Internet authentication trusted system and terminal
Technical field
The present invention relates to computer safety information technical field, particularly relate to citizenship authentication techniques, specially one
Plant Internet authentication trusted system and terminal and authentication method.
Background technology
Identity card is the proof of citizenship, plays the part of important role in life.Along with the development of society, nearest China
The Ministry of Public Security is proposed No.2 residence card, and this identity card identity card maximum feature than before is exactly with storage function,
Information on identity card is stored in RAM, is easy to read relevant information, including facial image by PC.
But, after reading relevant information, how to confirm that identity must need manually to go comparison one by one, especially comparison body
Photo on part card is the most consistent with actual persons.This method except increase identify the identity card true and false cost of labor in addition to, people
The subjectivity of work identification also reduces the accuracy rate of identification.
The existing system being automatically identified No.2 residence card in prior art, such as Chinese patent
CN103218599A, discloses a kind of Verification System based on recognition of face No.2 residence card, including for reading body
The second generation identity card card reader of the information in part card, for gathering the picture pick-up device of real human face image, identifying data information
Storehouse, recognition of face device, derive in identifying data information bank according to the information in the identity card that second generation identity card card reader reads
The corresponding information that storage provides, and compare with the information in the identity card of second generation identity card card reader reading.Based on people
The authentication method of face identification No.2 residence card, comprises the following steps: the first step, by second generation identity card card reader
Read the information in second generation identity card;Second step, is transferred to recognition of face by the information that second generation identity card card reader reads
In device;3rd step, is gathered real human face image by picture pick-up device, and is passed in recognition of face device by real human face image;4th
Step, the information in the second generation identity card that recognition of face device reads according to second generation identity card read write line, derives identifying data and believes
The corresponding information of storage in breath storehouse;5th step, identifies the true and false judging this second generation identity card, if personal identification card document is real
Carry out the 6th step again;6th step, distinguishes that whether this second generation identity card is by holding in person.
By above technology it can be seen that in currently available technology the information retrieval to China second-generation identity card still use the second filial generation
Information in identity card, by the information in the whole second generation identity card of network information communication and compare with image, so
Mode there are two problems, first problem is that chip information is the most consistent with document surface information in China second-generation identity card, reads
Read the transmitting procedure of full detail is easily intercepted, so that personal information is divulged a secret;Second Problem is external information in identity card
It is fixing data, causes personal information to ensure, it is impossible to and countries population's information bank networks the uncertain information of more new data
Factor, due to 10 to 20 years second generation identity card effect duration and and chronicity reason, this holder changes greatly etc., then adds
There is the problems such as uncertain, imperfect and unstable more in its content of identifying data information bank of individual's occupancy information or enterprises and institutions.
Summary of the invention
For the problems of the prior art, the present invention provides one to be possible not only to extract full detail in China second-generation identity card,
In can also only calling China second-generation identity card, partial information carries out information comparison, and compares with the total storehouse of Ministry of Public Security's information, thus
The not only safety of guarantee information transmission and ensure the Internet authentication trusted system of accuracy and the terminal of the result
And authentication method.
For realizing above technical purpose, the technical scheme is that a kind of Internet authentication trusted system terminal,
Including housing, described housing is provided with secondary citizen identification card read-write card acquisition zone, voice sound and light alarm highlight and external
Antenna, be provided with in described housing power module, built-in antenna solution read through model, IC smart card antenna, portrait face acquisition camera,
Voice acoustic-optic alarm, single-chip microcomputer integration module and integral control circuit module, described power module respectively with built-in antenna
Solve read through model, IC smart card antenna, voice acoustic-optic alarm, single-chip microcomputer integration module and integral control circuit module to be electrically connected
Connecing, described built-in antenna solution read through model is connected with IC smart card antenna, described built-in antenna solution read through model and IC smart card antenna,
Gather the ID number code in the China second-generation identity card part IC intelligent card chip read and the sequence of identity document IC intelligent cards
Number code, and the China second-generation identity card part numbering image, text and data information read by SAM secure decryption module, described portrait face
Portion's acquisition camera and voice acoustic-optic alarm are all connected with single-chip microcomputer integration module circuit, described single-chip microcomputer integration module with
Integral control circuit module electrically connects.
As preferably, it is additionally provided with in described housing for ensureing testimony of a witness uniformity and for gathering reading and deciphering secondary body
ID number code and the secure decryption of the serial number code information of identity document IC intelligent cards in part certificate chip are extraordinary
Module.
As preferably, also include that LCDs, described LCDs electrically connect with integral control circuit module.
As preferably, also include Certification of Second Generation fingerprint authentication module, described Certification of Second Generation fingerprint authentication module and integrating control electricity
Road module electrical connection.
As preferably, also include that network communication module, described network communication module are wireless interface module or wired network adapter
Module.
A kind of Internet authentication trusted system, after Internet authentication trusted system terminal, special trade
Number of units according to storage PC, shunting server, head office database and Ministry of Public Security's data bank, described Internet authentication is credible system
System terminal with one to one or many-one pattern and special trade data store PC and are connected, described Internet authentication is credible system
System terminal is all connected with special trade data storage PC with communication module and portrait face acquisition camera, described special trade
Back-end data storage PC is connected with shunting server, and described shunting server is connected with head office database, described general headquarters data
Storehouse is connected with Ministry of Public Security data bank by designated port.
As preferably, also include that PC main frame, described Internet authentication trusted system terminal and portrait face gather and take the photograph
As head is with one to one or many-one pattern is connected with PC main frame.
As preferably, the China second-generation identity card that described backstage PC main frame reads according to Internet authentication trusted system terminal
The relevant information of part is uploaded to special trade back-end data storage PC, and described special trade data storage PC is according to extraordinary row
The geographical position that industry is actually needed preserves on the spot.
A kind of Internet authentication trusted system authentication method, including: step one: credible by Internet authentication
ID number code and identity document in the reading China second-generation identity card part chips of the secure decryption special type module in system terminal
The serial number code of IC intelligent cards, then by SAM secure decryption module read citizen identification card chips and surface and
All information in image, text and data and identification number and certificate;
Step 2: by the portrait face image of portrait face acquisition camera captured identity certificate holder;
Step 3: by chip id number code, identity document in the portrait face image now adopted and China second-generation identity card part
In the serial number code of IC intelligent cards and citizen ID certificate, in identification number and identity document, all character image information are sent out
Deliver to special trade background data memory preserve;
Step 4: by ID number code, body in the China second-generation identity card part chip of storage in special trade data storage
In part the serial number code of certificate IC intelligent cards, citizen ID certificate, identification number and facial image information are uploaded and are remotely shunted clothes
On business device, remaining citizen identification card Word message is saved in special trade background data memory on the spot.
Step 5: ID number code, identity document IC intelligence in the China second-generation identity card part chip in described shunting server
In energy the serial number code of card, citizen ID certificate, identification number and facial image information are sent to head office database and register
And retention;
Step 6: ID number code, identity document IC intelligence in the China second-generation identity card part chip that head office database will receive
In energy the serial number code of card, citizen ID certificate, identification number and facial image information are sent to the Ministry of Public Security by designated port
Data bank carries out data message comparison;
Step 7: information comparison result is fed back in head office database by Ministry of Public Security's data bank;
Step 8: if it is determined that the portrait facial image information that result is holder becomes with identity document correlated information match
Merit, then data retention also sends appointment secret signal A to shunting server, shunting service at head office database, head office database
Secret signal A is sent to special trade data storage PC by device, and special trade data storage PC is by secret signal A
Being sent to Internet authentication trusted system terminal will display and the prompting all information of identity document;
Step 9: if it is determined that result is ID number code and identity document IC intelligence in holder's China second-generation identity card part chip
The serial number code of energy card, or portrait facial image information is unsuccessful with identity document information matches, then send general headquarters' data
The log-on data in storehouse is deleted, and head office database also sends appointment secret signal B to shunting server, and shunting server is by secrecy letter
Number B is sent to special trade data storage PC, and secret signal B is sent to the Internet identity by special trade data storage PC
The comparison information result of certification trusted system terminal;
Step 10: after step 9 is sent to Internet authentication trusted system terminal, Internet authentication can
Communication system terminal will display and prompting warning.
As preferably, described Internet authentication trusted system terminal with backstage special trade data storage PC is
Cable network connects or wireless network connects.
As preferably, described Internet authentication trusted system terminal can also be mobile communication equipment.
As preferably, when Internet authentication trusted system terminal is mobile communication equipment, then secret signal A is as evidence
Book form is saved in mobile communication equipment, is available for designated program and calls.
From the above, it can be seen that the present invention possesses advantages below: for the information gathering angle of China second-generation identity card,
The terminal of this Internet authentication trusted system is possible not only to captured identity additional clause image, text and data information and citizenship
Identification number and face head portrait image in card, in can also gathering China second-generation identity card part chip, ID special data is protected simultaneously
Close code and the serial number special code of identity document IC intelligent cards.
For the network transmission of angle of the information of China second-generation identity card, have only to when information is transmitted transmit China second-generation identity card
ID special data confidential records and the serial number special code of identity document IC intelligent cards and head portrait image in part chip
Feature coding, even if intercepting these codes also cannot obtain the detailed identification information of identity card holder.
For the safety and stability angle of network system, whole system is by multi-stage diffluence server and extraordinary row
Industry data storage PC and backstage PC main frame collectively form the effect of multistage storage, information allotment and shunting information, so that
The most high in the speed fed back in information of system and stability.
For the reliability perspectives of network system, whole system is to carry out data message ratio with Ministry of Public Security data bank
Right, thus the comparison result obtained, the credible result degree therefore obtained is high.
Accompanying drawing explanation
Fig. 1 is the structural representation of Internet authentication trusted system terminal.
Fig. 2 is the sectional view of Internet authentication trusted system terminal.
Fig. 3 is the sectional view of Internet authentication trusted system terminal.
Fig. 4 is that the circuit of Internet authentication trusted system terminal connects block diagram.
Fig. 5 is the connection block diagram of Internet authentication trusted system.
Accompanying drawing illustrates: 1, housing, 2, read-write card acquisition zone, 3, voice sound and light alarm highlight, 4, external antenna, 5, power supply
Module, 6, built-in antenna solution read through model, 7, IC smart card antenna, 8, portrait face acquisition camera, 9, voice sound and light alarm dress
Put, 10, single-chip microcomputer integration module, 11, integral control circuit module, 12, SAM secure decryption module, 13, secure decryption extraordinary
Module, 14, LCDs, 15, Certification of Second Generation fingerprint authentication module, 16, network communication module.
Detailed description of the invention
With reference to the accompanying drawings described in 1 to 5, a kind of Internet authentication trusted system terminal, including housing 1, on described housing 1
It is provided with second-generation resident identification card part read-write card acquisition zone 2, voice sound and light alarm highlight 3 and external antenna 4, in described housing 1
It is provided with power module 5, built-in antenna solution read through model 6, IC smart card antenna 7, portrait face acquisition camera 8, voice acousto-optic report
Alarm device 9, single-chip microcomputer integration module 10 and integral control circuit module 11, described power module 5 respectively with Anneta module 6, IC
Smart card antenna 7, voice acoustic-optic alarm 9, single-chip microcomputer integration module 10 and integral control circuit module 11 electrically connect, described
Anneta module 6 is connected with IC smart card antenna 7, and described built-in antenna solution read through model 6 gathers the China second-generation identity card part IC intelligence read
ID special data confidential records in energy card chip, the serial number special code of identity document IC intelligent cards, and pass through
The China second-generation identity card part numbering that SAM secure decryption module 12 reads, described portrait face acquisition camera 8 and voice acousto-optic report
Alarm device 9 is all connected with single-chip microcomputer integration module 10 circuit, described single-chip microcomputer integration module 10 and integral control circuit module 11
Electrical connection.
It is additionally provided with in described housing 1 and gathers the ID special data confidential records and body read in China second-generation identity card part chip
The secure decryption special type module 13 of the serial number special code of part certificate IC intelligent cards.
Also include LCDs 14, described LCDs 14 and integral control circuit module 11 electrical links.
Also include Certification of Second Generation fingerprint authentication module 15, described Certification of Second Generation fingerprint authentication module and integral control circuit module electricity
Connect.
Also include that network communication module 16, described network communication module are wireless interface module or wired network adapter module.
A kind of Internet authentication trusted system, including Internet authentication trusted system terminal, special trade number
According to storage PC, shunting server, head office database and Ministry of Public Security's data bank, described Internet authentication trusted system is eventually
Hold with combination that one to one or many-one pattern and special trade data store PC and are connected, described Internet authentication is credible system
System terminal is all connected with special trade data storage PC with communication module and portrait face acquisition camera, described special trade
Data storage PC is connected with shunting server, and described shunting server is connected with head office database, and described head office database leads to
Cross designated port to be connected with Ministry of Public Security data bank.
Also include that backstage PC main frame, described Internet authentication trusted system terminal and portrait face acquisition camera divide
It is not connected with backstage PC main frame.
Being correlated with of the China second-generation identity card part that described backstage PC main frame reads according to Internet authentication trusted system terminal
Information is uploaded to special trade data storage PC, and described special trade data storage PC is actually needed according to special trade
Geographical position preserves on the spot.
A kind of Internet authentication trusted system authentication method, including:
Step one: by the secondary body of reading of the secure decryption special type module in Internet authentication trusted system terminal
ID special data confidential records and the serial number special code of identity document IC intelligent cards in part certificate chips, then lead to
Cross SAM secure decryption module and read institute in citizen identification card chips and surface and image, text and data and identification number and certificate
There is information;
Step 2: by the portrait face image of portrait face acquisition camera captured identity certificate holder;
Step 3: by chip id special data confidential records in the portrait face image now adopted and China second-generation identity card part,
All literary compositions in identification number and identity document in the serial number special code of identity document IC intelligent cards and citizen ID certificate
Word image information is sent to special trade data storage and preserves;
Step 4: by ID special data secrecy in the China second-generation identity card part chip of storage in special trade data storage
In code, the serial number special code of identity document IC intelligent cards, citizen ID certificate on identification number and facial image information
Passing and remotely shunt on server, remaining citizen identification card Word message is saved in special trade data storage on the spot.
Step 5: ID special data confidential records, identity in the China second-generation identity card part chip in described shunting server
In the serial number special code of certificate IC intelligent cards, citizen ID certificate, identification number and facial image information are sent to general headquarters' number
Register according to storehouse and retain;
Step 6: ID special data confidential records, identity in the China second-generation identity card part chip that head office database will receive
In the serial number special code of certificate IC intelligent cards, citizen ID certificate, identification number and facial image information pass through designated port
Transmission to Ministry of Public Security's data bank carries out data message comparison;
Step 7: information comparison result is fed back in head office database by Ministry of Public Security's data bank;
Step 8: if it is determined that the portrait facial image information that result is holder becomes with identity document correlated information match
Merit, then data retention also sends appointment secret signal A to shunting server, shunting service at head office database, head office database
Secret signal A is sent to special trade data storage PC by device, and secret signal A is sent out by special trade data storage PC
Giving Internet authentication trusted system terminal will display and the prompting all information of identity document;
Step 9: if it is determined that result is ID special data confidential records and identity in holder's China second-generation identity card part chip
The serial number special code of certificate IC intelligent cards, or portrait facial image information is unsuccessful with identity document information matches, then
The log-on data sending head office database is deleted, and head office database also sends appointment secret signal B to shunting server, shunting clothes
Secret signal B is sent to special trade data storage PC by business device, and secret signal B is sent by special trade data storage PC
Comparison information result to Internet authentication trusted system terminal;
Step 10: after step 9 is sent to Internet authentication trusted system terminal, Internet authentication can
Communication system terminal will display and prompting warning.
Described Internet authentication trusted system terminal is cable network with backstage special trade data storage PC
Connect or wireless network connects.
Described Internet authentication trusted system terminal can also be mobile communication equipment.
When Internet authentication trusted system terminal is mobile communication equipment, then secret signal A is that certificate form is protected
There is mobile communication equipment, be available for designated program and call.
Simultaneously by the secondary identity of reading of the secure decryption special type module in Internet authentication trusted system terminal
ID special data confidential records and the serial number special code of identity document IC intelligent cards in certificate chips, then pass through
SAM secure decryption module reads in citizen identification card chips and surface and image, text and data and identification number and certificate all
At least two information above composition " information group " of information in information are transmitted final and state ministry of public security in the entire system
Compare in total data storehouse.
Described portrait face acquisition camera and Certification of Second Generation fingerprint authentication module are with Internet authentication trusted system eventually
Integral structure can be used between end can also to use split-type structural.
Being described the present invention and embodiment thereof above, this description does not has restricted,
Simply one of embodiments of the present invention, actual structure is not limited thereto.If the generally speaking ordinary skill of this area
Personnel are enlightened by it, in the case of without departing from the invention objective, design and this technical scheme phase without creative
As frame mode and embodiment, protection scope of the present invention all should be belonged to.