Identity identifying method and Verification System thereof based on credible labelTechnical field
The present invention relates to cryptography, computer network security, authentication and authorization and network payment field, specifically, relate to a kind of identity identifying method based on credible label and Verification System thereof.
Background technology
Rivest, shamir, adelman is the time slot scrambling of a kind of key. Rivest, shamir, adelman needs two keys: public-key cryptography (publickey) and private cipher key (privatekey). Public-key cryptography and private cipher key are a pair, if data are encrypted with public-key cryptography, only could decipher with corresponding private cipher key; If data are encrypted with private cipher key, then only could decipher with corresponding public-key cryptography. Two different keys are used with deciphering, so this algorithm is called rivest, shamir, adelman because encrypting.
Credible label described in this patent is a kind of limited storage space proposed in number of patent application 2015104548965, and carry anti-tamper and the graphical label of anti-repudiation information, digital label or chip tag, the information carried in this label has carried out signature authentication or encryption by asymmetric encryption techniques method, its form of expression can be Quick Response Code, RFID tag, NFC label, electronic tag, chip tag, sensor tag etc.
Being typically all at present and realize authentication with integrated circuit card (i.e. IC-card), its shortcoming is relatively costly. In order to save cost, Ye You businessman attempts adopting Quick Response Code to replace IC-card, but owing to ordinary two dimensional code has inborn easy forgery feature, the therefore safely and effectively authentication means of a kind of low cost of urgent needs.
It addition, developing rapidly along with ecommerce, various means of payment are arisen at the historic moment. Quick Response Code on-line off-line at present pays very popular. But owing to the congenital safety of Quick Response Code is not enough, make this kind of means of payment have serious potential safety hazard.
Summary of the invention
It is an object of the invention to provide a kind of identity identifying method based on credible label and Verification System thereof, it is intended to solve prior art relatively costly, or the problem of poor stability.
For achieving the above object, the technical scheme that the present invention takes is:
A kind of identity identifying method based on credible label; the identity information of the certified person in credible label has been carried out digital signature protection; wherein; digital signature; also referred to as public key digital signature; refer to the one group of specific symbol or code that are attached in a certain electronic document; it utilizes mathematical method and cryptographic algorithm this electronic document is carried out key message extraction and is encrypted and is formed; for identity and the label originator accreditation to electronic document of identification issuer, and can be used for verifying whether this electronic document is tampered in transmitting procedure or forges by recipient. Digital signing operations detailed process is as follows: signed e-file (claiming electronic message in Electronic Signature Law) is done digital digest with hash algorithm by sender, again digital digest signature private key is done asymmetric encryption, namely digital signature is done, it is the PKI of above signature and e-file original text and signing certificate is added together formation signature result be sent to debit afterwards, treats that debit verifies. After recipient receives data, first by the public key decryptions digital signature of sender, derive digital digest, and e-file original text is done same hash algorithm, obtain a new digital digest, the cryptographic Hash that two are made a summary is carried out results contrast, if result is identical, signature is verified, and otherwise signs invalid.
Preferably, described identity information is payment information.
Preferably, described identity information includes at least: complete identity information; Electronic identifications; The network storage address of identity information; For inquiring about the Query Information of the data base comprising identity information; Complete delegated strategy information; The storage network address of delegated strategy; For inquiring about the Query Information of the data base comprising delegated strategy; Complete accounts information; Account identification; Pay labelling; For inquiring about the one in the Query Information of the digital library comprising accounts information.
Preferably, described credible label has an effective time scope, not at this moment between in scope, the failure of credible label Verification.
Preferably, described credible label can be disposable, and when this credible label is previously used after once, credible label ceases to be in force automatically.
Preferably, after credible label Verification passes through, checking client can show detailed identity information or payment information.
Preferably, described data base can in this locality, it is also possible on the internet.
Present invention also offers a kind of identity authorization system based on credible label, including
Credible label creation system, for generating the credible label of the anti-tamper anti-repudiation with authenticating identity;
Credible label Verification client, for verifying the integrity of the identity information comprised in credible label, and when being verified, shows detailed identity information or payment information, and stores server update the result to identity information;
Identity information storage server, for storing the identity information of certified person and delegated strategy information and making corresponding mandate according to delegated strategy, or storage payment information complete to pay, and after the renewal receiving checking client more new database.
The method have the advantages that
(1) the credible label that the present invention uses has label generator's identity certification, and label comprises the feature of content interpolation-preventing anti-repudiation, thus ensure that the identity information of certified person or the verity of payment information and reliability that comprise in label;
(2) the credible label for authentication or payment of the present invention, at checking client it can be seen that detailed identity information (photo etc. such as certified person) or detailed payment information, thus verifier can be judged more intuitively;
(3) the credible label for authentication or payment of the present invention, detailed identity information, delegated strategy information or payment information can be stored in the webserver, thus reducing the requirement of memory space to credible label, use cost therefore can be reduced further;
(4) the credible label for authentication or payment of the present invention, it is not necessary to possess the CPU for encrypting, therefore lower in cost.
Accompanying drawing explanation
Fig. 1 is the embodiment of the present invention system scenarios structure chart based on the identity authorization system of credible label
Checking client identity process figure in Fig. 2 embodiment of the present invention.
Detailed description of the invention
In order to make objects and advantages of the present invention clearly understand, below in conjunction with embodiment, the present invention is further elaborated. Should be appreciated that specific embodiment described herein is only in order to explain the present invention, is not intended to limit the present invention.
Embodiments providing a kind of identity identifying method based on credible label, the identity information of the certified person in credible label has been carried out digital signature protection, described identity information is payment information. Described identity information includes at least: complete identity information; Electronic identifications; The network storage address of identity information; For inquiring about the Query Information of the data base comprising identity information; Complete delegated strategy information; The storage network address of delegated strategy; For inquiring about the Query Information of the data base comprising delegated strategy; Complete accounts information; Account identification; Pay labelling; For inquiring about the one in the Query Information of the digital library comprising accounts information. Described credible label has an effective time scope, not at this moment between in scope, the failure of credible label Verification. Described credible label can be disposable, and when this credible label is previously used after once, credible label ceases to be in force automatically. After credible label Verification passes through, checking client can show detailed identity information or payment information.
As it is shown in figure 1, the embodiment of the present invention additionally provides a kind of identity authorization system based on credible label, including
Credible label creation system, for generating the credible label of the anti-tamper anti-repudiation with authenticating identity;
Credible label Verification client, for verifying the integrity of the identity information comprised in credible label, and when being verified, shows detailed identity information or payment information, and stores server update the result to identity information;
Identity information storage server, for storing the identity information of certified person and delegated strategy information and making corresponding mandate according to delegated strategy, or storage payment information complete to pay, and after the renewal receiving checking client more new database.
As shown in Figure 2, originally it is embodied as to ensure the identity information of certified person or the true and reliable of payment information, first require that label generator examines the verity of comprised information, then this information is digitally signed protection, therefore, verifier can by verifying that digital signature determines integrity and the verity of identity information or the payment information being verified; Verifier is after the credible label of good authentication, it can be seen that the detailed identification information of the certified person (photo such as authenticatee, height, body weight etc.), or detailed payment information (includes the identity information of beneficiary, dealing money etc.), thus verifier can be judged more intuitively; For the credible label of authentication or payment can replace, with the Query Information of a network storage address or inquiry data base, detailed identification information or the payment information that quantity of information is bigger, after credible label Verification passes through, downloaded by network or database retrieval gets detailed identity information, thus being substantially reduced the requirement of memory space to credible label, thus reducing use cost; Credible label for authentication or payment is that the method adopting digital signature is to ensure integrity and the non-repudiation of the identity information of certified person, therefore, as long as credible label comprises the information needed for checking digital signature, and need not move through embedded CPU etc. and carry out dynamic encryption information
Embodiment
Step one: a detailed member database (including the information such as the essential informations such as member names, height, and the photo of member) is safeguarded in membership club on the server of oneself;
Step 2: membership club is that every member generates the credible two-dimension code that can not distort, and wherein comprises the information such as No. ID of every member and the reference address of data base;
Step 3: when every member arrives club, show the member's Quick Response Code of oneself, the digital signature verifying Quick Response Code can be passed through to determine the integrity of the identity information comprised in Quick Response Code in club foreground, if authentication failed, then authentic membership is insincere;
Step 4: if Quick Response Code is verified, member's detailed identification information that then further the profile of the certified member of comparison and checking client return, if comparison is consistent, then certified member is this club true member, and otherwise authentic membership is insincere.
The above is only the preferred embodiment of the present invention; it should be pointed out that, for those skilled in the art, under the premise without departing from the principles of the invention; can also making some improvements and modifications, these improvements and modifications also should be regarded as protection scope of the present invention.