CN108257319B - USBKEY safe storage cabinet with encryption and decryption functions and application method thereof - Google Patents
USBKEY safe storage cabinet with encryption and decryption functions and application method thereof Download PDFInfo
- Publication number
- CN108257319B CN108257319B CN201810145686.1A CN201810145686A CN108257319B CN 108257319 B CN108257319 B CN 108257319B CN 201810145686 A CN201810145686 A CN 201810145686A CN 108257319 B CN108257319 B CN 108257319B
- Authority
- CN
- China
- Prior art keywords
- unit
- usbkey
- drawer
- storage cabinet
- safe storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000004891 communication Methods 0.000 claims abstract description 30
- 238000013500 data storage Methods 0.000 claims abstract description 8
- 230000002457 bidirectional effect Effects 0.000 claims description 33
- 230000032683 aging Effects 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 15
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 230000002093 peripheral effect Effects 0.000 claims description 6
- 238000012790 confirmation Methods 0.000 claims description 3
- 238000013016 damping Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 3
- 230000009467 reduction Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F17/00—Coin-freed apparatus for hiring articles; Coin-freed facilities or services
- G07F17/10—Coin-freed apparatus for hiring articles; Coin-freed facilities or services for means for safe-keeping of property, left temporarily, e.g. by fastening the property
- G07F17/12—Coin-freed apparatus for hiring articles; Coin-freed facilities or services for means for safe-keeping of property, left temporarily, e.g. by fastening the property comprising lockable containers, e.g. for accepting clothes to be cleaned
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Lock And Its Accessories (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a USBKEY safe storage cabinet device with encryption and decryption functions and an application method thereof, wherein the device comprises a USB-KEY safe storage cabinet and a control server; the USBKEY safe storage cabinet comprises a main control unit, a drawer unit, a safety unit, an information authentication unit, an electronic seal unit, a USBKEY taking and returning unit, a data storage unit and a power supply unit; the USBKEY safe storage cabinet is used for safely storing the USBKEY, performs authentication communication with the control server and completes the taking out and returning of the USBKEY according to the received encryption control instruction; the control server comprises a parameter input unit, a data communication unit, a parameter setting unit and a control logic unit; the control server is used for carrying out authentication communication with the USBKEY safe storage cabinet and sending a control instruction to the USBKEY safe storage cabinet; the drawer unit comprises N drawer subunits, wherein each drawer subunit comprises a CPU module, a drawer mechanical structure and a drawer safety module.
Description
Technical Field
The application relates to the technical field of information security, in particular to a USBKEY safe storage cabinet device with encryption and decryption functions and an application method thereof.
Background
The USBKEY is widely applied to various fields needing auditing as a common key, and takes a core service-cost control service of a power marketing system as an example, and directly relates to the tangential interests of power enterprises and power users, and the security is of great importance. In the process of implementing fee control, the marketing system receives an arrearage list generated by the marketing remote real-time fee control system, corresponding county and urban industry responsibilities audit the arrearage control list information and encrypt and sign the audit data to generate a final trip control list and a trip control electronic work order. The trip control list and the trip control electronic worksheet are sent to the electricity consumption information acquisition system for processing through the unified interface service platform. The audit data of the tripping control list is encrypted and signed by the USBKEY in the business responsibility; at present, the USBKEY used by marketing auditors lacks an effective management method and device, and the USBKEY used by the marketing auditors is not only one but also has the problem of easy confusion, so that the safety and traceability of the cost control operation cannot be ensured, and the USBKEY must be safely and effectively managed to solve the problems.
Disclosure of Invention
In order to solve the problem that the USBKEY in the background technology lacks an effective management method and device and cannot guarantee the safety and traceability of the cost control operation, the application provides a USBKEY safe storage cabinet device with encryption and decryption functions and an application method thereof; according to the device and the method, the USBKEY is orderly stored and managed by arranging the safe storage cabinet with the encryption and decryption functions, and meanwhile, the safety of the USBKEY is improved by establishing a bidirectional authentication mechanism and using ciphertext for data communication, and the USBKEY safe storage cabinet device with the encryption and decryption functions comprises:
the USBKEY safe storage cabinet and the control server;
the USBKEY safe storage cabinet comprises a main control unit, a drawer unit, a safety unit and an information authentication unit; the USBKEY safe storage cabinet is used for safely storing the USBKEY, performs authentication communication with the control server and completes the taking out and returning of the USBKEY according to the received encryption control instruction;
the main control unit is used for receiving a bidirectional authentication request sent by the control server and sending the bidirectional authentication request to the information authentication unit; the main control unit is used for receiving the encrypted control instruction sent by the control server, generating a corresponding operation instruction according to the control instruction, and carrying out data transmission with other units of the USBKEY safe storage cabinet;
the drawer unit comprises N drawer subunits, each of the N drawer subunits comprises a CPU module, a drawer mechanical structure and a drawer safety module, the CPU module is used for receiving encrypted drawer operation instructions sent by the main control unit, and after decryption confirmation is carried out through the drawer safety module, the corresponding drawer execution instructions are processed and then sent to the drawer mechanical structure; the CPU module is used for establishing bidirectional authentication with the main control module through the drawer security module; the CPU module comprises a USB interface, and the USBKEY is fixed in the drawer subunit through being inserted into the USB interface and performs data communication;
the safety unit comprises a cipher chip with a plurality of built-in national cipher algorithms; the security unit is used for decrypting the encryption control instruction received by the main control unit and encrypting each operation instruction generated by the main control unit;
the information authentication unit is used for receiving the bidirectional authentication request transmitted by the main control unit, carrying out security authentication according to the bidirectional authentication request, and sending an authentication result to the main control unit; the information authentication unit is used for generating bidirectional authentication requests between the main control unit and the drawer unit and between the main control unit and the control server according to the main control unit instruction;
the control server comprises a parameter input unit and a data communication unit; the control server is used for carrying out authentication communication with the USBKEY safe storage cabinet and sending a control instruction to the USBKEY safe storage cabinet;
the parameter input unit is used for inputting basic information of an operator and parameters including aging of the USBKEY; the parameter input unit generates a control instruction according to information input by an operator; the basic operator information comprises an operator number and an operator password;
the data communication unit is used for establishing bidirectional authentication with the USBKEY safe storage cabinet; and the data communication unit encrypts the control instruction generated by the parameter input unit and transmits the control instruction to the USBKEY safe storage cabinet.
Further, the USBKEY safe storage cabinet further comprises an electronic seal unit, a USBKEY returning unit, a data storage unit and a power supply unit;
the electronic seal unit comprises a cryptographic chip based on a national seal algorithm and is used for storing the device information of the USBKEY safe storage cabinet, wherein the device information comprises a device unique number and a device purpose;
the power supply unit is used for supplying power to the USBKEY safe storage cabinet and comprises a main power supply AC-DC module and a standby AC-DC module, wherein the two AC-DC modules are mutually isolated;
the data storage unit is used for storing basic information of operators and storing USBKEY information stored in each drawer unit; the USBKEY information comprises a USBKEY number and USBKEY state information;
the USBKEY taking and returning unit is used for judging whether the feedback state of each subunit of the drawer unit is correct according to the operation instruction of the main control unit, and the USBKEY taking and returning unit is used for confirming whether the aging of the USBKEY is abnormal or not and feeding back the abnormal state to the main control unit.
Further, the control server also comprises a parameter setting unit and a control logic unit;
the parameter setting unit is used for setting basic information of an operator and equipment information of the USBKEY safe storage cabinet; the parameter setting unit is used for updating USBKEY information;
the control logic unit is used for setting a preset rule for controlling the drawer unit according to the use state of the drawer unit, the USBKEY verification state and the control instruction.
Further, the drawer mechanical structure of each drawer subunit comprises a drawer shell, an electronic lock, a position sensor, a gear strip, a spring, a movable sleeve and a guide rail; the position sensor is used for sensing whether the drawer shell is closed in place, and the electronic lock is automatically locked when the position sensor senses that the drawer shell is closed in place; the electronic lock is used for unlocking according to a CPU module instruction, when the electronic lock is unlocked, the drawer shell is ejected out through the pretightening force of the spring, and a damping effect is achieved through a speed reduction part consisting of a gear bar, a movable sleeve and a guide rail.
Further, brackets are arranged on two sides of the interior of the drawer shell of each drawer subunit and used for supporting the drawers; the electronic lock is fixed on the inner side of the bottom of the drawer shell; the spring, the gear strip, the movable sleeve and the guide rail are fixed at the bottom of the drawer shell.
Further, the device also comprises a plurality of auxiliary control servers, wherein the auxiliary control servers comprise auxiliary parameter input units, and the auxiliary parameter input units are used for inputting basic information of operators and parameters comprising USBKEY aging; the parameter input unit generates a control instruction according to an operator instruction; the auxiliary control server communicates with the control server and transmits the operator basic information, parameters and control instructions to the control server.
Further, the information authentication unit is used for checking signature information of the USBKEY; if the signature verification is not passed, the signature verification non-passing information is sent to the main control unit.
Furthermore, the data transmission is performed between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems, and in the USBKEY safe storage cabinet by using a ciphertext and MAC mode.
Further, the main control unit comprises a main control CPU, and the CPU module of each drawer subunit comprises a drawer CPU; the main control CPU and each drawer CPU are high-performance serial 32-bit CORTEX-M3 core processors.
The method for carrying out safe storage of the USBKEY comprises the following steps:
after receiving the input command, the control server establishes bidirectional authentication with the USBKEY safe storage cabinet;
after successful authentication, the control server sends an encrypted control instruction to the USBKEY safe storage cabinet, wherein the control instruction comprises basic information of an operator and aging parameters of the USBKEY;
the safety unit of the USBKEY safety storage cabinet decrypts and verifies the encrypted control instruction, and sends the verified control instruction to the main control unit of the USBKEY safety storage cabinet;
the main control unit generates an operation instruction according to the control instruction and sends the operation instruction to the drawer unit;
and the drawer unit fetches and returns the USBKEY according to the operation instruction.
Further, before the main control unit sends the operation instruction to the drawer unit, the method further includes:
and the main control unit establishes bidirectional authentication with the drawer safety module of the drawer unit through the information authentication unit, and performs data transmission after the authentication is passed.
Further, the main control unit queries the feedback state of each drawer subunit of the drawer units at regular time, and uploads an operation log to a control server; the feedback status includes whether the drawer subunit is storing a USBKEY.
Further, the method further comprises:
the auxiliary control server receives the input command, generates an authentication command and sends the authentication command to the control server;
the control server establishes bidirectional authentication with the USBKEY safe storage cabinet according to the received authentication instruction;
after the authentication is passed, the auxiliary control server sends a control instruction generated according to the input instruction to the control server, and the control server encrypts the control instruction.
Further, when the operation instruction is a USB key, the drawer unit opens a corresponding drawer subunit according to the operation instruction, and an operator inserts the USB key into a USB interface of the drawer subunit;
the information authentication unit verifies the signature information of the USBKEY;
the USBKEY taking and returning unit verifies whether the aging of the USBKEY is abnormal or not;
if both the verification passes, closing the corresponding drawer subunit by an operator, wherein the drawer subunit is automatically locked;
if the verification is not passed, the USBKEY safe storage cabinet carries out abnormal reminding.
Furthermore, data transmission is carried out between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems and in the USBKEY safe storage cabinet by using a ciphertext and MAC (media access control) mode; and encrypting and decrypting the data transmission by using a national encryption algorithm.
The beneficial effects of the application are as follows: the application provides a USBKEY safe storage cabinet device with encryption and decryption functions and an application method thereof, wherein the device and the method effectively manage the storage of the USBKEY by arranging the safe storage cabinet with the encryption and decryption functions and a corresponding control server, and simultaneously improve the safety of the USBKEY by establishing a bidirectional authentication mechanism and using ciphertext for data communication; the automatic and positioning management of the USBKEY assets is realized, and the management level of the USBKEY is improved.
Drawings
Exemplary embodiments of the present application may be more completely understood in consideration of the following drawings:
FIG. 1 is a block diagram of a USBKEY secure storage cabinet device with encryption and decryption functions according to an embodiment of the application;
FIG. 2 is a schematic view of a drawer subunit according to an embodiment of the present application;
FIG. 3 is a mechanical block diagram of a drawer subunit according to an embodiment of the present application;
fig. 4 is a flowchart of a method for performing secure storage by using a usb key secure storage cabinet with encryption and decryption functions according to an embodiment of the present application.
Detailed Description
The exemplary embodiments of the present application will now be described with reference to the accompanying drawings, however, the present application may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present application and fully convey the scope of the application to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the application. In the drawings, like elements/components are referred to by like reference numerals.
Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
FIG. 1 is a block diagram of a USBKEY secure storage cabinet device with encryption and decryption functions according to an embodiment of the application; the device orderly stores and manages the USBKEY by arranging the safe storage cabinet with encryption and decryption functions and the corresponding control server, and improves the safety of the USBKEY by establishing a bidirectional authentication mechanism and using ciphertext for data communication; the USBKEY safe storage cabinet device with the encryption and decryption functions comprises:
a USBKEY secure storage cabinet 110 and a control server 120;
the usb key secure storage 110 includes a main control unit 111, a drawer unit 112, a security unit 113, and an information authentication unit 114; the usb key secure storage cabinet 110 is configured to securely store a usb key, where the usb key secure storage cabinet 110 performs authentication communication with the control server 120 and completes taking out and receiving of the usb key according to a received encryption control instruction;
the usb key secure storage 110 is connected to the control server 120, and performs data communication; the communication mode comprises USB data line connection;
the master control unit 111 is configured to receive a bidirectional authentication request sent by the control server 120, and send the bidirectional authentication request to the information authentication unit; the main control unit 111 is configured to receive an encrypted control instruction sent by the control server 120, and generate a corresponding operation instruction according to the control instruction, and perform data transmission with other units of the usb key secure storage cabinet 110;
the drawer unit 112 includes N drawer subunits, as shown in fig. 2, each of the N drawer subunits includes a CPU module 201, a drawer mechanical structure 202, and a drawer security module 203, where the CPU module 201 is configured to receive an encrypted drawer operation instruction sent by the main control unit 111, and send the corresponding drawer execution instruction after decryption confirmation by the drawer security module 203 to the drawer mechanical structure 202; the CPU module 201 is configured to establish bidirectional authentication with the main control module 111 through the drawer security module 203; the CPU module 201 includes a USB interface, and the USB key is fixed in the drawer subunit by plugging with the USB interface and performs data communication;
further, each drawer subunit of the drawer units is connected with the main control unit and performs data communication;
further, the drawer mechanism 202 of each drawer subunit includes a drawer housing, an electronic lock, a position sensor, a gear rack, a spring, a movable sleeve, and a guide rail; the position sensor is used for sensing whether the drawer shell is closed in place, and the electronic lock is automatically locked when the position sensor senses that the drawer shell is closed in place; the electronic lock is used for unlocking according to a CPU module instruction, when the electronic lock is unlocked, the drawer shell is ejected out through the pretightening force of the spring, and a damping effect is achieved through a speed reduction part consisting of a gear bar, a movable sleeve and a guide rail;
further, fig. 3 is a mechanical structure diagram of a drawer subunit, where each drawer subunit can be detached and assembled separately, and two sides of the drawer housing of each drawer subunit are provided with brackets for supporting the drawer; the electronic lock is fixed on the inner side of the bottom of the drawer shell; the spring, the gear strip, the movable sleeve and the guide rail are fixed at the bottom of the drawer shell;
the security unit 113 includes a cryptographic chip with a plurality of cryptographic algorithms built therein; the security unit 113 is configured to decrypt the encrypted control instruction received by the main control unit 111, and encrypt each operation instruction generated by the main control unit 111;
further, the security unit 113 is connected to the main control unit 111 and performs data communication;
the information authentication unit 114 is configured to receive a bidirectional authentication request transmitted by the main control unit 111, perform security authentication according to the bidirectional authentication request, and send an authentication result to the main control unit 111; the information authentication unit 114 is configured to generate a bidirectional authentication request between the main control unit 111 and the drawer unit 112 and between the main control unit 111 and the control server 120 according to an instruction of the main control unit 111.
The further information authentication unit 114 is connected to the main control unit 111 and performs data communication; the information authentication unit 114 is used for checking signature information of the USBKEY; if the verification is not passed, the verification non-passing information is transmitted to the main control unit 111.
Further, the usb key safe storage cabinet 110 further includes an electronic seal unit 115, a usb key retrieving unit 116, a data storage unit 117, and a power supply unit 118;
the electronic seal unit 115 comprises a cryptographic chip based on a national seal algorithm, and the electronic seal unit 115 is used for storing equipment information of the usb key secure storage cabinet 110, wherein the equipment information comprises an equipment unique number and equipment use;
the power supply unit 118 is configured to supply power to the usb key secure storage cabinet 110, where the power supply unit 118 includes a primary power supply AC-DC module and a standby AC-DC module, and the two AC-DC modules are isolated from each other;
the data storage unit 117 is used for storing basic information of an operator and storing USBKEY information stored in each drawer unit 112; the USBKEY information comprises a USBKEY number and USBKEY state information;
the usb key taking and returning unit 116 is configured to determine whether the feedback status of each subunit of the drawer unit 112 is correct according to the operation instruction of the main control unit 111, and the usb key taking and returning unit 116 is configured to confirm whether the aging of the returning usb key is abnormal, and feed back the abnormal status to the main control unit 111.
Further, the electronic seal unit 115, the usb key retrieving unit 116, the data storage unit 117, and the power supply unit 118 are all connected to the main control unit 111 and perform data communication;
the control server 120 includes a parameter entry unit 121 and a data communication unit 122; the control server 120 is configured to perform authentication communication with the usb key secure storage 110 and send a control instruction to the usb key secure storage 110;
the parameter input unit 121 is used for inputting basic information of an operator and parameters including aging of the USBKEY; the parameter input unit 121 generates a control command according to information input by an operator; the basic operator information comprises an operator number and an operator password;
the data communication unit 122 is configured to establish bidirectional authentication with the usb key secure storage 110; the data communication unit 122 encrypts the control command generated by the parameter entry unit 121, and transmits the encrypted control command to the usb key secure storage cabinet 110.
Further, the control server 120 further includes a parameter setting unit 123 and a control logic unit 124;
the parameter setting unit 123 is configured to set basic information of an operator and equipment information of the usb key secure storage cabinet 110; the parameter setting unit 123 is configured to update usb key information;
the control logic unit 124 is configured to set a preset rule for controlling the drawer unit 112 according to the usage status of the drawer unit 112, the USBKEY verification status, and the control instruction.
Further, the device also comprises a plurality of auxiliary control servers, wherein the auxiliary control servers comprise auxiliary parameter input units, and the auxiliary parameter input units are used for inputting basic information of operators and parameters comprising USBKEY aging; the parameter input unit generates a control instruction according to an operator instruction; the secondary control server communicates with the control server 120 and sends the operator basic information, parameters and control instructions to the control server 120.
Further, the ciphertext and MAC are used for data transmission between the usb key secure storage cabinet 110 and the control server 120, between the control server 120 and other peripheral systems, and in the usb key secure storage cabinet 110.
Further, the main control unit 111 includes a main control CPU, and the CPU module of each drawer subunit includes a drawer CPU; the main control CPU and each drawer CPU are high-performance serial 32-bit CORTEX-M3 core processors.
FIG. 4 is a flowchart of a method for performing secure storage by using a USBKEY secure storage cabinet with encryption and decryption functions according to an embodiment of the present application; as shown in fig. 4, the method includes:
step 410, the control server establishes bidirectional authentication with the USBKEY safe storage cabinet after receiving the input command;
step 420, after the authentication is successful, the control server sends an encrypted control instruction to the USBKEY safe storage cabinet, wherein the control instruction comprises basic information of an operator and aging parameters of the USBKEY;
step 430, the security unit of the usb key secure storage cabinet decrypts and verifies the encrypted control instruction, and sends the verified control instruction to the main control unit of the usb key secure storage cabinet;
step 440, the main control unit generates an operation instruction according to the control instruction and sends the operation instruction to the drawer unit;
and 450, the drawer unit fetches and returns the USBKEY according to the operation instruction.
Further, before the main control unit sends the operation instruction to the drawer unit, the method further includes:
and the main control unit establishes bidirectional authentication with the drawer safety module of the drawer unit through the information authentication unit, and performs data transmission after the authentication is passed.
Further, the main control unit queries the feedback state of each drawer subunit of the drawer units at regular time, and uploads an operation log to a control server; the feedback status includes whether the drawer subunit is storing a USBKEY.
Further, the method further comprises:
the auxiliary control server receives the input command, generates an authentication command and sends the authentication command to the control server;
the control server establishes bidirectional authentication with the USBKEY safe storage cabinet according to the received authentication instruction;
after the authentication is passed, the auxiliary control server sends a control instruction generated according to the input instruction to the control server, and the control server encrypts the control instruction.
Further, when the operation instruction is a USB key, the drawer unit opens a corresponding drawer subunit according to the operation instruction, and an operator inserts the USB key into a USB interface of the drawer subunit;
the information authentication unit verifies the signature information of the USBKEY;
the USBKEY taking and returning unit verifies whether the aging of the USBKEY is abnormal or not;
if both the verification passes, closing the corresponding drawer subunit by an operator, wherein the drawer subunit is automatically locked;
if the verification is not passed, the USBKEY safe storage cabinet carries out abnormal reminding.
Furthermore, data transmission is carried out between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems and in the USBKEY safe storage cabinet by using a ciphertext and MAC (media access control) mode; and encrypting and decrypting the data transmission by using a national encryption algorithm.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the disclosure may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Reference to step numbers in this specification is used solely to distinguish between steps and is not intended to limit the time or logical relationship between steps, including the various possible conditions unless the context clearly indicates otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the disclosure and form different embodiments. For example, any of the embodiments claimed in the claims may be used in any combination.
Various component embodiments of the present disclosure may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. The present disclosure may also be implemented as an apparatus or system program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present disclosure may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the disclosure, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The disclosure may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware.
The foregoing is merely a specific embodiment of the disclosure, and it should be noted that it will be apparent to those skilled in the art that various improvements, modifications, and variations can be made without departing from the spirit of the disclosure, and such improvements, modifications, and variations are considered to be within the scope of the application.
Claims (14)
1. The device comprises a USBKEY safe storage cabinet and a control server;
the USBKEY safe storage cabinet comprises a main control unit, a drawer unit, a safety unit and an information authentication unit; the USBKEY safe storage cabinet is used for safely storing the USBKEY, performs authentication communication with the control server and completes the taking out and returning of the USBKEY according to the received encryption control instruction;
the main control unit is used for receiving a bidirectional authentication request sent by the control server and sending the bidirectional authentication request to the information authentication unit; the main control unit is used for receiving the encrypted control instruction sent by the control server, generating a corresponding operation instruction according to the control instruction, and carrying out data transmission with other units of the USBKEY safe storage cabinet;
the drawer unit comprises N drawer subunits, each of the N drawer subunits comprises a CPU module, a drawer mechanical structure and a drawer safety module, the CPU module is used for receiving encrypted drawer operation instructions sent by the main control unit, and after decryption confirmation is carried out through the drawer safety module, the corresponding drawer execution instructions are processed and then sent to the drawer mechanical structure; the CPU module is used for establishing bidirectional authentication with the main control module through the drawer security module; the CPU module comprises a USB interface, and the USBKEY is fixed in the drawer subunit through being inserted into the USB interface and performs data communication; the drawer mechanical structure of each drawer subunit comprises a drawer shell, an electronic lock, a position sensor, a gear bar, a spring, a movable sleeve and a guide rail; the position sensor is used for sensing whether the drawer shell is closed in place, and the electronic lock is automatically locked when the position sensor senses that the drawer shell is closed in place; the electronic lock is used for unlocking according to a CPU module instruction, when the electronic lock is unlocked, the drawer shell is ejected out through the pretightening force of the spring, and a damping effect is achieved through a speed reduction part consisting of a gear bar, a movable sleeve and a guide rail;
the safety unit comprises a cipher chip with a plurality of built-in national cipher algorithms; the security unit is used for decrypting the encryption control instruction received by the main control unit and encrypting each operation instruction generated by the main control unit;
the information authentication unit is used for receiving the bidirectional authentication request transmitted by the main control unit, carrying out security authentication according to the bidirectional authentication request, and sending an authentication result to the main control unit; the information authentication unit is used for generating bidirectional authentication requests between the main control unit and the drawer unit and between the main control unit and the control server according to the main control unit instruction;
the control server comprises a parameter input unit and a data communication unit; the control server is used for carrying out authentication communication with the USBKEY safe storage cabinet and sending a control instruction to the USBKEY safe storage cabinet;
the parameter input unit is used for inputting basic information of an operator and parameters including aging of the USBKEY; the parameter input unit generates a control instruction according to information input by an operator; the basic operator information comprises an operator number and an operator password;
the data communication unit is used for establishing bidirectional authentication with the USBKEY safe storage cabinet; and the data communication unit encrypts the control instruction generated by the parameter input unit and transmits the control instruction to the USBKEY safe storage cabinet.
2. The device according to claim 1, wherein the USBKEY safe storage cabinet further comprises an electronic seal unit, a USBKEY retrieval unit, a data storage unit and a power supply unit;
the electronic seal unit comprises a cryptographic chip based on a national seal algorithm and is used for storing the device information of the USBKEY safe storage cabinet, wherein the device information comprises a device unique number and a device purpose;
the power supply unit is used for supplying power to the USBKEY safe storage cabinet and comprises a main power supply AC-DC module and a standby AC-DC module, wherein the two AC-DC modules are mutually isolated;
the data storage unit is used for storing basic information of operators and storing USBKEY information stored in each drawer unit and operation logs of the USBKEY safe storage cabinet; the USBKEY information comprises a USBKEY number and USBKEY state information;
the USBKEY taking and returning unit is used for judging whether the feedback state of each subunit of the drawer unit is correct according to the operation instruction of the main control unit, and the USBKEY taking and returning unit is used for confirming whether the aging of the USBKEY is abnormal or not and feeding back the abnormal state to the main control unit.
3. The apparatus according to claim 2, wherein: the control server also comprises a parameter setting unit and a control logic unit;
the parameter setting unit is used for setting basic information of an operator and equipment information of the USBKEY safe storage cabinet; the parameter setting unit is used for updating USBKEY information;
the control logic unit is used for setting a preset rule for controlling the drawer unit according to the use state of the drawer unit, the USBKEY verification state and the control instruction.
4. The apparatus according to claim 1, wherein: brackets are arranged on two sides of the interior of the drawer shell of each drawer subunit and used for supporting drawers; the electronic lock is fixed on the inner side of the bottom of the drawer shell; the spring, the gear strip, the movable sleeve and the guide rail are fixed at the bottom of the drawer shell.
5. The apparatus according to claim 1, further comprising a plurality of auxiliary control servers, the auxiliary control servers comprising an auxiliary parameter entry unit for entering operator basic information and parameters including USBKEY aging; the parameter input unit generates a control instruction according to an operator instruction; the auxiliary control server communicates with the control server and transmits the operator basic information, parameters and control instructions to the control server.
6. The apparatus according to claim 1, wherein: the information authentication unit is used for checking signature information of the USBKEY; if the signature verification is not passed, the signature verification non-passing information is sent to the main control unit.
7. The apparatus according to claim 1, wherein: and data transmission is carried out between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems and in the USBKEY safe storage cabinet by using a ciphertext and MAC (media access control) mode.
8. The apparatus according to claim 1, wherein: the main control unit comprises a main control CPU, and the CPU module of each drawer subunit comprises a drawer CPU; the main control CPU and each drawer CPU are high-performance serial 32-bit CORTEX-M3 core processors.
9. A method of using the apparatus of claim 1 for secure storage of a usb key, the method comprising:
after receiving the input command, the control server establishes bidirectional authentication with the USBKEY safe storage cabinet;
after successful authentication, the control server sends an encrypted control instruction to the USBKEY safe storage cabinet, wherein the control instruction comprises basic information of an operator and aging parameters of the USBKEY;
the safety unit of the USBKEY safety storage cabinet decrypts and verifies the encrypted control instruction, and sends the verified control instruction to the main control unit of the USBKEY safety storage cabinet;
the main control unit generates an operation instruction according to the control instruction and sends the operation instruction to the drawer unit;
and the drawer unit fetches and returns the USBKEY according to the operation instruction.
10. The method according to claim 9, wherein: before the main control unit sends the operation instruction to the drawer unit, the method further comprises:
and the main control unit establishes bidirectional authentication with the drawer safety module of the drawer unit through the information authentication unit, and performs data transmission after the authentication is passed.
11. The method according to claim 9, wherein: the main control unit queries the feedback state of each drawer subunit of the drawer unit at regular time and uploads an operation log to the control server; the feedback status includes whether the drawer subunit is storing a USBKEY.
12. The method according to claim 9, wherein the method further comprises:
the auxiliary control server receives the input command, generates an authentication command and sends the authentication command to the control server;
the control server establishes bidirectional authentication with the USBKEY safe storage cabinet according to the received authentication instruction;
after the authentication is passed, the auxiliary control server sends a control instruction generated according to the input instruction to the control server, and the control server encrypts the control instruction.
13. The method according to claim 9, wherein:
when the operation instruction is USBKEY, the drawer unit opens the corresponding drawer subunit according to the operation instruction, and an operator inserts the USBKEY into a USB interface of the drawer subunit;
the information authentication unit verifies the signature information of the USBKEY;
the USBKEY taking and returning unit verifies whether the aging of the USBKEY is abnormal or not;
if both the verification passes, closing the corresponding drawer subunit by an operator, wherein the drawer subunit is automatically locked;
if the verification is not passed, the USBKEY safe storage cabinet carries out abnormal reminding.
14. The method according to claim 9, wherein: the data transmission is carried out between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems and in the USBKEY safe storage cabinet by using a ciphertext and MAC (media access control) mode; and encrypting and decrypting the data transmission by using a national encryption algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810145686.1A CN108257319B (en) | 2018-02-12 | 2018-02-12 | USBKEY safe storage cabinet with encryption and decryption functions and application method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810145686.1A CN108257319B (en) | 2018-02-12 | 2018-02-12 | USBKEY safe storage cabinet with encryption and decryption functions and application method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108257319A CN108257319A (en) | 2018-07-06 |
| CN108257319B true CN108257319B (en) | 2023-10-31 |
Family
ID=62745151
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810145686.1A Active CN108257319B (en) | 2018-02-12 | 2018-02-12 | USBKEY safe storage cabinet with encryption and decryption functions and application method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108257319B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2606201A (en) * | 2021-04-29 | 2022-11-02 | Medication Support Ltd | Lockable cabinet |
Citations (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB8828988D0 (en) * | 1987-12-18 | 1989-01-25 | Pitney Bowes Inc | Document authentication system |
| US4853961A (en) * | 1987-12-18 | 1989-08-01 | Pitney Bowes Inc. | Reliable document authentication system |
| DE10025052A1 (en) * | 2000-05-23 | 2002-01-03 | Kaba Gallenschuetz Gmbh | Turnstile, especially for large functions; has guide element on opposite side of grid rods forming barrier and having door that can be opened to allow people through passage |
| JP2002276222A (en) * | 2001-01-12 | 2002-09-25 | Nippon Telegr & Teleph Corp <Ntt> | Biological information authentication cabinet and locking and unlocking method |
| CN101178802A (en) * | 2006-11-08 | 2008-05-14 | 李东声 | Dynamic password realization method in network bank trading and electronic signing device |
| CN101183456A (en) * | 2007-12-18 | 2008-05-21 | 中国工商银行股份有限公司 | Encryption device, system and method for encryption, identification using the encryption device |
| CN103117853A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Account input and authentication method of safe storing device |
| CN202970174U (en) * | 2012-06-01 | 2013-06-05 | 杭州双华智能家居有限公司 | Remote wake-up smart lock system with low power consumption |
| CN103297413A (en) * | 2012-01-28 | 2013-09-11 | 查平 | Sharable online file secure safe |
| CN104113437A (en) * | 2014-07-12 | 2014-10-22 | 浙商银行股份有限公司 | An account transfer machine remote management method based on dynamic passwords |
| CN105138891A (en) * | 2015-07-30 | 2015-12-09 | 山东超越数控电子有限公司 | USBKey based drive-free encryption and decryption certification communication circuit and method |
| CN106101159A (en) * | 2016-08-27 | 2016-11-09 | 谢志豪 | Dynamic cipher generating method, dynamic cipher authentication method and device |
| CN205713658U (en) * | 2016-03-15 | 2016-11-23 | 江苏群杰软件有限公司 | Seal Internet of Things and intelligent management system |
| CN106683286A (en) * | 2016-12-26 | 2017-05-17 | 上海传英信息技术有限公司 | Intelligent article storage method and intelligent storage system |
| CN106789024A (en) * | 2016-12-30 | 2017-05-31 | 深圳市文鼎创数据科技有限公司 | A kind of remote de-locking method, device and system |
| CN106973056A (en) * | 2017-03-30 | 2017-07-21 | 中国电力科学研究院 | The safety chip and its encryption method of a kind of object-oriented |
| CN206574191U (en) * | 2017-03-17 | 2017-10-20 | 桂林电子科技大学 | A kind of double-encryption device of locker |
| CN107426155A (en) * | 2017-04-17 | 2017-12-01 | 浙江德塔森特数据技术有限公司 | A kind of method for unlocking of integrated cabinet |
| CN107633588A (en) * | 2017-10-24 | 2018-01-26 | 北京金储自动化技术有限公司 | Control method, system, lockset, electronic equipment and readable storage medium storing program for executing |
| CN107672931A (en) * | 2017-09-20 | 2018-02-09 | 深圳怡化电脑股份有限公司 | A kind of cash box, financial self-service equipment and cassette management system |
-
2018
- 2018-02-12 CN CN201810145686.1A patent/CN108257319B/en active Active
Patent Citations (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB8828988D0 (en) * | 1987-12-18 | 1989-01-25 | Pitney Bowes Inc | Document authentication system |
| US4853961A (en) * | 1987-12-18 | 1989-08-01 | Pitney Bowes Inc. | Reliable document authentication system |
| DE10025052A1 (en) * | 2000-05-23 | 2002-01-03 | Kaba Gallenschuetz Gmbh | Turnstile, especially for large functions; has guide element on opposite side of grid rods forming barrier and having door that can be opened to allow people through passage |
| JP2002276222A (en) * | 2001-01-12 | 2002-09-25 | Nippon Telegr & Teleph Corp <Ntt> | Biological information authentication cabinet and locking and unlocking method |
| CN101178802A (en) * | 2006-11-08 | 2008-05-14 | 李东声 | Dynamic password realization method in network bank trading and electronic signing device |
| CN101183456A (en) * | 2007-12-18 | 2008-05-21 | 中国工商银行股份有限公司 | Encryption device, system and method for encryption, identification using the encryption device |
| CN103117853A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Account input and authentication method of safe storing device |
| CN103297413A (en) * | 2012-01-28 | 2013-09-11 | 查平 | Sharable online file secure safe |
| CN202970174U (en) * | 2012-06-01 | 2013-06-05 | 杭州双华智能家居有限公司 | Remote wake-up smart lock system with low power consumption |
| CN104113437A (en) * | 2014-07-12 | 2014-10-22 | 浙商银行股份有限公司 | An account transfer machine remote management method based on dynamic passwords |
| CN105138891A (en) * | 2015-07-30 | 2015-12-09 | 山东超越数控电子有限公司 | USBKey based drive-free encryption and decryption certification communication circuit and method |
| CN205713658U (en) * | 2016-03-15 | 2016-11-23 | 江苏群杰软件有限公司 | Seal Internet of Things and intelligent management system |
| CN106101159A (en) * | 2016-08-27 | 2016-11-09 | 谢志豪 | Dynamic cipher generating method, dynamic cipher authentication method and device |
| CN106683286A (en) * | 2016-12-26 | 2017-05-17 | 上海传英信息技术有限公司 | Intelligent article storage method and intelligent storage system |
| CN106789024A (en) * | 2016-12-30 | 2017-05-31 | 深圳市文鼎创数据科技有限公司 | A kind of remote de-locking method, device and system |
| CN206574191U (en) * | 2017-03-17 | 2017-10-20 | 桂林电子科技大学 | A kind of double-encryption device of locker |
| CN106973056A (en) * | 2017-03-30 | 2017-07-21 | 中国电力科学研究院 | The safety chip and its encryption method of a kind of object-oriented |
| CN107426155A (en) * | 2017-04-17 | 2017-12-01 | 浙江德塔森特数据技术有限公司 | A kind of method for unlocking of integrated cabinet |
| CN107672931A (en) * | 2017-09-20 | 2018-02-09 | 深圳怡化电脑股份有限公司 | A kind of cash box, financial self-service equipment and cassette management system |
| CN107633588A (en) * | 2017-10-24 | 2018-01-26 | 北京金储自动化技术有限公司 | Control method, system, lockset, electronic equipment and readable storage medium storing program for executing |
Non-Patent Citations (1)
| Title |
|---|
| 基于红外热成像技术的配电柜故障监测与诊断;时誉宁;《中国优秀硕士学位论文全文数据库工程科技Ⅱ辑》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108257319A (en) | 2018-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3585023B1 (en) | Data protection method and system | |
| CN102065148A (en) | Memory system access authorizing method based on communication network | |
| CA2766491C (en) | A method and system for securely and automatically downloading a master key in a bank card payment system | |
| US20070179891A1 (en) | Security control method for data transmission process of software protection apparatus and apparatus thereof | |
| EP2267628A2 (en) | Token passing technique for media playback devices | |
| EP3403185A1 (en) | Memory operation encryption | |
| US20110258451A1 (en) | Method for updating mobile terminal software and mobile terminal | |
| CN111104691A (en) | Sensitive information processing method and device, storage medium and equipment | |
| CN103971033A (en) | Digital rights management method for solving problem of illegal copying | |
| CN101771680B (en) | Method for writing data to smart card, system and remote writing-card terminal | |
| CN105740725A (en) | File protection method and system | |
| CN104484584A (en) | Three-dimensional model copyright protection method based on three-dimensional printing device | |
| CN101158998A (en) | Management method and device of DRM licenses | |
| CN107273725B (en) | Data backup method and system for confidential information | |
| CN108257319B (en) | USBKEY safe storage cabinet with encryption and decryption functions and application method thereof | |
| US7975141B2 (en) | Method of sharing bus key and apparatus therefor | |
| CN107743120B (en) | Detachable encrypted test question data transmission system and method | |
| CN106599697A (en) | Method and system for safe upgrade of programs in PCI password card | |
| KR20130085537A (en) | System and method for accessing to encoded files | |
| US20200092096A1 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
| CN104184580A (en) | Network operating method and network operating system | |
| CN103377327A (en) | PHP program protection method and system | |
| KR102055888B1 (en) | Encryption and decryption method for protecting information | |
| US8515080B2 (en) | Method, system, and computer program product for encryption key management in a secure processor vault | |
| JP2011223495A (en) | Information processor and method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |