication module of the unknown person location; the auxiliary authentication module of the unknown person location can directly receive the authentication result of the third person, thereby starting remote authentication; and the verification authentication scoring module is used for verifying the acquired auxiliary evidence.
As one embodiment, the third person is a unit;
as an embodiment, the third person is a person.
First embodiment: in this embodiment, the platform system is a public security platform system,
the basic characteristics of unknown personnel are: gender: a male; height 177cm; age: about 25-30 years old;
the entrusting matters of unknown personnel are as follows: and opening an identification card and handling the temporary identification card to the public security bureau B.
Description of the event: from the A ground, the riding high-speed rail goes to the B ground; all certificates and mobile phones are lost on the ground B. So that the public security bureau near B is reached to open the identification card and transact the temporary identification card.
The identity information that an unknown person can provide is: active name: wangming, identification card number: 510 and 1990 (identity card refers to individual privacy and is not disclosed).
B land public security office staff: star, alarm: 14, working account: b14.
Staff member indicates work account number B14;
in the prior art, because an unknown person can only provide a name, an identification card number, a fingerprint and a face picture, after acquiring the identification card number of the unknown person, a worker submits an application to a related person managing a database and obtains consent, the database data can be called, and after manual comparison, whether the identity of the unknown person is king or not is confirmed according to experience.
In the public security platform system, firstly, an unknown person locking module of a platform entrustment access unit locks an unknown person, and obtains fingerprints and face pictures of the unknown person, and names and ID card numbers provided by the unknown person. The unknown personnel opens an identity card to the public security bureau B and handles the temporary identity card as a delegation work, and establishes an initial file and a relationship to be delegated.
And sending the personnel fingerprint, the face picture and the name and the identity card number provided by the personnel fingerprint and the face picture to an identity information acquisition module of the authentication platform. The identity verification module automatically retrieves identity authentication data from a database and identity information provided by unknown personnel to carry out verification and check to obtain an identity authentication result, the basic characteristic verification module obtains fingerprints and face pictures of the unknown personnel, the unknown personnel and a public security system store names which are named as wangming and the identity card numbers which are 510 and 1990, and the identity card numbers are consistent with the information, so that the verification and authentication scoring module is 100 minutes and is more than 90 minutes of qualification scores, and the authentication result is passed. Unknown persons refer to wang, 510, 1990.
The consignment confirmation module is used for locking the star of the staff, and the alarm number is as follows: 14; and signing an authentication entrusting protocol, establishing entrusting relation between the king of the staff and the star of the staff, and after the staff receives the entrusting relation, automatically generating data service permission from the king to the B-place public security office for issuing the identity and handling the temporary identity by corresponding to the work account number, and starting the data service handling by the star of the staff.
The certification module stores all data generated by the entrusting relation and the data service.
In the authentication process, the authentication monitoring unit is used for monitoring the authentication flow and the authentication picture in real time and correspondingly archiving the real-time flow and the picture. The evidence storage module performs superposition preservation on the biological characteristics of the King body.
Second embodiment: the platform system is a public security platform system,
the unknown person is four persons in the same row:
the four (XYZW) unknown persons are basically characterized by:
sex X: a male; height 182cm; age: about 40-45 years old;
y sex: a female; height 166cm; age: about 40-45 years old;
z sex: a female; height 150cm; age: about 8-12 years old;
w sex: a female; height is 85cm; age: about 2-3 years old;
x Y describes the four basic cases:
x Y the relationship is couples, Z is X, Y common daughter, W is Y nephew (daughter of Y's sibling H), just speaking, and the expression is unclear. Four people travel from the place A to the place C, lose all certificates and two mobile phones at the place C, and only one mobile phone remains on the body.
X, Y, Z can provide an identification card number and a name, and the authentication modes combined with the first embodiment pass authentication.
W can only provide a name and the public security system has not saved any human biometric features of W. When the basic characteristic proofreading module is acquired, the basic characteristic proofreading module cannot pass through the basic characteristic proofreading module, and then the basic characteristic proofreading module enters the association social relation proofreading module.
When a social person relationship network related to an unknown person W is obtained, as four people of X Y Z W already have social relationships, in order to verify the identity of W, a third person, namely a brother H of Y, with the common social relationship between X Y Z and W is obtained, and an auxiliary authentication module is introduced.
According to the communication, the current location, name and identity number of the H are obtained, information of the third person H and the location of the third person H is transmitted to an authentication platform of the C place, the authentication platform of the C place sends an auxiliary authentication request to an authentication platform of the D place where the H is located, and the H is limited to carry relevant identity documents to arrive at the authentication platform of the place within the appointed time.
H provides identity cards for D staff, automatically acquires H history household registration information according to the identity information, compares the H history household registration information with the household registration information of W, Y, compares the household registration information of H, Y, W, and authenticates the correlation reflected by H, Y, W from the household registration.
In order to increase the precaution, the use and the region of the identification of W is limited. And collecting all fingerprints and faces of the W, and collecting hair or nails of the W for storage.
It should be noted that the above description is not intended to limit the invention, but rather the invention is not limited to the above examples, and that variations, modifications, additions or substitutions within the spirit and scope of the invention will be within the scope of the invention.
Claims (10)
1. A multiparty data service authorization platform, characterized by: the system comprises a platform delegation admittance unit, an authentication platform, an authentication monitoring unit and a database;
the platform delegation admittance unit is used for locking unknown personnel, acquiring delegation matters proposed by the unknown personnel, and establishing a delegation relationship to be confirmed so as to open an authentication channel entering the authentication platform;
the authentication platform is sequentially provided with an identity information acquisition module, an identity verification module and a consignment confirmation module; the identity information acquisition module is communicated with the authentication channel and is used for acquiring at least one item of unknown personnel identity information; the identity verification module is used for retrieving identity authentication data from the database and verifying and checking identity information provided by unknown personnel to obtain an identity authentication result;
the database is provided with at least three proofreading modules and a proofreading authentication scoring module;
the three proofreading modules are sequentially arranged and respectively: the system comprises a basic characteristic correction module, an association social relation correction module and an action track correction module; the checking module is used for acquiring identity verification data provided by unknown personnel according to the sequence, and checking the identity verification data in the database to obtain a checking result; the checking authentication scoring module is used for checking and scoring the checking results of all the checking modules; when the score of any one of the proofreading modules is larger than or equal to the preset qualified score and is checked by staff, the certification result is passed; if the scores of all the calibration modules are smaller than the qualified scores, the authentication result is not passed; the basic characteristic correction module is used for acquiring the human body biological characteristics of unknown personnel and correcting; the association social relationship checking module is used for acquiring a social figure relationship network related to unknown personnel and checking; the action track checking module is used for acquiring and checking the action track of the history which can prove the identity in the history time provided by the unknown person;
the entrusting confirmation module is used for locking the staff, the locked staff receives the entrusting matter by the unknown staff by combining the identity authentication result, and after confirming the entrusting relation of the two, the data service authority of the corresponding staff is generated, so that the data service is started;
the authentication monitoring unit is used for monitoring all data generated in the identity authentication process in real time and correspondingly archiving the real-time process data.
2. The multiparty data service authorization platform according to claim 1, wherein: the platform entrusting and admitting unit is provided with an unknown person locking module which is used for locking the unknown person through the human body biological characteristics and the identity information of the unknown person;
the human body biological characteristics are at least provided with one characteristic, and the characteristic comprises fingerprints, irises, face pictures and DNA data.
3. Multiparty data service authorization platform according to claim 1 or 2, characterized in that: the identity information comprises the past names, the current names, the identity card numbers, the places where the household is located, family member information and real estate information of unknown personnel.
4. The multiparty data service authorization platform according to claim 1, wherein: the delegation confirmation module is provided with a delegation locking unit which is used for issuing an authentication delegation protocol template and acquiring an authentication delegation protocol signed by a worker and an unknown person;
the staff signs the authentication entrusting protocol or feeds back a confirmation entrusting signal sent by the working account to the entrusting locking unit; or to provide the delegate locking unit with the human biometric of the staff;
the mode that the unknown person signs the authentication entrusting protocol is to provide the entrusting locking unit with the human body biological characteristics corresponding to the unknown person or provide the electronic image; or provide an electronic signature.
5. Multiparty data service authorization platform according to claim 1 or 4, characterized in that: the system also comprises a certification module which is used for the entrusting relation and all data generated by the data service.
6. Multiparty data service authorization platform according to claim 1 or 4, characterized in that: the database is provided with at least three proofreading modules and a proofreading authentication scoring module;
the three proofreading modules are sequentially arranged and respectively: the system comprises a basic characteristic correction module, an association social relation correction module and an action track correction module; the checking module is used for acquiring identity verification data provided by unknown personnel according to the sequence, and checking the identity verification data in the database to obtain a checking result;
the checking authentication scoring module is used for checking and scoring the checking results of all the checking modules;
when the score of any one of the proofreading modules is larger than or equal to the preset qualified score and is checked by staff, the certification result is passed;
if the scores of all the calibration modules are smaller than the qualified scores, the authentication result is not passed;
the basic characteristic correction module is used for acquiring the human body biological characteristics of unknown personnel and correcting;
the association social relationship checking module is used for acquiring a social figure relationship network related to unknown personnel and checking;
the action track checking module is used for acquiring and checking the action track of the history which can prove the identity in the history time provided by the unknown person.
7. The multiparty data service authorization platform according to claim 6, wherein: the human body biological characteristics of the unknown personnel obtained by the basic characteristic checking module are used for comparing with the human body biological characteristics stored in the database;
the social person relationship network acquired by the association social relationship checking module is used for comparing with the content of the existing track database of the platform system;
the platform system is also connected with the banking system, the human resources, the social security system and the hotel check-in system, wherein the action track comprises an electronic consumption record, a work unit record, a social security payment record and a hotel check-in record;
the action track checking module acquires a historical action track for comparison with an actual action track stored in the platform system.
