TW201729562A - Server, mobile terminal, and internet real name authentication system and method - Google Patents

Server, mobile terminal, and internet real name authentication system and method Download PDF

Info

Publication number
TW201729562A
TW201729562A TW105135513A TW105135513A TW201729562A TW 201729562 A TW201729562 A TW 201729562A TW 105135513 A TW105135513 A TW 105135513A TW 105135513 A TW105135513 A TW 105135513A TW 201729562 A TW201729562 A TW 201729562A
Authority
TW
Taiwan
Prior art keywords
smart card
user
server
digital signature
authentication
Prior art date
Application number
TW105135513A
Other languages
Chinese (zh)
Other versions
TWI632798B (en
Inventor
李又彬
Original Assignee
國民技術股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國民技術股份有限公司 filed Critical 國民技術股份有限公司
Publication of TW201729562A publication Critical patent/TW201729562A/en
Application granted granted Critical
Publication of TWI632798B publication Critical patent/TWI632798B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Abstract

Disclosed are an internet real name authentication server, a mobile terminal, and a smart card-based internet real name authentication system and method. The system comprises: an authentication center, which registers identity information of users and is capable of authenticating an identity of a user; a mobile terminal, which supports a Bluetooth function and is installed with a smart card and client software, the smart card having a hardware ID, supports a Bluetooth function, and is used for storing digital identity information of users to perform digital signing, and the client software is used for providing a human-machine interface, obtaining a digital signature of the smart card, receiving smart card transmission information, and transmitting the information to a server for authenticating; and a server, used for receiving information sent by the client software and sends the received information to the authentication center for identity confirmation and authentication, so as to determine whether to allow the user to use a internet service. The present invention effectively overcomes the technical disadvantages of low security and operating difficulty that exist in the existing internet real name authentication.

Description

伺服器、行動終端機、網路實名認證系統及方法 Server, mobile terminal, network real name authentication system and method

本發明關於網路實名認證技術,更具體地,關於一種網路實名認證伺服器、行動終端機、基於智慧卡的網路實名認證系統及方法。 The invention relates to a network real-name authentication technology, and more particularly to a network real-name authentication server, a mobile terminal, a smart card-based network real-name authentication system and method.

隨著行動互聯網的迅速普及,行動互聯網已經深入到我們的生活當中,並且成為我們生活中不可或缺的一部分。但是隨著行動互聯網的迅速普及,利用行動互聯網匿名性的各種犯罪層出不窮,例如包括散佈各種謠言、發佈各種違法言論、盜取他人資訊等。 With the rapid spread of the mobile Internet, the mobile Internet has penetrated into our lives and has become an indispensable part of our lives. However, with the rapid spread of the mobile Internet, various crimes using the anonymity of the mobile Internet have emerged, including, for example, spreading various rumors, publishing various illegal speeches, and stealing other people's information.

為了解決上述行動互聯網帶來的弊端,最好的解決方案是實施行動互聯網實名制認證。雖然我國近期也提出了一些相關的法律法規來規範網路實名制,如《互聯網資訊服務管理辦法》、《非經營性互聯網資訊服務備案管理辦法》,但是落實到實施層面,往往還是採用傳統的核對身份證號碼和姓名是否一致的方式。為了躲避行動互聯網實名制認證,不法分子可以利用他人的身份證和姓名,甚至還有身份證號碼生成器等技術手段。 In order to solve the shortcomings of the above-mentioned mobile Internet, the best solution is to implement mobile Internet real-name authentication. Although China has recently proposed some relevant laws and regulations to regulate the real-name system of the Internet, such as the "Internet Information Services Management Measures" and "Non-operating Internet Information Services Filing Management Measures", but at the implementation level, often still use the traditional check The way the ID number and name are the same. In order to evade the real-name authentication of mobile Internet, criminals can use other people's ID cards and names, and even ID card generators and other technical means.

因此,如何解決上述問題,提高行動互聯網實名制認證的可靠性,找到一種安全性高、易於普及和操作的網路實名制認證實施方法,是目前亟待解決的問題。 Therefore, how to solve the above problems, improve the reliability of mobile Internet real-name authentication, and find a safe, easy-to-popular and operational network real-name authentication implementation method is an urgent problem to be solved.

本發明提出了一種基於智慧卡的網路強實名認證的系統及方法,該系統包括網路實名認證伺服器和行動終端機。本發明能夠提高網路實名認證的可靠性。 The invention provides a system and a method for authenticating a network based on a smart card, the system comprising a network real name authentication server and an action terminal. The invention can improve the reliability of the network real name authentication.

根據本發明的一個方面,本發明提供了一種基於智慧卡的網路實名認證系統,該系統包括:認證中心,其登記有該用戶的身份資訊,並能夠對該用戶的身份進行驗證;行動終端機,其支援藍牙功能,並安裝有該智慧卡和客戶端軟體;該智慧卡具有硬體ID,支援藍牙功能,用於存儲用戶的數位身份資訊,進行數位簽章;該客戶端軟體用於提供人機交互介面,通過藍牙連接到該智慧卡,以獲取該智慧卡的數位簽章,接收該智慧卡傳輸的數位簽章和該智慧卡的硬體ID,並將用戶名、密碼、數位簽章和智慧卡硬體ID傳輸給伺服器進行鑒權;以及伺服器,其用於接收該客戶端軟體發送的資訊並將接收到的資訊發送給該認證中心進行身份確認,並且在用戶身份確認的情況下根據用戶輸入的用戶名和密碼進行鑒權,以確定是否允許該用戶使用網路服務。 According to an aspect of the present invention, the present invention provides a smart card-based network real-name authentication system, the system comprising: an authentication center, which registers identity information of the user, and is capable of verifying the identity of the user; The machine supports the Bluetooth function and is installed with the smart card and the client software; the smart card has a hardware ID, supports the Bluetooth function, and is used for storing the user's digital identity information and performing digital signature; the client software is used for Providing a human-machine interaction interface, connecting to the smart card via Bluetooth to obtain a digital signature of the smart card, receiving the digital signature transmitted by the smart card and the hardware ID of the smart card, and the user name, password, digit The signature and smart card hardware ID are transmitted to the server for authentication; and the server is configured to receive the information sent by the client software and send the received information to the authentication center for identity confirmation, and the identity of the user In the case of confirmation, the user name and password entered by the user are authenticated to determine whether the user is allowed to use the network service.

根據本發明的一個實施例,該系統還包括接入前置單元,該接入前置單元用於為該認證中心和該伺服器提供網路接入服務和網路存取控制服務。 According to an embodiment of the invention, the system further includes an access pre-unit for providing network access service and network access control service for the authentication center and the server.

本發明還提供了一種網路實名認證伺服器,其用於為行動終端機的用戶提供登錄及增值服務。 The invention also provides a network real-name authentication server for providing login and value-added services for users of mobile terminals.

該網路實名認證伺服器接收從該行動終端機發來的資 訊,並將該資訊發給認證中心進行身份確認,並在用戶身份確認的情況下根據用戶輸入的用戶名和密碼進行鑒權,以確定是否允許該用戶使用網路服務。 The network real name authentication server receives the funds sent from the mobile terminal The information is sent to the certificate authority for identity verification, and the user name and password entered by the user are authenticated in the case of user identity confirmation to determine whether the user is allowed to use the network service.

該認證中心登記有該用戶的身份資訊,並能夠對該用戶的身份進行驗證。 The certificate authority registers the identity information of the user and can verify the identity of the user.

根據本發明的一個實施例,該行動終端機支援藍牙功能,並安裝有:智慧卡,其具有硬體ID,支援藍牙功能,用於存儲用戶的數位身份資訊,進行數位簽章;客戶端軟體,其用於提供人機交互介面,能夠通過藍牙連接到該智慧卡,以獲取該智慧卡的數位簽章,接收該智慧卡傳輸的數位簽章和該智慧卡的硬體ID,並將用戶名、密碼、數位簽章和硬體ID傳輸給該伺服器。 According to an embodiment of the present invention, the mobile terminal supports the Bluetooth function, and is installed with: a smart card, which has a hardware ID, supports a Bluetooth function, and is used for storing digital identity information of the user, and performs digital signature; client software The utility model is configured to provide a human-computer interaction interface, can connect to the smart card through Bluetooth, obtain a digital signature of the smart card, receive the digital signature transmitted by the smart card, and the hardware ID of the smart card, and The name, password, digital signature and hardware ID are transmitted to the server.

本發明還提供了一種行動終端機,該行動終端機支援藍牙功能,並安裝有:智慧卡,其支援藍牙功能,存儲有用戶的數位身份資訊,並且可以進行數位簽章,且具有唯一的硬體ID;客戶端軟體,其用於提供人機交互介面,能夠通過藍牙連接到該智慧卡,以獲取該智慧卡的數位簽章,接收該智慧卡傳輸的數位簽章和該智慧卡的硬體ID,並將用戶名、密碼、數位簽章和智慧卡硬體ID傳輸給伺服器進行鑒權,以確定是否允許該用戶使用網路服務。 The invention also provides a mobile terminal device, which supports the Bluetooth function and is equipped with a smart card, which supports the Bluetooth function, stores the digital identity information of the user, and can perform digital signature and has a unique hard a client software for providing a human-machine interaction interface, capable of connecting to the smart card via Bluetooth to obtain a digital signature of the smart card, receiving the digital signature transmitted by the smart card and the hard card of the smart card The body ID, and the user name, password, digital signature and smart card hardware ID are transmitted to the server for authentication to determine whether the user is allowed to use the network service.

本發明還提供了一種基於智慧卡的網路實名認證方法,該智慧卡具有硬體ID,存儲有用戶的數位身份資訊,進行數位簽章;該方法包括:登錄行動終端機,建立該智慧卡與客戶端軟體之間的藍牙連接;該智慧卡接收該客戶 端軟體發送的用戶名,對該用戶名進行數位簽章,並將該數位簽章和該硬體ID返回給該客戶端軟體;該客戶端軟體將該用戶名、該密碼、該數位簽章和該硬體ID發送給伺服器進行鑒權;該伺服器將該用戶名、該數位簽章和該硬體ID發送給登記有用戶身份資訊的認證中心進行身份驗證;在身份驗證通過的情況下,該伺服器對該用戶進行鑒權處理以確定是否允許該用戶使用網路服務。 The invention also provides a smart card-based network real-name authentication method, the smart card has a hardware ID, stores the user's digital identity information, and performs digital signature; the method includes: logging in the mobile terminal, establishing the smart card Bluetooth connection with the client software; the smart card receives the client The user name sent by the end software, digitally signing the user name, and returning the digital signature and the hardware ID to the client software; the client software signs the user name, the password, and the digit And the hardware ID is sent to the server for authentication; the server sends the user name, the digital signature and the hardware ID to the authentication center registered with the user identity information for identity verification; when the identity verification is passed Next, the server authenticates the user to determine whether the user is allowed to use the network service.

根據本發明的一個實施例,該認證中心收到該伺服器發送的資訊後,該認證中心根據該硬體ID驗證該智慧卡的狀態並找到該用戶的數位簽章公開金鑰。 According to an embodiment of the present invention, after the authentication center receives the information sent by the server, the authentication center verifies the status of the smart card according to the hardware ID and finds the digital signature public key of the user.

如果該智慧卡狀態正常,則使用該用戶的數位簽章公開金鑰對該數位簽章資訊進行解密,否則,返回提示資訊給該伺服器,並將解密後得到的資訊與該用戶名進行比對。 If the smart card is in a normal state, the digital signature of the user is used to decrypt the digital signature information. Otherwise, the prompt information is returned to the server, and the information obtained after decryption is compared with the username. Correct.

如果相同,則用戶身份合法,否則用戶身份非法,並將結果返回給該伺服器。 If they are the same, the user identity is legal, otherwise the user identity is illegal and the result is returned to the server.

如上所述,在本發明的技術方案中,通過使用帶有藍牙功能的智慧卡進行實名認證,有效解決了目前傳統實名認證存在的安全性低、不易操作的技術弊端,並且能夠應用於手機銀行、手機證券和行動電子商務等行動服務領域,特別是行動互聯網的實名認證。 As described above, in the technical solution of the present invention, by using a smart card with a Bluetooth function for real-name authentication, the technical drawbacks of the current low-security and difficult operation of the traditional real-name authentication are effectively solved, and can be applied to mobile banking. Mobile services such as mobile securities and mobile e-commerce, especially the real-name authentication of the mobile Internet.

圖1是根據本發明的基於智慧卡的網路實名認證的方法的流程圖。 1 is a flow chart of a method for smart card based network real name authentication in accordance with the present invention.

圖2是根據本發明的基於智慧卡的網路實名認證的系 統的框圖。 2 is a smart card-based network real-name authentication system according to the present invention. The block diagram of the system.

圖3是根據本發明實施例的基於智慧卡的網路實名認證的系統的示意圖。 3 is a schematic diagram of a system for smart card-based network real-name authentication according to an embodiment of the present invention.

圖4是根據本發明實施例的基於智慧卡的網路實名認證的方法的流程圖。 4 is a flow chart of a smart card based network real name authentication method in accordance with an embodiment of the present invention.

為了解決傳統行動互聯網實名制認證存在的技術弊端,本發明提供了一種安全性高、易於普及和操作的基於智慧卡的網路實名的認證方法,這裡的智慧卡是指適用於行動終端機的智慧卡。 In order to solve the technical drawbacks of the traditional mobile Internet real-name authentication, the present invention provides a smart card-based network real-name authentication method with high security, easy to popularize and operate, and the smart card here refers to the wisdom applicable to the mobile terminal. card.

以下結合圖式詳細描述本發明的實施例。 Embodiments of the present invention are described in detail below with reference to the drawings.

圖1是根據本發明的基於智慧卡的網路實名認證的方法的流程圖。 1 is a flow chart of a method for smart card based network real name authentication in accordance with the present invention.

如圖1所示,該方法包括以下:用戶在認證中心註冊登記個人資訊;認證中心將智慧卡硬體ID與個人資訊相關聯;用戶使用行動終端機建立智慧卡與客戶端軟體之間的藍牙連接;智慧卡對客戶端軟體發送的用戶名進行數位簽章,並將數位簽章和智慧卡硬體ID返回給客戶端軟體;客戶端軟體將用戶名、密碼、數位簽章和智慧卡硬體ID發送給伺服器進行鑒權;伺服器將用戶名、數位簽章和智慧卡硬體ID發送給認證中心進行身份驗證;在身份驗證通過的情況下,伺服器對用戶進行鑒權處理以確定是否允許用戶使用網路服務。 As shown in FIG. 1 , the method includes the following: a user registers personal information in a certification center; the authentication center associates a smart card hardware ID with personal information; and the user establishes a Bluetooth between the smart card and the client software by using the mobile terminal. Connection; the smart card performs a digital signature on the user name sent by the client software, and returns the digital signature and the smart card hardware ID to the client software; the client software hardens the user name, password, digital signature and smart card The body ID is sent to the server for authentication; the server sends the user name, the digital signature and the smart card hardware ID to the authentication center for authentication; in the case that the authentication is passed, the server authenticates the user. Determine if users are allowed to use the web service.

圖2是根據本發明的基於智慧卡的網路實名認證的系 統的框圖。 2 is a smart card-based network real-name authentication system according to the present invention. The block diagram of the system.

如圖2所示,該系統包括:認證中心,用於為用戶登記個人資訊並將智慧卡硬體ID與個人資訊相關聯,並且還用於根據伺服器發送的用戶名、數位簽章和智慧卡硬體ID對用戶的身份進行驗證;智慧卡,用於存儲用戶的數位身份證資訊,並且可以進行數位簽章且具有唯一的硬體ID;客戶端軟體,用於使用戶輸入用戶名和密碼,通過藍牙連接到智慧卡以獲取智慧卡的數位簽章,接收智慧卡傳輸的數位簽章和智慧卡硬體ID並將用戶名、密碼、數位簽章和智慧卡硬體ID傳輸給伺服器;以及伺服器,用於接收客戶端軟體發送的資訊並將接收到的資訊發送給認證中心進行身份確認,並且在用戶身份確認的情況下根據用戶輸入的用戶名和密碼進行鑒權。 As shown in FIG. 2, the system includes: a certification center for registering personal information for the user and associating the smart card hardware ID with the personal information, and also for using the user name, digital signature, and wisdom sent by the server. The card hardware ID verifies the identity of the user; the smart card is used to store the user's digital ID information, and can be digitally signed and has a unique hardware ID; the client software is used to enable the user to enter a username and password. Connect to the smart card via Bluetooth to obtain the digital signature of the smart card, receive the digital signature and smart card hardware ID transmitted by the smart card and transmit the user name, password, digital signature and smart card hardware ID to the server. And a server for receiving information sent by the client software and transmitting the received information to the authentication center for identity confirmation, and authenticating according to the user name and password input by the user in the case of user identity confirmation.

以下結合圖3和圖4詳細描述本發明的實施例。 Embodiments of the present invention are described in detail below with reference to FIGS. 3 and 4.

圖3是根據本發明實施例的基於智慧卡的網路實名認證系統的示意圖。 3 is a schematic diagram of a smart card-based network real-name authentication system according to an embodiment of the present invention.

如圖3所示,基於智慧卡的網路實名認證系統包括以下部分。 As shown in FIG. 3, the smart card-based network real-name authentication system includes the following parts.

智慧卡,該智慧卡可以是支援藍牙功能的SIM卡或者SD卡,其中SIM卡可以採用2FF規格、3FF規格或者4FF規格等多種封裝形態,並且具備電信功能;其中SD卡可以採用Standard SD、Mini SD、Micro SD等多種封裝形態,並且具備一定的存儲空間。該智慧卡主要用於存儲用戶的數位身份證資訊,並且可以進行數位簽章且具有唯一的硬 體ID。 Smart card, the smart card can be a SIM card or SD card supporting Bluetooth function, wherein the SIM card can adopt various package forms such as 2FF specification, 3FF specification or 4FF specification, and has a telecommunication function; wherein the SD card can adopt Standard SD, Mini SD, Micro SD and other package forms, and have a certain storage space. The smart card is mainly used to store the user's digital ID information, and can be digitally signed and has a unique hard Body ID.

當然,本領域技術人員應該理解,智慧卡並不限於上面提到的SIM卡或SD卡,只要是能夠實現本發明功能的智慧卡均包括在本發明的範圍內。 Of course, those skilled in the art should understand that the smart card is not limited to the SIM card or the SD card mentioned above, and any smart card capable of implementing the functions of the present invention is included in the scope of the present invention.

支援藍牙功能的行動終端機,包括但不限於手機、PDA、筆記型電腦和平板電腦等,用於提供藍牙連接功能。 Bluetooth-enabled mobile terminals, including but not limited to mobile phones, PDAs, notebooks, and tablets, are used to provide Bluetooth connectivity.

客戶端軟體,用於通過行動終端機提供人機交互介面,為用戶提供登錄服務及獲取相關增值服務,比如手機銀行、手機證券、行動電子商務及社交軟體等。此外,在用戶登錄階段,該客戶端軟體還負責通過手機藍牙功能連接到智慧卡,由此來獲取用戶數位簽章和智慧卡硬體ID。 Client software for providing human-computer interaction interface through mobile terminals, providing users with login services and accessing related value-added services such as mobile banking, mobile securities, mobile e-commerce and social software. In addition, during the user login phase, the client software is also responsible for connecting to the smart card through the Bluetooth function of the mobile phone, thereby obtaining the user digital signature and the smart card hardware ID.

認證中心,用於存儲用戶的個人資料、數位簽章公開金鑰和智慧卡硬體唯一ID。認證中心一般為協力廠商權威機構提供的獨立系統,其作用是對用戶的數位簽章資訊進行識別,進而確定用戶身份。此外,認證中心還能夠通過智慧卡的硬體唯一ID驗證智慧卡的狀態,其中智慧卡的狀態包括未註冊、正常、掛失及禁用等,只有正常狀態下的智慧卡才能用於數位簽章。 The certificate authority is used to store the user's personal data, the digital signature public key, and the smart card hardware unique ID. The certification center is generally an independent system provided by the authority of the third-party manufacturer. Its function is to identify the user's digital signature information and determine the identity of the user. In addition, the authentication center can also verify the status of the smart card through the hardware unique ID of the smart card, wherein the status of the smart card includes unregistered, normal, lost, and disabled, and only the smart card in the normal state can be used for the digital signature.

伺服器,用於為行動終端機用戶提供登錄及相關的增值服務,如手機銀行、手機證券、行動電子商務及社交等服務。此外,在用戶登錄階段,伺服器負責向認證中心提交用戶的數位簽章和智慧卡硬體ID,以便確認用戶真實、合法身份。 Server for providing mobile terminal users with login and related value-added services such as mobile banking, mobile securities, mobile e-commerce and social services. In addition, during the user login phase, the server is responsible for submitting the user's digital signature and smart card hardware ID to the authentication center to confirm the user's true and legal identity.

接入前置單元,用於為認證中心、伺服器提供網路接 入服務和網路存取控制服務,是網路服務控制器。 Access to the front unit for providing network access for the authentication center and server Incoming services and network access control services are network service controllers.

在使用該系統之前,用戶首先需要將智慧卡進行實名制認證,即在認證中心註冊個人資訊,將智慧卡和用戶資訊進行綁定。 Before using the system, the user first needs to perform real-name authentication on the smart card, that is, register personal information in the authentication center, and bind the smart card and user information.

用戶在認證中心註冊個人資訊包括在認證中心登記用戶姓名、身份證號碼、性別、籍貫、電話及住址等個人資訊,並且在認證中心生成用戶對應的數位簽章公開金鑰和私密金鑰。 The user's registration of personal information in the certification center includes registration of personal information such as user name, ID number, gender, place of origin, telephone number and address in the certification center, and generates a digital signature public key and private key corresponding to the user in the certification center.

此外,將智慧卡和用戶資訊進行綁定是指在認證中心將智慧卡唯一硬體ID和認證中心註冊的個人資訊建立一種關聯關係。 In addition, binding the smart card and the user information means that the authentication center establishes a relationship between the unique hardware ID of the smart card and the personal information registered by the authentication center.

在使用中,用戶將智慧卡插入行動終端機,然後在行動終端機上通過互聯網的連接打開客戶端軟體登錄介面,提交登錄資訊到伺服器進行鑒權。在提交登錄資訊的過程中,客戶端軟體會自動通過行動終端機的藍牙功能連接到智慧卡並獲取數位簽章資訊。如果鑒權成功,用戶身份被確認,則允許使用網路服務;如果鑒權失敗,則拒絕提供網路服務。 In use, the user inserts the smart card into the mobile terminal, and then opens the client software login interface through the Internet connection on the mobile terminal, and submits the login information to the server for authentication. In the process of submitting the login information, the client software automatically connects to the smart card through the Bluetooth function of the mobile terminal and obtains the digital signature information. If the authentication is successful and the user identity is confirmed, the network service is allowed; if the authentication fails, the network service is denied.

其中,提交登錄資訊是指提交包括智慧卡硬體唯一ID、用戶名、密碼及用戶的數位簽章在內的資訊,其中更簡單的方式是使用智慧卡的硬體ID作為用戶名,登錄資訊只包含智慧卡的硬體ID、密碼和用戶的數位簽章,或者只包括智慧卡的硬體ID和用戶的數位簽章而無其他輸入內容。由於智慧卡的硬體ID是不能被用戶模擬輸入,所 以單獨驗證智慧卡的硬體ID和用戶的數位簽章,或者驗證智慧卡的ID、密碼和用戶的數位簽章都是比較安全的。此外,登錄資訊可以是明文,也可以是經過加密處理的密文。 The submission of the login information refers to submitting the information including the unique ID of the smart card hardware, the user name, the password, and the digital signature of the user. The simpler way is to use the hardware ID of the smart card as the user name, login information. Contains only the hardware ID, password, and user's digital signature of the smart card, or only the hardware ID of the smart card and the user's digital signature without other input. Since the hardware ID of the smart card cannot be input by the user, It is safer to separately verify the smart card's hardware ID and the user's digital signature, or verify the smart card's ID, password, and user's digital signature. In addition, the login information may be plain text or ciphertext that is encrypted.

認證中心驗證智慧卡的狀態是指認證中心根據智慧卡的硬體ID查找智慧卡對應登記資料,如果智慧卡已經登記並且狀態顯示為正常,則返回驗證成功,否則如果智慧卡沒有註冊或者處於掛失或者禁用等狀態,則返回驗證失敗。 The authentication center verifies the status of the smart card. The authentication center searches for the corresponding registration data of the smart card according to the hardware ID of the smart card. If the smart card has been registered and the status is displayed as normal, the verification is successful. Otherwise, if the smart card is not registered or is reported to be lost. Or disable the status, then the verification fails.

此外,如果智慧卡丟失或者損壞可以憑藉用戶的有效證件到認證中心申請掛失或者補辦。 In addition, if the smart card is lost or damaged, you can apply for a loss or reissue by using the user's valid ID to the certification center.

圖4是根據本發明實施例的基於智慧卡的網路實名認證的方法的流程圖。 4 is a flow chart of a smart card based network real name authentication method in accordance with an embodiment of the present invention.

如圖4所示,行動服務提供者基於該系統進行用戶身份確認的方法,該方法包括以下步驟。 As shown in FIG. 4, the mobile service provider performs a method for user identity confirmation based on the system, and the method includes the following steps.

1)用戶在認證中心註冊個人資訊,包括登記用戶姓名、身份證號碼、性別、籍貫、電話及住址等個人資訊,並且在認證中心生成用戶對應的數位簽章公開金鑰、私密金鑰。此外,在認證中心將智慧卡唯一硬體ID和認證中心註冊的個人資訊進行關聯。 1) The user registers personal information in the certification center, including personal information such as registered user name, ID card number, gender, birthplace, telephone number and address, and generates a digital seal public key and private key corresponding to the user in the certification center. In addition, the certification center associates the smart card unique hardware ID with the personal information registered by the certification center.

2)用戶將智慧卡插入行動終端機,然後在行動終端機上打開客戶端軟體,進入客戶端軟體登錄介面輸入用戶名和密碼,並提交。 2) The user inserts the smart card into the mobile terminal, then opens the client software on the mobile terminal, enters the client software login interface, enters the username and password, and submits.

3)在用戶提交登錄資訊後,客戶端軟體首先查詢行動 終端機的藍牙功能是否打開,如果沒有打開則提示用戶打開行動終端機的藍牙功能,如果打開藍牙功能則嘗試建立與智慧卡之間的藍牙連接。 3) After the user submits the login information, the client software first queries the action. Whether the Bluetooth function of the terminal is turned on, if not, prompts the user to open the Bluetooth function of the mobile terminal, and if the Bluetooth function is turned on, attempts to establish a Bluetooth connection with the smart card.

4)在客戶端軟體建立與智慧卡之間的藍牙連接後,將步驟2)中獲取到的用戶名發送給智慧卡進行數位簽章,其中智慧卡使用上述簽名私密金鑰對用戶名進行數位簽章。 4) After the client software establishes a Bluetooth connection with the smart card, the user name obtained in step 2) is sent to the smart card for digital signature, wherein the smart card uses the signature private key to digitize the user name. signature.

5)智慧卡將步驟4)中生成的數位簽章資訊和智慧卡的硬體ID通過藍牙通道返回給行動終端機的客戶端軟體。 5) The smart card returns the digital signature information generated in step 4) and the hardware ID of the smart card to the client software of the mobile terminal through the Bluetooth channel.

6)客戶端軟體將用戶名、密碼、數位簽章和智慧卡硬體ID資訊發送給伺服器進行鑒權。 6) The client software sends the user name, password, digital signature and smart card hardware ID information to the server for authentication.

7)在伺服器收到行動終端機客戶端軟體發來的用戶登錄資訊後,首先將數位簽章、用戶名和智慧卡硬體ID資訊發送給認證中心。 7) After the server receives the user login information sent by the mobile terminal client software, first sends the digital signature, user name and smart card hardware ID information to the authentication center.

8)認證中心在收到伺服器發送的資訊後,根據智慧卡硬體ID驗證智慧卡的狀態並找到用戶的數位簽章公開金鑰,如果智慧卡狀態正常則使用用戶的數位簽章公開金鑰對數位簽章資訊進行解密,否則返回提示資訊給伺服器。將解密後得到的資訊與用戶名進行比對,如果相同則用戶身份合法,否則用戶身份非法,並將結果返回給伺服器。 8) After receiving the information sent by the server, the certification center verifies the status of the smart card according to the smart card hardware ID and finds the user's digital signature public key. If the smart card status is normal, the user's digital signature is used to disclose the gold. The key pair signage information is decrypted, otherwise the prompt information is returned to the server. The information obtained after decryption is compared with the user name. If the information is the same, the user identity is legal, otherwise the user identity is illegal, and the result is returned to the server.

9)伺服器在收到認證中心返回的結果後,檢驗在步驟7)中收到的用戶名和密碼,如果用戶名和密碼合法且步驟8)中認證中心返回的用戶身份合法,則鑒權成功。在用戶身份被確認的情況下,允許使用網路服務。而如果鑒權失敗,則拒絕提供網路服務。 9) After receiving the result returned by the authentication center, the server verifies the username and password received in step 7). If the username and password are valid and the user identity returned by the authentication center in step 8) is legal, the authentication succeeds. Internet services are allowed when the identity of the user is confirmed. If the authentication fails, the network service is refused.

如上所述,本發明利用硬體認證和加密的方式實現網路實名認證,其可靠性大大優於傳統的實名認證,為淨化行動互聯網環境,規範行動互聯網行為規範提供了更為有力的支援。 As described above, the present invention utilizes hardware authentication and encryption to implement network real-name authentication, and its reliability is much better than the traditional real-name authentication, and provides more powerful support for purifying the mobile Internet environment and regulating the behavioral Internet behavior norms.

需要說明的是,以上參照圖式所描述的各個實施例僅用以說明本發明而非限制本發明的範圍,本領域的普通技術人員應當理解,在不脫離本發明的精神和範圍的前提下對本發明進行的修改或者等同替換,均應涵蓋在本發明的範圍之內。此外,除上下文另有所指外,以單數形式出現的詞包括複數形式,反之亦然。另外,除非特別說明,那麼任何實施例的全部或一部分可結合任何其它實施例的全部或一部分來使用。 It should be noted that the various embodiments described above with reference to the drawings are only intended to illustrate the invention and not to limit the scope of the invention, and those skilled in the art should understand that without departing from the spirit and scope of the invention Modifications or equivalents to the invention are intended to be included within the scope of the invention. In addition, unless the context indicates otherwise, words in the singular include plural and vice versa. In addition, all or a portion of any embodiment can be used in combination with all or a portion of any other embodiment, unless otherwise stated.

Claims (7)

一種基於智慧卡的網路實名認證系統,包括:認證中心,其登記有用戶的身份資訊,並能夠對該用戶的身份進行驗證;行動終端機,其支援藍牙功能,並安裝有智慧卡和客戶端軟體;該智慧卡具有硬體ID,支援藍牙功能,用於存儲用戶的數位身份資訊,進行數位簽章;該客戶端軟體用於提供人機交互介面,通過藍牙連接到該智慧卡,以獲取該智慧卡的數位簽章,接收該智慧卡傳輸的數位簽章和該智慧卡的硬體ID,並將用戶名、密碼、數位簽章和智慧卡硬體ID傳輸給伺服器進行鑒權;以及伺服器,其用於接收該客戶端軟體發送的資訊,並將接收到的資訊發送給該認證中心進行身份確認,並且在用戶身份確認的情況下根據用戶輸入的用戶名和密碼進行鑒權,以確定是否允許該用戶使用網路服務。 A smart card-based network real-name authentication system, comprising: a certification center, which registers user identity information and can verify the identity of the user; the mobile terminal supports Bluetooth function and is equipped with a smart card and a client. End software; the smart card has a hardware ID, supports a Bluetooth function, is used to store the user's digital identity information, and performs a digital signature; the client software is used to provide a human-computer interaction interface, and is connected to the smart card through Bluetooth. Obtaining the digital signature of the smart card, receiving the digital signature transmitted by the smart card and the hardware ID of the smart card, and transmitting the username, password, digital signature, and smart card hardware ID to the server for authentication And a server for receiving information sent by the client software, and sending the received information to the authentication center for identity confirmation, and authenticating according to the user name and password input by the user in the case of user identity confirmation To determine if the user is allowed to use the web service. 如請求項1所記載之基於智慧卡的網路實名認證系統,其進一步包括接入前置單元,該接入前置單元用於為該認證中心和該伺服器提供網路接入服務和網路存取控制服務。 The smart card-based network real-name authentication system as claimed in claim 1, further comprising an access pre-unit for providing network access services and networks for the authentication center and the server. Road access control service. 一種網路實名認證伺服器,其用於為行動終端機的用 戶提供登錄及增值服務,其中:該網路實名認證伺服器接收從該行動終端機發來的資訊,並將該資訊發給認證中心進行身份確認,並在用戶身份確認的情況下根據用戶輸入的用戶名和密碼進行鑒權,以確定是否允許該用戶使用網路服務;該認證中心登記有該用戶的身份資訊,並能夠對該用戶的身份進行驗證。 A network real-name authentication server for use in mobile terminals The user provides login and value-added services, wherein: the network real-name authentication server receives the information sent from the mobile terminal, and sends the information to the certification center for identity confirmation, and according to the user input, the user input is confirmed. The username and password are authenticated to determine whether the user is allowed to use the network service; the certificate authority registers the identity information of the user and can verify the identity of the user. 如請求項3所記載之網路實名認證伺服器,其中該行動終端機支援藍牙功能,並安裝有:智慧卡,其具有硬體ID,支援藍牙功能,用於存儲用戶的數位身份資訊,進行數位簽章;客戶端軟體,其用於提供人機交互介面,能夠通過藍牙連接到該智慧卡,以獲取該智慧卡的數位簽章,接收該智慧卡傳輸的數位簽章和該智慧卡的硬體ID,並將用戶名、密碼、數位簽章和硬體ID傳輸給該網路實名認證伺服器。 The network real-name authentication server as claimed in claim 3, wherein the mobile terminal supports the Bluetooth function, and is installed with: a smart card, which has a hardware ID, supports a Bluetooth function, and is used for storing the digital identity information of the user. a digital signature; a client software for providing a human-machine interaction interface, capable of connecting to the smart card via Bluetooth to obtain a digital signature of the smart card, receiving the digital signature transmitted by the smart card and the smart card The hardware ID and the username, password, digital signature, and hardware ID are transmitted to the network real-name authentication server. 一種行動終端機,該行動終端機支援藍牙功能,並安裝有:智慧卡,其支援藍牙功能,存儲有用戶的數位身份資訊,並且可以進行數位簽章,且具有唯一的硬體ID;以及客戶端軟體,其用於提供人機交互介面,能夠通過藍牙連接到該智慧卡,以獲取該智慧卡的數位簽 章,接收該智慧卡傳輸的數位簽章和該智慧卡的硬體ID,並將用戶名、密碼、數位簽章和智慧卡硬體ID傳輸給伺服器進行鑒權,以確定是否允許該用戶使用網路服務。 An action terminal, the mobile terminal supports Bluetooth function, and is installed with: a smart card, which supports a Bluetooth function, stores digital identification information of a user, and can perform digital signature and has a unique hardware ID; and a client End software, which is used to provide a human-machine interaction interface, and can connect to the smart card through Bluetooth to obtain the digital card of the smart card Receiving a digital signature transmitted by the smart card and a hardware ID of the smart card, and transmitting the username, password, digital signature, and smart card hardware ID to the server for authentication to determine whether the user is allowed Use a web service. 一種基於智慧卡的網路實名認證方法,該智慧卡具有硬體ID,存儲有用戶的數位身份資訊,進行數位簽章;該基於智慧卡的網路實名認證方法包括以下步驟:登錄行動終端機,建立該智慧卡與客戶端軟體之間的藍牙連接;該智慧卡接收該客戶端軟體發送的用戶名,對該用戶名進行數位簽章,並將該數位簽章和該硬體ID返回給該客戶端軟體;該客戶端軟體將該用戶名、密碼、該數位簽章和該硬體ID發送給伺服器進行鑒權;該伺服器將該用戶名、該數位簽章和該硬體ID發送給登記有用戶身份資訊的認證中心進行身份驗證;以及在身份驗證通過的情況下,該伺服器對該用戶進行鑒權處理以確定是否允許該用戶使用網路服務。 A smart card-based network real-name authentication method, the smart card has a hardware ID, stores digital identity information of the user, and performs digital signature; the smart card-based network real-name authentication method includes the following steps: logging in to the mobile terminal Establishing a Bluetooth connection between the smart card and the client software; the smart card receives the user name sent by the client software, digitally signs the user name, and returns the digital signature and the hardware ID to The client software; the client software sends the username, password, the digital signature, and the hardware ID to the server for authentication; the server signs the user name, the digit signature, and the hardware ID The authentication center is sent to the authentication center registered with the user identity information for authentication; and in the case that the authentication is passed, the server authenticates the user to determine whether the user is allowed to use the network service. 如請求項6所記載之基於智慧卡的網路實名認證方法,其中該認證中心收到該伺服器發送的資訊後,該認證中心根據該硬體ID驗證該智慧卡的狀態並找到該用戶的數位簽章公開金鑰; 如果該智慧卡狀態正常,則使用該用戶的數位簽章公開金鑰對該數位簽章資訊進行解密,否則,返回提示資訊給該伺服器,並將解密後得到的資訊與該用戶名進行比對;如果相同,則用戶身份合法,否則用戶身份非法,並將結果返回給該伺服器。 The smart card-based network real-name authentication method according to claim 6, wherein after the authentication center receives the information sent by the server, the certification center verifies the status of the smart card according to the hardware ID and finds the user's Digital signature public key; If the smart card is in a normal state, the digital signature of the user is used to decrypt the digital signature information. Otherwise, the prompt information is returned to the server, and the information obtained after decryption is compared with the username. Right; if the same, the user identity is legal, otherwise the user identity is illegal and the result is returned to the server.
TW105135513A 2015-11-03 2016-11-02 Server, mobile terminal, and network real-name authentication system and method TWI632798B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510738043 2015-11-03
??201510738043.4 2015-11-03

Publications (2)

Publication Number Publication Date
TW201729562A true TW201729562A (en) 2017-08-16
TWI632798B TWI632798B (en) 2018-08-11

Family

ID=58661632

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105135513A TWI632798B (en) 2015-11-03 2016-11-02 Server, mobile terminal, and network real-name authentication system and method

Country Status (3)

Country Link
CN (1) CN107113613B (en)
TW (1) TWI632798B (en)
WO (1) WO2017076216A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109560932A (en) * 2017-09-25 2019-04-02 北京云海商通科技有限公司 The recognition methods of identity data, apparatus and system
CN109005534A (en) * 2018-07-19 2018-12-14 国民技术股份有限公司 A kind of roaming place network steps on net method for authenticating, terminal and authentication server
CN109089248B (en) * 2018-08-07 2021-08-17 河南云拓智能科技有限公司 Information monitoring method based on Bluetooth gateway
CN111343133B (en) * 2018-12-19 2022-05-13 中移物联网有限公司 Authentication method, authentication equipment and computer readable storage medium
CN109981360B (en) * 2019-03-15 2022-04-19 深圳力维智联技术有限公司 Internet of things equipment site opening method, device and system and storage medium
CN111585987B (en) * 2020-04-25 2022-10-25 中信银行股份有限公司 Identity authentication method and device, electronic equipment and computer readable storage medium
CN114007218B (en) * 2020-07-28 2024-01-26 中国电信股份有限公司 Authentication method, authentication system, terminal and digital identity authentication functional entity

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4120237B2 (en) * 2002-02-28 2008-07-16 ソニー株式会社 Demodulator and receiver
CN1416073A (en) * 2002-11-05 2003-05-07 戚滨宏 Method for authenticating self idetification
EP2747368A1 (en) * 2012-12-19 2014-06-25 Gemalto SA Method for customising a security element
CN103164738B (en) * 2013-02-06 2015-09-30 厦门盛华电子科技有限公司 A kind of cellphone subscriber's identification card based on the certification of mobile payment multi-channel digital
CN103368743A (en) * 2013-07-08 2013-10-23 深圳市文鼎创数据科技有限公司 Multifunctional intelligent card and identity authentication method and operation method of multifunctional intelligent card
CN104637192B (en) * 2013-11-07 2018-08-14 华为技术有限公司 A kind of stored value card and its application method, mobile terminal and electronic ticket transaction system
CN104158824B (en) * 2014-09-02 2018-03-16 解芳 Genuine cyber identification authentication method and system

Also Published As

Publication number Publication date
WO2017076216A1 (en) 2017-05-11
TWI632798B (en) 2018-08-11
CN107113613B (en) 2021-06-22
CN107113613A (en) 2017-08-29

Similar Documents

Publication Publication Date Title
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
JP5601729B2 (en) How to log into a mobile radio network
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
CN109729523B (en) Terminal networking authentication method and device
JP2020064668A5 (en)
TW201741922A (en) Biological feature based safety certification method and device
JP5844471B2 (en) How to control access to Internet-based applications
US10050791B2 (en) Method for verifying the identity of a user of a communicating terminal and associated system
CA2879910C (en) Terminal identity verification and service authentication method, system and terminal
WO2015192670A1 (en) User identity authentication method, terminal and service terminal
WO2017054617A1 (en) Wifi network authentication method, device and system
WO2014183526A1 (en) Identity recognition method, device and system
JP2012530311A5 (en)
CN103297403A (en) Method and system for achieving dynamic password authentication
CN101841525A (en) Secure access method, system and client
CN101986598B (en) Authentication method, server and system
WO2014110877A1 (en) Mobile terminal device and user authentication method based on pki technology
TWI640189B (en) System for verifying a user's identity of telecommunication certification and method thereof
CN109063438A (en) A kind of data access method, device, local data secure access equipment and terminal
CN110278084B (en) eID establishing method, related device and system
US20190281053A1 (en) Method and apparatus for facilitating frictionless two-factor authentication
CN112020716A (en) Remote biometric identification
CN102984335A (en) Identity authentication method, equipment and system for making fixed-line call

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees