CN208190680U - A kind of electronic signature equipment and authentication system - Google Patents
A kind of electronic signature equipment and authentication system Download PDFInfo
- Publication number
- CN208190680U CN208190680U CN201820817867.XU CN201820817867U CN208190680U CN 208190680 U CN208190680 U CN 208190680U CN 201820817867 U CN201820817867 U CN 201820817867U CN 208190680 U CN208190680 U CN 208190680U
- Authority
- CN
- China
- Prior art keywords
- information
- identity card
- electronic signature
- application server
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
This application discloses a kind of electronic signature equipment and authentication system, which includes safety chip, close range wireless communication NFC chip, physical characteristics collecting module and baseband chip;NFC chip is connect with safety chip, and physical characteristics collecting module is connect with safety chip, and safety chip is connect with baseband chip;Electronic signature equipment realizes the authentication of equipment holder by safety chip, is equivalent to and verifies whether the permission with verifying client identity, and specification electronic signature equipment verifies the use of client identity;By being encrypted to ciphertext using safety chip after the identity card cleartext information of NFC chip and physical characteristics collecting module acquisition client, identity card cipher-text information and biological information, ciphertext and positioning address are directly sent to application server by baseband chip and carry out client identity verifying, the remote validation for realizing client identity information " testimony of a witness unification " prevents customer's identity card information stolen and demonstrate,proves bring security risk using false identities.
Description
Technical field
This application involves electronic science and technology field more particularly to a kind of electronic signature equipment and authentication systems.
Background technique
Currently, often being needed in daily life since identity card is a kind of legal certificate for proving holder's identity
User identity card information is provided to prove that user identity is legal, for example, opening a bank account, buying ticket, hospital sees a doctor, password is looked for
Situations such as returning, being required to offer user identity card information proves that user identity is legal.
In the prior art, user identity card information is provided under each scene proves that user identity is legal, generally by defeated
Access customer identification card number information carries out personally identifiable information certification using electronic signature equipment.Wherein, by inputting user
Whether the progress personally identifiable information certification of identification card number information refers to legal according to user identity card information inquiry user identity;
Personally identifiable information certification is carried out using electronic signature equipment and refers to that polyelectron signature device and subscriber identity information are bound, and is utilized
The digital certificate obtained when applying for electronic signature device, which completes personal part authentification of message, proves that user identity is legal.
Inventor has found that identification card number information relatively discloses, only by input identification card number information cannot
It realizes testimony of a witness unification, there is the security risk for usurping identity card or identity card falseness;Electronic signature equipment is although convenient and efficient,
But be only capable of to applicant carry out identity authentication function it is single, cause application scenarios limited, frequency of usage is lower, is not suitable for
Verify the application scenarios of other people identity informations.
Summary of the invention
Technical problems to be solved in this application are to provide a kind of electronic signature equipment and authentication system, demonstrate
It is the no permission with verifying client identity of equipment holder, has standardized the use of electronic signature equipment verifying client identity;It is real
The remote validation of existing client identity information " testimony of a witness unification ", it is therefore prevented that customer's identity card information is stolen and is demonstrate,proved using false identities
Bring security risk.
In a first aspect, the embodiment of the present application provides a kind of electronic signature equipment, which includes:
Safety chip, close range wireless communication NFC chip, physical characteristics collecting module and baseband chip;The NFC chip
Connect with the safety chip, the physical characteristics collecting module is connect with the safety chip, the safety chip with it is described
Baseband chip connection;
The safety chip, if certification passes through, obtains client identity certification power for carrying out the authentication of own user
Limit;
The NFC chip, for reading the identity card cleartext information and identity card cipher-text information that obtain client;
The physical characteristics collecting module obtains the biological information of client for identification;
The safety chip, be also used to using private key by the identity card cleartext information, the identity card cipher-text information and
The biological information carries out encryption and generates ciphertext;
The baseband chip carries out client identity verifying for the ciphertext to be sent to application server, described in reception
The feedback information of application server, and position acquisition current address and be sent to the application server, the client identity verifying
Refer to and decrypts the identity card cipher-text information, if successful decryption, biological information described in contrast verification and base using SAM device
In the target biometric information that the identity card plaintext information searching obtains, the identity card cipher-text information, the biology are special
Reference breath and the identity card cleartext information are that the application server is obtained using ciphertext described in public key decryptions.
Preferably, the electronic signature equipment is Internet of Things shield.
Preferably, the baseband chip is also used to obtain current time and/or applied business is sent to the application service
Device.
Preferably, the biological characteristic includes finger print information, sound, original handwriting and/or iris.
It preferably, further include display module, the display module is connect with the safety chip;
The display module, for showing the feedback information of the application server.
Preferably, the display module is also used to show the identity card cleartext information and identity card ciphertext for reading the client
The prompt information of information;And/or display identifies the prompt information of the biological information of the client.
It preferably, further include key, the key is connect with the safety chip, and the key is for starting the safety
The authentication of chip progress own user;And/or
The key is used to start the NFC chip and reads the identity card cleartext information for obtaining client and identity card ciphertext letter
Breath;And/or
The key is used to start the biological information that the physical characteristics collecting module identification obtains client.
Second aspect, the embodiment of the present application provide a kind of system of authentication, which includes: any of the above-described institute
Electronic signature equipment, application server, SAM device and the public security server stated;
The electronic signature equipment, if certification passes through, obtains the identity of client for carrying out the authentication of own user
Cleartext information, identity card cipher-text information and biological information are demonstrate,proved, encryption is carried out using private key and generates ciphertext, the ciphertext is sent out
It gives application server and carries out client identity verifying, receive the feedback information of the application server, and position and obtain current position
Location is sent to the application server;
The application server, for the ciphertext is decrypted using public key obtain the identity card cleartext information,
The identity card cipher-text information is sent to the SAM device simultaneously by the identity card cipher-text information and the biological information
The feedback information for receiving the SAM device is identified also according to the corresponding target terminal of the identity card plaintext information searching, to institute
It states target terminal and sends the current address;
The SAM device is sent to the application service for decrypting the identity card cipher-text information acquisition decrypted result
Device;
The application server, if the feedback information for being also used to the SAM device is successful decryption, by the proof of identification
Literary information is sent to the public security server and obtains target biometric information, biological information and target described in contrast verification
Biological information, and transmit verification result to the electronic signature equipment;
The public security server, for obtaining target biometric information according to the identity card plaintext information searching.
Preferably, the electronic signature equipment is also used to obtain current time and/or applied business is sent to the application
Server;
Accordingly, the application server is also used to send the current time to the target terminal and/or using industry
Business.
Preferably, if the application server is also used to the feedback information of the SAM device for decryption failure, directly by institute
The feedback information for stating SAM device is sent to the electronic signature equipment.
Preferably, the application server is also used to send random verification code to the target terminal.
Compared with prior art, the application has at least the following advantages:
Using the technical solution of the embodiment of the present application, electronic signature equipment includes safety chip, close range wireless communication NFC
Chip, physical characteristics collecting module and baseband chip;NFC chip is connect with safety chip, physical characteristics collecting module and safety
Chip connection, safety chip are connect with baseband chip;If the authentication of own user passes through, the identity card of client is obtained in plain text
Information, identity card cipher-text information and biological information;Encryption, which is carried out, using private key generates ciphertext, positioning obtains current address,
Current address and ciphertext are sent to application server and carry out client identity verifying, and receives the feedback information of application server,
Client identity verifying, which refers to, demonstrate,proves cipher-text information, if successful decryption, contrast verification biological information using SAM device decryption identity
Prove the target biometric information that literary information searching obtains with identity-based, identity card cipher-text information, biological information and
Identity card cleartext information is that application server is obtained using public key decryptions ciphertext.It can be seen that the electronic signature equipment passes through
Built-in safety chip realizes the authentication of equipment holder, is equivalent to the power for demonstrating and whether having verifying client identity
Limit has standardized the use of electronic signature equipment verifying client identity;Client is obtained by NFC chip and physical characteristics collecting module
Identity card cleartext information, using safety chip be encrypted to ciphertext after identity card cipher-text information and biological information, pass through base
Ciphertext and positioning address directly can be sent to application server and carry out client identity verifying by microarray strip, to realize client identity
The remote validation of information " testimony of a witness unification ", it is therefore prevented that ID card information is stolen and hidden safely using false identities card bring
Suffer from, and reduces the risk that information is illegally accessed.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to required in the embodiment of the present application description
Attached drawing to be used is briefly described, it should be apparent that, the accompanying drawings in the following description is only more as described in this application
Embodiment for those of ordinary skill in the art without creative efforts, can also be attached according to these
Figure obtains other attached drawings.
Fig. 1 is a kind of structural schematic diagram of electronic signature equipment provided by the embodiments of the present application;
Fig. 2 is the structural schematic diagram of another electronic signature equipment provided by the embodiments of the present application;
Fig. 3 is the structural schematic diagram of another electronic signature equipment provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of authentication system provided by the embodiments of the present application.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application
Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only this
Apply for a part of the embodiment, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art exist
Every other embodiment obtained under the premise of creative work is not made, shall fall in the protection scope of this application.
Inventor has found that in daily life, for example, opening a bank account, buying ticket, hospital sees a doctor, password
It gives for change, it is desirable to provide when user identity demonstrate,proves information to prove that user identity is legal, generally by input user identity card number
Whether information is legal according to user identity card information inquiry user identity, or is based on applying for electronic using electronic signature equipment
The digital certificate obtained when signature device completes people's identity information and carries out personally identifiable information certification, wherein electronic signature equipment
It is bound with subscriber identity information.But since identification card number information relatively discloses, only by input identification card number information cannot
It realizes testimony of a witness unification, there is the security risk for usurping identity card or identity card falseness;Electronic signature equipment is although convenient and efficient,
Can be only capable of to applicant carry out identity authentication function it is single, cause application scenarios limited, frequency of usage is lower, is not suitable for verifying
The application scenarios of other people identity informations.
In order to solve this problem, in the embodiment of the present application, electronic signature equipment includes safety chip, near radio
Communicate NFC chip, physical characteristics collecting module and baseband chip;NFC chip is connect with safety chip, physical characteristics collecting module
It is connect with safety chip, safety chip is connect with baseband chip;If the authentication of own user passes through, the identity of client is obtained
Demonstrate,prove cleartext information, identity card cipher-text information and biological information;Encryption is carried out using private key and generates ciphertext, and positioning obtains current
Current address and ciphertext are sent to application server and carry out client identity verifying, and receive the feedback of application server by address
Information, client identity verifying, which refers to, demonstrate,proves cipher-text information using SAM device decryption identity, if successful decryption, contrast verification biology is special
Reference breath and identity-based prove the target biometric information that literary information searching obtains, identity card cipher-text information, biological characteristic
Information and identity card cleartext information are that application server is obtained using public key decryptions ciphertext.It can be seen that the electronic signature is set
The standby authentication that equipment holder is realized by built-in safety chip is equivalent to and demonstrates whether have verifying client's body
The permission of part has standardized the use of electronic signature equipment verifying client identity;It is obtained by NFC chip and physical characteristics collecting module
Be encrypted to ciphertext using safety chip after the identity card cleartext information of client, identity card cipher-text information and biological information,
Ciphertext and positioning address directly can be sent to application server by baseband chip and carry out client identity verifying, to realize visitor
The remote validation of family identity information " testimony of a witness unification ", it is therefore prevented that ID card information is stolen and is pacified using false identities card bring
Full hidden danger, and reduce the risk that information is illegally accessed.
With reference to the accompanying drawing, electronic signature equipment and authentication in the embodiment of the present application are described in detail by embodiment
The specific implementation of system.
Example devices
Referring to Fig. 1, a kind of structural schematic diagram of electronic signature equipment in the embodiment of the present application is shown.In the present embodiment
In, the electronic signature equipment for example may include the following contents:
Safety chip 101, close range wireless communication NFC chip 102, physical characteristics collecting module 103 and baseband chip
104;The NFC chip 102 is connect with the safety chip 101, the physical characteristics collecting module 103 and the safety chip
101 connections, the safety chip 101 are connect with the baseband chip 104;
The safety chip 101, if certification passes through, obtains client identity and recognizes for carrying out the authentication of own user
Demonstrate,prove permission;
The NFC chip 102, for reading the identity card cleartext information and identity card cipher-text information that obtain client;
The physical characteristics collecting module 103 obtains the biological information of client for identification;
The safety chip 101 is also used to utilize private key by the identity card cleartext information, the identity card cipher-text information
Encryption, which is carried out, with the biological information generates ciphertext;
The baseband chip 104 carries out client identity verifying for the ciphertext to be sent to application server, receives institute
The feedback information of application server is stated, and positions acquisition current address and is sent to the application server, the client identity is tested
Card, which refers to, decrypts the identity card cipher-text information using SAM device, if successful decryption, biological information described in contrast verification and
Based on the target biometric information that the identity card plaintext information searching obtains, the identity card cipher-text information, the biology
Characteristic information and the identity card cleartext information are that the application server is obtained using ciphertext described in public key decryptions.
It is understood that electronic signature equipment carries out the technology of the authentication of own user using safety chip 101
Identical as existing electronic signature equipment identity identifying technology, details are not described herein, only when the authentication of own user passes through
When, it can just think own user, that is, holding the user of electronic signature equipment is legal, the characteristic based on the user, Ke Yishou
Give the user obtain other people i.e. client identity information carry out authentication permission.
It will also be appreciated that baseband chip 104 can directly and server carries out information exchange, therefore, in this implementation
In example, user terminal is not needed as intermediate equipment, electronic signature equipment passes through baseband chip 104 can directly and application service
Device is communicated, and device resource is saved.
It should be noted that it is common it is portable be both Internet of Things but also with the equipment of digital name certificate containing baseband chip
Net shield.Therefore, in some embodiments of the present embodiment, the electronic signature equipment for example can be Internet of Things shield.
Certainly, baseband chip 104 is also equipped with the function of positioning, can directly position and obtain current address, it is contemplated that
When reading the identity card cleartext information and identity card cipher-text information that obtain client, it should the notice affiliated people of identity card in time, therefore,
Current address is sent to application server in company with ciphertext together, so that application server finds the end of the affiliated people of identity card
End, the address for notifying identity card to be read in time prevent ID card information stolen the case where bringing security risk.
It should be noted that the affiliated people of identity card wishes that clearly more identity cards are read other than obtaining current address
The case where taking, for example, the time that identity card is read, identity card be read after application.Therefore, in some realities of the present embodiment
It applies in mode, the baseband chip 104 is also used to obtain current time and/or applied business is sent to the application server.
It is understood that identification obtain client biological information purpose be in order to verify identity card holder and
Whether the affiliated people of identity card is consistent, to realize that " testimony of a witness unification " is verified, avoids ID card information from being stolen bring hidden safely
Suffer from.Then the biological information should be the unique biological information of client, and the common unique mankind being easily obtained are raw
Object feature has fingerprint, sound, original handwriting and iris etc..Therefore, in some embodiments of the present embodiment, the biological characteristic letter
Breath includes finger print information, voiceprint, original handwriting information and/or iris information.
It should be noted that carrying out client's body by baseband chip 104 and application server communication in electronic signature equipment
After part verifying, electronic signature equipment needs to know the verification result of client identity, therefore, a display module can be set, and shows
Show the verification result of the client identity of application server feedback.The structural representation of another electronic signature equipment as shown in Figure 2
Figure, increases display module 201, the display module 201 is connect with the safety chip 101 on the basis of Fig. 1, that is,
In some embodiments of the present embodiment, the electronic signature equipment further includes display module 201, the display module 201 with
The safety chip 101 connects;The display module 201, for showing the feedback information of the application server.
It should be noted that in the authentication for completing own user, after certification is by obtaining client identity certification permission,
Client identity verifying is carried out using the electronic signature equipment in order to facilitate user, can use under above-mentioned display module prompt user
One step uses the process of the electronic signature equipment, so that user is according to the content of the clear next step of prompt information.Therefore, in this reality
Apply in some embodiments of example, the display module 201 be also used to show read the client identity card cleartext information and
The prompt information of identity card cipher-text information;And/or display identifies the prompt information of the biological information of the client.
It should be noted that after electronic signature equipment powers on, based on subsequent demand firstly the need of progress own user
Authentication, that is, the authentication of electronic signature equipment holder, for example, when handling certain business using user terminal
Firstly the need of the authentication for carrying out own user, user terminal communicated with application server, application server again with electricity
Sub- signature device communication informs that electronic signature equipment carries out the authentication of own user.The certification when is triggered in order to clear,
The key connecting with safety chip 101 can be increased in electronic signature equipment, the operation of the key is pressed in response to user, touched
It sends out the safety chip 101 built in electronic signature equipment and starts its function.Therefore, in some embodiments of the present embodiment
In, it further include key, the key is connect with the safety chip 101;The key for start the safety chip 101 into
The authentication of row own user.
It should also be noted that, application server and electronic signature equipment are logical after the authentication of own user passes through
Letter informs that electronic signature equipment carries out client identity verifying, that is, electronic signature equipment needs to read the proof of identification for obtaining client
Literary information and identity card cipher-text information, and identify the biological information for obtaining client.Due to safety chip 101 and NFC chip
102 connections, the operation of the key is pressed in response to user, and the NFC chip 102 that can also trigger electronic signature equipment starts its function
It can effect.That is, in some embodiments of the present embodiment, the key is also used to start the reading of NFC chip 102 and obtains
Obtain the identity card cleartext information and identity card cipher-text information of client.
It can similarly obtain, since safety chip 101 is connect with physical characteristics collecting module 103, press this in response to user and press
The operation of key, the physical characteristics collecting module 103 that can also trigger electronic signature equipment start its function.Therefore, at this
In some embodiments of embodiment, the key 301 is also connect with the physical characteristics collecting module 103;The key, also
The biological information of client is obtained for starting the identification of physical characteristics collecting module 103.
For example, the structural schematic diagram of another electronic signature equipment as shown in Figure 3, increased on the basis of Fig. 1 by
Key 301, the key 301 are connect with the safety chip 101.
For example, the embodiment of the present application can be applied in following scene: user is financial institution employee, the user hand
Above-mentioned electronic signature equipment is held, there is the digital certificate of the user inside the equipment, which only needs to carry above-mentioned electronics label
Name equipment, which can be completed, certain specifically makes house calls.The user utilizes the built-in security chip 101 of the electronic signature equipment
Carry out the authentication of own user;If certification passes through, client is obtained using NFC chip 102 and physical characteristics collecting module 103
Identity card cleartext information, identity card cipher-text information and biological information;And it is encrypted using the private key of safety chip 101
Ciphertext is generated, acquisition current address is positioned by baseband chip 104 and is sent to application server progress client identity in company with ciphertext
Verifying, and receive the feedback information of application server.Application server is close using the identity card that ciphertext described in public key decryptions obtains
Literary information, biological information and identity card cleartext information;SAM device is recycled to decrypt the identity card cipher-text information;According to
The corresponding target terminal mark of identity card plaintext information searching, sends the current address to the target terminal.If SAM device
Successful decryption, biological information described in application server contrast verification and is obtained based on the identity card plaintext information searching
Target biometric information.When client identity is verified, can carry out credit card handle, stock, financing, security it is open-minded
Etc. business.
It is understood that above-mentioned scene is only a Sample Scenario provided by the embodiments of the present application, the embodiment of the present application
It is not limited to this scene.
The various embodiments provided through this embodiment, electronic signature equipment include that safety chip, near radio are logical
Interrogate NFC chip, physical characteristics collecting module and baseband chip;NFC chip is connect with safety chip, physical characteristics collecting module with
Safety chip connection, safety chip are connect with baseband chip;If the authentication of own user passes through, the identity card of client is obtained
Cleartext information, identity card cipher-text information and biological information;Encryption is carried out using private key and generates ciphertext, and positioning obtains current position
Current address and ciphertext are sent to application server and carry out client identity verifying, and receive the feedback letter of application server by location
Breath, client identity verifying, which refers to, demonstrate,proves cipher-text information, if successful decryption, contrast verification biological characteristic using SAM device decryption identity
Information and identity-based prove the target biometric information that literary information searching obtains, identity card cipher-text information, biological characteristic letter
Breath and identity card cleartext information are that application server is obtained using public key decryptions ciphertext.It can be seen that the electronic signature equipment
The authentication that equipment holder is realized by built-in safety chip is equivalent to and demonstrates whether have verifying client identity
Permission, standardized electronic signature equipment verifying client identity use;It is obtained by NFC chip and physical characteristics collecting module
After the identity card cleartext information of client, identity card cipher-text information and biological information, it can be directly transmitted by baseband chip
Client identity verifying is carried out to application server, to realize the remote validation of client identity information " testimony of a witness unification ", it is therefore prevented that body
Part card information is stolen and demonstrate,proves bring security risk using false identities, and reduces the risk that information is illegally accessed.
Exemplary system
Referring to fig. 4, a kind of structural schematic diagram of authentication system in the embodiment of the present application is shown.In the present embodiment
In, the system for example can specifically include:
Any one electronic signature equipment 401, application server 402, SAM device 403 and public affairs in foregoing individual embodiments
Pacify server 404;
The electronic signature equipment 401, if certification passes through, obtains client's for carrying out the authentication of own user
Identity card cleartext information, identity card cipher-text information and biological information carry out encryption using private key and generate ciphertext, will be described close
Text is sent to the application server 402 and carries out client identity verifying, receives the feedback information of the application server 402, and
Positioning obtains current address and is sent to the application server 402;
The application server 402 obtains identity card letter in plain text for the ciphertext to be decrypted using public key
Breath, the identity card cipher-text information and the biological information, are sent to the SAM device for the identity card cipher-text information
403 and the feedback information of the SAM device 403 is received, also according to the corresponding target terminal of the identity card plaintext information searching
Mark sends the current address to the target terminal;
The SAM device 403 is sent to the application clothes for decrypting the identity card cipher-text information acquisition decrypted result
Business device 402;
The application server 402, if the feedback information for being also used to the SAM device 403 is successful decryption, by the body
Part card cleartext information is sent to the public security server 404 and obtains target biometric information, biological characteristic described in contrast verification
Information and target biometric information, and transmit verification result to the electronic signature equipment 401;
The public security server 404, for obtaining target biometric information according to the identity card plaintext information searching.
If then decrypted result is to be decrypted into it is understood that SAM device 403 can demonstrate,prove cipher-text information with decryption identity
Function feeds back to application server 402, and indicating that electronic signature equipment 401 reads the identity card cipher-text information obtained is true identity
The cipher-text information of card.In the case, application server 402 needs to verify the fingerprint letter that the identification of electronic signature equipment 401 obtains
Whether breath is consistent with the pre-stored finger print information of the real identity card, realizes " testimony of a witness unification " verifying, avoids customer's identity card
Information is stolen.
It should be noted that if being that SAM device 403 is unable to decryption identity card cipher-text information, then decrypted result is that decryption is lost
It loses and feeds back to application server 402, indicating that electronic signature equipment 401 reads the identity card cipher-text information obtained is that there are problems
, that is, the identity card cipher-text information may be the cipher-text information of false identities card.In the case, application server 402 is not required to
Finger print information is verified again, decryption is unsuccessfully directly fed back into electronic signature equipment 401, so that electronic signature equipment 401 is timely
Specifying client uses false identities to demonstrate,prove.Therefore, in some embodiments of the present embodiment, the application server is also used
If being decryption failure in the feedback information of the SAM device 403, the feedback information of the SAM device 403 is directly sent to institute
State electronic signature equipment 401.
It should be noted that SAM device 403 either self-existent, is also possible to be integrated in application server 403
On.
It is understood that baseband chip built in electronic signature equipment 401, and baseband chip has the function of positioning, it can
Current address is obtained directly to position, it is contemplated that the identity card cleartext information and identity card cipher-text information for obtaining client are being read,
The affiliated people of identity card should be notified in time.Therefore, current address is sent to application server 401 in company with ciphertext together, so as to
Application server 402 finds the address that the terminal of the affiliated people of identity card notifies identity card to be read in time, and identity card is avoided to believe
Cease stolen bring security risk.
It should be noted that the affiliated people of identity card wishes that clearly more identity cards are read other than obtaining current address
The case where taking, for example, the time that identity card is read, identity card be read after application.Therefore, in some realities of the present embodiment
It applies in mode, the electronic signature equipment 401 is also used to obtain current time and/or applied business is sent to the application service
Device 402;Accordingly, the application server 402 is also used to send the current time and/or application to the target terminal
Business.
It should be noted that may be used also after according to the corresponding target terminal mark of the identity card plaintext information searching
To be verified with random verification code and realize " testimony of a witness unification " by sending random verification code to the target terminal of the affiliated people of identity card,
ID card information is avoided to be stolen bring security risk.Therefore, in some embodiments of the present embodiment, the application clothes
Business device 402 is also used to send random verification code to the target terminal.
The various embodiments provided through this embodiment, the identity that electronic signature equipment realizes equipment holder are recognized
Card is equivalent to the permission for demonstrating and whether having verifying client identity, has standardized making for electronic signature equipment verifying client identity
With;By identity card cleartext information, identity card cipher-text information and the biological information of acquisition client, current address is positioned, then
Encryption is carried out using private key and generates ciphertext, and ciphertext and current address are sent directly to application server progress client identity and tested
Card.After application server decrypts ciphertext, identity card cipher-text information authenticity verification is carried out using SAM device, to corresponding proof of identification
The target terminal of literary information sends the current address, and identity-based proves that literary use of information public security server carries out fingerprint inspection
Card notifies the affiliated people's identity card of identity card to read address in time to realize the remote validation of client identity information " testimony of a witness unification ",
It prevents ID card information stolen and demonstrate,proves bring security risk using false identities, and reduce what information was illegally accessed
Risk.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other
The difference of embodiment, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment
For, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is said referring to method part
It is bright.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond scope of the present application.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.The terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or equipment for including a series of elements not only includes those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including institute
State in the process, method, article or equipment of element that there is also other identical elements.
The above is only the preferred embodiment of the application, not makes any form of restriction to the application.Though
Right the application has been disclosed in a preferred embodiment above, however is not limited to the application.It is any to be familiar with those skilled in the art
Member, in the case where not departing from technical scheme ambit, all using the methods and technical content of the disclosure above to the application
Technical solution makes many possible changes and modifications or equivalent example modified to equivalent change.Therefore, it is all without departing from
The content of technical scheme, any simple modification made to the above embodiment of the technical spirit of foundation the application are equal
Variation and modification, still fall within technical scheme protection in the range of.
Claims (11)
1. a kind of electronic signature equipment characterized by comprising safety chip, close range wireless communication NFC chip, biology are special
Levy acquisition module and baseband chip;The NFC chip is connect with the safety chip, the physical characteristics collecting module with it is described
Safety chip connection, the safety chip are connect with the baseband chip;
The safety chip, if certification passes through, obtains client identity and authenticates permission for carrying out the authentication of own user;
The NFC chip, for reading the identity card cleartext information and identity card cipher-text information that obtain client;
The physical characteristics collecting module obtains the biological information of client for identification;
The safety chip is also used to the identity card cleartext information, the identity card cipher-text information and described using private key
Biological information carries out encryption and generates ciphertext;
The baseband chip carries out client identity verifying for the ciphertext to be sent to application server, receives the application
The feedback information of server, and position acquisition current address and be sent to the application server, the client identity verifying refers to
The identity card cipher-text information is decrypted using SAM device, if successful decryption, biological information described in contrast verification and is based on institute
State the target biometric information of identity card plaintext information searching acquisition, the identity card cipher-text information, biological characteristic letter
Breath and the identity card cleartext information are that the application server is obtained using ciphertext described in public key decryptions.
2. electronic signature equipment according to claim 1, which is characterized in that the electronic signature equipment is Internet of Things shield.
3. electronic signature equipment according to claim 1, which is characterized in that when the baseband chip is also used to obtain current
Between and/or applied business be sent to the application server.
4. electronic signature equipment according to claim 1, which is characterized in that the biological characteristic includes finger print information, sound
Sound, original handwriting and/or iris.
5. electronic signature equipment according to claim 1, which is characterized in that it further include display module, the display module
It is connect with the safety chip;
The display module, for showing the feedback information of the application server.
6. electronic signature equipment according to claim 5, which is characterized in that the display module, which is also used to show, reads institute
State the identity card cleartext information of client and the prompt information of identity card cipher-text information;And/or display identifies the biology of the client
The prompt information of characteristic information.
7. electronic signature equipment according to claim 1, which is characterized in that it further include key, the key and the peace
Full chip connection, the key are used to start the authentication that the safety chip carries out own user;And/or
The key is used to start the NFC chip and reads the identity card cleartext information and identity card cipher-text information for obtaining client;
And/or
The key is used to start the biological information that the physical characteristics collecting module identification obtains client.
8. a kind of system of authentication characterized by comprising the described in any item electronic signature equipments of claim 1-7,
Application server, SAM device and public security server;
The electronic signature equipment, if certification passes through, obtains the proof of identification of client for carrying out the authentication of own user
Literary information, identity card cipher-text information and biological information carry out encryption using private key and generate ciphertext, the ciphertext is sent to
Application server carries out client identity verifying, receives the feedback information of the application server, and positions and obtain current address hair
Give the application server;
The application server obtains the identity card cleartext information, described for the ciphertext to be decrypted using public key
The identity card cipher-text information is sent to the SAM device and received by identity card cipher-text information and the biological information
The feedback information of the SAM device is identified also according to the corresponding target terminal of the identity card plaintext information searching, to the mesh
It marks terminal and sends the current address;
The SAM device is sent to the application server for decrypting the identity card cipher-text information acquisition decrypted result;
The application server believes the identity card if the feedback information for being also used to the SAM device is successful decryption in plain text
Breath is sent to the public security server and obtains target biometric information, biological information and target organism described in contrast verification
Characteristic information, and transmit verification result to the electronic signature equipment;
The public security server, for obtaining target biometric information according to the identity card plaintext information searching.
9. system according to claim 8, which is characterized in that the electronic signature equipment is also used to obtain current time
And/or applied business is sent to the application server;
Accordingly, the application server is also used to send the current time and/or applied business to the target terminal.
10. system according to claim 8, which is characterized in that if the application server is also used to the SAM device
Feedback information is decryption failure, and the feedback information of the SAM device is directly sent to the electronic signature equipment.
11. system according to claim 8, which is characterized in that the application server is also used to the target terminal
Send random verification code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201820817867.XU CN208190680U (en) | 2018-05-29 | 2018-05-29 | A kind of electronic signature equipment and authentication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201820817867.XU CN208190680U (en) | 2018-05-29 | 2018-05-29 | A kind of electronic signature equipment and authentication system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN208190680U true CN208190680U (en) | 2018-12-04 |
Family
ID=64428886
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201820817867.XU Active CN208190680U (en) | 2018-05-29 | 2018-05-29 | A kind of electronic signature equipment and authentication system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN208190680U (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112906416A (en) * | 2021-03-25 | 2021-06-04 | 紫光国芯微电子股份有限公司 | Safe communication module and safe communication method |
-
2018
- 2018-05-29 CN CN201820817867.XU patent/CN208190680U/en active Active
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112906416A (en) * | 2021-03-25 | 2021-06-04 | 紫光国芯微电子股份有限公司 | Safe communication module and safe communication method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9900309B2 (en) | Methods for using digital seals for non-repudiation of attestations | |
KR101460934B1 (en) | Privacy enhanced identity scheme using an un-linkable identifier | |
CN105429760B (en) | A kind of auth method and system of the digital certificate based on TEE | |
US8689287B2 (en) | Federated credentialing system and method | |
CN103679436B (en) | A kind of electronic contract security system and method based on biological information identification | |
US8468355B2 (en) | Multi-dimensional credentialing using veiled certificates | |
Taherdoost et al. | Smart card security; Technology and adoption | |
CN108462725A (en) | A kind of electronic signature equipment, auth method and system | |
CN104321777B (en) | Public identifier is generated to verify the personal method for carrying identification object | |
CN107231331A (en) | Obtain, issue the implementation method and device of electronic certificate | |
KR20140108749A (en) | Apparatus for generating privacy-protecting document authentication information and method of privacy-protecting document authentication using the same | |
JP2007200367A (en) | System for providing biometrics individual confirmation service | |
CN108769011A (en) | A kind of electronic signature equipment, auth method and system | |
CN208190680U (en) | A kind of electronic signature equipment and authentication system | |
CN208754328U (en) | A kind of electronic signature equipment and authentication system | |
US20070162402A1 (en) | Securing of electronic transactions | |
US20200204377A1 (en) | Digital notarization station that uses a biometric identification service | |
Al-Khouri et al. | Digital identities and the promise of the technology trio: PKI, smart cards, and biometrics | |
Najera et al. | Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents. | |
Fiebig | Identity in the age of social networks and digitalisation | |
Alliance | Strong authentication using smart card technology for logical access | |
Sedaghat et al. | The management of citizen identity in electronic government | |
Chawdhry et al. | Use of epassport for identity management in network-based citizen-life processes | |
Pettersson et al. | Ensuring integrity with fingerprint verification | |
Kiat et al. | Analysis Of OPACITY And PLAID Protocols For Contactless Smart Cards |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GR01 | Patent grant | ||
GR01 | Patent grant |