CN113259307A - Certificate reading method and system of shared security authentication terminal - Google Patents

Certificate reading method and system of shared security authentication terminal Download PDF

Info

Publication number
CN113259307A
CN113259307A CN202110030604.0A CN202110030604A CN113259307A CN 113259307 A CN113259307 A CN 113259307A CN 202110030604 A CN202110030604 A CN 202110030604A CN 113259307 A CN113259307 A CN 113259307A
Authority
CN
China
Prior art keywords
terminal
information
security authentication
radio frequency
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110030604.0A
Other languages
Chinese (zh)
Inventor
杨秀红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Emperor Technology Co Ltd
Original Assignee
Shenzhen Emperor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Emperor Technology Co Ltd filed Critical Shenzhen Emperor Technology Co Ltd
Priority to CN202110030604.0A priority Critical patent/CN113259307A/en
Publication of CN113259307A publication Critical patent/CN113259307A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the technical field of network information, in particular to a certificate reading method and a certificate reading system for sharing a security authentication terminal, wherein the method comprises the following steps: the radio frequency identification terminal sends resource request information to an authentication management server; the authentication management server searches out information of a matched security authentication terminal from a resource pool of the authentication management server according to the received resource request information, and sends the information of the security authentication terminal to the radio frequency identification terminal; the radio frequency identification terminal establishes point-to-point communication connection with a corresponding security authentication terminal according to the information of the security authentication terminal, and then sends the acquired certificate ciphertext information to the security authentication terminal; the security authentication terminal reads the received certificate ciphertext information, converts the certificate ciphertext information into corresponding certificate plaintext information, and then sends the certificate plaintext information to the radio frequency reading terminal; the invention effectively avoids the potential safety hazard of huge information leakage caused by centralized processing of certificate information.

Description

Certificate reading method and system of shared security authentication terminal
Technical Field
The invention relates to the technical field of network information, in particular to a certificate reading method and a certificate reading system of a shared security authentication terminal.
Background
In recent years, with the rapid development of mobile internet applications; in daily life of people nowadays, for example: many life scenes such as public safety, transportation, hotel accommodation and the like relate to the recognition of user identity documents; in order to prevent the leakage of the personal information in the certificate, the issuing authority encrypts the information content in the identity certificate in a special way, the encrypted information content needs to be readable by a standard security authentication module SAM authenticated by the issuing authority, and great guarantee is provided for the security of the personal information of the identity certificate in the process of reading and decoding.
In the existing certificate reading system, a radio frequency card reading module is required to be utilized to acquire a radio frequency signal of a certificate, and a security authentication terminal is required to read encrypted personal information; however, since the price of the security authentication terminal is expensive, in order to save the production cost, some certificate reading systems sharing the security authentication module are available on the market nowadays, in the existing scheme, the certificate information acquired by a plurality of radio frequency card reading modules is read by the central authentication management server in a manner that the plurality of radio frequency card reading modules are connected with the central authentication management server, so as to realize the sharing of the security authentication module; however, in the scheme, the certificate information collected by the plurality of radio frequency card reading modules is collected in the central security authentication module, so that a great deal of certificate information has huge information security hidden dangers of centralized storage and leakage.
Disclosure of Invention
In order to overcome the above drawbacks, the present invention provides a method and a system for recognizing and reading a certificate of a decentralized shared security authentication terminal.
The purpose of the invention is realized by the following technical scheme:
the invention relates to a certificate reading method for sharing a security authentication terminal, which comprises the following steps:
the radio frequency identification terminal sends resource request information to an authentication management server;
the authentication management server searches out information of a matched security authentication terminal from a resource pool of the authentication management server according to the received resource request information, and sends the information of the security authentication terminal to the radio frequency identification and reading terminal;
the radio frequency identification terminal establishes point-to-point communication connection with a corresponding security authentication terminal according to the information of the security authentication terminal, and then sends the acquired certificate ciphertext information to the security authentication terminal;
the security authentication terminal reads the received certificate ciphertext information, converts the certificate ciphertext information into corresponding certificate plaintext information, and then sends the certificate plaintext information to the radio frequency reading terminal.
In the present invention, before the radio frequency identification terminal sends the resource request information to the authentication management server, the method includes:
the authentication management server adds the information of the security authentication terminal to a resource pool of the authentication management server according to the resource pool adding request information sent by the security authentication terminal;
and sending first password information corresponding to the first password information to the security authentication terminal.
In the present invention, the following steps are included after the request information for joining the resource pool is sent by the security authentication terminal:
and the authentication management server sends a test data packet to the security authentication terminal, judges whether the security authentication terminal meets the joining condition according to the data return speed after the security authentication terminal responds to the test data packet, and adds the information of the security authentication terminal to a resource pool of the authentication management server if the joining condition is met.
In the present invention, the request information for joining the resource pool includes: and the network IP and the address information of the safety authentication terminal.
In the present invention, after sending the first password information corresponding to the first password information to the security authentication terminal, the method includes:
and the authentication management server monitors a heartbeat report sent by the security authentication terminal, and if the heartbeat report is not received within preset time, the security authentication terminal is removed from a resource pool of the authentication management server.
In the present invention, the sending the information of the security authentication terminal to the radio frequency identification terminal further includes:
and generating second password information matched with the first password information of the security authentication terminal according to the first password information of the security authentication terminal, and sending the second password information to the radio frequency identification terminal. .
In the present invention, after the radio frequency identification terminal sends the resource request information to the authentication management server, the method includes:
and the authentication management server sends a test data packet to the radio frequency identification terminal, judges whether the radio frequency identification terminal meets communication conditions according to the data return speed of the radio frequency identification terminal after responding to the test data packet, and sends second password information to the radio frequency identification terminal if the radio frequency identification terminal meets the communication conditions.
In the present invention, the finding out the information of a matched security authentication terminal from the resource pool comprises:
and searching out the information of the security authentication terminal from the resource pool according to the address information of the radio frequency identification terminal in the resource request information, the address information of the security authentication terminal and the data return speed of the security authentication terminal.
Based on the same conception, the invention also provides a certificate reading system sharing the security authentication terminal, which comprises:
the authentication management server is used for searching out information of a matched security authentication terminal from a resource pool according to the resource request information sent by the radio frequency identification terminal, and sending the information of the security authentication terminal to the radio frequency identification terminal; the resource pool of the authentication management server stores information of a security authentication terminal;
the radio frequency identification terminal is connected with the authentication management server and used for sending resource request information to the authentication management server and establishing point-to-point communication connection with the corresponding security authentication terminal according to the information of the security authentication terminal sent by the authentication management server; after acquiring certificate ciphertext information through a radio frequency signal, sending the certificate ciphertext information to the security authentication terminal;
and the safety authentication terminal is connected with the radio frequency identification terminal and is used for receiving and identifying the certificate ciphertext information sent by the radio frequency identification terminal, converting the certificate ciphertext information into corresponding certificate plaintext information and sending the certificate plaintext information to the radio frequency identification terminal.
In the invention, the number of the radio frequency identification terminals and the number of the safety certification terminals are more than two, and the number of the safety certification terminals is less than that of the radio frequency identification terminals.
According to the method, the information of the plurality of security authentication terminals is added into the resource pool of the authentication management server, when the radio frequency card reading module requests resources, the authentication management server calls the appropriate security authentication terminal from the resource pool, and point-to-point communication between the security authentication terminal and the radio frequency card reading module is established; therefore, certificate information acquired by the radio frequency card reading modules is distributed to the safety authentication terminals, and the authentication management server does not participate in the certificate identification process, so that the certificate information cannot be received, and the potential safety hazard of huge information leakage caused by centralized processing of the certificate information is effectively avoided.
Drawings
For the purpose of easy explanation, the present invention will be described in detail with reference to the following preferred embodiments and the accompanying drawings.
FIG. 1 is a schematic view of a workflow of an embodiment of a certificate reading method of a shared security authentication terminal according to the present invention;
FIG. 2 is a schematic view of a workflow of another embodiment of a certificate reading method of a shared security authentication terminal according to the present invention;
fig. 3 is a schematic diagram of a logic structure of an embodiment of a certificate reading system sharing a security authentication terminal according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", and the like, indicate orientations and positional relationships based on those shown in the drawings, and are used only for convenience of description and simplicity of description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be considered as limiting the present invention. Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, features defined as "first", "second", may explicitly or implicitly include one or more of the described features. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
In the description of the present invention, it should be noted that the terms "mounted," "connected," and "connected" are to be construed broadly and may be, for example, fixedly connected, detachably connected, or integrally connected unless otherwise explicitly stated or limited. Either mechanically or electrically. Either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
The following describes a certificate reading method of a shared security authentication terminal according to an embodiment of the present invention in detail, with reference to fig. 1, which includes:
s101, the radio frequency identification terminal sends resource request information to an authentication management server
The radio frequency identification terminal sends resource request information to an authentication management server; in this embodiment, the radio frequency identification terminal is a low-latency terminal device which has a radio frequency processing function conforming to ISO14443 protocol and conforms to the communication protocol of the authentication management server and is in network communication. Specifically, the radio frequency identification terminal can be a desktop computer, a tablet computer, a smart phone, a smart wearable device, an electronic signature device, and the like with an NFC function. The authentication management server is a management background for distributing the resources of the security authentication terminal to the radio frequency identification terminal. In the step, the radio frequency identification terminal sends resource request information to an authentication management server according to a set protocol; wherein the resource request information includes: the resource request data packet and the network IP and address information of the radio frequency identification terminal.
S102, the authentication management server searches the information of the security authentication terminal from the resource pool
The authentication management server searches out information of a matched security authentication terminal from a resource pool of the authentication management server according to the received resource request information, and sends the information of the security authentication terminal to the radio frequency identification and reading terminal; the safety certification terminal is network communication low-delay equipment which accords with a communication protocol of a certification management server. The identity card can be an identity card reader array or a conventional resident identity card reading terminal with a network function, as long as the established communication protocol is met, the communication performance is met, and the identity authentication function is willing to be shared, for example, through an authenticated resident identity card reader (SAM _ A) SAM. Before this step, the resource pool of the authentication management server has pre-stored information of several security authentication terminals. And the information of the security authentication terminal includes: and the network IP and the address information of the terminal are safely authenticated.
S103, the radio frequency identification and reading terminal sends the ciphertext information to the security authentication terminal
The radio frequency identification terminal establishes point-to-point communication connection with a corresponding security authentication terminal according to the information of the security authentication terminal, and then sends the acquired certificate ciphertext information to the security authentication terminal; the method comprises the following steps: the radio frequency identification terminal searches the corresponding security authentication terminal according to the network IP and the address information of the security authentication terminal in the information of the security authentication terminal, and establishes point-to-point communication connection with the security authentication terminal; then the radio frequency identification terminal acquires radio frequency information in a user certificate and sends certificate ciphertext information contained in the radio frequency information to the security authentication terminal; wherein, this user's certificate includes: all certificates read by using SAM _ A are included, including second generation resident identification cards of the people's republic of China, and personal certificates issued by the people facing foreigners.
S104, the security authentication terminal converts the ciphertext information into plaintext information and sends the plaintext information to the radio frequency identification terminal
The security authentication terminal reads the received certificate ciphertext information, converts the certificate ciphertext information into corresponding certificate plaintext information, and then sends the certificate plaintext information to the radio frequency reading terminal; the certificate ciphertext information of the user certificate is encrypted in a special encryption mode, can only be converted into corresponding certificate plaintext information through the security authentication terminal, and is encrypted in a general mode and then sent to the radio frequency identification terminal to finish the identification process.
In this embodiment, after obtaining the security authentication terminal resource, the radio frequency identification terminal directly communicates with the corresponding security authentication terminal to complete the identification process of the resident identification card, and the whole identification process adopts a bidirectional encryption processing mode to prevent network monitoring of others. Moreover, the identification process of the certificate is only carried out between the security authentication terminal and the radio frequency identification terminal, and the authentication management server does not participate in the certificate identification process or cannot obtain the identified certificate information, so that the certificate information is secure. Moreover, the safety authentication terminal and the radio frequency identification terminal are temporarily and randomly matched for use and are encrypted and communicated by one-time pad, so that the safety of certificate information is very high.
In the following, a method for reading a certificate of a shared security authentication terminal according to another embodiment of the present invention is described in detail with reference to fig. 2, which includes:
s201, the security authentication terminal sends request information for adding the resource pool
The security authentication terminal sends request information for joining the resource pool to the authentication management server; wherein, the request information for joining resource pool includes: and the network IP and the address information of the safety authentication terminal. The safety certification terminal is network communication low-delay equipment which accords with a communication protocol of a certification management server. It can be ID card reader array, or conventional resident ID card reading terminal with network function, as long as it accords with established communication protocol, satisfies communication performance, and is willing to share its ID authentication function, such as resident ID card reader (SAM _ A) passing authentication; the authentication management server is a management background for distributing the resources of the security authentication terminal to the radio frequency identification terminal.
S202, testing adding conditions of the security authentication terminal
The authentication management server sends a test data packet to the security authentication terminal according to the resource pool joining request information sent by the security authentication terminal, and judges whether the security authentication terminal meets the joining condition or not according to the data return speed of the security authentication terminal after responding to the test data packet; the method comprises the following steps: when the authentication management server receives the request information for adding the resource pool, the authentication management server sends a test data packet to the security authentication terminal requesting to add the resource pool, the processing of the test packet needs an identity card reader (SAM _ A) module in the security authentication terminal to participate in calculation, and the security authentication terminal responds to the test data packet and feeds back the calculation result to the authentication management server. The authentication management server evaluates the availability and network delay performance of the security authentication terminal back and forth according to one or more network data packets, and meets the joining condition through an evaluation criterion. The test data packet is one of certificate data packets sent by an identity card in the process of simulating radio frequency identification and reading by an authentication management server, and the data volume is about 256 bytes of random numbers; when the security authentication terminal receives the test data packet, a formal command is sent to the SAM _ a module, which specifically only needs the SAM _ a to independently participate and outputs a corresponding command from the radio frequency interface, such as a card searching or card selecting command. The SAM _ A module outputs correct response data from the radio frequency interface after receiving the test calculation command, and proves that the SAM _ A module and the related communication interface are in a normal working state; then the security authentication terminal simulates a radio frequency identification and reading command sent by the SAM _ A module in the card reading process, the data volume is about 30 bytes according to the result of the data rule calculation of the test packet, and the authentication management server can judge that each link of data communication really participates in calculation and network communication through inverse operation.
In this step, it completely simulates the process of receiving and sending data packets of the SAM _ a module through network communication in the process of second-generation identification and reading, and the authentication management server evaluates the delay performance of network communication through the start-stop time interval of this process, the real existence of the security authentication terminal, the interface communication is normal, i.e. the security authentication terminal is available.
S203, sending first password information to the security authentication terminal added into the resource pool
If the adding condition is met, the authentication management server adds the information of the security authentication terminal to a resource pool of the security authentication terminal; and sending the first password information KEY _ A corresponding to the security authentication terminal. Then, the authentication management server monitors a heartbeat report sent by the security authentication terminal, and if the heartbeat report is not received within a preset time, the security authentication terminal is removed from a resource pool of the authentication management server. The method comprises the following steps: the security authentication terminal periodically sends a heartbeat report that the SAM _ a module participates in the calculation to the security authentication terminal so that the authentication management server evaluates whether the SAM _ a module is still present and really available. If receiving the heartbeat report of the security authentication terminal, the authentication management server identifies the corresponding security authentication terminal as an applicable state.
S204, the radio frequency identification terminal sends resource request information to the authentication management server
The radio frequency identification terminal sends resource request information to an authentication management server; in this embodiment, the radio frequency identification terminal is a low-latency terminal device which has a radio frequency processing function conforming to ISO14443 protocol and conforms to the communication protocol of the authentication management server and is in network communication. Specifically, the radio frequency identification terminal can be a desktop computer, a tablet computer, a smart phone, a smart wearable device, an electronic signature device, and the like with an NFC function. In the step, the radio frequency identification terminal sends resource request information to an authentication management server according to a set protocol; wherein the resource request information includes: the resource request data packet and the network IP and address information of the radio frequency identification terminal.
S205, testing the communication condition of the radio frequency identification terminal
And the authentication management server sends a test data packet to the radio frequency identification terminal, judges whether the radio frequency identification terminal meets communication conditions according to the data return speed of the radio frequency identification terminal after responding to the test data packet, and sends second password information to the radio frequency identification terminal if the radio frequency identification terminal meets the communication conditions. In this step, the test data packet is one of command data packets which are sent by the safety certification terminal in the process of simulating radio frequency identification and reading by the certification management server, and the data volume is about 30 bytes of random number; after the radio frequency identification terminal receives the test data packet, the certificate ciphertext emitted by the second generation certificate in the process of simulating the reading of the second generation certificate is calculated according to the data rule of the test data packet, the data volume is about 256 bytes, and the authentication management server can judge that each link of data communication really participates in calculation and network communication through inverse operation.
In this step, it completely simulates the process of receiving and sending data packets through network communication in the process of second-generation identification and reading, and the authentication management server evaluates the delay performance of network communication through the start-stop time interval of this process, and determines whether resources can be allocated.
S206, the authentication management server searches the information of the security authentication terminal from the resource pool
If the resource can be allocated, the authentication management server searches out information of a security authentication terminal from a resource pool of the security authentication terminal according to the address information of the radio frequency identification terminal, the address information of the security authentication terminal and the data return speed of the security authentication terminal in the resource request information, and sends the information of the security authentication terminal to the radio frequency identification terminal; specifically, the authentication management server may specifically allocate information of a security authentication terminal with good delay to the radio frequency identification terminal based on the area identified by the GPS or the network address and using a certain condition as a distinction, such as the same city and the like, according to the principle of proximity according to the network delay performance and the address information of the radio frequency identification terminal. Before this step, the resource pool of the authentication management server has pre-stored information of several security authentication terminals.
S207, the authentication management server sends second password information to the radio frequency identification terminal
And the authentication management server generates second password information KEY _ B matched with the first password information KEY _ A according to the first password information KEY _ A of the security authentication terminal, and simultaneously sends the second password information KEY _ B to the radio frequency identification terminal. The first password information KEY _ a and the second password information KEY _ B are two KEY parts of an encryption system, such as an asymmetric encryption public KEY and a private KEY, and are respectively sent to the security authentication terminal and the radio frequency identification terminal by the authentication management server after testing the communication performance, so as to be used for encryption and decryption of communication in the identification process of the certificates of both sides of the two terminals. The communication data between the conventional SAM _ A module and the second-generation certificate is encrypted once, and in order to increase the communication security, the first password information KEY _ A and the second password information KEY _ B are used for encryption and decryption again on the basis to ensure the network communication security. And then the authentication management server identifies the security authentication terminal as a non-applicable state. And the first password information KEY _ A and the second password information KEY _ B are both temporarily generated by the authentication management server when the security authentication terminal enters the resource pool, and the encryption communication ensures the information security of the certificate identification process.
S208, the radio frequency identification and reading terminal sends the ciphertext information to the security authentication terminal
The radio frequency identification terminal establishes point-to-point communication connection with a corresponding security authentication terminal according to the information of the security authentication terminal, and then sends the acquired certificate ciphertext information to the security authentication terminal; the method comprises the following steps: the radio frequency identification terminal searches the corresponding security authentication terminal according to the network IP and the address information of the security authentication terminal in the information of the security authentication terminal, and establishes point-to-point communication connection with the security authentication terminal; then the radio frequency identification terminal acquires radio frequency information in a user certificate and sends certificate ciphertext information contained in the radio frequency information to the security authentication terminal; wherein, this user's certificate includes: the method comprises all certificates which are identified and read by using SAM, and not only comprises second generation identity cards of residents of the people's republic of China, but also comprises personal certificates issued by the nation facing foreigners.
S209, the security authentication terminal converts the ciphertext information into plaintext information and sends the plaintext information to the radio frequency identification terminal
The security authentication terminal reads the received certificate ciphertext information, converts the certificate ciphertext information into corresponding certificate plaintext information, and then sends the certificate plaintext information to the radio frequency reading terminal; the certificate ciphertext information of the user certificate is encrypted in a special encryption mode, the certificate ciphertext information can be converted into corresponding certificate plaintext information only through the security authentication terminal, the certificate plaintext information is encrypted through the first password information KEY _ A and then sent to the radio frequency identification terminal, and the radio frequency identification terminal decrypts through the second password information KEY _ B to complete the identification process.
S210, releasing resources of the security authentication terminal
After the radio frequency identification terminal finishes the identification process, within a limited time, such as 5 seconds; and actively sending a command to the authentication management server to apply for releasing the resources of the security authentication terminal, wherein the KEY second password information KEY _ B is invalidated at the radio frequency identification terminal. Or, the radio frequency identification terminal does not actively release resources within a limited time, such as 5 seconds, and the authentication management server actively restores the identifier of the security authentication terminal to an applicable state at the limited time. The other radio frequency identification and reading terminals can call the released resources of the security authentication terminal; the availability of the security authentication terminal is effectively improved.
An embodiment of a certificate reading system sharing a secure authentication terminal according to the present invention is described in detail below with reference to fig. 3, which includes:
an authentication management server 301, a radio frequency identification terminal 302 and a security authentication terminal 303 which are connected with each other based on a 5G communication network; in view of the high transmission speed of the 5G communication network, the low-delay requirement between the radio frequency identification terminal 302 and the security authentication terminal 303 is made to meet below 20ms, that is, the requirement of the existing SAM _ a module on the communication delay is met;
the authentication management server 301 is a management background for allocating resources of the security authentication terminal 303 to the radio frequency identification terminal 302, and is configured to find out information of a matching security authentication terminal 303 from a resource pool thereof according to resource request information sent by the radio frequency identification terminal 302, and send the information of the security authentication terminal 303 to the radio frequency identification terminal 302; the resource pool of the authentication management server 301 stores information of a security authentication terminal 303; specifically, the authentication management server 301 allocates information of the security authentication terminal 303 with good delay to the radio frequency identification terminal 302 according to the network delay performance and the address information of the radio frequency identification terminal 302 on the basis of the principle of proximity, and may specifically be based on the area identified by the GPS or the network address, and the area is distinguished by a certain condition, such as the same city and the like.
The radio frequency identification terminal 302 is a low-delay network communication terminal device with a radio frequency processing function conforming to an ISO14443 protocol and a communication protocol conforming to an authentication management server 301, is connected to the authentication management server 301, and is configured to send resource request information to the authentication management server 301, and establish a point-to-point communication connection with a corresponding security authentication terminal 303 according to information of the security authentication terminal 303 sent by the authentication management server 301; and after acquiring the certificate ciphertext information through the radio frequency signal, the certificate ciphertext information is sent to the security authentication terminal 303. The security authentication terminal 303 is a network communication low-latency device conforming to a communication protocol of the authentication management server 301, and is connected to the radio frequency identification terminal 302, and is configured to receive and identify the certificate ciphertext information sent by the radio frequency identification terminal 302, convert the certificate ciphertext information into corresponding certificate plaintext information, and send the certificate plaintext information to the radio frequency identification terminal 302. In this embodiment, the secure authentication terminal 303 needs to satisfy the communication protocol of the authentication management server 301; and has the processing capacity of the SAM _ A module; and has low latency for communication. The security authentication terminal 303 is not limited to a fixed form and name, nor to a manufacturer. Specifically, the security authentication terminal 303 includes: an array of SAM _ a modules in local communication connection or remote network connection with an authentication management server 301; 2. the conventional resident identification card reading terminal with the network function and the SAM _ A module; 3. an encryption/decryption machine having the same function as the SAM _ A module, a server having the SAM _ A module function without the SAM _ A module entity. Therefore, the security authentication terminal 303 meeting the above conditions is a potential resource in all 5G communication networks, and the sufficiency of the resource is ensured.
In the present invention, the number of the radio frequency identification terminals 302 and the number of the security authentication terminals 303 are both more than two, and the number of the security authentication terminals 303 is smaller than the number of the radio frequency identification terminals 302. Due to the huge access volume of the 5G mobile communication network, it allows many radio frequency identification terminals 302 to simultaneously apply for resources and identify resident identification cards.
In the description of the present specification, reference to the description of the terms "one embodiment", "some embodiments", "an illustrative embodiment", "an example", "a specific example", or "some examples", etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A certificate reading method for sharing a security authentication terminal is characterized by comprising the following steps:
the radio frequency identification terminal sends resource request information to an authentication management server;
the authentication management server searches out information of a matched security authentication terminal from a resource pool of the authentication management server according to the received resource request information, and sends the information of the security authentication terminal to the radio frequency identification and reading terminal;
the radio frequency identification terminal establishes point-to-point communication connection with a corresponding security authentication terminal according to the information of the security authentication terminal, and then sends the acquired certificate ciphertext information to the security authentication terminal;
the security authentication terminal reads the received certificate ciphertext information, converts the certificate ciphertext information into corresponding certificate plaintext information, and then sends the certificate plaintext information to the radio frequency reading terminal.
2. The certificate reading method of the shared security authentication terminal as claimed in claim 1, wherein before the radio frequency reading terminal sends the resource request information to the authentication management server, the method comprises:
the authentication management server adds the information of the security authentication terminal to a resource pool of the authentication management server according to the resource pool adding request information sent by the security authentication terminal;
and sending first password information corresponding to the first password information to the security authentication terminal.
3. The certificate reading method for sharing a secure authentication terminal as claimed in claim 2, wherein the step of adding the resource pool request information according to the information sent by the secure authentication terminal comprises:
and the authentication management server sends a test data packet to the security authentication terminal, judges whether the security authentication terminal meets the joining condition according to the data return speed after the security authentication terminal responds to the test data packet, and adds the information of the security authentication terminal to a resource pool of the authentication management server if the joining condition is met.
4. The certificate reading method of the shared security authentication terminal as claimed in claim 3, wherein the joining resource pool request information includes: and the network IP and the address information of the safety authentication terminal.
5. The certificate reading method for sharing a secure authentication terminal as claimed in claim 4, wherein after sending the first password information corresponding to the certificate to the secure authentication terminal, the method comprises:
and the authentication management server monitors a heartbeat report sent by the security authentication terminal, and if the heartbeat report is not received within preset time, the security authentication terminal is removed from a resource pool of the authentication management server.
6. The certificate reading method for sharing a security authentication terminal as claimed in claim 2, wherein the sending the information of the security authentication terminal to the radio frequency identification terminal further comprises:
and generating second password information matched with the first password information of the security authentication terminal according to the first password information of the security authentication terminal, and sending the second password information to the radio frequency identification terminal.
7. The certificate reading method of the shared security authentication terminal as claimed in claim 6, wherein the step of sending the resource request information to the authentication management server by the radio frequency reading terminal comprises:
and the authentication management server sends a test data packet to the radio frequency identification terminal, judges whether the radio frequency identification terminal meets communication conditions according to the data return speed of the radio frequency identification terminal after responding to the test data packet, and sends second password information to the radio frequency identification terminal if the radio frequency identification terminal meets the communication conditions.
8. The method as claimed in claim 7, wherein the step of searching for a matching certificate from the resource pool comprises:
and searching out the information of the security authentication terminal from the resource pool according to the address information of the radio frequency identification terminal in the resource request information, the address information of the security authentication terminal and the data return speed of the security authentication terminal.
9. A certificate recognition system sharing a security authentication terminal, comprising:
the authentication management server is used for searching out information of a matched security authentication terminal from a resource pool according to the resource request information sent by the radio frequency identification terminal, and sending the information of the security authentication terminal to the radio frequency identification terminal; the resource pool of the authentication management server stores information of a security authentication terminal;
the radio frequency identification terminal is connected with the authentication management server and used for sending resource request information to the authentication management server and establishing point-to-point communication connection with the corresponding security authentication terminal according to the information of the security authentication terminal sent by the authentication management server; after acquiring certificate ciphertext information through a radio frequency signal, sending the certificate ciphertext information to the security authentication terminal;
and the safety authentication terminal is connected with the radio frequency identification terminal and is used for receiving and identifying the certificate ciphertext information sent by the radio frequency identification terminal, converting the certificate ciphertext information into corresponding certificate plaintext information and sending the certificate plaintext information to the radio frequency identification terminal.
10. The certificate identification system sharing a security authentication terminal as claimed in claim 9, wherein the number of the radio frequency identification terminals and the number of the security authentication terminals are both two or more, and the number of the security authentication terminals is smaller than the number of the radio frequency identification terminals.
CN202110030604.0A 2021-01-11 2021-01-11 Certificate reading method and system of shared security authentication terminal Pending CN113259307A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110030604.0A CN113259307A (en) 2021-01-11 2021-01-11 Certificate reading method and system of shared security authentication terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110030604.0A CN113259307A (en) 2021-01-11 2021-01-11 Certificate reading method and system of shared security authentication terminal

Publications (1)

Publication Number Publication Date
CN113259307A true CN113259307A (en) 2021-08-13

Family

ID=77180719

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110030604.0A Pending CN113259307A (en) 2021-01-11 2021-01-11 Certificate reading method and system of shared security authentication terminal

Country Status (1)

Country Link
CN (1) CN113259307A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991648A (en) * 2016-01-21 2016-10-05 李明 Scheduling method for reading identity card
CN106027256A (en) * 2016-04-18 2016-10-12 李明 Identity card reading response system
CN205845052U (en) * 2015-11-10 2016-12-28 天地融科技股份有限公司 Identity card card-reading system and be not provided with the card reader of SAM module
CN106357627A (en) * 2016-08-30 2017-01-25 李明 Method and system for reading resident identification card information and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN205845052U (en) * 2015-11-10 2016-12-28 天地融科技股份有限公司 Identity card card-reading system and be not provided with the card reader of SAM module
CN105991648A (en) * 2016-01-21 2016-10-05 李明 Scheduling method for reading identity card
CN106027256A (en) * 2016-04-18 2016-10-12 李明 Identity card reading response system
CN106357627A (en) * 2016-08-30 2017-01-25 李明 Method and system for reading resident identification card information and terminal

Similar Documents

Publication Publication Date Title
CA3020059C (en) Method and device for registering biometric identity and authenticating biometric identity
US8813243B2 (en) Reducing a size of a security-related data object stored on a token
WO2017036243A1 (en) Login authentication method, authentication server, authentication client and login client
US20180041893A1 (en) Method and system of multi-terminal mapping to a virtual sim card
US20140302779A1 (en) Method, device and system for establishing conversation relationship
RU2005101217A (en) KEY GENERATION IN A COMMUNICATION SYSTEM
JP2017518559A (en) Service authorization using auxiliary devices
EP4191498A1 (en) Data communication method and apparatus, computer device, and storage medium
CN101356773A (en) Ad-hoc creation of group based on contextual information
WO2012024872A1 (en) Method, system and related apparatus for encrypting communication in mobile internet
CN111476572A (en) Data processing method and device based on block chain, storage medium and equipment
US20150280920A1 (en) System and method for authorization
CN111523142B (en) Data processing method, device, electronic equipment and medium
CN114519197A (en) Data storage architecture and method based on block chain and cloud service
US20090170511A1 (en) Group network forming method and group network system
US20100138650A1 (en) Secure communication system, gateway apparatus and its operating method
CN115065703A (en) Internet of things system, authentication and communication method thereof and related equipment
CN113642239B (en) Federal learning modeling method and system
US20110131630A1 (en) Service access method and device, service authentication device and terminal based on temporary authentication
JP6447949B1 (en) Authentication system, authentication server, authentication method, and authentication program
CN113129008A (en) Data processing method and device, computer readable medium and electronic equipment
CN111953931A (en) Data sharing method and device and storage medium
CN109327475B (en) Multi-layer identity authentication method, device, equipment and storage medium
CN113259307A (en) Certificate reading method and system of shared security authentication terminal
CN114826719B (en) Trusted terminal authentication method, system, equipment and storage medium based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210813

WD01 Invention patent application deemed withdrawn after publication