CN-122020736-A - Passport security verification method and system

Abstract

The invention relates to the technical field of identity authentication, in particular to a passport security verification method and a passport security verification system, which are used for collecting handshake messages, splicing to generate negotiation state nodes, counting transfer frequency and introducing attenuation punishment accumulated path cost; and analyzing the length of the global catalog extraction data group and the hash dependency mapping according to the length, calculating the abstract difference group by group after topology dequeuing, judging whether tampering is performed, and outputting a verification result. In the invention, a negotiation state node is constructed by extracting a message anomaly flag and a baud rate, and path accumulation is carried out by combining a penalty coefficient, the passport can dynamically evaluate the state of a radio frequency link in the early interaction stage, effectively resist environmental interference and abnormal message retransmission, simultaneously construct a directed graph data structure based on the byte length of a global file and a hash dependency flag, derive a dequeue sequence of a non-precursor node by using topology logic, drive passport verification to carry out scheduling reading according to internal association, and recognize structural tampering forging for specific data blocks by combining a digest comparison mechanism.

Inventors

• JIANG TAIPING
• LIU LONG
• ZHOU YONG

Assignees

• 深圳市德卡科技股份有限公司

Dates

Publication Date

20260512

Application Date

20260410

Claims (10)

1. 1. A method of passport security verification comprising the steps of: S1, acquiring a handshake protocol message of a passport machine and an electronic passport, and performing position splicing operation on a check bit error flag of the handshake message and the communication baud rate of the passport to generate a negotiation state node; S2, collecting continuously generated negotiation state reference transfer frequency of the negotiation state node, presetting attenuation penalty coefficients, calculating the product of the two, and carrying out path accumulation to obtain a communication path penalty accumulation result; S3, reading the passport global catalog file data according to the communication path punishment accumulation result, extracting the byte length of the passport data group of the independent data group and the hash dependent identification, and generating passport data group structure parameters; S4, constructing a directed graph data structure based on the passport data set structure parameters, taking the byte length of the passport data set as a weight and the hash dependency mark as a directed edge, and executing non-precursor node shift-out calculation on the directed graph data structure to generate a passport data set non-precursor node dequeue sequence; And S5, sequentially reading the independent data sets according to the dequeue sequence of the non-predecessor node of the passport data set, calculating the difference between the abstract of the passport data set and the comparison item of the passport document to obtain the matching deviation of the passport data, judging whether the passport data is tampered, and generating a passport verification result.
2. 2. The passport security verification method according to claim 1, wherein the negotiation state node comprises a handshake message check bit error flag and a passport communication baud rate, the communication path penalty accumulation result is obtained by calculating a negotiation state reference transition frequency and a decay penalty coefficient, the passport data set structure parameters comprise a passport data set byte length and a hash dependent identification, the passport data set no-precursor node dequeue sequence comprises an independent data set and no-precursor node, and the passport verification result is obtained by passport data matching deviation judgment.
3. 3. The passport security verification method according to claim 1, wherein the step of obtaining the negotiation state node comprises: S111, generating interaction data when a user puts the electronic passport into a sensing area of the passport machine, acquiring a handshake protocol message received by a bottom radio frequency communication probe of the passport machine in the sensing area and transmitted between the passport machine and the electronic passport, analyzing a communication protocol data frame in the handshake protocol message, extracting internal bit state information of the communication protocol data frame and separating a handshake message check bit error mark; s112, when a bottom radio frequency communication probe of the passport machine is read to receive a handshake protocol message, generating radio frequency communication frequency band configuration parameters, analyzing the radio frequency communication frequency band configuration parameters, acquiring the passport communication baud rate of the electronic passport in the current interaction process, and carrying out numerical conversion on the passport communication baud rate to acquire a passport communication baud rate value; S113, performing position splicing operation on the error mark of the check bit of the handshake message and the passport communication baud rate value, combining the error mark of the check bit of the handshake message and the passport communication baud rate value into a binary data paragraph sequence, and combining the binary data paragraph sequence with a radio frequency communication probe hardware identification code to generate a negotiation state node.
4. 4. A passport security verification method according to claim 3, wherein the step of obtaining the communication path penalty accumulated result is specifically: S211, acquiring the negotiation state nodes at the current moment and the last moment, determining state transfer characteristics between the nodes according to the two negotiation state nodes, analyzing the state transfer frequency matched with the state transfer characteristics in the passport machine, synchronously acquiring a preset attenuation punishment coefficient, judging whether a handshake message check bit error mark is in an activated state, and extracting error activation state quantity corresponding to the check bit error mark in the activated state; S212, calculating a state correction transition frequency value according to the reference transition frequency and the attenuation penalty coefficient of the negotiation state according to the error activation state quantity and aiming at the condition that the handshake message check bit error flag is in an activation state; S213, acquiring state correction transfer frequency values generated by a plurality of items in the continuous interaction process of the passport machine and the electronic passport to form a parameter set, calculating the sum of all state correction transfer frequency value accumulation in the parameter set, and generating a communication path punishment accumulation result.
5. 5. The method of claim 4, wherein the step of obtaining the passport dataset structure parameters is specifically: S311, comparing the communication path punishment accumulated result with a preset degradation alarm threshold, when the communication path punishment accumulated result is larger than the degradation alarm threshold, issuing a radio frequency connection disconnection control level signal to a radio frequency communication probe through a passport machine and terminating a verification process, and when the communication path punishment accumulated result is smaller than the degradation alarm threshold, generating a communication connection maintenance identification amount; S312, based on the communication connection maintenance identification amount, sending a reading instruction to the electronic passport through the passport machine to obtain passport global catalog file data, extracting configuration information content of each independent data group in the passport from the passport global catalog file data, analyzing the configuration information content and counting the byte length value of the passport data group in the independent data group; and S313, dividing the byte length value of the passport data group into data boundaries of each independent data group in the passport global catalog file data by taking the byte length value of the passport data group as an addressing offset, extracting hash dependency relationship identifiers corresponding to the passport data groups of each independent data group in the passport according to the data boundaries, combining the hash dependency relationship identifiers with the byte length value, and generating passport data group structure parameters.
6. 6. The method of claim 5, wherein the step of obtaining the passport dataset free of precursor node dequeue sequence is specifically: S411, referring to the passport data group structure parameter, constructing a directed graph data structure in a memory of the passport machine, converting each independent data group in the passport data group structure parameter into a corresponding element and mapping the corresponding element into graph structure nodes in the directed graph data structure, and counting the spatial distribution state of all graph structure node objects in the directed graph data structure to obtain a graph structure node mapping distribution value; S412, setting the byte length value of the passport data set as the graph node weight corresponding to the graph structure node aiming at the graph structure node mapping distribution value, setting the graph structure directed edges connecting each graph structure node according to the passport data set hash dependency relationship identification, and establishing directed graph structure association parameters; S413, inputting the directed graph structure association parameters into a topological sorting logic to execute non-precursor node cyclic screening and shifting-out calculation, positioning graph structure nodes with the number equal to zero in the directed graph data structure, and performing shifting-out stripping operation to generate a passport data set non-precursor node dequeue sequence.
7. 7. The method of claim 6, wherein the step of obtaining the passport authentication result is specifically: S511, converting the dequeue sequence of the non-precursor nodes of the passport data set into a probe sequence execution instruction list matched with a bottom probe of the passport machine, sequentially acquiring all independent data sets according to the probe sequence execution instruction list through the passport machine, and extracting the passport data set abstract values of all independent data sets; s512, collecting a passport document comparison item in a preset passport machine synchronous capture passport safety object document, extracting the passport document comparison item and comparing the passport document comparison item with the passport data set abstract value, and counting the condition that a plurality of character element quantity ratios exist in a character sequence according to the difference degree between the passport document comparison item and the passport data set abstract value to obtain the passport data matching deviation rate; And S513, comparing the passport data matching deviation rate with a preset deviation tolerance threshold, confirming that the passport data is tampered if the passport data matching deviation rate is larger than the deviation tolerance threshold, and confirming that the passport data is consistent if the passport data matching deviation rate is smaller than the deviation tolerance threshold, so as to generate a passport verification result.
8. 8. The passport security verification method according to claim 4, wherein for the state correction transition frequency value, the formula is used: ; Wherein, the Representing the state-modifying transition frequency value, Indicating the reference transition frequency of the negotiation state, Representing the a priori confidence of the observation, Representing the historical a priori confidence level, Representing the preset decay penalty factor, Indicating the amount of the false activation state, Representing the environmental dynamic adjustment factor.
9. 9. The passport security verification method of claim 5, wherein the independent data set includes a passport holder text data set, a bearer facial feature data set, and a passport security object data set; The byte length value of the passport data group in the independent data group is specifically extracted from the passport holder text data group, and the starting address and the ending address of the facial feature data group of the holder and the passport security object data group; Calculating an address offset span value between the ending addressing address and the starting addressing address; the address offset span value is determined as the passport dataset byte length value.
10. 10. A passport security verification system according to any one of claims 1-9, wherein the system comprises: The negotiation state generation module collects handshake negotiation messages of the passport machine and the electronic passport, performs position splicing operation on a check bit error mark of the handshake messages and the communication baud rate of the passport, and generates a negotiation state node; The communication path punishment accumulation module is used for collecting the continuously generated negotiation state reference transition frequency of the negotiation state nodes, presetting attenuation punishment coefficients, calculating the product of the two and carrying out path accumulation to obtain a communication path punishment accumulation result; The passport data group structure analysis module reads the passport global catalog file data according to the communication path punishment accumulation result, extracts the byte length and the hash dependent identification of the passport data group of the independent data group and generates passport data group structure parameters; the data set topology construction module is used for constructing a directed graph data structure based on the passport data set structure parameters, taking the byte length of the passport data set as a weight and the hash dependency mark as a directed edge, performing non-precursor node shift-out calculation on the directed graph data structure, and generating a passport data set non-precursor node dequeue sequence; And the passport data integrity verification module sequentially reads the independent data sets according to the dequeue sequence of the non-precursor node of the passport data sets, calculates the difference between the abstract of the passport data sets and the comparison item of the passport document to obtain the passport data matching deviation, judges whether the passport data is tampered, and generates a passport verification result.

Description

Passport security verification method and system Technical Field The invention relates to the technical field of identity authentication, in particular to a passport security verification method and system. Background The technical field of identity authentication relates to acquisition and comparison and authenticity confirmation of individual identity information, and comprises biological feature acquisition such as fingerprint image acquisition and feature point matching, face image acquisition and key point comparison, iris texture acquisition and coding comparison, digital certificate verification and key negotiation process based on certificate information, encryption packaging of identity data in a transmission process, random number generation, message digest calculation and integrity verification and the like. The passport security verification method is a process of verifying the consistency of a certificate and a carrier by reading a basic information data file and a security object document of the carrier in a passport chip in the process of entry and exit inspection, verifying a data signature value according to a preset issuing mechanism public key, generating a random number, sending the random number to the passport chip, calculating a response value by the chip through an internal private key, returning the response value to a verification terminal, and comparing a face image acquired in site with face image characteristic point data stored in the chip point by point. The existing passport verification technology mainly relies on fixed signature verification and image comparison, the static operation mode lacks a dynamic monitoring mechanism for channel fluctuation and handshake message state in the bottom radio frequency communication establishment stage, complex electromagnetic interference and malicious message retransmission are difficult to identify, misrejection and interruption risks are extremely easy to be caused when communication is abnormal, meanwhile, in the face of a plurality of independent data groups in the passport, the traditional reading mode ignores hash dependency relations of data structures in file streams, tampering and forging actions aiming at data blocks with specific structures are difficult to prevent, and hidden hazards exist in overall protection tightness. Disclosure of Invention The invention aims to solve the defects in the prior art and provides a passport security verification method and a passport security verification system. In order to achieve the above purpose, the invention adopts the following technical scheme that the passport security verification method comprises the following steps: S1, acquiring a handshake protocol message of a passport machine and an electronic passport, and performing position splicing operation on a check bit error flag of the handshake message and the communication baud rate of the passport to generate a negotiation state node; S2, collecting continuously generated negotiation state reference transfer frequency of the negotiation state node, presetting attenuation penalty coefficients, calculating the product of the two, and carrying out path accumulation to obtain a communication path penalty accumulation result; S3, reading the passport global catalog file data according to the communication path punishment accumulation result, extracting the byte length of the passport data group of the independent data group and the hash dependent identification, and generating passport data group structure parameters; S4, constructing a directed graph data structure based on the passport data set structure parameters, taking the byte length of the passport data set as a weight and the hash dependency mark as a directed edge, and executing non-precursor node shift-out calculation on the directed graph data structure to generate a passport data set non-precursor node dequeue sequence; And S5, sequentially reading the independent data sets according to the dequeue sequence of the non-predecessor node of the passport data set, calculating the difference between the abstract of the passport data set and the comparison item of the passport document to obtain the matching deviation of the passport data, judging whether the passport data is tampered, and generating a passport verification result. As a further aspect of the present invention, the negotiation state node includes a handshake message check bit error flag and a passport communication baud rate, the communication path punishment accumulated result is obtained by calculating a negotiation state reference transition frequency and a decay punishment coefficient, the passport data group structure parameter includes a passport data group byte length and a hash dependency identifier, the passport data group no-precursor node dequeue sequence includes an independent data group and no-precursor node, and the passport verification result is obtained by judging a passport data matching dev