CN104618115A

CN104618115A - Identity card information obtaining method and system

Info

Publication number: CN104618115A
Application number: CN201510040841.XA
Authority: CN
Inventors: 李明
Original assignee: 李明
Current assignee: Tendyron Corp
Priority date: 2015-01-27
Filing date: 2015-01-27
Publication date: 2015-05-13
Anticipated expiration: 2035-01-27
Also published as: CN104618115B

Abstract

The invention provides an identity card information obtaining method and system. The method comprises that a first front terminal transmits an identity card information reading instruction to an electronic signature device to require to read identity storage information stored in the electronic signature device, wherein the identity storage information contains the identity card information in the resident identity card of a user; the first front terminal receives ciphertext information of the identity storage information transmitted by the electronic signature device; the first front terminal transmits the ciphertext information of the identity storage information to a background server; the background server deciphers the ciphertext information to obtain the identity card information; the background server feeds the obtained identity card information to the first front terminal.

Description

ID card information acquisition methods and system

Technical field

The present invention relates to a kind of electronic technology field, particularly relate to a kind of ID card information acquisition methods and system.

Background technology

Now when handling every business, business handling people needs to hold resident identification card and handles, and often carries identity card, easily causes the loss of identity card, thus can not ensure confidentiality and the fail safe of the identity information in identity card.

Summary of the invention

The present invention is intended to one of solve the problem.

According to an aspect of the present invention, provide a kind of ID card information acquisition methods, comprise: the first preposition terminal sends ID card information reading command to electronic signature equipment, request is read the identity of preserving in electronic signature equipment and is stored information, wherein, identity storage information comprises: the ID card information in user's resident identification card; First preposition terminal receives the cipher-text information of the identity storage information that electronic signature equipment sends; The cipher-text information that identity is stored information by the first preposition terminal sends to background server; Background server is decrypted cipher-text information, obtains ID card information; The ID card information obtained is returned to the first preposition terminal by background server.

Alternatively, cipher-text information is that electronic signature equipment adopts the second encryption key to store information to identity to be encrypted and to obtain; Cipher-text information is decrypted, obtains ID card information, comprising: background server adopts second decruption key corresponding with the second encryption key to be decrypted cipher-text information, obtains ID card information.

Alternatively, before the first preposition terminal sends ID card information reading command to electronic signature equipment, method also comprise: background server obtains identity and stores information, sends identity store information via the second preposition terminal to electronic signature equipment.

Alternatively, before the first preposition terminal sends ID card information reading command to electronic signature equipment, method also comprise: background server obtain identity store information, adopt the first encryption key to store information to identity to be encrypted, and send to electronic signature equipment via the second preposition terminal by encrypting the cipher-text information obtained; Cipher-text information is decrypted, obtains ID card information, comprising: background server adopts first decruption key corresponding with the first encryption key to be decrypted cipher-text information, obtains ID card information.

Alternatively, before the first preposition terminal sends ID card information reading command to electronic signature equipment, method also comprise: background server obtain identity store information, adopt the first encryption key to store information to identity to be encrypted, and send to electronic signature equipment via the second preposition terminal by encrypting the enciphered data obtained; Cipher-text information is that electronic signature equipment adopts the second encryption key to be encrypted enciphered data to obtain; Cipher-text information is decrypted, obtain ID card information, comprise: background server adopts second decruption key corresponding with the second encryption key to be decrypted cipher-text information, obtain enciphered data, recycle first decruption key corresponding with the first encryption key to be decrypted enciphered data, obtain ID card information.

Alternatively, the data that background server sends to electronic signature equipment through the second preposition terminal also comprise except identity storage information: background server carries out signature to ID card information and obtains the first signing messages; Electronic signature equipment sends to the data of the first preposition terminal also to comprise except identity card storage information: background server is signed to ID card information and obtained the first signing messages or electronic signature equipment and adopt the 3rd encryption key the first signing messages to be encrypted to the first signing messages ciphertext obtained; Cipher-text information is decrypted, before returning to the first preposition terminal after obtaining ID card information and by the ID card information obtained, also comprises: background server is verified the first signing messages, and is verified; Or background server adopts three decruption key corresponding with the 3rd encryption key to be decrypted the first signing messages ciphertext, verify deciphering the first signing messages obtained, and be verified.

Alternatively, identity storage information also comprises: background server carries out signature to ID card information and obtains the first signing messages; Cipher-text information is decrypted, before returning to the first preposition terminal after obtaining ID card information and by the ID card information obtained, also comprises: background server is verified the first signing messages obtained of signing, and is verified.

Alternatively, electronic signature equipment sends to the data of the first preposition terminal also to comprise except identity storage information: electronic signature equipment is signed to ID card information or identity storage information and obtained the ciphertext of the second signing messages or the second signing messages; Cipher-text information is decrypted, before returning to the first preposition terminal after obtaining ID card information and by the ID card information obtained, also comprises: background server is verified the second signing messages and is verified; Or the ciphertext of background server to the second signing messages is decrypted, verifies deciphering the second signing messages obtained and be verified.

According to another aspect of the present invention, provide a kind of ID card information and obtain system, comprising: the first preposition terminal and background server; Wherein, first preposition terminal comprises: the first sending module, and for sending ID card information reading command to electronic signature equipment, request is read the identity of preserving in electronic signature equipment and stored information, wherein, identity storage information comprises: the ID card information in user's resident identification card; First receiver module, the identity sent for receiving electronic signature equipment stores the cipher-text information of information; Second sending module, sends to background server for cipher-text information identity being stored information; Background server comprises: the second receiver module, for receiving cipher-text information; Encryption/decryption module, for being decrypted cipher-text information, obtains ID card information; 3rd sending module, for returning to the first preposition terminal by deciphering the ID card information obtained.

Alternatively, cipher-text information is that electronic signature equipment adopts the second encryption key to store information to identity to be encrypted and to obtain; Encryption/decryption module is decrypted cipher-text information in the following manner: adopt second decruption key corresponding with the second encryption key to be decrypted cipher-text information, obtain ID card information.

Alternatively, background server also comprises: the first acquisition module, before sending ID card information reading command in the first preposition terminal to electronic signature equipment, obtains identity and stores information; 3rd sending module also stores information for sending identity via the second preposition terminal to electronic signature equipment.

Alternatively, background server also comprises: the second acquisition module, before sending ID card information reading command in the first preposition terminal to electronic signature equipment, obtains identity and stores information; Encryption/decryption module is also encrypted for adopting the first encryption key to store information to the identity that the second acquisition module obtains; 3rd sending module is also for sending to electronic signature equipment via the second preposition terminal by encrypting the cipher-text information obtained; Encryption/decryption module is decrypted cipher-text information in the following manner: adopt first decruption key corresponding with the first encryption key to be decrypted cipher-text information, obtain ID card information.

Alternatively, background server also comprises: the 3rd acquisition module, before sending ID card information reading command in the first preposition terminal to electronic signature equipment, obtains identity and stores information; Encryption/decryption module is also encrypted for adopting the first encryption key to store information to the identity that the 3rd acquisition module obtains; 3rd sending module is also for sending to electronic signature equipment via the second preposition terminal by encrypting the enciphered data obtained; Cipher-text information is that electronic signature equipment adopts the second encryption key to be encrypted enciphered data to obtain; Encryption/decryption module is decrypted cipher-text information in the following manner: adopt second decruption key corresponding with the second encryption key to be decrypted cipher-text information, obtain enciphered data, recycle first decruption key corresponding with the first encryption key to be decrypted enciphered data, obtain ID card information.

Alternatively, the data that the 3rd sending module sends to electronic signature equipment via the second preposition terminal also comprise except identity storage information: background server carries out signature to ID card information and obtains the first signing messages; The data that electronic signature equipment that first receiver module receives sends also comprise except identity card storage information except: background server is signed to ID card information and obtained the first signing messages or electronic signature equipment employing the 3rd encryption key is encrypted the first signing messages ciphertext obtained to the first signing messages; Background server also comprises: the first authentication module, for verifying the first signing messages, and after being verified, triggering encryption/decryption module and being decrypted cipher-text information; Or, adopting three decruption key corresponding with the 3rd encryption key to be decrypted the first signing messages ciphertext, verifying deciphering the first signing messages obtained, and after being verified, triggering encryption/decryption module and cipher-text information is decrypted.

Alternatively, identity storage information also comprises: background server carries out signature to ID card information and obtains the first signing messages; Background server also comprises: the second authentication module, for verifying the first signing messages obtained of signing, and after being verified, triggering encryption/decryption module and being decrypted cipher-text information.

Alternatively, the data that the electronic signature equipment that the first receiver module receives sends also comprise except identity storage information: electronic signature equipment is signed to ID card information or identity storage information and obtained the ciphertext of the second signing messages or the second signing messages; Background server also comprises: the 3rd authentication module, for verifying the second signing messages, and is verified rear triggering encryption/decryption module and is decrypted cipher-text information; Or, the ciphertext of the second signing messages being decrypted, verifying deciphering the second signing messages of obtaining, and be verified rear triggering encryption/decryption module cipher-text information is decrypted.

According to a further aspect of the invention, provide a kind of resident identification card information authentication system, comprising: electronic signature equipment and above-mentioned ID card information obtain system.

As seen from the above technical solution provided by the invention, preposition terminal reads the ID card information in resident identification card from electronic signature equipment, can prevent carrying with identity card and easily lose and the leakage of losing the identity information caused.In addition, the identity storage information returned due to electronic signature equipment is ciphertext, after must being decrypted, just can getting the plaintext of ID card information, thus ensure that the safety of the ID card information stored in electronic signature equipment by background server to cipher-text information.

Accompanying drawing explanation

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.

The structural representation of the ID card information acquisition system that Fig. 1 provides for the embodiment of the present invention;

The structural representation of the first preposition terminal that Fig. 2 provides for the embodiment of the present invention;

The structural representation of the background server that Fig. 3 provides for the embodiment of the present invention;

The flow chart of the ID card information acquisition methods that Fig. 4 provides for the embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to protection scope of the present invention.

In describing the invention, it will be appreciated that, term " " center ", " longitudinal direction ", " transverse direction ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of the instruction such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of indicate or imply that the device of indication or element must have specific orientation, with specific azimuth configuration and operation, therefore limitation of the present invention can not be interpreted as.In addition, term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.

In describing the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and such as, can be fixedly connected with, also can be removably connect, or connect integratedly; Can be mechanical connection, also can be electrical connection; Can be directly be connected, also indirectly can be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, concrete condition above-mentioned term concrete meaning in the present invention can be understood.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Embodiments provide a kind of ID card information and obtain system.

The structural representation of the ID card information acquisition system that Fig. 1 provides for the embodiment of the present invention, see Fig. 1, the ID card information that the embodiment of the present invention provides obtains system and comprises: the background server 40 that the first preposition terminal 20 is connected with the first preposition terminal 20.

In embodiments of the present invention, when needing the ID card information obtaining user, first preposition terminal 20 sends ID card information reading command to electronic signature equipment 10, ask to read the identity comprising the ID card information in user's resident identification card of preserving in electronic signature equipment 10 and store information, then the first preposition terminal 20 receives the cipher-text information of the identity storage information that electronic signature equipment 10 sends.The cipher-text information that identity is stored information by the first preposition terminal 20 again sends to background server 40.After receiving the cipher-text information of identity storage information, background server 40 is decrypted the cipher-text information received, and obtains ID card information, then the ID card information obtained is returned to the first preposition terminal 20.Thus make the first preposition terminal 20 can obtain the ID card information that can directly read.

In the ID card information acquisition system that the embodiment of the present invention provides, can comprise multiple preposition terminal, be understandable that, the first preposition terminal 20 is one in system in multiple preposition terminal, and each preposition terminal is all connected with background server 40.The server that background server 40 can provide for bank, the terminal that preposition terminal then can provide for bank counter, such as PC etc., or, background server 40 also can need to carry out the server that ID card information obtains system for other, can also be believable third-party server (such as Cloud Server) etc.The key equipment (the U shield of such as industrial and commercial bank, the K of agricultural bank are precious) that electronic signature equipment 10 can provide for bank, also can for having other equipment of signature function.This electronic signature equipment 10 can be connected with arbitrary preposition terminal.

As an Alternate embodiments of the embodiment of the present invention, as shown in Figure 1, this system can also comprise: the second preposition terminal 30.Second preposition terminal 30 and the first preposition terminal 20 can be same preposition terminal, also can be different preposition terminals.In a particular application, user can hold resident identification card and carries out ID card information to the location of the second preposition terminal 30 connecting background server 40 and examine, the ID card information stored in the second preposition terminal 30 reading identity card.Examining after ID card information passes through, identity can stored information through but not limited to such as one of under type and be sent to electronic signature equipment 10 and store:

The ID card information of reading is stored information as identity and is sent to electronic signature equipment 10 by the preposition terminal 30 of mode one: the second, and electronic signature equipment 10 receives the identity storage information that the second preposition terminal 30 sends, and preserves identity and stores information; Certainly, as an Alternate embodiments of the embodiment of the present invention, second preposition terminal 30 can also show the ID card information read, after errorless via confirmation ID card information, identity is stored information and is sent to electronic signature equipment 10 and stores by the second preposition terminal 30, ensure that the authenticity of ID card information thus.

The ID card information of reading is stored information as identity and is sent to background server 40 by the preposition terminal 30 of mode two: the second, background server 40 pairs of identity store the enciphered data obtained after information is encrypted and are back to the second preposition terminal 30, enciphered data is sent to electronic signature equipment 10 by the second preposition terminal 30, this electronic signature equipment 20 pairs of enciphered datas are decrypted rear acquisition identity storage information and store, or electronic signature equipment 10 also can directly preserve this enciphered data.Even if ensure thus to be intercepted and captured in the process that ID card information sends, do not have decruption key cannot obtain ID card information yet, ensure that ID card information confidentiality and fail safe.

The ID card information of reading is stored information as identity and is sent to background server 40 by the preposition terminal 30 of mode three: the second, background server 40 pairs of identity store the signed data obtained after information is signed and are back to the second preposition terminal 30, identity is stored information to second preposition terminal 30 and signed data is sent to electronic signature equipment 10, and this electronic signature equipment 10 stores identity and stores information.Certainly, as an Alternate embodiments of the embodiment of the present invention, electronic signature equipment 10 can carry out sign test to signed data, and after sign test is passed through, stores identity and store information.Thus, ensure that the from the horse's mouth of ID card information and non repudiation and authenticity.

The ID card information of reading is stored information as identity and is sent to background server 40 by the preposition terminal 30 of mode four: the second, background server 40 pairs of identity store the enciphered data obtained after information is encrypted and the signed data obtained after signing to identity storage information is back to the second preposition terminal 30, second preposition terminal 30 is sent to electronic signature equipment 10 again, electronic signature equipment 10 can be decrypted acquisition identity storage information to enciphered data and store, or electronic signature equipment 10 also can direct storage encryption data; Certainly, as an Alternate embodiments of the embodiment of the present invention, after electronic signature equipment 10 can also be decrypted acquisition identity storage information to enciphered data, sign test is carried out to signed data, and after sign test is passed through, namely the storage information that determines one's identity confirms through background server 40, and then stores identity storage information.Thus, namely can ensure non repudiation and the authenticity of ID card information, also can ensure confidentiality and the fail safe of ID card information.

Thus, the ID card information achieved in resident identification card can be safely stored.

The plaintext ID card information that ID card information in the embodiment of the present invention can read from user's resident identification card for card reader of ID card, also can for the ciphertext ID card information stored in user's resident identification card, this ciphertext ID card information can be decrypted by network, thus obtains its cleartext information.Certainly, ID card information can be whole ID card informations of the storage in user's resident identification card, also for the part identity card information intercepted according to different demand, specifically can be not construed as limiting in embodiments of the present invention.

Identity stored information encryption by the second preposition terminal 30 and be sent to based on above-mentioned the mode that electronic signature equipment 10 carries out storing, background server 40 can utilize the PKI of electronic signature equipment 10 to be encrypted information, also the key consulted with electronic signature equipment 10 can be utilized to be encrypted, the preset symmetric key identical with electronic signature equipment 10 can also be utilized to be encrypted.Corresponding, information after electronic signature equipment 10 can utilize private key pair encryption is decrypted rear preservation, also the information after the key pair encryption consulted with background server 40 can be utilized to be decrypted rear preservation, the preset symmetric key identical with background server 40 can also be utilized to be decrypted rear preservation to the information after encrypting, or, electronic signature equipment 10 also can directly storage encryption identity store information, when receiving reading command, directly the identity of encryption being stored information and sending to the first preposition terminal 10.In addition, identity stored by the second preposition terminal 30 signing messages that information and identity store information and be sent to based on above-mentioned the mode that electronic signature equipment 10 carries out storing together, background server 40 can utilize the private key of background server 40 to sign to ID card information, electronic signature equipment 10 utilizes the PKI of background server 40 to carry out sign test to signed data, preserved together by rear electronic signature equipment 10 signed data (also can store information as identity together with ID card information and signed data thereof) obtained of ID card information and background server 40 can being signed in sign test.

As an Alternate embodiments of the embodiment of the present invention, the second preposition terminal 30 in the following way one or a combination set of can obtain the ID card information stored in user's resident identification card:

The preposition terminal 30 of mode one: the second reads the ID card information stored in resident identification card by equipment such as card reader of ID cards;

Mode two: the ID card information of resident identification card is inputed in the second preposition terminal 30 by input equipment etc.;

The preposition terminal 30 of mode three: the second is by the ID card information of the scanning resident identification cards such as scanning device.

As an Alternate embodiments of the embodiment of the present invention, in the following way one or a combination set of ID card information can be examined:

Mode one: ID card information is examined by the personnel of handling;

The ID card information got is sent to background server 40 by the preposition terminal 30 of mode two: the second, is sent to ID card verification mechanism carries out checking and examine via background server 40 by the mode of safety.

After only examining the authenticity of resident identification card information, just ID card information is processed, thus the authenticity of ID card information can be ensured.

As a kind of Alternate embodiments of the embodiment of the present invention, electronic signature equipment 10 can also arrange card reader of ID card, read the ID card information stored in resident identification card via this card reader of ID card, and this ID card information is stored in electronic signature equipment 10 as identity storage information.By this Alternate embodiments, the ID card information in resident identification card can read in electronic signature equipment 10 and preserve by user in any place.

As an Alternate embodiments of the embodiment of the present invention, ID card information at least comprises following one or its combination in any: name, ID card No., the term of validity and biometric information.Certainly, ID card information can also comprise: sex, nationality, date of birth and/or address etc.Certainly, biometric information can comprise following one or its combination in any: photo, fingerprint and iris etc.

As an Alternate embodiments of the embodiment of the present invention, after electronic signature equipment 10 saves identity storage information, when removing the first preposition terminal 20 transacting business, if need to show ID card information, then identity card can be carried, only need to carry electronic signature equipment 10 and namely can provide ID card information, be user-friendly to, can prevent identity card from losing and the ID card information that causes is revealed simultaneously.Now, electronic signature equipment 10 receives the reading command that the first preposition terminal 20 sends, and identity is stored information and signing messages is sent to the first preposition terminal 20.

As an Alternate embodiments of the embodiment of the present invention, first preposition terminal 20 can read identity by special interface from electronic signature equipment 10 and store information, this interface can be wireline interface, such as USB, audio frequency, serial ports etc., also can be wave point, such as: NFC, bluetooth, WIFI, RFID etc.With the electronic signature equipment 10 making the first preposition terminal 20 can adapt to number of different types.Certainly, the first preposition terminal 20 can adopt safe link to connect background server 40.

In an alternative of the embodiment of the present invention, the cipher-text information that the electronic signature equipment 10 that the first preposition terminal 20 receives sends can comprise with one of under type:

Mode one: adopt the first encryption key ID card information to be encrypted to the cipher-text information obtained by background server 40.

In this approach, electronic signature equipment 10 is when storing information stored in identity, send to electronic signature equipment 10 to preserve cipher-text information by background server 40 via the second preposition terminal 30, after electronic signature equipment 10 receives this cipher-text information, directly preserve this cipher-text information.When receiving the reading command that the first preposition terminal 20 sends, directly this cipher-text information is returned to the first preposition terminal 20.

Mode two: electronic signature equipment 10 adopts the second encryption key ID card information to be encrypted to the cipher-text information obtained.

In a particular application, electronic signature equipment 10 can be when storing ID card information, is encrypted preservation to ID card information, or, also can be, after being encrypted by the plaintext of the ID card information of preservation, send to the first preposition terminal 20 when receiving reading command.The concrete embodiment of the present invention is not construed as limiting.

Mode three: electronic signature equipment 10 adopts the second encryption key enciphered data to be encrypted to the cipher-text information obtained, wherein, enciphered data is that background server 40 adopts the first encryption key ID card information to be encrypted to the enciphered data obtained.

In this approach, electronic signature equipment 10 is when storing information stored in identity, via the second preposition terminal 30, employing first encryption key is encrypted to ID card information the enciphered data obtained by background server 40 and sends to electronic signature equipment 10, after electronic signature equipment 10 receives this enciphered data, can directly preserve this enciphered data, or, the second encryption key also can be adopted to be encrypted rear preservation to enciphered data.When receiving the reading command that the first preposition terminal 20 sends, direct employing second encryption key obtains cipher-text information after being encrypted the enciphered data of preserving, this cipher-text information is returned to the first preposition terminal 20, or the cipher-text information of preservation is returned to the first preposition terminal 20 by electronic signature equipment 10.

Mode four: electronic signature equipment 10 adopts the second encryption key to be encrypted to ID card information and the second signing messages the cipher-text information obtained, wherein, the second signing messages is that background server 40 adopts the private key of background server 40 to sign to ID card information to obtain.

Adopt in this way, second signing messages can be when electronic signature equipment 10 stores information stored in identity, background server 40 sends to electronic signature equipment 10 with ID card information via the second preposition terminal 30, electronic signature equipment 10 can when receiving ID card information and the second signing messages, adopt the second encryption key to store information to ID card information and the second signing messages as identity and be encrypted rear preservation, also can be directly preserve ID card information and the second signing messages, when receiving reading command, what adopt the second encryption key to be encrypted ID card information and the second signing messages returns to the first preposition terminal 20.

Mode five: electronic signature equipment 10 adopts the second encryption key to be encrypted to the enciphered data of ID card information and the second signing messages the cipher-text information obtained, wherein, the enciphered data of ID card information is that background server 40 adopts the first encryption key to be encrypted ID card information to obtain, and the second signing messages is that background server 40 adopts the private key of background server 40 to sign to ID card information to obtain.

Adopt in this way, the enciphered data of ID card information and the second signing messages can be when electronic signature equipment 10 stores information stored in identity, background server 40 sends to electronic signature equipment 10 via the second preposition terminal 30, electronic signature equipment 10 can when receiving enciphered data and second signing messages of ID card information, adopt the second encryption key to store information to the enciphered data of ID card information and the second signing messages as identity and be encrypted rear preservation, also can be enciphered data and the second signing messages of directly preserving ID card information, when receiving reading command, what adopt the second encryption key to be encrypted the enciphered data of ID card information and the second signing messages returns to the first preposition terminal 20.

Corresponding to the cipher-text information of above-mentioned various mode, background server 40, after the cipher-text information receiving the first preposition terminal 20 transmission, accordingly, can be decrypted in the following ways:

Mode one: background server 40 adopts first decruption key corresponding with the first encryption key to be decrypted cipher-text information and obtains ID card information.

Wherein, the first encryption key and the first decruption key are pair of secret keys, can be symmetric keys, also can be unsymmetrical key.Can be preset, also can be that background server 40 is consulted with electronic signature equipment 10, the concrete embodiment of the present invention be not construed as limiting.

Mode two: background server 40 adopts second decruption key corresponding with the second encryption key to be decrypted cipher-text information and obtains ID card information.

Wherein, the second encryption key and the second decruption key are pair of secret keys, can be symmetric keys, also can be unsymmetrical key.Can be preset, such as, the second encryption key can be the PKI of background server 40, and the second decruption key is the private key of background server 40.Such as, or also can be that background server 40 is consulted with electronic signature equipment 10, background server 40 and electronic signature equipment 10 set up escape way by mutual certification, consult transmission security key.The concrete embodiment of the present invention is not construed as limiting.

Mode three: background server 40 adopts second decruption key corresponding with the second encryption key to be decrypted cipher-text information and obtains enciphered data, and then adopt second decruption key corresponding with the second encryption key to be decrypted enciphered data, obtain ID card information.

Mode four: background server 40 adopts second decruption key corresponding with the second encryption key to decipher cipher-text information and obtains ID card information and the second signing messages.

In this case, background server 40, after deciphering obtains ID card information and the second signing messages, can also be verified, after being verified the second signing messages, the ID card information obtained is returned to the first preposition terminal 20 again, thus the reliability of ID card information can be ensured.

Mode five: background server 40 adopts second decruption key corresponding with the second encryption key to be decrypted cipher-text information and obtains enciphered data and the second signing messages, and then adopt second decruption key corresponding with the second encryption key to be decrypted enciphered data, obtain ID card information.

In an alternative of the embodiment of the present invention, in each possible Alternate embodiments above-mentioned, after receiving reading command, electronic signature equipment 10 returns in the data of the first preposition terminal 20, except above-mentioned cipher-text information can also comprise signing messages, background server 40 is before ID card information deciphering obtained returns to the first preposition terminal 20, can also verify signing messages, after being verified, the ID card information obtained is returned to the first preposition terminal 20 again, thus reliability and the non repudiation of the ID card information obtained can be ensured.

In a particular application, signing messages can include but not limited to following one of at least:

Mode one: electronic signature equipment 10 utilizes its private key to store to identity ciphertext that information or identity store information and to sign the first signing messages obtained.

Accordingly, when background server 40 pairs of signing messages are verified, the PKI of electronic signature equipment 10 can be utilized to verify the first signing messages.

Wherein, it can be that electronic signature equipment 10 pairs of identity store information and are encrypted and obtain that identity stores the ciphertext of information, also can be that background server 40 pairs of ID card informations are encrypted and obtain.

In this case, alternatively, in order to avoid Replay Attack, the first preposition terminal 20 carries single authentication information in the reading command sent to electronic signature equipment 10; Then can also comprise in signing messages: electronic signature equipment 10 utilizes its private key to sign the 3rd signing messages obtained to this single authentication information.Accordingly, accordingly, when background server 40 pairs of signing messages are verified, the PKI of electronic signature equipment 10 can also be utilized to verify the 3rd signing messages.

As an Alternate embodiments of the embodiment of the present invention, single authentication information can comprise following one or its combination: random factor, time factor and event factor.

Concrete, random factor can be following one or its combination: random number, random character and random Chinese character.Time factor can be time at that time.Event factor can be that the accumulative numerical value of start-stop counter often occurs, at every turn different.

Owing to including single authentication information when the first preposition terminal 20 sends reading command at every turn, what when can ensure to read identity storage information from electronic signature equipment 10, electronic signature equipment 10 sent at every turn is all different information, even if intercepted and captured, also second time cannot use in the first preposition terminal 20, prevent Replay Attack.

In specific implementation process, the single authentication information of carrying in reading command can be that background server 40 sends to the first preposition terminal 20.Such as, first preposition terminal 20 at needs from electronic signature equipment 10 before reading identity card information, can first notify background server 40, after background server 40 receives the notice of the first preposition terminal 20, send single authentication information to the first preposition terminal 20 to electronic signature equipment 10, this single authentication information is carried at reading command and sends to electronic signature equipment 10 by electronic signature equipment 10.Certainly, single authentication information also can not be carried in reading command and send to electronic signature equipment 10 by the first preposition terminal 20, but by an independent signaling, such as, signature command, sends to electronic signature equipment 10 by single authentication information, and the first preposition terminal 20 also can after sending reading command to electronic signature equipment 10, reinform background server 40, and then receive the single authentication request of background server 40 transmission, and then send to the first preposition terminal 20.The concrete embodiment of the present invention is not construed as limiting.

In an alternative of the embodiment of the present invention, storing information in identity can also comprise: background server 40 utilizes its private key to sign the second signing messages obtained to ID card information.Accordingly, when background server 40 pairs of signing messages are verified, also will the PKI of background server 40 be utilized to verify the second signing messages.

Wherein, the second signing messages can be that identity is stored information when sending to electronic signature equipment 10 by the second preposition terminal 30, and the second signing messages is sent to electronic signature equipment 10 as a part that identity stores information.Namely the second preposition terminal 30 can after getting the ID card information stored in resident identification card, ID card information is sent to background server 40, background server 40 utilizes the private key of background server 40 to sign to ID card information, obtain the second signing messages, then the second signing messages is returned to the second preposition terminal 30, and the part that the second signing messages stores information as identity is sent to electronic signature equipment 10 by the second preposition terminal 30, electronic signature equipment 10 upon receipt, the part that second signing messages stores information as identity is stored.

It should be noted that, if background server 40 needs to verify multiple signing messages, then only when being all verified all signing messages, just confirming to be verified.

Wherein, to those skilled in the art, in the embodiment of the present invention, background server 40 pairs of signing messages carry out checking and refer to that background server 40 utilizes PKI (as mentioned above, can be the PKI of electronic signature equipment 10 or the PKI of background server 40) signing messages is decrypted, obtain a digest value, then, background server 40 to the information of correspondence (as mentioned above, information can be stored for ID card information or identity) carry out digest calculations, compare calculating digest value and deciphering the digest value obtained, if consistent, then be verified, otherwise, checking is not passed through.

Mode two: background server 40 utilizes the ciphertext of its private key to ID card information or ID card information to sign the second signing messages obtained.

In this case, wherein, during the second signing messages can be the second preposition terminal 30 by the ciphertext of ID card information or ID card information send to electronic signature equipment 10, the second signing messages is sent to electronic signature equipment 10 with the ciphertext of ID card information or ID card information.Namely the second preposition terminal 30 can after getting the ID card information stored in resident identification card, ID card information is sent to background server 40, background server 40 utilizes the private key of background server 40 to sign to ID card information, obtain the second signing messages, then together with the plaintext of the second signing messages and ID card information or ciphertext, the second preposition terminal 30 is returned to, and the plaintext of ID card information or ciphertext and the second signing messages are sent to electronic signature equipment 10 by the second preposition terminal 30 together, electronic signature equipment 10 upon receipt, by association store together with the plaintext of the second signing messages and ID card information or ciphertext, when receiving reading command, second signing messages is returned to together the first preposition terminal 20.In this case, when background server 40 pairs of signing messages are verified, the PKI of background server 40 is utilized to verify the second signing messages.

Utilize the system that the embodiment of the present invention provides, electronic signature equipment 10 preserves ID card information, first preposition terminal 20 is when reading identity card information, the cipher-text information that the identity read stores information is sent to background server 40, by background server 40, the cipher-text information that the identity read from electronic signature equipment 10 stores information is decrypted, thus both can prevent carrying with identity card and easily lose and the problem of losing the leakage of the identity information caused, can ensure that again the ID card information stored in electronic signature equipment 10 can not illegally be read.

It should be noted that, be described although be provided separately for preposition terminal and background server in the present embodiment, be not limited to this, in actual applications, also preposition terminal and background server unification can be arranged.As long as the function provided required by the embodiment of the present invention can be realized.

According to the embodiment of the present invention, additionally provide a kind of resident identification card information authentication system, this system comprises electronic signature equipment 10 and above-mentioned ID card information obtains system.

Below respectively the structure of the preposition terminal 20 of first in ID card information acquisition system and background server 40 is described.

At an Alternate embodiments of the embodiment of the present invention, the first preposition terminal 20 can adopt structure as shown in Figure 2.As shown in Figure 2, the first preposition terminal 20 that the embodiment of the present invention provides mainly comprises: the first sending module 200, first receiver module 202 and the second sending module 204.Wherein,

First sending module 200, for sending ID card information reading command to electronic signature equipment 10, request is read the identity of preserving in electronic signature equipment and is stored information, and wherein, identity stores information and comprises: the ID card information in user's resident identification card.

First receiver module 202, the identity sent for receiving electronic signature equipment 10 stores the cipher-text information of information.

Second sending module 204, sends to background server 40 for cipher-text information identity being stored information.

At an Alternate embodiments of the embodiment of the present invention, background server 40 can adopt structure as shown in Figure 3.As shown in Figure 3, the background server 40 that the embodiment of the present invention provides mainly comprises: the second receiver module 400, deciphering module 402 and the 3rd sending module 404.Wherein,

Second receiver module 400, for receiving the cipher-text information that the first preposition terminal 20 sends.

Encryption/decryption module 402, for being decrypted the cipher-text information received, obtains ID card information.

3rd sending module 404, for returning to the first preposition terminal 20 by deciphering the ID card information obtained.

As can be seen here, the ID card information utilizing the embodiment of the present invention to provide obtains system, can prevent from carrying with identity card easily to lose and the problem of losing the leakage of the identity information caused, and ensure can not illegally being read of the ID card information that electronic signature equipment 10 is preserved.

In an alternative of the embodiment of the present invention, as mentioned above, the cipher-text information that the first receiver module 202 receives comprises above-mentioned mode one to mode five, and encryption/decryption module 402 can adopt mode one to the mode five of above-mentioned correspondence to be decrypted.

Alternatively, background server 40 can also comprise: the first acquisition module, before sending ID card information reading command in the first preposition terminal to electronic signature equipment, obtains identity and stores information; 3rd sending module 404 also stores information for sending identity via the second preposition terminal to electronic signature equipment.

Alternatively, background server 40 can also comprise: the second acquisition module, before sending ID card information reading command in the first preposition terminal to electronic signature equipment, obtains identity and stores information; Encryption/decryption module 402 is also encrypted for adopting the first encryption key to store information to the identity that the second acquisition module obtains; 3rd sending module 404 is also for sending to electronic signature equipment via the second preposition terminal by encrypting the cipher-text information obtained; Encryption/decryption module 402 is decrypted cipher-text information in the following manner: adopt first decruption key corresponding with the first encryption key to be decrypted cipher-text information, obtain ID card information.

Alternatively, background server 40 can also comprise: the 3rd acquisition module, before sending ID card information reading command in the first preposition terminal to electronic signature equipment, obtains identity and stores information; Encryption/decryption module 402 is also encrypted for adopting the first encryption key to store information to the identity that the 3rd acquisition module obtains; 3rd sending module 404 is also for sending to electronic signature equipment via the second preposition terminal by encrypting the enciphered data obtained; Cipher-text information is that electronic signature equipment adopts the second encryption key to be encrypted enciphered data to obtain; Encryption/decryption module 402 is decrypted cipher-text information in the following manner: adopt second decruption key corresponding with the second encryption key to be decrypted cipher-text information, obtain enciphered data, recycle first decruption key corresponding with the first encryption key to be decrypted enciphered data, obtain ID card information.

In an alternative of the embodiment of the present invention, after receiving reading command, electronic signature equipment 10 returns in the data of the first preposition terminal 20, except above-mentioned cipher-text information can also comprise signing messages, background server 40 is before ID card information deciphering obtained returns to the first preposition terminal 20, can also verify signing messages, after being verified, the ID card information obtained is returned to the first preposition terminal 20 again, thus reliability and the non repudiation of the ID card information obtained can be ensured.As mentioned above, signing messages at least can comprise the content of aforesaid way one and mode two.

In an alternative of the embodiment of the present invention, the data that the 3rd sending module 404 sends to electronic signature equipment 10 via the second preposition terminal can also comprise except identity storage information: background server carries out signature to ID card information and obtains the second signing messages; The data that electronic signature equipment 10 that first receiver module 202 receives sends can also comprise except identity card storage information except: background server 40 pairs of ID card informations are signed and obtained the second signing messages or electronic signature equipment employing the 3rd encryption key is encrypted the second signing messages ciphertext obtained to the second signing messages; Background server 40 can also comprise: the first authentication module, for verifying the second signing messages, and after being verified, triggering encryption/decryption module 402 pairs of cipher-text information and being decrypted; Or, adopting three decruption key corresponding with the 3rd encryption key to be decrypted the second signing messages ciphertext, verifying deciphering the second signing messages obtained, and after being verified, triggering encryption/decryption module 402 pairs of cipher-text information and be decrypted.

In an alternative of the embodiment of the present invention, identity stores information and can also comprise: background server 40 pairs of ID card informations carry out signature and obtain the second signing messages; Background server can also comprise: the second authentication module, for verifying the second signing messages obtained of signing, and after being verified, triggering encryption/decryption module 402 pairs of cipher-text information and being decrypted.

In an alternative of the embodiment of the present invention, the data that the electronic signature equipment that the first receiver module 202 receives sends can also comprise except described identity storage information: electronic signature equipment 10 pairs of ID card informations or identity storage information are signed and obtained the ciphertext of the first signing messages or the first signing messages; Background server can also comprise: the 3rd authentication module, for verifying the first signing messages, and is verified rear triggering encryption/decryption module 402 pairs of cipher-text information and is decrypted; Or, the ciphertext of the first signing messages being decrypted, verifying deciphering the first signing messages of obtaining, and be verified rear triggering encryption/decryption module 402 pairs of cipher-text information and be decrypted.

As an Alternate embodiments of the embodiment of the present invention, ID card information at least comprises following one or its combination in any: name, ID card No., the term of validity and biometric information etc., certainly, ID card information can also comprise: sex, nationality, date of birth and/or address etc.Wherein, biometric information comprises following one or its combination in any: photo, fingerprint and iris.

The embodiment of the present invention additionally provides a kind of ID card information acquisition methods, and the method is applied to said system, can have been coordinated by the first preposition terminal 20 with background server 40.

Fig. 4 shows the flow chart of the ID card information acquisition methods that the embodiment of the present invention provides, and see Fig. 4, the ID card information acquisition methods that the embodiment of the present invention provides mainly comprises the steps S410 to S450.

In embodiments of the present invention, when needing the ID card information obtaining user, perform step S410, first preposition terminal 20 sends ID card information reading command to electronic signature equipment 10, request is read the identity comprising the ID card information in user's resident identification card of preserving in electronic signature equipment 10 and is stored information, wherein, identity storage information comprises: the ID card information in user's resident identification card.

After electronic signature equipment 10 receives this reading command, send to the first preposition terminal 20 cipher-text information that identity stores information, in the step s 420, the first preposition terminal 20 receives the cipher-text information of the identity storage information that electronic signature equipment 10 sends.After receiving the cipher-text information from the identity storage information of electronic signature equipment 10, because the first preposition terminal 20 does not have sign test ability, therefore, the cipher-text information that identity is stored information by the first preposition terminal 20 sends to background server 40 (step S430).Certainly, if the first preposition terminal 20 possesses decipher function, follow-up decryption step also can directly perform in the first preposition terminal 20.Namely the first preposition terminal 20 is unified with background server 40 and is arranged.

Background server 40 performs step S440, is decrypted, obtains ID card information to cipher-text information after receiving identity storage information and signing messages.Then background server 40 returns to the first preposition terminal 20 (step S450) by deciphering the ID card information obtained.

In an alternative of the embodiment of the present invention, preserve in electronic signature equipment 10 identity store information can by background server 40 via the second preposition terminal 30 stored in, therefore, in this alternative, before the first preposition terminal 20 sends ID card information reading command to electronic signature equipment 10, identity can be stored information and send to electronic signature equipment 10 by the second preposition terminal 30 by background server 40.

In an alternative of the embodiment of the present invention, in step S420, the cipher-text information that the electronic signature equipment 10 that the first preposition terminal 20 receives sends can comprise with one of under type:

In this approach, before step S410, electronic signature equipment 10 is when storing information stored in identity, electronic signature equipment 10 is sent to preserve cipher-text information by background server 40 via the second preposition terminal 30, after electronic signature equipment 10 receives this cipher-text information, directly preserve this cipher-text information.When receiving the reading command that the first preposition terminal 20 sends, directly this cipher-text information is returned to the first preposition terminal 20.

In a particular application, electronic signature equipment 10 can before step S410, when storing ID card information, preservation is encrypted to ID card information, or, also can be when receiving reading command, after being encrypted by the plaintext of the ID card information of preservation, send to the first preposition terminal 20.The concrete embodiment of the present invention is not construed as limiting.

In this approach, electronic signature equipment 10 can before step S410, when storing information stored in identity, via the second preposition terminal 30, employing first encryption key is encrypted to ID card information the enciphered data obtained by background server 40 and sends to electronic signature equipment 10, after electronic signature equipment 10 receives this enciphered data, can directly preserve this enciphered data, or, the second encryption key also can be adopted to be encrypted rear preservation to enciphered data.When receiving the reading command that the first preposition terminal 20 in step S410 sends, direct employing second encryption key obtains cipher-text information after being encrypted the enciphered data of preserving, this cipher-text information is returned to the first preposition terminal 20, or the cipher-text information of preservation is returned to the first preposition terminal 20 by electronic signature equipment 10.

Adopt in this way, before second signing messages can be step S410, when electronic signature equipment 10 stores information stored in identity, background server 40 sends to electronic signature equipment 10 with ID card information via the second preposition terminal 30, electronic signature equipment 10 can when receiving ID card information and the second signing messages, adopt the second encryption key to store information to ID card information and the second signing messages as identity and be encrypted rear preservation, also can be directly preserve ID card information and the second signing messages, when receiving the reading command in step S410, what adopt the second encryption key to be encrypted ID card information and the second signing messages returns to the first preposition terminal 20.

Adopt in this way, enciphered data and second signing messages of ID card information can be before step S410, when electronic signature equipment 10 stores information stored in identity, background server 40 sends to electronic signature equipment 10 via the second preposition terminal 30, electronic signature equipment 10 can when receiving enciphered data and second signing messages of ID card information, adopt the second encryption key to store information to the enciphered data of ID card information and the second signing messages as identity and be encrypted rear preservation, also can be enciphered data and the second signing messages of directly preserving ID card information, when receiving the reading command in step S420, what adopt the second encryption key to be encrypted the enciphered data of ID card information and the second signing messages returns to the first preposition terminal 20.

Corresponding to the cipher-text information of above-mentioned various mode, background server 40 is after the cipher-text information receiving the first preposition terminal 20 transmission, and accordingly, in step S440, background server 40 can be decrypted in the following ways:

In this case, background server 40 is after deciphering obtains ID card information and the second signing messages, before execution step S450, can also verify the second signing messages, after being verified, again the ID card information obtained is returned to the first preposition terminal 20 (step S450), thus the reliability of ID card information can be ensured.

In this case, background server 40 is after deciphering obtains ID card information and the second signing messages, before step S450, can also verify the second signing messages, after being verified, again the ID card information obtained is returned to the first preposition terminal 20 (step S450), thus the reliability of ID card information can be ensured.

In an alternative of the embodiment of the present invention, after receiving the reading command in step S410, electronic signature equipment 10 returns in the data of the first preposition terminal 20, except above-mentioned cipher-text information can also comprise signing messages, background server 40 is before ID card information deciphering obtained returns to the first preposition terminal 20 (step S450), can also verify signing messages, after being verified, again the ID card information obtained is returned to the first preposition terminal 20 (step S450), thus reliability and the non repudiation of the ID card information obtained can be ensured.

Accordingly, when background server 40 pairs of signing messages are verified, the PKI of electronic signature equipment 10 can be utilized to verify the first signing messages.By this Alternate embodiments, can ensure that the ID card information got is through the user authentication of electronic signature equipment, thus guarantee reliability and the non repudiation of ID card information.

In this case, alternatively, in order to avoid Replay Attack, in step S410, the first preposition terminal 20 carries single authentication information in the reading command sent to electronic signature equipment 10; Then can also comprise in signing messages: electronic signature equipment 10 utilizes its private key to sign the 3rd signing messages obtained to this single authentication information.Accordingly, accordingly, when background server 40 pairs of signing messages are verified, the PKI of electronic signature equipment 10 can also be utilized to verify the 3rd signing messages.

In this case, wherein, during the second signing messages can be the second preposition terminal 30 by the ciphertext of ID card information or ID card information send to electronic signature equipment 10, the second signing messages is sent to electronic signature equipment 10 with the ciphertext of ID card information or ID card information.Namely the second preposition terminal 30 can after getting the ID card information stored in resident identification card, ID card information is sent to background server 40, background server 40 utilizes the private key of background server 40 to sign to ID card information, obtain the second signing messages, then together with the plaintext of the second signing messages and ID card information or ciphertext, the second preposition terminal 30 is returned to, and the plaintext of ID card information or ciphertext and the second signing messages are sent to electronic signature equipment 10 by the second preposition terminal 30 together, electronic signature equipment 10 upon receipt, by association store together with the plaintext of the second signing messages and ID card information or ciphertext, when receiving reading command, second signing messages is returned to together the first preposition terminal 20.In this case, when background server 40 pairs of signing messages are verified, the PKI of background server 40 is utilized to verify the second signing messages.By this Alternate embodiments, can ensure that the ID card information got is through background server certification, thus guarantee the reliability of ID card information.

That is, in an alternative of the embodiment of the present invention, cipher-text information is that electronic signature equipment adopts the second encryption key to store information to identity to be encrypted and to obtain; And when performing step S440, background server adopts second decruption key corresponding with the second encryption key to be decrypted cipher-text information, obtain ID card information.

In another alternative of the embodiment of the present invention, before the first preposition terminal sends ID card information reading command to electronic signature equipment, background server obtains identity and stores information, sends identity store information via the second preposition terminal to electronic signature equipment.

In an alternative of the embodiment of the present invention, before the first preposition terminal sends ID card information reading command to electronic signature equipment, background server obtains identity and stores information, adopt the first encryption key to store information to identity to be encrypted, and send to electronic signature equipment via the second preposition terminal by encrypting the cipher-text information obtained; And when performing step S440, background server adopts first decruption key corresponding with the first encryption key to be decrypted cipher-text information, obtain ID card information.

In another Alternate embodiments of the embodiment of the present invention, before the first preposition terminal sends ID card information reading command to electronic signature equipment, background server obtains identity and stores information, adopt the first encryption key to store information to identity to be encrypted, and send to electronic signature equipment via the second preposition terminal by encrypting the enciphered data obtained; Cipher-text information is that electronic signature equipment adopts the second encryption key to be encrypted enciphered data to obtain; And when performing step S440, background server adopts second decruption key corresponding with the second encryption key to be decrypted cipher-text information, obtain enciphered data, recycle first decruption key corresponding with the first encryption key and enciphered data is decrypted, obtain ID card information.

In another Alternate embodiments of the embodiment of the present invention, the data that background server sends to electronic signature equipment through the second preposition terminal also comprise except identity storage information: background server carries out signature to ID card information and obtains the first signing messages; Electronic signature equipment sends to the data of the first preposition terminal also to comprise except identity card storage information: background server is signed to ID card information and obtained the first signing messages or electronic signature equipment and adopt the 3rd encryption key the first signing messages to be encrypted to the first signing messages ciphertext obtained; And after execution step S440 and before step S450, background server is verified the first signing messages, and is verified; Or background server adopts three decruption key corresponding with the 3rd encryption key to be decrypted the first signing messages ciphertext, verify deciphering the first signing messages obtained, and be verified.

In another Alternate embodiments of the embodiment of the present invention, identity stores information and can also comprise: background server carries out signature to ID card information and obtains the first signing messages; And after execution step S440 and before step S450, background server is verified the first signing messages obtained of signing, and be verified.

In another Alternate embodiments of the embodiment of the present invention, electronic signature equipment sends to the data of the first preposition terminal also to comprise except identity storage information: electronic signature equipment is signed to ID card information or identity storage information and obtained the ciphertext of the second signing messages or the second signing messages; And after execution step S440 and before step S450, background server is verified the second signing messages and is verified; Or the ciphertext of background server to the second signing messages is decrypted, verifies deciphering the second signing messages obtained and be verified.

Describe and can be understood in flow chart or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.

The above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.

In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.

Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention when not departing from principle of the present invention and aim, revising, replacing and modification.Scope of the present invention is by claims and equivalency thereof.

Claims

1. an ID card information acquisition methods, is characterized in that, comprising:

First preposition terminal sends ID card information reading command to electronic signature equipment, and request is read the identity of preserving in described electronic signature equipment and stored information, and wherein, described identity stores information and comprises: the ID card information in user's resident identification card;

Described first preposition terminal receives the cipher-text information of the identity storage information that described electronic signature equipment sends;

The cipher-text information that described identity stores information is sent to background server by described first preposition terminal;

Described background server is decrypted described cipher-text information, obtains described ID card information;

The described ID card information obtained is returned to described first preposition terminal by described background server.

2. method according to claim 1, is characterized in that,

Described cipher-text information is that described electronic signature equipment adopts the second encryption key to store information to described identity to be encrypted and to obtain;

Described cipher-text information is decrypted, obtains described ID card information, comprising: described background server adopts second decruption key corresponding with described second encryption key to be decrypted described cipher-text information, obtains described ID card information.

3. method according to claim 2, it is characterized in that, before described first preposition terminal sends ID card information reading command to electronic signature equipment, described method also comprises: described background server obtains described identity and stores information, sends described identity store information via the second preposition terminal to described electronic signature equipment.

4. method according to claim 1, is characterized in that,

Before described first preposition terminal sends ID card information reading command to electronic signature equipment, described method also comprises: described background server obtains described identity and stores information, adopt the first encryption key to store information to described identity to be encrypted, and send to described electronic signature equipment via the second preposition terminal by encrypting the described cipher-text information obtained;

Described cipher-text information is decrypted, obtains described ID card information, comprising: described background server adopts first decruption key corresponding with described first encryption key to be decrypted described cipher-text information, obtains described ID card information.

5. method according to claim 1, is characterized in that,

Before described first preposition terminal sends ID card information reading command to electronic signature equipment, described method also comprises: described background server obtains described identity and stores information, adopt the first encryption key to store information to described identity to be encrypted, and send to described electronic signature equipment via the second preposition terminal by encrypting the enciphered data obtained;

Described cipher-text information is that described electronic signature equipment adopts the second encryption key to be encrypted described enciphered data to obtain;

Described cipher-text information is decrypted, obtain described ID card information, comprise: described background server adopts second decruption key corresponding with described second encryption key to be decrypted described cipher-text information, obtain described enciphered data, recycling first decruption key corresponding with described first encryption key is decrypted described enciphered data, obtains described ID card information.

6. the method according to any one of claim 3 to 5, is characterized in that,

The data that described background server sends to described electronic signature equipment through described second preposition terminal also comprise except described identity storage information: described background server carries out signature to described ID card information and obtains the first signing messages;

Described electronic signature equipment sends to the data of described first preposition terminal also to comprise except described identity card storage information: described background server is signed to described ID card information and obtained the first signing messages or described electronic signature equipment and adopt the 3rd encryption key described first signing messages to be encrypted to the first signing messages ciphertext obtained;

Described described cipher-text information to be decrypted, before returning to described first preposition terminal after obtaining described ID card information and by the described ID card information obtained, described method also comprises: described background server is verified described first signing messages, and is verified; Or described background server adopts three decruption key corresponding with the 3rd encryption key to be decrypted described first signing messages ciphertext, verify deciphering the first signing messages obtained, and be verified.

7. the method according to any one of claim 1 to 5, is characterized in that,

Described identity stores information and also comprises: described background server carries out signature to described ID card information and obtains the first signing messages;

Described described cipher-text information to be decrypted, before returning to described first preposition terminal after obtaining described ID card information and by the described ID card information obtained, described method also comprises: described background server is verified described first signing messages obtained of signing, and is verified.

8. the method according to any one of claim 1 to 7, is characterized in that,

Described electronic signature equipment sends to the data of described first preposition terminal also to comprise except described identity storage information: described electronic signature equipment is signed to described ID card information or described identity storage information and obtained the ciphertext of the second signing messages or described second signing messages;

Described described cipher-text information to be decrypted, before returning to described first preposition terminal after obtaining described ID card information and by the described ID card information obtained, described method also comprises: described background server is verified described second signing messages and is verified; Or the ciphertext of described background server to described second signing messages is decrypted, verifies deciphering the second signing messages obtained and be verified.

9. ID card information obtains a system, it is characterized in that, comprising: the first preposition terminal and background server; Wherein,

Described first preposition terminal comprises:

First sending module, for sending ID card information reading command to electronic signature equipment, request is read the identity of preserving in described electronic signature equipment and is stored information, and wherein, described identity stores information and comprises: the ID card information in user's resident identification card;

First receiver module, the identity sent for receiving described electronic signature equipment stores the cipher-text information of information;

Second sending module, sends to background server for the cipher-text information described identity being stored information;

Described background server comprises:

Second receiver module, for receiving described cipher-text information;

Encryption/decryption module, for being decrypted described cipher-text information, obtains described ID card information;

3rd sending module, for returning to described first preposition terminal by deciphering the described ID card information obtained.

10. system according to claim 9, is characterized in that,

Described encryption/decryption module is decrypted described cipher-text information in the following manner: adopt second decruption key corresponding with described second encryption key to be decrypted described cipher-text information, obtain described ID card information.

11. systems according to claim 10, is characterized in that, described background server also comprises:

First acquisition module, before sending ID card information reading command in described first preposition terminal to electronic signature equipment, obtains described identity and stores information;

Described 3rd sending module also stores information for sending described identity via the second preposition terminal to described electronic signature equipment.

12. systems according to claim 9, is characterized in that,

Described background server also comprises: the second acquisition module, before sending ID card information reading command in described first preposition terminal to electronic signature equipment, obtains described identity and stores information;

Described encryption/decryption module is also encrypted for adopting the first encryption key to store information to the described identity that described second acquisition module obtains;

Described 3rd sending module is also for sending to described electronic signature equipment via the second preposition terminal by encrypting the described cipher-text information obtained;

Described encryption/decryption module is decrypted described cipher-text information in the following manner: adopt first decruption key corresponding with described first encryption key to be decrypted described cipher-text information, obtain described ID card information.

13. systems according to claim 9, is characterized in that,

Described background server also comprises: the 3rd acquisition module, before sending ID card information reading command in described first preposition terminal to electronic signature equipment, obtains described identity and stores information;

Described encryption/decryption module is also encrypted for adopting the first encryption key to store information to the described identity that described 3rd acquisition module obtains;

Described 3rd sending module is also for sending to described electronic signature equipment via the second preposition terminal by encrypting the enciphered data obtained;

Described encryption/decryption module is decrypted described cipher-text information in the following manner: adopt second decruption key corresponding with described second encryption key to be decrypted described cipher-text information, obtain described enciphered data, recycling first decruption key corresponding with described first encryption key is decrypted described enciphered data, obtains described ID card information.

14., according to claim 11 to the system described in 13 any one, is characterized in that,

The data that described 3rd sending module sends to described electronic signature equipment via described second preposition terminal also comprise except described identity storage information: described background server carries out signature to described ID card information and obtains the first signing messages;

The data that the described electronic signature equipment that described first receiver module receives sends also comprise except described identity card storage information except: described background server is signed to described ID card information and obtained the first signing messages or described electronic signature equipment employing the 3rd encryption key is encrypted the first signing messages ciphertext obtained to described first signing messages;

Described background server also comprises: the first authentication module, for verifying described first signing messages, and after being verified, triggering described encryption/decryption module and being decrypted described cipher-text information; Or, three decruption key corresponding with the 3rd encryption key is adopted to be decrypted described first signing messages ciphertext, verify deciphering the first signing messages obtained, and after being verified, triggering described encryption/decryption module and described cipher-text information is decrypted.

15. systems according to any one of claim 9 to 13, is characterized in that,

Described background server also comprises: the second authentication module, for verifying described first signing messages obtained of signing, and after being verified, triggering described encryption/decryption module and is decrypted described cipher-text information.

16. systems according to any one of claim 9 to 15, is characterized in that,

The data that the described electronic signature equipment that described first receiver module receives sends also comprise except described identity storage information: described electronic signature equipment is signed to described ID card information or described identity storage information and obtained the ciphertext of the second signing messages or described second signing messages;

Described background server also comprises: the 3rd authentication module, for verifying described second signing messages, and is verified the described encryption/decryption module of rear triggering and is decrypted described cipher-text information; Or, the ciphertext of described second signing messages being decrypted, verifying deciphering the second signing messages of obtaining, and be verified the described encryption/decryption module of rear triggering described cipher-text information is decrypted.

17. 1 kinds of resident identification card information authentication systems, is characterized in that, comprising: electronic signature equipment and the ID card information as described in any one of claim 9 to 16 obtain system.