CN111404683B - Self-service equipment master key generation method, server and self-service equipment - Google Patents

Self-service equipment master key generation method, server and self-service equipment Download PDF

Info

Publication number
CN111404683B
CN111404683B CN202010240380.1A CN202010240380A CN111404683B CN 111404683 B CN111404683 B CN 111404683B CN 202010240380 A CN202010240380 A CN 202010240380A CN 111404683 B CN111404683 B CN 111404683B
Authority
CN
China
Prior art keywords
self
registered
installation
service equipment
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010240380.1A
Other languages
Chinese (zh)
Other versions
CN111404683A (en
Inventor
万兵
胡玮
邵建
马亮亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202010240380.1A priority Critical patent/CN111404683B/en
Publication of CN111404683A publication Critical patent/CN111404683A/en
Application granted granted Critical
Publication of CN111404683B publication Critical patent/CN111404683B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Biomedical Technology (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a self-service equipment master key generation method, a server and self-service equipment. The method comprises the following steps: sending an installation code acquisition request and first biological identification information of installation personnel to an operation management and control server so that the operation management and control server verifies the first biological identification information, and if the verification passes, returning verification passing information to the registered self-service equipment; if the verification passing information is received, at least two installation codes are generated through the front-end server and transmitted to the operation management and control server, so that the operation management and control server receives a master key acquisition request sent by an installation worker through self-service equipment to be registered and second biological identification information of the installation worker and verifies the second biological identification information, and if the verification passing is passed, the at least two installation codes are sent to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers the master key.

Description

Self-service equipment master key generation method, server and self-service equipment
Technical Field
The invention relates to the technical field of self-service equipment master key generation, in particular to a self-service equipment master key generation method, a server and self-service equipment.
Background
In the prior art, when a self-service device to be registered registers for the first time or a password keyboard is replaced, a master key is downloaded again, two registered self-service devices need to be designated as installed code obtaining devices, and an installation worker obtains two installed codes formed by the self-service device through a front-end server on the two registered self-service devices in a verification mode of inputting a user name and a static password. And then, the installation personnel go to the self-service equipment to be registered to manually input the user name and the two installation codes in sequence, the self-service equipment to be registered generates a master key according to the two installation codes, the master key is written into the password keyboard, activation initialization of the password keyboard is completed, and registration of the self-service equipment is completed.
In the process, the user name and the static password obtained by the installation personnel are at risk of leakage, embezzlement or impersonation. In addition, the generation of the master key needs at least two installed codes, at least two registered self-service devices need to be appointed for generating installed code components, two installed personnel operations or sequential operation of the installed personnel are needed, the generation speed of the master key is low, the efficiency is low, and the service rate of the self-service devices in use is influenced. Moreover, installation codes obtained by registered self-service equipment are printed on the receipt in a plaintext form or directly displayed on a screen of the self-service equipment, so that the risk of leakage of the installation codes exists, when installation personnel input generated installation codes on the self-service equipment to be registered, the leakage risk exists through manual input, the input errors of the installation codes are easily caused, and further the generation errors of the main key are caused.
Disclosure of Invention
The invention aims to provide a self-service equipment master key generation method, which solves the problems of complex operation, low speed and high error possibility of self-service equipment master key generation and improves the registration efficiency and safety of self-service equipment. Another object of the present invention is to provide an operation management and control server. It is a further object of this invention to provide a registered self-service device. It is a further object of the present invention to provide a self-service device to be registered.
In order to achieve the above object, the present invention discloses a self-service device master key generation method, including:
sending an installation code acquisition request and first biological identification information of installation personnel to an operation control server through registered self-service equipment so that the operation control server verifies the first biological identification information according to the installation code acquisition request, and if the verification is passed, returning verification passing information to the registered self-service equipment;
and if the verification passing information is received, generating at least two installation codes through a front-end server and transmitting the installation codes to an operation management and control server so that the operation management and control server receives a master key acquisition request sent by an installation worker through self-service equipment to be registered and second biological identification information of the installation worker and verifies the second biological identification information, and if the verification passing, sending the at least two installation codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers.
Preferably, the sending, by the registered self-service device, an installation code acquisition request and first biometric information of an installation person to the operation management and control server so that the operation management and control server verifies the first biometric information according to the installation code acquisition request specifically includes:
forming an installation code acquisition request by registered self-service equipment according to an installation code acquisition instruction input by an installation worker and equipment information of the self-service equipment to be registered;
acquiring first biological identification information of an installation personnel through a biological identification device of registered self-service equipment;
and transmitting the installation code acquisition request and the first biological identification information to the operation control server so that the operation control server determines preset personnel corresponding to the self-service equipment to be registered according to the equipment information and preset registration task information, verifies whether the installation personnel are the preset personnel according to the first biological identification information, and if so, passes the verification.
Preferably, if the verification passing information is received, generating at least two installation codes by the front-end server and transmitting the installation codes to the operation management and control server specifically includes:
if the verification passing information is received, sending an installation code generation request to a front-end server so that the front-end server generates at least two installation codes and forms installation code generation success information, encrypting the at least two installation codes through a preset first secret key, and transmitting the encrypted installation codes to an operation control server;
and receiving successful installation code generation information transmitted by the front-end server and feeding the information back to installation personnel.
The invention also discloses a self-service equipment master key generation method, which comprises the following steps:
receiving an installation code acquisition request sent by registered self-service equipment and first biological identification information of installation personnel;
verifying the first biological identification information according to the installation code acquisition request, if the verification is passed, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installation codes through a front-end server, and receiving the at least two installation codes transmitted by the front-end server;
and receiving a master key acquisition request sent by an installed person through the self-service equipment to be registered and second biological identification information of the installed person, verifying the second biological identification information, and if the verification is passed, sending the at least two installed codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers.
Preferably, the method further comprises the following steps of before receiving the installation code acquisition request sent by the registered self-service device and the first biological identification information of the installation personnel:
receiving key updating application information input by an administrator;
and determining equipment information of the self-service equipment to be registered and preset personnel to form preset registration task information according to the key updating application information.
Preferably, the verifying the first biometric information according to the installation code obtaining request specifically includes:
determining equipment information according to the installation code acquisition request, and determining self-service equipment to be registered according to the equipment information;
determining preset personnel corresponding to the self-service equipment to be registered according to the self-service equipment to be registered and the preset registration task information;
and verifying whether the pre-stored biological identification information of the preset personnel is matched with the first biological identification information, and if so, passing the verification.
Preferably, the receiving a master key acquisition request and second biometric information of the installed person sent by the installed person through the self-service device to be registered and verifying the second biometric information specifically include:
receiving a master key acquisition request sent by an installation worker through self-service equipment to be registered, and determining equipment information of the self-service equipment to be registered according to the master key acquisition request;
determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and the preset registration task information;
and verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information, and if so, passing the verification.
The invention also discloses a self-service equipment master key generation method, which comprises the following steps:
sending a master key acquisition request and second biological identification information of installation personnel to an operation management and control server through self-service equipment to be registered so that the operation management and control server verifies the second biological identification information;
and if the verification is passed, receiving at least two installation codes sent by the operation management and control server to generate a master key and register, wherein the at least two installation codes are obtained by sending an installation code acquisition request and first biological identification information of installation personnel to the operation management and control server by the registered self-service equipment so that the operation management and control server verifies the first biological identification information according to the installation code acquisition request, and if the verification is passed, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installation codes through a front-end server and transmits the installation codes to the operation management and control server to obtain the installation codes.
Preferably, the receiving at least two installed codes sent by the operation management and control server to generate a master key and register specifically includes:
receiving at least two installed codes sent by the operation control server;
sending the at least two installed codes to a front-end server so that the front-end server encrypts the at least two installed codes according to a preset second key to obtain at least two key components, and obtaining a key initial value according to the at least two key components;
and receiving the key initial value transmitted by the front-end server, encrypting the key initial value by a preset third key to obtain a master key, and writing the master key into a password keyboard to complete registration.
The invention also discloses a registered self-service device, which comprises:
the installed personnel verification unit is used for sending an installed code acquisition request and first biological identification information of installed personnel to the operation control server through the registered self-service equipment so that the operation control server verifies the first biological identification information according to the installed code acquisition request, and if the verification is passed, returning verification passing information to the registered self-service equipment;
and the installed code generating unit is used for generating at least two installed codes through the front-end server and transmitting the two installed codes to the operation management and control server so that the operation management and control server receives a master key acquisition request sent by an installed person through the self-service device to be registered and second biological identification information of the installed person and verifies the second biological identification information if the verification passes, and sending the two installed codes to the self-service device to be registered so that the self-service device to be registered generates a master key and registers the master key.
The invention also discloses an operation control server, which comprises:
the request receiving unit is used for receiving an installation code acquisition request sent by registered self-service equipment and first biological identification information of installation personnel;
the comparison verification unit is used for verifying the first biological identification information according to the installation code acquisition request, returning verification passing information to the registered self-service equipment if the verification passes, so that the registered self-service equipment generates at least two installation codes through a front-end server, and receiving the at least two installation codes transmitted by the front-end server;
and the master key request receiving unit is used for receiving a master key acquisition request sent by the installed personnel through the self-service equipment to be registered and second biological identification information of the installed personnel and verifying the second biological identification information, and if the verification is passed, sending the at least two installed codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers the master key.
The invention also discloses a self-service device to be registered, which comprises:
the self-service equipment to be registered is used for sending a master key acquisition request and second biological identification information of the installed personnel to the operation management and control server so that the operation management and control server verifies the second biological identification information;
and if the verification passes, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installation codes through a front-end server and transmits the installation codes to the operation management and control server to obtain the installation codes.
The invention also discloses a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor,
the processor, when executing the program, implements the method as described above.
The invention also discloses a computer-readable medium, having stored thereon a computer program,
which when executed by a processor implements the method as described above.
In the self-service equipment master key generation method, an installation person sends an installation code acquisition request and first biological identification information of the installation person, which is acquired by the registered self-service equipment, to the operation control server through the registered self-service equipment. The operation control server verifies the first biological identification information according to the installation code obtaining request, and if the verification is passed, the installation personnel are represented as preset personnel. After the registered self-service equipment receives verification passing information sent by the operation management and control server, at least two installation codes are generated through the front-end server, the at least two installation codes are sent to the operation management and control server for storage and standby, the first biological identification information of installation personnel is verified in the process of generating the installation codes, the installation personnel who are determined to operate are authorized installation personnel, and misoperation of other personnel is prevented. When the installed personnel applies for the master key on the self-service equipment to be registered, second biological identification information of the installed personnel collected by the self-service equipment to be registered is sent to the operation control server, and the operation control server verifies the second biological identification information to determine whether the installed personnel is authorized preset personnel or not, so that leakage of the installed code is prevented, and safety of generation of the master key is guaranteed. According to the invention, the self-service equipment is used for collecting the biological identification information of the installation personnel, the installation code is generated and obtained in a way of verifying the biological identification information, the user name and the static password do not need to be manually input to obtain the installation code, and the leakage of the installation code is prevented. When the self-service equipment to be registered downloads the installation codes to generate the master key, the biological identification information of installation personnel is verified to obtain the installation codes, leakage of the installation codes is prevented, input errors caused by manual input of the installation codes by the installation personnel are avoided, the master key is generated more safely and conveniently, and the efficiency and the safety of self-service equipment registration are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart illustrating a method for self-service device master key generation in accordance with one embodiment of the present invention;
FIG. 2 is a flow chart of S100 in one embodiment of the method for generating a self-service device master key of the present invention
FIG. 3 is a flow chart of S200 in one embodiment of a self-service device master key generation method of the present invention;
FIG. 4 is a flow chart diagram illustrating another embodiment of a self-service device master key generation method of the present invention;
FIG. 5 shows a flow chart for S000 in another embodiment of the self-service device master key generation method of the present invention;
FIG. 6 shows a flow diagram of S400 in another particular embodiment of a self-service device master key generation method of the invention;
FIG. 7 shows a flow diagram of S500 in another embodiment of a self-service device master key generation method of the invention;
FIG. 8 is a flow chart diagram illustrating yet another particular embodiment of a self-service device master key generation method of the present invention;
FIG. 9 is a flow chart of S700 in yet another embodiment of a self-service device master key generation method of the present invention;
FIG. 10 is a block diagram illustrating one embodiment of a registered self-service device of the present invention;
FIG. 11 is a block diagram of an installed personnel verification unit in one embodiment of the registered self-service device of the present invention;
FIG. 12 is a block diagram of an installed code generating unit in one embodiment of a registered self-service device of the present invention;
fig. 13 is one of the structural diagrams showing one embodiment of the operation managing server of the present invention;
FIG. 14 is a second block diagram of an embodiment of the operation management server of the present invention;
FIG. 15 is a block diagram illustrating one embodiment of a self-service device to be registered in accordance with the present invention;
FIG. 16 shows a schematic block diagram of a computer device suitable for use in implementing embodiments of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The existing self-service equipment is provided with a password keyboard, and the registration can be completed only when a master key is written in the password keyboard for transaction service. In the prior art, when a self-service device to be registered registers for the first time or a password keyboard is replaced and a master key is downloaded again, an administrator needs to provide key updating application information to an operation management and control server, two registered self-service devices are designated as installed code acquisition devices through the key updating application information, and the designated device information of the registered self-service devices is used as a user name to set corresponding static passwords. And sending the user name and the static password to an installation person, and obtaining two installation codes formed by the self-service equipment through a front-end server by the installation person on the two registered self-service equipment in a verification mode of inputting the user name and the static password. Then, the installation personnel go to the self-service equipment to be registered to manually input the user name and the two installation codes in sequence, the self-service equipment to be registered sends the two installation codes to the encryption machine of the front-end server for encryption, the encrypted two installation codes returned by the encryption machine are encrypted by using a preset encryption algorithm to obtain a main key, the main key is written into the password keyboard, activation initialization of the password keyboard is completed, and registration of the self-service equipment is completed. In the process, the management and control server is operated to generate the user name and the static password, installation personnel obtain the user name and the static password and input the user name and the static password on the self-service equipment, and the risk of embezzlement or impersonation exists. In addition, the generation of the master key needs at least two installed codes, at least two registered self-service devices need to be appointed for generating installed code components, two installed personnel operations or sequential operation of the installed personnel are needed, the generation speed of the master key is low, the efficiency is low, and the service rate of the self-service devices in use is influenced. In addition, in the traditional master key generation process, an installation code acquired by an installation person on a registered self-service device is printed on a receipt in a plaintext form or is directly displayed on a screen of the self-service device, so that the risk of leakage of the installation code exists.
In one or more embodiments of the present application, the self-service device refers to an Automated Teller Machine (ATM) having an automated teller machine terminal Application (ATMC) disposed thereon.
In one or more embodiments of the present application, a self-service operation management and control system (ATMV) is provided on the operation management and control server.
In one or more embodiments of the present application, the installed code/installed key component is a master key generation process used when a new self-service device is installed for the first time or when a master key is downloaded again after a password keyboard is replaced, and is formed by randomly combining 32-bit numbers and capital letters.
In one or more embodiments of the present application, the master key is a master key generated when a new self-service first installation is performed, or the master key is downloaded again after a password keyboard is replaced, two installed code/installed key components are uploaded to a front-end server (ATMP) encryption machine to be processed to obtain an initial value, the ATMC is obtained after encryption by an encryption algorithm such as 3DES, and the self-service device can complete registration after the master key is written in the password keyboard to provide a service to the outside to complete a normal transaction.
According to one aspect of the invention, the embodiment discloses a self-service equipment master key generation method. As shown in fig. 1, in this embodiment, the method includes:
s100: sending an installation code acquisition request and first biological identification information of installation personnel to an operation management and control server through registered self-service equipment so that the operation management and control server verifies the first biological identification information according to the installation code acquisition request, and if the verification passes, returning verification passing information to the registered self-service equipment.
S200: and if the verification passing information is received, generating at least two installation codes through a front-end server and transmitting the installation codes to an operation management and control server so that the operation management and control server receives a master key acquisition request sent by an installation worker through self-service equipment to be registered and second biological identification information of the installation worker and verifies the second biological identification information, and if the verification passing, sending the at least two installation codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers.
In the self-service equipment master key generation method, an installation person sends an installation code acquisition request and first biological identification information of the installation person, which is acquired by the registered self-service equipment, to the operation control server through the registered self-service equipment. The operation control server verifies the first biological identification information according to the installation code obtaining request, and if the verification is passed, the installation personnel are represented as preset personnel. After the registered self-service equipment receives verification passing information sent by the operation management and control server, at least two installation codes are generated through the front-end server, the at least two installation codes are sent to the operation management and control server for storage and standby, the first biological identification information of installation personnel is verified in the process of generating the installation codes, the installation personnel who are determined to operate are authorized installation personnel, and misoperation of other personnel is prevented. When the installed personnel applies for the master key on the self-service equipment to be registered, second biological identification information of the installed personnel collected by the self-service equipment to be registered is sent to the operation control server, and the operation control server verifies the second biological identification information to determine whether the installed personnel is authorized preset personnel or not, so that leakage of the installed code is prevented, and safety of generation of the master key is guaranteed. According to the invention, the self-service equipment is used for collecting the biological identification information of the installation personnel, the installation code is generated and obtained in a way of verifying the biological identification information, the user name and the static password do not need to be manually input to obtain the installation code, and the leakage of the installation code is prevented. When the self-service equipment to be registered downloads the installation codes to generate the master key, the biological identification information of installation personnel is verified to obtain the installation codes, leakage of the installation codes is prevented, input errors caused by manual input of the installation codes by the installation personnel are avoided, the master key is generated more safely and conveniently, and the efficiency and the safety of self-service equipment registration are improved.
In a preferred embodiment, the self-service equipment can be provided with a biological recognition device, and biological recognition information of the installed personnel can be acquired in real time through the biological recognition device for verifying the identity of the installed personnel. In this embodiment, the biometric device uses a binocular camera as a preferred embodiment. The binocular camera is a camera integrating color and black and white cameras, and can be used for face recognition in live body detection. The binocular camera of the registered self-service equipment can collect first biological identification information of the faces of the installed personnel. The self-service equipment to be registered can acquire second biological identification information of the face of the installed person. The operation control server can compare the received first biological identification information and second biological identification information transmitted by the self-service equipment with preset biological identification information of installation personnel, and if the comparison is successful, the verification is passed. This embodiment is verified installation personnel through the mode of brushing the face, it just can generate installation code on registered self-service equipment to verify through installation personnel, the installation code storage of formation is on operation management and control server, installation personnel rethread brush face when generating the main key on the self-service equipment that waits to register acquire installation code, thereby make the generation of installation code and the process of acquireing and the generation in-process of main key all do not have the step of the manual input of installation personnel, prevent installation personnel input error, also avoid installation personnel's identity to be falsely used through the mode of brushing face verification, installation code does not show on registered self-service equipment and can prevent that installation code from leaking, make the generation of main key safer, convenient, promote self-service equipment's registration efficiency.
It should be noted that, in this embodiment, the present invention is described by taking binocular cameras and human face recognition as examples, and in other embodiments, the identity of the installed person may also be verified by other biometric devices and biometric methods, for example, biometric methods such as iris recognition, fingerprint recognition, or voiceprint recognition, which are not limited in this respect.
Preferably, the first biological identification information and the second biological identification information are collected biological identification information of the same type of the installation personnel, so that the management and control server can be operated conveniently for verification, and the self-service equipment adopts the same biological identification device, so that a large amount of configuration is facilitated. Certainly, the first biometric information collected by the registered self-service device and the second biometric information collected by the self-service device to be registered may be biometric information of the same type or biometric information of different types, and the operation management and control server may verify the collected first biometric information and the collected second biometric information, which is not limited in the present invention.
In a preferred embodiment, as shown in fig. 2, in S100, sending, by the registered self-service device, an installation code acquisition request and first biometric information of an installation person to the operation management and control server, so that the operation management and control server verifies the first biometric information according to the installation code acquisition request may specifically include:
s110: and forming an installation code acquisition request by the registered self-service equipment according to an installation code acquisition instruction input by an installation person and equipment information of the self-service equipment to be registered.
S120: the method comprises the steps of collecting first biological identification information of an installation personnel through a biological identification device of registered self-service equipment.
S130: and transmitting the installation code acquisition request and the first biological identification information to the operation control server so that the operation control server determines preset personnel corresponding to the self-service equipment to be registered according to the equipment information and preset registration task information, verifies whether the installation personnel are the preset personnel according to the first biological identification information, and if so, passes the verification.
The method comprises the steps that installation personnel input installation code acquisition instructions and equipment information of self-service equipment to be registered on registered self-service equipment, and the registered self-service equipment forms installation code acquisition requests according to the installation code acquisition instructions and the equipment information. Meanwhile, first biological identification information of installation personnel is collected through a biological identification device on the self-service equipment and is transmitted to the operation management and control server together with the installation code acquisition request. The operation control server can determine the task type of the request as an installation code acquisition type according to the received installation code acquisition request, and meanwhile, the self-service equipment to be registered is positioned according to the equipment information. The operation control server determines preset personnel corresponding to the self-service equipment to be registered according to preset registration task information, compares pre-stored biological identification information of the preset personnel with first biological identification information to verify whether the installed personnel is the preset personnel, and if the comparison is consistent, the installed personnel is authorized and passes the verification. If the verification fails, the installation personnel are probably fake personnel, and the fake information can be fed back by means of alarming to an administrator and the like, so that potential safety hazards can be eliminated in time.
It should be noted that, when the biometric information of the preset person is compared with the first biometric information or the second biometric information, and when the similarity between the biometric information of the preset person and the first biometric information or the second biometric information reaches a preset threshold, the comparison is considered to be consistent, the installed person is the preset person, and the preset threshold can be predetermined according to actual requirements, which is not limited by the present invention.
The biological identification information and the identity information of the preset personnel need to be input in the operation control server in advance. In a preferred embodiment, the operation control server may be provided with a biometric device, and the operation control server collects biometric information of a preset person through the biometric device for subsequent comparison. Furthermore, the operation management and control server can further perform information interaction with the public security system, and verify whether the biological identification information of the preset personnel is consistent with the biological identification information of the public security system according to the identity information of the preset personnel so as to ensure the accuracy of the biological identification information of the preset personnel. For example, the operation management and control server collects face pictures of preset personnel through the binocular camera, the face pictures of the preset personnel are obtained from the public security system through the identity information of the preset personnel and are compared with the face pictures collected by the binocular camera to confirm whether the personnel inputting the biological identification information are the preset personnel, and the accuracy of the biological identification information of the preset personnel stored in the server is ensured.
In a preferred embodiment, as shown in fig. 3, if the verification passing information is received in S200, the generating at least two installed codes by the front-end server and transmitting the installed codes to the operation management and control server may specifically include:
s210: and if the verification passing information is received, sending an installation code generation request to a front-end server so that the front-end server generates at least two installation codes and forms installation code generation success information, and encrypting the at least two installation codes through a preset first secret key and then transmitting the encrypted installation codes to an operation control server.
S220: and receiving successful installation code generation information transmitted by the front-end server and feeding back the successful installation code generation information to installation personnel.
It can be understood that after the verification is passed, the registered self-service device sends an installation code generation request to the front-end server, generates at least two installation codes through the front-end server ATMP, encrypts the at least two installation codes through the first key, and uploads the encrypted installation codes to the operation management and control server. The installed codes are encrypted through a preset first secret key and then transmitted to the operation control server, and the operation control server decrypts through the preset first secret key to obtain at least two installed codes. Meanwhile, at least two installation codes generated by the ATMP are not transmitted to the registered self-service equipment to be displayed to installation personnel, only installation code generation success information is returned to the registered self-service equipment to inform the installation personnel, the installation personnel can obtain the installation codes on the self-service equipment to be registered through a request operation management and control server, and the risk of leakage of the installation codes can be avoided.
In a preferred embodiment, before the operation management and control server receives an installation code acquisition request sent by a registered self-service device and first biological identification information of installation personnel, an administrator needs to provide a self-service device master key updating request to be registered to the operation management and control server, and after the operation management and control server receives key updating application information sent by the administrator, the operation management and control server determines preset personnel specified by the administrator through the key updating application information according to the self-service device to be registered and device information thereof so as to verify the biological identification information collected by the self-service device.
Specifically, in a preferred embodiment, when the operation management and control server verifies the first biometric information according to the installation code acquisition request, the operation management and control server may determine device information according to the installation code acquisition request, determine self-service devices to be registered according to the device information, and determine preset personnel corresponding to the self-service devices to be registered according to the self-service devices to be registered and the preset registration task information. And verifying whether the pre-stored biological identification information of the preset personnel is matched with the first biological identification information or not, and if so, passing the verification.
In a preferred embodiment, when the operation management and control server receives a master key acquisition request sent by an installation person through self-service equipment to be registered and second biological identification information of the installation person and verifies the second biological identification information, the operation management and control server can receive the master key acquisition request sent by the installation person through the self-service equipment to be registered and determine equipment information of the self-service equipment to be registered according to the master key acquisition request. And determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and the preset registration task information. And verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information, and if so, passing the verification. For example, in a specific example, the installation code obtaining request may include a device number of the self-service device to be registered, which is input by an installation person, a preset person corresponding to the self-service device to be registered is determined according to the device number and preset registration task information, and the first biometric information transmitted by the registered self-service device is compared with the biometric information of the preset person to perform identity verification on the installation person. Similarly, the master key acquisition request may include identification information such as a device number of the self-service device to be registered, the self-service device to be registered is located through the device number, the corresponding preset personnel is determined by combining the preset registration task information, and the second biological identification information transmitted by the self-service device to be registered is compared with the biological identification information of the preset personnel to perform identity verification on the installed personnel.
In a preferred embodiment, when the self-service device to be registered receives at least two installed codes sent by the operation management and control server to generate a master key, the self-service device receives the at least two installed codes sent by the operation management and control server, sends the at least two installed codes to the front-end server so that the front-end server obtains at least two key components according to a preset second key, and obtains a key initial value according to the at least two key components. And receiving the key initial value transmitted by the front-end server, encrypting the key initial value by a preset third key to obtain a main key, and writing the main key into a password keyboard to complete registration.
For example, in a specific example, the ATMC on the self-service device to be registered receives at least two installed codes transmitted by the ATMV running the management and control server, and preferably, the two installed codes are encrypted by a preset first key to form a ciphertext for transmission so as to prevent leakage of the installed codes. After receiving the installation code ciphertext, the ATMC decrypts through a preset first key to obtain at least two installation code original texts, further sends the installation code obtained through decryption to the ATMP, the ATMP encryptor encrypts the two installation codes through a second key to obtain at least two key components, obtains a key initial value according to the at least two key components and returns the key initial value to the ATMC, and the ATMC can encrypt the key initial value through a third key such as 3DES or other encryption algorithms to obtain a main key and writes the main key into a key keyboard to complete registration.
Because the principle of solving the problems by the method is similar to that of the method, the implementation of the method can be referred to the implementation of the method, and details are not repeated herein.
Based on the same principle, the embodiment also discloses a self-service equipment master key generation method. As shown in fig. 4, the method includes:
s300: and receiving an installation code acquisition request sent by the registered self-service equipment and first biological identification information of an installation person.
S400: and verifying the first biological identification information according to the installation code acquisition request, if the verification is passed, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installation codes through a front-end server, and receiving the at least two installation codes transmitted by the front-end server.
S500: receiving a master key acquisition request sent by an installed person through self-service equipment to be registered and second biological identification information of the installed person, verifying the second biological identification information, and if the verification is passed, sending the at least two installed codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers the master key.
In a preferred embodiment, as shown in fig. 5, the method further includes, before receiving the installation code acquisition request and the first biometric information of the installed person sent by the registered self-service device, S000:
s010: and receiving key updating application information input by an administrator.
S020: and determining equipment information of the self-service equipment to be registered and preset personnel to form preset registration task information according to the key updating application information.
In a preferred embodiment, as shown in fig. 6, the verifying the first biometric information according to the installation code obtaining request in S400 may specifically include:
s410: and determining equipment information according to the installation code acquisition request, and determining self-service equipment to be registered according to the equipment information.
S420: and determining preset personnel corresponding to the self-service equipment to be registered according to the self-service equipment to be registered and the preset registration task information.
S430: and verifying whether the pre-stored biological identification information of the preset personnel is matched with the first biological identification information, and if so, passing the verification.
In a preferred embodiment, as shown in fig. 7, the receiving, in S500, a master key acquisition request sent by an installed person through a self-service device to be registered and second biometric information of the installed person and verifying the second biometric information specifically include:
s510: receiving a master key acquisition request sent by an installation worker through self-service equipment to be registered, and determining equipment information of the self-service equipment to be registered according to the master key acquisition request.
S520: and determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and the preset registration task information.
S530: and verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information, and if so, passing the verification.
Based on the same principle, the invention also discloses a self-service equipment master key generation method. As shown in fig. 8, the method includes:
s600: and sending a master key acquisition request and second biological identification information of the installed personnel to the operation control server through the self-service equipment to be registered so that the operation control server verifies the second biological identification information.
S700: and if the verification is passed, receiving at least two installation codes sent by the operation management and control server to generate a master key and registering, wherein the at least two installation codes are obtained by sending an installation code acquisition request and first biological identification information of installation personnel to the operation management and control server for the registered self-service equipment so that the operation management and control server verifies the first biological identification information according to the installation code acquisition request, and if the verification is passed, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installation codes through a front-end server and transmits the installation codes to the operation management and control server.
In a preferred embodiment, as shown in fig. 9, the receiving, in S700, at least two installed codes sent by the operation management and control server to generate a master key and register may specifically include:
s710: and receiving at least two installed codes sent by the operation management and control server.
S720: and sending the at least two installed codes to a front-end server so that the front-end server obtains at least two key components according to a preset second key and obtains a key initial value according to the at least two key components.
S730: and receiving the key initial value transmitted by the front-end server, encrypting the key initial value by a preset third key to obtain a main key, and writing the main key into a password keyboard to complete registration.
Because the principle of solving the problems by the method is similar to that of the method, the implementation of the method can be referred to the implementation of the method, and details are not repeated herein.
Based on the same principle, the embodiment also discloses registered self-service equipment. As shown in fig. 10, in the present embodiment, the registered self-service device includes an installed person verification unit 11 and an installed code generation unit 12.
The installed personnel verification unit 11 is configured to send an installed code acquisition request and first biometric information of an installed personnel to an operation management and control server through a registered self-service device, so that the operation management and control server verifies the first biometric information according to the installed code acquisition request, and if the verification passes, return verification passing information to the registered self-service device.
The installed code generating unit 12 is configured to generate at least two installed codes through the front-end server and transmit the generated installed codes to the operation management and control server so that the operation management and control server receives a master key acquisition request sent by an installed person through the self-service device to be registered and second biometric information of the installed person and verifies the second biometric information, and send the at least two installed codes to the self-service device to be registered so that the self-service device to be registered generates a master key and registers if the verification passes.
In a preferred embodiment, as shown in fig. 11, the installed person verification unit 11 specifically includes a request formation unit 111, a biometric information collection unit 112, and a request transmission unit 113.
The request forming unit 111 is configured to form an installation code obtaining request according to an installation code obtaining instruction input by an installation person and device information of the self-service device to be registered by the registered self-service device.
The biometric information collection unit 112 is used for collecting first biometric information of the installed personnel through a biometric device of the registered self-service equipment.
The request sending unit 113 is configured to transmit the installation code obtaining request and the first biometric information to the operation management and control server, so that the operation management and control server determines a preset person corresponding to the self-service device to be registered according to the device information and preset registration task information, and verifies whether the installation person is the preset person according to the first biometric information, and if yes, the verification is passed.
In a preferred embodiment, as shown in fig. 12, the installed code generating unit 12 includes an installed code requesting unit 121 and an information feedback unit 122.
The installation code request unit 121 is configured to send an installation code obtaining request to a front-end server if the verification passing information is received, so that the front-end server generates at least two installation codes, and encrypts the at least two installation codes through a preset first key and transmits the encrypted installation codes to an operation management and control server.
The information feedback unit 122 is configured to receive successful installation code generation information transmitted by the front-end server and feed back the successful installation code generation information to installation personnel.
Because the principle of the self-service device for solving the problems is similar to the method, the implementation of the self-service device can refer to the implementation of the method, and the detailed description is omitted here.
Based on the same principle, the invention also discloses an operation management and control server. As shown in fig. 13, in this embodiment, the operation management and control server includes a request receiving unit 21, a comparison verification unit 22, and a master key request receiving unit 23.
The installation code request receiving unit 21 is configured to receive an installation code obtaining request sent by a registered self-service device and first biometric information of an installation person.
The comparison verification unit 22 is configured to verify the first biometric information according to the installed code acquisition request, and if the verification passes, return verification passing information to the registered self-service device so that the registered self-service device generates at least two installed codes through a front-end server, and receive the at least two installed codes transmitted by the front-end server;
the master key request receiving unit 23 is configured to receive a master key acquisition request sent by an installed person through a self-service device to be registered and second biometric information of the installed person, verify the second biometric information, and send the at least two installed codes to the self-service device to be registered if the verification is passed, so that the self-service device to be registered generates a master key and registers the master key.
In a preferred embodiment, as shown in fig. 14, the operation regulating server further includes a task information receiving unit 24 and a preset task information unit 25.
The task information receiving unit 24 is used for receiving key updating application information input by an administrator before receiving an installation code obtaining request and first biological identification information of an installation person sent by a registered self-service device.
The preset task information unit 25 is configured to determine, according to the key update application information, device information of the self-service device to be registered and preset personnel to form preset registration task information.
In a preferred embodiment, the comparison verification unit 22 is specifically configured to determine device information according to the installation code acquisition request, determine a self-service device to be registered according to the device information, determine a preset person corresponding to the self-service device to be registered according to the self-service device to be registered and the preset registration task information, verify whether the pre-stored biometric information of the preset person matches the first biometric information, and if so, pass the verification.
In a preferred embodiment, the master key request receiving unit 23 is specifically configured to receive a master key acquisition request sent by an installation worker through a self-service device to be registered, determine device information of the self-service device to be registered according to the master key acquisition request, determine a preset worker corresponding to the self-service device to be registered according to the device information of the self-service device to be registered and the preset registration task information, verify whether pre-stored biometric information of the preset worker matches the second biometric information, and if so, pass the verification.
Since the principle of solving the problem by the server is similar to the above method, the implementation of the server may refer to the implementation of the method, and is not described herein again.
Based on the same principle, the invention also discloses self-service equipment to be registered. As shown in fig. 15, the self-service device includes a master key requesting unit 31 and a master key generating unit 32.
The master key request unit 31 is configured to send a master key acquisition request and second biometric information of an installed person to an operation management and control server through a self-service device to be registered, so that the operation management and control server verifies the second biometric information.
The master key generation unit 32 is configured to receive at least two installed codes sent by the operation management and control server to generate a master key and register the master key if the verification passes, where the at least two installed codes are obtained by sending, to the operation management and control server, an installed code acquisition request and first biometric information of installed personnel by the registered self-service device, so that the operation management and control server verifies the first biometric information according to the installed code acquisition request, and if the verification passes, returning verification passing information to the registered self-service device, so that the registered self-service device generates at least two installed codes through a front-end server and transmits the generated installed codes to the operation management and control server.
In a preferred embodiment, the master key generating unit 32 is specifically configured to receive at least two installed codes sent by the operation management and control server, send the at least two installed codes to a front-end server, so that the front-end server obtains at least two key components according to a preset second key, obtain a key initial value according to the at least two key components, receive the key initial value transmitted by the front-end server, encrypt the key initial value by using a preset third key to obtain a master key, and write the master key into a password keyboard to complete registration.
Because the principle of the self-service device for solving the problems is similar to the method, the implementation of the self-service device can refer to the implementation of the method, and the detailed description is omitted here.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer device, which may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
In a typical example, the computer device comprises in particular a memory, a processor and a computer program stored on the memory and executable on the processor, which when executing the program implements the method as described above.
Referring now to FIG. 16, shown is a schematic diagram of a computer device 600 suitable for use in implementing embodiments of the present application.
As shown in fig. 16, the computer apparatus 600 includes a Central Processing Unit (CPU) 601 which can perform various appropriate works and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM)) 603. In the RAM603, various programs and data necessary for the operation of the system 600 are also stored. The CPU601, ROM602, and RAM603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a Cathode Ray Tube (CRT), a liquid crystal feedback (LCD), and the like, and a speaker and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted as necessary on the storage section 608.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the system embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (11)

1. A self-service device master key generation method is characterized by comprising the following steps:
sending an installation code acquisition request and first biological identification information of installation personnel to an operation management and control server through registered self-service equipment so that the operation management and control server verifies the first biological identification information according to the installation code acquisition request, and sending the installation code acquisition request and the first biological identification information of the installation personnel to the operation management and control server through the registered self-service equipment so that the operation management and control server verifies the first biological identification information according to the installation code acquisition request specifically comprises: forming an installation code acquisition request by registered self-service equipment according to an installation code acquisition instruction input by an installation worker and equipment information of the self-service equipment to be registered; acquiring first biological identification information of an installation personnel through a biological identification device of registered self-service equipment; transmitting the installation code acquisition request and the first biological identification information to the operation control server so that the operation control server determines preset personnel corresponding to the self-service equipment to be registered according to the equipment information and preset registration task information, verifying whether the installation personnel are the preset personnel according to the first biological identification information, and if so, passing the verification;
if the verification is passed, returning verification passing information to the registered self-service equipment;
if the verification passing information is received, generating at least two installation codes through a front-end server and transmitting the installation codes to an operation management and control server so that the operation management and control server receives a master key acquisition request sent by an installation person through self-service equipment to be registered and second biological identification information of the installation person and verifies the second biological identification information, and the receiving of the master key acquisition request sent by the installation person through the self-service equipment to be registered and the second biological identification information of the installation person and the verification of the second biological identification information specifically comprise: receiving a master key acquisition request sent by an installation worker through self-service equipment to be registered, and determining equipment information of the self-service equipment to be registered according to the master key acquisition request; determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and the preset registration task information; verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information or not, and if so, passing the verification;
and if the verification is passed, sending the at least two installed codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers.
2. The self-service device master key generation method according to claim 1, wherein if the verification passing information is received, generating at least two installed codes through a front-end server and transmitting the installed codes to an operation management and control server specifically comprises:
if the verification passing information is received, sending an installation code generation request to a front-end server so that the front-end server generates at least two installation codes and forms installation code generation success information, encrypting the at least two installation codes through a preset first secret key, and transmitting the encrypted installation codes to an operation control server;
and receiving successful installation code generation information transmitted by the front-end server and feeding back the successful installation code generation information to installation personnel.
3. A self-service device master key generation method is characterized by comprising the following steps:
receiving an installation code acquisition request sent by registered self-service equipment and first biological identification information of installation personnel;
verifying the first biometric information according to the installation code acquisition request, wherein the verifying the first biometric information according to the installation code acquisition request specifically comprises: determining equipment information according to the installation code acquisition request, and determining self-service equipment to be registered according to the equipment information; determining preset personnel corresponding to the self-service equipment to be registered according to the self-service equipment to be registered and preset registration task information; verifying whether the pre-stored biological identification information of the preset personnel is matched with the first biological identification information or not, and if so, passing the verification;
if the verification is passed, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installed codes through the front-end server, and receiving the at least two installed codes transmitted by the front-end server;
receiving a master key acquisition request sent by an installed person through self-service equipment to be registered and second biological identification information of the installed person and verifying the second biological identification information, wherein the receiving of the master key acquisition request sent by the installed person through the self-service equipment to be registered and the second biological identification information of the installed person and verifying the second biological identification information specifically comprises: receiving a master key acquisition request sent by an installation worker through self-service equipment to be registered, and determining equipment information of the self-service equipment to be registered according to the master key acquisition request; determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and the preset registration task information; verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information or not, and if so, passing the verification;
and if the verification is passed, sending the at least two installed codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers.
4. The self-service device master key generation method of claim 3, further comprising, prior to receiving an installation code acquisition request and first biometric information of an installation person sent by a registered self-service device:
receiving key updating application information input by an administrator;
and determining equipment information of the self-service equipment to be registered and preset personnel to form preset registration task information according to the key updating application information.
5. A self-service device master key generation method is characterized by comprising the following steps:
sending a master key acquisition request and second biological identification information of installation personnel to an operation management and control server through self-service equipment to be registered so that the operation management and control server verifies the second biological identification information, and the method specifically comprises the following steps: determining equipment information of the self-service equipment to be registered according to the master key acquisition request; determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and preset registration task information; verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information or not, and if so, passing the verification;
if the verification is passed, receiving at least two installed codes sent by the operation management and control server to generate a master key and register the master key, wherein the at least two installed codes are obtained by sending an installed code obtaining request and first biological identification information of installed personnel to the operation management and control server through registered self-service equipment so that the operation management and control server verifies the first biological identification information according to the installed code obtaining request, and the sending the installed code obtaining request and the first biological identification information of the installed personnel to the operation management and control server through the registered self-service equipment so that the operation management and control server verifies the first biological identification information according to the installed code obtaining request specifically comprises: forming an installation code acquisition request by registered self-service equipment according to an installation code acquisition instruction input by an installation worker and equipment information of the self-service equipment to be registered; acquiring first biological identification information of an installation personnel through a biological identification device of registered self-service equipment; transmitting the installation code acquisition request and the first biological identification information to the operation management and control server so that the operation management and control server determines preset personnel corresponding to self-service equipment to be registered according to the equipment information and preset registration task information, and verifies whether the installation personnel are the preset personnel according to the first biological identification information, if so, the verification is passed;
and if the verification is passed, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installation codes through a front-end server and transmits the installation codes to the operation management and control server to obtain the installation codes.
6. The self-service device master key generation method according to claim 5, wherein the receiving at least two installed codes sent by the operation management and control server to generate a master key and registering specifically comprises:
receiving at least two installed codes sent by the operation control server;
sending the at least two installed codes to a front-end server so that the front-end server encrypts the at least two installed codes according to a preset second key to obtain at least two key components, and obtaining a key initial value according to the at least two key components;
and receiving the key initial value transmitted by the front-end server, encrypting the key initial value by a preset third key to obtain a master key, and writing the master key into a password keyboard to complete registration.
7. A registered self-service device, comprising:
the installed staff verifying unit is configured to send an installed code acquisition request and first biological identification information of an installed staff to an operation control server through a registered self-service device so that the operation control server verifies the first biological identification information according to the installed code acquisition request, and the sending of the installed code acquisition request and the first biological identification information of the installed staff to the operation control server through the registered self-service device so that the operation control server verifies the first biological identification information according to the installed code acquisition request specifically includes: forming an installation code acquisition request by registered self-service equipment according to an installation code acquisition instruction input by an installation worker and equipment information of the self-service equipment to be registered; acquiring first biological identification information of an installation personnel through a biological identification device of registered self-service equipment; transmitting the installation code acquisition request and the first biological identification information to the operation control server so that the operation control server determines preset personnel corresponding to the self-service equipment to be registered according to the equipment information and preset registration task information, verifying whether the installation personnel are the preset personnel according to the first biological identification information, and if so, passing the verification;
if the verification is passed, returning verification passing information to the registered self-service equipment;
the installed code generating unit is used for generating at least two installed codes through a front-end server and transmitting the two installed codes to an operation management and control server if the verification passing information is received, so that the operation management and control server receives a master key acquisition request sent by an installed person through self-service equipment to be registered and second biological identification information of the installed person and verifies the second biological identification information, and the receiving of the master key acquisition request sent by the installed person through self-service equipment to be registered and the second biological identification information of the installed person and the verification of the second biological identification information specifically comprise: receiving a master key acquisition request sent by an installation worker through self-service equipment to be registered, and determining equipment information of the self-service equipment to be registered according to the master key acquisition request; determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and the preset registration task information; verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information or not, and if so, passing the verification;
and if the verification is passed, sending the at least two installed codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers.
8. An operation management and control server, comprising:
the request receiving unit is used for receiving an installation code acquisition request sent by registered self-service equipment and first biological identification information of installation personnel;
a comparison verification unit, configured to verify the first biometric information according to the installation code acquisition request, where verifying the first biometric information according to the installation code acquisition request specifically includes: determining equipment information according to the installation code acquisition request, and determining self-service equipment to be registered according to the equipment information; determining preset personnel corresponding to the self-service equipment to be registered according to the self-service equipment to be registered and preset registration task information; verifying whether the pre-stored biological identification information of the preset personnel is matched with the first biological identification information or not, and if so, passing the verification;
if the verification is passed, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installed codes through the front-end server, and receiving the at least two installed codes transmitted by the front-end server;
the master key request receiving unit is configured to receive a master key acquisition request sent by an installed person through a self-service device to be registered and second biometric information of the installed person, and verify the second biometric information, and the receiving the master key acquisition request sent by the installed person through the self-service device to be registered and the second biometric information of the installed person and verifying the second biometric information specifically includes: receiving a master key acquisition request sent by an installation worker through self-service equipment to be registered, and determining equipment information of the self-service equipment to be registered according to the master key acquisition request; determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and the preset registration task information; verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information or not, and if so, passing the verification;
and if the verification is passed, sending the at least two installed codes to the self-service equipment to be registered so that the self-service equipment to be registered generates a master key and registers.
9. A self-service device to be registered, comprising:
the self-service equipment to be registered is used for sending a master key acquisition request and second biological identification information of installation personnel to the operation management and control server so that the operation management and control server verifies the second biological identification information, and the master key request unit specifically comprises: determining equipment information of the self-service equipment to be registered according to the master key acquisition request; determining preset personnel corresponding to the self-service equipment to be registered according to the equipment information of the self-service equipment to be registered and preset registration task information; verifying whether the pre-stored biological identification information of the preset personnel is matched with the second biological identification information or not, and if so, passing the verification;
a master key generation unit, configured to receive at least two installed codes sent by the operation management and control server to generate a master key and register the master key if the verification passes, where the at least two installed codes are obtained by a registered self-service device sending an installed code obtaining request and first biometric information of an installed person to the operation management and control server so that the operation management and control server verifies the first biometric information according to the installed code obtaining request, and sending the installed code obtaining request and the first biometric information of the installed person to the operation management and control server through the registered self-service device so that the operation management and control server verifies the first biometric information according to the installed code obtaining request specifically includes: forming an installation code acquisition request by registered self-service equipment according to an installation code acquisition instruction input by an installation worker and equipment information of the self-service equipment to be registered; acquiring first biological identification information of an installation personnel through a biological identification device of registered self-service equipment; transmitting the installation code acquisition request and the first biological identification information to the operation control server so that the operation control server determines preset personnel corresponding to the self-service equipment to be registered according to the equipment information and preset registration task information, verifying whether the installation personnel are the preset personnel according to the first biological identification information, and if so, passing the verification;
and if the verification is passed, returning verification passing information to the registered self-service equipment so that the registered self-service equipment generates at least two installation codes through a front-end server and transmits the installation codes to the operation management and control server to obtain the installation codes.
10. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor,
the processor, when executing the program, implements the method of any of claims 1-6.
11. A computer-readable medium, having stored thereon a computer program,
the program when executed by a processor implementing the method according to any one of claims 1-6.
CN202010240380.1A 2020-03-31 2020-03-31 Self-service equipment master key generation method, server and self-service equipment Active CN111404683B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010240380.1A CN111404683B (en) 2020-03-31 2020-03-31 Self-service equipment master key generation method, server and self-service equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010240380.1A CN111404683B (en) 2020-03-31 2020-03-31 Self-service equipment master key generation method, server and self-service equipment

Publications (2)

Publication Number Publication Date
CN111404683A CN111404683A (en) 2020-07-10
CN111404683B true CN111404683B (en) 2022-11-15

Family

ID=71431361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010240380.1A Active CN111404683B (en) 2020-03-31 2020-03-31 Self-service equipment master key generation method, server and self-service equipment

Country Status (1)

Country Link
CN (1) CN111404683B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7159114B1 (en) * 2001-04-23 2007-01-02 Diebold, Incorporated System and method of securely installing a terminal master key on an automated banking machine
CN102332981A (en) * 2011-10-12 2012-01-25 深圳市沃达通实业有限公司 Three-layer key encryption method and bank transaction system
CN107800538A (en) * 2016-09-01 2018-03-13 中电长城(长沙)信息技术有限公司 A kind of self-service device remote cipher key distribution method
CN108365950A (en) * 2018-01-03 2018-08-03 深圳怡化电脑股份有限公司 The generation method and device of financial self-service equipment key

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4736744B2 (en) * 2005-11-24 2011-07-27 株式会社日立製作所 Processing device, auxiliary information generation device, terminal device, authentication device, and biometric authentication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7159114B1 (en) * 2001-04-23 2007-01-02 Diebold, Incorporated System and method of securely installing a terminal master key on an automated banking machine
CN102332981A (en) * 2011-10-12 2012-01-25 深圳市沃达通实业有限公司 Three-layer key encryption method and bank transaction system
CN107800538A (en) * 2016-09-01 2018-03-13 中电长城(长沙)信息技术有限公司 A kind of self-service device remote cipher key distribution method
CN108365950A (en) * 2018-01-03 2018-08-03 深圳怡化电脑股份有限公司 The generation method and device of financial self-service equipment key

Also Published As

Publication number Publication date
CN111404683A (en) 2020-07-10

Similar Documents

Publication Publication Date Title
CN111466097B (en) Server-assisted privacy preserving biometric comparison
US12088586B2 (en) Biometric validation process utilizing access device and location determination
RU2718226C2 (en) Biometric data safe handling systems and methods
US20220191012A1 (en) Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System
DE102015215120B4 (en) METHOD OF USING ONE DEVICE TO UNLOCK ANOTHER DEVICE
US9160742B1 (en) Localized risk analytics for user authentication
US6446210B1 (en) Method for securing communication by selecting an encoding process using a first computer based upon ability of a second computer and deleting the process thereafter
US9218473B2 (en) Creation and authentication of biometric information
CN107528688A (en) A kind of keeping of block chain key and restoration methods, device based on encryption commission technology
US20200382307A1 (en) Authentication terminal, authentication device and authentication method and system using authentication terminal and authentication device
US20170272432A1 (en) Network of biometrically secure devices with enhanced privacy protection
JP2006155547A (en) Individual authentication system, terminal device and server
CN111259363B (en) Service access information processing method, system, device, equipment and storage medium
CN111179522B (en) Self-service equipment program installation method, device and system
CN111404683B (en) Self-service equipment master key generation method, server and self-service equipment
JP6841781B2 (en) Authentication server device, authentication system and authentication method
US20210160076A1 (en) System and method for secure biometric authentication
JP4749017B2 (en) Pseudo biometric authentication system and pseudo biometric authentication method
CN114124422A (en) Key management method and device
CN111970126A (en) Key management method and device
JP5301365B2 (en) Authentication card, card authentication terminal, card authentication server, and card authentication system
CN109345255A (en) Noninductive method of payment, noninductive payment mechanism and bank's background system
WO2022237550A1 (en) Access control authentication method, apparatus and system for preventing privacy leak
RU2776258C2 (en) Biometric comparison for privacy protection using server
CN103297238B (en) Identity authorization system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220928

Address after: 25 Financial Street, Xicheng District, Beijing 100033

Applicant after: CHINA CONSTRUCTION BANK Corp.

Address before: 25 Financial Street, Xicheng District, Beijing 100033

Applicant before: CHINA CONSTRUCTION BANK Corp.

Applicant before: Jianxin Financial Science and Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant