CN111209598A - Method for generating network mapping certificate based on electronic identity certificate entity card - Google Patents
Method for generating network mapping certificate based on electronic identity certificate entity card Download PDFInfo
- Publication number
- CN111209598A CN111209598A CN201911352906.9A CN201911352906A CN111209598A CN 111209598 A CN111209598 A CN 111209598A CN 201911352906 A CN201911352906 A CN 201911352906A CN 111209598 A CN111209598 A CN 111209598A
- Authority
- CN
- China
- Prior art keywords
- certificate
- network mapping
- information
- network
- electronic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013507 mapping Methods 0.000 title claims abstract description 122
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000009466 transformation Effects 0.000 claims abstract description 20
- 230000002427 irreversible effect Effects 0.000 claims abstract description 5
- 230000007246 mechanism Effects 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 8
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 239000008280 blood Substances 0.000 claims description 4
- 210000004369 blood Anatomy 0.000 claims description 4
- 210000000554 iris Anatomy 0.000 claims description 4
- 238000004519 manufacturing process Methods 0.000 claims description 3
- 230000001131 transforming effect Effects 0.000 claims description 3
- 238000012098 association analyses Methods 0.000 abstract description 2
- 238000007726 management method Methods 0.000 description 16
- 230000008520 organization Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 241000208467 Macadamia Species 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 241000283690 Bos taurus Species 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000013503 de-identification Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000037308 hair color Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- Tourism & Hospitality (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Strategic Management (AREA)
- Human Resources & Organizations (AREA)
- Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Data Mining & Analysis (AREA)
- General Business, Economics & Management (AREA)
- Software Systems (AREA)
- Marketing (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Medical Informatics (AREA)
- Development Economics (AREA)
- Educational Administration (AREA)
- Primary Health Care (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method for generating a network mapping certificate based on an electronic identity certificate entity card. The network mapping certificate adopts personal basic information, biological characteristic information, certificate anti-counterfeiting information, additional element information and digital signatures which are generated through irreversible mapping transformation, and the network mapping certificate is an electronic second-generation identity card, an electronic passport, an electronic harbor Authoria passerby, a transformer cell card, a foreigner permanent residence identity card and a harbor Authoria resident residence card; the personal basic information includes name, gender, address, date of birth and certificate number. The digital signature comprises signature data, and the signature data is the signature data which is attached to the electronic file of the network mapping certificate and issued together. The invention is safe, reliable, economical and feasible, meets the application requirements of the Internet, solves the problem of network legal identity management faced by China at present, and reduces the risk of personal portrait through big data association analysis.
Description
Technical Field
The invention relates to the technical field of identity document management, in particular to a method for generating a network mapping document based on an entity card of an electronic identity document.
Background
In the prior art, the government of China issues legal identity documents such as identity cards, passports and the like according to qualification or power given or granted by law so as to realize reliable identity management at the legal level, and plays a great role in guaranteeing the rights and interests of citizens, maintaining social order and guaranteeing national safety for a long time. With the rapid development of internet technology, the real society extends to the depth of network space, and the network society becomes an important part of the real society. The internet brings the world-wide change to the life of people, and simultaneously obviously changes the behavior modes of people, such as behaviors and services of mail receiving and sending, social contact, shopping and bank transaction which are only generated in the real society before, and the behaviors and services rapidly appear and develop in the network space. In many areas, network services are emerging to surpass, replace, and even subvert traditional services. Meanwhile, due to the lack of effective legal identity management measures, network illegal crimes are frequent, the equity of citizens, social stability and national security are seriously threatened, and the research and establishment of a uniform and standardized network legal identity management method are imperative. To solve the problem of network legal identity management, various featured techniques and methods are gradually developed in the industry, including the following solutions.
1. The electronic legal identity document is provided with a personal digital certificate function. The technical scheme firstly requires that the electronic legal identity document has the capability of carrying the personal digital certificate, and secondly, the issuing authority issues the personal digital certificate bound with the electronic legal identity document while issuing the electronic legal identity document to the document bearer. Currently, most electronic identity cards issued by eu countries use this solution. Under the on-site inspection mode, the licensee proves the legal identity of the licensee by showing the electronic legal identity document; under the network checking mode, the licensee proves the legal identity of the licensee in a remote online mode by showing the personal digital certificate carried by the electronic legal identity document, and has the equivalent legal efficacy of a field checking mode, thereby not only solving the problem of offline identity authentication, but also solving the problem of online legal identity authentication, and theoretically, the method is a relatively perfect and perfect technical route. For the country which directly issues the electronic legal identity document carrying the personal digital certificate, the problem of online and offline identity management is solved at one time. However, more than 14 hundred million second-generation identity cards which are not upgraded or modified recently are issued in China, electronic legal certificates which are issued according to the international civil aviation organization technical specification and are not provided with personal digital certificates, such as electronic passports, electronic hometown returning certificates and electronic standing certificates, and permanent residence identity cards of foreigners and harbor and Australian station resident certificates issued in the last two years, the solution adopted in China at the present stage is firstly necessary to upgrade and modify the resident identity cards, the electronic passports, the electronic hometown returning certificates, the electronic standing certificates, the permanent residence identity cards of foreigners and the harbor station resident certificates, and is obviously unrealistic.
2. The electronic legal identity card is additionally issued with a personal digital certificate, the technical scheme does not require the electronic legal identity card to have the capability of carrying the personal digital certificate, but carries the personal digital certificate on other hardware media of a USBKey, a mobile phone and a bank card, and the issuing authority can be a government authority for issuing the electronic legal identity card, such as a third party commercial organization of an electronic authentication service provider specified in the electronic signature method of the people's republic of China. The biggest defect is that because the personal digital certificate and the electronic legal certificate are mutually independent, the citizen needs to use different identity certificates aiming at different identity checking scenes, which not only brings inconvenience to the citizen, but also more importantly, like the situation that 13 hundred million people are basically realized by using huge administrative resources, financial resources and material resources in the past 10 years of China, the person takes one second-generation identity card, if the person uses national strength again to sign and issue the personal digital certificate for the whole citizen, the method is not feasible basically, if the person signs and issues the personal digital certificate by means of commercial institutions, not only the economic investment is huge, but also the popularization time is years or even decades, and meanwhile, the legal effectiveness and the authority of the method cannot be compared with the legal identity certificate.
3. From 25/5 in 2018, the General Data Protection Regulation (GDPR) in the european union starts to be enforced. The specification strengthens the protection of personal information and increases the punishment for data leakage; on the 5 th and 1 st in 2018, the personal information security standard of the GB/T35273 and 2017 information security technology begins to be implemented, and after the personal information is definitely collected, a personal information controller should immediately perform de-identification processing; the network security law of China starts to be implemented in 6 months and 1 day in 2018, and law enforcement punishment tickets are issued to Internet companies by at least five provinces since the implementation; internet personal information security protection guide (survey of comments), which is referred to as social survey comments; and 8, 10 and 1 in 2019, formal implementation of the personal information network protection regulations for children. The personal information security of the network space is improved at a high position in China and abroad, and the identity management of the network space is the basis for improving the management of the network space.
4. Under the condition of no unified, standard and mature network legal identity management solution, various merchants explore various network identity authentication means and methods for implementing the national network real-name policy. In the early days, the user is required to actively input the information of the identity card number and the name, and the user inputs what the system accepts, so that the authenticity of the information of the identity card number and the name input by the user is found to be difficult to ensure, for example, a cattle can use the name of a "Qingfeng steamed stuffed bun" to rob a train ticket as a typical example. Later, the authentication method was upgraded, one of which means is to submit the identification number and name inputted by the user to the third-party organization of the national citizen identification number inquiry service center system to verify the personal identification information submitted by the network user, and the third-party organization has the user information and the information matching passes the authentication. The mode adopts the mode of information comparison information for verification, can identify the identity information which is falsely compiled, but cannot identify the falsely used real identity information. The reason is that the ID card number and other personal information are separated from the carrier of the ID card, and the ID card is only a string of characters, and the third-party checking system can only solve the problem that the personal information is not existed in the system, but the problem of real name, namely real person cannot be solved. Later, user authentication measures were further improved, and users were required to provide bank card numbers, telephone numbers, and even pictures of personal identification cards to further authenticate themselves. These auxiliary means really play a certain degree of reinforcement to the implementation of real-name system, but the authentication effect is gradually offset with the continuous upgrade of identity fraud means, and then the cost of identity authentication is continuously pushed up and the user experience is sharply reduced. The fundamental reason for such a result is that these auxiliary authentication means are not based on strict rules and procedures of electronics, and solve formal authentication, which cannot achieve the effectiveness of authenticating identity through legal certificates in real life. Moreover, leakage of personal information data is brought, the personal information data face security problems such as embezzlement, abuse and leakage, security threats are increased continuously, the aspects of personal privacy, property security and the like are concerned, and national and social security is also influenced. According to ' the investigation report 2016 for protecting the equity of the Chinese netizens ' issued by the China Internet Association ', the economic loss of 6.88 hundred million netizens in China in recent one year can be estimated to 915 million yuan due to junk short messages, fraud information, personal information leakage and the like.
Chinese patent CN1339894A provides an identity certificate and a method for making the same, wherein in the process of making the identity certificate, a certificate issuing authority first constructs a first information packet, and the first information packet includes identity information and biological information; then selecting an asymmetric key algorithm, and carrying out digital cipher encryption on the first information packet by using a private key to generate a second information packet; and finally, storing the second information packet generated by the confidentiality into a medium to prepare an identity certificate, but the problem that the falsely compiled identity information can be identified and the falsely used real identity information cannot be identified cannot be solved.
Disclosure of Invention
In order to overcome the defects, the invention provides a method for generating a network mapping certificate based on an entity card of an electronic identity certificate.
The method comprises the following steps:
step 1, extracting the information carried by the certificate, namely the information recorded on the entity certificate of the legal electronic identity certificate:
step 1.1, dividing the information recorded on the entity card of the legal electronic identity document into personal basic information based on name, gender, birth date and document number;
step 1.2, taking photos, fingerprint images, voiceprints, irises, blood types and DNA information as basic biological characteristic information and taking physical anti-counterfeiting and digital anti-counterfeiting as basic certificate anti-counterfeiting characteristic information;
and step 1.3, extracting necessary content from information recorded by the entity card of the legal identity document, wherein the card-carried information comprises information directly obtained by reading the electronic legal identity document and information obtained by a manufacturing and issuing database of the electronic legal identity document.
Step 2, mapping transformation: and (3) mapping and transforming the certificate information extracted in the step (1) to form element data stored in the network mapping certificate, and making and issuing the network mapping certificate.
Step 3, signature:
step 3.1, attaching the element data stored in the mapped certificate in the step 2 to the serial number, the validity period, the issuer, the holder and other related information of the mapped certificate;
and 3.2, network mapping certificate signing digital certificate signing by using the network mapping certificate signing and issuing mechanism to finish network mapping certificate signing and issuing.
Step 4, issuing a network mapping certificate revocation list:
step 4.1, when entity certificates bound by the network mapping certificates in an associated mode fail due to logout, loss report and the like, the network mapping certificate issuing mechanism issues a revocation list at the first time;
step 4.2, synchronously invalidating the network mapping certificate corresponding to the invalidated entity certificate;
in step 4, a certificate revocation list is mapped through a network, a certificate signing digital certificate signature is mapped through a network mapping certificate signing and issuing mechanism and is updated regularly, when entity certificates are invalid, emergency updating is carried out, the validity period of the network mapping certificates does not exceed the validity period of corresponding entity certificates, when the entity certificates are expired naturally, the network mapping certificates are expired naturally, and the invalidation is not confirmed through the signing and issuing revocation list.
Step 5, issuing a digital signature certificate, a network mapping certificate and a network mapping certificate revocation list:
step 5.1, the network mapping certificate signing digital certificate, the network mapping certificate and the network mapping certificate revocation list are applied to a network mapping certificate verification mechanism to verify the network mapping certificate;
step 5.2, the network mapping certificate issuing mechanism issues in real time towards the network mapping certificate verification mechanism or the subsystem;
step 5.3, mapping transformation is carried out to mathematical transformation or password transformation, the signed data is attached to the electronic document of the network mapping certificate and issued together, and is used for ensuring the authenticity and integrity of the network mapping certificate,
step 5.4, the element data stored in the network mapping certificate is the certificate carrying information of the legal identity certificate; mapping conversion is irreversible conversion, and the original text of the information can not be reversely pushed through the element data;
step 5.5, setting personal information and privacy for protecting the holder when the element data are published; the element data supports remote online security authentication through a network;
step 5.6, the network remote online security authentication process comprises a bypass attack resisting method, a man-in-the-middle attack resisting method, a replay attack resisting method and an eavesdropping preventing method;
in step 5, the network mapping certificate holder can download the network mapping certificate of the holder and actively present the network mapping certificate in the authentication process.
Compared with the prior art, the method has the advantages that:
1. the method of the invention provides a network space legal identity management scheme which is safe, reliable, economical and easy, meets the application requirement of the Internet and accords with the Chinese situation on the basis of the existing electronic legal identity certificate and related database resources, and the like, solves the problem of network legal identity management currently faced by China, and reduces the risk of personal portrait through big data association analysis.
2. A network legal identity management system taking electronic legal identity document network mapping documents as a core is established, a legal identity management system corresponding to the real society is established in a network space, and a mode and a process for using the legal identity documents to prove identities in real life are transplanted to the network space, so that the legal effectiveness of the legal identity documents in the real society is exerted, and the problem of network space legal identity management is solved.
3. The invention solves the technical problem that the electronic legal identity document without carrying the personal digital certificate can not be directly applied to the network legal identity management; compared with the existing network identity authentication mode which depends on the form and color derived from the population information base, the invention does not stay at the aspect of form comparison of personal information any more, really solves the problem of legal identity authentication of real name and real person, and effectively avoids the problems of subjective and non-subjective errors caused by human factors; the system architecture which is the same as the legal identity management system in the real society is maintained, two key points of the legal identity certificate for proving the authenticity and effectiveness of legal identity certificates of a certifier and the identity of the certificates are maintained, the integrated application of electronic legal identity certificates such as second-generation certificates and the like on the internet and the internet is realized by means of a network mapping certificate technology, the universality of laws, regulations and administrative regulations of the identity certificate law of residents in the people's republic of China is strengthened, the existing general cognition and habits of the public are met, and the system architecture is easy to accept and popularize;
4. the invention participates in mapping transformation or mathematical transformation according to the fingerprint information of the mapping certificate carrier and the attribute of the industry identification, so that the mapping certificate and the identity identification of the same holder are distinguished in different carriers and different industries, and the risk of portraying people by big data correlation analysis is avoided.
Drawings
FIG. 1 is a schematic diagram of the issuance and management of network mapped credentials for the method of the present invention;
FIG. 2 is a schematic diagram of a verification logic relationship of a network mapping certificate according to the method of the present invention.
Detailed Description
The method comprises the following steps:
step 1, extracting the information carried by the certificate, namely the information recorded on the entity certificate of the legal electronic identity certificate:
step 1.1, dividing the information recorded on the entity card of the legal electronic identity document into personal basic information based on name, gender, birth date and document number;
step 1.2, taking photos, fingerprint images, voiceprints, irises, blood types and DNA information as basic biological characteristic information and taking physical anti-counterfeiting and digital anti-counterfeiting as basic certificate anti-counterfeiting characteristic information;
and step 1.3, extracting necessary content from information recorded by the entity card of the legal identity document, wherein the card-carried information comprises information directly obtained by reading the electronic legal identity document and information obtained by a manufacturing and issuing database of the electronic legal identity document.
Step 2, mapping transformation: and (3) mapping and transforming the certificate information extracted in the step (1) to form element data stored in the network mapping certificate, and making and issuing the network mapping certificate.
Step 3, signature:
step 3.1, attaching the element data stored in the mapped certificate in the step 2 to the serial number, the validity period, the issuer, the holder and other related information of the mapped certificate;
and 3.2, network mapping certificate signing digital certificate signing by using the network mapping certificate signing and issuing mechanism to finish network mapping certificate signing and issuing.
Step 4, issuing a network mapping certificate revocation list:
step 4.1, when entity certificates bound by the network mapping certificates in an associated mode fail due to logout, loss report and the like, the network mapping certificate issuing mechanism issues a revocation list at the first time;
and 4.2, synchronously invalidating the network mapping certificate corresponding to the invalidated entity certificate.
In step 4, a certificate revocation list is mapped through a network, a certificate signing digital certificate signature is mapped through a network mapping certificate signing and issuing mechanism and is updated regularly, when entity certificates are invalid, emergency updating is carried out, the validity period of the network mapping certificates does not exceed the validity period of corresponding entity certificates, when the entity certificates are expired naturally, the network mapping certificates are expired naturally, and the invalidation is not confirmed through the signing and issuing revocation list.
Step 5, issuing a digital signature certificate, a network mapping certificate and a network mapping certificate revocation list:
step 5.1, the network mapping certificate signing digital certificate, the network mapping certificate and the network mapping certificate revocation list are applied to a network mapping certificate verification mechanism to verify the network mapping certificate;
step 5.2, the network mapping certificate issuing mechanism issues in real time towards the network mapping certificate verification mechanism or the subsystem;
step 5.3, mapping transformation is carried out to mathematical transformation or password transformation, the signed data is attached to the electronic document of the network mapping certificate and issued together, and is used for ensuring the authenticity and integrity of the network mapping certificate,
step 5.4, the element data stored in the network mapping certificate is the certificate carrying information of the legal identity certificate; mapping conversion is irreversible conversion, and the original text of the information can not be reversely pushed through the element data;
step 5.5, setting personal information and privacy for protecting the holder when the element data are published; the element data supports remote online security authentication through a network;
and 5.6, the network remote online security authentication process comprises a bypass attack resisting method, a man-in-the-middle attack resisting method, a replay attack resisting method and an eavesdropping preventing method.
In step 5, the network mapping certificate holder can download the network mapping certificate of the holder and actively present the network mapping certificate in the authentication process.
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. As shown in fig. 1 and fig. 2, the network mapping certificate of the method of the present invention employs the personal basic information, the biometric information, the certificate anti-counterfeiting information, the additional element information and the digital signature generated by the irreversible mapping transformation, and the network mapping certificate is an electronic second-generation identity card, an electronic passport, an electronic harbor and macadamia pass, a transformer cell card, a foreigner permanent residence identity card and a harbor and macadamia resident residence card; the personal basic information includes name, gender, address, date of birth and certificate number. The biometric information includes invariant information including photo, skin color, fingerprint image, voice print, iris, blood type and DNA information, and variable information including age, height, weight, hair color and hair style. The certificate anti-counterfeiting information comprises physical anti-counterfeiting information and digital anti-counterfeiting information. The additional element information includes mapped certificate serial number, expiration date, issuer and holder information. The digital signature comprises signature data, the signature data is the signature data which is attached to the electronic file of the network mapping certificate and issued together, the mapping transformation comprises mathematical transformation or password transformation, and the mathematical transformation comprises digital anti-counterfeiting characteristic information of the personalized key correlation factor. The network mapping certificate comprises a network mapping certificate revocation list, wherein the network mapping certificate revocation list is used for issuing a revocation list at the first time, and network mapping certificate information corresponding to failed entity certificate information is synchronously failed.
The present invention is not limited to the above-described embodiments, and any variations, modifications, and substitutions which may occur to those skilled in the art may be made without departing from the spirit of the invention.
Claims (5)
1. A method for generating a network mapping certificate based on an electronic identity certificate entity card is characterized by comprising the following steps:
step 1, extracting information recorded on a legal electronic identity document entity card as certificate-carried information;
step 2, mapping transformation: mapping and transforming the certificate information extracted in the step 1 to form element data stored in the network mapping certificate, and making and issuing the network mapping certificate;
step 3, signature;
step 4, signing and issuing a network mapping certificate revocation list;
and 5, issuing the signed digital certificate, the network mapping certificate and a network mapping certificate revocation list.
2. The method for generating the network mapping document based on the entity card of the electronic identity document as claimed in claim 1, wherein the step 1 comprises the following steps:
step 1.1, dividing the information recorded on the entity card of the legal electronic identity document into personal basic information based on name, gender, birth date and document number;
step 1.2, taking photos, fingerprint images, voiceprints, irises, blood types and DNA information as basic biological characteristic information and taking physical anti-counterfeiting and digital anti-counterfeiting as basic certificate anti-counterfeiting characteristic information;
and step 1.3, extracting necessary content from information recorded by the entity card of the legal identity document, wherein the card-carried information comprises information directly obtained by reading the electronic legal identity document and information obtained by a manufacturing and issuing database of the electronic legal identity document.
3. The method for generating the network mapping document based on the entity card of the electronic identity document as claimed in claim 1, wherein the step 3 comprises the following steps:
step 3.1, attaching the element data stored in the mapped certificate in the step 2 to the serial number, the validity period, the issuer, the holder and other related information of the mapped certificate;
and 3.2, network mapping certificate signing digital certificate signing by using the network mapping certificate signing and issuing mechanism to finish network mapping certificate signing and issuing.
4. The method for generating the network mapping document based on the entity card of the electronic identity document as claimed in claim 1, wherein the step 4 comprises the following steps:
step 4.1, when entity certificates bound by the network mapping certificates in an associated mode fail due to logout, loss report and the like, the network mapping certificate issuing mechanism issues a revocation list at the first time;
step 4.2, synchronously invalidating the network mapping certificate corresponding to the invalidated entity certificate;
the method comprises the steps of network mapping certificate revocation list, using a network mapping certificate signing authority to network map certificate signing digital certificate signatures and regularly update, carrying out emergency update when entity certificates are invalid, wherein the validity period of the network mapping certificates does not exceed the validity period of corresponding entity certificates, and when the entity certificates are naturally expired, the network mapping certificates are naturally expired without confirming the invalidation through signing the revocation list.
5. The method for generating the network mapped document based on the entity card of the electronic identity document as claimed in claim 1, wherein said step 5 comprises the steps of:
step 5.1, the network mapping certificate signing digital certificate, the network mapping certificate and the network mapping certificate revocation list are applied to a network mapping certificate verification mechanism to verify the network mapping certificate;
step 5.2, the network mapping certificate issuing mechanism issues in real time towards the network mapping certificate verification mechanism or the subsystem;
step 5.3, mapping transformation is carried out to mathematical transformation or password transformation, the signed data is attached to the electronic document of the network mapping certificate and issued together, and is used for ensuring the authenticity and integrity of the network mapping certificate,
step 5.4, the element data stored in the network mapping certificate is the certificate carrying information of the legal identity certificate; mapping conversion is irreversible conversion, and the original text of the information can not be reversely pushed through the element data;
step 5.5, setting personal information and privacy for protecting the holder when the element data are published; the element data supports remote online security authentication through a network;
step 5.6, the network remote online security authentication process comprises a bypass attack resisting method, a man-in-the-middle attack resisting method, a replay attack resisting method and an eavesdropping preventing method;
the network mapping certificate holder can download the network mapping certificate of the holder and actively show the network mapping certificate in the authentication process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911352906.9A CN111209598A (en) | 2019-12-25 | 2019-12-25 | Method for generating network mapping certificate based on electronic identity certificate entity card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911352906.9A CN111209598A (en) | 2019-12-25 | 2019-12-25 | Method for generating network mapping certificate based on electronic identity certificate entity card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111209598A true CN111209598A (en) | 2020-05-29 |
Family
ID=70786304
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911352906.9A Pending CN111209598A (en) | 2019-12-25 | 2019-12-25 | Method for generating network mapping certificate based on electronic identity certificate entity card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111209598A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1339894A (en) * | 2000-08-24 | 2002-03-13 | 杭州中正生物认证技术有限公司 | Identification certificate and its making method |
| CN105162606A (en) * | 2015-09-28 | 2015-12-16 | 公安部第一研究所 | Method for generating network mapping document based on entity document of electronic legal identity document |
| CN105184725A (en) * | 2015-09-28 | 2015-12-23 | 公安部第一研究所 | Network mapping document generated based on electronic legal identity document entity |
| CN105357176A (en) * | 2015-09-28 | 2016-02-24 | 公安部第一研究所 | Network legal identity management system based on electronic legal identity card network mapping certificate |
-
2019
- 2019-12-25 CN CN201911352906.9A patent/CN111209598A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1339894A (en) * | 2000-08-24 | 2002-03-13 | 杭州中正生物认证技术有限公司 | Identification certificate and its making method |
| CN105162606A (en) * | 2015-09-28 | 2015-12-16 | 公安部第一研究所 | Method for generating network mapping document based on entity document of electronic legal identity document |
| CN105184725A (en) * | 2015-09-28 | 2015-12-23 | 公安部第一研究所 | Network mapping document generated based on electronic legal identity document entity |
| CN105357176A (en) * | 2015-09-28 | 2016-02-24 | 公安部第一研究所 | Network legal identity management system based on electronic legal identity card network mapping certificate |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ghazali et al. | A graduation certificate verification model via utilization of the blockchain technology | |
| CN105357176B (en) | A kind of legal identity management system of network based on electronic legislative identity certificate network mapping certificate | |
| CN105162606B (en) | A kind of method based on electronic legislative identity certificate entity card generation network mapping certificate | |
| US20100185864A1 (en) | Multi-Dimensional Credentialing Using Veiled Certificates | |
| KR20190128309A (en) | Blcok chain-based digita id and its issuance and identification method and system | |
| CN105184725A (en) | Network mapping document generated based on electronic legal identity document entity | |
| WO2020008367A1 (en) | A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification | |
| CN101447985A (en) | Digital credentials method based on notarization information | |
| CN103310254A (en) | Secure anti-counterfeiting certificate and production method for same | |
| CN112507300A (en) | Electronic signature system based on eID and electronic signature verification method | |
| CN113781689A (en) | Access control system based on block chain | |
| KR20000049674A (en) | Method for providing and authenticating an electronic signature using a web site | |
| Salau et al. | Secure document verification system using blockchain | |
| CN113515781B (en) | Electronic insurance letter verification method and device | |
| CN111222105A (en) | Network mapping certificate issuing method | |
| CN112785410A (en) | Relying party risk adjustment indicator systems and methods | |
| Davidson | The world wants to reopen: will vaccine passes be the key? | |
| CN1321507C (en) | Soft certification anti-false method based on graphic code primary and secondary signet series information association mechanism | |
| CN111209598A (en) | Method for generating network mapping certificate based on electronic identity certificate entity card | |
| Bosworth et al. | Entities, identities, identifiers and credentials—what does it all mean? | |
| CN111209279A (en) | Method for removing identification of network mapping certificate | |
| CN101127063A (en) | Creature certificate generation system and method | |
| Yang et al. | Towards standardizing trusted evidence of identity | |
| Fathiyana et al. | An integration of national identity towards single identity number with blockchain | |
| CN111192183A (en) | Certificate network identity management method based on electronic identity certificate network mapping |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230119 Address after: No.1, capital gymnasium South Road, Haidian District, Beijing 100048 Applicant after: THE FIRST Research Institute OF MINISTRY OF PUBLIC SECURITY Applicant after: Beijing ZHONGDUN Anxin Technology Development Co.,Ltd. Address before: 1701, 17/F, Building 12, Yard 1, Shouti South Road, Haidian District, Beijing, 100048 Applicant before: Beijing ZHONGDUN Anxin Technology Development Co.,Ltd. |
|
| TA01 | Transfer of patent application right |