[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113445858B - Safe deposit box system and processing method thereof - Google Patents

Safe deposit box system and processing method thereof Download PDF

Info

Publication number
CN113445858B
CN113445858B CN202110915194.8A CN202110915194A CN113445858B CN 113445858 B CN113445858 B CN 113445858B CN 202110915194 A CN202110915194 A CN 202110915194A CN 113445858 B CN113445858 B CN 113445858B
Authority
CN
China
Prior art keywords
password
deposit box
safe deposit
user
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110915194.8A
Other languages
Chinese (zh)
Other versions
CN113445858A (en
Inventor
王春锋
王义锦
华润楠
王晨光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110915194.8A priority Critical patent/CN113445858B/en
Publication of CN113445858A publication Critical patent/CN113445858A/en
Application granted granted Critical
Publication of CN113445858B publication Critical patent/CN113445858B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05GSAFES OR STRONG-ROOMS FOR VALUABLES; BANK PROTECTION DEVICES; SAFETY TRANSACTION PARTITIONS
    • E05G1/00Safes or strong-rooms for valuables
    • E05G1/02Details
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B49/00Electric permutation locks; Circuits therefor ; Mechanical aspects of electronic locks; Mechanical keys therefor
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B51/00Operating or controlling locks or other fastening devices by other non-mechanical means
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B65/00Locks or fastenings for special use
    • E05B65/0075Locks or fastenings for special use for safes, strongrooms, vaults, fire-resisting cabinets or the like
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05GSAFES OR STRONG-ROOMS FOR VALUABLES; BANK PROTECTION DEVICES; SAFETY TRANSACTION PARTITIONS
    • E05G1/00Safes or strong-rooms for valuables
    • E05G1/10Safes or strong-rooms for valuables with alarm, signal or indicator
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The disclosure provides a safe deposit box system and a processing method thereof, which are applied to the fields of Internet of things or finance and the like. The safe deposit box system comprises: at least one safe deposit box arranged in the first isolation space; the entrance guard is configured in the second isolation space and can respond to the opening of the entrance guard to open the second isolation space, and the second isolation space comprises the first isolation space; the authentication equipment is configured to authenticate the user to obtain an authentication result, and the authentication result represents the relationship between the user and the user corresponding to the target safe deposit box in the at least one safe deposit box; and the mechanical arm is configured to transfer the target safe deposit box from the first isolation space to the second isolation space when the authentication result is that the matching is successful, so that a user can operate the target safe deposit box.

Description

Safe deposit box system and processing method thereof
Technical Field
The disclosure relates to the technical field of internet of things and finance, in particular to a safe deposit box system and a processing method thereof.
Background
With the continuous development of socio-economy, more and more users deposit valuables into the safe deposit box of a financial institution. In the related art, a safe deposit box system may be a safe deposit box with a plurality of independent spaces separated from an overall safe deposit box, each safe deposit box is provided with a separate key, adjacent safe deposit boxes share part of the box wall, a removable safe deposit box is provided in each safe deposit box, and a customer places articles in the safe deposit boxes after depositing the articles in the safe deposit boxes.
In carrying out the disclosed concept, the applicant has found that there are at least the following problems in the related art. When a plurality of users need to use adjacent safe deposit boxes, the problems of poor privacy, low operation convenience and the like exist.
Disclosure of Invention
In view of the above, the present disclosure provides a safe deposit box system for improving user privacy security and improving convenience of using the safe deposit box, and a processing method thereof.
One aspect of the present disclosure provides a safe deposit box system, which may include: at least one safe deposit box arranged in the first isolation space; the entrance guard is configured in the second isolation space and can respond to the opening of the entrance guard to open the second isolation space, and the second isolation space comprises the first isolation space; the authentication equipment is configured to authenticate the user to obtain an authentication result, and the authentication result represents the relationship between the user and the user corresponding to the target safe deposit box in the at least one safe deposit box; and the mechanical arm is configured to transfer the target safe deposit box from the first isolation space to the second isolation space when the authentication result is that the matching is successful, so that a user can operate the target safe deposit box.
According to an embodiment of the present disclosure, an authentication apparatus includes: the biometric authentication equipment is configured to authenticate the user based on the acquired biometric features to obtain a first authentication result, and the authentication result represents the relationship between the user and the user corresponding to the at least one safe deposit box; and the password authentication system is configured to authenticate the user based on the user password input by the user when the first authentication result is that the matching is successful, so as to obtain a second authentication result, and the second authentication result represents the relationship between the user and the user corresponding to the target safe deposit box.
According to the embodiment of the disclosure, the password authentication system is in communication connection with the encryption service platform; and the password authentication system is configured to encrypt the user password by using the first secret key to obtain a password ciphertext, and send the password ciphertext to the encryption service platform for retention and verification to obtain a second authentication result, wherein the first secret key is generated based on the second secret key which can be updated.
According to an embodiment of the present disclosure, a biometric authentication apparatus includes a camera configured to acquire a face image of a user to perform face recognition based on the face image.
According to an embodiment of the present disclosure, the safe has a key and a safe lock paired so that a user performs an opening operation or a locking operation using the key and the safe lock.
Another aspect of the present disclosure provides a processing method for a safe deposit box system as shown above, the method comprising: responding to the opening of the access control operation, and opening the second isolation space to enable a user to enter the second isolation space; authenticating the user entering the second isolation space to obtain an authentication result, wherein the authentication result represents the relationship between the user and the user corresponding to the target safe deposit box in at least one safe deposit box; and in response to the authentication result being that the matching is successful, transferring the target safe deposit box from the first isolation space to the second isolation space so that the user can operate the target safe deposit box.
According to an embodiment of the present disclosure, authenticating a user entering the second isolated space includes: authenticating the user based on the acquired biological characteristics to obtain a first authentication result, wherein the authentication result represents the relationship between the user and the user corresponding to at least one safe deposit box; and when the first authentication result is that the matching is successful, authenticating the user based on the user password input by the user to obtain a second authentication result, wherein the second authentication result represents the relationship between the user and the user corresponding to the target safe deposit box.
According to the embodiment of the disclosure, the safe deposit box system comprises a password authentication system, wherein the password authentication system comprises a password authentication terminal and a password authentication server terminal; authenticating the user based on the user password input by the user, and obtaining a second authentication result comprises: the password authentication terminal encrypts a user password by using a first secret key to obtain a password ciphertext; the password authentication terminal sends the password ciphertext, the safe deposit box number and the first secret key to a password authentication server side to obtain a password storage ciphertext and generate a password envelope; the password authentication terminal responds to the password envelope from the password authentication server terminal and sends the password envelope, the safe deposit box number and the password storage ciphertext to the password authentication server terminal; and the password authentication server stores the password envelope, the safe deposit box number and the password storage ciphertext, verifies the password storage ciphertext and returns an authentication result.
According to the embodiment of the present disclosure, authenticating the user based on the user password input by the user, and obtaining the second authentication result further includes: after the password authentication terminal sends the password ciphertext, the safe deposit box number and the first secret key to the password authentication server side, the password authentication server side generates a check value result; sending the check value result and the authentication result to a password authentication terminal; and the password authentication terminal performs integrity verification on the message comprising the verification value result and the authentication result based on the verification secret key.
According to the embodiment of the disclosure, the check key is generated based on the public key plaintext string from the password authentication terminal and the random check key in a one-time pad manner.
According to the embodiment of the present disclosure, the first secret key is generated based on a second secret key issued by an encryption service platform, and the second secret key is updated when an update condition is satisfied, where the update condition includes: and at least one of an updating period, manual triggering and password authentication terminal power-on is achieved.
According to the embodiment of the disclosure, the safe deposit box has a corresponding safe deposit box number and a corresponding safe deposit box state; the target safe deposit box is determined by the following method: when the authentication result is that the matching is successful, determining a safe deposit box number corresponding to the user; acquiring a safe deposit box state corresponding to the safe deposit box number; and displaying the safe deposit box numbers corresponding to the users and the corresponding safe deposit box states so that the users can select target safe deposit box numbers from the safe deposit box numbers corresponding to the users.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the above method when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as above when executed.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an exemplary system architecture to which a safe deposit box system and processing method thereof may be applied, according to an embodiment of the disclosure;
FIG. 2 schematically illustrates a block diagram of a safe deposit box system according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a spatial configuration diagram of a safe deposit box system according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a schematic diagram of a safe deposit box system and a data center according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart of a method of processing a safe deposit box system according to an embodiment of the present disclosure;
FIG. 6 schematically illustrates a flow chart of a method of authenticating a user based on a user password entered by the user, in accordance with an embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow chart of a method of performing an integrity check in accordance with an embodiment of the present disclosure;
FIG. 8 schematically illustrates a data flow diagram of a method of processing a safe deposit box system according to an embodiment of the present disclosure;
FIG. 9 schematically illustrates a flow chart of a method of determining a target safe deposit box according to an embodiment of the present disclosure; and
FIG. 10 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B, and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, and C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). The terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more features.
The application safe deposit box system and the processing method thereof provided by the embodiment of the disclosure can be used in the related aspects of the safe deposit box in the field of the internet of things, and can also be used in various fields except the field of the internet of things, such as the financial field.
Fig. 1 schematically illustrates an exemplary system architecture to which a safe deposit box system and a processing method thereof may be applied according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and servers 105, 106, 107. The network 104 may include a plurality of gateways, routers, hubs, network wires, etc. to provide a medium of communication links between the terminal devices 101, 102, 103 and the servers 105, 106, 107. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user can use the terminal devices 101, 102, 103 to interact with other terminal devices and servers 105, 106, 107 via the network 104 to receive or transmit information and the like, such as a transmission request and a reception processing result. The terminal devices 101, 102, 103 may be installed with various communication client applications, such as applications like a safe deposit box, asset management, software development, banking, government, monitoring, web browser, search, office, instant messaging, mailbox, social platform software, etc. (just examples). For example, the user may use the terminal device for model download, model training, and processing of a safe deposit box, etc.
The terminal devices 101, 102, 103 include, but are not limited to, a safe deposit box, a cryptographic keyboard, a smart phone, a virtual reality device, an augmented reality device, a tablet, a laptop, a desktop, and the like.
The servers 105, 106, and 107 may receive the request and process the request, and may specifically be a storage server, a backend management server, a server cluster, and the like. For example, the server 105 may verify the received user password. For example, server 106 may obtain and store data such as a cryptographic ciphertext. For example, the server 107 may provide a face recognition authentication service.
It should be noted that the method for processing a safe box provided by the embodiments of the present disclosure may be generally executed by the terminal devices 101, 102, 103 or the servers 105, 106, 107.
It should be understood that the number of terminal devices, networks, and servers is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
FIG. 2 schematically illustrates a block diagram of a safe deposit box system according to an embodiment of the disclosure. The method of processing a safe deposit box is performed by the safe deposit box. Fig. 3 schematically illustrates a spatial structure diagram of a safe deposit box system according to an embodiment of the present disclosure.
As shown in fig. 2 and 3, the safe deposit box system 200 may include: at least one safe deposit box 201, a door access 202, an authentication device 203 and a robotic arm 204.
Wherein the safe deposit box 201 is arranged in the first insulation space 206.
The door 202 is disposed in the second isolated space 205, and is capable of opening the second isolated space 205 in response to an opening of the door, and the second isolated space 205 includes the first isolated space 206. The access control 202 can be controlled by means of card swiping, bluetooth pairing, biometric authentication and the like, and if the pairing or the authentication is successful, the access control can be opened.
The authentication device 203 is configured to authenticate the user, resulting in an authentication result, which characterizes a relationship between the user and a user corresponding to a target safe deposit box of the at least one safe deposit box. The authentication device 203 may have multiple authentication functions, such as: at least one of biometric authentication, living body detection, face recognition, fingerprint recognition, pupil recognition and the like. In addition, the authentication can be performed by combining authentication modes such as password authentication, short message authentication and the like.
The robotic arm 204 is configured to transfer the target safe deposit box from the first isolated space to the second isolated space for the user to operate the target safe deposit box when the authentication result is a successful match. Specifically, the robot arm 204 may have a power part, a connecting arm, a pickup part, and the like. The safe that needs to be picked up may have a safe code and be placed in a designated spatial location. The robotic arm 204 may pick the target safe based on the spatial location corresponding to the target safe code.
The dependence on hardware is exemplified.
Safe deposit box dedicated card reader: the door is used for opening the access door of the viewing room.
Binocular live body detection hardware module: after the user enters the watching room, the living body detection and the face recognition are carried out through the module.
Hardware password keyboard: and returning the box number after the face recognition is successful, and inputting a safe deposit box password through the module after the safe deposit box is selected.
Mechanical lock (with double key): after the box body is conveyed by the mechanical arm, the box body is opened by a key.
In some embodiments, the authentication device comprises: a biometric authentication device and a cryptographic authentication system.
The biological characteristic authentication device is configured to authenticate the user based on the acquired biological characteristics, and a first authentication result is obtained, wherein the authentication result represents the relationship between the user and the user corresponding to the at least one safe deposit box. Among these, biological characteristics include, but are not limited to: at least one of face features, fingerprint features, pupil features, gait features or vein image features.
And the password authentication system is configured to authenticate the user based on the user password input by the user when the first authentication result is that the matching is successful, and obtain a second authentication result, wherein the second authentication result represents the relationship between the user and the user corresponding to the target safe deposit box. The user password may be a password input by the user using a password keyboard or the like. Before the password is transmitted, encryption processing can be carried out to improve property safety degree and privacy information safety degree. The key used for encryption processing may be updated according to a preset rule, for example, once a day, so as to further improve the security of the user password.
In some embodiments, the biometric authentication device includes a camera configured to capture a facial image of the user for face recognition based on the facial image. For example, a face image of a user may be acquired through a camera, and then the face image is transmitted to a server side for face recognition, or the face recognition may be performed locally.
In some embodiments, the cryptographic authentication system is communicatively coupled to the cryptographic service platform.
Accordingly, the password authentication system is configured to encrypt the user password by using the first secret key to obtain a password ciphertext, and send the password ciphertext to the encryption service platform for retention and verification to obtain a second authentication result, wherein the first secret key is generated based on the second secret key which can be updated.
FIG. 4 schematically illustrates a schematic diagram of a safe deposit box system and a data center according to an embodiment of the disclosure.
As shown in fig. 4, the information interaction interface between the service end of the safe deposit box system and the safe deposit box device includes, but is not limited to, at least one of the following.
And requesting the mac service, wherein the service provides a mac key, and provides pre-mac key support for performing mac value calculation on request data (reqdata) and performing mac value verification on resource data (resdata) when other services are called. The mac key needs to be encrypted in advance, and the key is updated when the safe box is restarted.
And the service is used for providing equipment time and service time for synchronization, and is called when the equipment is started.
The equipment password keyboard key updating service adopts a one-day-one-password mode.
The special card (such as a special chip IC card) verifies the service and swipes the card to enter the object watching room.
The biological feature recognition and verification service performs base64 coding on the biological features (such as human face information) acquired through the acquisition interface and can transmit the biological features to peripheral applications for biological feature recognition. It should be noted that, in a scene in which the biometric feature is a face feature, the coordinate value of the face information may be cut off.
And in the case opening and password checking service, the full-automatic safe deposit box equipment needs to use the safe deposit box number as a primary account number to perform encryption operation when encrypting. Specifically, a user password input by the user can be sent to the data through the password authentication terminal for password verification.
The mechanical arm can take and send the safe deposit box according to the safe deposit box information, such as the number of the safe deposit box, the position of the safe deposit box and the like.
In addition, when the safe deposit box state is changed, state prompt information can be sent to the terminal equipment of the user, for example, the safe deposit box state is sent to the user in a short message mode.
In some embodiments, the safe has a key and safe lock paired so that the user can use the key and safe lock to perform an opening operation or a locking operation. After the safe deposit box ordered by the user is transferred from the first isolated space to the second isolated space, the user can open the safe deposit box using the safe deposit box key and operate on the articles in the safe deposit box. The safe deposit box can also be locked after the operation is finished by using the safe deposit box key. In addition, the safe deposit box can be put back into the first isolated space through the mechanical arm.
In the embodiment of the disclosure, in the process of the unpacking transaction, a client is required to verify the identity authenticity of the client through a special card, face recognition and a safe deposit box password, and the F-SBMS safe deposit box service application is responsible for providing professional card inquiry, face recognition and safe deposit box password verification online service, wherein the face recognition online service is client face feature comparison online service for packaging F-ECIS enterprise-level client information, and the unpacking transaction state sends a short message prompt to the client by calling an F-UMSP notification message interface.
The present disclosure also provides a processing method for a safe deposit box system as shown above.
FIG. 5 schematically illustrates a flow chart of a method of processing a safe deposit box system according to an embodiment of the disclosure.
As shown in fig. 5, the processing method may include operations S510 to S530.
In operation S510, in response to the opening of the door access operation, the second isolation space is opened so that the user can enter the second isolation space.
In operation S520, the user entering the second isolation space is authenticated to obtain an authentication result, where the authentication result represents a relationship between the user and a user corresponding to the target safe deposit box in the at least one safe deposit box.
For example, authenticating a user entering the second isolated space may include the following operations.
Firstly, the user is authenticated based on the acquired biological characteristics to obtain a first authentication result, and the authentication result represents the relationship between the user and the user corresponding to at least one safe deposit box.
And then, when the first authentication result is that the matching is successful, authenticating the user based on the user password input by the user to obtain a second authentication result, wherein the second authentication result represents the relationship between the user and the user corresponding to the target safe deposit box.
In operation S530, in response to the authentication result being that the matching is successful, the target safe deposit box is transferred from the first isolation space to the second isolation space so that the user operates the target safe deposit box.
Specifically, the contents of the relevant parts of the hardware devices, interfaces, and the like corresponding to the above operations may be referred to, and are not described herein again.
In some embodiments, the safe deposit box system can comprise a password authentication system, and the password authentication system comprises a password authentication terminal and a password authentication server terminal.
Fig. 6 schematically illustrates a flow chart of a method of authenticating a user based on a user password input by the user according to an embodiment of the present disclosure.
As shown in fig. 6, authenticating the user based on the user password input by the user, and obtaining the second authentication result may include operations S601 to S604.
In operation S601, the password authentication terminal encrypts the user password by using the first key to obtain a password ciphertext. The first secret key may be referred to as a work secret key, and is used to encrypt the user password input by the user, so that the encrypted user password is transmitted to the server side for verification.
In operation S602, the password authentication terminal sends the password ciphertext, the safe deposit box number, and the first secret key to the password authentication server, so as to obtain a password storage ciphertext and generate a password envelope.
In operation S603, the password authentication terminal transmits the password envelope, the safe deposit box number, and the password storage ciphertext to the password authentication server side in response to the password envelope from the password authentication server side.
In operation S604, the password authentication server stores the password envelope, the safe deposit box number, and the password storage ciphertext, verifies the password storage ciphertext, and returns an authentication result.
In some embodiments, the first secret key is generated based on a second secret key issued by the encryption service platform, and the second secret key is updated when an update condition is satisfied, where the update condition includes: and at least one of an updating period, manual triggering and password authentication terminal power-on is achieved.
Through the operation, the password can be stored and verified, and the security of the user password is improved.
In some embodiments, in order to prevent intermediate attacks and the like from threatening the user password, integrity verification can be performed on the received message.
Fig. 7 schematically illustrates a flow chart of a method of performing an integrity check in accordance with an embodiment of the present disclosure.
As shown in fig. 7, the authenticating the user based on the user password input by the user to obtain the second authentication result may include operations related to fig. 6, and operations S701 to S703 after the password authentication terminal sends the password ciphertext, the safe deposit box number, and the first secret key to the password authentication server.
In operation S701, the password authentication server generates a check value result. The check value may be a mac value.
In operation S702, the check value result and the authentication result are transmitted to the password authentication terminal.
In operation S703, the password authentication terminal performs integrity verification on the message including the verification value result and the authentication result based on the verification key.
FIG. 8 schematically illustrates a data flow diagram of a processing method of a safe deposit box system according to an embodiment of the present disclosure.
As shown in fig. 8, a one-day privacy/privacy verification scheme for an SMBS safe is shown.
Specifically, step 1 to step 9 may be included.
Step 1, initialization setting: the safe deposit box device injects an initialization main key 1 (SM 4 symmetric key), and the safe deposit box applies and stores the main key 1 in the encryption machine format and a KCV check value; when the safe deposit box equipment is restarted or is timed every morning, the main key and the working key of the password keyboard are updated, the main key 1 in the next day is the main key 2 in the previous day, when the irresistible analysis error occurs in the whole set of key updating mechanism, the updating process of the main key 1 is recovered and initialized, and the safe deposit box manufacturer supports the national cryptographic algorithm.
It should be noted that the initialization master key is performed according to channels, the low cabinet and the safe are separately provided, and when the key is updated, it is possible to distinguish which channel the initialization master key is in. Taking a bank as an example, all low-counter channels of the bank can use the same initial master key.
Step 2, the equipment sends a work key request to the full-automatic safe deposit box system: when the safe deposit box equipment is restarted or is timed every morning, the safe deposit box equipment password keyboard calculates a KCV check value for the main secret key 1 by using an SM4 algorithm, the equipment number and the KCV check value are sent to the full-automatic safe deposit box system, the full-automatic safe deposit box system acquires the KCV check value corresponding to the main secret key 1 through the equipment number and then carries out KCV verification (SMBS application self realization), and after the verification is passed, the full-automatic safe deposit box system calls an encryption service platform HSM interface to request a working secret key. Refer to operations 1 to 6 in fig. 8.
Step 3, the full-automatic safe deposit box system requests a work key from the HSM: the full-automatic safe deposit box system makes two key requests to the HSM encryption service platform.
Step 3 may include two scenarios: the first scenario is as follows: first request to update master key [ KeyManagement type generateSM4key ("KEK", smMKey) method ]: uploading a master key 1 (smMKey) in an encryption machine format, and sequentially issuing a master key 2 ciphertext obtained by encrypting the master key 1, a KCV of the master key 2 and a master key 2 in the encryption machine format by the HSM; the ciphertext of the main key 2 and the KCV of the main key 2 are issued to the equipment by the full-automatic safe deposit box system, and the KCV of the main key 2 and the main key 2 in the encryption format are stored in the full-automatic safe deposit box system.
In the second scenario, a second request is made to update the working key [ key management type generateSM4key ("PIK", sm4 WKey) method ]: uploading a master key 2 (sm 4 WKey) in an encryptor format, and the HSM sequentially issues a work key ciphertext obtained by encrypting the master key 2, a KCV of the work key and the work key in the encryptor format; the work key ciphertext and the KCV of the work key are issued to the equipment by the full-automatic safe deposit box system, and the KCV of the work key and the work key in the encryption machine format are stored in the full-automatic safe deposit box system.
Step 4, the device side decrypts the master key and the working key: the device decrypts the ciphertext of the main key 2 by using the main key 1, fails to decrypt, and initiates a secondary key updating request to the full-automatic safe deposit box system; and successfully decrypting to obtain the master key 2, and decrypting the work key ciphertext by using the master key 2 to obtain the work key plaintext.
Step 5, opening the box for transaction: the method comprises the steps that a customer conducts unpacking transaction through full-automatic safe deposit box equipment, the safe deposit box enters a viewing room after a professional card of the safe deposit box passes the checking, after face recognition passes, the safe deposit box of the customer is displayed on an operation table, after the customer selects the safe deposit box needing to be operated, secret verification of a safe deposit box password is conducted, the customer enters the safe deposit box password into the operation table of the safe deposit box equipment, the equipment encrypts the working secret key, the safe deposit box number and the safe deposit box password according to the UnionPay standard and with the format of a main account number ANSIX9.8 to obtain a password ciphertext, and the password ciphertext is transmitted to the full-automatic safe deposit box system.
Step 6, a secret keeping process: a customer inputs a safe deposit box password through a low cabinet terminal, and a working secret key, a safe deposit box number and the safe deposit box password for the low cabinet are encrypted according to the Unionpay standard with a primary account number ANSIX9.8 format to obtain a password ciphertext, and then the password ciphertext is transmitted to the full-automatic safe deposit box system. The full-automatic safe deposit box system calls HSM service and uploads working key sm4WKey, password cryptograph Pinblock and safe deposit box number card in encryption machine format to obtain a national secret code envelope (XXXXXfeature type isopEnvlPTR (DESPIK, pinblock, card no, 0)) method, then sends the national secret code envelope and safe deposit box number card no to carry out the secret keeping to obtain a storage cryptograph XXXX (Pinblock Factomy. GetInstance (enope) is firstly adjusted to return Pinblock type example pb-, then adjusted to Offset Factory. GetInstance (null, card no) to return Offset type example Offset-, and finally adjusts XXXoffset type gene (pb) by using Offset example and uploads pb example object. Refer to operation 7 in fig. 8 and the associated operation in the fully automatic safe deposit box management system.
Step 7, secret verification process: the full-automatic safe deposit box system calls HSM service and uploads a working key sm4WKey, a password ciphertext Pinblock and a safe deposit box number cardno in an encryption machine format to obtain a national password envelope [ XXXXfeature type isopEnvlPTR (DESPIK, pinblock, cardno, 0) ] method, then the national password envelope, the safe deposit box number cardno and a storage ciphertext Offset XXXXXXXXX stored in the automatic safe deposit box system are sent to carry out password check [ first adjust Pinblock force. Refer to operations 10-13 in fig. 8.
And 8, returning a secret checking result to the full-automatic safe deposit box system by the encryption service platform, and transferring the full-automatic safe deposit box system to safe deposit box equipment. Refer to operation 14 in fig. 8.
Step 9, integrity calculation/verification: the equipment server side uses an HSM soft encryption SDK to send a macKey key and data to be calculated srcData to generate a check value Mac, and uses a Mac version adjusting method to send the macKey and the data to be calculated srcData to check whether the message integrity is successful or not. The full-automatic safe deposit box system uses HSM hardware SDK to transfer a macKey and data to be calculated srcData to generate a check value mac, and transfers the macKey and the data to be calculated srcData to check whether the message integrity is successful or not. Refer to operations 8, 9, and 14 in fig. 8.
In some embodiments, the check key is generated by using a one-time pad method, and the check key is generated based on a public key plaintext string from the cryptographic authentication terminal and a random check key.
For example, update SBMS side and device service side mac integrity computation mechanism: the method comprises the steps that a one-time pad mode is adopted, a device server side requests a Mac key from an SBMS (system management system) for receiving and sending messages of two parties, the device side generates an SM2 public and private key and sends a public key plaintext string to an SBMS side, and the SBMS encrypts a random Mac key by using a public key to obtain a Mac key ciphertext and an encryption machine format Mac key; the Mac key ciphertext is issued to the equipment server side, and the equipment server side decrypts the Mac key ciphertext by using the SM2 private key and then performs message integrity calculation; and the encryption machine format mac key cache SBMS side performs message integrity calculation.
In some embodiments, the safe deposit box has a corresponding safe deposit box number and safe deposit box status.
FIG. 9 schematically illustrates a flow chart of a method of determining a target safe deposit box according to an embodiment of the disclosure.
As shown in fig. 9, when the authentication result is a successful match, the target safe deposit box may be determined through operations S901 to S903.
In operation S901, a safe deposit box number corresponding to a user is determined.
In operation S902, a safe box state corresponding to the safe box number is acquired. For example, safe deposit box status includes, but is not limited to: normal, frozen, other abnormal, etc.
In operation S903, the safe number corresponding to the user and the corresponding safe status are displayed, so that the user can select a target safe number from the safe numbers corresponding to the user.
It should be noted that, when the biometric authentication fails, for example, the face authentication fails, the user may be promoted to re-enter, for example, the user is prompted to change the pose, adjust the pose according to the shown contour line, and the like.
In addition, in order to improve the security of the user password, the number of times of authentication can be set, and when the authentication exceeding the number of times of authentication fails, the account of the user can be frozen. For example, the user may be prompted for the number of times that password authentication may also be attempted when password authentication fails.
Further, after the operation for one safe deposit box is completed, for example, after the safe deposit box is put back to the original position by the robot arm, the user may be prompted as to whether or not to perform the operation for another safe deposit box.
Another aspect of the present disclosure provides an apparatus for handling a safe deposit box, which is disposed in the safe deposit box, such as disposed in a terminal device or a server.
The means for handling a safe deposit box may comprise: the system comprises an entrance guard module, an identity authentication module and a safe deposit box moving module.
The entrance guard module is used for responding to the entrance guard opening operation and opening the second isolation space, so that the user can enter the second isolation space.
The identity authentication module is used for authenticating the user entering the second isolation space to obtain an authentication result, and the authentication result represents the relationship between the user and the user corresponding to the target safe deposit box in the at least one safe deposit box.
And the safe deposit box moving module is used for transferring the target safe deposit box from the first isolation space to the second isolation space in response to the authentication result that the matching is successful so that the user can operate the target safe deposit box.
It should be noted that the implementation, solved technical problems, implemented functions, and achieved technical effects of each module/unit and the like in the apparatus part embodiment are respectively the same as or similar to the implementation, solved technical problems, implemented functions, and achieved technical effects of each corresponding step in the method part embodiment, and are not described in detail herein.
The embodiment of the disclosure introduces a biological identification technology, a password encryption technology and the like into safe deposit box business opening transaction, improves the safety of the safe deposit box system, and establishes a brand image of 'honoring safety'.
Any of the modules, units, or at least part of the functionality of any of them according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules and units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, units according to the embodiments of the present disclosure may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by any other reasonable means of hardware or firmware by integrating or packaging the circuits, or in any one of three implementations of software, hardware and firmware, or in any suitable combination of any of them. Alternatively, one or more of the modules, units according to embodiments of the present disclosure may be implemented at least partly as computer program modules, which, when executed, may perform the respective functions.
For example, any number of the access control module, the identity authentication module and the safe deposit box moving module may be combined and implemented in one module, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the access control module, the identity authentication module, and the safe deposit box moving module may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or may be implemented by any one of three implementations of software, hardware, and firmware, or any suitable combination of any of the three. Alternatively, at least one of the access control module, the identity authentication module and the safe deposit box moving module may be at least partially implemented as a computer program module, which, when executed, may perform a corresponding function.
FIG. 10 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure. The electronic device shown in fig. 10 is only an example, and the electronic device may be a server and a host of a safe deposit box system, or may also be a computer of a data center, and the like, and should not bring any limitation to the function and the use scope of the embodiment of the present disclosure.
As shown in fig. 10, an electronic device 1000 according to an embodiment of the present disclosure includes a processor 1001 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a Random Access Memory (RAM) 1003. Processor 1001 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1001 may also include onboard memory for caching purposes. The processor 1001 may include a single processing unit or multiple processing units for performing different actions of a method flow according to embodiments of the present disclosure.
In the RAM 1003, various programs and data necessary for the operation of the electronic apparatus 1000 are stored. The processor 1001, ROM 1002, and RAM 1003 are communicatively connected to each other by a bus 1004. The processor 1001 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1002 and/or the RAM 1003. Note that the program may also be stored in one or more memories other than the ROM 1002 and the RAM 1003. The processor 1001 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in one or more memories.
Electronic device 1000 may also include an input/output (I/O) interface 1005, input/output (I/O) interface 1005 also connected to bus 1004, according to an embodiment of the present disclosure. The electronic device 1000 may also include one or more of the following components connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 1008 including a hard disk and the like; and a communication section 1009 including a network interface card such as a LAN card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The driver 1010 is also connected to the I/O interface 1005 as necessary. A removable medium 1011 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1010 as necessary, so that a computer program read out therefrom is mounted into the storage section 1008 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from the network through the communication part 1009 and/or installed from the removable medium 1011. The computer program performs the above-described functions defined in the system of the embodiment of the present disclosure when executed by the processor 1001. The above described systems, devices, apparatuses, modules, units, etc. may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 1002 and/or the RAM 1003 described above and/or one or more memories other than the ROM 1002 and the RAM 1003.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by embodiments of the present disclosure, when the computer program product is run on a safe deposit box, the program code being configured to cause the safe deposit box to implement the image model training method or the image processing method provided by embodiments of the present disclosure.
The computer program, when executed by the processor 1001, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via the communication part 1009, and/or installed from the removable medium 1011. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
It will be appreciated by those skilled in the art that various combinations and/or combinations of the features recited in the various embodiments of the disclosure and/or the claims may be made even if such combinations or combinations are not explicitly recited in the disclosure. These examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (9)

1. A safe deposit box system, comprising:
at least one safe deposit box arranged in the first isolation space;
the entrance guard is configured in a second isolation space and can respond to the opening of the entrance guard to open the second isolation space, and the second isolation space comprises the first isolation space;
the authentication equipment is configured to authenticate a user to obtain an authentication result, and the authentication result represents the relationship between the user and the user corresponding to the target safe deposit box in the at least one safe deposit box; and
a robot arm configured to transfer the target safe deposit box from the first isolated space to the second isolated space when the authentication result is a successful match, so that a user operates the target safe deposit box,
wherein the authentication device comprises:
the biometric authentication equipment is configured to authenticate the user based on the acquired biometric features to obtain a first authentication result, and the first authentication result represents the relationship between the user and the user corresponding to the at least one safe deposit box; and
a password authentication system configured to authenticate the user based on a user password input by the user when the first authentication result is that the matching is successful, to obtain a second authentication result, wherein the second authentication result represents the relationship between the user and a user corresponding to a target safe deposit box,
the password authentication system is in communication connection with an encryption service platform; and
the password authentication system is configured to encrypt the user password by using a first secret key to obtain a password ciphertext, and send the password ciphertext to the encryption service platform for retention and verification to obtain the second authentication result, wherein the first secret key is generated based on a second secret key capable of being updated,
the password authentication system comprises a password authentication terminal and a password authentication server terminal;
authenticating the user based on the user password input by the user, and obtaining a second authentication result comprises:
the password authentication terminal encrypts the user password by using a first secret key to obtain a password ciphertext;
the password authentication terminal sends the password ciphertext, the safe deposit box number and the first secret key to the password authentication server side so as to obtain a password storage ciphertext and generate a password envelope;
the password authentication terminal responds to a password envelope from the password authentication server and sends the password envelope, the safe deposit box number and the password storage ciphertext to the password authentication server; and
and the password authentication server stores the password envelope, the safe box number and the password storage ciphertext, verifies the password storage ciphertext and returns an authentication result.
2. The system of claim 1, wherein the biometric authentication device comprises a camera configured to capture a facial image of the user for facial recognition based on the facial image.
3. The system of any one of claims 1 to 2, wherein the safe deposit box has a paired key and safe deposit box lock, so that a user can perform an opening operation or a locking operation using the key and the safe deposit box lock.
4. A processing method for a safe deposit box system comprising the system according to any one of claims 1 to 3, the method comprising:
responding to the opening of the entrance guard operation, and opening the second isolation space to enable a user to enter the second isolation space;
authenticating the user entering the second isolation space to obtain an authentication result, wherein the authentication result represents the relationship between the user and the user corresponding to the target safe deposit box in the at least one safe deposit box; and
in response to the authentication result being a successful match, transferring the target safe deposit box from the first isolation space to the second isolation space for a user to operate the target safe deposit box,
wherein the authenticating the user who enters the second isolation space comprises:
authenticating the user based on the acquired biological characteristics to obtain a first authentication result, wherein the authentication result represents the relationship between the user and the user corresponding to the at least one safe deposit box; and
when the first authentication result is successful, authenticating the user based on the user password input by the user to obtain a second authentication result, wherein the second authentication result represents the relationship between the user and the user corresponding to the target safe deposit box,
the safe deposit box system comprises a password authentication system, wherein the password authentication system comprises a password authentication terminal and a password authentication server end;
authenticating the user based on the user password input by the user, and obtaining a second authentication result comprises:
the password authentication terminal encrypts the user password by using a first secret key to obtain a password ciphertext;
the password authentication terminal sends the password ciphertext, the safe deposit box number and the first secret key to the password authentication server side so as to obtain a password storage ciphertext and generate a password envelope;
the password authentication terminal responds to a password envelope from the password authentication server and sends the password envelope, the safe box number and the password storage ciphertext to the password authentication server; and
and the password authentication server side stores the password envelope, the safe deposit box number and the password storage ciphertext, verifies the password storage ciphertext and returns an authentication result.
5. The method of claim 4, wherein the authenticating the user based on the user password entered by the user, the obtaining a second authentication result further comprises: after the password authentication terminal sends the password ciphertext, the safe deposit box number and the first secret key to the password authentication server side,
the password authentication server side generates a check value result;
sending the check value result and the authentication result to the password authentication terminal; and
and the password authentication terminal carries out integrity verification on the message comprising the verification value result and the authentication result based on a verification secret key.
6. The method according to claim 5, wherein the check key is generated in a one-time-key manner based on a public key plaintext string from the cryptographic authentication terminal and a random check key.
7. The method according to claim 4, wherein the first key is generated based on a second key issued by an encryption service platform, and the second key is updated when an update condition is satisfied, and the update condition includes: and at least one of an updating period, manual trigger updating and power-on of the password authentication terminal is achieved.
8. The method according to any one of claims 4 to 7, wherein the safe deposit box has a corresponding safe deposit box number and safe deposit box status;
the target safe deposit box is determined by the following method: when the authentication result is that the matching is successful,
determining a safe deposit box number corresponding to the user;
acquiring a safe deposit box state corresponding to the safe deposit box number; and
and displaying the safe deposit box numbers corresponding to the users and the corresponding safe deposit box states so that the users can select target safe deposit box numbers from the safe deposit box numbers corresponding to the users.
9. A computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the method of any one of claims 4 to 8.
CN202110915194.8A 2021-08-10 2021-08-10 Safe deposit box system and processing method thereof Active CN113445858B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110915194.8A CN113445858B (en) 2021-08-10 2021-08-10 Safe deposit box system and processing method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110915194.8A CN113445858B (en) 2021-08-10 2021-08-10 Safe deposit box system and processing method thereof

Publications (2)

Publication Number Publication Date
CN113445858A CN113445858A (en) 2021-09-28
CN113445858B true CN113445858B (en) 2022-12-23

Family

ID=77818461

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110915194.8A Active CN113445858B (en) 2021-08-10 2021-08-10 Safe deposit box system and processing method thereof

Country Status (1)

Country Link
CN (1) CN113445858B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051908B (en) * 2007-05-21 2011-05-18 北京飞天诚信科技有限公司 Dynamic cipher certifying system and method
CN201794430U (en) * 2010-09-21 2011-04-13 李平然 Fully-automatic safe deposit box
CN102080485B (en) * 2010-12-07 2013-01-16 张帆 Unattended full-automatic bank safe deposit box system
CN105604438B (en) * 2015-12-28 2017-12-01 宁波朝平智能科技有限公司 Full-automatic safe deposit box interconnection system
US20220383680A1 (en) * 2019-11-07 2022-12-01 Luv Tulsidas Touchless smart storage box with face recognition system
CN113190815A (en) * 2021-04-27 2021-07-30 安徽中科晶格技术有限公司 Identity authentication system and method based on safe deposit box

Also Published As

Publication number Publication date
CN113445858A (en) 2021-09-28

Similar Documents

Publication Publication Date Title
US11080961B2 (en) Contactless card personal identification system
US20200389456A1 (en) Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment
CN108809659B (en) Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system
US10389531B2 (en) Authentication system and authentication method
US20200104826A1 (en) Contactless card emulation system and method
US12088714B2 (en) Image acquisition apparatus, server, and encryption and decryption methods
CN108229956A (en) Network bank business method, apparatus, system and mobile terminal
US12015711B2 (en) Data security processing terminal and system
US9443068B2 (en) System and method for preventing unauthorized access to information
CN113015991A (en) Secure digital wallet processing system
CN113034118B (en) Business auditing method, system, readable storage medium and computer program product
US11838422B1 (en) User authentication method and unmanned delivery system based on user authentication
JP2022551997A (en) Systems and methods for secure memory data access control using short-range transceivers
CN112422280B (en) Man-machine control interaction method, interaction system, computer equipment and storage medium
CN113822664B (en) Method, device, system, terminal, server and medium for opening offline payment
CN113445858B (en) Safe deposit box system and processing method thereof
US12008096B2 (en) Secure authentication
CN115550002B (en) TEE-based intelligent home remote control method and related device
CN114170709A (en) Money box management method and system based on Internet of things
CN107302542B (en) Biological feature-based communication method and device
JP4749017B2 (en) Pseudo biometric authentication system and pseudo biometric authentication method
KR101495034B1 (en) Method and system for remote authentication based on security token
CN113645255B (en) Communication method between trusted application TAs, related device and equipment, and storage medium
US20220374529A1 (en) Secure cryptographic server card
KR20170136044A (en) System and method for opening concurrently account of multiple financial institute through integrating process of non-faced account opening

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant