CN108257319B - USBKEY safe storage cabinet with encryption and decryption functions and application method thereof - Google Patents

USBKEY safe storage cabinet with encryption and decryption functions and application method thereof Download PDF

Info

Publication number
CN108257319B
CN108257319B CN201810145686.1A CN201810145686A CN108257319B CN 108257319 B CN108257319 B CN 108257319B CN 201810145686 A CN201810145686 A CN 201810145686A CN 108257319 B CN108257319 B CN 108257319B
Authority
CN
China
Prior art keywords
unit
usbkey
drawer
storage cabinet
safe storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810145686.1A
Other languages
Chinese (zh)
Other versions
CN108257319A (en
Inventor
梁晓兵
翟峰
黄加羽
岑炜
赵兵
刘鹰
吕英杰
孔令达
李保丰
付义伦
曹永峰
许斌
徐萌
刘书勇
冯占成
任博
张庚
杨全萍
周琪
李丽丽
冯云
袁泉
卢艳
韩文博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electric Power Research Institute Co Ltd CEPRI
Original Assignee
China Electric Power Research Institute Co Ltd CEPRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electric Power Research Institute Co Ltd CEPRI filed Critical China Electric Power Research Institute Co Ltd CEPRI
Priority to CN201810145686.1A priority Critical patent/CN108257319B/en
Publication of CN108257319A publication Critical patent/CN108257319A/en
Application granted granted Critical
Publication of CN108257319B publication Critical patent/CN108257319B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/10Coin-freed apparatus for hiring articles; Coin-freed facilities or services for means for safe-keeping of property, left temporarily, e.g. by fastening the property
    • G07F17/12Coin-freed apparatus for hiring articles; Coin-freed facilities or services for means for safe-keeping of property, left temporarily, e.g. by fastening the property comprising lockable containers, e.g. for accepting clothes to be cleaned
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The application discloses a USBKEY safe storage cabinet device with encryption and decryption functions and an application method thereof, wherein the device comprises a USB-KEY safe storage cabinet and a control server; the USBKEY safe storage cabinet comprises a main control unit, a drawer unit, a safety unit, an information authentication unit, an electronic seal unit, a USBKEY taking and returning unit, a data storage unit and a power supply unit; the USBKEY safe storage cabinet is used for safely storing the USBKEY, performs authentication communication with the control server and completes the taking out and returning of the USBKEY according to the received encryption control instruction; the control server comprises a parameter input unit, a data communication unit, a parameter setting unit and a control logic unit; the control server is used for carrying out authentication communication with the USBKEY safe storage cabinet and sending a control instruction to the USBKEY safe storage cabinet; the drawer unit comprises N drawer subunits, wherein each drawer subunit comprises a CPU module, a drawer mechanical structure and a drawer safety module.

Description

USBKEY safe storage cabinet with encryption and decryption functions and application method thereof
Technical Field
The application relates to the technical field of information security, in particular to a USBKEY safe storage cabinet device with encryption and decryption functions and an application method thereof.
Background
The USBKEY is widely applied to various fields needing auditing as a common key, and takes a core service-cost control service of a power marketing system as an example, and directly relates to the tangential interests of power enterprises and power users, and the security is of great importance. In the process of implementing fee control, the marketing system receives an arrearage list generated by the marketing remote real-time fee control system, corresponding county and urban industry responsibilities audit the arrearage control list information and encrypt and sign the audit data to generate a final trip control list and a trip control electronic work order. The trip control list and the trip control electronic worksheet are sent to the electricity consumption information acquisition system for processing through the unified interface service platform. The audit data of the tripping control list is encrypted and signed by the USBKEY in the business responsibility; at present, the USBKEY used by marketing auditors lacks an effective management method and device, and the USBKEY used by the marketing auditors is not only one but also has the problem of easy confusion, so that the safety and traceability of the cost control operation cannot be ensured, and the USBKEY must be safely and effectively managed to solve the problems.
Disclosure of Invention
In order to solve the problem that the USBKEY in the background technology lacks an effective management method and device and cannot guarantee the safety and traceability of the cost control operation, the application provides a USBKEY safe storage cabinet device with encryption and decryption functions and an application method thereof; according to the device and the method, the USBKEY is orderly stored and managed by arranging the safe storage cabinet with the encryption and decryption functions, and meanwhile, the safety of the USBKEY is improved by establishing a bidirectional authentication mechanism and using ciphertext for data communication, and the USBKEY safe storage cabinet device with the encryption and decryption functions comprises:
the USBKEY safe storage cabinet and the control server;
the USBKEY safe storage cabinet comprises a main control unit, a drawer unit, a safety unit and an information authentication unit; the USBKEY safe storage cabinet is used for safely storing the USBKEY, performs authentication communication with the control server and completes the taking out and returning of the USBKEY according to the received encryption control instruction;
the main control unit is used for receiving a bidirectional authentication request sent by the control server and sending the bidirectional authentication request to the information authentication unit; the main control unit is used for receiving the encrypted control instruction sent by the control server, generating a corresponding operation instruction according to the control instruction, and carrying out data transmission with other units of the USBKEY safe storage cabinet;
the drawer unit comprises N drawer subunits, each of the N drawer subunits comprises a CPU module, a drawer mechanical structure and a drawer safety module, the CPU module is used for receiving encrypted drawer operation instructions sent by the main control unit, and after decryption confirmation is carried out through the drawer safety module, the corresponding drawer execution instructions are processed and then sent to the drawer mechanical structure; the CPU module is used for establishing bidirectional authentication with the main control module through the drawer security module; the CPU module comprises a USB interface, and the USBKEY is fixed in the drawer subunit through being inserted into the USB interface and performs data communication;
the safety unit comprises a cipher chip with a plurality of built-in national cipher algorithms; the security unit is used for decrypting the encryption control instruction received by the main control unit and encrypting each operation instruction generated by the main control unit;
the information authentication unit is used for receiving the bidirectional authentication request transmitted by the main control unit, carrying out security authentication according to the bidirectional authentication request, and sending an authentication result to the main control unit; the information authentication unit is used for generating bidirectional authentication requests between the main control unit and the drawer unit and between the main control unit and the control server according to the main control unit instruction;
the control server comprises a parameter input unit and a data communication unit; the control server is used for carrying out authentication communication with the USBKEY safe storage cabinet and sending a control instruction to the USBKEY safe storage cabinet;
the parameter input unit is used for inputting basic information of an operator and parameters including aging of the USBKEY; the parameter input unit generates a control instruction according to information input by an operator; the basic operator information comprises an operator number and an operator password;
the data communication unit is used for establishing bidirectional authentication with the USBKEY safe storage cabinet; and the data communication unit encrypts the control instruction generated by the parameter input unit and transmits the control instruction to the USBKEY safe storage cabinet.
Further, the USBKEY safe storage cabinet further comprises an electronic seal unit, a USBKEY returning unit, a data storage unit and a power supply unit;
the electronic seal unit comprises a cryptographic chip based on a national seal algorithm and is used for storing the device information of the USBKEY safe storage cabinet, wherein the device information comprises a device unique number and a device purpose;
the power supply unit is used for supplying power to the USBKEY safe storage cabinet and comprises a main power supply AC-DC module and a standby AC-DC module, wherein the two AC-DC modules are mutually isolated;
the data storage unit is used for storing basic information of operators and storing USBKEY information stored in each drawer unit; the USBKEY information comprises a USBKEY number and USBKEY state information;
the USBKEY taking and returning unit is used for judging whether the feedback state of each subunit of the drawer unit is correct according to the operation instruction of the main control unit, and the USBKEY taking and returning unit is used for confirming whether the aging of the USBKEY is abnormal or not and feeding back the abnormal state to the main control unit.
Further, the control server also comprises a parameter setting unit and a control logic unit;
the parameter setting unit is used for setting basic information of an operator and equipment information of the USBKEY safe storage cabinet; the parameter setting unit is used for updating USBKEY information;
the control logic unit is used for setting a preset rule for controlling the drawer unit according to the use state of the drawer unit, the USBKEY verification state and the control instruction.
Further, the drawer mechanical structure of each drawer subunit comprises a drawer shell, an electronic lock, a position sensor, a gear strip, a spring, a movable sleeve and a guide rail; the position sensor is used for sensing whether the drawer shell is closed in place, and the electronic lock is automatically locked when the position sensor senses that the drawer shell is closed in place; the electronic lock is used for unlocking according to a CPU module instruction, when the electronic lock is unlocked, the drawer shell is ejected out through the pretightening force of the spring, and a damping effect is achieved through a speed reduction part consisting of a gear bar, a movable sleeve and a guide rail.
Further, brackets are arranged on two sides of the interior of the drawer shell of each drawer subunit and used for supporting the drawers; the electronic lock is fixed on the inner side of the bottom of the drawer shell; the spring, the gear strip, the movable sleeve and the guide rail are fixed at the bottom of the drawer shell.
Further, the device also comprises a plurality of auxiliary control servers, wherein the auxiliary control servers comprise auxiliary parameter input units, and the auxiliary parameter input units are used for inputting basic information of operators and parameters comprising USBKEY aging; the parameter input unit generates a control instruction according to an operator instruction; the auxiliary control server communicates with the control server and transmits the operator basic information, parameters and control instructions to the control server.
Further, the information authentication unit is used for checking signature information of the USBKEY; if the signature verification is not passed, the signature verification non-passing information is sent to the main control unit.
Furthermore, the data transmission is performed between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems, and in the USBKEY safe storage cabinet by using a ciphertext and MAC mode.
Further, the main control unit comprises a main control CPU, and the CPU module of each drawer subunit comprises a drawer CPU; the main control CPU and each drawer CPU are high-performance serial 32-bit CORTEX-M3 core processors.
The method for carrying out safe storage of the USBKEY comprises the following steps:
after receiving the input command, the control server establishes bidirectional authentication with the USBKEY safe storage cabinet;
after successful authentication, the control server sends an encrypted control instruction to the USBKEY safe storage cabinet, wherein the control instruction comprises basic information of an operator and aging parameters of the USBKEY;
the safety unit of the USBKEY safety storage cabinet decrypts and verifies the encrypted control instruction, and sends the verified control instruction to the main control unit of the USBKEY safety storage cabinet;
the main control unit generates an operation instruction according to the control instruction and sends the operation instruction to the drawer unit;
and the drawer unit fetches and returns the USBKEY according to the operation instruction.
Further, before the main control unit sends the operation instruction to the drawer unit, the method further includes:
and the main control unit establishes bidirectional authentication with the drawer safety module of the drawer unit through the information authentication unit, and performs data transmission after the authentication is passed.
Further, the main control unit queries the feedback state of each drawer subunit of the drawer units at regular time, and uploads an operation log to a control server; the feedback status includes whether the drawer subunit is storing a USBKEY.
Further, the method further comprises:
the auxiliary control server receives the input command, generates an authentication command and sends the authentication command to the control server;
the control server establishes bidirectional authentication with the USBKEY safe storage cabinet according to the received authentication instruction;
after the authentication is passed, the auxiliary control server sends a control instruction generated according to the input instruction to the control server, and the control server encrypts the control instruction.
Further, when the operation instruction is a USB key, the drawer unit opens a corresponding drawer subunit according to the operation instruction, and an operator inserts the USB key into a USB interface of the drawer subunit;
the information authentication unit verifies the signature information of the USBKEY;
the USBKEY taking and returning unit verifies whether the aging of the USBKEY is abnormal or not;
if both the verification passes, closing the corresponding drawer subunit by an operator, wherein the drawer subunit is automatically locked;
if the verification is not passed, the USBKEY safe storage cabinet carries out abnormal reminding.
Furthermore, data transmission is carried out between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems and in the USBKEY safe storage cabinet by using a ciphertext and MAC (media access control) mode; and encrypting and decrypting the data transmission by using a national encryption algorithm.
The beneficial effects of the application are as follows: the application provides a USBKEY safe storage cabinet device with encryption and decryption functions and an application method thereof, wherein the device and the method effectively manage the storage of the USBKEY by arranging the safe storage cabinet with the encryption and decryption functions and a corresponding control server, and simultaneously improve the safety of the USBKEY by establishing a bidirectional authentication mechanism and using ciphertext for data communication; the automatic and positioning management of the USBKEY assets is realized, and the management level of the USBKEY is improved.
Drawings
Exemplary embodiments of the present application may be more completely understood in consideration of the following drawings:
FIG. 1 is a block diagram of a USBKEY secure storage cabinet device with encryption and decryption functions according to an embodiment of the application;
FIG. 2 is a schematic view of a drawer subunit according to an embodiment of the present application;
FIG. 3 is a mechanical block diagram of a drawer subunit according to an embodiment of the present application;
fig. 4 is a flowchart of a method for performing secure storage by using a usb key secure storage cabinet with encryption and decryption functions according to an embodiment of the present application.
Detailed Description
The exemplary embodiments of the present application will now be described with reference to the accompanying drawings, however, the present application may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present application and fully convey the scope of the application to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the application. In the drawings, like elements/components are referred to by like reference numerals.
Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
FIG. 1 is a block diagram of a USBKEY secure storage cabinet device with encryption and decryption functions according to an embodiment of the application; the device orderly stores and manages the USBKEY by arranging the safe storage cabinet with encryption and decryption functions and the corresponding control server, and improves the safety of the USBKEY by establishing a bidirectional authentication mechanism and using ciphertext for data communication; the USBKEY safe storage cabinet device with the encryption and decryption functions comprises:
a USBKEY secure storage cabinet 110 and a control server 120;
the usb key secure storage 110 includes a main control unit 111, a drawer unit 112, a security unit 113, and an information authentication unit 114; the usb key secure storage cabinet 110 is configured to securely store a usb key, where the usb key secure storage cabinet 110 performs authentication communication with the control server 120 and completes taking out and receiving of the usb key according to a received encryption control instruction;
the usb key secure storage 110 is connected to the control server 120, and performs data communication; the communication mode comprises USB data line connection;
the master control unit 111 is configured to receive a bidirectional authentication request sent by the control server 120, and send the bidirectional authentication request to the information authentication unit; the main control unit 111 is configured to receive an encrypted control instruction sent by the control server 120, and generate a corresponding operation instruction according to the control instruction, and perform data transmission with other units of the usb key secure storage cabinet 110;
the drawer unit 112 includes N drawer subunits, as shown in fig. 2, each of the N drawer subunits includes a CPU module 201, a drawer mechanical structure 202, and a drawer security module 203, where the CPU module 201 is configured to receive an encrypted drawer operation instruction sent by the main control unit 111, and send the corresponding drawer execution instruction after decryption confirmation by the drawer security module 203 to the drawer mechanical structure 202; the CPU module 201 is configured to establish bidirectional authentication with the main control module 111 through the drawer security module 203; the CPU module 201 includes a USB interface, and the USB key is fixed in the drawer subunit by plugging with the USB interface and performs data communication;
further, each drawer subunit of the drawer units is connected with the main control unit and performs data communication;
further, the drawer mechanism 202 of each drawer subunit includes a drawer housing, an electronic lock, a position sensor, a gear rack, a spring, a movable sleeve, and a guide rail; the position sensor is used for sensing whether the drawer shell is closed in place, and the electronic lock is automatically locked when the position sensor senses that the drawer shell is closed in place; the electronic lock is used for unlocking according to a CPU module instruction, when the electronic lock is unlocked, the drawer shell is ejected out through the pretightening force of the spring, and a damping effect is achieved through a speed reduction part consisting of a gear bar, a movable sleeve and a guide rail;
further, fig. 3 is a mechanical structure diagram of a drawer subunit, where each drawer subunit can be detached and assembled separately, and two sides of the drawer housing of each drawer subunit are provided with brackets for supporting the drawer; the electronic lock is fixed on the inner side of the bottom of the drawer shell; the spring, the gear strip, the movable sleeve and the guide rail are fixed at the bottom of the drawer shell;
the security unit 113 includes a cryptographic chip with a plurality of cryptographic algorithms built therein; the security unit 113 is configured to decrypt the encrypted control instruction received by the main control unit 111, and encrypt each operation instruction generated by the main control unit 111;
further, the security unit 113 is connected to the main control unit 111 and performs data communication;
the information authentication unit 114 is configured to receive a bidirectional authentication request transmitted by the main control unit 111, perform security authentication according to the bidirectional authentication request, and send an authentication result to the main control unit 111; the information authentication unit 114 is configured to generate a bidirectional authentication request between the main control unit 111 and the drawer unit 112 and between the main control unit 111 and the control server 120 according to an instruction of the main control unit 111.
The further information authentication unit 114 is connected to the main control unit 111 and performs data communication; the information authentication unit 114 is used for checking signature information of the USBKEY; if the verification is not passed, the verification non-passing information is transmitted to the main control unit 111.
Further, the usb key safe storage cabinet 110 further includes an electronic seal unit 115, a usb key retrieving unit 116, a data storage unit 117, and a power supply unit 118;
the electronic seal unit 115 comprises a cryptographic chip based on a national seal algorithm, and the electronic seal unit 115 is used for storing equipment information of the usb key secure storage cabinet 110, wherein the equipment information comprises an equipment unique number and equipment use;
the power supply unit 118 is configured to supply power to the usb key secure storage cabinet 110, where the power supply unit 118 includes a primary power supply AC-DC module and a standby AC-DC module, and the two AC-DC modules are isolated from each other;
the data storage unit 117 is used for storing basic information of an operator and storing USBKEY information stored in each drawer unit 112; the USBKEY information comprises a USBKEY number and USBKEY state information;
the usb key taking and returning unit 116 is configured to determine whether the feedback status of each subunit of the drawer unit 112 is correct according to the operation instruction of the main control unit 111, and the usb key taking and returning unit 116 is configured to confirm whether the aging of the returning usb key is abnormal, and feed back the abnormal status to the main control unit 111.
Further, the electronic seal unit 115, the usb key retrieving unit 116, the data storage unit 117, and the power supply unit 118 are all connected to the main control unit 111 and perform data communication;
the control server 120 includes a parameter entry unit 121 and a data communication unit 122; the control server 120 is configured to perform authentication communication with the usb key secure storage 110 and send a control instruction to the usb key secure storage 110;
the parameter input unit 121 is used for inputting basic information of an operator and parameters including aging of the USBKEY; the parameter input unit 121 generates a control command according to information input by an operator; the basic operator information comprises an operator number and an operator password;
the data communication unit 122 is configured to establish bidirectional authentication with the usb key secure storage 110; the data communication unit 122 encrypts the control command generated by the parameter entry unit 121, and transmits the encrypted control command to the usb key secure storage cabinet 110.
Further, the control server 120 further includes a parameter setting unit 123 and a control logic unit 124;
the parameter setting unit 123 is configured to set basic information of an operator and equipment information of the usb key secure storage cabinet 110; the parameter setting unit 123 is configured to update usb key information;
the control logic unit 124 is configured to set a preset rule for controlling the drawer unit 112 according to the usage status of the drawer unit 112, the USBKEY verification status, and the control instruction.
Further, the device also comprises a plurality of auxiliary control servers, wherein the auxiliary control servers comprise auxiliary parameter input units, and the auxiliary parameter input units are used for inputting basic information of operators and parameters comprising USBKEY aging; the parameter input unit generates a control instruction according to an operator instruction; the secondary control server communicates with the control server 120 and sends the operator basic information, parameters and control instructions to the control server 120.
Further, the ciphertext and MAC are used for data transmission between the usb key secure storage cabinet 110 and the control server 120, between the control server 120 and other peripheral systems, and in the usb key secure storage cabinet 110.
Further, the main control unit 111 includes a main control CPU, and the CPU module of each drawer subunit includes a drawer CPU; the main control CPU and each drawer CPU are high-performance serial 32-bit CORTEX-M3 core processors.
FIG. 4 is a flowchart of a method for performing secure storage by using a USBKEY secure storage cabinet with encryption and decryption functions according to an embodiment of the present application; as shown in fig. 4, the method includes:
step 410, the control server establishes bidirectional authentication with the USBKEY safe storage cabinet after receiving the input command;
step 420, after the authentication is successful, the control server sends an encrypted control instruction to the USBKEY safe storage cabinet, wherein the control instruction comprises basic information of an operator and aging parameters of the USBKEY;
step 430, the security unit of the usb key secure storage cabinet decrypts and verifies the encrypted control instruction, and sends the verified control instruction to the main control unit of the usb key secure storage cabinet;
step 440, the main control unit generates an operation instruction according to the control instruction and sends the operation instruction to the drawer unit;
and 450, the drawer unit fetches and returns the USBKEY according to the operation instruction.
Further, before the main control unit sends the operation instruction to the drawer unit, the method further includes:
and the main control unit establishes bidirectional authentication with the drawer safety module of the drawer unit through the information authentication unit, and performs data transmission after the authentication is passed.
Further, the main control unit queries the feedback state of each drawer subunit of the drawer units at regular time, and uploads an operation log to a control server; the feedback status includes whether the drawer subunit is storing a USBKEY.
Further, the method further comprises:
the auxiliary control server receives the input command, generates an authentication command and sends the authentication command to the control server;
the control server establishes bidirectional authentication with the USBKEY safe storage cabinet according to the received authentication instruction;
after the authentication is passed, the auxiliary control server sends a control instruction generated according to the input instruction to the control server, and the control server encrypts the control instruction.
Further, when the operation instruction is a USB key, the drawer unit opens a corresponding drawer subunit according to the operation instruction, and an operator inserts the USB key into a USB interface of the drawer subunit;
the information authentication unit verifies the signature information of the USBKEY;
the USBKEY taking and returning unit verifies whether the aging of the USBKEY is abnormal or not;
if both the verification passes, closing the corresponding drawer subunit by an operator, wherein the drawer subunit is automatically locked;
if the verification is not passed, the USBKEY safe storage cabinet carries out abnormal reminding.
Furthermore, data transmission is carried out between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems and in the USBKEY safe storage cabinet by using a ciphertext and MAC (media access control) mode; and encrypting and decrypting the data transmission by using a national encryption algorithm.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the disclosure may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Reference to step numbers in this specification is used solely to distinguish between steps and is not intended to limit the time or logical relationship between steps, including the various possible conditions unless the context clearly indicates otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the disclosure and form different embodiments. For example, any of the embodiments claimed in the claims may be used in any combination.
Various component embodiments of the present disclosure may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. The present disclosure may also be implemented as an apparatus or system program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present disclosure may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the disclosure, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The disclosure may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware.
The foregoing is merely a specific embodiment of the disclosure, and it should be noted that it will be apparent to those skilled in the art that various improvements, modifications, and variations can be made without departing from the spirit of the disclosure, and such improvements, modifications, and variations are considered to be within the scope of the application.

Claims (14)

1. The device comprises a USBKEY safe storage cabinet and a control server;
the USBKEY safe storage cabinet comprises a main control unit, a drawer unit, a safety unit and an information authentication unit; the USBKEY safe storage cabinet is used for safely storing the USBKEY, performs authentication communication with the control server and completes the taking out and returning of the USBKEY according to the received encryption control instruction;
the main control unit is used for receiving a bidirectional authentication request sent by the control server and sending the bidirectional authentication request to the information authentication unit; the main control unit is used for receiving the encrypted control instruction sent by the control server, generating a corresponding operation instruction according to the control instruction, and carrying out data transmission with other units of the USBKEY safe storage cabinet;
the drawer unit comprises N drawer subunits, each of the N drawer subunits comprises a CPU module, a drawer mechanical structure and a drawer safety module, the CPU module is used for receiving encrypted drawer operation instructions sent by the main control unit, and after decryption confirmation is carried out through the drawer safety module, the corresponding drawer execution instructions are processed and then sent to the drawer mechanical structure; the CPU module is used for establishing bidirectional authentication with the main control module through the drawer security module; the CPU module comprises a USB interface, and the USBKEY is fixed in the drawer subunit through being inserted into the USB interface and performs data communication; the drawer mechanical structure of each drawer subunit comprises a drawer shell, an electronic lock, a position sensor, a gear bar, a spring, a movable sleeve and a guide rail; the position sensor is used for sensing whether the drawer shell is closed in place, and the electronic lock is automatically locked when the position sensor senses that the drawer shell is closed in place; the electronic lock is used for unlocking according to a CPU module instruction, when the electronic lock is unlocked, the drawer shell is ejected out through the pretightening force of the spring, and a damping effect is achieved through a speed reduction part consisting of a gear bar, a movable sleeve and a guide rail;
the safety unit comprises a cipher chip with a plurality of built-in national cipher algorithms; the security unit is used for decrypting the encryption control instruction received by the main control unit and encrypting each operation instruction generated by the main control unit;
the information authentication unit is used for receiving the bidirectional authentication request transmitted by the main control unit, carrying out security authentication according to the bidirectional authentication request, and sending an authentication result to the main control unit; the information authentication unit is used for generating bidirectional authentication requests between the main control unit and the drawer unit and between the main control unit and the control server according to the main control unit instruction;
the control server comprises a parameter input unit and a data communication unit; the control server is used for carrying out authentication communication with the USBKEY safe storage cabinet and sending a control instruction to the USBKEY safe storage cabinet;
the parameter input unit is used for inputting basic information of an operator and parameters including aging of the USBKEY; the parameter input unit generates a control instruction according to information input by an operator; the basic operator information comprises an operator number and an operator password;
the data communication unit is used for establishing bidirectional authentication with the USBKEY safe storage cabinet; and the data communication unit encrypts the control instruction generated by the parameter input unit and transmits the control instruction to the USBKEY safe storage cabinet.
2. The device according to claim 1, wherein the USBKEY safe storage cabinet further comprises an electronic seal unit, a USBKEY retrieval unit, a data storage unit and a power supply unit;
the electronic seal unit comprises a cryptographic chip based on a national seal algorithm and is used for storing the device information of the USBKEY safe storage cabinet, wherein the device information comprises a device unique number and a device purpose;
the power supply unit is used for supplying power to the USBKEY safe storage cabinet and comprises a main power supply AC-DC module and a standby AC-DC module, wherein the two AC-DC modules are mutually isolated;
the data storage unit is used for storing basic information of operators and storing USBKEY information stored in each drawer unit and operation logs of the USBKEY safe storage cabinet; the USBKEY information comprises a USBKEY number and USBKEY state information;
the USBKEY taking and returning unit is used for judging whether the feedback state of each subunit of the drawer unit is correct according to the operation instruction of the main control unit, and the USBKEY taking and returning unit is used for confirming whether the aging of the USBKEY is abnormal or not and feeding back the abnormal state to the main control unit.
3. The apparatus according to claim 2, wherein: the control server also comprises a parameter setting unit and a control logic unit;
the parameter setting unit is used for setting basic information of an operator and equipment information of the USBKEY safe storage cabinet; the parameter setting unit is used for updating USBKEY information;
the control logic unit is used for setting a preset rule for controlling the drawer unit according to the use state of the drawer unit, the USBKEY verification state and the control instruction.
4. The apparatus according to claim 1, wherein: brackets are arranged on two sides of the interior of the drawer shell of each drawer subunit and used for supporting drawers; the electronic lock is fixed on the inner side of the bottom of the drawer shell; the spring, the gear strip, the movable sleeve and the guide rail are fixed at the bottom of the drawer shell.
5. The apparatus according to claim 1, further comprising a plurality of auxiliary control servers, the auxiliary control servers comprising an auxiliary parameter entry unit for entering operator basic information and parameters including USBKEY aging; the parameter input unit generates a control instruction according to an operator instruction; the auxiliary control server communicates with the control server and transmits the operator basic information, parameters and control instructions to the control server.
6. The apparatus according to claim 1, wherein: the information authentication unit is used for checking signature information of the USBKEY; if the signature verification is not passed, the signature verification non-passing information is sent to the main control unit.
7. The apparatus according to claim 1, wherein: and data transmission is carried out between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems and in the USBKEY safe storage cabinet by using a ciphertext and MAC (media access control) mode.
8. The apparatus according to claim 1, wherein: the main control unit comprises a main control CPU, and the CPU module of each drawer subunit comprises a drawer CPU; the main control CPU and each drawer CPU are high-performance serial 32-bit CORTEX-M3 core processors.
9. A method of using the apparatus of claim 1 for secure storage of a usb key, the method comprising:
after receiving the input command, the control server establishes bidirectional authentication with the USBKEY safe storage cabinet;
after successful authentication, the control server sends an encrypted control instruction to the USBKEY safe storage cabinet, wherein the control instruction comprises basic information of an operator and aging parameters of the USBKEY;
the safety unit of the USBKEY safety storage cabinet decrypts and verifies the encrypted control instruction, and sends the verified control instruction to the main control unit of the USBKEY safety storage cabinet;
the main control unit generates an operation instruction according to the control instruction and sends the operation instruction to the drawer unit;
and the drawer unit fetches and returns the USBKEY according to the operation instruction.
10. The method according to claim 9, wherein: before the main control unit sends the operation instruction to the drawer unit, the method further comprises:
and the main control unit establishes bidirectional authentication with the drawer safety module of the drawer unit through the information authentication unit, and performs data transmission after the authentication is passed.
11. The method according to claim 9, wherein: the main control unit queries the feedback state of each drawer subunit of the drawer unit at regular time and uploads an operation log to the control server; the feedback status includes whether the drawer subunit is storing a USBKEY.
12. The method according to claim 9, wherein the method further comprises:
the auxiliary control server receives the input command, generates an authentication command and sends the authentication command to the control server;
the control server establishes bidirectional authentication with the USBKEY safe storage cabinet according to the received authentication instruction;
after the authentication is passed, the auxiliary control server sends a control instruction generated according to the input instruction to the control server, and the control server encrypts the control instruction.
13. The method according to claim 9, wherein:
when the operation instruction is USBKEY, the drawer unit opens the corresponding drawer subunit according to the operation instruction, and an operator inserts the USBKEY into a USB interface of the drawer subunit;
the information authentication unit verifies the signature information of the USBKEY;
the USBKEY taking and returning unit verifies whether the aging of the USBKEY is abnormal or not;
if both the verification passes, closing the corresponding drawer subunit by an operator, wherein the drawer subunit is automatically locked;
if the verification is not passed, the USBKEY safe storage cabinet carries out abnormal reminding.
14. The method according to claim 9, wherein: the data transmission is carried out between the USBKEY safe storage cabinet and the control server, between the control server and other peripheral systems and in the USBKEY safe storage cabinet by using a ciphertext and MAC (media access control) mode; and encrypting and decrypting the data transmission by using a national encryption algorithm.
CN201810145686.1A 2018-02-12 2018-02-12 USBKEY safe storage cabinet with encryption and decryption functions and application method thereof Active CN108257319B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810145686.1A CN108257319B (en) 2018-02-12 2018-02-12 USBKEY safe storage cabinet with encryption and decryption functions and application method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810145686.1A CN108257319B (en) 2018-02-12 2018-02-12 USBKEY safe storage cabinet with encryption and decryption functions and application method thereof

Publications (2)

Publication Number Publication Date
CN108257319A CN108257319A (en) 2018-07-06
CN108257319B true CN108257319B (en) 2023-10-31

Family

ID=62745151

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810145686.1A Active CN108257319B (en) 2018-02-12 2018-02-12 USBKEY safe storage cabinet with encryption and decryption functions and application method thereof

Country Status (1)

Country Link
CN (1) CN108257319B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2606201A (en) * 2021-04-29 2022-11-02 Medication Support Ltd Lockable cabinet

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB8828988D0 (en) * 1987-12-18 1989-01-25 Pitney Bowes Inc Document authentication system
US4853961A (en) * 1987-12-18 1989-08-01 Pitney Bowes Inc. Reliable document authentication system
DE10025052A1 (en) * 2000-05-23 2002-01-03 Kaba Gallenschuetz Gmbh Turnstile, especially for large functions; has guide element on opposite side of grid rods forming barrier and having door that can be opened to allow people through passage
JP2002276222A (en) * 2001-01-12 2002-09-25 Nippon Telegr & Teleph Corp <Ntt> Biological information authentication cabinet and locking and unlocking method
CN101178802A (en) * 2006-11-08 2008-05-14 李东声 Dynamic password realization method in network bank trading and electronic signing device
CN101183456A (en) * 2007-12-18 2008-05-21 中国工商银行股份有限公司 Encryption device, system and method for encryption, identification using the encryption device
CN103117853A (en) * 2011-11-16 2013-05-22 航天信息股份有限公司 Account input and authentication method of safe storing device
CN202970174U (en) * 2012-06-01 2013-06-05 杭州双华智能家居有限公司 Remote wake-up smart lock system with low power consumption
CN103297413A (en) * 2012-01-28 2013-09-11 查平 Sharable online file secure safe
CN104113437A (en) * 2014-07-12 2014-10-22 浙商银行股份有限公司 An account transfer machine remote management method based on dynamic passwords
CN105138891A (en) * 2015-07-30 2015-12-09 山东超越数控电子有限公司 USBKey based drive-free encryption and decryption certification communication circuit and method
CN106101159A (en) * 2016-08-27 2016-11-09 谢志豪 Dynamic cipher generating method, dynamic cipher authentication method and device
CN205713658U (en) * 2016-03-15 2016-11-23 江苏群杰软件有限公司 Seal Internet of Things and intelligent management system
CN106683286A (en) * 2016-12-26 2017-05-17 上海传英信息技术有限公司 Intelligent article storage method and intelligent storage system
CN106789024A (en) * 2016-12-30 2017-05-31 深圳市文鼎创数据科技有限公司 A kind of remote de-locking method, device and system
CN106973056A (en) * 2017-03-30 2017-07-21 中国电力科学研究院 The safety chip and its encryption method of a kind of object-oriented
CN206574191U (en) * 2017-03-17 2017-10-20 桂林电子科技大学 A kind of double-encryption device of locker
CN107426155A (en) * 2017-04-17 2017-12-01 浙江德塔森特数据技术有限公司 A kind of method for unlocking of integrated cabinet
CN107633588A (en) * 2017-10-24 2018-01-26 北京金储自动化技术有限公司 Control method, system, lockset, electronic equipment and readable storage medium storing program for executing
CN107672931A (en) * 2017-09-20 2018-02-09 深圳怡化电脑股份有限公司 A kind of cash box, financial self-service equipment and cassette management system

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB8828988D0 (en) * 1987-12-18 1989-01-25 Pitney Bowes Inc Document authentication system
US4853961A (en) * 1987-12-18 1989-08-01 Pitney Bowes Inc. Reliable document authentication system
DE10025052A1 (en) * 2000-05-23 2002-01-03 Kaba Gallenschuetz Gmbh Turnstile, especially for large functions; has guide element on opposite side of grid rods forming barrier and having door that can be opened to allow people through passage
JP2002276222A (en) * 2001-01-12 2002-09-25 Nippon Telegr & Teleph Corp <Ntt> Biological information authentication cabinet and locking and unlocking method
CN101178802A (en) * 2006-11-08 2008-05-14 李东声 Dynamic password realization method in network bank trading and electronic signing device
CN101183456A (en) * 2007-12-18 2008-05-21 中国工商银行股份有限公司 Encryption device, system and method for encryption, identification using the encryption device
CN103117853A (en) * 2011-11-16 2013-05-22 航天信息股份有限公司 Account input and authentication method of safe storing device
CN103297413A (en) * 2012-01-28 2013-09-11 查平 Sharable online file secure safe
CN202970174U (en) * 2012-06-01 2013-06-05 杭州双华智能家居有限公司 Remote wake-up smart lock system with low power consumption
CN104113437A (en) * 2014-07-12 2014-10-22 浙商银行股份有限公司 An account transfer machine remote management method based on dynamic passwords
CN105138891A (en) * 2015-07-30 2015-12-09 山东超越数控电子有限公司 USBKey based drive-free encryption and decryption certification communication circuit and method
CN205713658U (en) * 2016-03-15 2016-11-23 江苏群杰软件有限公司 Seal Internet of Things and intelligent management system
CN106101159A (en) * 2016-08-27 2016-11-09 谢志豪 Dynamic cipher generating method, dynamic cipher authentication method and device
CN106683286A (en) * 2016-12-26 2017-05-17 上海传英信息技术有限公司 Intelligent article storage method and intelligent storage system
CN106789024A (en) * 2016-12-30 2017-05-31 深圳市文鼎创数据科技有限公司 A kind of remote de-locking method, device and system
CN206574191U (en) * 2017-03-17 2017-10-20 桂林电子科技大学 A kind of double-encryption device of locker
CN106973056A (en) * 2017-03-30 2017-07-21 中国电力科学研究院 The safety chip and its encryption method of a kind of object-oriented
CN107426155A (en) * 2017-04-17 2017-12-01 浙江德塔森特数据技术有限公司 A kind of method for unlocking of integrated cabinet
CN107672931A (en) * 2017-09-20 2018-02-09 深圳怡化电脑股份有限公司 A kind of cash box, financial self-service equipment and cassette management system
CN107633588A (en) * 2017-10-24 2018-01-26 北京金储自动化技术有限公司 Control method, system, lockset, electronic equipment and readable storage medium storing program for executing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于红外热成像技术的配电柜故障监测与诊断;时誉宁;《中国优秀硕士学位论文全文数据库工程科技Ⅱ辑》;全文 *

Also Published As

Publication number Publication date
CN108257319A (en) 2018-07-06

Similar Documents

Publication Publication Date Title
EP3585023B1 (en) Data protection method and system
CN102065148A (en) Memory system access authorizing method based on communication network
CA2766491C (en) A method and system for securely and automatically downloading a master key in a bank card payment system
US20070179891A1 (en) Security control method for data transmission process of software protection apparatus and apparatus thereof
EP2267628A2 (en) Token passing technique for media playback devices
EP3403185A1 (en) Memory operation encryption
US20110258451A1 (en) Method for updating mobile terminal software and mobile terminal
CN111104691A (en) Sensitive information processing method and device, storage medium and equipment
CN103971033A (en) Digital rights management method for solving problem of illegal copying
CN101771680B (en) Method for writing data to smart card, system and remote writing-card terminal
CN105740725A (en) File protection method and system
CN104484584A (en) Three-dimensional model copyright protection method based on three-dimensional printing device
CN104282060B (en) A kind of method for unlocking of safety intelligent lock system
CN101158998A (en) Management method and device of DRM licenses
CN107273725B (en) Data backup method and system for confidential information
CN108257319B (en) USBKEY safe storage cabinet with encryption and decryption functions and application method thereof
US7975141B2 (en) Method of sharing bus key and apparatus therefor
CN107743120B (en) Detachable encrypted test question data transmission system and method
CN106599697A (en) Method and system for safe upgrade of programs in PCI password card
KR20130085537A (en) System and method for accessing to encoded files
US20200092096A1 (en) Method for secure management of secrets in a hierarchical multi-tenant environment
CN104184580A (en) Network operating method and network operating system
CN103377327A (en) PHP program protection method and system
KR102055888B1 (en) Encryption and decryption method for protecting information
US8515080B2 (en) Method, system, and computer program product for encryption key management in a secure processor vault

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant