CN112100682A - Identity information protection system and method - Google Patents
Identity information protection system and method Download PDFInfo
- Publication number
- CN112100682A CN112100682A CN202011316906.6A CN202011316906A CN112100682A CN 112100682 A CN112100682 A CN 112100682A CN 202011316906 A CN202011316906 A CN 202011316906A CN 112100682 A CN112100682 A CN 112100682A
- Authority
- CN
- China
- Prior art keywords
- identity information
- information
- real
- determining
- variable virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Abstract
The embodiment of the invention discloses an identity information protection system and a method, wherein the system is deployed in a protection domain and comprises the following steps: the information acquisition equipment is deployed in the public domain and used for acquiring real identity information of users in the public domain and sending the real identity information to the information generation module; the information generation module is used for generating variable virtual identity information based on the real identity information; the control module is used for determining a service provider corresponding to the public domain and sending the variable virtual identity information to the service provider so as to instruct the service provider to provide services according to the variable virtual identity information. The embodiment of the invention can realize effective protection of the identity information so as to solve the problem of leakage of the identity information in the using process.
Description
Technical Field
The embodiment of the invention relates to the technical field of information security, in particular to an identity information protection system and method.
Background
With the development of the internet, people can use internet services every day, and when using an internet server, people need to authorize their own identity information to a service provider. Such as name, gender, address, identification number, and image. Therefore, the leakage of the user identity information is easily caused, and unnecessary negative effects are brought to the user.
Disclosure of Invention
The embodiment of the invention provides an identity information protection system and method, which can effectively protect identity information so as to solve the problem of leakage of the identity information in the using process.
In a first aspect, an embodiment of the present invention provides an identity information protection system, where the identity information protection system is deployed in a protection domain, and the system includes:
the information acquisition equipment is deployed in an open domain and used for acquiring real identity information of a user in the open domain and sending the real identity information to an information generation module;
the information generating module is used for generating variable virtual identity information based on the real identity information;
and the control module is used for determining a service provider corresponding to the public domain and sending the variable virtual identity information to the service provider so as to instruct the service provider to provide services according to the variable virtual identity information.
In a second aspect, an embodiment of the present invention further provides an identity information protection method, including:
collecting real identity information of a user in a public domain;
generating variable virtual identity information based on the real identity information;
and determining a service provider corresponding to the public domain, and sending the variable virtual identity information to the service provider so as to instruct the service provider to provide services according to the variable virtual identity information.
The technical scheme disclosed by the embodiment of the invention has the following beneficial effects:
the method comprises the steps that real identity information of a user in a public domain is collected through at least one information collection device in an identity information protection system deployed in a protection domain, and the real identity information is sent to an information generation module, so that the information generation module generates variable virtual identity information corresponding to the real identity information based on the real identity information, a service provider corresponding to the public domain is determined through a control module, and the variable virtual identity information is sent to the service provider, so that the service provider provides services according to the variable virtual identity information. Therefore, the problem that identity information is leaked in the process of using internet service by a user is solved, the real identity information of the user is effectively hidden by generating dynamic variable virtual identity information based on the real identity information, so that lawbreakers cannot acquire the real identity information of the user in ways of tracking and the like, the effect of effectively protecting the real identity information of the user is achieved, and conditions are provided for improving the safety of the identity information of the user.
Drawings
Fig. 1 is a schematic structural diagram of an identity information protection system according to an embodiment of the present invention;
fig. 2(a) is a schematic structural diagram of an identity information protection system according to a second embodiment of the present invention;
FIG. 2(b) is a diagram illustrating a table of real identity information according to a second embodiment of the present invention;
fig. 2(c) is a schematic diagram of a virtual identity information table according to a second embodiment of the present invention;
fig. 2(d) is a schematic diagram of a key information table provided in the second embodiment of the present invention;
fig. 3 is a schematic structural diagram of an identity information protection system according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an identity information protection system according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an application scenario of an identity information protection system according to a fifth embodiment of the present invention;
fig. 6 is a schematic flowchart of an identity information protection method according to a sixth embodiment of the present invention.
Detailed Description
The embodiments of the present invention will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad invention. It should be further noted that, for convenience of description, only some structures, not all structures, relating to the embodiments of the present invention are shown in the drawings.
An identity information protection system and method provided by the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
Example one
Fig. 1 is a schematic structural diagram of an identity information protection system according to an embodiment of the present invention, and the technical solution of this embodiment is applicable to a scenario in which a user hides and protects real identity information of the user when using an internet service. As shown in fig. 1, an identity information protection system 100 provided in an embodiment of the present invention is deployed in a protection domain 10, and the identity information protection system 100 includes: at least one information collection device 110, an information generation module 120, and a control module 130; wherein the content of the first and second substances,
at least one information collecting device 110 is deployed in the public domain 20, and is configured to collect real identity information of a user located in the public domain 20, and send the real identity information to the information generating module 120.
In this embodiment, the at least one information collecting device 110 may be, but is not limited to: the system comprises an identity card reader, a face gate, a passport information collector, driving information collecting equipment, a fingerprint collector and the like.
Accordingly, the true identity information of the user includes, but is not limited to: name, gender, address, identification number, image, fingerprint, etc.
In this embodiment, the protection domain is determined based on the characteristics of the identity information protection system 100, where the characteristics refer to lines or devices, such as authorized devices, on which the real identity information of the user is not leaked. The open domain 20 refers to an arbitrary area other than the protection domain 10 established based on the identity information protection system 100. Such as an optional open network environment for the domain 20, etc.
Generally, a user uses his/her own real identity information in the public domain 20, but since the public domain 20 does not protect the user identity information, the problem of identity information leakage is likely to occur during the use process. In the protection domain 10, the real identity information of the user can be protected, and the situations of identity information leakage and misuse can not occur. Therefore, in the embodiment, the information acquisition device 110 disposed in the public domain 20 in the identity information protection system 100 is used to acquire the real identity information of the user in the public domain 20, and send the acquired real identity information to the information generation module 120 in the identity information protection system 100 in real time, so that the information generation module 120 hides and protects the acquired real identity information to prevent the user identity information from being leaked in the public domain 20.
The information generating module 120 is configured to generate variable virtual identity information based on the real identity information.
The variable virtual identity information refers to the fact that the virtual identity information can be dynamically generated according to the use requirement.
Specifically, after receiving the real identity information sent by the information acquisition device 110, the information generation module 120 may generate the variable virtual identity information corresponding to the real identity information based on the real identity information according to a preset generation manner. For example, optionally, service application data corresponding to the real identity information may be determined, and then the service application data is processed to generate variable virtual identity information corresponding to the real identity information. For example, a random number may be assigned to the real identity information, and the random number may be processed to generate variable virtual identity information corresponding to the real identity information. Of course, in this embodiment, the virtual identity information corresponding to the real identity information may also be generated in other different manners, which is not limited herein.
The control module 130 is configured to determine a service provider 210 corresponding to the public domain 20, and send the variable virtual identity information to the service provider 210, so as to instruct the service provider 210 to provide services according to the variable virtual identity information.
The service provider 210 refers to a system or device that provides internet services to users. Such as a museum identity authentication system or device, or other public venue epidemic prevention surveillance systems, and so forth. Among these, internet services may be, but are not limited to: an identity authentication service, an online shopping service, a multimedia file download service, and the like, which are not particularly limited herein.
In order to enable the service provider 210 to provide services to the user, after the information generating module 120 generates the variable virtual identity information corresponding to the real identity information, the present embodiment further needs to feed back the variable virtual identity information to the service provider 210 in the public domain 20, so that the service provider 210 normally provides services to the user based on the variable virtual identity information. Since the number of the public domains is at least one, and the service providers corresponding to each public domain are different, in this embodiment, before feeding back the variable virtual identity information to the service provider of the public domain, the control module 130 needs to determine the service provider 210 corresponding to the public domain 10 where the information acquisition device 110 for acquiring the real identity information of the user is located, and then send the variable virtual identity information to the service provider 210, so that the service provider 210 provides corresponding services according to the variable virtual identity information sent by the control module 130 in the identity information protection system 100.
In this embodiment of the present invention, the control module 130 may query a preset mapping relationship according to the public domain information sent by the information generating module 120 and/or the information collecting device 110, to determine the service provider 210 corresponding to the public domain 20, or may also determine the service provider 210 of the public domain 20 corresponding to the identification information according to the identification information of the information collecting device 110, and the like, which is not limited herein.
The identification information of the information collection device 110 may refer to information having identification function, such as a number or a serial number of the information collection device 110. For example, if the identification information of the information collection device 110 is 1005, it is determined that the information collection device 110 is 1005, and the control module 130 may determine, according to 1005, that the 1005 information collection device 110 corresponds to the service provider of the open domain through table lookup or other means. The above table refers to a mapping relationship table between the identification information of the information collecting apparatus 110 and the service provider.
It should be noted that the identification information of the information collection device 110 in this embodiment may further include information such as a number or a serial number of the public domain 20 in which the information collection device 110 is located, so that the advantage of this setting may be that, based on the identification information of the information collection device, the public domain in which the information collection device is located is first determined, and then the service provider corresponding to the public domain is determined according to the public domain. For example, if the identification information of the information collecting device 110 is 12 to 002, it is determined that the information collecting device 110 belongs to the device No. 002 in the 12 th area, and the service provider in the 12 th area can be determined by table lookup or the like according to the 12 th area.
It can be understood that, in the present embodiment, the information collecting device 110 disposed in the public domain 20 collects the real identity information of the user, so as to generate the variable virtual identity information based on the real identity information of the user through the information generating module 120, and sends the variable virtual identity information to the service provider 210 corresponding to the public domain 20 through the control module 130, so that the user uses the real identity information only in the protection domain, and uses the variable virtual identity information in the public domain, thereby protecting the real identity information of the user.
According to the technical scheme provided by the embodiment of the invention, the real identity information of the user in the open domain is acquired by at least one information acquisition device in the identity information protection system deployed in the protection domain, and the real identity information is sent to the information generation module, so that the information generation module generates variable virtual identity information corresponding to the real identity information based on the real identity information, a service provider corresponding to the open domain is determined by the control module, and the variable virtual identity information is sent to the service provider, so that the service provider provides services according to the variable virtual identity information. Therefore, the problem that identity information is leaked in the process of using internet service by a user is solved, the real identity information of the user is effectively hidden by generating dynamic variable virtual identity information based on the real identity information, so that lawbreakers cannot acquire the real identity information of the user in ways of tracking and the like, the effect of effectively protecting the real identity information of the user is achieved, and conditions are provided for improving the safety of the identity information of the user.
Example two
Fig. 2(a) is a schematic structural diagram of an identity information protection system according to a second embodiment of the present invention, and on the basis of the foregoing embodiment, the present embodiment further optimizes the identity information protection system, specifically referring to fig. 2 (a).
As shown in fig. 2(a), the identity information protection system 100 includes: at least one information collection device 110, an information generation module 120, a control module 130, and a prerecording module 140; wherein the content of the first and second substances,
at least one information collecting device 110, where the information collecting device 110 is deployed in the public domain 10, and is configured to collect real identity information of a user located in the public domain 10, and send the real identity information to an information generating module 120;
the information generating module 120 is configured to generate variable virtual identity information based on the real identity information;
for example, when the information generating module 120 receives the real identity information sent by the information collecting apparatus 110, the variable virtual identity information may be generated based on the real identity information. Specifically, the information generating module 120 of this embodiment generates the variable virtual identity information based on the real identity information, and optionally may be implemented in the following manner:
in a first mode
And distributing an identity family identification for the received real identity information, encrypting the real identity information according to a preset encryption algorithm to obtain a real identity information ciphertext, and using the real identity information ciphertext as variable virtual identity information.
Mode two
Distributing identity family identification for the received real identity information, and determining service application data of the real identity information; and encrypting the service application data according to a preset encryption algorithm to obtain a service application data ciphertext, and taking the service application data ciphertext as variable virtual identity information.
Mode III
Distributing identity family identification for the received real identity information, and determining service application data of the real identity information; and encrypting the real identity information and the service application data according to a preset encryption algorithm to obtain a ciphertext, and taking the ciphertext as the variable virtual identity information.
The id family identifier may be any information capable of uniquely determining the real identity information, such as a serial number or a serial number, and is not limited herein.
In this embodiment, the preset encryption algorithm includes: symmetric encryption algorithms and asymmetric encryption algorithms. Wherein, the symmetric encryption algorithm may be, but is not limited to: data Encryption Algorithm (DEA), Advanced Encryption Standard (AES), and the like. The asymmetric encryption algorithm may be, but is not limited to: RSA algorithm, ElGamal algorithm, Rabin algorithm, elliptic encryption algorithm, and the like.
Specifically, the information generating module 120 may randomly allocate an identity family identifier to each piece of received real identity information according to an allocation policy. That is, the identity family of each real identity information has randomness and uniqueness. Further, the information generating module 120 determines the service application data of the real identity information according to the real identity information. And then, encrypting the service application data according to a preset encryption algorithm to obtain a service application data ciphertext, and taking the service application data ciphertext as virtual identity information corresponding to the real identity information.
Wherein the service application data comprises at least one of: time information, virtual identity information identification, and updating time limit and use range of the virtual identity information. The virtual identity information identifier refers to information capable of uniquely determining a virtual identity, such as a number or a serial number. Wherein the time information specifically refers to a timestamp of the receipt of the real identity information. In this embodiment, the virtual identity information identifier belongs to the record information, and the update time limit and the use range of the virtual identity information belong to the management information.
In specific implementation, when the information generating module 120 determines the service application data, the service application data may be implemented in different manners according to the data type included in the service application data. For example, the optional determination of the update time limit and the usage range of the virtual identity information in the service application data may be implemented by obtaining from a configuration file of the identity information protection system 100; for another example, the time information in the optional service application data may be determined according to the received real identity information sent by the information acquisition device 110; as another example, the virtual identity information identifier in the optional service application data may be determined by querying a virtual identity information identifier stored in a database of the identity information protection system 100.
Further, the information generating module 120 generates a key based on the random seed, and encrypts the service application data based on the key by using a preset encryption algorithm to obtain a service application data ciphertext, and uses the service application data ciphertext as the variable virtual identity information corresponding to the real identity information.
In order to facilitate the identity information protection system 100 to clearly divide which is real identity information and which is variable virtual identity information, after generating the variable virtual identity information, the present embodiment may further add a variable virtual identity type identifier to the variable virtual identity information. Therefore, whether the identity information is variable virtual identity information or real identity information can be quickly determined based on the variable virtual identity type identification. The variable virtual id type identifier may be a preset number, a letter, or the like, and is not limited herein. For example, the variable virtual identity type identifier is set to a preset value of 1, etc.
Further, in order to facilitate subsequent operations such as user identity query, the variable virtual identity information and the real identity information may be generated and stored in the embodiment after the variable virtual identity information is generated. Specifically, the identity information protection system 100 further includes: the device comprises a first storage module and a second storage module.
The first storage module is used for storing the real identity information and an identity family identifier corresponding to the real identity information;
and the second storage module is used for storing the variable virtual identity information and the identity family identification corresponding to the real identity information.
Specifically, the first storage module specifically refers to a real identity information table; the second storage module is specifically a virtual identity table, and is specifically shown in fig. 2(b) and fig. 2 (c). Also, both the real identity information table and the virtual identity information table may be located in a database of the identity information protection system 100. That is, the first storage module and the second storage module may be provided in a storage medium of the identity information protection system 100.
In another embodiment of the present invention, the identity information protection system 100 may further include: and a third storage module. The third storage module is used for storing a key for encrypting real identity information and/or service application data and an identity family identification corresponding to the real identity information. This is advantageous in that the identity information protection system 100 can decrypt the ciphertext based on the key in the third storage module to obtain the service application data plaintext and/or the real identity information. The third storage module specifically refers to a key information table, which is specifically shown in fig. 2 (d). Also, the key information table may be located in a database of the identity information protection system 100. That is, the third storage module may be provided in the storage medium of the identity information protection system 100.
And a prerecording module 140, configured to store service provider information corresponding to the public domain in advance.
Specifically, the prerecording module 140 may be based on service provider information corresponding to each public domain that is pre-stored in all public domains. That is, the prerecording module 140 stores a mapping relationship between the public domain and the service provider.
The service provider information may refer to a service provider name, a service provider code, and the like, and is not particularly limited herein.
A control module 130, configured to determine a service provider corresponding to the public domain, and send the variable virtual identity information to the service provider, so as to instruct the service provider to provide a service according to the variable virtual identity information.
Specifically, when the identity information protection system 100 includes the prerecording module 140, the control module 130 may determine a service provider corresponding to the public domain based on the prerecording module, and further send the variable virtual identity information generated by the information generating module 120 to the determined service provider, so that the service provider provides a service to the user according to the variable virtual identity information.
The technical scheme provided by the embodiment of the invention solves the problem that identity information is leaked in the process of using the Internet service by a user, and the real identity information of the user is effectively hidden by generating the dynamic variable virtual identity information based on the real identity information, so that lawbreakers cannot acquire the real identity information of the user in ways of tracking and the like, thereby playing the role of effectively protecting the real identity information of the user and providing conditions for improving the safety of the identity information of the user.
EXAMPLE III
Fig. 3 is a schematic structural diagram of an identity information protection system according to a third embodiment of the present invention, and on the basis of the third embodiment, the present embodiment further optimizes the identity information protection system, specifically as shown in fig. 3.
As shown in fig. 3, the identity information protection system 100 of this embodiment further includes: a first information determination module 150 and a monitoring module 160.
The first information determining module 150 is configured to determine, when it is determined that first real identity information sent by an information acquisition device exists in a first storage module, whether the first real identity information corresponds to first variable virtual identity information; if so, sending the first variable virtual identity information to a monitoring module; if not, the first real identity information is sent to an information generation module.
Generally, when a user uses internet service through his/her own real identity information for the first time, the identity information protection system generates a variable virtual identity information based on the user's real identity information, but in the actual application process, when the user uses the internet service again, it is still possible to use his/her own real identity information for authentication or transaction authentication, etc. Therefore, when the identity information collected by the at least one information collection device 110 may be real identity information, i.e. the first real identity information of the embodiment.
After the at least one information collecting device 110 collects the first real identity information of the user, the information collecting device 110 may send the first real identity information to the first information determining module 150, so that the first information determining module 150 determines whether the first real identity information exists in the first storage module (real identity information table) based on the first real identity information.
Specifically, when the first information determining module 150 determines that the first real identity information exists in the first storage module, which indicates that the user does not use his/her real identity information for the first time, it determines whether the first variable virtual identity information corresponding to the first real identity information exists in the second storage module (virtual identity information table). If it is determined that the first variable virtual identity information corresponding to the first real identity information exists in the second storage module, the first variable virtual identity information may also be sent to the monitoring module 160, so as to determine whether the first variable virtual identity information needs to be updated through the monitoring module 160. If it is determined that the first variable virtual identity information corresponding to the first real identity information does not exist in the second storage module, it indicates that the first real identity information needs to be sent to the information generation module 110 at this time, so that the information generation module 110 generates the first variable virtual identity information based on the first real identity information.
When the first information determining module 150 determines that the first real identity information sent by the information collecting device 110 does not exist in the first storage module, it indicates that the user corresponding to the first real identity information uses the own real identity information for the first time, and at this time, the first information determining module 150 may send the first real identity information to the information generating module 120, so that the information generating module 110 generates the first variable virtual identity information based on the first real identity information.
In a specific implementation, the determining, by the first information determining module 150, whether the first real identity information exists in the first storage module includes: matching the first real identity information with the real identity information stored in the first storage module, and determining that the first real identity information exists when the first real identity information is matched with any one of the stored real identity information; and when the first real identity information is not matched with all the stored real identity information, determining that the first real identity information does not exist.
When it is determined that the first real identity information exists in the first storage module, the first information determining module 150 may obtain the identity family identifier corresponding to the first real identity information from the first storage module; and determining whether first variable virtual identity information corresponding to the first real identity information exists in a second storage module or not according to the identity family identification.
The monitoring module 160 is configured to determine whether an update time limit of the first variable virtual identity information reaches a time threshold; if yes, the first variable virtual identity information is sent to the information generation module 120; if not, the first variable virtual identity information is returned to the service provider 210 corresponding to the public domain where the information acquisition device is located.
In this embodiment, the duration threshold refers to duration information used by the first variable virtual identity information, and the duration threshold may be set according to an actual application requirement of the identity information protection system 100, for example, the duration threshold may be set to one day, 24 hours, one week, or the like, and is not limited specifically here.
In the using process, although the problem of leakage of the real identity information of the user can be avoided by using the variable virtual identity information in the public domain 10, when a lawbreaker continuously tracks the same variable virtual identity information, the risk of leakage of the real identity information of the user may exist.
In this regard, the present embodiment is configured to set the monitoring module 160 to monitor the update time limit of the first variable virtual identity information sent by the first information determining module 150 through the monitoring module 160.
Specifically, when the update time limit of the first variable virtual identity information reaches the time threshold, it indicates that the first variable virtual identity information needs to be updated. At this time, the monitoring module 160 sends the first variable virtual identity information corresponding to the first real identity information to the information generating module 120, so that the information generating module 120 regenerates a new first variable virtual identity of the first real identity information.
Before the monitoring module 160 sends the first variable virtual identity information corresponding to the first real identity information to the information generating module 120, the method further includes: and acquiring a corresponding identity family identifier in the second storage module according to the first variable virtual identity information, and acquiring corresponding real identity information in the first storage module according to the identity family identifier, wherein the real identity information is the first real identity information.
When the update time limit of the first variable virtual identity information does not reach the time threshold, it indicates that the first variable virtual identity information can be used continuously, and at this time, the monitoring module 160 may return the first variable virtual identity information to the service provider corresponding to the public domain where the information acquisition device is located, so that the service provider provides services according to the first variable virtual identity information.
The information generating module 120 is configured to generate first variable virtual identity information according to the first real identity information, or generate new first variable virtual identity information according to the first real identity information.
Specifically, when the first real identity information sent by the first information determining module 150 is acquired, the information generating module 120 may generate the first changeable virtual identity information or the new first changeable virtual identity information in the following manner. The method specifically comprises the following steps:
first mode
And determining first service application data of the first real identity information, encrypting the first real identity information and/or the first service application data according to a preset encryption algorithm, and determining an obtained first ciphertext as the first variable virtual identity information.
The method mainly aims at the condition that the first real identity information exists in the first storage module, but the first variable virtual identity information corresponding to the first real identity information does not exist in the second storage module.
Second mode
And distributing a first identity family identifier for the first real identity information, determining second service application data of the first real identity information, encrypting the first real identity information and/or the second service application data according to a preset encryption algorithm, and determining an obtained second ciphertext as the first variable virtual identity information.
This approach is mainly directed to the case where the first real identity information is not present in the first storage module.
Third mode
And determining third service application data of the first real identity information, encrypting the first real identity information and/or the third service application data according to a preset encryption algorithm, and determining an obtained third ciphertext as new first variable virtual identity information.
The method mainly aims at the condition that the update time limit of the first variable virtual identity information corresponding to the first real identity information reaches the time length threshold value.
It should be noted that, in this embodiment, a specific implementation process of generating the first variable virtual identity information or the new first variable virtual identity information based on the first real identity information is specifically referred to in the foregoing embodiment, and details thereof are not described here.
The technical scheme provided by the embodiment of the invention is that whether first real identity information sent by information acquisition equipment exists or not is determined by a first information determining module, first variable virtual identity information of the first real identity information is obtained when the first real identity information exists, the first variable virtual identity information is sent to a monitoring module, so that the first variable virtual identity information of the monitoring module is subjected to time limit control, when the updating time limit of the first variable virtual identity information reaches a time limit threshold, the first variable virtual identity information corresponding to the first real identity information is updated by an information generating module, the purpose that the same real identity information can use different variable virtual identity information in different time periods is realized, namely, the number of variable virtual identity information corresponding to the same real identity information can be multiple, and a lawbreaker can not deduce the real identity information of a user based on continuously tracking the same variable virtual identity information, therefore, the safety of the real identity information of the user is improved.
On the basis of the above embodiment, in another implementation scenario of the embodiment of the present invention, when the user does not use the internet service for the first time, the user may perform operations such as authentication or transaction authentication using the variable virtual identity information generated based on the real identity information. At this time, when the identity information collected by the at least one information collection device 110 may be variable virtual identity information, that is, the second variable virtual identity information of the embodiment.
Specifically, the identity information protection system 100 according to the embodiment of the present invention further includes: a second information determination module 170.
The second information determining module 170 is configured to, when receiving second variable virtual identity information sent by the information acquisition device 110, determine whether the second variable virtual identity information exists in the second storage module; if yes, the second variable virtual identity information is sent to the monitoring module 160 or the information generating module 120; if not, a second variable virtual identity information verification failure message is sent to the service provider corresponding to the public domain where the information collection device 110 is located through the control module 130.
When the second variable virtual identity information exists in the second storage module, different modes can be adopted according to the current management strategy. For example, optionally, when the current management policy is to determine whether the update time limit of the second variable virtual identity information exceeds the time threshold, the second information determining module 170 sends the second variable virtual identity information to the monitoring module 160. When the current management policy is to generate new second variable virtual identity information based on the second variable virtual identity information, the second information determining module 170 sends the second variable virtual identity information to the information generating module 120.
When the second variable virtual identity information does not exist in the second storage module, the user corresponding to the second variable virtual identity information is an illegal user, and the illegal user is refused to perform any operation. Such as transaction operations and the like.
The monitoring module 160 is configured to determine whether an update time limit of the second variable virtual identity information reaches a time threshold; if yes, the second variable virtual identity information is sent to the information generation module 120; if not, returning the second variable virtual identity information to the service provider corresponding to the public domain where the information acquisition device 110 is located.
In this embodiment, the duration threshold refers to duration information used by the first variable virtual identity information, and the duration threshold may be set according to an actual application requirement of the identity information protection system 100, for example, the duration threshold may be set to one day, 24 hours, one week, or the like, and is not limited specifically here.
In the using process, although the problem of leakage of the real identity information of the user can be avoided by using the variable virtual identity information in the public domain 10, when a lawbreaker continuously tracks the same variable virtual identity information, the risk of leakage of the real identity information of the user may exist.
In this regard, the present embodiment is configured to set the monitoring module 160 to monitor the update time limit of the second variable virtual identity information sent by the second information determining module 170 through the monitoring module 160.
Specifically, when the monitoring module 160 determines that the update time limit of the second variable virtual identity information reaches the time threshold, it indicates that the second variable virtual identity information needs to be updated. At this time, the second changeable virtual identity information is sent to the information generating module 120 through the monitoring module 160, so that the information generating module 120 regenerates new second changeable virtual identity information of the second changeable virtual identity information.
When the update time limit of the second variable virtual identity information does not reach the time limit threshold, it indicates that the second variable virtual identity information can be used continuously, and at this time, the monitoring module 160 may return the second variable virtual identity information to the service provider corresponding to the public domain where the information acquisition device is located, so that the service provider provides services according to the second variable virtual identity information.
The information generating module 120 is configured to generate new second variable virtual identity information according to the second variable virtual identity information.
Specifically, the information generating module 120 determines, through the second storage module, an identity family identifier corresponding to the second variable virtual identity information; and according to the identity family identification, real identity information corresponding to the second variable virtual identity information is determined in a first storage module, fourth service application data of the real identity information and/or the real identity information are/is encrypted according to a preset encryption algorithm, and an obtained fourth ciphertext is determined as the new second variable virtual identity information. In this embodiment, the implementation process of generating new second variable virtual identity information specifically refers to the foregoing embodiment, and redundant description thereof is not repeated here.
That is to say, the identity information protection system 100 of this embodiment may further dynamically update the variable virtual identity information according to the collected variable virtual identity information, so that different variable virtual identity information can be generated for the same real identity at different time periods on the basis of meeting the requirements of the service provider, so that the variable virtual identity information has variability.
Example four
Fig. 4 is a schematic structural diagram of an identity information protection system according to a fourth embodiment of the present invention, and on the basis of the foregoing embodiment, the embodiment further optimizes the identity information protection system, as shown in fig. 4 specifically.
As shown in fig. 4, the identity information protection system 100 of this embodiment further includes: a right checking module 180 and an information inquiry module 190.
The permission checking module 180 is configured to determine whether the identity querying party has a querying permission when acquiring an identity information querying request sent by the identity querying party; if so, sending the identity information query request to an information query module, otherwise, feeding back a prompt message to the identity query party.
The information query module 190 is configured to receive an identity information query request, and perform identity query according to the identity information query request.
In this embodiment, the identity querying party may be a service provider located in the public domain, or may be a service provider located in the protection domain, which is not specifically limited herein. The service provider in the public domain can be any public place epidemic situation supervision equipment or system optionally; the service provider in the protection domain can be an epidemic prevention and control command device or system and the like.
In order to ensure the processing performance and identity information security of the identity information protection system 100, different rights are generally provided according to service providers in different regions. For example, the service provider located within the protection domain 10 may optionally be provided with the right to query for corresponding real identity information based on virtual identity information, and/or to query for corresponding virtual identity information based on real identity information. The service provider located in the public domain 20 may be provided with the authority to query a plurality of virtual identity information corresponding to the same real identity information, and the like. In addition, the embodiment can also store different permissions provided by service providers in different areas into a pre-stored permission module or a pre-stored permission table, so as to lay a foundation for subsequently determining the query permission corresponding to the identity querier.
It should be noted that, when the present embodiment provides rights for service providers in different areas, it is mainly implemented according to rules that only virtual identity information is used in the public domain, and real identity information and virtual identity information can be used in the protection domain, so as to hide the real identity information of the user in the public domain, and implement protection of the real identity information of the user.
Specifically, when the identity inquiring party needs to perform the identity inquiring operation through the identity information protection system 100, the identity information inquiring request may be sent to the identity information protection system 100, so as to analyze the identity information inquiring request through the authority verification module 180 in the identity information protection system 100, so as to obtain the information of the identity inquiring party, and determine whether the identity inquiring party has the inquiring authority. When it is determined that the identity querying party has the querying right, the identity information querying request is sent to the information querying module 190, so that the information querying module 190 performs identity querying based on the identity information querying request. And when the identity inquiry party is determined not to have the inquiry right, feeding back a prompt message to the identity inquiry party. The prompt message can be any form of message expressing that the identity inquirer has no inquiry authority. Such as text prompt messages and voice prompt messages, etc. The text prompt message may be "you have no authority to perform the query operation", and the like.
In this embodiment, the permission verification module 180 determines whether the identity querying party has a querying permission, and may query the querying permission of the identity querying party based on the identity querying party being in a pre-stored permission module or a pre-stored permission table. For example, if the identity inquirer is a service provider in the public domain, and the identity information inquiry request of the identity inquirer is: if the real identity information corresponding to the virtual identity information is queried, the permission verification module 180 determines that the querying party does not have the querying permission, and then the permission verification module 180 may return a prompt message to the identity querying party. For another example, if the identity querying party is a service provider in the protection domain, and the identity information querying request of the identity querying party is: if the real identity information corresponding to the virtual identity information is queried, the authority check module 180 determines that the querying party has the querying authority, and at this time, the identity query request may be sent to the information query module 190, so that the information query module 190 performs corresponding real identity query.
When the information query module 190 performs identity query based on the identity information query request, the identity information query request may be first analyzed to obtain at least one piece of virtual identity information or real identity information carried by the identity information query request, and then query operation is performed according to the identity information query request. Specifically, the information query module 190 performs a query operation according to the identity information query request, and is specifically configured to:
if the identity information query request comprises virtual identity information and the identity information query request is used for querying real identity information, determining an identity family identifier in a second storage module according to the virtual identity information, and determining real identity information corresponding to the virtual identity information in a first storage module according to the identity family identifier;
if the identity information query request comprises a plurality of pieces of virtual identity information and the identity information query request is used for querying whether the plurality of pieces of virtual identity information correspond to the same real identity information, determining an identity family identifier corresponding to each piece of virtual identity information in a second storage module according to each piece of virtual identity information, and determining whether all the identity family identifiers are the same; if the query result is the same as the query result, determining that the query result is true, otherwise, determining that the query result is false;
if the identity information query request comprises real identity information and the identity information query request is query virtual identity information, determining an identity family identifier in a first storage module according to the real identity information, and determining virtual identity information corresponding to the real identity information in a second storage module according to the identity family identifier.
The first storage module is a real identity information table, and the second storage module is a virtual identity information table.
Further, after the information query module 190 queries the corresponding result, the query result may be fed back to the identity querying party, so that the identity querying party performs different operations based on the query result. For example, the optional service provider located in the public domain establishes an association relationship for multiple pieces of virtual identity information corresponding to the same piece of real identity information.
According to the technical scheme provided by the embodiment of the invention, the inquiry authority of the identity inquiry party is verified through the authority verification module, so that the identity inquiry party in the public domain is ensured to obtain the real identity information of the user without authority. Therefore, the problem that identity information is leaked in the process of using the internet service by a user is solved, the real identity information of the user is hidden, the real identity information of the user is effectively protected, and conditions are provided for improving the safety of the identity information of the user.
EXAMPLE five
The identity information protection system provided by the embodiment of the invention is exemplarily described below by a specific example.
As shown in fig. 5, the identity information protection system 100 of this embodiment is applied to a public venue epidemic prevention supervision scenario, wherein a protection domain 10 is established based on the identity information protection system 100, and the protection domain 10 has a first service provider 180: epidemic situation prevention and control command equipment. The area other than the protection domain 10 is the public domain 20, and the public domain 20 corresponds to the second service provider 210: public venue epidemic situation supervision equipment. Then, when a user needs to enter a public venue corresponding to the public domain 20, the user can read the identification card information through the information collecting device 110 by placing a certificate or a feature having a unique identification function, such as a self-identification card, on the information collecting device 110 disposed in the public domain 20. Further, the information collecting apparatus 110 sends the read identification card information (real identification information) to the information generating module 120 in real time. The information generating module 120 generates variable virtual identity information according to the real identity information sent by the information collecting device 110, and sends the variable virtual identity information to the second service provider 210 through the control module 130, so that the second service provider 210 allows the user to enter the venue according to the variable virtual identity information, and stores the variable virtual identity information into the epidemic prevention supervision service.
When the first service provider 1010 determines that any user is a confirmed user, the first service provider 1010 may send the real identity information of the confirmed user to the identity information protection system 100, and generate the variable virtual identity information of the corresponding confirmed user according to the real identity information of the confirmed user through the information generation module 120. Then, the variable virtual identity information is sent to the second service provider 210 through the control module 130, so that the second service provider 210 performs tight inspection service in the epidemic prevention supervision service according to the variable virtual identity information of the diagnosed user by using the tight inspection interface, so as to obtain the variable virtual identity information of all tight users that are in close contact with the diagnosed user. Further, the variable virtual identity information of all the close contact users is sent to the information generating module 120 in the identity information protection system 100, the information generating module 120 determines the identity group identifier corresponding to the variable virtual identity information of each other user in the second storage module (virtual identity information table), then determines the real identity information corresponding to each identity group identifier in the first storage module (real identity information table) according to the identity group identifier, and then feeds back the determined real identity information of all the close contact users in close contact with the confirmed user to the first service provider 1010.
The technical scheme provided by the embodiment of the invention solves the problem that identity information is leaked in the process of using the Internet service by a user, and the real identity information of the user is effectively hidden by generating the dynamic variable virtual identity information based on the real identity information, so that lawbreakers cannot acquire the real identity information of the user in ways of tracking and the like, thereby playing the role of effectively protecting the real identity information of the user and providing conditions for improving the safety of the identity information of the user.
EXAMPLE six
Fig. 6 is a schematic flow chart of an identity information protection method according to a sixth embodiment of the present invention, where the technical solution of this embodiment is applicable to a scenario where a user hides and protects real identity information of the user when using an internet service, and the method is applied to an identity information protection system according to any embodiment of the present invention.
As shown in fig. 6, the identity information protection method provided in the embodiment of the present invention may include the following steps:
s601, at least one information acquisition device acquires real identity information of a user in the public domain.
Optionally, the real identity information located in the public domain may be collected by at least one information collecting device deployed in the public domain.
In this embodiment, the at least one information collecting device 110 may be, but is not limited to: the system comprises an identity card reader, a face gate, a passport information collector, driving information collecting equipment, a fingerprint collector and the like.
Accordingly, the true identity information of the user includes, but is not limited to: name, gender, address, identification number, image, fingerprint, etc.
S602, generating variable virtual identity information based on the real identity information.
Optionally, variable virtual identity information corresponding to the real identity information may be generated based on the real identity information according to a preset generation manner. For example, optionally, service application data corresponding to the real identity information may be determined, and then the service application data is processed to generate variable virtual identity information corresponding to the real identity information. For example, a random number may be assigned to the real identity information, and the random number may be processed to generate variable virtual identity information corresponding to the real identity information. Of course, in this embodiment, the variable virtual identity information corresponding to the real identity information may also be generated in other different manners, which is not limited herein.
S603, determining a service provider corresponding to the public domain, and sending the variable virtual identity information to the service provider to instruct the service provider to provide services according to the variable virtual identity information.
A service provider refers to a system or device that provides internet services to users. Such as a museum identity authentication system or device, or other public venue epidemic prevention surveillance systems, and so forth. Among these, internet services may be, but are not limited to: an identity authentication service, an online shopping service, a multimedia file download service, and the like, which are not particularly limited herein.
In order to enable the service provider to provide services to the user, after generating the variable virtual identity information corresponding to the real identity information, the present embodiment needs to feed back the variable virtual identity information to the service provider in the public domain, so that the service provider normally provides services to the user based on the variable virtual identity information. Since the number of the open domains is at least one, and the service providers corresponding to each open domain are different, in this embodiment, before feeding back the virtual identity information to the service provider of the open domain, it is necessary to determine the service provider corresponding to the open domain where the information acquisition device for acquiring the real identity information of the user is located, and then send the variable virtual identity information to the service provider, so that the service provider provides corresponding services according to the variable virtual identity information.
In the embodiment of the present invention, the preset mapping relationship may be queried according to the acquired public domain information to determine the service provider corresponding to the public domain, or the service provider corresponding to the public domain corresponding to the identification information may also be determined according to the identification information of the information acquisition device, and the like, which is not limited herein.
The information acquisition device identification information may refer to information having an identification function, such as a serial number or a serial number of the information acquisition device. For example, if the information collecting device identification information is 1005, it is determined that the information collecting device is 1005, and then according to 1005, it is determined that the 1005 information collecting device corresponds to the service provider of the open domain by table lookup or other means. The table refers to a mapping relation table between the information acquisition device identification information and the service provider.
It should be noted that, the identification information of the information collection device in this embodiment may further include information such as a serial number or a serial number of the public domain where the information collection device is located, so that the advantage of the setting may be based on the identification information of the information collection device, first determine the public domain where the information collection device is located, and then determine the service provider corresponding to the public domain according to the public domain. For example, if the information collecting device identification information is 12-002, it is determined that the information collecting device belongs to device No. 002 in the 12 th area, and then the service provider in the 12 th area can be determined by table lookup or the like according to the 12 th area.
It can be understood that, in the embodiment, the information acquisition device deployed in the public domain acquires the real identity information of the user, so as to generate the variable virtual identity information based on the acquired real identity information of the user, and send the variable virtual identity information to the service provider corresponding to the public domain, so that the user uses the real identity information only in the protection domain, and uses the variable virtual identity information in the public domain, thereby protecting the real identity information of the user.
As an optional implementation manner, the generating variable virtual identity information based on the real identity information includes:
distributing identity family identification for the received real identity information, encrypting the real identity information and/or service application data according to a preset encryption algorithm to obtain a ciphertext, and taking the ciphertext as variable virtual identity information;
the service application data is service information when variable virtual identity information is generated.
As an optional implementation manner, after generating the virtual identity information based on the real identity information, the method further includes:
storing the real identity information and an identity family identification corresponding to the real identity information;
and storing the variable virtual identity information and the identity family identification corresponding to the real identity information.
As an optional implementation manner, the service application data includes at least one of the following: time information, virtual identity information identification, and updating time limit and use range of the virtual identity information.
As an optional implementation manner, the method further includes:
pre-storing service provider information corresponding to the open domain;
correspondingly, the determining the service provider corresponding to the public domain includes:
and determining the service provider corresponding to the public domain from service provider information which is stored in advance and corresponds to the public domain.
As an optional implementation manner, the method further includes:
when determining that first real identity information sent by information acquisition equipment exists, determining whether the first real identity information exists corresponding to first variable virtual identity information; if yes, determining whether the updating time limit of the first variable virtual identity information reaches a time length threshold value; if the first variable virtual identity information does not exist, generating first variable virtual identity information according to the first real identity information;
if so, generating new first variable virtual identity information according to the first real identity information;
and if not, returning the first variable virtual identity information to a service provider corresponding to the public domain where the information acquisition equipment is located.
As an optional implementation manner, the method further includes:
and when determining that the first real identity information sent by the information acquisition equipment does not exist, generating first variable virtual identity information according to the first real identity information.
As an optional implementation manner, the determining whether the first real identity information exists in corresponding first changeable virtual identity information includes:
acquiring an identity family identifier corresponding to the first real identity information;
and determining whether first variable virtual identity information corresponding to the first real identity information exists in a second storage module or not according to the identity family identification.
As an optional implementation manner, the generating first variable virtual identity information according to the first real identity information includes:
determining first service application data of the first real identity information, encrypting the first real identity information and/or the first service application data according to a preset encryption algorithm, and determining an obtained first ciphertext as the first variable virtual identity information; alternatively, the first and second electrodes may be,
and distributing a first identity family identifier for the first real identity information, determining second service application data of the first real identity information, encrypting the first real identity information and/or the second service application data according to a preset encryption algorithm, and determining an obtained second ciphertext as the first variable virtual identity information.
As an optional implementation manner, the generating new first changeable virtual identity information according to the first real identity information includes:
and determining third service application data of the first real identity information, encrypting the first real identity information and/or the third service application data according to a preset encryption algorithm, and determining an obtained third ciphertext as new first variable virtual identity information.
As an optional implementation manner, the method further includes:
when second variable virtual identity information sent by information acquisition equipment is received, determining whether the second variable virtual identity information exists; if yes, determining whether the update time limit of the second variable virtual identity information reaches a time length threshold value; if the virtual identity information does not exist, a control module sends a new virtual identity information generation failure message to a service provider corresponding to the public domain where the information acquisition equipment is located;
if so, generating new second variable virtual identity information according to the second variable virtual identity information;
and if not, returning the second variable virtual identity information to a service provider corresponding to the public domain where the information acquisition equipment is located.
As an optional implementation manner, the generating new second variable virtual identity information according to the second variable virtual identity information includes:
determining an identity family identifier corresponding to the second variable virtual identity information;
and determining real identity information corresponding to the second variable virtual identity information according to the identity family identification, encrypting fourth service application data of the real identity information and/or the real identity information according to a preset encryption algorithm, and determining an obtained fourth ciphertext as the new second variable virtual identity information.
As an optional implementation manner, after determining whether the second changeable virtual identity information exists, the method further includes:
and if the information acquisition equipment does not exist, sending a new virtual identity information generation failure message to a service provider corresponding to the public domain where the information acquisition equipment is located through a control module.
As an optional implementation manner, the method further includes:
when an identity information query request sent by an identity query party is acquired, determining whether the identity query party has a query authority;
if so, carrying out identity query according to the identity information query request;
if not, a prompt message is fed back to the identity inquiry party.
As an optional implementation manner, the identity information query request includes: at least one of virtual identity information or real identity information; the identity query according to the identity information query request comprises:
if the identity information query request comprises virtual identity information and the identity information query request is used for querying real identity information, determining an identity family identifier according to the virtual identity information, and determining real identity information corresponding to the virtual identity information according to the identity family identifier;
if the identity information query request comprises a plurality of pieces of virtual identity information and the identity information query request is used for querying whether the plurality of pieces of virtual identity information correspond to the same real identity information, determining an identity family identifier corresponding to each piece of virtual identity information according to each piece of virtual identity information and determining whether all the identity family identifiers are the same; if the query result is the same as the query result, determining that the query result is true, otherwise, determining that the query result is false;
if the identity information query request comprises real identity information and the identity information query request is query virtual identity information, determining an identity family identifier according to the real identity information, and determining virtual identity information corresponding to the real identity information according to the identity family identifier.
It should be noted that the foregoing explanation of the embodiment of the identity information protection system is also applicable to the identity information protection method of the embodiment, and the implementation principle thereof is similar and will not be described herein again.
The technical scheme provided by the embodiment of the invention solves the problem that identity information is leaked in the process of using the Internet service by a user, and the real identity information of the user is effectively hidden by generating the dynamic variable virtual identity information based on the real identity information, so that lawbreakers cannot acquire the real identity information of the user in ways of tracking and the like, thereby playing the role of effectively protecting the real identity information of the user and providing conditions for improving the safety of the identity information of the user.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (27)
1. An identity information protection system deployed within a protection domain, the system comprising:
the information acquisition equipment is deployed in an open domain and used for acquiring real identity information of a user in the open domain and sending the real identity information to an information generation module;
the information generating module is used for generating variable virtual identity information based on the real identity information;
and the control module is used for determining a service provider corresponding to the public domain and sending the variable virtual identity information to the service provider so as to instruct the service provider to provide services according to the variable virtual identity information.
2. The system of claim 1, wherein the information generation module is specifically configured to:
distributing identity family identification for the received real identity information, encrypting the real identity information and/or service application data according to a preset encryption algorithm to obtain a ciphertext, and taking the ciphertext as variable virtual identity information;
the service application data is service information when variable virtual identity information is generated.
3. The system of claim 2, further comprising:
the first storage module is used for storing the real identity information and an identity family identifier corresponding to the real identity information;
and the second storage module is used for storing the variable virtual identity information and the identity family identification corresponding to the real identity information.
4. The system of claim 2, wherein the service application data comprises at least one of: time information, virtual identity information identification, and updating time limit and use range of the virtual identity information.
5. The system of any of claims 1-4, further comprising:
the prerecording module is used for prestoring the service provider information corresponding to the open domain;
correspondingly, the control module is specifically configured to determine, based on the prerecording module, a service provider corresponding to the public domain.
6. The system of claim 1, further comprising:
the first information determining module is used for determining whether first real identity information sent by information acquisition equipment exists in a first storage module or not when determining that the first real identity information exists in the first storage module; if so, sending the first variable virtual identity information to a monitoring module; if not, the first real identity information is sent to an information generation module;
the monitoring module is used for determining whether the update time limit of the first variable virtual identity information reaches a time length threshold value; if so, sending the first real identity information to the information generation module; if not, returning the first variable virtual identity information to a service provider corresponding to the public domain where the information acquisition equipment is located;
the information generating module is configured to generate first variable virtual identity information according to the first real identity information, or generate new first variable virtual identity information according to the first real identity information.
7. The system of claim 6, wherein the first information determination module is further configured to:
when determining that the first real identity information sent by the information acquisition equipment does not exist in the first storage module, sending the first real identity information to an information generation module;
the information generating module is used for generating first variable virtual identity information according to the first real identity information.
8. The system of claim 6, wherein the first information determination module is specifically configured to:
acquiring an identity family identifier corresponding to the first real identity information from a first storage module;
and determining whether first variable virtual identity information corresponding to the first real identity information exists in a second storage module or not according to the identity family identification.
9. The system according to claim 6 or 7, wherein the information generation module is specifically configured to:
determining first service application data of the first real identity information, encrypting the first real identity information and/or the first service application data according to a preset encryption algorithm, and determining an obtained first ciphertext as the first variable virtual identity information; alternatively, the first and second electrodes may be,
distributing a first identity family identifier for the first real identity information, determining second service application data of the first real identity information, encrypting the first real identity information and/or the second service application data according to a preset encryption algorithm, and determining an obtained second ciphertext as the first variable virtual identity information; alternatively, the first and second electrodes may be,
and determining third service application data of the first real identity information, encrypting the first real identity information and/or the third service application data according to a preset encryption algorithm, and determining an obtained third ciphertext as new first variable virtual identity information.
10. The system of any of claims 1-4, further comprising:
the second information determining module is used for determining whether second variable virtual identity information exists in the second storage module when the second variable virtual identity information sent by the information acquisition equipment is received; if so, sending the second variable virtual identity information to a monitoring module or an information generation module; if not, sending a second variable virtual identity information verification failure message to a service provider corresponding to the public domain where the information acquisition equipment is located through a control module;
the monitoring module is used for determining whether the update time limit of the second variable virtual identity information reaches a time threshold; if so, sending the second variable virtual identity information to the information generation module; if not, returning the second variable virtual identity information to a service provider corresponding to the public domain where the information acquisition equipment is located;
and the information generating module is used for generating new second variable virtual identity information according to the second variable virtual identity information.
11. The system of claim 10, wherein the information generation module is specifically configured to:
determining, in the second storage module, an identity family identifier corresponding to the second variable virtual identity information; and according to the identity family identification, real identity information corresponding to the second variable virtual identity information is determined in a first storage module, fourth service application data of the real identity information and/or the real identity information are/is encrypted according to a preset encryption algorithm, and an obtained fourth ciphertext is determined as the new second variable virtual identity information.
12. The system of any of claims 1-4, further comprising:
the authority checking module is used for determining whether the identity inquiry party has inquiry authority or not when acquiring an identity information inquiry request sent by the identity inquiry party; if so, sending the identity information query request to an information query module, otherwise, feeding back a prompt message to the identity query party;
and the information query module is used for receiving the identity information query request and querying the identity according to the identity information query request.
13. The system of claim 12, wherein the identity information query request comprises: at least one virtual identity information or real identity information, the information query module being specifically configured to:
if the identity information query request comprises virtual identity information and the identity information query request is used for querying real identity information, determining an identity family identifier in a second storage module according to the virtual identity information, and determining real identity information corresponding to the virtual identity information in a first storage module according to the identity family identifier;
if the identity information query request comprises a plurality of pieces of virtual identity information and the identity information query request is used for querying whether the plurality of pieces of virtual identity information correspond to the same real identity information, determining an identity family identifier corresponding to each piece of virtual identity information in a second storage module according to each piece of virtual identity information, and determining whether all the identity family identifiers are the same; if the query result is the same as the query result, determining that the query result is true, otherwise, determining that the query result is false;
if the identity information query request comprises real identity information and the identity information query request is query virtual identity information, determining an identity family identifier in a first storage module according to the real identity information, and determining virtual identity information corresponding to the real identity information in a second storage module according to the identity family identifier.
14. An identity information protection method, comprising:
at least one information acquisition device acquires real identity information of a user in a public domain;
generating variable virtual identity information based on the real identity information;
and determining a service provider corresponding to the public domain, and sending the variable virtual identity information to the service provider so as to instruct the service provider to provide services according to the variable virtual identity information.
15. The method of claim 14, wherein generating variable virtual identity information based on the real identity information comprises:
distributing identity family identification for the received real identity information, encrypting the real identity information and/or service application data according to a preset encryption algorithm to obtain a ciphertext, and taking the ciphertext as variable virtual identity information;
the service application data is service information when variable virtual identity information is generated.
16. The method of claim 15, wherein after generating the virtual identity information based on the real identity information, further comprising:
storing the real identity information and an identity family identification corresponding to the real identity information;
and storing the variable virtual identity information and the identity family identification corresponding to the real identity information.
17. The method of claim 15, wherein the service application data comprises at least one of: time information, virtual identity information identification, and updating time limit and use range of the virtual identity information.
18. The method of any one of claims 14-17, further comprising:
pre-storing service provider information corresponding to the open domain;
correspondingly, the determining the service provider corresponding to the public domain includes:
and determining the service provider corresponding to the public domain from service provider information which is stored in advance and corresponds to the public domain.
19. The method of claim 14, further comprising:
when determining that first real identity information sent by information acquisition equipment exists, determining whether the first real identity information exists corresponding to first variable virtual identity information; if yes, determining whether the updating time limit of the first variable virtual identity information reaches a time length threshold value; if the first variable virtual identity information does not exist, generating first variable virtual identity information according to the first real identity information;
if so, generating new first variable virtual identity information according to the first real identity information;
and if not, returning the first variable virtual identity information to a service provider corresponding to the public domain where the information acquisition equipment is located.
20. The method of claim 19, further comprising:
and when determining that the first real identity information sent by the information acquisition equipment does not exist, generating first variable virtual identity information according to the first real identity information.
21. The method of claim 19, wherein the determining whether the first real identity information exists corresponds to first changeable virtual identity information comprises:
acquiring an identity family identifier corresponding to the first real identity information;
and determining whether first variable virtual identity information corresponding to the first real identity information exists in a second storage module or not according to the identity family identification.
22. The method according to claim 19 or 20, wherein the generating of the first variable virtual identity information from the first real identity information comprises:
determining first service application data of the first real identity information, encrypting the first real identity information and/or the first service application data according to a preset encryption algorithm, and determining an obtained first ciphertext as the first variable virtual identity information; alternatively, the first and second electrodes may be,
and distributing a first identity family identifier for the first real identity information, determining second service application data of the first real identity information, encrypting the first real identity information and/or the second service application data according to a preset encryption algorithm, and determining an obtained second ciphertext as the first variable virtual identity information.
23. The method of claim 19, wherein generating new first changeable virtual identity information from the first real identity information comprises:
and determining third service application data of the first real identity information, encrypting the first real identity information and/or the third service application data according to a preset encryption algorithm, and determining an obtained third ciphertext as new first variable virtual identity information.
24. The method of any one of claims 14-17, further comprising:
when second variable virtual identity information sent by information acquisition equipment is received, determining whether the second variable virtual identity information exists; if yes, determining whether the update time limit of the second variable virtual identity information reaches a time length threshold value; if the virtual identity information does not exist, a control module sends a new virtual identity information generation failure message to a service provider corresponding to the public domain where the information acquisition equipment is located;
if so, generating new second variable virtual identity information according to the second variable virtual identity information;
and if not, returning the second variable virtual identity information to a service provider corresponding to the public domain where the information acquisition equipment is located.
25. The method of claim 24, wherein generating new second changeable virtual identity information according to the second changeable virtual identity information comprises:
determining an identity family identifier corresponding to the second variable virtual identity information;
and determining real identity information corresponding to the second variable virtual identity information according to the identity family identification, encrypting fourth service application data of the real identity information and/or the real identity information according to a preset encryption algorithm, and determining an obtained fourth ciphertext as the new second variable virtual identity information.
26. The method of any one of claims 14-17, further comprising:
when an identity information query request sent by an identity query party is acquired, determining whether the identity query party has a query authority;
if so, carrying out identity query according to the identity information query request;
if not, a prompt message is fed back to the identity inquiry party.
27. The method of claim 26, wherein the identity information query request comprises: at least one of virtual identity information or real identity information; the identity query according to the identity information query request comprises:
if the identity information query request comprises virtual identity information and the identity information query request is used for querying real identity information, determining an identity family identifier according to the virtual identity information, and determining real identity information corresponding to the virtual identity information according to the identity family identifier;
if the identity information query request comprises a plurality of pieces of virtual identity information and the identity information query request is used for querying whether the plurality of pieces of virtual identity information correspond to the same real identity information, determining an identity family identifier corresponding to each piece of virtual identity information according to each piece of virtual identity information and determining whether all the identity family identifiers are the same; if the query result is the same as the query result, determining that the query result is true, otherwise, determining that the query result is false;
if the identity information query request comprises real identity information and the identity information query request is query virtual identity information, determining an identity family identifier according to the real identity information, and determining virtual identity information corresponding to the real identity information according to the identity family identifier.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011316906.6A CN112100682B (en) | 2020-11-23 | 2020-11-23 | Identity information protection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011316906.6A CN112100682B (en) | 2020-11-23 | 2020-11-23 | Identity information protection system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112100682A true CN112100682A (en) | 2020-12-18 |
| CN112100682B CN112100682B (en) | 2021-02-19 |
Family
ID=73785918
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011316906.6A Active CN112100682B (en) | 2020-11-23 | 2020-11-23 | Identity information protection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112100682B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101291221A (en) * | 2007-04-16 | 2008-10-22 | 华为技术有限公司 | Privacy protecting method for identity of customer, and communication system, device |
| CN101291220A (en) * | 2007-04-16 | 2008-10-22 | 华为技术有限公司 | System, device and method for identity security authentication |
| US9582802B2 (en) * | 2005-10-07 | 2017-02-28 | Kemesa, Inc. | Identity theft and fraud protection system and method |
| CN107360571A (en) * | 2017-09-08 | 2017-11-17 | 哈尔滨工业大学深圳研究生院 | Anonymity in a mobile network is mutually authenticated and key agreement protocol |
| CN107944524A (en) * | 2016-10-13 | 2018-04-20 | 杭州悉尔科技有限公司 | A kind of method and system of virtual identity card generation |
| CN109040034A (en) * | 2018-07-19 | 2018-12-18 | 国政通科技有限公司 | Subscriber identity information processing method and processing device based on virtual information |
| CN110071809A (en) * | 2019-04-24 | 2019-07-30 | 汇智点亮科技(北京)有限公司 | Virtual and true identity and its associate management system and method, device and medium |
| KR102044008B1 (en) * | 2019-05-07 | 2019-11-12 | 옥철식 | System for identity authentication and management in the virtual reality world |
-
2020
- 2020-11-23 CN CN202011316906.6A patent/CN112100682B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9582802B2 (en) * | 2005-10-07 | 2017-02-28 | Kemesa, Inc. | Identity theft and fraud protection system and method |
| CN101291221A (en) * | 2007-04-16 | 2008-10-22 | 华为技术有限公司 | Privacy protecting method for identity of customer, and communication system, device |
| CN101291220A (en) * | 2007-04-16 | 2008-10-22 | 华为技术有限公司 | System, device and method for identity security authentication |
| CN107944524A (en) * | 2016-10-13 | 2018-04-20 | 杭州悉尔科技有限公司 | A kind of method and system of virtual identity card generation |
| CN107360571A (en) * | 2017-09-08 | 2017-11-17 | 哈尔滨工业大学深圳研究生院 | Anonymity in a mobile network is mutually authenticated and key agreement protocol |
| CN109040034A (en) * | 2018-07-19 | 2018-12-18 | 国政通科技有限公司 | Subscriber identity information processing method and processing device based on virtual information |
| CN110071809A (en) * | 2019-04-24 | 2019-07-30 | 汇智点亮科技(北京)有限公司 | Virtual and true identity and its associate management system and method, device and medium |
| KR102044008B1 (en) * | 2019-05-07 | 2019-11-12 | 옥철식 | System for identity authentication and management in the virtual reality world |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112100682B (en) | 2021-02-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10979231B2 (en) | Cross-chain authentication method, system, server, and computer-readable storage medium | |
| CN109033855B (en) | Data transmission method and device based on block chain and storage medium | |
| CN105471826B (en) | Ciphertext data query method, apparatus and cryptogram search server | |
| US7111173B1 (en) | Encryption process including a biometric unit | |
| US6801998B1 (en) | Method and apparatus for presenting anonymous group names | |
| CN108809953B (en) | Anonymous identity authentication method and device based on block chain | |
| CN103297437B (en) | A kind of method of mobile intelligent terminal secure access service device | |
| US9219722B2 (en) | Unclonable ID based chip-to-chip communication | |
| Gupta et al. | Layer-based privacy and security architecture for cloud data sharing | |
| CN110995418B (en) | Cloud storage authentication method and system, edge computing server and user router | |
| JP2004522330A (en) | Encryption of data to be stored in the information processing system | |
| CA2197206A1 (en) | System and method for key escrow and data escrow encryption | |
| CN103812651B (en) | Method of password authentication, apparatus and system | |
| US20130124870A1 (en) | Cryptographic document processing in a network | |
| CN110225017B (en) | Identity authentication method, equipment and storage medium based on alliance block chain | |
| CN109492424B (en) | Data asset management method, data asset management device, and computer-readable medium | |
| US7234060B1 (en) | Generation and use of digital signatures | |
| EP2942899B1 (en) | Information processing method, trust server and cloud server | |
| CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| JP2007334417A (en) | Distributed information sharing method and terminal equipment | |
| CN106992978A (en) | Network safety managing method and server | |
| CN112100682B (en) | Identity information protection system and method | |
| CN111698203A (en) | Cloud data encryption method | |
| CN116232773A (en) | Information release method, device, equipment and medium | |
| CN112800454B (en) | Case data processing method, related device and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |