CN114338137A - Trusted digital identity secure transmission method, system and storage medium - Google Patents
Trusted digital identity secure transmission method, system and storage medium Download PDFInfo
- Publication number
- CN114338137A CN114338137A CN202111615923.4A CN202111615923A CN114338137A CN 114338137 A CN114338137 A CN 114338137A CN 202111615923 A CN202111615923 A CN 202111615923A CN 114338137 A CN114338137 A CN 114338137A
- Authority
- CN
- China
- Prior art keywords
- digital identity
- trusted digital
- identity
- trusted
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 61
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000012795 verification Methods 0.000 claims abstract description 107
- 238000002955 isolation Methods 0.000 claims abstract description 62
- 238000012546 transfer Methods 0.000 claims abstract description 32
- 230000003287 optical effect Effects 0.000 claims description 20
- 238000004891 communication Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000008676 import Effects 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 230000001680 brushing effect Effects 0.000 description 2
- 238000000586 desensitisation Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000001788 irregular Effects 0.000 description 2
- 210000000056 organ Anatomy 0.000 description 2
- 206010070834 Sensitisation Diseases 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000008313 sensitization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Abstract
The application provides a trusted digital identity secure transfer method, a trusted digital identity secure transfer system and a storage medium. The trusted digital identity secure transmission method is applied to a trusted digital identity secure transmission system, the trusted digital identity secure transmission system comprises trusted digital identity verification equipment and trusted digital identity transmission equipment, and the method comprises the following steps: the trusted digital identity verification equipment receives user identity information from the internet trusted digital identity verification platform and acquires plaintext or ciphertext identity information according to the user identity information; the trusted digital identity verification equipment transmits plaintext or ciphertext identity information to the trusted digital identity transmission equipment through a trusted digital identity output special interface, wherein the trusted digital identity transmission equipment is provided with a network one-way security isolation facility; the trusted digital identity transmission equipment transmits the plaintext or ciphertext identity information to the security check system through the network unidirectional security isolation facility, so that the identity check result obtained by the outer network check can be used in the subsequent work flow of the inner network.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a trusted digital identity secure transmission method, a trusted digital identity secure transmission system and a storage medium.
Background
Generally, the national government and public security administration that needs to check the real identity information of the client adopts the mode of checking the second-generation identity card. The second-generation identity card belongs to an off-line carrier, identity sensitive information is stored in the identity card, and an identity card reader can only read data in the identity card but cannot output the data to the identity card, so that the second-generation identity card is used without worrying about the disclosure of an intranet system.
There are also digital, networked identity verification methods available today, if not by means of second generation certificates. However, this method can only be implemented in a private network of an organization to ensure the reliability of the verification result. Although a plurality of internet identity verification technologies of mobile terminals exist nowadays, through digital identity + biological feature (such as face brushing) recognition, more efficient and reliable identity verification can be realized compared with a pure second-generation card (the second-generation card has the problem of being falsely used by similar people).
However, the result of the identity verification through the internet is difficult to accept by a private network system, because the authenticity of the verification result cannot be determined, and the possibility of whether the result is falsified is unknown and cannot be trusted.
Disclosure of Invention
The application provides a trusted digital identity secure transfer method, a trusted digital identity secure transfer system and a storage medium. The physical isolation between the closed private network and the Internet can be realized, the real identity of the closed private network is obtained by the verification of the Internet (extranet), the identity information is checked in the closed private network (intranet), and the identity verification result obtained by the verification of the extranet can be used in the subsequent work flow of the intranet. Such as the security check counter of civil aviation airport, etc., which needs to check and verify the real identity information of the client. The method can be applied to the situation that the national mandatory organ or law which needs to check the real identity information of the verified client requires strict management.
In view of this, a first aspect of the present application provides a trusted digital identity security transfer method, where the trusted digital identity security transfer method is applied to a trusted digital identity security transfer system, where the trusted digital identity security transfer system includes a trusted digital identity verification device and a trusted digital identity transmission device, where the trusted digital identity verification device and the trusted digital identity transmission device are connected through a trusted digital identity output dedicated interface, and the method includes: the credible digital identity verification equipment receives user identity information from an internet credible digital identity verification platform and acquires plaintext or ciphertext identity information according to the user identity information; the trusted digital identity verification equipment transmits the plaintext or ciphertext identity information to the trusted digital identity transmission equipment through the trusted digital identity output special interface, wherein the trusted digital identity transmission equipment is configured with a network unidirectional security isolation facility; the trusted digital identity transmission equipment transmits the plaintext or ciphertext identity information to a security check system through the network unidirectional security isolation facility, so that an identity check result obtained through the outer network check can be used in the subsequent work flow of the inner network.
Optionally, with reference to the first aspect, in a possible implementation manner, the trusted digital identity verification apparatus includes a network communication interface, an operating system, and a network identity Card (CTID) security module, and the method further includes: the CTID security module receives the digital identity in the two-dimension code form through the network communication interface so as to identify the validity and legality of the digital identity in the two-dimension code form, thereby preventing the attack of counterfeiting and counterfeit two-dimension codes, wherein the digital identity in the two-dimension code form comprises a desensitized decryption identity of a user.
Optionally, with reference to the first aspect, in a possible implementation manner, the CTID security module specifically includes an optical code scanning component, a two-dimensional code decoding component, and a CTID trusted digital identity security chip, the user identity information includes a CTID trusted digital identity two-dimensional code image, and obtaining plaintext or ciphertext identity information according to the user identity information specifically includes: the optical code scanning component shoots a CTID credible digital identity two-dimensional code image; the two-dimensional code decoding component analyzes the two-dimensional code data from the two-dimensional code image; and the CTID trusted digital identity security chip decrypts the corresponding identity from the two-dimensional code data.
Optionally, with reference to the first aspect, in a possible implementation manner, the method further includes: and receiving the captured face image through the internet credible digital identity platform, and verifying the face image.
Optionally, with reference to the first aspect, in a possible implementation manner, the network unidirectional security isolation facility includes unidirectional optical isolation and/or usb flash disk lock isolation.
Optionally, with reference to the first aspect, in a possible implementation manner, the trusted digital identity transmission device further includes a dedicated adapter board, where the dedicated adapter board is configured to adapt a data packet received through the trusted digital identity output dedicated interface, and send the adapted data packet to the network unidirectional security isolation facility.
Optionally, with reference to the first aspect, in a possible implementation manner, the dedicated adapter board is further configured to check reliability of the data packet, splice a complete data file according to the data packet, and store the data file in a file sending directory of the unidirectional network security isolation facility.
Optionally, with reference to the first aspect, in a possible implementation manner, the transmitting, by the trusted digital identity transmission device, the plaintext or ciphertext identity information to the network identity card security check system through the network unidirectional security isolation facility specifically includes: and transmitting the plaintext or ciphertext identity information to the security check system through an intranet interface.
The second aspect of the present application provides a trusted digital identity security delivery system, which is characterized in that the trusted digital identity security delivery system includes a trusted digital identity verification device and a trusted digital identity transmission device, wherein the trusted digital identity verification device is connected to the trusted digital identity transmission device through a trusted digital identity output dedicated interface, and the trusted digital identity verification device is configured to receive user identity information from an internet trusted digital identity verification platform and obtain plaintext or ciphertext identity information according to the user identity information; the trusted digital identity verification device is used for transmitting the plaintext or ciphertext identity information to the trusted digital identity transmission device through the trusted digital identity output dedicated interface, wherein the trusted digital identity transmission device is configured with a network unidirectional security isolation facility; and the trusted digital identity transmission equipment is used for transmitting the plaintext or ciphertext identity information to a security check system through the network unidirectional security isolation facility so as to perform identity verification.
A third aspect of the present application provides a computer-readable storage medium having stored thereon a computer program comprising program instructions which, when executed by a processor, cause the processor to perform a method of trusted digital identity secure transfer as described in any one of the first to the first aspects of the present application.
The application provides a trusted digital identity secure transfer method, a trusted digital identity secure transfer system and a storage medium. The trusted digital identity security transfer method is applied to a trusted digital identity security transfer system, the trusted digital identity security transfer system comprises trusted digital identity verification equipment and trusted digital identity transmission equipment, wherein the trusted digital identity verification equipment is connected with the trusted digital identity transmission equipment through a trusted digital identity output special interface, and the method comprises the following steps: the credible digital identity verification equipment receives user identity information from an internet credible digital identity verification platform and acquires plaintext or ciphertext identity information according to the user identity information; the trusted digital identity verification equipment transmits the plaintext or ciphertext identity information to the trusted digital identity transmission equipment through the trusted digital identity output special interface, wherein the trusted digital identity transmission equipment is configured with a network unidirectional security isolation facility; the trusted digital identity transmission equipment transmits the plaintext or ciphertext identity information to a security check system through the network unidirectional security isolation facility, so that an identity check result obtained through the outer network check can be used in the subsequent work flow of the inner network.
The closed private network intranet has to be physically isolated from the internet according to the information security requirement, if a data channel exists between the closed private network intranet and the internet verification equipment, a port for receiving a verification result is maliciously attacked or utilized, and if sensitive information of the private network is leaked outwards through the port, the subsequent result is hard to imagine. Therefore, the credible digital identity safe transmission method provided by the application can realize the physical isolation of the closed private network and the Internet, the real identity of the credible digital identity safe transmission method is obtained by the verification of the Internet (extranet), the information is checked in the closed private network (intranet), and the identity verification result obtained by the verification of the extranet can be used in the subsequent work flow of the intranet. Such as the security check counter of civil aviation airport, etc., which needs to check and verify the real identity information of the client. The method can be applied to the situation that the national mandatory organ or law which needs to check the real identity information of the verified client requires strict management.
Drawings
Fig. 1 is a schematic diagram of an architecture of a trusted digital identity secure delivery system according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of a CTID security module according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a secure transfer method for a trusted digital identity according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a trusted digital identity verification device in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The term "and/or" appearing in the present application may be an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this application generally indicates that the former and latter related objects are in an "or" relationship.
The terms "first," "second," and the like in the description and in the claims of the present application and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Moreover, the terms "comprises," "comprising," and any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or modules is not necessarily limited to those steps or modules explicitly listed, but may include other steps or modules not expressly listed or inherent to such process, method, article, or apparatus.
Generally, the national government and public security administration that needs to check the real identity information of the client adopts the mode of checking the second-generation identity card. The second-generation certificate belongs to an offline carrier, identity sensitive information is stored in the certificate, and an identity card reader can only read data in the certificate but cannot output the data to the certificate, so that the second-generation certificate is used without worrying about secret divulgence of an intranet system.
There are also digital, networked identity verification methods available today, if not by means of second generation certificates. However, this method can only be implemented in a private network of an organization to ensure the reliability of the verification result. Although a plurality of internet identity verification technologies of mobile terminals exist nowadays, through digital identity + biological feature (such as face brushing) recognition, more efficient and reliable identity verification can be realized compared with a pure second-generation card (the second-generation card has the problem of being falsely used by similar people).
However, the result of the identity verification through the internet is difficult to accept by a private network system, because the authenticity of the verification result cannot be determined, and the possibility of whether the result is falsified is unknown and cannot be trusted.
Therefore, the present application firstly provides a trusted digital identity secure delivery system, please refer to fig. 1, which includes:
the system comprises a trusted digital identity verification device and a trusted digital identity transmission device, wherein the trusted digital identity verification device is connected with the trusted digital identity transmission device through a trusted digital identity output special interface.
The trusted digital identity verification equipment comprises a network communication interface, an operating system and a CTID (computer telephony integration) safety module, wherein the network communication interface, the operating system and the CTID safety module are sequentially connected. Wherein, the CTID security module comprises a transmission control and management security chip. The network communication interface is connected with an internet credible digital identity verification platform.
The trusted digital identity transmission equipment comprises a network unidirectional security isolation facility and a special adapter plate, wherein the special adapter plate is in unidirectional communication with the network unidirectional security isolation facility, and the network unidirectional security isolation facility is in unidirectional communication with a security check system through an intranet interface.
Furthermore, the present application also provides a CTID security module, please refer to fig. 2. The security module may specifically include: the system comprises an optical code scanning component, a two-dimensional code decoding component and a CTID (computer telephony integration) trusted digital identity security chip. Specifically, the optical code scanning component comprises: scanning window, camera lens and sensitization chip. The two-dimensional code decoding part includes: decoding chip, firmware. The optical code scanning component is used for shooting an image of the CTID credible digital identity two-dimensional code. The two-dimensional code decoding component is used for analyzing the two-dimensional code data from the image, and the CTID trusted digital identity security chip is used for decrypting the specific encrypted information from the two-dimensional code data. According to the verification service requirement, the two-dimensional code data or the specific encryption information and the like are submitted to the CTID platform by a terminal Application (APP) according to a specified format for identity verification.
The core of the application is a CTID safety module, a CTID credible digital identity safety chip and a verification mechanism are arranged in the module, a credible digital identity verification flow is realized through the Internet by means of an operating system and network facilities on equipment, and a verification result is output by the safety module through a special interface.
The trusted digital identity verification related in the application is realized by depending on an authoritative identity authentication organization of the state or the ministry of public security, is a CTID platform of the ministry of public security at present and may be a state-level platform in the future. These platforms can provide legally effective true identity verification results with verification interfaces supporting multiple levels and forms.
The CTID security module confirms the authenticity and the validity of the verification equipment through the built-in security chip, and effectively blocks the illegal access of unauthorized equipment. The verification mechanism complies with the corresponding rules of CTID or national platform, and adopts the mode of combining digital identity identification with biological characteristics to implement identity verification.
The CTID security module mainly receives a digital identity in a two-dimensional code form, wherein the two-dimensional code comprises a desensitized and decrypted identity of a user (not sensitive information such as identity card number/name and the like). By means of the safety chip in the module, validity of the two-dimensional code can be identified, and various attacks of counterfeiting and false falsifying can be prevented.
The biometric feature is typically a live face image. The verification equipment can access the Internet through facilities such as a wired broadband, WIFI or 4G communication card, the identity identification output by the CTID safety module and the face image captured on site are sent to platforms such as the CTID through the Internet for identity verification, and verification results are received and handed to the safety module for directional transmission.
The trusted digital identity verification result output by the trusted digital identity output special interface must enter the intranet through the network unidirectional security isolation facility. The network unidirectional security isolation facility generally meets the standard of GB/T20279-2015 information security technology network and terminal equipment height-separating component security technical requirement and the relevant regulations of the State Bureau of confidentiality, and has unidirectional security isolation effect through information security technology authentication or confidentiality technology detection.
According to the GB standard requirements, network isolation equipment is divided into three types of terminal isolation products, network isolation products and network one-way leading-in products. According to the requirement of the application, the Internet identity verification result needs to be transmitted to the inside of the closed private network, so that a network one-way import product meeting the GB requirement should be used.
The verification equipment realizes the credible digital identity verification through the Internet, and belongs to a data sender for the network one-way import equipment. And the identity verification result receiving equipment in the closed intranet belongs to a data receiving party. Through a physical isolation mechanism of the network unidirectional lead-in equipment, data can be transmitted in a trusted way only from a data transmitting side to a data receiving side, and therefore confidential information of a closed intranet cannot be leaked.
The series connection between two facilities typically requires a dedicated transmission cable or patch panel. According to the interface characteristic of the unidirectional security isolation of the network, the input end needs to be adapted through the adapter plate. In practice, the adapter plate and the network unidirectional safety isolation facility can be packaged in a reliable shell together, and the safety and reliability of connection and communication of the adapter plate and the network unidirectional safety isolation facility are guaranteed. The two facilities are connected in series for use, so that the authenticity and the reliability of identity information are ensured, the information of a private network is prevented from being leaked, and the security can be trusted.
Because the network unidirectional import equipment adopts a file ferry mode, and the output of the CTID security module adopts a conventional communication port, a transfer board is required to collect and store communication messages as static data files. Considering that the identity verification result data may contain a large amount of content, besides the name, the identity card number and the like, the identity verification result data may also comprise a plurality of verification photos and other information (terminal numbers, timestamps, serial numbers, response codes and the like) specified by management requirements, the communication transmission generally needs to adopt ways of packet transmission, per-packet verification, error retransmission, packet unpacking combination and the like, the complete data content is spliced at a receiving end and stored as a static file according to a preset format, and then the static file is ferred to a closed intranet by network one-way import equipment.
In view of the above trusted digital identity secure transfer system, the present application provides a trusted digital identity secure transfer method. Referring to fig. 3, the method includes:
s110, the credible digital identity verification equipment receives the user identity information from the internet credible digital identity verification platform and obtains the plaintext or ciphertext identity information according to the user identity information.
The credible digital identity verification equipment receives the user identity information from the internet credible digital identity verification platform and acquires the plaintext or ciphertext identity information according to the user identity information. The identity information is understood to be meaningful information regarding the identity of the user, such as name, identification number, etc. The plaintext identity information can be directly used, and the ciphertext identity information can be converted into the plaintext identity information through decryption operation.
Specifically, the CTID security module specifically includes an optical code scanning component, a two-dimensional code decoding component and a CTID trusted digital identity security chip, the user identity information includes a CTID trusted digital identity two-dimensional code image, and obtaining plaintext or ciphertext identity information according to the user identity information specifically includes: the optical code scanning component shoots a CTID credible digital identity two-dimensional code image; the two-dimensional code decoding component analyzes the two-dimensional code data from the two-dimensional code image; and the CTID trusted digital identity security chip decrypts the corresponding identity from the two-dimensional code data.
It should be noted that the id is a desensitization data defined in the id verification platform provided in the present application, and can be identified as a person in the platform, but cannot be corresponded to a person outside the platform. The identity verification platform stores a large amount of identity information and a photo library, determines the identity of a person by checking whether an identity label and a face photo are the same person, and returns a verification result. Specifically, the desensitized identity is a string of irregular codes generated by converting identity plaintext through a digital encryption and confusion method, and a platform mastering the conversion algorithm can know which specific identity the string of irregular codes corresponds to. This identity information may be referred to as desensitization, since it is not possible to convert or retrieve identity information that is identity sensitive.
And S120, the trusted digital identity verification device transmits the plaintext or ciphertext identity information to the trusted digital identity transmission device through the trusted digital identity output special interface.
And the trusted digital identity verification equipment transmits the plaintext or ciphertext identity information to the trusted digital identity transmission equipment through the trusted digital identity output special interface, wherein the trusted digital identity transmission equipment is configured with a network one-way security isolation facility.
S130, the trusted digital identity transmission equipment transmits the plaintext or ciphertext identity information to a security check system through a network unidirectional security isolation facility.
And the trusted digital identity transmission equipment transmits the plaintext or ciphertext identity information to a security check system through the network unidirectional security isolation facility so as to perform identity verification.
Furthermore, the trusted digital identity verification device comprises a network communication interface, an operating system and a CTID security module, and the method further comprises the following steps: the CTID security module receives the digital identity in the two-dimension code form through the network communication interface so as to identify the validity and legality of the digital identity in the two-dimension code form, thereby preventing the attack of counterfeiting and counterfeit two-dimension codes, wherein the digital identity in the two-dimension code form comprises a desensitized decryption identity of a user.
Still further, the method further comprises: and receiving the captured face image through the internet credible digital identity platform, and verifying the face image.
The trusted digital identity transmission equipment also comprises a special adapter plate, wherein the special adapter plate is used for adapting the data message received by the trusted digital identity output special interface and sending the adapted data message to the network unidirectional security isolation facility. The special adapter plate is also used for checking the reliability of the data messages, splicing complete data files according to the data messages and storing the data files in a file sending directory of the network unidirectional security isolation facility. The step of transmitting the plaintext or ciphertext identity information to the network identity card security check system by the trusted digital identity transmission device through the network unidirectional security isolation facility specifically comprises the following steps: and transmitting the plaintext or ciphertext identity information to the security check system through an intranet interface.
It should be noted that the network unidirectional security isolation facility includes unidirectional optical isolation and/or usb flash disk lock isolation. Conventional network single-item isolation devices include mechanical and electrical physical isolation (e.g., optical disk handoff, hard disk rewiring, dual-port gate), and the like. By the methods, unidirectional isolation is realized, and the speed is very slow when the delay is large. The network unidirectional isolation device provided in the present application includes, but is not limited to, two types: and unidirectional optical isolation and USB flash disk lock isolation. The optical isolation uses the characteristic of a unidirectional optical fiber, one end of the optical isolation transmits light and the other end receives light, and information can be transmitted only in a unidirectional mode. The network optical gate commonly used in the general closed intranet system belongs to the equipment, and the application is suitable for small miniature optical gate equipment, typically desktop type one-way light guide equipment. The isolation of the USB flash disk lock is realized by utilizing the characteristic of a USB flash disk one-way lock and through a special bottom layer means, only data can be read from the USB flash disk but data cannot be written in. The USB flash disk one-way lock is suitable for various USB flash disks.
And the network one-way security isolation facility generally limits the data one-way transmission to only take the form of files. The output interface special for the CTID safety module is UART/USB and the like generally, and adopts a data message format. The special adapter board needs to run a specific program, receives one or more data messages sent by the CTID security module in real time, checks the reliability of the data, splices the data messages into a complete data file format, and stores the data file format in a file sending directory area of the optical unidirectional isolation device or a U disk directory of the U disk unidirectional lock.
In summary, the trusted digital identity secure transfer method and system provided by the present application can combine data trust with network isolation, and therefore have the following advantages:
1. the CTID security module ensures the correctness of the verification result of the internet identity information;
2. the CTID security module directly outputs the identity information verification result through a special interface, so that the reliability of data is ensured, and interception and stealing are avoided;
3. the verification result is transmitted into the closed private network through the network unidirectional security isolation facility, so that the physical isolation security of the private network can be effectively protected, and the private network information is prevented from being leaked from the access port.
The credible digital identity safe transmission method, the credible digital identity safe transmission system and the storage medium can be applied to various occasions needing identity verification, such as a situation that a user is required to submit an identity card and a boarding check in a security inspection process, wherein the identity card is used for determining identity information, and the boarding check represents service information. However, in the current practice, the user does not need to use the identity card in the process of security check, and since a special device (herein, a trusted digital identity verification device) directly notifies the security check system through a transmission device (a trusted digital identity transmission device), the identity of the user is verified.
Because the identity verification is performed by a national authority or a trusted platform, the possibility of falsification does not exist in the transmission process of the verification result, and the result of the identity verification can be trusted. The security check system can ensure the security of the security check system during the process of transmitting and receiving information. Therefore, in the security inspection system, only the service information needs to be subjected to further subsequent work flow according to the determined identity information.
Referring to fig. 4, the trusted digital identity verification apparatus 200 may include one or more processors (CPUs) 210 (e.g., one or more processors) and a memory 220, and one or more storage media 230 (e.g., one or more mass storage devices) storing applications 233 or data 232. Memory 220 and storage medium 230 may be, among other things, transient or persistent storage. The program stored on the storage medium 230 may include one or more modules (not shown). Still further, the processor 210 may be configured to communicate with the storage medium 330 to execute a series of instruction operations in the storage medium 20 on the trusted digital identity verification device 200.
Trusted digital identity verification device 200 may also include one or more power supplies 240, one or more wired or wireless network interfaces 250, one or more input-output interfaces 260, and/or one or more operating systems 231, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc. The trusted digital identity verification device 200 may further include a CTID security module 270, where the CTID security module 270 is as described above and shown in fig. 2, and is not described herein again. Those skilled in the art will appreciate that the trusted digital identity verification device architecture shown in FIG. 4 does not constitute a limitation of trusted digital identity verification devices, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
The present application also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and which may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the trusted digital identity secure transfer method.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In the examples provided herein, it is to be understood that the disclosed methods may be practiced otherwise than as specifically described without departing from the spirit and scope of the present application. The present embodiment is an exemplary example only, and should not be taken as limiting, and the specific disclosure should not be taken as limiting the purpose of the application. For example, some features may be omitted, or not performed.
The technical means disclosed in the present application is not limited to the technical means disclosed in the above embodiments, and includes technical means formed by any combination of the above technical features. It should be noted that, for those skilled in the art, without departing from the principle of the present application, several improvements and modifications can be made, and these improvements and modifications are also considered to be within the scope of the present application.
The above detailed description is given to a trusted digital identity secure transfer method, a trusted digital identity secure transfer system, and a storage medium provided in the embodiments of the present application, and a specific example is applied in the present application to explain the principle and the implementation of the present application, and the description of the above embodiments is only used to help understanding the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A trusted digital identity security transfer method is characterized in that the trusted digital identity security transfer method is applied to a trusted digital identity security transfer system, the trusted digital identity security transfer system comprises a trusted digital identity verification device and a trusted digital identity transmission device, wherein the trusted digital identity verification device is connected with the trusted digital identity transmission device through a trusted digital identity output dedicated interface, and the method comprises the following steps:
the credible digital identity verification equipment receives user identity information from an internet credible digital identity verification platform and acquires plaintext or ciphertext identity information according to the user identity information;
the trusted digital identity verification equipment transmits the plaintext or ciphertext identity information to the trusted digital identity transmission equipment through the trusted digital identity output special interface, wherein the trusted digital identity transmission equipment is configured with a network unidirectional security isolation facility;
and the trusted digital identity transmission equipment transmits the plaintext or ciphertext identity information to a security check system through the network unidirectional security isolation facility so as to perform identity verification.
2. The method of claim 1, wherein the trusted digital identity verification device comprises a network communication interface, an operating system, and a CTID security module, and the method further comprises:
the CTID security module receives the digital identity in the two-dimension code form through the network communication interface so as to identify the validity and legality of the digital identity in the two-dimension code form, thereby preventing the attack of counterfeiting and counterfeit two-dimension codes, wherein the digital identity in the two-dimension code form comprises a desensitized decryption identity of a user.
3. The method as claimed in claim 2, wherein the CTID security module specifically includes an optical code scanning unit, a two-dimensional code decoding unit, and a CTID trusted digital identity security chip, the user identity information includes a CTID trusted digital identity two-dimensional code image, and the obtaining of the plaintext or ciphertext identity information according to the user identity information specifically includes:
the optical code scanning component shoots a CTID credible digital identity two-dimensional code image;
the two-dimensional code decoding component analyzes the two-dimensional code data from the two-dimensional code image;
and the CTID trusted digital identity security chip decrypts the corresponding identity from the two-dimensional code data.
4. The method for secure transfer of a trusted digital identity according to claim 1, further comprising:
and receiving the captured face image through the internet credible digital identity platform, and verifying the face image.
5. The secure transfer method of a trusted digital identity according to claim 1,
the network unidirectional security isolation facility comprises unidirectional optical isolation and/or USB flash disk lock isolation.
6. The secure transfer method of a trusted digital identity according to claim 1, wherein said trusted digital identity transfer device further comprises a dedicated patch panel,
the special adapter board is used for adapting the data message received by the trusted digital identity output special interface and sending the adapted data message to the network unidirectional security isolation facility.
7. The method for secure transfer of a trusted digital identity according to claim 6,
the special adapter plate is also used for checking the reliability of the data message, splicing a complete data file according to the data message, and storing the data file in a file sending directory of the network unidirectional security isolation facility.
8. The method for securely transferring a trusted digital identity according to claim 1, wherein the step of transmitting the plaintext or ciphertext identity information to a security check system by the trusted digital identity transmitting device through the network unidirectional security isolation facility specifically comprises:
and transmitting the plaintext or ciphertext identity information to the security check system through an intranet interface.
9. A trusted digital identity secure delivery system is characterized in that the trusted digital identity secure delivery system comprises a trusted digital identity verification device and a trusted digital identity transmission device, wherein the trusted digital identity verification device is connected with the trusted digital identity transmission device through a trusted digital identity output special interface,
the credible digital identity verification equipment is used for receiving user identity information from an internet credible digital identity verification platform and acquiring plaintext or ciphertext identity information according to the user identity information;
the trusted digital identity verification device is used for transmitting the plaintext or ciphertext identity information to the trusted digital identity transmission device through the trusted digital identity output dedicated interface, wherein the trusted digital identity transmission device is configured with a network unidirectional security isolation facility;
and the trusted digital identity transmission equipment is used for transmitting the plaintext or ciphertext identity information to a security check system through the network unidirectional security isolation facility so as to perform identity verification.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to perform the method of trusted digital identity secure transfer as claimed in any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111615923.4A CN114338137A (en) | 2021-12-27 | 2021-12-27 | Trusted digital identity secure transmission method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111615923.4A CN114338137A (en) | 2021-12-27 | 2021-12-27 | Trusted digital identity secure transmission method, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114338137A true CN114338137A (en) | 2022-04-12 |
Family
ID=81013307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111615923.4A Pending CN114338137A (en) | 2021-12-27 | 2021-12-27 | Trusted digital identity secure transmission method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338137A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115118438A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Block chain-based terminal digital identity management method and system |
| CN115118439A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Method and system for verifying terminal digital identity |
| CN115118440A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Writing method and system for terminal digital identity |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413086A (en) * | 2018-11-16 | 2019-03-01 | 阿里巴巴集团控股有限公司 | Line coker tests the method and device of identity information |
| CN110557366A (en) * | 2019-07-15 | 2019-12-10 | 安徽继远软件有限公司 | Identity authentication system and method based on cross-network transmission and CTID (computer telephony integration) network card authentication |
| CN110768985A (en) * | 2019-10-25 | 2020-02-07 | 广州大白互联网科技有限公司 | Code scanning authentication method initiated by access terminal, access terminal and authentication system |
| CN111556069A (en) * | 2020-05-12 | 2020-08-18 | 南方电网数字电网研究院有限公司 | Visitor identity authentication method, system, device, computer equipment and storage medium |
-
2021
- 2021-12-27 CN CN202111615923.4A patent/CN114338137A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413086A (en) * | 2018-11-16 | 2019-03-01 | 阿里巴巴集团控股有限公司 | Line coker tests the method and device of identity information |
| CN110557366A (en) * | 2019-07-15 | 2019-12-10 | 安徽继远软件有限公司 | Identity authentication system and method based on cross-network transmission and CTID (computer telephony integration) network card authentication |
| CN110768985A (en) * | 2019-10-25 | 2020-02-07 | 广州大白互联网科技有限公司 | Code scanning authentication method initiated by access terminal, access terminal and authentication system |
| CN111556069A (en) * | 2020-05-12 | 2020-08-18 | 南方电网数字电网研究院有限公司 | Visitor identity authentication method, system, device, computer equipment and storage medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115118438A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Block chain-based terminal digital identity management method and system |
| CN115118439A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Method and system for verifying terminal digital identity |
| CN115118440A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Writing method and system for terminal digital identity |
| CN115118440B (en) * | 2022-08-29 | 2023-01-20 | 北京智芯微电子科技有限公司 | Writing method and system for terminal digital identity |
| CN115118438B (en) * | 2022-08-29 | 2023-01-20 | 北京智芯微电子科技有限公司 | Block chain-based terminal digital identity management method and system |
| CN115118439B (en) * | 2022-08-29 | 2023-01-20 | 北京智芯微电子科技有限公司 | Method and system for verifying terminal digital identity |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10681025B2 (en) | Systems and methods for securely managing biometric data | |
| CN114338137A (en) | Trusted digital identity secure transmission method, system and storage medium | |
| EP2991267B1 (en) | Apparatus for providing puf-based hardware otp and method for authenticating 2-factor using same | |
| US10650139B2 (en) | Securing temporal digital communications via authentication and validation for wireless user and access devices with securitized containers | |
| JP6275653B2 (en) | Data protection method and system | |
| CN109726588B (en) | Privacy protection method and system based on information hiding | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN112671779B (en) | DoH server-based domain name query method, device, equipment and medium | |
| CN105099705B (en) | A kind of safety communicating method and its system based on usb protocol | |
| US20210073359A1 (en) | Secure one-time password (otp) authentication | |
| CN113179240B (en) | Key protection method, device, equipment and storage medium | |
| US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
| KR101468192B1 (en) | Secure User Authentication Scheme Based on Facial Recognition for Smartwork Environment | |
| CN114584291B (en) | Key protection method, device, equipment and storage medium based on HMAC algorithm | |
| KR101326243B1 (en) | User authenticaiton method | |
| CN110830465B (en) | Security protection method for accessing UKey, server and client | |
| JP2004206258A (en) | Multiple authentication system, computer program, and multiple authentication method | |
| KR102094606B1 (en) | Apparatus and method for authentication | |
| CN114024702A (en) | Information security protection method and computing device | |
| RU2633186C1 (en) | Personal device for authentication and data protection | |
| WO2019133326A1 (en) | Securing temporal digital communications | |
| Gayoso Martínez et al. | Using the Spanish national identity card in social networks | |
| CN117097562B (en) | Safe centralized signature method and system | |
| CN112738059B (en) | Terminal access validity verification method and device, electronic equipment and storage medium | |
| CN116361863A (en) | Trusted environment construction method, data transmission method and data processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |