Log safety export method based on self-service terminal equipment
Technical Field
The invention relates to the technical field of system logs, in particular to a log safety export method based on self-service terminal equipment.
Background
With the development of internet technology, self-service terminal equipment is more and more applied to our lives. Such as ticket vending machines, automatic teller machines, self-service enquiry machines, etc., all belong to self-service terminal equipment. The self-service terminal equipment can replace partial mechanical manual service, and manpower is liberated. In the using process of the self-service terminal equipment, the self-service terminal equipment is possibly abnormal due to factors such as using scenes, user habits, software and hardware design and the like.
The system log is used for recording information of hardware, software and system problems of equipment, monitoring events occurring in the system, checking the reason of error occurrence through the system log, or searching traces left by an attacker when the attack is received. Thus, the logs can play a critical role in routine maintenance and anomaly analysis of the devices.
In the prior art, when the self-service terminal equipment is abnormal or has a fault, a technician is usually required to go to the fault site to process the fault, or after-sales personnel are allowed to go to the fault site to operate the self-service terminal equipment to find a log file, and then the log file is exported to the mobile storage equipment and then is transmitted to the technician to analyze and process the problem. Such a process is inefficient and costly. On the other hand, the mode of directly operating the self-service terminal equipment to export the system log is not safe, any storage equipment can export the system log from the self-service terminal equipment, and the risk that other data in the system are exported exists, so that the system has certain potential safety hazard.
Disclosure of Invention
In order to solve the problems in the prior art, the invention aims to provide a log security export method based on self-service terminal equipment. The method has higher safety when exporting the system log, does not need technical personnel to operate on site, and improves the fault processing efficiency.
The invention relates to a log safety export method based on self-service terminal equipment, which comprises the following steps:
s01, connecting the storage device with a self-service terminal device, and reading hardware information of the storage device by the self-service terminal device;
s02, encrypting the hardware information to generate a first configuration file, and storing the first configuration file in the storage device;
s03, sending the first configuration file to a server, decrypting the first configuration file by the server, verifying the data format, and executing the step S04 if the verification is passed; if the verification is not passed, ending the derivation flow;
s04, the server adds export configuration information and effective range information into the first configuration file to generate a second configuration file;
s05, the server side encrypts the second configuration file and stores the second configuration file in a storage device;
s06, connecting the self-service terminal equipment with storage equipment, and decrypting the second configuration file by the self-service terminal equipment;
s07, the self-service terminal equipment verifies the effective range information of the second configuration file, and if the verification is passed, the step S08 is executed; if the verification is not passed, ending the derivation flow;
s08, reading hardware information of the storage device by the self-service terminal device, and comparing the hardware information with the hardware information in the second configuration file; if the comparison result is consistent, go to step S9; if the comparison result is not consistent, ending the export process;
s09, the self-service terminal equipment judges whether the export configuration information of the second configuration file is correct, if so, the step S10 is executed; if not, ending the export process;
s10, reducing the exportable times of the log in the second configuration file by one, encrypting the modified second configuration file, and storing the second configuration file in a storage device;
and S11, the self-service terminal equipment encrypts the matched log file according to the export configuration information in the step S09 and exports the log file to a storage device.
Preferably, the hardware information in step S01 includes a hardware serial number, a manufacturer ID, and a product ID.
Preferably, in step S04, the export configuration information includes a log type and a log level, and the validity range information includes a validity time of the second configuration file, a log exportable number, and a kiosk device number.
Preferably, the step S07 of verifying, by the self-service terminal device, the valid range information of the second configuration file includes valid time verification, log derivable number verification, and self-service terminal device number verification;
wherein the valid time check comprises: judging whether the current time point is within the valid time, if so, checking the valid time to pass; if not, the effective time check is not passed;
the log exportable number determination includes: judging whether the derivable times of the log are greater than zero, if so, verifying the derivable times of the log to be passed; if not, the log can derive the times and check not to pass;
the self-service terminal equipment number verification comprises the following steps: the self-service terminal equipment compares whether the self-service terminal equipment number is consistent with the self-service terminal equipment number in the effective range information, and if so, the self-service terminal equipment number passes the verification; if the serial numbers are not consistent, the serial numbers of the self-service terminal equipment are not checked;
and when the valid time check, the log derivable time check and the self-service terminal equipment number check are passed, the valid range information of the second configuration file is checked to be passed, otherwise, the check is not passed.
Preferably, the server is a computer or a smart phone.
The invention relates to a log safety export method based on self-service terminal equipment, which has the advantages that: the consistency of the storage equipment is verified when the log file is exported, the log file is effectively prevented from being exported from the self-service terminal equipment by other untrusted storage equipment, and the method has higher safety.
By encrypting the second configuration file and verifying the valid range information of the second configuration file when exporting the log file, the second configuration file is prevented from being tampered, and the safety of exporting the log file is ensured.
After the verification is passed, the self-service terminal device automatically exports the log files of the specified type and the specified level to the storage device according to the export configuration information, and technicians do not need to go to the site to operate, so that the failure solving efficiency is improved, and the maintenance cost is reduced.
The log file is encrypted and then exported to the storage device, so that information leakage of the log file is prevented, and safety is improved.
Drawings
Fig. 1 is a flowchart of a log security export method based on a self-service terminal device according to the present invention.
Detailed Description
As shown in fig. 1, an embodiment of the present invention provides a log security export method based on a self-service terminal device. The execution main body of the method is self-service terminal equipment, and the aim is to safely and efficiently acquire the log file of the self-service terminal equipment. In this embodiment, the self-service terminal device may be an automatic vending machine, an automatic teller machine, an automatic consulting machine, or the like. The method also requires a storage device and a service end. The storage device is preferably a USB, a mobile hard disk or other mobile storage device, which can be conveniently carried and can perform data transmission with other devices. The server is an intelligent terminal such as a computer or a smart phone, and log export software for exporting log files is loaded on the server. The storage device can be in communication connection with the self-service terminal device and the server side to transmit data. In this embodiment, the storage device is a USB memory.
The specific process of the log security export method based on the self-service terminal device provided by this embodiment is as follows.
When the self-service terminal equipment is abnormal and technicians need to acquire log files of the self-service terminal equipment to diagnose and check the abnormality, the workers at fault points can be requested to connect the USB memory to the USB interface of the self-service terminal equipment to establish connection between the USB memory and the self-service terminal equipment. The self-service terminal equipment reads the hardware information of the USB memory, then encrypts the hardware information, generates a first configuration file after encryption, and stores the first configuration file into the USB memory. The hardware information comprises a hardware serial number, a manufacturer ID and a product ID, the hardware serial number and the product ID are unique in the same series of products of the same manufacturer, one hardware serial number and one product ID only correspond to one product, and one storage device can be uniquely determined through the hardware serial number, the manufacturer ID and the product ID.
And then pulling out the USB memory, connecting the USB memory with the server, operating log export software on the server, decrypting the first configuration file by the log export software, and then carrying out data format verification on the decrypted file. The data format check means whether the data format of the first configuration file is the same as a preset data format, and the data format check may be preset in the form of characters or binary numbers. And if the data format of the first configuration file is the same as the preset data format, the data format is verified to be passed, and the next step is executed. And if the data format of the first configuration file is different from the preset data format, the data format is checked to be failed, the export process is finished, and the log file is failed to be exported.
After the data format is verified, the server writes export configuration information and valid range information in the first configuration file to generate a second configuration file. The export configuration information comprises log types and log grades, wherein the log types and the log grades are used for dividing different events by the self-service terminal equipment, dividing the events generated by the system into various categories and arranging the categories according to the grades so as to facilitate management. In this embodiment, the export configuration information is used to control the self-service terminal device to export the log files of the corresponding types and the corresponding levels, so that automatic export is realized, and the security and the log export efficiency are improved. The valid range information comprises the valid time of the second configuration file, the log exportable times and the self-service terminal device number. The valid time may be a certain time node or a certain time period. The valid time means that the second configuration file is valid before a certain time node or within a certain time period, and the second configuration file is considered invalid when the time node is exceeded or the second configuration file is not within the certain time period. The log exportable time refers to the number of log exportable operations that can be performed by the second configuration file, and the second configuration file can perform the log exportable operation only when the log exportable time is greater than zero. The self-service terminal equipment number is used for designating a certain self-service terminal equipment, so that the second configuration file can only carry out log export operation on the designated self-service terminal equipment.
And after the server generates the second configuration file, encrypting the second configuration file, and storing the encrypted second configuration file in the USB memory. And connecting the USB memory with the self-service terminal equipment. The self-service terminal device decrypts the second configuration file and then verifies the valid range information in the second configuration file, and the specific verification process is as follows.
The verification process comprises the following steps: and verifying the valid time, the log derivable times and the self-service terminal equipment number.
The self-service terminal equipment checks whether the current time point is within the valid time, if the valid time is preset to be a certain time point, whether the current time point is before the preset time point is checked, if yes, the valid time is checked to be passed, and if not, the valid time is checked to be not passed. If the effective time is preset to a certain time period, checking whether the current time point is within the preset time period, if so, passing the effective time check, otherwise, failing to pass the effective time check. That is, a certain second configuration file is valid only within the valid time, and if the valid time is exceeded, the log file cannot be exported through the second configuration file, so that the log file is effectively protected, and the security in the process of exporting the log file is improved.
And the self-service terminal equipment checks whether the log exportable times of the second configuration file are greater than zero, if so, the log exportable times check is passed, and if not, the log exportable times check is not passed. That is, the number of times that a single second configuration file can export a log file is limited, and the log file cannot be exported for an unlimited number of times through the single second configuration file, so that the security in the log export process is improved.
And the self-service terminal equipment checks whether the self-service terminal equipment number is consistent with the self-service terminal equipment number in the second configuration file, if so, the self-service terminal equipment number passes the check, and if not, the self-service terminal equipment number does not pass the check. The log file can be only exported from the designated self-service terminal equipment by the single second configuration file, and the self-service terminal equipment can only export the log file under the control of the second configuration file with the serial number of the self-service terminal equipment, so that the safety of the log file in the export process can be improved.
And only when the valid time check, the log exportable times check and the self-service terminal equipment number check are passed, the valid range information check of the second configuration file is passed, otherwise, the valid range information check is regarded as not passed, the log exporting process is ended, and the log file exporting fails. Through the process, the export of the log file is strictly verified, and the safety of the log file in the export process can be improved.
And after the effective range information of the second configuration file passes the verification, the self-service terminal equipment can verify the hardware information of the USB memory. The self-service terminal device reads the hardware information of the USB memory, and compares the hardware information with the hardware information in the second configuration file. The hardware information in the second configuration file is the hardware information of the USB memory connected with the self-service terminal equipment in the initial step. The self-service terminal equipment reads the hardware information of the currently connected USB memory, compares the hardware information with the hardware information of the previously connected USB memory, performs the next step if the comparison result is consistent, and ends the export process if the comparison result is inconsistent, and the log export fails. The step is mainly to ensure the consistency of the two storage devices connected in front and at the back, prevent other storage devices from exporting the log file after copying the second configuration file, effectively prevent other untrusted storage devices from exporting the log file from the self-service terminal device, and have higher safety.
For the comparison process of the effective range information check of the second configuration file and the hardware information, it can be understood that the log file can be exported from the self-service terminal device only when the authorized storage device stores the effective second configuration file, so that the security of the log file is greatly improved.
After the hardware information comparison is passed, the self-service terminal device can judge whether the export configuration information in the second configuration file is correct. The derived configuration information includes a log type and a log level. The self-service terminal equipment judges whether the log type and the log grade in the derived configuration information are consistent with the log type and the grade division of the self-service terminal equipment, if so, the judgment is correct, and the next step is executed; if the log is not matched with the log, the log is judged to be incorrect, the export process is ended, and the log export process fails. The configuration information is exported for the self-service terminal equipment to automatically export the log files of the corresponding types and the corresponding levels according to the information, so that technicians do not need to arrive at a fault site for operation, the fault processing efficiency is improved, and the maintenance cost is reduced.
After judging that the export configuration information is correct, the self-service terminal equipment encrypts and exports the log files of the corresponding types and the corresponding levels to the storage equipment according to the export configuration information, reduces the exportable times of the second configuration file by one, and then encrypts and stores the modified second configuration file to the storage equipment. This completes the log file export process. When the export is finished, the log file and the second configuration file are respectively encrypted, so that the log file can be protected, the log file is prevented from being leaked or tampered, the second configuration file is prevented from being tampered, and the safety is improved.
It will be apparent to those skilled in the art that various other changes and modifications may be made in the above-described embodiments and concepts and all such changes and modifications are intended to be within the scope of the appended claims.