8. The multiparty data service authorization platform according to claim 1, wherein: the identity authentication result defines a use area, a use area and a use time start-stop date corresponding to the request by the unknown person.
9. The multiparty data service authorization platform according to claim 6, wherein: the authentication platform is also provided with an auxiliary authentication module which is used for performing remote authentication;
if the unknown person refers to the third person when providing the association social relationship, an auxiliary authentication module of the location of the unknown person or an authentication platform used for acquiring the location of the third person at the moment and sending an auxiliary authentication request to the location of the third person; the authentication platform of the third person location authenticates the third person, and the auxiliary authentication module of the third person location feeds back auxiliary evidence to the auxiliary authentication module of the unknown person location;
the auxiliary authentication module of the unknown person location can directly receive the authentication result of the third person, thereby starting remote authentication;
and the verification authentication scoring module is used for verifying the acquired auxiliary evidence.
10. The multiparty data service authorization platform according to claim 9, wherein: the third person is either a unit; or be an individual.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911089161.1A CN110866232B (en) | 2019-11-08 | 2019-11-08 | Multiparty data service authorization platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911089161.1A CN110866232B (en) | 2019-11-08 | 2019-11-08 | Multiparty data service authorization platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110866232A CN110866232A (en) | 2020-03-06 |
| CN110866232B true CN110866232B (en) | 2023-05-23 |
Family
ID=69653854
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911089161.1A Active CN110866232B (en) | 2019-11-08 | 2019-11-08 | Multiparty data service authorization platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110866232B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112328995B (en) * | 2020-07-08 | 2023-04-14 | 德能森智能科技(成都)有限公司 | Social management system based on TOF image sensor verification |
| CN113452795A (en) * | 2020-07-27 | 2021-09-28 | 费希敏 | Access right setting system for associated equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125078A (en) * | 2013-04-24 | 2014-10-29 | 华为技术有限公司 | Entrusted charging method for cloud computing service and server |
| CN109905383A (en) * | 2019-02-18 | 2019-06-18 | 国家计算机网络与信息安全管理中心 | Delegable management method and device based on PMI |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9268933B2 (en) * | 2012-08-22 | 2016-02-23 | Mcafee, Inc. | Privacy broker |
| US10861009B2 (en) * | 2014-04-23 | 2020-12-08 | Minkasu, Inc. | Secure payments using a mobile wallet application |
-
2019
- 2019-11-08 CN CN201911089161.1A patent/CN110866232B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125078A (en) * | 2013-04-24 | 2014-10-29 | 华为技术有限公司 | Entrusted charging method for cloud computing service and server |
| CN109905383A (en) * | 2019-02-18 | 2019-06-18 | 国家计算机网络与信息安全管理中心 | Delegable management method and device based on PMI |
Non-Patent Citations (1)
| Title |
|---|
| 网关模式的跨域身份认证系统方案;高书强等;《微计算机信息》(第06期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110866232A (en) | 2020-03-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11348104B2 (en) | Methods and devices for acquiring and recording tracking information on blockchain | |
| US7725732B1 (en) | Object authentication system | |
| US9307028B2 (en) | Device for archiving handwritten information | |
| US7278028B1 (en) | Systems and methods for cross-hatching biometrics with other identifying data | |
| US6985887B1 (en) | Apparatus and method for authenticated multi-user personal information database | |
| US20060106605A1 (en) | Biometric record management | |
| US20060184801A1 (en) | Method for controlling fraud and enhancing security and privacy by using personal hybrid card | |
| US20100039223A1 (en) | Method and system for authenticating and validating identities based on multi-modal biometric templates and special codes in a substantially anonymous process | |
| CN108650231A (en) | Physical characteristics collecting method and system based on block chain | |
| EP3430555B1 (en) | Biometric unique combination identification system | |
| CN110866232B (en) | Multiparty data service authorization platform | |
| KR102179498B1 (en) | Method for providing smart group bankbook service based decentralized identifier and system thereof | |
| CN110297922A (en) | Information processing method, device, electronic equipment and computer readable storage medium | |
| CN105320865A (en) | Authentication method, collection device, authentication device and system, equipment cabinet and unlocking method | |
| US11615174B2 (en) | Method and a system to locally store and authenticate a data of a user | |
| CN107038509A (en) | Self-service registration-management system | |
| CN110889697A (en) | Block chain-based railway system and using method thereof | |
| CN109741800A (en) | The method for security protection of medical data intranet and extranet interaction based on block chain technology | |
| US8749347B1 (en) | Authorized custodian verification | |
| CN109327446A (en) | Identity identifying method, server, client and system | |
| US20200399929A1 (en) | Multi-party physical access controls | |
| CN107679379A (en) | A kind of Voiceprint Recognition System and recognition methods | |
| US8442277B1 (en) | Identity authentication system for controlling egress of an individual visiting a facility | |
| CN206224637U (en) | Gate inhibition's all-in-one | |
| KR101714332B1 (en) | Smart E-Health insurance card system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |