WO2018113437A1 - Authentication device-based electronic identity card authentication service system - Google Patents

Authentication device-based electronic identity card authentication service system Download PDF

Info

Publication number
WO2018113437A1
WO2018113437A1 PCT/CN2017/110161 CN2017110161W WO2018113437A1 WO 2018113437 A1 WO2018113437 A1 WO 2018113437A1 CN 2017110161 W CN2017110161 W CN 2017110161W WO 2018113437 A1 WO2018113437 A1 WO 2018113437A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic
card
information
authentication
identity
Prior art date
Application number
PCT/CN2017/110161
Other languages
French (fr)
Chinese (zh)
Inventor
李志忠
衣龙腾
张朝东
张华�
Original Assignee
杨宪国
孙卫平
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杨宪国, 孙卫平 filed Critical 杨宪国
Publication of WO2018113437A1 publication Critical patent/WO2018113437A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present application relates to the field of communications technologies, and in particular, to an electronic ID card authentication service system based on an authentication device.
  • an electronic ID card (eID, electronic IDentity) was proposed. It is a form of alienation of the resident ID card on the network. It is called the citizen network electronic identity.
  • the eID is the authoritative electronic information on the network to remotely prove the true identity of the individual.
  • the document was issued by the Ministry of Public Security Citizen Network Identification System. The use of eID in China has not yet been popularized. The first country in the world to use eID is Belgium. At the beginning of 2010, more than 85% of the country's residents have eIDs, and its laws stipulate that citizens must have eIDs. Full coverage is achieved.
  • the inventor of the present application found that the existing eID system mainly uses a U disk like a terminal carrier to implement the object. Separate and verify the validity of the user's identity through real-time network update. This restricts the promotion and use of eID in some programs. Firstly, it is not convenient to carry the eID system with U disk as the terminal carrier. Secondly, with the rapid development of the information society, more and more users choose to use mobile phones and tablets. Such portable mobile terminals for online office, online shopping, etc., these mobile terminals do not have a USB interface or only a few USB interfaces. Faced with the above problems, the eID card was originally designed to be applied to a financial IC card containing a security chip, but it is still not possible to obtain a convenient application on the mobile terminal.
  • the network user is improved in the convenience and security of the identity authentication level, and promotes the popularization and application of the eID.
  • the application proposes an authentication device based on the mobile terminal.
  • the eID authentication service system enables the user to implement the eID authentication service without relying on additional carriers.
  • the authentication device of the mobile terminal is effectively bound to the eID, which is beneficial to the authentication enhancement and the popularity of the eID.
  • an electronic ID card authentication service system based on an authentication device includes:
  • An authentication device which is disposed on the mobile terminal and configured to perform mobile user identity authentication
  • the electronic identity card information management device generates download request information requesting to download the electronic ID card of the user based on the information of the authentication device and the information of the user, and transmits the download request information, and the electronic device to be received Writing an identity card to the authentication device;
  • an electronic ID card authorization and verification server that delivers the electronic identity card to the electronic identity card information management device if the verification of the download request information is successful.
  • the authentication device includes:
  • a storage unit for storing the written electronic ID card
  • a communication unit for communicating with the electronic identity card information management device
  • An encryption and decryption module for encrypting and decrypting transmitted data.
  • the electronic ID card authorization and verification server associates the electronic identification card with the authentication device in a case where the verification of the download request information is successful. And sending the electronic ID card to the electronic ID card information management device, where the electronic ID card information management device writes the received electronic ID card to the authentication device.
  • the electronic identity card information management apparatus further manages the electronic identity card in the authentication device, where the managing includes deleting the electronic identity card, Freeze, or thaw.
  • the electronic identity card information management apparatus reads the information in the case where the information of the user and/or the signature password of the authentication device input by the user is successfully verified.
  • the electronic identity card in the authentication device, and the read electronic identification card and the cancellation request information, the freeze request information or the thawing request information are sent to the electronic ID card authorization and verification server;
  • the electronic ID card authorization and verification server performs processing to cancel the association relationship between the electronic identity card and the authentication device, and stops the association based on the logout request information, the freeze request information, or the defrosting request information.
  • the network operation related to the electronic identity card uses, or restores, the network operation associated with the electronic identity card, and feeds back the result of the processing to the electronic identity card information management device.
  • the electronic identity card information The management device sends a logout command to the authentication device, and the authentication device deletes the electronic identity card according to the logout command.
  • the authentication service system further includes:
  • An electronic identification card information third party application device that sends a read request to read the electronic identity card in the authentication device, and receives the electronic identity card authorization and verification server to the electronic identity card The certification result of the certification.
  • the electronic identity card information management apparatus reads the authentication according to the read request, if the verification of the signature password of the authentication device is successful.
  • the electronic ID card in the device generates an authentication request according to the identification information of the third-party application device of the electronic ID card information included in the read request, and the electronic ID card, and sends the authentication request;
  • the electronic ID card authorization and verification server authenticates the electronic ID card in the authentication request, and sends an electronic ID card application authorization code to the electronic ID card information management device if the authentication is successful;
  • the electronic identity card information management device sends the received electronic identity card application authorization code to the electronic identity card information third party application device.
  • the electronic identity card information third party application device saves and/or sends the electronic identity card application authorization code to a third party application server for saving.
  • the electronic identity card information management device Sending an ID card application authorization code and an electronic ID card in the authentication device to the electronic ID card authorization and verification server, and requesting the electronic ID card authorization and verification server to apply an authorization code based on the electronic ID card
  • the electronic identity card verifies the authenticity of the user.
  • the third party application device of the electronic identity card information when the business operation of the third party application device of the electronic identity card information needs to verify the identity of the user, the third party application device of the electronic identity card information is based on the electronic identity card information. Generating the first identity verification request by the identifier information of the three-party application device, the electronic identity card application authorization code, and the user information, and sending the first identity verification request to the electronic identity card information management device to request identity verification ;
  • the electronic identity card information management device receives the first identity verification request of the third party application device of the electronic identity card information, communicates with the authentication device, and acquires electronic identity card information and/or information in the authentication device. a signature value for signing the first identity verification request, and according to the identification information in the first identity verification request, the electronic identity card application authorization code, and the user information, and the electronic identity card Generating a second identity verification request by using the information and/or the signature value for signing the first identity verification request, and sending the second identity verification request to the electronic identity card authorization and verification server to request identity verification;
  • the electronic identity card information management device returns the received identity verification result to the electronic identity card information third party application device;
  • the electronic identity card information third party application device agrees or rejects the service operation requested by the user according to the received identity verification result.
  • the authentication device can be effectively bound to the electronic ID card, whereby the user can implement the EID authentication service without relying on the additional carrier, which is beneficial to the authentication enhancement and The popularity of eID.
  • FIG. 1 is a schematic diagram of an authentication service system according to Embodiment 1 of the present application.
  • FIG. 2 is a schematic diagram of writing an EID to an authentication device according to Embodiment 1 of the present application;
  • FIG. 3 is a schematic diagram of deregistering an EID in an authentication apparatus according to Embodiment 1 of the present application;
  • FIG. 4 is a schematic diagram of a process in which a third-party application apparatus of an electronic ID card information of Embodiment 1 of the present application transmits a read request and receives an authentication result;
  • FIG. 5 is a schematic diagram of a process for verifying an electronic identity card information third-party application device according to Embodiment 1 of the present application;
  • FIG. 6 is a schematic diagram of a process of applying an application identifier of a third-party application for eID use in the application of the first embodiment of the present application, and setting it in the third-party application device of the electronic ID card information.
  • the authentication device may be disposed on the mobile terminal, and the authentication device may be a Subscriber Identity Module (SIM) card, a chip attached to the customer identification module card, such as a SIM film card, or
  • SIM Subscriber Identity Module
  • the customer identification module card has equivalent functions integrated into the mobile terminal such as eSIM Card or the like;
  • the function of the authentication device can be implemented by software running on the authentication device, for example, the software can be a chip operation system (COS).
  • COS chip operation system
  • the present embodiment is not limited thereto, and the function of the authentication device may be implemented by hardware or by hardware and software. For specific implementation, reference may be made to the prior art.
  • the electronic identity card information management device may be implemented by software.
  • the electronic identity card information management device may be a software development kit (SDK).
  • SDK software development kit
  • the embodiment is not limited thereto, and the electronic identity card information is
  • the management device can also be implemented by hardware, or can be implemented by hardware and software. The specific implementation manner can refer to the prior art.
  • the electronic identity card information management device may be disposed in the mobile terminal.
  • the electronic identity card information management device may be provided separately from the authentication device or may be disposed in the authentication device.
  • the electronic ID card information management device may be disposed outside the mobile terminal, for example, may be disposed in a issuing device of a SIM card, or a terminal device of a bank or the like, and the terminal device may be, for example, an electronic device. ID card writing card authentication device.
  • the third party application device of the electronic ID card information may be implemented by software.
  • the third party application device of the electronic ID card information may be an application (Application, APP).
  • Application Application
  • the embodiment is not limited thereto.
  • the third-party application device of the electronic ID card information may also be implemented by hardware, or may be implemented by hardware and software. The specific implementation manner may refer to the prior art.
  • the electronic identity card authorization and authentication server can also be implemented by software and/or hardware.
  • the authentication device and the electronic ID card information management device can exchange data through various communication methods, such as Bluetooth communication, Near Field Communication (NFC), and utilization transmission.
  • Protocol Data Unit (TPDU) communication, etc. may also be a unique protocol communication method between the authentication device and the electronic ID card information management device; electronic identity card information third party application device and electronic ID card
  • the information management device can communicate through the internal communication interface; the electronic ID card information third party application device and the electronic ID card information management device can communicate with the electronic ID card authorization and verification server via the communication module of the mobile terminal, the communication This can be done via a wired network or a wireless network.
  • the mobile terminal may be a portable electronic device such as a feature phone, a smartphone or a tablet.
  • Embodiment 1 of the present application provides an electronic ID card authentication service system based on an authentication device.
  • 1 is a schematic diagram of the authentication service system.
  • the authentication service system 100 includes an authentication device 101, an electronic identity card information management device 102, and an electronic ID card authorization and verification server 103.
  • the authentication device 101 is disposed in the mobile terminal 200 and configured to perform mobile user identity authentication; the electronic identity card information management device 102 generates an electronic identity card (EID) requesting to download the user based on the information of the authentication device 101 and the information of the user. Downloading the request information and transmitting the download request information, and writing the received electronic identification card (EID) to the authentication device 101; in the case where the verification of the download request information is successful, the electronic ID card authorization and verification server 103 The electronic identity card information management device 102 delivers the electronic identity card (EID).
  • EID electronic identity card
  • the authentication device can be effectively bound with an electronic ID card (EID), whereby the user can implement the EID authentication service without relying on an additional carrier, which is advantageous for authentication enhancement and popularity of the eID.
  • EID electronic ID card
  • the authentication device 101 may include:
  • a storage unit for storing the written electronic ID card
  • a communication unit for communicating with the electronic identity card information management device
  • An encryption and decryption module for encrypting and decrypting transmitted data.
  • FIG. 2 is a schematic diagram of writing an EID to an authentication device according to the embodiment. As shown in FIG. 2, the process of writing an EID to the authentication device 101 includes:
  • the electronic identity card information management device 102 in the mobile terminal 200 acquires information of the user, wherein the information of the user may include fingerprint information, face information, and/or physical identity card information.
  • the manner in which the electronic ID card information management device 102 acquires the information of the user includes: a) the user scans the fingerprint using the mobile terminal 200, and the electronic ID card information management device 102 acquires the fingerprint information of the user; b) the user uses the mobile terminal 200 to perform face recognition.
  • the electronic identity card information management device 102 acquires the facial information of the user; c) the user identifies the physical identity card using the mobile terminal 200, and the electronic identity card information management device 102 acquires the physical identity card information of the user.
  • the information of the user may not be limited to the information listed above, and the manner in which the electronic ID card information management device 102 acquires the information of the user may not be limited to the above-described modes.
  • the electronic identity card information management device 102 in the mobile terminal 200 communicates with the authentication device 101 to obtain information of the authentication device 101.
  • the information of the authentication device may be, for example, an integrated circuit card identity (ICCID). And other information.
  • ICCID integrated circuit card identity
  • the electronic identity card information management device 102 in the mobile terminal 200 is used according to the information of the authentication device 101.
  • the information of the user generates download request information, and sends the download request information to the electronic ID card authorization and verification server 103 to apply for downloading the electronic ID card.
  • the electronic ID card authorization and verification server 103 receives the download request information, and verifies the information of the mobile terminal 200, the authentication device, and the user's information, and returns the verification result. For example, if the verification is successful, the authentication is performed.
  • the device information is associated with the electronic ID card, and the eID is sent to the mobile terminal 200.
  • the electronic ID information management device 102 in the mobile terminal 200 writes the eID to the authentication device 101. If the verification fails, an error message is returned.
  • Mobile terminal 200 is
  • the electronic ID card information management device 102 can also manage an electronic identification card (EID) in the authentication device 101, and the management includes deregistering, freezing, or unfreezing the electronic identification card (EID). deal with.
  • EID electronic identification card
  • FIG. 3 is a schematic diagram of deregistering an EID in an authentication apparatus according to the embodiment. As shown in FIG. 3, the process of deregistering the EID in the authentication apparatus 101 includes:
  • the electronic identity card information management device 102 performs local authentication on the user's information. For example, the electronic identity card information management device 102 performs control such that the user's fingerprint information, face information, physical identity card information, and the like are verified in the mobile terminal 200. In addition, the signature password of the authentication device input by the user may be verified; if the local authentication is successful, the eID in the authentication device 101 is read and sent to the electronic ID card authorization and verification together with the cancellation request information. Server 103;
  • the electronic ID card authorization and verification server 103 performs a logout operation according to the received eID and the logout request information, that is, cancels the association information of the eID and the authentication device, and returns the logout operation result to the electronic ID card information management device 102 of the terminal 200.
  • the result of the logout operation indicates that the logout operation succeeds or fails;
  • the electronic ID card information management device 102 issues a logout command to the authentication device 101, and the authentication device 101 deletes the eID and returns the deletion result to the electronic ID card information management device 102.
  • the process of freezing or thawing the EID in the authentication device 101 is similar to the process of deregistering.
  • the process of freezing or thawing the EID in the authentication device 101 may include:
  • the electronic ID card information management device 102 reads the electronic identification card (EID) in the authentication device 101 in the case where the local authentication of the information of the user and/or the signature password of the authentication device input by the user is successful, And the read electronic identification card (EID) and the freeze request information or the thawing request information is sent to the electronic ID card authorization and verification server 103;
  • the electronic ID card information management device 102 may also be disposed outside the mobile terminal 200, for example, may be disposed in a issuing device of a SIM card, or a terminal device of a bank or the like, such as a terminal device, for example. It can be a card authentication device for an electronic ID card. Thereby, the user can perform an operation of writing the eID to the authentication device on the terminal other than the mobile terminal 200, and authenticate, logout, and freeze the eID in the authentication device 101 on the terminal other than the mobile terminal 200. , thawing and other treatments.
  • the authentication service system 100 may further include an electronic identity card information third party application device 104, wherein the electronic identity card information third party application device 104 may send a request to the authentication device 101.
  • the electronic identification card (EID) performs a read request for reading, and receives an authentication result of the electronic ID card authorization and verification server 103 authenticating the electronic identity card (EID).
  • FIG. 4 is a schematic diagram of a flow of the electronic ID card information third party application device 104 transmitting a read request and receiving the authentication result.
  • the process for the third party application device 104 to send a read request and receive the authentication result may include:
  • the electronic ID card information in the mobile terminal 200 The third party application device 104 (APP) issues a read request for reading the eID to the electronic ID card information management device 102, and the read request includes the electronic ID card information.
  • the electronic ID card information management device 102 locally verifies the user's information and/or the signature password of the authentication device by the mobile terminal 200, and reads the eID in the authentication device 101 if the local authentication is successful;
  • the authentication request information is sent to the electronic ID card authorization and verification server 103;
  • the electronic ID card authorization and verification server 103 gives the authentication result according to the authentication request information, and returns the authentication result to the electronic ID card information management device 102 of the mobile terminal 200. For example, if the authentication succeeds, the authentication result includes the eID application authorization. If the authentication fails, the authentication result includes information that the authentication fails;
  • the electronic ID card information management device 102 sends the received authentication result to the electronic ID card information third party application device 104, where the authentication result includes the EID application authorization code or the authentication failure information;
  • the electronic ID card information third party application device 104 receives the authentication failure information, the user is denied If the electronic ID card information third party application device 104 receives the result of the authentication success and the eID application authorization code, the eID application authorization code is locally saved and/or sent to the electronic ID card information third party application server 104a for storage.
  • the electronic ID card authorization and verification server 103 can also verify the electronic identity card information third party application device (APP) 104, and only the qualified electronic identity card information third party application device (APP) 104
  • the read request to read the EID in the request authentication device is valid, thereby preventing the illegal electronic ID information from being read by the third party application device (APP), thereby improving security.
  • the electronic identity card information third party application device (APP) 104 may send the identification information of the electronic identity card information third party application device (APP) and the electronic identity card (EID) application authorization code to the electronic identity card authorization and verification server. 103.
  • the electronic ID card authorization and verification server verifies the related information and the electronic identification card (EID) application authorization code. When the verification is passed, the electronic identification information is sent by the third party application device (APP). effective.
  • FIG. 5 is a schematic diagram of a process for verifying an electronic ID card information third-party application device according to the embodiment. As shown in FIG. 5, the process for verifying the third-party application device of the electronic ID card information may include:
  • Step 501 the electronic ID card information third-party application device 104 eID application authorization code and the eID information in the authentication device 101 is submitted to the electronic identity card authorization and verification server 103;
  • Step 502 The electronic ID card authorization and verification server 103 verifies the information submitted in step 501 and generates a verification result.
  • Step 503 the electronic ID card authorization and verification server 103 returns the verification result to the electronic identity card information third party application device (APP) 104.
  • APP electronic identity card information third party application device
  • the identification information of the third-party application device (APP) 104 of the electronic ID card information may be sent by the electronic ID card authorization and verification server 103, and the third-party application device (APP) is formed in the electronic identity card information. ) is set in the electronic identity card information third party application device (APP).
  • FIG. 6 is a schematic diagram of a process of setting the identification information of the third party application device (APP) 104 of the electronic identity card information in the third party application device of the electronic identity card information. As shown in FIG. 6, the process may include:
  • Step 601 The manufacturer of the third-party application device of the electronic ID card information submits an eID use application to the electronic ID card authorization and verification server 103 and submits related information of the third-party application device of the electronic ID card information, wherein the manufacturer may be, for example, an APP. Manufacturer
  • Step 602 The electronic ID card authorization and verification server 103 reviews the eID use application, and the verification is passed. If it continues, otherwise the process is terminated;
  • Step 603 The electronic ID card authorization and verification server 103 generates identification information according to the related information of the third-party application device of the electronic ID card information and grants the identification information to the manufacturer;
  • Step 604 The manufacturer sets the application identification information, the eID calling interface, and the like to the third party application device of the electronic ID card information.
  • the identification information of the third-party application device of the electronic ID card information is issued to the manufacturer by the electronic ID card authorization and verification server, the credibility of the identification information of the third-party application device of the electronic ID card information for the eID application can be improved, and Easy to manage.
  • the authentication device can be effectively bound to the electronic ID card (EID), whereby the user can implement the EID authentication service without relying on the additional carrier, which is beneficial to the authentication enhancement and the popularity of the eID; Further, by managing the EID in the authentication device, the convenience of using the EID is improved, and by authenticating the electronic identity card information third-party application device, the security of the EID use can be improved.
  • EID electronic ID card
  • the identifier information of the third-party application device of the electronic ID card information and the authorization code of the electronic ID card may be used to perform the pairing. User authentication.
  • the process of authentication can be as follows:
  • the third party application device of the electronic identity card information When the business operation of the third party application device of the electronic identity card information needs to verify the identity of the user, the third party application device of the electronic identity card information according to the identification information of the third party application device of the electronic identity card information, the electronic The ID application authorization code and the user information generate a first identity verification request, and send the first identity verification request to the electronic identity card information management device to request identity verification, where the user information may be the fingerprint information of the user. , facial information, physical identity card information and/or passwords entered by the user;
  • the electronic identity card information management device receives the first identity verification request of the third party application device of the electronic identity card information, communicates with the authentication device, and acquires electronic identity card information and/or information in the authentication device. a signature value for signing the first identity verification request, and according to the identification information in the first identity verification request, the electronic identity card application authorization code, and the user information, and the electronic identity card Generating a second identity verification request by using the information and/or the signature value for signing the first identity verification request, and sending the second identity verification request to the electronic identity card authorization and verification server to request identity verification;
  • the electronic identity card information management device returns the received identity verification result to the electronic identity card information third party application device;
  • the electronic identity card information third party application device agrees or rejects the service operation requested by the user according to the received identity verification result.
  • the above device of the present application may be implemented by hardware or by hardware combined with software.
  • the present application relates to a computer readable program that, when executed by a logic component, enables the logic component to implement the apparatus or components described above, or to implement the various methods described above Or steps.
  • the application also relates to a storage medium for storing the above program, such as a hard disk, a magnetic disk, an optical disk, a DVD, a flash memory, or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Provided by the present application is an authentication device-based electronic IDentity (eID) authentication service system, the authentication service system comprising: an authentication device which is arranged in a mobile terminal and is used for authenticating a mobile user identity; an eID information management device which is arranged in the mobile terminal and which generates downloading request information for requesting to download a user eID on the basis of information of the authentication device and information of the user, and which sends the downloading request information and writes a received eID into the authentication device; and an eID authorization and verification server which issues the eID to the eID information management device when the downloading request information is verified successfully. According to the present application, an authentication device and an eID may be effectively bound, so that a user may realize an eID authentication service without depending on an extra carrier, thereby facilitating authentication enhancement and eID popularization.

Description

基于鉴权装置的电子身份证认证服务系统Electronic ID card authentication service system based on authentication device 技术领域Technical field
本申请涉及通信技术领域,尤其涉及一种基于鉴权装置的电子身份证认证服务系统。The present application relates to the field of communications technologies, and in particular, to an electronic ID card authentication service system based on an authentication device.
背景技术Background technique
计算机与互联网在为人们提供强大服务功能的同时,安全问题日益突出。为了解决这一问题,用户在实名制网站注册时,被动要求提供个人的手机号码、身份证号、家庭住址等隐私信息,但是这种方法会存在实名制网站倒卖用户隐私、服务器被黑客攻击而隐私泄露等问题。While computers and the Internet provide powerful service functions for people, security issues are becoming increasingly prominent. In order to solve this problem, when users register on the real-name website, they are passively required to provide personal information such as mobile phone number, ID number, home address, etc., but this method will have real-name website reselling user privacy, server being hacked and privacy leaked. And other issues.
针对上述问题,电子身份证(eID,electronic IDentity)被提出,它是居民身份证在网络上的异化形式,全称为公民网络电子身份标识,eID是网络上远程证明个人真实身份的权威性电子信息文件,由公安部公民网络身份识别系统签发。eID在我国的使用还未得到普及,世界上最早推行使用eID的国家是比利时,2010年初,该国有85%以上的居民都拥有eID,并且其法律规定:公民必须拥有eID,目前该国基本上实现了全覆盖。随后,意大利、德国、美国、墨西哥、俄罗斯等国都从国家战略、法律法规等方面,由相关安全部门主导建设eID管理体系,大力推行eID的广泛使用。我国eID系统依托公安部覆盖13亿人口的全国公民身份信息库,生成了一组唯一的网络标志符和数字证书,保证用户身份的真实性和唯一性,同时其本身并不包含任何个人身份隐私信息。In response to the above problems, an electronic ID card (eID, electronic IDentity) was proposed. It is a form of alienation of the resident ID card on the network. It is called the citizen network electronic identity. The eID is the authoritative electronic information on the network to remotely prove the true identity of the individual. The document was issued by the Ministry of Public Security Citizen Network Identification System. The use of eID in China has not yet been popularized. The first country in the world to use eID is Belgium. At the beginning of 2010, more than 85% of the country's residents have eIDs, and its laws stipulate that citizens must have eIDs. Full coverage is achieved. Subsequently, Italy, Germany, the United States, Mexico, Russia and other countries from the national strategy, laws and regulations, etc., the relevant security departments led the construction of eID management system, and vigorously promote the widespread use of eID. China's eID system relies on the National Citizenship Information Database of the Ministry of Public Security covering 1.3 billion people, and generates a unique set of network identifiers and digital certificates to ensure the authenticity and uniqueness of the user's identity, while not including any personal identity privacy. information.
应该注意,上面对技术背景的介绍只是为了方便对本申请的技术方案进行清楚、完整的说明,并方便本领域技术人员的理解而阐述的。不能仅仅因为这些方案在本申请的背景技术部分进行了阐述而认为上述技术方案为本领域技术人员所公知。It should be noted that the above description of the technical background is only for the purpose of facilitating a clear and complete description of the technical solutions of the present application, and is convenient for understanding by those skilled in the art. The above technical solutions are not considered to be well known to those skilled in the art simply because these aspects are set forth in the background section of this application.
发明内容Summary of the invention
本申请的发明人发现,现有的eID系统主要使用类似U盘为终端载体实现了物 理分离,通过网络实时更新验证用户的身份有效性。这在某种程序上制约了eID的推广使用,首先随身携带以U盘为终端载体的eID系统不够便捷,其次,随着信息社会的快速发展,越来越多的用户选择使用手机、平板电脑等便携移动终端进行网上办公、网络购物等,这些移动终端并没有USB接口或者只有少数USB接口。面对上述问题,eID卡开始被设计为能够应用在含有安全芯片的金融IC卡上,但是,依旧无法在移动终端上获得便捷应用。The inventor of the present application found that the existing eID system mainly uses a U disk like a terminal carrier to implement the object. Separate and verify the validity of the user's identity through real-time network update. This restricts the promotion and use of eID in some programs. Firstly, it is not convenient to carry the eID system with U disk as the terminal carrier. Secondly, with the rapid development of the information society, more and more users choose to use mobile phones and tablets. Such portable mobile terminals for online office, online shopping, etc., these mobile terminals do not have a USB interface or only a few USB interfaces. Faced with the above problems, the eID card was originally designed to be applied to a financial IC card containing a security chip, but it is still not possible to obtain a convenient application on the mobile terminal.
为解决现有技术的问题,提升网络用户,尤其是移动网络用户,在身份认证层面的便捷简易性和安全可靠性,推动eID的普及应用,本申请提出一种基于移动终端的鉴权装置的eID认证服务系统,一方面使得用户不依赖于额外的载体,实现eID认证服务,另一方面将移动终端的鉴权装置与eID进行有效绑定,有利于认证增强和eID的普及。In order to solve the problems of the prior art, the network user, especially the mobile network user, is improved in the convenience and security of the identity authentication level, and promotes the popularization and application of the eID. The application proposes an authentication device based on the mobile terminal. On the one hand, the eID authentication service system enables the user to implement the eID authentication service without relying on additional carriers. On the other hand, the authentication device of the mobile terminal is effectively bound to the eID, which is beneficial to the authentication enhancement and the popularity of the eID.
根据本申请实施例的一个方面,提供一种基于鉴权装置的电子身份证认证服务系统,该认证服务系统包括:According to an aspect of the embodiments of the present application, an electronic ID card authentication service system based on an authentication device is provided, and the authentication service system includes:
鉴权装置,其设置于移动终端并用于进行移动用户身份鉴权;An authentication device, which is disposed on the mobile terminal and configured to perform mobile user identity authentication;
电子身份证信息管理装置,基于所述鉴权装置的信息以及用户的信息,生成请求下载所述用户的电子身份证的下载请求信息并发送该下载请求信息,并且,将接受到的所述电子身份证写入所述鉴权装置;以及The electronic identity card information management device generates download request information requesting to download the electronic ID card of the user based on the information of the authentication device and the information of the user, and transmits the download request information, and the electronic device to be received Writing an identity card to the authentication device;
电子身份证授权与验证服务器,其在对所述下载请求信息验证成功的情况下,向所述电子身份证信息管理装置下发所述电子身份证。And an electronic ID card authorization and verification server that delivers the electronic identity card to the electronic identity card information management device if the verification of the download request information is successful.
根据本申请实施例的另一个方面,其中,所述鉴权装置包括:According to another aspect of the embodiments of the present application, the authentication device includes:
存储单元,其用于存储被写入的电子身份证;a storage unit for storing the written electronic ID card;
通信单元,其用于与所述电子身份证信息管理装置进行通信;以及a communication unit for communicating with the electronic identity card information management device;
加解密模块,其用于对传输的数据进行加密和解密。An encryption and decryption module for encrypting and decrypting transmitted data.
根据本申请实施例的另一个方面,其中,所述电子身份证授权与验证服务器在对所述下载请求信息验证成功的情况下,将所述电子身份证与所述鉴权装置进行关联绑定,并将所述电子身份证下发给所述电子身份证信息管理装置,所述电子身份证信息管理装置将接收到的所述电子身份证写入所述鉴权装置。According to another aspect of the embodiments of the present application, the electronic ID card authorization and verification server associates the electronic identification card with the authentication device in a case where the verification of the download request information is successful. And sending the electronic ID card to the electronic ID card information management device, where the electronic ID card information management device writes the received electronic ID card to the authentication device.
根据本申请实施例的另一个方面,其中,所述电子身份证信息管理装置还对所述鉴权装置中的所述电子身份证进行管理,所述管理包括对所述电子身份证进行注销、 冻结、或解冻。According to another aspect of the embodiments of the present application, the electronic identity card information management apparatus further manages the electronic identity card in the authentication device, where the managing includes deleting the electronic identity card, Freeze, or thaw.
根据本申请实施例的另一个方面,其中,所述电子身份证信息管理装置在对所述用户的信息和/或用户输入的鉴权装置的签名密码进行验证成功的情况下,读取所述鉴权装置中的所述电子身份证,并将读取到的所述电子身份证与注销请求信息、冻结请求信息或解冻请求信息发送给所述电子身份证授权与验证服务器;According to another aspect of the embodiments of the present application, the electronic identity card information management apparatus reads the information in the case where the information of the user and/or the signature password of the authentication device input by the user is successfully verified. The electronic identity card in the authentication device, and the read electronic identification card and the cancellation request information, the freeze request information or the thawing request information are sent to the electronic ID card authorization and verification server;
所述电子身份证授权与验证服务器基于所述注销请求信息、所述冻结请求信息或所述解冻请求信息,进行处理以注销所述电子身份证与所述鉴权装置的关联关系、停止与所述电子身份证相关的网络操作使用、或恢复与所述电子身份证相关的网络操作使用,并向所述电子身份证信息管理装置反馈所述处理的结果。The electronic ID card authorization and verification server performs processing to cancel the association relationship between the electronic identity card and the authentication device, and stops the association based on the logout request information, the freeze request information, or the defrosting request information. The network operation related to the electronic identity card uses, or restores, the network operation associated with the electronic identity card, and feeds back the result of the processing to the electronic identity card information management device.
根据本申请实施例的另一个方面,其中,在所述电子身份证授权与验证服务器进行处理以注销所述电子身份证与所述鉴权装置的关联关系的情况下,所述电子身份证信息管理装置向所述鉴权装置发送注销命令,所述鉴权装置根据所述注销命令删除所述电子身份证。According to another aspect of the embodiments of the present application, in the case that the electronic ID card authorization and verification server performs processing to cancel the association relationship between the electronic identity card and the authentication device, the electronic identity card information The management device sends a logout command to the authentication device, and the authentication device deletes the electronic identity card according to the logout command.
根据本申请实施例的另一个方面,其中,该认证服务系统还包括:According to another aspect of the embodiments of the present application, the authentication service system further includes:
电子身份证信息第三方应用装置,其发送请求对所述鉴权装置中的所述电子身份证进行读取的读取请求,并接收所述电子身份证授权与验证服务器对所述电子身份证进行认证的认证结果。An electronic identification card information third party application device that sends a read request to read the electronic identity card in the authentication device, and receives the electronic identity card authorization and verification server to the electronic identity card The certification result of the certification.
根据本申请实施例的另一个方面,其中,所述电子身份证信息管理装置根据所述读取请求,在对所述鉴权装置的签名密码进行验证成功的情况下,读取所述鉴权装置中的所述电子身份证,根据所述读取请求中包含的所述电子身份证信息第三方应用装置的标识信息,以及所述电子身份证生成认证请求,并发送该认证请求;According to another aspect of the embodiments of the present application, the electronic identity card information management apparatus reads the authentication according to the read request, if the verification of the signature password of the authentication device is successful. The electronic ID card in the device generates an authentication request according to the identification information of the third-party application device of the electronic ID card information included in the read request, and the electronic ID card, and sends the authentication request;
所述电子身份证授权与验证服务器对所述认证请求中的所述电子身份证进行认证,并在认证成功的情况下将电子身份证应用授权码发送给所述电子身份证信息管理装置;The electronic ID card authorization and verification server authenticates the electronic ID card in the authentication request, and sends an electronic ID card application authorization code to the electronic ID card information management device if the authentication is successful;
所述电子身份证信息管理装置将接收到的所述电子身份证应用授权码发送给所述电子身份证信息第三方应用装置。The electronic identity card information management device sends the received electronic identity card application authorization code to the electronic identity card information third party application device.
根据本申请实施例的另一个方面,其中,所述电子身份证信息第三方应用装置将所述电子身份证应用授权码保存和/或发送给第三方应用服务器保存。According to another aspect of the embodiments of the present application, the electronic identity card information third party application device saves and/or sends the electronic identity card application authorization code to a third party application server for saving.
根据本申请实施例的另一个方面,其中,所述电子身份证信息管理装置将所述电 子身份证应用授权码和所述鉴权装置中的电子身份证发送给所述电子身份证授权与验证服务器,并请求所述电子身份证授权与验证服务器基于所述电子身份证应用授权码和所述电子身份证来验证用户的真实性。According to another aspect of the embodiments of the present application, the electronic identity card information management device Sending an ID card application authorization code and an electronic ID card in the authentication device to the electronic ID card authorization and verification server, and requesting the electronic ID card authorization and verification server to apply an authorization code based on the electronic ID card The electronic identity card verifies the authenticity of the user.
根据本申请实施例的另一个方面,其中,当所述电子身份证信息第三方应用装置的业务操作需要验证用户身份时,所述电子身份证信息第三方应用装置根据所述电子身份证信息第三方应用装置的所述标识信息、所述电子身份证应用授权码以及用户信息生成第一身份验证请求,并将所述第一身份验证请求发送给所述电子身份证信息管理装置,请求身份验证;According to another aspect of the embodiments of the present application, when the business operation of the third party application device of the electronic identity card information needs to verify the identity of the user, the third party application device of the electronic identity card information is based on the electronic identity card information. Generating the first identity verification request by the identifier information of the three-party application device, the electronic identity card application authorization code, and the user information, and sending the first identity verification request to the electronic identity card information management device to request identity verification ;
所述电子身份证信息管理装置接收所述电子身份证信息第三方应用装置的所述第一身份验证请求,与所述鉴权装置通信,获取所述鉴权装置中电子身份证信息和/或对所述第一身份验证请求进行签名的签名值,并根据所述第一身份验证请求中的所述标识信息、所述电子身份证应用授权码和所述用户信息,以及所述电子身份证信息和/或对所述第一身份验证请求进行签名的签名值生成第二身份验证请求,将所述第二身份验证请求发送到所述电子身份证授权与验证服务器,请求身份验证;The electronic identity card information management device receives the first identity verification request of the third party application device of the electronic identity card information, communicates with the authentication device, and acquires electronic identity card information and/or information in the authentication device. a signature value for signing the first identity verification request, and according to the identification information in the first identity verification request, the electronic identity card application authorization code, and the user information, and the electronic identity card Generating a second identity verification request by using the information and/or the signature value for signing the first identity verification request, and sending the second identity verification request to the electronic identity card authorization and verification server to request identity verification;
所述电子身份证授权与验证服务器接收所述电子身份证信息管理装置发送的所述第二身份验证请求,验证所述用户身份信息,将身份验证结果返回给所述电子身份证信息管理装置;Receiving, by the electronic ID card authorization and verification server, the second identity verification request sent by the electronic identity card information management device, verifying the identity information of the user, and returning the identity verification result to the electronic identity card information management device;
所述电子身份证信息管理装置将接收到的所述身份验证结果返回给所述电子身份证信息第三方应用装置;The electronic identity card information management device returns the received identity verification result to the electronic identity card information third party application device;
所述电子身份证信息第三方应用装置根据接收到所述身份验证结果,同意或拒绝用户所请求的所述业务操作。The electronic identity card information third party application device agrees or rejects the service operation requested by the user according to the received identity verification result.
本申请的有益效果在于:根据本申请的实施例,能够将鉴权装置与电子身份证进行有效绑定,由此,用户可以不依赖于额外的载体而实现EID认证服务,有利于认证增强和eID的普及。The beneficial effects of the present application are: according to the embodiment of the present application, the authentication device can be effectively bound to the electronic ID card, whereby the user can implement the EID authentication service without relying on the additional carrier, which is beneficial to the authentication enhancement and The popularity of eID.
参照后文的说明和附图,详细公开了本申请的特定实施方式,指明了本申请的原理可以被采用的方式。应该理解,本申请的实施方式在范围上并不因而受到限制。在所附权利要求的精神和条款的范围内,本申请的实施方式包括许多改变、修改和等同。 Specific embodiments of the present application are disclosed in detail with reference to the following description and accompanying drawings, in which <RTIgt; It should be understood that the embodiments of the present application are not limited in scope. The embodiments of the present application include many variations, modifications, and equivalents within the scope of the appended claims.
针对一种实施方式描述和/或示出的特征可以以相同或类似的方式在一个或更多个其它实施方式中使用,与其它实施方式中的特征相组合,或替代其它实施方式中的特征。Features described and/or illustrated with respect to one embodiment may be used in one or more other embodiments in the same or similar manner, in combination with, or in place of, features in other embodiments. .
应该强调,术语“包括/包含”在本文使用时指特征、整件、步骤或组件的存在,但并不排除一个或更多个其它特征、整件、步骤或组件的存在或附加。It should be emphasized that the term "comprising" or "comprises" or "comprising" or "comprising" or "comprising" or "comprising" or "comprises"
附图说明DRAWINGS
所包括的附图用来提供对本申请实施例的进一步的理解,其构成了说明书的一部分,用于例示本申请的实施方式,并与文字描述一起来阐释本申请的原理。显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。在附图中:The drawings are included to provide a further understanding of the embodiments of the present application, and are intended to illustrate the embodiments of the present application Obviously, the drawings in the following description are only some of the embodiments of the present application, and those skilled in the art can obtain other drawings according to the drawings without any inventive labor. In the drawing:
图1是本申请实施例1的认证服务系统的一个示意图;1 is a schematic diagram of an authentication service system according to Embodiment 1 of the present application;
图2是本申请实施例1的向鉴权装置中写入EID的一个示意图;2 is a schematic diagram of writing an EID to an authentication device according to Embodiment 1 of the present application;
图3是本申请实施例1的对鉴权装置中的EID进行注销的一个示意图;3 is a schematic diagram of deregistering an EID in an authentication apparatus according to Embodiment 1 of the present application;
图4是本申请实施例1的电子身份证信息第三方应用装置发送读取请求,并接收认证结果的流程的一个示意图;4 is a schematic diagram of a process in which a third-party application apparatus of an electronic ID card information of Embodiment 1 of the present application transmits a read request and receives an authentication result;
图5是本申请实施例1的对电子身份证信息第三方应用装置进行验证的流程的一个示意图;5 is a schematic diagram of a process for verifying an electronic identity card information third-party application device according to Embodiment 1 of the present application;
图6是本申请实施例1的申请面向eID使用的第三方应用的应用标识,并设置于该电子身份证信息第三方应用装置中的流程的一个示意图。FIG. 6 is a schematic diagram of a process of applying an application identifier of a third-party application for eID use in the application of the first embodiment of the present application, and setting it in the third-party application device of the electronic ID card information.
具体实施方式detailed description
参照附图,通过下面的说明书,本申请的前述以及其它特征将变得明显。在说明书和附图中,具体公开了本申请的特定实施方式,其表明了其中可以采用本申请的原则的部分实施方式,应了解的是,本申请不限于所描述的实施方式,相反,本申请包括落入所附权利要求的范围内的全部修改、变型以及等同物。The foregoing and other features of the present application will be apparent from the description, The specific embodiments of the present application are specifically disclosed in the specification and the drawings, which illustrate a part of the embodiments in which the principles of the present application may be employed, it being understood that the present application is not limited to the described embodiments, but instead The application includes all modifications, variations and equivalents falling within the scope of the appended claims.
在本申请中,该鉴权装置可以设置在移动终端,该鉴权装置可以是客户识别模块(Subscriber Identity Module,SIM)卡,与该客户识别模块卡贴合的芯片例如SIM贴膜卡,或者与该客户识别模块卡具有同等功能的集成到该移动终端的装置例如eSIM 卡等;该鉴权装置的功能可以由运行在该鉴权装置上的软件来实现,例如,该软件可以是芯片上的操作系统(Chip Operation System,COS)。然而,本实施例并不限于此,该鉴权装置的功能还可以由硬件实现,也可以由硬件结合软件实现,具体的实现方式可以参考现有技术。In this application, the authentication device may be disposed on the mobile terminal, and the authentication device may be a Subscriber Identity Module (SIM) card, a chip attached to the customer identification module card, such as a SIM film card, or The customer identification module card has equivalent functions integrated into the mobile terminal such as eSIM Card or the like; the function of the authentication device can be implemented by software running on the authentication device, for example, the software can be a chip operation system (COS). However, the present embodiment is not limited thereto, and the function of the authentication device may be implemented by hardware or by hardware and software. For specific implementation, reference may be made to the prior art.
在本申请中,电子身份证信息管理装置可以由软件实现,例如,该电子身份证信息管理装置可以是软件开发工具包(SDK),然而,本实施例并不限于此,该电子身份证信息管理装置还可以由硬件实现,也可以由硬件结合软件实现,具体的实现方式可以参考现有技术。In the present application, the electronic identity card information management device may be implemented by software. For example, the electronic identity card information management device may be a software development kit (SDK). However, the embodiment is not limited thereto, and the electronic identity card information is The management device can also be implemented by hardware, or can be implemented by hardware and software. The specific implementation manner can refer to the prior art.
在本申请中,电子身份证信息管理装置可以被设置于该移动终端,例如,该电子身份证信息管理装置可以与该鉴权装置分开设置,也可以设置在该鉴权装置中。In the present application, the electronic identity card information management device may be disposed in the mobile terminal. For example, the electronic identity card information management device may be provided separately from the authentication device or may be disposed in the authentication device.
在本申请中,电子身份证信息管理装置也可以被设置于该移动终端之外,例如,可以被设置于SIM卡的发行机构、或银行等机构的终端设备中,该终端设备例如可以是电子身份证的写卡认证设备。In the present application, the electronic ID card information management device may be disposed outside the mobile terminal, for example, may be disposed in a issuing device of a SIM card, or a terminal device of a bank or the like, and the terminal device may be, for example, an electronic device. ID card writing card authentication device.
在本申请中,电子身份证信息第三方应用装置可以由软件实现,例如,该电子身份证信息第三方应用装置可以是应用程序(Application,APP),然而,本实施例并不限于此,该电子身份证信息第三方应用装置还可以由硬件实现,也可以由硬件结合软件实现,具体的实现方式可以参考现有技术。In the present application, the third party application device of the electronic ID card information may be implemented by software. For example, the third party application device of the electronic ID card information may be an application (Application, APP). However, the embodiment is not limited thereto. The third-party application device of the electronic ID card information may also be implemented by hardware, or may be implemented by hardware and software. The specific implementation manner may refer to the prior art.
在本申请中,电子身份证授权与验证服务器也可以由软件和/或硬件来实现。In the present application, the electronic identity card authorization and authentication server can also be implemented by software and/or hardware.
在本申请中,该鉴权装置与电子身份证信息管理装置之间可以通过多种通信方式进行数据交换,这些通信方式例如可以是蓝牙通信、近场通信(Near Field Communication,NFC)、利用传送协议数据单元(Transport Protocol Data Unit,TPDU)通信等,也可以是鉴权装置与电子身份证信息管理装置之间自定义的特有协议的通信方式;电子身份证信息第三方应用装置与电子身份证信息管理装置之间可以通过内部通信接口来进行通信;电子身份证信息第三方应用装置和电子身份证信息管理装置可以经由该移动终端的通信模块与电子身份证授权与验证服务器进行通信,该通信可以经由有线网络或无线网络来进行。In the present application, the authentication device and the electronic ID card information management device can exchange data through various communication methods, such as Bluetooth communication, Near Field Communication (NFC), and utilization transmission. Protocol Data Unit (TPDU) communication, etc., may also be a unique protocol communication method between the authentication device and the electronic ID card information management device; electronic identity card information third party application device and electronic ID card The information management device can communicate through the internal communication interface; the electronic ID card information third party application device and the electronic ID card information management device can communicate with the electronic ID card authorization and verification server via the communication module of the mobile terminal, the communication This can be done via a wired network or a wireless network.
在本申请中,移动终端可以是功能手机、智能手机或平板电脑等便携式电子设备。In the present application, the mobile terminal may be a portable electronic device such as a feature phone, a smartphone or a tablet.
实施例1 Example 1
本申请实施例1提供一种基于鉴权装置的电子身份证认证服务系统。图1是该认证服务系统的一个示意图,如图1所示,该认证服务系统100包括:鉴权装置101,电子身份证信息管理装置102,以及电子身份证授权与验证服务器103。Embodiment 1 of the present application provides an electronic ID card authentication service system based on an authentication device. 1 is a schematic diagram of the authentication service system. As shown in FIG. 1, the authentication service system 100 includes an authentication device 101, an electronic identity card information management device 102, and an electronic ID card authorization and verification server 103.
其中,鉴权装置101设置于移动终端200并用于进行移动用户身份鉴权;电子身份证信息管理装置102基于鉴权装置101的信息以及用户的信息,生成请求下载用户的电子身份证(EID)的下载请求信息并发送该下载请求信息,并且,将接受到的电子身份证(EID)写入鉴权装置101;电子身份证授权与验证服务器103在对下载请求信息验证成功的情况下,向电子身份证信息管理装置102下发该电子身份证(EID)。The authentication device 101 is disposed in the mobile terminal 200 and configured to perform mobile user identity authentication; the electronic identity card information management device 102 generates an electronic identity card (EID) requesting to download the user based on the information of the authentication device 101 and the information of the user. Downloading the request information and transmitting the download request information, and writing the received electronic identification card (EID) to the authentication device 101; in the case where the verification of the download request information is successful, the electronic ID card authorization and verification server 103 The electronic identity card information management device 102 delivers the electronic identity card (EID).
根据本申请的实施例,能够将鉴权装置与电子身份证(EID)进行有效绑定,由此,用户可以不依赖于额外的载体而实现EID认证服务,有利于认证增强和eID的普及。According to the embodiment of the present application, the authentication device can be effectively bound with an electronic ID card (EID), whereby the user can implement the EID authentication service without relying on an additional carrier, which is advantageous for authentication enhancement and popularity of the eID.
在本实施例中,鉴权装置101可以包括:In this embodiment, the authentication device 101 may include:
存储单元,其用于存储被写入的电子身份证;a storage unit for storing the written electronic ID card;
通信单元,其用于与所述电子身份证信息管理装置进行通信;以及a communication unit for communicating with the electronic identity card information management device;
加解密模块,其用于对传输的数据进行加密和解密。An encryption and decryption module for encrypting and decrypting transmitted data.
图2是本实施例的向鉴权装置中写入EID的一个示意图。如图2所示,向鉴权装置101写入EID的流程包括:FIG. 2 is a schematic diagram of writing an EID to an authentication device according to the embodiment. As shown in FIG. 2, the process of writing an EID to the authentication device 101 includes:
①移动终端200中的电子身份证信息管理装置102获取用户的信息,其中,该用户的信息可以包括指纹信息、面部信息、和/或实体身份证信息等。该电子身份证信息管理装置102获取该用户的信息的方式有:a)用户使用移动终端200扫描指纹,电子身份证信息管理装置102获取用户的指纹信息;b)用户使用移动终端200进行面部识别,电子身份证信息管理装置102获取用户的面部信息;c)用户使用移动终端200识别实体身份证,电子身份证信息管理装置102获取用户的实体身份证信息。此外,用户的信息可以不限于上述所列举的信息,并且,电子身份证信息管理装置102获取用户的信息的方式也可以不限于上述所列举的方式。The electronic identity card information management device 102 in the mobile terminal 200 acquires information of the user, wherein the information of the user may include fingerprint information, face information, and/or physical identity card information. The manner in which the electronic ID card information management device 102 acquires the information of the user includes: a) the user scans the fingerprint using the mobile terminal 200, and the electronic ID card information management device 102 acquires the fingerprint information of the user; b) the user uses the mobile terminal 200 to perform face recognition. The electronic identity card information management device 102 acquires the facial information of the user; c) the user identifies the physical identity card using the mobile terminal 200, and the electronic identity card information management device 102 acquires the physical identity card information of the user. Further, the information of the user may not be limited to the information listed above, and the manner in which the electronic ID card information management device 102 acquires the information of the user may not be limited to the above-described modes.
②移动终端200中的电子身份证信息管理装置102与鉴权装置101通信,获取鉴权装置101的信息,所述鉴权装置的信息例如可以集成电路卡识别码(Integrate Circuit Card Identity,ICCID)等信息。The electronic identity card information management device 102 in the mobile terminal 200 communicates with the authentication device 101 to obtain information of the authentication device 101. The information of the authentication device may be, for example, an integrated circuit card identity (ICCID). And other information.
③移动终端200中的电子身份证信息管理装置102根据鉴权装置101的信息、用 户的信息生成下载请求信息,并将该下载请求信息发送给电子身份证授权与验证服务器103,申请下载电子身份证。3 The electronic identity card information management device 102 in the mobile terminal 200 is used according to the information of the authentication device 101. The information of the user generates download request information, and sends the download request information to the electronic ID card authorization and verification server 103 to apply for downloading the electronic ID card.
④电子身份证授权与验证服务器103接收到该下载请求信息,并对移动终端200、鉴权装置的信息和用户的信息进行验证,并返回验证结果,例如,验证成功的情况下,将鉴权装置信息与电子身份证进行关联绑定,同时下发eID到移动终端200,由移动终端200中的电子身份证信息管理装置102将eID写入鉴权装置101,如果验证失败,返回错误信息到移动终端200。4 The electronic ID card authorization and verification server 103 receives the download request information, and verifies the information of the mobile terminal 200, the authentication device, and the user's information, and returns the verification result. For example, if the verification is successful, the authentication is performed. The device information is associated with the electronic ID card, and the eID is sent to the mobile terminal 200. The electronic ID information management device 102 in the mobile terminal 200 writes the eID to the authentication device 101. If the verification fails, an error message is returned. Mobile terminal 200.
在本实施例中,电子身份证信息管理装置102还可以对鉴权装置101中的电子身份证(EID)进行管理,该管理包括对该电子身份证(EID)进行注销、冻结、或解冻等处理。In this embodiment, the electronic ID card information management device 102 can also manage an electronic identification card (EID) in the authentication device 101, and the management includes deregistering, freezing, or unfreezing the electronic identification card (EID). deal with.
图3是本实施例的对鉴权装置中的EID进行注销的一个示意图。如图3所示,对鉴权装置101中的EID进行注销的流程包括:FIG. 3 is a schematic diagram of deregistering an EID in an authentication apparatus according to the embodiment. As shown in FIG. 3, the process of deregistering the EID in the authentication apparatus 101 includes:
①电子身份证信息管理装置102对用户的信息进行本地验证,例如,电子身份证信息管理装置102进行控制,使得在移动终端200中对用户的指纹信息、面部信息、实体身份证信息等进行验证,此外,也可以对用户输入的鉴权装置的签名密码进行验证;在本地验证成功的情况下,读取鉴权装置101中的eID,连同注销请求信息一并发送给电子身份证授权与验证服务器103;The electronic identity card information management device 102 performs local authentication on the user's information. For example, the electronic identity card information management device 102 performs control such that the user's fingerprint information, face information, physical identity card information, and the like are verified in the mobile terminal 200. In addition, the signature password of the authentication device input by the user may be verified; if the local authentication is successful, the eID in the authentication device 101 is read and sent to the electronic ID card authorization and verification together with the cancellation request information. Server 103;
②电子身份证授权与验证服务器103根据收到的eID和注销请求信息,执行注销操作,即,注销eID与鉴权装置的关联信息,向终端200的电子身份证信息管理装置102返回注销操作结果,该注销操作结果表明该注销操作成功或失败;2 The electronic ID card authorization and verification server 103 performs a logout operation according to the received eID and the logout request information, that is, cancels the association information of the eID and the authentication device, and returns the logout operation result to the electronic ID card information management device 102 of the terminal 200. The result of the logout operation indicates that the logout operation succeeds or fails;
③返回结果为成功时,电子身份证信息管理装置102向鉴权装置101发出注销命令,鉴权装置101删除eID并返回删除结果给电子身份证信息管理装置102。3 When the return result is successful, the electronic ID card information management device 102 issues a logout command to the authentication device 101, and the authentication device 101 deletes the eID and returns the deletion result to the electronic ID card information management device 102.
在本实施例中,对鉴权装置101中的EID进行冻结或解冻的流程与上述注销的流程类似,例如,对鉴权装置101中的EID进行冻结或解冻的流程可以包括:In the present embodiment, the process of freezing or thawing the EID in the authentication device 101 is similar to the process of deregistering. For example, the process of freezing or thawing the EID in the authentication device 101 may include:
①电子身份证信息管理装置102在对所述用户的信息和/或用户输入的鉴权装置的签名密码进行本地验证成功的情况下,读取鉴权装置101中的电子身份证(EID),并将读取到的电子身份证(EID)与冻结请求信息或解冻请求信息发送给电子身份证授权与验证服务器103;1 The electronic ID card information management device 102 reads the electronic identification card (EID) in the authentication device 101 in the case where the local authentication of the information of the user and/or the signature password of the authentication device input by the user is successful, And the read electronic identification card (EID) and the freeze request information or the thawing request information is sent to the electronic ID card authorization and verification server 103;
②电子身份证授权与验证服务器103基于所述冻结请求信息或所述解冻请求信 息,进行处理以停止与所述电子身份证(EID)相关的网络操作使用、或恢复与所述电子身份证(EID)相关的网络操作使用,并向电子身份证信息管理装置102反馈所述处理成功或失败的结果。2 electronic ID card authorization and verification server 103 based on the freeze request information or the defrosting request letter Processing to stop network operation use associated with the electronic identity card (EID), or to resume network operation use associated with the electronic identity card (EID), and to feed back the electronic identity card information management device 102 The result of processing success or failure.
在本实施例中,电子身份证信息管理装置102也可以被设置于该移动终端200之外,例如,可以被设置于SIM卡的发行机构、或银行等机构的终端设备中,该终端设备例如可以是电子身份证的写卡认证设备。由此,用户可以在移动终端200之外的终端上进行将eID写入鉴权装置的操作,并且,在移动终端200之外的终端上对鉴权装置101中的eID进行认证、注销、冻结、解冻等处理。In this embodiment, the electronic ID card information management device 102 may also be disposed outside the mobile terminal 200, for example, may be disposed in a issuing device of a SIM card, or a terminal device of a bank or the like, such as a terminal device, for example. It can be a card authentication device for an electronic ID card. Thereby, the user can perform an operation of writing the eID to the authentication device on the terminal other than the mobile terminal 200, and authenticate, logout, and freeze the eID in the authentication device 101 on the terminal other than the mobile terminal 200. , thawing and other treatments.
在本实施例中,如图1所示,认证服务系统100还可以包括电子身份证信息第三方应用装置104,其中,该电子身份证信息第三方应用装置104可以发送请求对鉴权装置101中的电子身份证(EID)进行读取的读取请求,并接收电子身份证授权与验证服务器103对电子身份证(EID)进行认证的认证结果。In this embodiment, as shown in FIG. 1, the authentication service system 100 may further include an electronic identity card information third party application device 104, wherein the electronic identity card information third party application device 104 may send a request to the authentication device 101. The electronic identification card (EID) performs a read request for reading, and receives an authentication result of the electronic ID card authorization and verification server 103 authenticating the electronic identity card (EID).
图4是电子身份证信息第三方应用装置104发送读取请求,并接收认证结果的流程的一个示意图。如图4所示,该电子身份证信息第三方应用装置104发送读取请求,并接收认证结果的流程可以包括:4 is a schematic diagram of a flow of the electronic ID card information third party application device 104 transmitting a read request and receiving the authentication result. As shown in FIG. 4, the process for the third party application device 104 to send a read request and receive the authentication result may include:
①移动终端200中的电子身份证信息第三方应用装置104(APP)向电子身份证信息管理装置102发出读取eID的读取请求,读取请求中包含该电子身份证信息第三方应用装置104的相关信息,该相关信息例如是该电子身份证信息第三方应用装置104的标识信息;1 The electronic ID card information in the mobile terminal 200 The third party application device 104 (APP) issues a read request for reading the eID to the electronic ID card information management device 102, and the read request includes the electronic ID card information. The third party application device 104 Relevant information, such as identification information of the third party application device 104 of the electronic ID card information;
②电子身份证信息管理装置102通过移动终端200对用户的信息和/或鉴权装置的签名密码进行本地验证,在本地验证成功的情况下,读取鉴权装置101中的eID;2 The electronic ID card information management device 102 locally verifies the user's information and/or the signature password of the authentication device by the mobile terminal 200, and reads the eID in the authentication device 101 if the local authentication is successful;
③根据读取的eID和该电子身份证信息第三方应用装置104的标识信息生成认证请求信息,该认证请求信息被发送给电子身份证授权与验证服务器103;3 generating authentication request information according to the read eID and the identification information of the third party application device 104 of the electronic ID card information, the authentication request information is sent to the electronic ID card authorization and verification server 103;
④电子身份证授权与验证服务器103根据该认证请求信息,给出认证结果并将认证结果返回给移动终端200的电子身份证信息管理装置102,例如,认证成功则该认证结果中包括eID应用授权码,认证失败则该认证结果中包括认证失败的信息;The electronic ID card authorization and verification server 103 gives the authentication result according to the authentication request information, and returns the authentication result to the electronic ID card information management device 102 of the mobile terminal 200. For example, if the authentication succeeds, the authentication result includes the eID application authorization. If the authentication fails, the authentication result includes information that the authentication fails;
⑤电子身份证信息管理装置102将接收到的认证结果发送给电子身份证信息第三方应用装置104,该认证结果中包括EID应用授权码或认证失败的信息;The electronic ID card information management device 102 sends the received authentication result to the electronic ID card information third party application device 104, where the authentication result includes the EID application authorization code or the authentication failure information;
⑥如果电子身份证信息第三方应用装置104收到认证失败的信息,则拒绝用户操 作,如果电子身份证信息第三方应用装置104收到认证成功的结果以及eID应用授权码,则本地保存eID应用授权码的和/或发送给电子身份证信息第三方应用服务器104a进行保存。6 If the electronic ID card information third party application device 104 receives the authentication failure information, the user is denied If the electronic ID card information third party application device 104 receives the result of the authentication success and the eID application authorization code, the eID application authorization code is locally saved and/or sent to the electronic ID card information third party application server 104a for storage.
在本实施例中,电子身份证授权与验证服务器103还可以对电子身份证信息第三方应用装置(APP)104进行验证,并且,只有验证合格的电子身份证信息第三方应用装置(APP)104所发送的请求读取鉴权装置中的EID的读取请求才有效,由此,避免非法的电子身份证信息第三方应用装置(APP)读取EID,从而提高了安全性。In this embodiment, the electronic ID card authorization and verification server 103 can also verify the electronic identity card information third party application device (APP) 104, and only the qualified electronic identity card information third party application device (APP) 104 The read request to read the EID in the request authentication device is valid, thereby preventing the illegal electronic ID information from being read by the third party application device (APP), thereby improving security.
例如,电子身份证信息第三方应用装置(APP)104可以将该电子身份证信息第三方应用装置(APP)的标识信息和电子身份证(EID)应用授权码发送给电子身份证授权与验证服务器103,电子身份证授权与验证服务器对相关信息和电子身份证(EID)应用授权码进行验证,在验证通过的情况下,电子身份证信息第三方应用装置(APP)所发送的该读取请求有效。For example, the electronic identity card information third party application device (APP) 104 may send the identification information of the electronic identity card information third party application device (APP) and the electronic identity card (EID) application authorization code to the electronic identity card authorization and verification server. 103. The electronic ID card authorization and verification server verifies the related information and the electronic identification card (EID) application authorization code. When the verification is passed, the electronic identification information is sent by the third party application device (APP). effective.
图5是本实施例的对电子身份证信息第三方应用装置进行验证的流程的一个示意图,如图5所示,该对电子身份证信息第三方应用装置进行验证的流程可以包括:5 is a schematic diagram of a process for verifying an electronic ID card information third-party application device according to the embodiment. As shown in FIG. 5, the process for verifying the third-party application device of the electronic ID card information may include:
步骤501、将电子身份证信息第三方应用装置104的eID应用授权码和鉴权装置101中的eID信息提交给电子身份证授权与验证服务器103; Step 501, the electronic ID card information third-party application device 104 eID application authorization code and the eID information in the authentication device 101 is submitted to the electronic identity card authorization and verification server 103;
步骤502、电子身份证授权与验证服务器103对步骤501中提交的信息进行验证并生成验证结果;Step 502: The electronic ID card authorization and verification server 103 verifies the information submitted in step 501 and generates a verification result.
步骤503、电子身份证授权与验证服务器103将验证结果返回给电子身份证信息第三方应用装置(APP)104。 Step 503, the electronic ID card authorization and verification server 103 returns the verification result to the electronic identity card information third party application device (APP) 104.
在本实施例中,该电子身份证信息第三方应用装置(APP)104的标识信息可以由电子身份证授权与验证服务器103所下发、并在形成该电子身份证信息第三方应用装置(APP)时被设置于该电子身份证信息第三方应用装置(APP)中。In this embodiment, the identification information of the third-party application device (APP) 104 of the electronic ID card information may be sent by the electronic ID card authorization and verification server 103, and the third-party application device (APP) is formed in the electronic identity card information. ) is set in the electronic identity card information third party application device (APP).
图6是将电子身份证信息第三方应用装置(APP)104的标识信息设置于该电子身份证信息第三方应用装置中的流程的一个示意图,如图6所示,该流程可以包括:FIG. 6 is a schematic diagram of a process of setting the identification information of the third party application device (APP) 104 of the electronic identity card information in the third party application device of the electronic identity card information. As shown in FIG. 6, the process may include:
步骤601、电子身份证信息第三方应用装置的制造厂商向电子身份证授权与验证服务器103提交eID使用申请并提交电子身份证信息第三方应用装置的相关信息,其中,该制造厂商例如可以是APP厂商;Step 601: The manufacturer of the third-party application device of the electronic ID card information submits an eID use application to the electronic ID card authorization and verification server 103 and submits related information of the third-party application device of the electronic ID card information, wherein the manufacturer may be, for example, an APP. Manufacturer
步骤602、电子身份证授权与验证服务器103对eID使用申请进行审核,审核通 过则继续,否则过程终止;Step 602: The electronic ID card authorization and verification server 103 reviews the eID use application, and the verification is passed. If it continues, otherwise the process is terminated;
步骤603、电子身份证授权与验证服务器103根据电子身份证信息第三方应用装置的相关信息生成标识信息并授予该制造厂商;Step 603: The electronic ID card authorization and verification server 103 generates identification information according to the related information of the third-party application device of the electronic ID card information and grants the identification information to the manufacturer;
步骤604、该制造厂商将应用标识信息和eID调用接口等设置于电子身份证信息第三方应用装置。Step 604: The manufacturer sets the application identification information, the eID calling interface, and the like to the third party application device of the electronic ID card information.
由于电子身份证信息第三方应用装置的标识信息由电子身份证授权与验证服务器发放给制造厂商,因此,可以提高面向eID应用的电子身份证信息第三方应用装置的标识信息的可信度,并且便于管理。Since the identification information of the third-party application device of the electronic ID card information is issued to the manufacturer by the electronic ID card authorization and verification server, the credibility of the identification information of the third-party application device of the electronic ID card information for the eID application can be improved, and Easy to manage.
根据本申请的实施例,能够将鉴权装置与电子身份证(EID)进行有效绑定,由此,用户可以不依赖于额外的载体而实现EID认证服务,有利于认证增强和eID的普及;并且,通过对鉴权装置中的EID进行管理,提高了使用EID的便利性;并且,通过对电子身份证信息第三方应用装置进行认证,能够提高EID使用的安全性。According to the embodiment of the present application, the authentication device can be effectively bound to the electronic ID card (EID), whereby the user can implement the EID authentication service without relying on the additional carrier, which is beneficial to the authentication enhancement and the popularity of the eID; Further, by managing the EID in the authentication device, the convenience of using the EID is improved, and by authenticating the electronic identity card information third-party application device, the security of the EID use can be improved.
在本实施例中,电子身份证信息第三方应用装置104因业务流程需要对用户进行身份验证时,可以基于该电子身份证信息第三方应用装置的标识信息和电子身份证应用授权码来进行对用户的身份验证。In this embodiment, when the third-party application device 104 of the electronic ID card needs to authenticate the user due to the business process, the identifier information of the third-party application device of the electronic ID card information and the authorization code of the electronic ID card may be used to perform the pairing. User authentication.
例如,该身份验证的流程可以如下所述:For example, the process of authentication can be as follows:
当所述电子身份证信息第三方应用装置的业务操作需要验证用户身份时,所述电子身份证信息第三方应用装置根据所述电子身份证信息第三方应用装置的所述标识信息、所述电子身份证应用授权码以及用户信息生成第一身份验证请求,并将所述第一身份验证请求发送给所述电子身份证信息管理装置,请求身份验证,其中,所属用户信息可以是用户的指纹信息、面部信息、实体身份证信息和/或用户输入的密码等;When the business operation of the third party application device of the electronic identity card information needs to verify the identity of the user, the third party application device of the electronic identity card information according to the identification information of the third party application device of the electronic identity card information, the electronic The ID application authorization code and the user information generate a first identity verification request, and send the first identity verification request to the electronic identity card information management device to request identity verification, where the user information may be the fingerprint information of the user. , facial information, physical identity card information and/or passwords entered by the user;
所述电子身份证信息管理装置接收所述电子身份证信息第三方应用装置的所述第一身份验证请求,与所述鉴权装置通信,获取所述鉴权装置中电子身份证信息和/或对所述第一身份验证请求进行签名的签名值,并根据所述第一身份验证请求中的所述标识信息、所述电子身份证应用授权码和所述用户信息,以及所述电子身份证信息和/或对所述第一身份验证请求进行签名的签名值生成第二身份验证请求,将所述第二身份验证请求发送到所述电子身份证授权与验证服务器,请求身份验证;The electronic identity card information management device receives the first identity verification request of the third party application device of the electronic identity card information, communicates with the authentication device, and acquires electronic identity card information and/or information in the authentication device. a signature value for signing the first identity verification request, and according to the identification information in the first identity verification request, the electronic identity card application authorization code, and the user information, and the electronic identity card Generating a second identity verification request by using the information and/or the signature value for signing the first identity verification request, and sending the second identity verification request to the electronic identity card authorization and verification server to request identity verification;
所述电子身份证授权与验证服务器接收所述电子身份证信息管理装置发送的所述第二身份验证请求,验证所述用户身份信息,将身份验证结果返回给所述电子身份 证信息管理装置;Receiving, by the electronic ID card authorization and verification server, the second identity verification request sent by the electronic identity card information management device, verifying the identity information of the user, and returning the identity verification result to the electronic identity Certificate information management device;
所述电子身份证信息管理装置将接收到的所述身份验证结果返回给所述电子身份证信息第三方应用装置;The electronic identity card information management device returns the received identity verification result to the electronic identity card information third party application device;
所述电子身份证信息第三方应用装置根据接收到所述身份验证结果,同意或拒绝用户所请求的所述业务操作。The electronic identity card information third party application device agrees or rejects the service operation requested by the user according to the received identity verification result.
本申请以上的装置可以由硬件实现,也可以由硬件结合软件实现。本申请涉及这样的计算机可读程序,当该程序被逻辑部件所执行时,能够使该逻辑部件实现上文所述的装置或构成部件,或使该逻辑部件实现上文所述的各种方法或步骤。本申请还涉及用于存储以上程序的存储介质,如硬盘、磁盘、光盘、DVD、flash存储器等。The above device of the present application may be implemented by hardware or by hardware combined with software. The present application relates to a computer readable program that, when executed by a logic component, enables the logic component to implement the apparatus or components described above, or to implement the various methods described above Or steps. The application also relates to a storage medium for storing the above program, such as a hard disk, a magnetic disk, an optical disk, a DVD, a flash memory, or the like.
以上结合具体的实施方式对本申请进行了描述,但本领域技术人员应该清楚,这些描述都是示例性的,并不是对本申请保护范围的限制。本领域技术人员可以根据本申请的精神和原理对本申请做出各种变型和修改,这些变型和修改也在本申请的范围内。 The present invention has been described in connection with the specific embodiments thereof, but it is to be understood that the description is intended to be illustrative and not restrictive. Various modifications and alterations of the present application are possible in light of the spirit and scope of the invention, which are also within the scope of the present application.

Claims (10)

  1. 一种基于鉴权装置的电子身份证认证服务系统,该认证服务系统包括:An electronic ID card authentication service system based on an authentication device, the authentication service system comprising:
    鉴权装置,其设置于移动终端并用于进行移动用户身份鉴权;An authentication device, which is disposed on the mobile terminal and configured to perform mobile user identity authentication;
    电子身份证信息管理装置,基于所述鉴权装置的信息以及用户的信息,生成请求下载所述用户的电子身份证的下载请求信息并发送该下载请求信息,并且,将接受到的所述电子身份证写入所述鉴权装置;以及The electronic identity card information management device generates download request information requesting to download the electronic ID card of the user based on the information of the authentication device and the information of the user, and transmits the download request information, and the electronic device to be received Writing an identity card to the authentication device;
    电子身份证授权与验证服务器,其在对所述下载请求信息验证成功的情况下,向所述电子身份证信息管理装置下发所述电子身份证。And an electronic ID card authorization and verification server that delivers the electronic identity card to the electronic identity card information management device if the verification of the download request information is successful.
  2. 如权利要求1所述的认证服务系统,其中,The authentication service system according to claim 1, wherein
    所述鉴权装置包括:The authentication device includes:
    存储单元,其用于存储被写入的电子身份证;a storage unit for storing the written electronic ID card;
    通信单元,其用于与所述电子身份证信息管理装置进行通信;以及a communication unit for communicating with the electronic identity card information management device;
    加解密模块,其用于对传输的数据进行加密和解密。An encryption and decryption module for encrypting and decrypting transmitted data.
  3. 如权利要求1所述的认证服务系统,其中,The authentication service system according to claim 1, wherein
    所述电子身份证授权与验证服务器在对所述下载请求信息验证成功的情况下,将所述电子身份证与所述鉴权装置进行关联绑定,并将所述电子身份证下发给所述电子身份证信息管理装置,所述电子身份证信息管理装置将接收到的所述电子身份证写入所述鉴权装置。And the electronic ID card authorization and verification server associates the electronic identification card with the authentication device in a case where the verification of the download request information is successful, and sends the electronic identification card to the office The electronic identity card information management device writes the received electronic identity card into the authentication device.
  4. 如权利要求3所述的认证服务系统,其中,The authentication service system according to claim 3, wherein
    所述电子身份证信息管理装置还对所述鉴权装置中的所述电子身份证进行管理,所述管理包括对所述电子身份证进行注销、冻结、或解冻。The electronic identity card information management apparatus further manages the electronic identity card in the authentication device, and the managing includes deregistering, freezing, or unfreezing the electronic identity card.
  5. 如权利要求4所述的认证服务系统,其中,The authentication service system according to claim 4, wherein
    所述电子身份证信息管理装置在对所述用户的信息和/或用户输入的鉴权装置的签名密码进行验证成功的情况下,读取所述鉴权装置中的所述电子身份证,并将读取到的所述电子身份证与注销请求信息、冻结请求信息或解冻请求信息发送给所述电子身份证授权与验证服务器,The electronic ID card information management device reads the electronic ID card in the authentication device when the information of the user and/or the signature password of the authentication device input by the user is successfully verified, and Sending the read electronic ID card and the cancellation request information, the freeze request information or the thawing request information to the electronic ID card authorization and verification server,
    所述电子身份证授权与验证服务器基于所述注销请求信息、所述冻结请求信息或所述解冻请求信息,进行处理以注销所述电子身份证与所述鉴权装置的关联关系、停 止与所述电子身份证相关的网络操作使用、或恢复与所述电子身份证相关的网络操作使用,并向所述电子身份证信息管理装置反馈所述处理的结果。The electronic ID card authorization and verification server performs processing to cancel the association relationship between the electronic ID card and the authentication device based on the logout request information, the freeze request information, or the defrosting request information, and stops The network operation associated with the electronic identity card is used, or the network operation associated with the electronic identity card is resumed, and the result of the processing is fed back to the electronic identity card information management device.
  6. 如权利要求5所述的认证服务系统,其中,The authentication service system according to claim 5, wherein
    在所述电子身份证授权与验证服务器进行处理以注销所述电子身份证与所述鉴权装置的关联关系的情况下,所述电子身份证信息管理装置向所述鉴权装置发送注销命令,所述鉴权装置根据所述注销命令删除所述电子身份证。When the electronic ID card authorization and verification server performs processing to cancel the association relationship between the electronic identity card and the authentication device, the electronic identity card information management device sends a logout command to the authentication device, The authentication device deletes the electronic identity card according to the logout command.
  7. 如权利要求1所述的认证服务系统,其中,该认证服务系统还包括:The authentication service system of claim 1 wherein the authentication service system further comprises:
    电子身份证信息第三方应用装置,其发送请求对所述鉴权装置中的所述电子身份证进行读取的读取请求,并接收所述电子身份证授权与验证服务器对所述电子身份证进行认证的认证结果。An electronic identification card information third party application device that sends a read request to read the electronic identity card in the authentication device, and receives the electronic identity card authorization and verification server to the electronic identity card The certification result of the certification.
  8. 如权利要求7所述的认证服务系统,其中,The authentication service system according to claim 7, wherein
    所述电子身份证信息管理装置根据所述读取请求,在对所述鉴权装置的签名密码进行验证成功的情况下,读取所述鉴权装置中的所述电子身份证,根据所述读取请求中包含的所述电子身份证信息第三方应用装置的标识信息,以及所述电子身份证生成认证请求,并发送该认证请求,The electronic ID card information management device reads the electronic ID card in the authentication device according to the read request, if the verification of the signature password of the authentication device is successful, according to the Reading the identification information of the third-party application device of the electronic ID card information included in the request, and generating the authentication request by the electronic ID card, and transmitting the authentication request,
    所述电子身份证授权与验证服务器对所述认证请求中的所述电子身份证进行认证,并在认证成功的情况下将电子身份证应用授权码发送给所述电子身份证信息管理装置,The electronic ID card authorization and verification server authenticates the electronic ID card in the authentication request, and sends an electronic ID application authorization code to the electronic ID card information management device if the authentication is successful.
    所述电子身份证信息管理装置将接收到的所述电子身份证应用授权码发送给所述电子身份证信息第三方应用装置,The electronic ID card information management device sends the received electronic ID card application authorization code to the third party application device of the electronic ID card information,
    所述电子身份证信息第三方应用装置将所述电子身份证应用授权码保存发送给第三方应用服务器保存。The third-party application device of the electronic ID card information saves the electronic ID card application authorization code and saves it to a third-party application server for storage.
  9. 如权利要求8所述的认证服务系统,其中,The authentication service system according to claim 8, wherein
    所述电子身份证信息管理装置将所述电子身份证应用授权码和所述鉴权装置中的电子身份证发送给所述电子身份证授权与验证服务器,并请求所述电子身份证授权与验证服务器基于所述电子身份证应用授权码和所述电子身份证来验证用户的真实性。The electronic ID card information management device sends the electronic ID card application authorization code and the electronic ID card in the authentication device to the electronic ID card authorization and verification server, and requests the electronic ID card authorization and verification The server verifies the authenticity of the user based on the electronic identity card application authorization code and the electronic identity card.
  10. 如权利要求9所述的认证服务系统,其中,The authentication service system according to claim 9, wherein
    当所述电子身份证信息第三方应用装置的业务操作需要验证用户身份时,所述电 子身份证信息第三方应用装置根据所述电子身份证信息第三方应用装置的所述标识信息、所述电子身份证应用授权码以及用户信息生成第一身份验证请求,并将所述第一身份验证请求发送给所述电子身份证信息管理装置,请求身份验证;When the business operation of the electronic identity card information third party application device needs to verify the identity of the user, the electricity The third identity application device generates a first identity verification request according to the identifier information of the electronic identity card information third party application device, the electronic identity card application authorization code, and user information, and generates the first identity The verification request is sent to the electronic identity card information management device to request identity verification;
    所述电子身份证信息管理装置接收所述电子身份证信息第三方应用装置的所述第一身份验证请求,与所述鉴权装置通信,获取所述鉴权装置中电子身份证信息和/或对所述第一身份验证请求进行签名的签名值,并根据所述第一身份验证请求中的所述标识信息、所述电子身份证应用授权码和所述用户信息,以及所述电子身份证信息和/或对所述第一身份验证请求进行签名的签名值生成第二身份验证请求,将所述第二身份验证请求发送到所述电子身份证授权与验证服务器,请求身份验证;The electronic identity card information management device receives the first identity verification request of the third party application device of the electronic identity card information, communicates with the authentication device, and acquires electronic identity card information and/or information in the authentication device. a signature value for signing the first identity verification request, and according to the identification information in the first identity verification request, the electronic identity card application authorization code, and the user information, and the electronic identity card Generating a second identity verification request by using the information and/or the signature value for signing the first identity verification request, and sending the second identity verification request to the electronic identity card authorization and verification server to request identity verification;
    所述电子身份证授权与验证服务器接收所述电子身份证信息管理装置发送的所述第二身份验证请求,验证所述用户身份信息,将身份验证结果返回给所述电子身份证信息管理装置;Receiving, by the electronic ID card authorization and verification server, the second identity verification request sent by the electronic identity card information management device, verifying the identity information of the user, and returning the identity verification result to the electronic identity card information management device;
    所述电子身份证信息管理装置将接收到的所述身份验证结果返回给所述电子身份证信息第三方应用装置;The electronic identity card information management device returns the received identity verification result to the electronic identity card information third party application device;
    所述电子身份证信息第三方应用装置根据接收到所述身份验证结果,同意或拒绝用户所请求的所述业务操作。 The electronic identity card information third party application device agrees or rejects the service operation requested by the user according to the received identity verification result.
PCT/CN2017/110161 2016-12-21 2017-11-09 Authentication device-based electronic identity card authentication service system WO2018113437A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611191259.4 2016-12-21
CN201611191259.4A CN106790070B (en) 2016-12-21 2016-12-21 Electronic ID card identification service system based on authentication device

Publications (1)

Publication Number Publication Date
WO2018113437A1 true WO2018113437A1 (en) 2018-06-28

Family

ID=58893594

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/110161 WO2018113437A1 (en) 2016-12-21 2017-11-09 Authentication device-based electronic identity card authentication service system

Country Status (3)

Country Link
CN (1) CN106790070B (en)
TW (1) TW201824052A (en)
WO (1) WO2018113437A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111343133A (en) * 2018-12-19 2020-06-26 中移物联网有限公司 Authentication method, authentication equipment and computer readable storage medium
CN111491295A (en) * 2020-04-13 2020-08-04 佛山职业技术学院 NFC-based identity authorization and identity verification method, device and system
CN115175183A (en) * 2022-05-09 2022-10-11 中移互联网有限公司 Authentication method and authentication device based on 5G message

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106790070B (en) * 2016-12-21 2018-03-23 杨宪国 Electronic ID card identification service system based on authentication device
CN107294988A (en) * 2017-07-03 2017-10-24 山东合天智汇信息技术有限公司 A kind of auth method and its system based on bank's identity information and eID
CN107302435B (en) * 2017-07-21 2020-12-04 金联汇通信息技术有限公司 Identity information processing method and system and corresponding server
CN107463981A (en) * 2017-08-02 2017-12-12 中电智能技术南京有限公司 A kind of smart card and portable set
CN107239818A (en) * 2017-08-02 2017-10-10 中电智能技术南京有限公司 A kind of smart card and portable set
JP6910894B2 (en) * 2017-09-01 2021-07-28 キヤノン株式会社 Information processing equipment, control methods, and programs
CN109462569B (en) * 2017-09-06 2021-04-23 金联汇通信息技术有限公司 eID information processing method, device and server
CN107682545B (en) * 2017-09-28 2023-04-21 山西特信环宇信息技术有限公司 Person and evidence machine integrated mobile phone terminal system based on biological identification technology
CN107835176A (en) * 2017-11-10 2018-03-23 中汇通联科技有限公司 A kind of network authentication method and platform based on eID
CN108122112A (en) * 2017-12-14 2018-06-05 杨宪国 Electronic ID card based on authentication device signs and issues certification and safety payment system
CN108566639B (en) * 2018-06-28 2019-07-23 恒宝股份有限公司 A kind of code Activiation method
CN110400145A (en) * 2018-07-13 2019-11-01 腾讯科技(深圳)有限公司 A kind of digital identity application system and method, identity authorization system and method
CN110876144B (en) * 2018-08-30 2023-07-11 华为技术有限公司 Mobile application method, device and system for identity certificate
TWI665609B (en) * 2018-11-14 2019-07-11 財團法人工業技術研究院 Household activity recognition system and method thereof
CN110191123B (en) * 2019-05-29 2022-02-18 中国联合网络通信集团有限公司 Online card handling method, client and system
CN113364593A (en) * 2021-05-07 2021-09-07 中国电力科学研究院有限公司 Method and system for identity authentication of eSIM (embedded subscriber identity module) chip
CN113255862A (en) * 2021-05-20 2021-08-13 中国联合网络通信集团有限公司 Electronic certificate generation method, device, equipment and storage medium

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010056535A1 (en) * 1997-05-02 2001-12-27 Scott A. Vanstone Log-on verification protocol
CN1395776A (en) * 2000-01-21 2003-02-05 智能信用系统公司 Method for issuing an electronic identity
CN101778380A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Identity authentication method, device and system
CN102204211A (en) * 2011-05-30 2011-09-28 华为技术有限公司 Real-name account-opening method based on self-help terminal and terminal thereof
CN102271041A (en) * 2011-07-30 2011-12-07 任明和 Root service system for personal identity authentication
CN102404328A (en) * 2011-11-25 2012-04-04 中国科学院深圳先进技术研究院 Electronic identity card verification system
US20120278614A1 (en) * 2009-11-17 2012-11-01 Unho Choi User authentication system, user authentication apparatus, smart card, and user authentication method for ubiquitous authentication management
CN103259667A (en) * 2013-06-07 2013-08-21 北京邮电大学 Method and system for eID authentication on mobile terminal
CN104243461A (en) * 2014-09-04 2014-12-24 大唐微电子技术有限公司 Mobile terminal network security authentication method, whole SD card and mobile terminal
CN104994114A (en) * 2015-07-27 2015-10-21 尤磊 Identity authentication system and method based on electronic identification card
CN105007274A (en) * 2015-07-27 2015-10-28 尤磊 Mobile terminal-based identity authentication system and method
CN105635036A (en) * 2014-10-27 2016-06-01 任子行网络技术股份有限公司 Verification system and verification method for electronic identification card
CN106790070A (en) * 2016-12-21 2017-05-31 杨宪国 Electronic ID card identification service system based on authentication device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2888443A1 (en) * 2012-10-15 2014-04-24 Open Access Technology Intenrational, Inc. Certificate installation and delivery process, four factor authentication, and applications utilizing same
CN104601593B (en) * 2015-02-04 2017-12-01 公安部第三研究所 The method that anti-tracking in network electronic authentication procedures is realized based on challenge mode
CN105868970B (en) * 2016-03-25 2020-01-31 联想(北京)有限公司 authentication method and electronic equipment

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010056535A1 (en) * 1997-05-02 2001-12-27 Scott A. Vanstone Log-on verification protocol
CN1395776A (en) * 2000-01-21 2003-02-05 智能信用系统公司 Method for issuing an electronic identity
US20120278614A1 (en) * 2009-11-17 2012-11-01 Unho Choi User authentication system, user authentication apparatus, smart card, and user authentication method for ubiquitous authentication management
CN101778380A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Identity authentication method, device and system
CN102204211A (en) * 2011-05-30 2011-09-28 华为技术有限公司 Real-name account-opening method based on self-help terminal and terminal thereof
CN102271041A (en) * 2011-07-30 2011-12-07 任明和 Root service system for personal identity authentication
CN102404328A (en) * 2011-11-25 2012-04-04 中国科学院深圳先进技术研究院 Electronic identity card verification system
CN103259667A (en) * 2013-06-07 2013-08-21 北京邮电大学 Method and system for eID authentication on mobile terminal
CN104243461A (en) * 2014-09-04 2014-12-24 大唐微电子技术有限公司 Mobile terminal network security authentication method, whole SD card and mobile terminal
CN105635036A (en) * 2014-10-27 2016-06-01 任子行网络技术股份有限公司 Verification system and verification method for electronic identification card
CN104994114A (en) * 2015-07-27 2015-10-21 尤磊 Identity authentication system and method based on electronic identification card
CN105007274A (en) * 2015-07-27 2015-10-28 尤磊 Mobile terminal-based identity authentication system and method
CN106790070A (en) * 2016-12-21 2017-05-31 杨宪国 Electronic ID card identification service system based on authentication device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111343133A (en) * 2018-12-19 2020-06-26 中移物联网有限公司 Authentication method, authentication equipment and computer readable storage medium
CN111343133B (en) * 2018-12-19 2022-05-13 中移物联网有限公司 Authentication method, authentication equipment and computer readable storage medium
CN111491295A (en) * 2020-04-13 2020-08-04 佛山职业技术学院 NFC-based identity authorization and identity verification method, device and system
CN111491295B (en) * 2020-04-13 2024-02-27 佛山职业技术学院 NFC-based identity authorization and authentication method, device and system
CN115175183A (en) * 2022-05-09 2022-10-11 中移互联网有限公司 Authentication method and authentication device based on 5G message
CN115175183B (en) * 2022-05-09 2023-09-19 中移互联网有限公司 Authentication method and authentication device based on 5G message

Also Published As

Publication number Publication date
TW201824052A (en) 2018-07-01
CN106790070A (en) 2017-05-31
CN106790070B (en) 2018-03-23

Similar Documents

Publication Publication Date Title
WO2018113437A1 (en) Authentication device-based electronic identity card authentication service system
JP6117317B2 (en) Non-repudiation method, settlement management server for this, and user terminal
US10033701B2 (en) Enhanced 2CHK authentication security with information conversion based on user-selected persona
US20190173873A1 (en) Identity verification document request handling utilizing a user certificate system and user identity document repository
US10025920B2 (en) Enterprise triggered 2CHK association
AU2013243769B2 (en) Secure authentication in a multi-party system
US10298561B2 (en) Providing a single session experience across multiple applications
US11570165B2 (en) Single sign-on service authentication through a voice assistant
WO2021004392A1 (en) Authentication method, device, and server
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
US20230179420A1 (en) Software credential token process, software, and device
TWM595792U (en) Authorization system for cross-platform authorizing access to resources
CN111949959B (en) Authorization authentication method and device in Oauth protocol
CN105681030A (en) Key management system, method and device
CN112020716A (en) Remote biometric identification
KR101294805B1 (en) 2-channel authentication method and system based on authentication application
WO2017076202A1 (en) Smart card, mobile terminal, and method for using smart card to implement network identity authentication
TWI753102B (en) Real-name authentication service system and real-name authentication service method
US20220029826A1 (en) Non-repudiation method and system
WO2020263938A1 (en) Document signing system for mobile devices
WO2024093964A1 (en) Mobile terminal single sign-on authentication method and system
KR102296110B1 (en) Method for Managing Certificate
KR20130053132A (en) Memory card and portable terminal and encrypted message exchanging method
TWM640772U (en) Certificate system
TW202127289A (en) Method for cross-platform authorizing access to resources and authorization system thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17885291

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17885291

Country of ref document: EP

Kind code of ref document: A1