CN107113613B

Movatterモバイル変換

Info

Publication number: CN107113613B
Application number: CN201680003526.2A
Authority: CN
Inventors: 李又彬
Original assignee: Nationz Technologies Inc
Current assignee: Nationz Technologies Inc
Priority date: 2015-11-03
Filing date: 2016-10-27
Publication date: 2021-06-22
Anticipated expiration: 2036-10-27
Also published as: WO2017076216A1; TWI632798B; CN107113613A; TW201729562A

Abstract

The invention discloses a network real-name authentication server, a mobile terminal, a network real-name authentication system based on an intelligent card and a network real-name authentication method based on the intelligent card. The system comprises: an authentication center which registers identity information of a user and can verify the identity of the user; the mobile terminal supports the Bluetooth function and is provided with an intelligent card and client software; the intelligent card has a hardware ID, supports a Bluetooth function, and is used for storing digital identity information of a user and carrying out digital signature; the client software is used for providing a human-computer interaction interface, acquiring a digital signature of the smart card, receiving transmission information of the smart card and transmitting the information to the server for authentication; and the server is used for receiving the information sent by the client software and sending the received information to the authentication center for identity confirmation and authentication so as to determine whether the user is allowed to use the network service. The invention effectively solves the technical defects of low safety and difficult operation existing in the traditional network real-name authentication at present.

Description

Server, mobile terminal, network real-name authentication system and method

Technical Field

The invention relates to a network real-name authentication technology, in particular to a network real-name authentication server, a mobile terminal, a network real-name authentication system based on a smart card and a network real-name authentication method based on the smart card.

Background

With the rapid spread of the mobile internet, the mobile internet has been deeply inserted into our lives and becomes an indispensable part of our lives. However, with the rapid spread of the mobile internet, various crimes using anonymity of the mobile internet come out endlessly, including, for example, disseminating various rumors, issuing various illegal opinions, stealing information of others, and the like.

In order to solve the disadvantages brought by the mobile internet, the best solution is to implement real-name authentication of the mobile internet. Although some relevant laws and regulations are recently introduced in China to standardize network real-name systems, such as the internet information service management method and the non-operational internet information service filing management method, the traditional mode of checking whether identity card numbers and names are consistent is adopted when the system is implemented to the implementation level. In order to avoid the real-name authentication of the mobile internet, lawless persons can utilize the identity cards and names of other people and even have technical means such as an identity card number generator and the like.

Therefore, how to solve the above problems, improve the reliability of the real-name system authentication of the mobile internet, and find a method for implementing the real-name system authentication of the network, which is high in security, easy to popularize and operate, is a problem to be solved at present.

Disclosure of Invention

The invention provides a system and a method for strong real-name network authentication based on a smart card. The invention can improve the reliability of network real-name authentication.

According to one aspect of the present invention, the present invention provides a network real name authentication system based on a smart card, the system comprising:

an authentication center which registers identity information of the user and can verify the identity of the user;

the mobile terminal supports the Bluetooth function and is provided with the intelligent card and client software;

the intelligent card has a hardware ID, supports a Bluetooth function, and is used for storing digital identity information of a user and carrying out digital signature;

the client software is used for providing a human-computer interaction interface, is connected to the intelligent card through Bluetooth to acquire a digital signature of the intelligent card, receives the digital signature transmitted by the intelligent card and the hardware ID of the intelligent card, and transmits a user name, a password, the digital signature and the hardware ID of the intelligent card to a server for authentication;

and the server is used for receiving the information sent by the client software, sending the received information to the authentication center for identity confirmation, and authenticating according to a user name and a password input by the user under the condition of user identity confirmation so as to determine whether the user is allowed to use the network service.

According to an embodiment of the present invention, the system further includes an access front-end unit, and the access front-end unit is configured to provide network access service and network access control service for the authentication center and the server.

The invention also provides a network real-name authentication server which is used for providing login and value-added services for the user of the mobile terminal,

the network real-name authentication server receives the information sent from the mobile terminal, sends the information to an authentication center for identity confirmation, and authenticates according to a user name and a password input by a user under the condition of user identity confirmation so as to determine whether the user is allowed to use the network service;

the authentication center is registered with the identity information of the user and can verify the identity of the user.

According to one embodiment of the present invention, the mobile terminal supports a bluetooth function, and is installed with:

the intelligent card is provided with a hardware ID, supports a Bluetooth function, and is used for storing the digital identity information of a user and carrying out digital signature;

and the client software is used for providing a human-computer interaction interface, can be connected to the smart card through Bluetooth to acquire the digital signature of the smart card, receives the digital signature transmitted by the smart card and the hardware ID of the smart card, and transmits the user name, the password, the digital signature and the hardware ID to the server.

The invention also provides a mobile terminal, which supports the Bluetooth function and is provided with:

the intelligent card supports the Bluetooth function, stores digital identity information of a user, can perform digital signature and has a unique hardware ID;

and the client software is used for providing a human-computer interaction interface, can be connected to the smart card through Bluetooth to acquire the digital signature of the smart card, receives the digital signature transmitted by the smart card and the hardware ID of the smart card, and transmits the user name, the password, the digital signature and the hardware ID of the smart card to a server for authentication so as to determine whether the user is allowed to use the network service.

The invention also provides a network real-name authentication method based on the intelligent card, wherein the intelligent card is provided with a hardware ID, stores the digital identity information of the user and carries out digital signature; the method comprises the following steps:

logging in a mobile terminal and establishing Bluetooth connection between the intelligent card and client software;

the smart card receives the user name sent by the client software, carries out digital signature on the user name and returns the digital signature and the hardware ID to the client software;

the client software sends the user name, the password, the digital signature and the hardware ID to a server for authentication;

the server sends the user name, the digital signature and the hardware ID to an authentication center registered with user identity information for identity verification;

and in the case of passing the identity verification, the server performs authentication processing on the user to determine whether the user is allowed to use the network service.

According to one embodiment of the invention, after the authentication center receives the information sent by the server, the authentication center verifies the state of the smart card according to the hardware ID and finds out the digital signature public key of the user;

if the state of the intelligent card is normal, the digital signature public key of the user is used for decrypting the digital signature information, otherwise, prompt information is returned to the server, and the information obtained after decryption is compared with the user name;

if the user identity is the same as the server, the user identity is legal, otherwise, the user identity is illegal, and the result is returned to the server.

As described above, in the technical solution of the present invention, the real-name authentication is performed by using the smart card with the bluetooth function, so that technical disadvantages of low security and difficult operation of the conventional real-name authentication at present are effectively solved, and the present invention can be applied to mobile service fields such as mobile banking, mobile securities and mobile electronic commerce, and in particular to real-name authentication of the mobile internet.

Drawings

Fig. 1 is a flowchart of a method of smart card-based network real name authentication according to the present invention.

Fig. 2 is a block diagram of a system for smart card based network real name authentication according to the present invention.

Fig. 3 is a schematic diagram of a system for network real-name authentication based on a smart card according to an embodiment of the present invention.

Fig. 4 is a flowchart of a method for network real-name authentication based on a smart card according to an embodiment of the present invention.

Detailed Description

In order to solve the technical defects of the traditional mobile internet real-name system authentication, the invention provides a network real-name authentication method based on a smart card, which has high safety and is easy to popularize and operate, wherein the smart card is a smart card suitable for a mobile terminal.

Embodiments of the present invention are described in detail below with reference to the accompanying drawings.

As shown in fig. 1, the method comprises the following: the user registers and registers personal information in the authentication center; the authentication center associates the hardware ID of the smart card with the personal information; a user establishes Bluetooth connection between the smart card and client software by using a mobile terminal; the smart card carries out digital signature on the user name sent by the client software and returns the digital signature and the smart card hardware ID to the client software; the client software sends the user name, the password, the digital signature and the hardware ID of the smart card to a server for authentication; the server sends the user name, the digital signature and the hardware ID of the smart card to an authentication center for identity verification; in the case of authentication, the server performs an authentication process on the user to determine whether the user is allowed to use the network service.

As shown in fig. 2, the system includes: the authentication center is used for registering personal information for the user and associating the hardware ID of the intelligent card with the personal information, and is also used for verifying the identity of the user according to the user name, the digital signature and the hardware ID of the intelligent card sent by the server; the intelligent card is used for storing the digital identity card information of the user, can be digitally signed and has a unique hardware ID; the client software is used for enabling a user to input a user name and a password, connecting the user name and the password to the smart card through Bluetooth to acquire a digital signature of the smart card, receiving the digital signature and a hardware ID of the smart card transmitted by the smart card and transmitting the user name, the password, the digital signature and the hardware ID of the smart card to the server; and the server is used for receiving the information sent by the client software, sending the received information to the authentication center for identity confirmation, and authenticating according to the user name and the password input by the user under the condition of user identity confirmation.

An embodiment of the present invention is described in detail below with reference to fig. 3 and 4.

Fig. 3 is a schematic diagram of a network real-name authentication system based on a smart card according to an embodiment of the present invention.

As shown in fig. 3, the network real-name authentication system based on the smart card comprises the following parts:

the intelligent card can be an SIM card or an SD card supporting the Bluetooth function, wherein the SIM card can adopt various packaging forms such as 2FF specification, 3FF specification or 4FF specification and the like and has the telecommunication function; the SD card can adopt various packaging forms such as Standard SD, Mini SD, Micro SD and the like, and has a certain storage space. The smart card is mainly used for storing digital identity card information of a user, can be digitally signed and has a unique hardware ID.

Of course, it should be understood by those skilled in the art that the smart card is not limited to the above-mentioned SIM card or SD card, and any smart card capable of implementing the functions of the present invention is included in the scope of the present invention.

The mobile terminal supporting the bluetooth function, including but not limited to a mobile phone, a PDA, a notebook computer, a tablet computer, etc., is used to provide the bluetooth connection function.

The client software is used for providing a human-computer interaction interface through the mobile terminal, providing login services for users and obtaining related value-added services, such as mobile banking, mobile securities, mobile electronic commerce and social software. In addition, in the user login phase, the client software is also responsible for connecting to the smart card through the Bluetooth function of the mobile phone, so that the digital signature of the user and the hardware ID of the smart card are acquired.

And the authentication center is used for storing personal data of the user, the digital signature public key and the unique ID of the hardware of the smart card. The certificate authority generally provides an independent system for third party authorities, and the function of the certificate authority is to identify digital signature information of users and further determine the identity of the users. In addition, the authentication center can also verify the state of the smart card through the hardware unique ID of the smart card, wherein the state of the smart card comprises unregistered state, normal state, loss report state, forbidden state and the like, and only the smart card in the normal state can be used for digital signature.

And the server is used for providing login and related value-added services for the mobile terminal user, such as mobile banking, mobile security, mobile electronic commerce, social contact and other services. In addition, in the user login stage, the server is responsible for submitting the digital signature and the hardware ID of the smart card of the user to the authentication center so as to confirm the real and legal identity of the user.

The access preposition unit is used for providing network access service and network access control service for the authentication center and the server and is a network service controller.

Before using the system, the user firstly needs to perform real-name authentication on the smart card, namely, personal information is registered in an authentication center, and the smart card and the user information are bound.

The registration of the personal information of the user in the authentication center comprises the registration of the personal information of the user name, the identification number, the sex, the native place, the telephone, the address and the like in the authentication center, and the generation of a digital signature public key and a private key corresponding to the user in the authentication center.

In addition, the binding of the smart card and the user information means that an association relationship is established between the unique hardware ID of the smart card and personal information registered by the authentication center in the authentication center.

When the intelligent card is used, a user inserts the intelligent card into the mobile terminal, then a client software login interface is opened on the mobile terminal through the connection of the Internet, and login information is submitted to the server for authentication. In the process of submitting login information, the client software can be automatically connected to the smart card through the Bluetooth function of the mobile terminal and acquire digital signature information. If the authentication is successful and the user identity is confirmed, the network service is allowed to be used; if the authentication fails, the network service is refused to be provided.

The method comprises the steps of submitting login information, wherein the login information refers to submitting information including a unique hardware ID, a user name, a password and a digital signature of a user of the smart card, the hardware ID of the smart card is used as the user name, and the login information only comprises the hardware ID, the password and the digital signature of the user of the smart card or only comprises the hardware ID of the smart card and the digital signature of the user without other input contents. Since the hardware ID of the smart card cannot be input by the user in an analog manner, it is relatively safe to verify the hardware ID of the smart card and the digital signature of the user alone or to verify the ID, the password and the digital signature of the user of the smart card. In addition, the login information may be plaintext or ciphertext subjected to encryption processing.

The authentication center verifies the state of the smart card, namely the authentication center searches corresponding registration data of the smart card according to the hardware ID of the smart card, if the smart card is registered and the state is displayed to be normal, the authentication is successful, otherwise, if the smart card is not registered or is in the states of loss report or forbidden, the authentication is failed.

In addition, if the smart card is lost or damaged, the smart card can be applied to the authentication center for loss reporting or subsidizing by virtue of the valid certificate of the user.

As shown in fig. 4, the method for the mobile service provider to confirm the identity of the user based on the system includes the following steps:

1) the user registers personal information including personal information such as registered user name, identification number, sex, native place, telephone and address in the authentication center, and generates a digital signature public key and a private key corresponding to the user in the authentication center. In addition, the unique hardware ID of the smart card is associated with personal information registered in the authentication center.

2) And the user inserts the smart card into the mobile terminal, opens client software on the mobile terminal, enters a login interface of the client software, inputs a user name and a password and submits the user name and the password.

3) After the user submits the login information, the client software firstly inquires whether the Bluetooth function of the mobile terminal is opened or not, if not, the client software prompts the user to open the Bluetooth function of the mobile terminal, and if the Bluetooth function is opened, the client software tries to establish Bluetooth connection with the smart card.

4) After the Bluetooth connection between the client software and the smart card is established, the user name acquired in the step 2) is sent to the smart card for digital signature, wherein the smart card uses the signature private key to digitally sign the user name.

5) And the smart card returns the digital signature information generated in the step 4) and the hardware ID of the smart card to the client software of the mobile terminal through a Bluetooth channel.

6) And the client software sends the user name, the password, the digital signature and the hardware ID information of the smart card to a server for authentication.

7) After receiving user login information sent by client software of the mobile terminal, the server firstly sends the digital signature, the user name and the hardware ID information of the smart card to an authentication center.

8) After receiving the information sent by the server, the authentication center verifies the state of the smart card according to the hardware ID of the smart card and finds the digital signature public key of the user, if the state of the smart card is normal, the digital signature public key of the user is used for decrypting the digital signature information, and if not, prompt information is returned to the server. And comparing the decrypted information with the user name, if the decrypted information is the same as the user name, the user identity is legal, otherwise, the user identity is illegal, and returning the result to the server.

9) After receiving the result returned by the authentication center, the server checks the user name and the password received in the step 7), and if the user name and the password are legal and the user identity returned by the authentication center in the step 8) is legal, the authentication is successful. In case the user identity is confirmed, the use of the network service is allowed. And if the authentication fails, the network service is refused to be provided.

As described above, the invention realizes the network real-name authentication by using hardware authentication and encryption, has reliability greatly superior to that of the traditional real-name authentication, and provides more powerful support for purifying the mobile internet environment and standardizing the mobile internet behavior specification.

It should be noted that the above-mentioned embodiments described with reference to the drawings are only intended to illustrate the present invention and not to limit the scope of the present invention, and it should be understood by those skilled in the art that modifications and equivalent substitutions can be made without departing from the spirit and scope of the present invention. Furthermore, unless the context indicates otherwise, words that appear in the singular include the plural and vice versa. Additionally, all or a portion of any embodiment may be utilized with all or a portion of any other embodiment, unless stated otherwise.

Claims

1. A network real-name authentication system based on a smart card, the system comprising:

an authentication center which registers identity information of a user and can verify the identity of the user;

and the server is used for receiving the information sent by the client software, sending the user name, the digital signature and the smart card hardware ID in the received information to the authentication center together for user identity confirmation and smart card state verification, and authenticating according to the user name and the password input by the user under the condition that the user identity confirmation and the smart card state are normal so as to determine whether the user is allowed to use the network service.

2. The system of claim 1, further comprising an access front-end unit configured to provide network access services and network access control services to the authentication center and the server.

3. A network real-name authentication server for providing login and value-added services for a user of a mobile terminal,

the mobile terminal is provided with an intelligent card which is provided with a hardware ID and is used for storing the digital identity information of a user and carrying out digital signature;

the network real-name authentication server receives the information sent from the mobile terminal, sends the user name, the digital signature and the intelligent card hardware ID in the information to an authentication center together for user identity confirmation and intelligent card state verification, and authenticates according to the user name and the password input by the user under the conditions of user identity confirmation and intelligent card state normal so as to determine whether the user is allowed to use the network service;

4. The network real-name authentication server according to claim 3, wherein the smart card supports a bluetooth function, the mobile terminal supports a bluetooth function, and the mobile terminal is further installed with:

5. A mobile terminal, characterized in that the mobile terminal supports a bluetooth function and is installed with:

and the client software is used for providing a human-computer interaction interface, can be connected to the smart card through Bluetooth to acquire the digital signature of the smart card, receives the digital signature transmitted by the smart card and the hardware ID of the smart card, and transmits the user name, the password, the digital signature and the hardware ID of the smart card to a server for authentication and smart card state verification so as to determine whether the user is allowed to use the network service.

6. A network real name authentication method based on a smart card is characterized in that the smart card is provided with a hardware ID, stores digital identity information of a user and carries out digital signature; the method comprises the following steps:

the server sends the user name, the digital signature and the hardware ID to an authentication center registered with user identity information for identity verification and intelligent card state verification;

in the case that the authentication and smart card status verification pass, the server performs an authentication process on the user to determine whether the user is allowed to use the network service.

7. The method according to claim 6, wherein after the certification center receives the information sent by the server, the certification center verifies the state of the smart card according to the hardware ID and finds the digital signature public key of the user;