CN118018186A - Digital identity offline transmission method and system based on two-dimension code - Google Patents
Digital identity offline transmission method and system based on two-dimension code Download PDFInfo
- Publication number
- CN118018186A CN118018186A CN202311844885.9A CN202311844885A CN118018186A CN 118018186 A CN118018186 A CN 118018186A CN 202311844885 A CN202311844885 A CN 202311844885A CN 118018186 A CN118018186 A CN 118018186A
- Authority
- CN
- China
- Prior art keywords
- digital identity
- code generation
- code
- file
- configuration file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 20
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000012795 verification Methods 0.000 claims abstract description 8
- 238000004590 computer program Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a digital identity off-line transmission method based on two-dimension codes, which comprises the following steps: the code generation end pre-acquires a configuration file and a digital identity credential file; the code generation end judges whether code generation exists or not according to the configuration file; the code generating end generates a two-dimensional code according to the digital identity credential file; the decoding end stores the registration mechanism ID; the decoding end verifies the two-dimensional code, and after the two-dimensional code passes the verification, the decoding end analyzes the two-dimensional code to obtain a digital identity credential file; the decoding end analyzes the digital identity credential file to obtain a digital identity mark; the decoding end takes the registration mechanism ID as a scattered key; encrypting the digital identity into a scattered digital identity; and the decoding end outputs the distributed digital identity and the two-dimensional code verification result.
Description
Technical Field
The invention relates to a digital identity off-line transmission method and system based on a two-dimension code, and belongs to the field of two-dimension codes.
Background
Digital identity is a specific set of digital sequence codes that condense true identity information into a digital identification. In the prior art, digital identities are generally transmitted online through the internet, but in some situations, both the sender and the receiver do not want to communicate with the external network for network security. Thus, there is a need for a method of transmitting digital identities offline.
Two-dimensional codes are also called two-dimensional bar codes, which are patterns distributed on a plane (in two-dimensional directions) according to a certain rule by using a certain specific geometric figure, are black-white alternate, and record data symbol information; the literal numerical information is represented by a plurality of geometric shapes corresponding to binary, and is automatically read by an image input device or a photoelectric scanning device to realize automatic information processing.
CN108712383A (a method for generating an offline secure two-dimensional code), and a client acquires a digital certificate; detecting whether an OTP seed exists or not, and if the OTP seed does not exist, applying for the OTP seed to an OTP server; generating an OTP code according to the OTP seed; generating a two-dimensional code identification string according to the OTP seed and the user identification; the digital certificate signs the two-dimensional code identification string; the common method for generating the two-dimensional code by the signature, the identification string and the service content is to use an OTP seed server to download and store OTP seed data on a code generation client in advance, and directly use seeds to carry out local code generation under the mobile phone offline environment when generating codes.
Disclosure of Invention
In order to overcome the problems in the prior art, the invention designs a digital identity off-line transmission method and a system based on a two-dimension code, which take the two-dimension code as a carrier, and transmit a digital identity credential file through off-line decoding of an off-line raw code, so that the digital identity credential file is prevented from being taken as the carrier, and a registration mechanism ID is taken as a scattered key to calculate scattered digital identity at a decoding end, so that the decoding end can obtain the scattered digital identity of the mechanism where the decoding end is located off-line
In order to achieve the above purpose, the present invention adopts the following technical scheme:
Technical solution one
A digital identity off-line transmission method based on two-dimension codes comprises the following steps:
the code generation end pre-acquires a configuration file and a digital identity credential file;
the code generation end judges whether code generation exists or not according to the configuration file;
The code generating end generates a two-dimensional code according to the digital identity credential file;
the decoding end stores the registration mechanism ID;
The decoding end scans the two-dimensional code; the decoding end analyzes and verifies the two-dimensional code to obtain a digital identity credential file;
The decoding end analyzes the digital identity credential file to obtain a digital identity mark;
the decoding end takes the registration mechanism ID as a scattered key, and encrypts the digital identity into a scattered digital identity;
And the decoding end outputs the distributed digital identity and the two-dimensional code verification result.
Further, the acquiring the configuration file includes the following steps:
the code generation end judges whether a configuration file exists locally or not, and inquires whether the version number of the configuration file is up-to-date according to the global configuration version number of the digital identity service platform; if the configuration file does not exist locally or the version number of the configuration file is not up to date, requesting to download the configuration file from the digital identity service platform;
the digital identity service platform reads global configuration information; the digital identity service platform generates and returns a configuration file to the code generation end; the code generation end stores the configuration file.
Further, the step of obtaining the digital identity credential file includes the following steps:
The code generation end collects the portrait and the equipment characteristic information; the code generation end sends user identity information, portrait and equipment characteristic information to the digital identity service platform and requests a digital identity credential file from the digital identity service platform;
The digital identity service platform performs identity authentication according to the identity information and the portrait of the user; after the identity authentication is passed, the digital identity service platform issues a digital identity; the digital identity service platform generates a digital identity credential file, and the digital identity credential file contains digital identity identification and equipment characteristic information.
Further, the method further comprises the following steps: the code generation end reads the equipment characteristic information; the code generation end generates a two-dimensional code according to the digital identity credential file and the equipment characteristic information; the decoding end compares whether the equipment characteristic information in the digital identity certificate file is consistent with the equipment characteristic information in the two-dimensional code, and if so, outputs a scattered digital identity; otherwise, the scattered digital identity is not output.
Further, the judging whether to generate the code comprises the following steps:
the configuration file comprises code generation times limit and code generation time limit; and if the code generation end meets the code generation times limit and the code generation time limit, the code generation end generates the two-dimensional code.
Technical proposal II
A two-dimensional code based digital identity offline transmission system, comprising:
The code generation end stores a configuration file and a digital identity credential file and is used for judging whether to generate codes or not according to the configuration file; generating a two-dimensional code according to the digital identity credential file;
The decoding end stores a registration mechanism ID and is used for scanning the two-dimensional code; the decoding end analyzes and verifies the two-dimensional code to obtain a digital identity credential file; the decoding end analyzes the digital identity credential file to obtain a digital identity mark; taking the registration mechanism ID as a scattered key; encrypting the digital identity into a scattered digital identity; and outputting the distributed digital identity and the two-dimensional code verification result.
Further, the code generation end pre-obtains the configuration file, which comprises the following steps:
the code generation end judges whether a configuration file exists locally or not, and inquires whether the version number of the configuration file is up-to-date according to the global configuration version number of the digital identity service platform; if the configuration file does not exist locally or the version number of the configuration file is not up to date, requesting to download the configuration file from the digital identity service platform;
the digital identity service platform reads global configuration information; the digital identity service platform generates and returns a configuration file to the code generation end; the code generation end stores the configuration file.
Further, the code generation end pre-obtains the digital identity credential file, which comprises the following steps:
The code generation end collects the portrait and the equipment characteristic information; the code generation end sends user identity information, portrait and equipment characteristic information to the digital identity service platform and requests a digital identity credential file from the digital identity service platform;
The digital identity service platform performs identity authentication according to the identity information and the portrait of the user; after the identity authentication is passed, the digital identity service platform issues a digital identity; the digital identity service platform generates a digital identity credential file, and the digital identity credential file contains digital identity identification and equipment characteristic information.
Further, the method further comprises the following steps: the code generation end reads the equipment characteristic information; the code generation end generates a two-dimensional code according to the digital identity credential file and the equipment characteristic information; the decoding end compares whether the equipment characteristic information in the digital identity certificate file is consistent with the equipment characteristic information in the two-dimensional code, and if so, outputs a scattered digital identity; otherwise, the scattered digital identity is not output.
Further, the judging whether to generate the code comprises the following steps:
the configuration file comprises code generation times limit and code generation time limit; and if the code generation end meets the code generation times limit and the code generation time limit, the code generation end generates the two-dimensional code.
Compared with the prior art, the invention has the following characteristics and beneficial effects:
the invention takes the two-dimension code as a carrier, and transmits the digital identity credential file through offline code generation offline decoding, prevents the digital identity credential file from being taken as the carrier, and calculates the scattered digital identity by taking the registration mechanism ID as the scattered secret key at the decoding end, so that the decoding end can obtain the scattered digital identity of the mechanism where the decoding end is located offline.
The invention stores the device characteristic information in the two-dimension code and the digital identity document file respectively, and judges whether the device requesting to download the digital identity document file and the current code generation device are the same device, thereby ensuring the data security of the digital identity document file.
Drawings
Fig. 1-4 are flowcharts of the present invention.
Detailed Description
The present invention will be described in more detail with reference to examples.
As shown in fig. 1-4, a two-dimensional code-based digital identity offline transmission method comprises the following steps:
In the embodiment, the code generating end is a mobile device, and the code generating end is provided with a code spreading application end and a code generating SDK;
the spreading code application end (such as WeChat applet) collects the portrait and the equipment characteristic information;
The spreading code application end sends user identity information (such as user name, identity card number), portrait and equipment characteristic information to the spreading code server end to request a digital identity credential file;
the spreading code server forwards the digital identity credential file request to the digital identity service platform;
The digital identity service platform performs identity authentication according to the user information and the portrait; after the identity authentication is passed, the digital identity service platform issues a digital identity for the user; the digital identity service platform generates a digital identity credential file, and the digital identity credential file contains digital identity mark ciphertext, equipment characteristic information ciphertext, signature data (such as signature data generated according to the digital identity mark ciphertext and the equipment characteristic information ciphertext) and the like.
The digital identity credential file is forwarded to the spreading code application end through the spreading code service end. The spreading code application stores the digital identity credential file.
The spreading code application end judges whether a configuration file exists locally or not, and inquires whether the version number of the local configuration file is up-to-date from the global configuration version number stored in the digital identity service platform; and if the configuration file does not exist locally or the configuration file version number is not up to date, requesting to download the up to date configuration file from the digital identity service platform.
The digital identity service platform reads global configuration information (window period of code generation permission and window code generation frequency upper limit), generates a configuration file and returns the configuration file to the code generation application end;
The spreading code application end sends the configuration file to a generating code SDK;
The code generation SDK stores a configuration file.
The spreading code application end detects that the equipment is disconnected from the network, reads the locally stored digital identity certificate file and equipment characteristic information and sends the digital identity certificate file and the equipment characteristic information to the code generation SDK so as to request to generate the two-dimensional code.
The code generation SDK reads the configuration file to judge whether the window period and the code generation times accord with the window period and the times not exceeding the upper limit.
The generating code SDK generates a two-dimensional code based on the digital identity credential file, the equipment characteristic information ciphertext and the signature data.
The spreading code application end displays the two-dimensional code.
Presetting key information and registration mechanism ID in a decoding end;
the decoding end scans the two-dimensional code presented by the spreading code application end;
The decoding end analyzes the two-dimensional code and verifies signature data in the two-dimensional code; if the verification is passed, analyzing the digital identity certificate to obtain a digital identity mark and equipment characteristic information; the decoding end compares whether the equipment characteristic information in the digital identity credential file is consistent with the equipment characteristic information in the two-dimensional code, if so, the decoding end calculates a scattered digital identity according to the digital identity based on the registration mechanism ID as a scattered key, and the decoding end outputs a two-dimensional code verification result and the scattered digital identity; otherwise, the distributed digital identity is not calculated.
It should be noted that, the above-mentioned digital identity offline transmission system based on two-dimension codes is further used to implement the method steps corresponding to each embodiment of the digital identity offline transmission method based on two-dimension codes shown in fig. 1, and the disclosure is not repeated here.
It should be noted that, in each embodiment of the present invention, each functional unit/module may be integrated in one processing unit/module, or each unit/module may exist alone physically, or two or more units/modules may be integrated in one unit/module. The integrated units/modules described above may be implemented either in hardware or in software functional units/modules.
From the description of the embodiments above, it will be apparent to those skilled in the art that the embodiments described herein may be implemented in hardware, software, firmware, middleware, code, or any suitable combination thereof. For a hardware implementation, the processor may be implemented in one or more of the following units: an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a processor, a controller, a microcontroller, a microprocessor, other electronic units designed to perform the functions described herein, or a combination thereof. For a software implementation, some or all of the flow of an embodiment may be accomplished by a computer program to instruct the associated hardware. When implemented, the above-described programs may be stored in or transmitted as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. Computer-readable media can include, but are not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
Finally, it should be noted that the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the scope of the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (10)
1. The digital identity off-line transmission method based on the two-dimension code is characterized by comprising the following steps of:
the code generation end pre-acquires a configuration file and a digital identity credential file;
the code generation end judges whether code generation exists or not according to the configuration file;
The code generating end generates a two-dimensional code according to the digital identity credential file;
the decoding end stores the registration mechanism ID;
The decoding end scans the two-dimensional code; the decoding end analyzes and verifies the two-dimensional code to obtain a digital identity credential file;
The decoding end analyzes the digital identity credential file to obtain a digital identity mark;
the decoding end takes the registration mechanism ID as a scattered key, and encrypts the digital identity into a scattered digital identity;
And the decoding end outputs the distributed digital identity and the two-dimensional code verification result.
2. The method for offline transmission of digital identities based on two-dimensional codes according to claim 1, wherein the step of obtaining the configuration file comprises the following steps:
the code generation end judges whether a configuration file exists locally or not, and inquires whether the version number of the configuration file is up-to-date according to the global configuration version number of the digital identity service platform; if the configuration file does not exist locally or the version number of the configuration file is not up to date, requesting to download the configuration file from the digital identity service platform;
the digital identity service platform reads global configuration information; the digital identity service platform generates and returns a configuration file to the code generation end; the code generation end stores the configuration file.
3. The method for offline transmission of digital identity based on two-dimensional codes according to claim 1, wherein the step of obtaining the digital identity credential file comprises the following steps:
The code generation end collects the portrait and the equipment characteristic information; the code generation end sends user identity information, portrait and equipment characteristic information to the digital identity service platform and requests a digital identity credential file from the digital identity service platform;
The digital identity service platform performs identity authentication according to the identity information and the portrait of the user; after the identity authentication is passed, the digital identity service platform issues a digital identity; the digital identity service platform generates a digital identity credential file, and the digital identity credential file contains digital identity identification and equipment characteristic information.
4. The two-dimensional code-based digital identity offline transmission method as set forth in claim 3, further comprising: the code generation end reads the equipment characteristic information; the code generation end generates a two-dimensional code according to the digital identity credential file and the equipment characteristic information; the decoding end compares whether the equipment characteristic information in the digital identity certificate file is consistent with the equipment characteristic information in the two-dimensional code, and if so, outputs a scattered digital identity; otherwise, the scattered digital identity is not output.
5. The method for offline transmission of digital identities based on two-dimensional codes according to claim 1, wherein the step of determining whether to generate the codes comprises the following steps:
the configuration file comprises code generation times limit and code generation time limit; and if the code generation end meets the code generation times limit and the code generation time limit, the code generation end generates the two-dimensional code.
6. The utility model provides a digital identity off-line transmission system based on two-dimensional code which characterized in that includes:
The code generation end stores a configuration file and a digital identity credential file and is used for judging whether to generate codes or not according to the configuration file; generating a two-dimensional code according to the digital identity credential file;
The decoding end stores a registration mechanism ID and is used for scanning the two-dimensional code; the decoding end analyzes and verifies the two-dimensional code to obtain a digital identity credential file; the decoding end analyzes the digital identity credential file to obtain a digital identity mark; taking the registration mechanism ID as a scattered key; encrypting the digital identity into a scattered digital identity; and outputting the distributed digital identity and the two-dimensional code verification result.
7. The two-dimensional code-based digital identity offline transmission system according to claim 6, wherein the code generation end pre-acquires the configuration file, and the method comprises the following steps:
the code generation end judges whether a configuration file exists locally or not, and inquires whether the version number of the configuration file is up-to-date according to the global configuration version number of the digital identity service platform; if the configuration file does not exist locally or the version number of the configuration file is not up to date, requesting to download the configuration file from the digital identity service platform;
the digital identity service platform reads global configuration information; the digital identity service platform generates and returns a configuration file to the code generation end; the code generation end stores the configuration file.
8. The two-dimensional code-based digital identity offline transmission system of claim 7, wherein the code generation end pre-acquires the digital identity credential file, comprising the following steps:
The code generation end collects the portrait and the equipment characteristic information; the code generation end sends user identity information, portrait and equipment characteristic information to the digital identity service platform and requests a digital identity credential file from the digital identity service platform;
The digital identity service platform performs identity authentication according to the identity information and the portrait of the user; after the identity authentication is passed, the digital identity service platform issues a digital identity; the digital identity service platform generates a digital identity credential file, and the digital identity credential file contains digital identity identification and equipment characteristic information.
9. The two-dimensional code-based digital identity offline transmission system of claim 8, further comprising: the code generation end reads the equipment characteristic information; the code generation end generates a two-dimensional code according to the digital identity credential file and the equipment characteristic information; the decoding end compares whether the equipment characteristic information in the digital identity certificate file is consistent with the equipment characteristic information in the two-dimensional code, and if so, outputs a scattered digital identity; otherwise, the scattered digital identity is not output.
10. The two-dimensional code based digital identity offline transmission system according to claim 6, wherein the determining whether to generate the code comprises the steps of:
the configuration file comprises code generation times limit and code generation time limit; and if the code generation end meets the code generation times limit and the code generation time limit, the code generation end generates the two-dimensional code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311844885.9A CN118018186A (en) | 2023-12-28 | 2023-12-28 | Digital identity offline transmission method and system based on two-dimension code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311844885.9A CN118018186A (en) | 2023-12-28 | 2023-12-28 | Digital identity offline transmission method and system based on two-dimension code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118018186A true CN118018186A (en) | 2024-05-10 |
Family
ID=90945329
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311844885.9A Pending CN118018186A (en) | 2023-12-28 | 2023-12-28 | Digital identity offline transmission method and system based on two-dimension code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118018186A (en) |
-
2023
- 2023-12-28 CN CN202311844885.9A patent/CN118018186A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100912976B1 (en) | Security system | |
| US6434561B1 (en) | Method and system for accessing electronic resources via machine-readable data on intelligent documents | |
| US8930699B2 (en) | Short-range secure data communication method based on sound wave or audio, and apparatus thereof | |
| US7909255B2 (en) | Mobile information retrieval over wireless network | |
| KR102660475B1 (en) | Platform and method for certifying an electronic contract for electronic identification and trust services (eidas) | |
| US20020004800A1 (en) | Electronic notary method and system | |
| US20100235622A1 (en) | Transfer device for sensitive material such as a cryptographic key | |
| CN101416541A (en) | Method and system for phone-number discovery and phone-number authentication for m0bile communications devices | |
| CN1439982A (en) | Time marking system and progam medium for electronic files | |
| US20020181701A1 (en) | Method for cryptographing information | |
| EP1698096A2 (en) | Mobile device and method for providing certificate based cryptography | |
| KR101940983B1 (en) | Device in multicast group | |
| CN111371702B (en) | Data forwarding method and device, electronic equipment and storage medium | |
| JP2008048135A (en) | Two-dimensional code-using system | |
| US20070107065A1 (en) | Data communications system and data communications method | |
| CN110266641B (en) | Information reading method, system, device and computer readable storage medium | |
| KR20160084680A (en) | Method for authenticating iot device, method for executing iot device authentication, user device and authentication server | |
| KR102462411B1 (en) | Platform and method for authenticating electronic announcements for electronic identification and authentication services (EDS) | |
| CN114079645B (en) | Method and device for registering service | |
| CN118018186A (en) | Digital identity offline transmission method and system based on two-dimension code | |
| EP2754262A1 (en) | Authentication method | |
| CN110061949B (en) | Method and device for acquiring information | |
| CN108243172B (en) | Method and system for sending verification information | |
| SE525087C2 (en) | Procedure for positioning and timestamping digital content in a user terminal in a mobile telecommunications network | |
| KR100452766B1 (en) | Method for cryptographing a information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |