CN114444062A - Method, system, electronic equipment and storage medium for identity information authentication - Google Patents

Method, system, electronic equipment and storage medium for identity information authentication Download PDF

Info

Publication number
CN114444062A
CN114444062A CN202111646086.1A CN202111646086A CN114444062A CN 114444062 A CN114444062 A CN 114444062A CN 202111646086 A CN202111646086 A CN 202111646086A CN 114444062 A CN114444062 A CN 114444062A
Authority
CN
China
Prior art keywords
identity information
encrypted
equipment
feature code
decoder
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111646086.1A
Other languages
Chinese (zh)
Inventor
刘桥
徐冬冬
王健
徐锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111646086.1A priority Critical patent/CN114444062A/en
Publication of CN114444062A publication Critical patent/CN114444062A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a method and a device for identity information authentication, electronic equipment and a readable storage medium, wherein the method comprises the following steps: sending a card reading request to a reader for the reader to read the encrypted identity information in the identity card; receiving encrypted identity information sent by a reader; sending the encrypted identity information to the system background equipment, so that the system background equipment sends the encrypted identity information to the decoder, the decoder decrypts the encrypted identity information to obtain the identity information, generates a feature code based on the identity information, and sends the identity information and the feature code to the system background equipment, so that the system background equipment can authenticate the identity information based on the feature code; and under the condition that the identity information is authenticated by the system background equipment, receiving the identity information sent by the system background equipment, and displaying the identity information. According to the embodiment of the application, the identity information can be effectively prevented from being tampered.

Description

Method, system, electronic equipment and storage medium for identity information authentication
Technical Field
The present application belongs to the field of internet technologies, and in particular, to a method and an apparatus for authenticating identity information, an electronic device, and a storage medium.
Background
With the development of information technology, in order to guarantee the rights and interests of users, identity information provided by users needs to be authenticated in many services. The purpose is to verify and verify the authenticity of user data so as to establish a perfect and reliable internet credit basis.
At present, identification card document information read by a decoding apparatus is widely used as an identification card. This requires the reading device, the decoding device and the service system to transmit identity information via the internet, which may result in tampering of the identity information.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment and a storage medium for identity information authentication, which can effectively prevent identity information from being tampered.
In a first aspect, an embodiment of the present application provides a method for authenticating identity information, where the method includes:
sending a card reading request to a reader for the reader to read the encrypted identity information in the identity card;
receiving encrypted identity information sent by a reader;
sending the encrypted identity information to the system background equipment, so that the system background equipment sends the encrypted identity information to the decoder, the decoder decrypts the encrypted identity information to obtain the identity information, generates a feature code based on the identity information, and sends the identity information and the feature code to the system background equipment, so that the system background equipment can authenticate the identity information based on the feature code;
and under the condition that the identity information is authenticated by the system background equipment, receiving the identity information sent by the system background equipment, and displaying the identity information.
In a second aspect, an embodiment of the present application provides a method for authenticating identity information, where the method includes:
receiving encrypted identity information sent by foreground equipment of the system, wherein the encrypted identity information is acquired by the foreground equipment of the system from a reader;
sending the encrypted identity information to a decoder, so that the decoder decodes the encrypted identity information to obtain identity information, and generating a feature code based on the identity information;
receiving identity information and a feature code sent by a decoder;
authenticating identity information based on the feature code;
and under the condition that the authentication identity information passes, sending the identity information to system foreground equipment so as to be used for the system foreground equipment to display the identity information.
In a third aspect, an embodiment of the present application provides a method for authenticating identity information, where the method includes:
receiving encrypted identity information sent by system background equipment, wherein the encrypted identity information is acquired by the system background equipment from the system foreground equipment;
decrypting the encrypted identity information to obtain identity information;
generating a feature code based on the identity information;
and sending the identity information and the feature code to the system background equipment so that the system background equipment authenticates the identity information based on the feature code and sends the identity information to the system foreground equipment under the condition that the authenticated identity information passes.
In a fourth aspect, an embodiment of the present application provides a system foreground device, where the system foreground device includes:
the sending module is used for sending a card reading request to the reader so that the reader can read the encrypted identity information in the identity card;
the receiving module is used for receiving the encrypted identity information sent by the reader;
the sending module is further used for sending the encrypted identity information to the system background equipment, sending the encrypted identity information to the decoder by the system background equipment, decrypting the encrypted identity information by the decoder to obtain the identity information, generating a feature code based on the identity information, and sending the identity information and the feature code to the system background equipment so that the system background equipment can authenticate the identity information based on the feature code;
and the receiving module is also used for receiving the identity information sent by the system background equipment and displaying the identity information under the condition that the authentication identity information of the system background equipment passes.
In a fifth aspect, an embodiment of the present application provides a system background device, where the system background device includes:
the receiving module is used for receiving encrypted identity information sent by the system foreground equipment, and the encrypted identity information is obtained by the system foreground equipment from the reader;
the sending module is used for sending the encrypted identity information to the decoder, so that the decoder decodes the encrypted identity information to obtain the identity information and generates the feature code based on the identity information;
the receiving module is also used for receiving the identity information and the feature code sent by the decoder;
the authentication module is used for authenticating identity information based on the feature codes;
and the sending module is also used for sending the identity information to the system foreground equipment under the condition that the authentication identity information passes, so that the system foreground equipment can display the identity information.
In a sixth aspect, an embodiment of the present application provides a decoder, including:
the receiving module is used for receiving encrypted identity information sent by the system background equipment, wherein the encrypted identity information is acquired by the system background equipment from the system foreground equipment;
the decoding module is used for decrypting the encrypted identity information to obtain identity information;
the generating module is used for generating the feature code based on the identity information;
and the sending module is used for sending the identity information and the feature codes to the system background equipment, authenticating the identity information by the system background equipment based on the feature codes, and sending the identity information to the system foreground equipment under the condition that the authenticated identity information passes.
In a seventh aspect, an embodiment of the present application provides a system, where the system includes a reader, a system foreground device, a system background device, and a decoder;
the reader is used for reading the encrypted identity information in the identity card when receiving a reading request sent by system foreground equipment;
the system foreground equipment is used for receiving the encrypted identity information sent by the reader and sending the encrypted identity information to the system background equipment;
the decoder is used for receiving the encrypted identity information sent by the system background equipment, decrypting the encrypted identity information to obtain the identity information, and generating a feature code based on the identity information;
and the system background equipment is used for receiving the identity information and the feature codes sent by the decoder, authenticating the identity information based on the feature codes, and sending the identity information to the system foreground equipment under the condition that the authenticated identity information passes so as to be used for displaying the identity information by the system foreground equipment.
In an eighth aspect, an embodiment of the present application provides an electronic device, where the electronic device includes: a processor and a memory storing computer program instructions; the processor, when executing the computer program instructions, performs the method as in the first aspect or any possible implementation of the first aspect.
In a ninth aspect, embodiments of the present application provide a readable storage medium, on which computer program instructions are stored, which when executed by a processor implement the method as in the first aspect or any possible implementation manner of the first aspect.
In the embodiment of the application, the card reading request is sent to the reader, so that the reader can read the encrypted identity information in the identity card; receiving encrypted identity information sent by a reader; the encrypted identity information is stored in a chip inside the second-generation identity card, strict authority control is performed during reading, and the decoding equipment can decode the encrypted identity information. Sending the encrypted identity information to the system background equipment, so that the system background equipment sends the encrypted identity information to the decoder, the decoder decrypts the encrypted identity information to obtain the identity information, generates a feature code based on the identity information, and sends the identity information and the feature code to the system background equipment, so that the system background equipment can authenticate the identity information based on the feature code; and under the condition that the identity information is authenticated by the system background equipment, receiving the identity information sent by the system background equipment and displaying the identity information. According to the embodiment of the application, the encrypted identity information and the identity information are transmitted in a one-way mode, and information tampering can be effectively avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a diagram of a system structure for identity information authentication according to an embodiment of the present application;
fig. 2 is a flowchart of a method for authenticating identity information according to an embodiment of the present application;
fig. 3 is a flowchart of another method for authenticating identity information according to an embodiment of the present application;
fig. 4 is a flowchart of another method for authenticating identity information according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a system foreground device provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a system backend device provided in an embodiment of the present application;
fig. 7 is a schematic structural diagram of a decoder according to an embodiment of the present application;
fig. 8 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present application will be described in detail below, and in order to make objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are merely configured to explain the present application and are not configured to limit the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The method for authenticating identity information provided by the embodiment of the present application can be applied to the following application scenarios, which are described below.
When a certain business is handled and carried out, a user is required to provide real cards or data which can prove the identity of the individual. The second generation ID card information read by the second generation ID card decoding device is widely used as an ID card. At present, split type second-generation identity card decoding equipment, a decoding server and a service system are connected through the Internet, and lawless persons forge decoded identity information through technical means and send the identity information to a service background.
Based on the application scenario, the identity information authentication method provided in the embodiment of the present application is generally described below.
Fig. 1 is a system structure diagram of identity information authentication provided in an embodiment of the present application.
As shown in fig. 1, the system includes a reader 100, a system foreground device 200, a system background device 300, and a decoder 400 as follows:
the reader 100 is configured to read the encrypted identity information in the identity card when receiving a read request sent by the system foreground device 200.
The system foreground device 200 is configured to receive the encrypted identity information sent by the reader 100, and send the encrypted identity information to the system background device 300.
The decoder 400 is configured to receive the encrypted identity information sent by the system backend device 300, decrypt the encrypted identity information to obtain the identity information, and generate a feature code based on the identity information.
The system background device 300 is configured to receive the identity information and the feature code sent by the decoder 400, authenticate the identity information based on the feature code, and send the identity information to the system foreground device 200 when the authenticated identity information passes, so that the system foreground device 200 displays the identity information.
To sum up, in the embodiment of the present application, when receiving the reading request sent by the system foreground device 200, the reader 100 reads the encrypted identity information in the identity card; the system foreground device 200 receives the encrypted identity information sent by the reader 100 and sends the encrypted identity information to the system background device 300. System backend device 300 sends the encrypted identity information to decoder 400 for decoder 400 to decrypt the encrypted identity information to obtain the identity information, and generates a feature code based on the identity information, and sends the identity information and the feature code to system backend device 300. The encrypted identity information is stored in a chip inside the second-generation identity card, strict authority control is performed during reading, and the decoding equipment can decode the encrypted identity information. The system background equipment 300 authenticates identity information based on the feature code; and under the condition that the system background equipment 300 passes the authentication of the identity information, sending the identity information to the system foreground equipment 200, and displaying the identity information through the system foreground 200 equipment. According to the embodiment of the application, the encrypted identity information and the identity information are transmitted in a one-way mode, and information tampering can be effectively avoided.
The method for authenticating the identity information applied to the system foreground device provided in the embodiment of the present application is described in detail below.
Fig. 2 is a flowchart of a method for authenticating identity information according to an embodiment of the present application.
As shown in fig. 2, the method for authenticating identity information may include steps 210 to 240, where the method is applied to a system foreground device, and is specifically as follows:
step 210, sending a card reading request to the reader for the reader to read the encrypted identity information in the identity card.
Step 220, receiving the encrypted identity information sent by the reader.
Step 230, sending the encrypted identity information to the system background device, so that the system background device sends the encrypted identity information to the decoder, so that the decoder decrypts the encrypted identity information to obtain the identity information, generating a feature code based on the identity information, and sending the identity information and the feature code to the system background device, so that the system background device authenticates the identity information based on the feature code.
And 240, receiving the identity information sent by the background equipment of the system and displaying the identity information under the condition that the identity information is authenticated by the background equipment of the system.
The contents of steps 210-240 are described below:
step 210 is involved.
And sending a card reading request to the reader for the reader to read the encrypted identity information in the identity card.
The reader is a device capable of judging whether the identity card is forged or not, can effectively identify the authenticity of the identity card like a currency detector, contains an identity card chip in the second-generation identity card, and stores encrypted identity information in the identity card.
Step 220 is involved.
And receiving the encrypted identity information sent by the reader. The reader reads the encrypted identity information in the identity card and sends the encrypted identity information to the system foreground equipment.
Step 230 is involved.
And sending the encrypted identity information to the system background equipment so that the system background equipment sends the encrypted identity information to the decoder so that the decoder decrypts the encrypted identity information to obtain the identity information, generating a feature code based on the identity information, and sending the identity information and the feature code to the system background equipment so as to facilitate the system background equipment to authenticate the identity information based on the feature code.
The encrypted identity information is stored in a chip inside the identity card, strict authority control is performed during reading, the current data to be read inside the identity card cannot leave a safety control module deployed by a related mechanism, and the decoder is integrated with the safety control module and can decode the encrypted identity information.
And after the system background equipment receives the decoded identity information and the feature code, verifying whether the identity information is tampered by a checking method.
Step 240 is involved.
And under the condition that the identity information is authenticated by the system background equipment, receiving the identity information sent by the system background equipment, and displaying the identity information.
And under the condition that the identity information is authenticated by the system background equipment, the system background equipment returns the decoded identity information to the system foreground equipment for displaying by the system foreground equipment.
In the method for authenticating the identity information, a card reading request is sent to a reader for the reader to read the encrypted identity information in the identity card; receiving encrypted identity information sent by a reader; the encrypted identity information is stored in a chip inside the second-generation identity card, strict authority control is performed during reading, and the decoding equipment can decode the encrypted identity information. Sending the encrypted identity information to the system background equipment, so that the system background equipment sends the encrypted identity information to the decoder, the decoder decrypts the encrypted identity information to obtain the identity information, generates a feature code based on the identity information, and sends the identity information and the feature code to the system background equipment, so that the system background equipment can authenticate the identity information based on the feature code; and under the condition that the identity information is authenticated by the system background equipment, receiving the identity information sent by the system background equipment and displaying the identity information. According to the embodiment of the application, the encrypted identity information and the identity information are transmitted in a one-way mode, and information tampering can be effectively avoided.
The method for authenticating the identity information applied to the system background device provided by the embodiment of the present application is described in detail below.
Fig. 3 is a flowchart of another method for authenticating identity information according to an embodiment of the present application.
As shown in fig. 3, the method for authenticating identity information may include steps 310 to 350, where the method is applied to a system background device, and is specifically as follows:
and 310, receiving encrypted identity information sent by the system foreground equipment, wherein the encrypted identity information is acquired by the system foreground equipment from a reader.
Step 320, sending the encrypted identity information to the decoder, so that the decoder decodes the encrypted identity information to obtain the identity information, and generates the feature code based on the identity information.
Step 330, receiving the identity information and the feature code sent by the decoder.
And step 340, authenticating the identity information based on the feature code.
And 350, sending the identity information to the system foreground equipment under the condition that the authentication identity information passes, so that the system foreground equipment can display the identity information.
The contents of steps 310 to 350 are described below:
step 310 is involved.
And receiving encrypted identity information sent by the foreground equipment of the system, wherein the encrypted identity information is acquired by the foreground equipment of the system from the reader. Here, the encrypted information exposed to the network environment is only the encrypted identity information within the chip, reducing the possibility of information tampering.
Step 320 is involved.
And sending the encrypted identity information to a decoder, so that the decoder decodes the encrypted identity information to obtain the identity information, and generating the feature code based on the identity information. Step 330 is involved.
And receiving the identity information and the feature code sent by the decoder. Different from the interaction process between the prior system foreground device and the decoder, the decoding device and the system background device are deployed in the same intranet environment, and the internet exposure surface is reduced. The safety of the system is improved. And the number of network calls is reduced, the decoding efficiency is improved, and the possibility that the decoder is utilized by other systems is avoided.
Step 340 is involved.
And authenticating the identity information based on the feature code.
In step 340, the method may specifically include the following steps:
transmitting the feature code to a decoder; receiving target identity information sent by a decoder; and when the identity information is consistent with the target identity information, the authentication identity information passes.
And after the system background equipment receives the decoded identity information and the feature code, verifying whether the identity information is tampered by a checking method. Specifically, when the target identity information sent by the decoder is consistent with the identity information, it indicates that the identity information has not been tampered, i.e. the authentication identity information passes. And when the target identity information sent by the decoder is inconsistent with the identity information, the identity information is falsified, namely the authentication identity information is not passed.
Step 350 is involved.
And under the condition that the authentication identity information passes, sending the identity information to system foreground equipment so as to be used for the system foreground equipment to display the identity information.
In the identity information authentication method provided by the application, encrypted identity information obtained from a reader and sent by a receiving system foreground device is sent to a decoder so that the decoder decodes the encrypted identity information to obtain identity information, and a feature code is generated based on the identity information. Then, the identity information and the feature code sent by the decoder are received. And finally, authenticating the identity information based on the feature code, and sending the identity information to the system foreground equipment under the condition that the authenticated identity information passes, so that the system foreground equipment can display the identity information. According to the embodiment of the application, the encrypted identity information and the identity information are transmitted in a one-way mode, and information tampering can be effectively avoided.
The following describes in detail a method for authenticating identity information applied to a decoder according to an embodiment of the present application.
Fig. 4 is a flowchart of another method for authenticating identity information according to an embodiment of the present application.
As shown in fig. 4, the method for authenticating identity information may include steps 410 to 440, and the method is applied to a decoder, and specifically as follows:
step 410, receiving encrypted identity information sent by the system background device, wherein the encrypted identity information is obtained by the system background device from the system foreground device.
Step 420, decrypting the encrypted identity information to obtain the identity information.
Step 430, generating a feature code based on the identity information.
Step 440, sending the identity information and the feature code to the system background device for the system background device to authenticate the identity information based on the feature code, and sending the identity information to the system foreground device when the authentication identity information passes.
The contents of steps 410-440 are described below:
step 410 is involved.
And receiving encrypted identity information sent by the system background equipment, wherein the encrypted identity information is acquired by the system background equipment from the system foreground equipment.
Step 420 is involved.
The decoder decodes the encrypted identity information to obtain the identity information.
Step 430 is involved.
A feature code is generated based on the identity information. The decoder performs characteristic operation on the decoded identity information and generates a characteristic code.
Wherein, step 430 may specifically include the following steps:
and generating the feature code based on the identity information by adopting a preset algorithm.
The preset algorithm includes at least one of an MD5 digest algorithm, a hash algorithm, or an asymmetric encryption algorithm.
MD5, message-digest algorithm (message-digest algorithm 5). MD5 is an algorithm. A string, or file, or compressed packet, can be executed md5 to generate a string with a fixed length of 128 bits. This string is essentially unique. So if someone modifies the source file, a new md5 string is generated.
The hash algorithm maps a binary value of an arbitrary length to a shorter binary value of a fixed length, and this small binary value is called a hash value. Hash values are a unique and extremely compact representation of a piece of data as a value. If a piece of plaintext is hashed and even if only one letter of the piece is altered, the subsequent hash will produce a different value.
Asymmetric encryption algorithms require two keys: public key (publickey) and private key (privatekey). The public key and the private key are a pair, and if the public key is used for encrypting data, only the corresponding private key can be used for decrypting the data; if the data is encrypted with a private key, it can only be decrypted with the corresponding public key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption.
Step 440 is involved.
And sending the identity information and the feature code to the system background equipment so that the system background equipment authenticates the identity information based on the feature code and sends the identity information to the system foreground equipment under the condition that the authenticated identity information passes.
And the decoder returns the decoded identity information and the feature code to the system background equipment. And after the system background equipment receives the decoded identity information and the feature code, verifying whether the identity information is tampered by a checking method. And sending the identity information to the system foreground equipment under the condition that the authentication identity information passes.
According to the identity information authentication method, the encrypted identity information obtained from the system foreground equipment and sent by the system background equipment is received, and the encrypted identity information is decrypted to obtain the identity information. A feature code is generated based on the identity information. And sending the identity information and the feature code to system background equipment so that the system background equipment authenticates the identity information based on the feature code, and sending the identity information to system foreground equipment under the condition that the authenticated identity information passes, wherein the system foreground equipment is only responsible for displaying the decrypted identity information, so that the information exposure in the Internet is reduced. According to the embodiment of the application, the encrypted identity information and the identity information are transmitted in a one-way mode, and information tampering can be effectively avoided.
Based on the method for authenticating identity information shown in fig. 2, an embodiment of the present application further provides a system foreground device, and as shown in fig. 5, the system foreground device 500 may include:
the sending module 510 is configured to send a card reading request to a reader, so that the reader reads the encrypted identity information in the identity card.
A receiving module 520, configured to receive the encrypted identity information sent by the reader.
The sending module 510 is further configured to send the encrypted identity information to a system backend device, so that the system backend device sends the encrypted identity information to a decoder, so that the decoder decrypts the encrypted identity information to obtain identity information, generates a feature code based on the identity information, and sends the identity information and the feature code to the system backend device, so that the system backend device authenticates the identity information based on the feature code.
The receiving module 520 is further configured to receive the identity information sent by the system background device and display the identity information when the system background device passes the identity information authentication.
In the method for authenticating the identity information, a card reading request is sent to a reader for the reader to read the encrypted identity information in the identity card; receiving encrypted identity information sent by a reader; the encrypted identity information is stored in a chip inside the second-generation identity card, strict authority control is performed during reading, and the decoding equipment can decode the encrypted identity information. Sending the encrypted identity information to the system background equipment, so that the system background equipment sends the encrypted identity information to the decoder, the decoder decrypts the encrypted identity information to obtain the identity information, generates a feature code based on the identity information, and sends the identity information and the feature code to the system background equipment, so that the system background equipment can authenticate the identity information based on the feature code; and under the condition that the identity information is authenticated by the system background equipment, receiving the identity information sent by the system background equipment and displaying the identity information. According to the embodiment of the application, the encrypted identity information and the identity information are transmitted in a one-way mode, and information tampering can be effectively avoided.
Based on the method for authenticating identity information shown in fig. 3, an embodiment of the present application further provides a system background device, and as shown in fig. 6, the system background device 600 may include:
the receiving module 610 is configured to receive encrypted identity information sent by a system foreground device, where the encrypted identity information is obtained by the system foreground device from a reader.
A sending module 620, configured to send the encrypted identity information to a decoder, so that the decoder decodes the encrypted identity information to obtain identity information, and generates a feature code based on the identity information.
The receiving module 610 is further configured to receive the identity information and the feature code sent by the decoder.
An authentication module 630 configured to authenticate the identity information based on the feature code.
The sending module 620 is further configured to send the identity information to the system foreground device under the condition that the identity information is authenticated, so that the system foreground device displays the identity information.
In a possible embodiment, the sending module 620 is further configured to send the feature code to the decoder.
The receiving module 610 is further configured to receive the target identity information sent by the decoder.
The authentication module 630 is configured to authenticate the identity information when the identity information is consistent with the target identity information.
In the identity information authentication method provided by the application, encrypted identity information obtained from a reader and sent by a receiving system foreground device is sent to a decoder so that the decoder decodes the encrypted identity information to obtain identity information, and a feature code is generated based on the identity information. Then, the identity information and the feature code sent by the decoder are received. And finally, authenticating the identity information based on the feature code, and sending the identity information to the system foreground equipment under the condition that the authenticated identity information passes, so that the system foreground equipment can display the identity information. According to the embodiment of the application, the encrypted identity information and the identity information are transmitted in a one-way mode, and information tampering can be effectively avoided.
Based on the method for authenticating identity information shown in fig. 4, an embodiment of the present application further provides a decoder, as shown in fig. 7, where the decoder 700 may include:
the receiving module 710 is configured to receive encrypted identity information sent by a system background device, where the encrypted identity information is obtained by the system background device from a system foreground device.
And a decoding module 720, configured to decrypt the encrypted identity information to obtain the identity information.
A generating module 730, configured to generate a feature code based on the identity information.
A sending module 740, configured to send the identity information and the feature code to the system background device, so that the system background device authenticates the identity information based on the feature code, and sends the identity information to the system foreground device when the authenticated identity information passes.
In a possible embodiment, the generating module 730 is specifically configured to:
and generating a feature code based on the identity information by adopting a preset algorithm.
Wherein the preset algorithm comprises at least one of an MD5 digest algorithm, a hash algorithm or an asymmetric encryption algorithm.
According to the identity information authentication method, the encrypted identity information obtained from the system foreground equipment and sent by the system background equipment is received, and the encrypted identity information is decrypted to obtain the identity information. A feature code is generated based on the identity information. And sending the identity information and the feature code to system background equipment so that the system background equipment authenticates the identity information based on the feature code, and sending the identity information to system foreground equipment under the condition that the authenticated identity information passes, wherein the system foreground equipment is only responsible for displaying the decrypted identity information, so that the information exposure in the Internet is reduced. According to the embodiment of the application, the encrypted identity information and the identity information are transmitted in a one-way mode, and information tampering can be effectively avoided.
Fig. 8 shows a hardware structure diagram of an electronic device according to an embodiment of the present application.
The electronic device may include a processor 801 and a memory 802 that stores computer program instructions.
Specifically, the processor 801 may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
Memory 802 may include mass storage for data or instructions. By way of example, and not limitation, memory 802 may include a Hard Disk Drive (HDD), a floppy Disk Drive, flash memory, an optical Disk, a magneto-optical Disk, a tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 802 may include removable or non-removable (or fixed) media, where appropriate. The memory 802 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 802 is a non-volatile solid-state memory. In a particular embodiment, the memory 802 includes read-only memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 801 reads and executes the computer program instructions stored in the memory 802 to implement any of the methods for identity information authentication in the illustrated embodiments.
In one example, the electronic device can also include a communication interface 803 and a bus 810. As shown in fig. 8, the processor 801, the memory 802, and the communication interface 803 are connected via a bus 810 to complete communication therebetween.
The communication interface 803 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present application.
The bus 810 includes hardware, software, or both to couple the components of the electronic device to one another. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus, or a combination of two or more of these. Bus 410 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
The electronic device may perform the method for authenticating identity information in the embodiment of the present application, so as to implement the method for authenticating identity information described in conjunction with fig. 1 to 4.
In addition, in combination with the method for authenticating identity information in the foregoing embodiments, embodiments of the present application may provide a computer-readable storage medium to implement. The computer readable storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement the method of identity information authentication of fig. 1-4.
It is to be understood that the application is not limited to the particular arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the present application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
As described above, only the specific embodiments of the present application are provided, and those skilled in the art can clearly understand that, for convenience and simplicity of description, specific working processes of the system, the module and the unit described above may refer to corresponding processes in the foregoing method embodiments, and details are not described herein again. It should be understood that the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered within the scope of the present application.

Claims (15)

1. A method of identity information authentication, the method comprising:
sending a card reading request to a reader for the reader to read encrypted identity information in the identity card;
receiving the encrypted identity information sent by the reader;
sending the encrypted identity information to system background equipment so that the system background equipment sends the encrypted identity information to a decoder so that the decoder decrypts the encrypted identity information to obtain identity information, generating a feature code based on the identity information, and sending the identity information and the feature code to the system background equipment so that the system background equipment can authenticate the identity information based on the feature code;
and under the condition that the system background equipment passes the authentication of the identity information, receiving the identity information sent by the system background equipment and displaying the identity information.
2. A method of identity information authentication, the method comprising:
receiving encrypted identity information sent by system foreground equipment, wherein the encrypted identity information is acquired by the system foreground equipment from a reader;
sending the encrypted identity information to a decoder, so that the decoder decodes the encrypted identity information to obtain identity information, and generating a feature code based on the identity information;
receiving the identity information and the feature code sent by the decoder;
authenticating the identity information based on the feature code;
and under the condition that the identity information is authenticated, sending the identity information to the system foreground equipment so as to be used for displaying the identity information by the system foreground equipment.
3. The method of claim 2, wherein the authenticating the identity information based on the feature code comprises:
transmitting the feature code to the decoder;
receiving target identity information sent by the decoder;
and when the identity information is consistent with the target identity information, authenticating that the identity information passes.
4. A method of identity information authentication, the method comprising:
receiving encrypted identity information sent by system background equipment, wherein the encrypted identity information is acquired by the system background equipment from the system foreground equipment;
decrypting the encrypted identity information to obtain identity information;
generating a feature code based on the identity information;
and sending the identity information and the feature code to the system background equipment so that the system background equipment authenticates the identity information based on the feature code, and sends the identity information to the system foreground equipment under the condition that the authenticated identity information passes.
5. The method of claim 4, wherein generating the feature code based on the identity information comprises:
and generating a feature code based on the identity information by adopting a preset algorithm.
6. The method of claim 5, wherein the predetermined algorithm comprises at least one of an MD5 digest algorithm, a hash algorithm, or an asymmetric encryption algorithm.
7. A system foreground device, the system foreground device comprising:
the sending module is used for sending a card reading request to a reader so that the reader can read encrypted identity information in the identity card;
the receiving module is used for receiving the encrypted identity information sent by the reader;
the sending module is further configured to send the encrypted identity information to system backend equipment, so that the system backend equipment sends the encrypted identity information to a decoder, so that the decoder decrypts the encrypted identity information to obtain identity information, generates a feature code based on the identity information, and sends the identity information and the feature code to the system backend equipment, so that the system backend equipment authenticates the identity information based on the feature code;
the receiving module is further configured to receive the identity information sent by the system background device and display the identity information when the system background device authenticates that the identity information passes.
8. A system backend device, characterized in that the system backend device comprises:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving encrypted identity information sent by system foreground equipment, and the encrypted identity information is obtained by the system foreground equipment from a reader;
the sending module is used for sending the encrypted identity information to a decoder so that the decoder decodes the encrypted identity information to obtain identity information and generates a feature code based on the identity information;
the receiving module is further configured to receive the identity information and the feature code sent by the decoder;
an authentication module for authenticating the identity information based on the feature code;
the sending module is further configured to send the identity information to the system foreground device under the condition that the identity information is authenticated, so that the system foreground device displays the identity information.
9. A system backend device according to claim 8, wherein the sending module is further configured to send the feature code to the decoder;
the receiving module is further configured to receive the target identity information sent by the decoder;
and the authentication module is used for authenticating the identity information to pass under the condition that the identity information is consistent with the target identity information.
10. A decoder, characterized in that the decoder comprises:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving encrypted identity information sent by system background equipment, and the encrypted identity information is acquired by the system background equipment from the system foreground equipment;
the decoding module is used for decrypting the encrypted identity information to obtain identity information;
a generating module for generating a feature code based on the identity information;
and the sending module is used for sending the identity information and the feature code to the system background equipment so that the system background equipment authenticates the identity information based on the feature code and sends the identity information to the system foreground equipment under the condition that the authenticated identity information passes.
11. The decoder according to claim 10, wherein the generating module is specifically configured to:
and generating a feature code based on the identity information by adopting a preset algorithm.
12. The decoder according to claim 11, wherein the predetermined algorithm comprises at least one of an MD5 digest algorithm, a hash algorithm, or an asymmetric encryption algorithm.
13. A system, comprising a reader, a system foreground device, a system background device, and a decoder;
the reader is used for reading the encrypted identity information in the identity card when receiving a reading request sent by the system foreground equipment;
the system foreground equipment is used for receiving the encrypted identity information sent by the reader and sending the encrypted identity information to the system background equipment;
the decoder is used for receiving the encrypted identity information sent by the system background equipment, decrypting the encrypted identity information to obtain identity information, and generating a feature code based on the identity information;
the system background device is used for receiving the identity information and the feature code sent by the decoder, authenticating the identity information based on the feature code, and sending the identity information to the system foreground device under the condition that the identity information is authenticated, so that the system foreground device can display the identity information.
14. An electronic device, characterized in that the electronic device comprises: a processor and a memory storing computer program instructions; the processor, when executing the computer program instructions, implements a method of identity information authentication as claimed in any of claims 1-6.
15. A computer-readable storage medium having computer program instructions stored thereon, which when executed by a processor, implement the method of identity information authentication of any one of claims 1-6.
CN202111646086.1A 2021-12-29 2021-12-29 Method, system, electronic equipment and storage medium for identity information authentication Pending CN114444062A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111646086.1A CN114444062A (en) 2021-12-29 2021-12-29 Method, system, electronic equipment and storage medium for identity information authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111646086.1A CN114444062A (en) 2021-12-29 2021-12-29 Method, system, electronic equipment and storage medium for identity information authentication

Publications (1)

Publication Number Publication Date
CN114444062A true CN114444062A (en) 2022-05-06

Family

ID=81366320

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111646086.1A Pending CN114444062A (en) 2021-12-29 2021-12-29 Method, system, electronic equipment and storage medium for identity information authentication

Country Status (1)

Country Link
CN (1) CN114444062A (en)

Similar Documents

Publication Publication Date Title
US11544367B2 (en) Systems, apparatus and methods for secure electrical communication of biometric personal identification information to validate the identity of an individual
AU2021203184B2 (en) Transaction messaging
US9864983B2 (en) Payment method, payment server performing the same and payment system performing the same
US20110113241A1 (en) Ic card, ic card system, and method thereof
US20200074465A1 (en) Verification and provisioning of mobile payment applications
CN112084234B (en) Data acquisition method, device, equipment and medium
CN112232814A (en) Encryption and decryption method of payment key, payment authentication method and terminal equipment
CN110955921A (en) Electronic signature method, device, equipment and storage medium
CN112202794A (en) Transaction data protection method and device, electronic equipment and medium
CN107872321B (en) Electronic identity authentication method and electronic identity terminal equipment
CN114430346B (en) Login method and device and electronic equipment
CN107548542B (en) User authentication method with enhanced integrity and security
EP3883782B1 (en) An integrated circuit chip and a method of operating it
CN112383577A (en) Authorization method, device, system, equipment and storage medium
CN104883260B (en) Certificate information processing and verification method, processing terminal and authentication server
CN115344848B (en) Identification acquisition method, device, equipment and computer readable storage medium
KR20170042137A (en) A authentication server and method thereof
CN114444062A (en) Method, system, electronic equipment and storage medium for identity information authentication
CN114172923A (en) Data transmission method, communication system and communication device
CN114531246A (en) Data downloading method and device
CN114386075A (en) Data transmission channel establishing method, data transmission device, data transmission equipment and medium
CN113553125B (en) Method, device and equipment for calling trusted application program and computer storage medium
CN116455892B (en) File transmission method, file transmission device and terminal equipment
CN107947938A (en) SM3 algorithms and the verification method and system of SM2 algorithm digital signature are used for PDF
US20210014051A1 (en) System and method for secure input at a remote service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination