CN111080922A

CN111080922A - Intelligent key cabinet management system and implementation method thereof

Info

Publication number: CN111080922A
Application number: CN201911379023.7A
Authority: CN
Inventors: 曾东阳; 蒋宇; 郭悦欣; 孙明
Original assignee: Zhuhai College of Jilin University
Current assignee: Zhuhai College of Jilin University
Priority date: 2019-12-27
Filing date: 2019-12-27
Publication date: 2020-04-28

Abstract

The invention discloses an intelligent key cabinet management system and an implementation method thereof, wherein the intelligent key cabinet management system comprises a cabinet end, a server end and an application end; the key taking is managed and controlled through the cabinet end, and the management and control comprises user identity confirmation, user authority confirmation, operation log inquiry, key position on-off control and key right and wrong check; providing service and interface for the application end through the server end, and communicating with the managed key cabinet; providing a webpage service, confirming a key cabinet connection state, confirming key cabinet identity information, acquiring a key state, acquiring log information, issuing configuration information and providing a permission confirmation service for the key cabinet through the server side; providing a management and maintenance function for an administrator and a maintainer through a webpage end of an application end; providing an operation function for a user through an equipment end of an application end; the invention reduces the equipment transformation cost, is convenient for teachers and students to use, and can be widely applied to the technical field of intelligent equipment.

Description

Intelligent key cabinet management system and implementation method thereof

Technical Field

The invention relates to the technical field of intelligent equipment, in particular to an intelligent key cabinet management system and an implementation method thereof.

Background

In order to ensure the safety and effectively manage the spaces such as classrooms, offices, laboratories and the like in the campus, the school needs to master the access and use conditions of the personnel in the teaching and office spaces, and the key serves as a medium for management. At present, key management mainly adopts manual distribution and acceptance inspection, and part of high schools use computers to perform auxiliary management, but the proportion of manual intervention is high, and operation negligence is easy to exist.

Along with the increasingly improved management refinement and automation requirements and the development and intelligence trend of artificial intelligence technology, in order to strengthen management, facilitate operation and liberate manpower, the work of distribution, acceptance inspection and the like of keys needs to be electronically, automatically and intelligently transformed. At present, 2 methods are mainly used, namely door lock intellectualization and intelligent key cabinet adoption.

For the method of door lock intellectualization, all door locks need to be transformed into intelligent door locks, and a distribution network is specially distributed for the intelligent door locks. The method has high modification cost, even needs to refit and wire distribution, can influence the normal use of the door within a period of time, and can cause certain influence on the daily operation of the campus. Compared with the prior art, the intelligent key cabinet has the advantages of low environment modification cost, low equipment failure influence, quick maintenance and inspection, easy equipment supervision and the like. Therefore, for colleges and universities, the intelligent key cabinet is a more feasible transformation method.

At present, the key cabinet research is mainly biased to the fields of public security, army, traffic, power generation and power supply, and the research on the special environment of colleges and universities is less. Although the existing key cabinet scheme solves the problem of unified management of keys, the intelligent registration, borrowing, returning and inquiry of the keys are realized. But the facing user and scene are fixed, and the identity setting and authentication mode is rigid; in the aspect of networking, networking cannot be achieved, or the requirement on the network environment is strict. The requirements of teachers and students for convenient use, uncertain network deployment environments and possible temporary borrowing and substitution situations are not considered emphatically.

Disclosure of Invention

In view of this, the embodiment of the invention provides a low-cost, convenient and practical intelligent key cabinet management system and an implementation method thereof.

The invention provides an intelligent key cabinet management system in a first aspect, which comprises a cabinet end, a server end and an application end; the hardware part of the cabinet end comprises a cabinet body, a lockset, an embedded mainboard, a touch display screen, a sensor group and a key ring, and the software part of the cabinet end comprises a Linux system;

the cabinet end is used for managing and controlling key taking and returning, and the management and control comprises user identity confirmation, user authority confirmation, operation log inquiry, key position on-off control and key right and wrong check;

the server side is used for providing services and interfaces for the application side and communicating with the managed key cabinet; the server side is also used for providing webpage service, confirming the connection state of the key cabinet, confirming the identity information of the key cabinet, acquiring the key state, acquiring log information, issuing configuration information and providing authority confirmation service for the key cabinet;

the application end comprises a webpage end and an equipment end, and the webpage end provides a management and maintenance function for an administrator and a maintainer; the equipment terminal provides an operation function for a user.

Further, the cabinet body comprises a shell, an internal supporting and fixing structure, a lockset area, an electronic control area and a user operation area;

the lock area is used for placing an electromagnetic lock, an electromagnetic lock protective cover and a key;

the electronic control area is used for storing electronic equipment and circuits which cannot be contacted by a user so as to realize data transmission, processing and control of the lockset;

the user operation area is used for storing electronic input equipment which can be directly touched by a user so as to realize man-machine interaction.

Furthermore, the hardware part of the cabinet end further comprises an emergency mechanical lock position, an electromagnetic lock, a network relay, a transformer, a touch display screen, an RFID card reader and a router.

Furthermore, the hardware part of the cabinet end also comprises an emergency power supply, a binocular structured light camera, a fingerprint module, a GPRS module, a GPS module and a wireless network card.

The second aspect of the present invention further provides an implementation method of an intelligent key cabinet management system, including:

the key taking is managed and controlled through the cabinet end, and the management and control comprises user identity confirmation, user authority confirmation, operation log inquiry, key position on-off control and key right and wrong check;

providing service and interface for the application end through the server end, and communicating with the managed key cabinet;

providing a webpage service, confirming a key cabinet connection state, confirming key cabinet identity information, acquiring a key state, acquiring log information, issuing configuration information and providing a permission confirmation service for the key cabinet through the server side; and

providing a management and maintenance function for an administrator and a maintainer through a webpage end of an application end; and providing an operation function for a user through the equipment end of the application end.

Further, still include:

authenticating the identity of the user;

adding a local administrator account number in a key cabinet; resetting a local administrator account in the key locker; deleting a local administrator account number in the key cabinet; adding a local common user account in a key cabinet; modifying a local common user account in the key cabinet; deleting a local common user account in the key cabinet; modifying local account information of the user in a key cabinet; modifying the information of the online account of the person; adding keys in a key cabinet; modifying key data in the key locker; deleting keys in the key cabinet; and synchronizing key data of the key cabinet end and the server end.

Further, still include:

inquiring a key use log; a user operation log query step; and configuring key cabinet information.

Further, the method also comprises a communication encryption step; the communication encryption step specifically comprises:

a built-in self-issued SSL certificate is used as a HTTPS and MQTT communication certificate between a server side and a key cabinet;

MQTT and HTTPS communication between all server sides and the key cabinet only trusts the self-signed certificate and is encrypted by a communication protocol; and

the communication between the interfaces of the application end and the server end is encrypted by adopting a CBC mode and a PKCS5Padding filling mode of an AES encryption algorithm.

Further, still include:

modifying the local account information of the key cabinet at an application end; forbidding a key cabinet local account number at an application end; and issuing a remote instruction of the server side.

Further, still include:

adding an online administrator account at an application end; resetting an online administrator account at an application terminal; deleting an online administrator account at an application terminal; adding a single online common user account at an application end; adding online common user accounts in batches at an application end; an online common user account is automatically registered at an application terminal; modifying an online common user account at an application terminal; and deleting the online common user account at the application terminal.

One or more of the above-described embodiments of the present invention have the following advantages: the invention comprises a cabinet end, a server end and an application end; the key taking is managed and controlled through the cabinet end, and the management and control comprises user identity confirmation, user authority confirmation, operation log inquiry, key position on-off control and key right and wrong check; providing service and interface for the application end through the server end, and communicating with the managed key cabinet; providing a webpage service, confirming a key cabinet connection state, confirming key cabinet identity information, acquiring a key state, acquiring log information, issuing configuration information and providing a permission confirmation service for the key cabinet through the server side; providing a management and maintenance function for an administrator and a maintainer through a webpage end of an application end; providing an operation function for a user through an equipment end of an application end; the invention reduces the equipment transformation cost and is convenient for teachers and students to use.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

FIG. 1 is a schematic diagram of a system configuration according to an embodiment of the present application;

fig. 2 is a cabinet structure schematic diagram of an embodiment of the present application.

Detailed Description

The invention will be further explained and explained with reference to the drawings and the embodiments in the description. The step numbers in the embodiments of the present invention are set for convenience of illustration only, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adaptively adjusted according to the understanding of those skilled in the art.

Referring to fig. 1, a first aspect of the present invention provides an intelligent key cabinet management system, which includes a cabinet end, a server end and an application end; the hardware part of the cabinet end comprises a cabinet body, a lockset, an embedded mainboard, a touch display screen, a sensor group and a key ring, and the software part of the cabinet end comprises a Linux system;

Specifically, the cabinet end of this embodiment is responsible for realizing the management of getting back of the key, including functions such as checking user identity, checking user authority, recording and inquiring relevant logs, switching on and off specific key position, checking that the key is correct and wrong. The hardware part comprises a cabinet body, a lockset, an embedded mainboard, a touch display screen, a related sensor, a key ring and the like; the software part mainly comprises a Linux system and key cabinet application. The design can be separated from the server side and independently operated from the application side, but partial functions can be disabled.

The server side of the embodiment is responsible for providing services and interfaces for the application side, and simultaneously communicates with the managed key cabinet. The server side can provide webpage service for all personnel and also provides a remote API interface for APP application facing common users and administrator users. The main communication functions of the server and the key cabinet comprise: confirming the connection state of the key cabinet, confirming the identity information of the key cabinet, acquiring the key state, acquiring log information, issuing configuration information, providing authority confirmation service for the key cabinet and the like.

The application end of the embodiment is responsible for interacting with the user and guiding and assisting the user to complete related operations. The system comprises a webpage end and an APP application part, wherein the webpage end mainly faces to an administrator and a maintainer and is designed for facilitating management and maintenance on any computer; the APP is mainly oriented to common users, and is designed for being conveniently used on a mobile phone anytime and anywhere.

Specifically, as shown in fig. 2, the key cabinet structure is divided into 5 major parts, which are respectively a housing, an internal supporting and fixing structure, a lock area, an electronic control area, and a user operation area. Wherein, the shell and the internal supporting and fixing structure mainly comprise plastics, toughened glass and metal. The lockset area mainly refers to an area for placing the electromagnetic lock and the protective cover thereof and is used for placing keys. The electronic control area comprises all electronic equipment, circuits and the like which can not be directly contacted by users and is used for data transmission, processing and controlling the lockset. The user operation area mainly refers to electronic input equipment which can be directly touched by a user and is used for man-machine interaction, such as a touch screen, a fingerprint module and the like, and in addition, a card reader and a camera are further arranged on the cabinet body shown in figure 2, so that the multifunctional intelligent cabinet is rich.

In order to ensure operation in the case of power failure, equipment failure and the like, the key cabinet is provided with a mechanical lock position, and the area is called a spare mechanical lock key area. The mechanical lock keys are managed by a specialist, and the lock positions place a key ring including all spare keys. In order to ensure the emergency of the mechanical lock position and avoid damaging daily management, after the lock position is opened, an emergency signal is tried to be sent to the embedded mainboard, and the power supply of electronic equipment in the key cabinet is physically and cooperatively cut off after 2 seconds until maintenance personnel go to the site for maintenance. In the event of control failure, the key is handed to personnel who unlock the mechanical lock.

The hardware used by the key cabinet can be divided into a necessary hardware and an optional hardware. Wherein the essential components mainly comprise: key cabinet shell and inside supporting structure, emergent mechanical lock position, electromagnetic lock, network relay, transformer, touch display screen, embedded mainboard, RFID card reader, router etc. the optional hardware includes: emergency power supply, binocular structure light camera, fingerprint module, GPRS module, GPS module, wireless network card etc.. The essential hardware is necessary for realizing the basic functions of the key cabinet, and the optional hardware can be added according to the actual use requirement.

The software design of the key cabinet comprises the following aspects:

(1) deployment of Linux systems

The software system of the key cabinet runs on a Linux system, and self-starting is achieved by modifying rc. When the system is started, 2 processes, namely a program restart process and a system restart process, can be automatically started. The program restarting process is used for detecting whether the key cabinet control software process exists at intervals of 1 second, if not, the key cabinet control software process is automatically started, and the key cabinet control software is started for the first time after the startup, and the program can still be automatically restarted after being crashed. And the system restarting process is responsible for detecting whether the program restarting process is still running and whether the system resource occupation is continuously too high, the process is dormant for 3 minutes after being started, then the detection is carried out at intervals of 1 minute, and if the program restarting process is detected not to run or the system CPU and the memory occupation lasts for more than 95 percent for 5 minutes, the system is restarted.

(2) Database design

The database contains 5 tables: user table, key table, user's key authority table, log table, configuration table. The User (User) table includes a User name (userName), a processed password (userpassword enc), a processed security password (secpasswordn), a User level (userLevel), account creation time (createndate), a bound server end User id (remoteuserid), a bound identity card id (cardid), a fingerprint id (fingerprintid), fingerprint information (fingerprintValue), a face id (faceid), a maximum number of simultaneously borrowed keys (maxGetKey), a current number of borrowed keys (currGetKey), a last update time of account information (lastModifiedTime), enable or disable, account description (desc), a head portrait address (avararurl), a phone number (phone), and a mailbox (email). The Key (Key) table includes a Key id (keyid), a Key name (keyName), a latest update time of Key information (lastModifiedTime), whether enabled (enable), a Key description (desc), a borrowing state (isOut), a latest borrowed user (lastUseUser), and an RFID number (keyRFID) of the Key. The user's key authority (UserKeyPair) table includes the user (userId), the key (keyId), and the authorization time (creationDate). The log (log) table includes an operation user (aboutUser), a related key (aboutKey), a time (date), an operation type (logAction), an operation description (logDesc), and whether enabled (enable). The configuration (option) table includes a configuration item type, a configuration item name, a configuration item value, and a modification time.

(3) Development technique

Key cabinet software is developed based on a Qt framework, QML is used as interface development, C + + is used as bottom layer implementation, and simplicity of interface implementation and stability and high performance of a bottom layer system are guaranteed. The software uses the EGL interface to perform full-screen rendering output, thereby avoiding the influence of desktop environment on the software and reducing the attacked surface of the software. Software uses SQLite as a database and DQuest as an ORM framework, modified to accommodate program paging requirements.

For hardware control aspects. The software is communicated with a TCP/IP network through a Modbus protocol to realize network relay control, and then the network relay is used for controlling the on-off of the electromagnetic lock. The software also realizes the operation of the RFID card reader through the communication between the libnfc library and the serial port, and reads the card number information of the IC/ID card. Fingerprint and face living body detection is realized by SDK provided by manufacturers and related technical providers.

Regarding communication with the server side. The connection, maintenance and switching of the network are supported by a Linux system, and the software realizes related configuration by executing system commands and modifying system files. After the network is connected, the software transmits data through HTTP and MQTT protocol and uses TLS encryption. The software will automatically subscribe to the message corresponding to the key locker ID, from which all the commands issued by the server are transmitted. And for data to be uploaded by the software, a POST method of HTTP is adopted for transmission.

The user identity design of the embodiment of the application is as follows:

(1) a maintainer: for equipment deployment and maintenance, a key cabinet system (comprising an operation mode, a server address, a server connection mode and the like), data initialization or reset, data backup and recovery, administrator addition, administrator deletion and administrator information reset can be configured.

(2) The administrator: the system is used for managing keys and users, and can add, delete, modify and inquire information of all ordinary users and keys (including names, descriptions, lock positions, current states of the keys, identity information, authority, passwords and the like of the users), inquire all use logs, and modify personal information of the users and add other administrators.

Meanwhile, for safety consideration, a hierarchical administrator is not arranged, so that all long-term authority authorization is ensured to be confirmed and operated by the final authority administrator, and the problems of improper authorization and disordered management easily caused by too many sub-administrators are solved.

In addition, in order to ensure the system safety, the number of the administrator accounts is strictly controlled, and multi-factor identity authentication is adopted.

(3) The common user: the system is used for daily key taking and returning, can check the information of the key which is authorized to be taken and returned (if the key is lent, the contact information of a borrower can be provided), and can also modify partial identity authentication information and contact ways of the user.

(4) The temporary user: the user for temporary borrowing and returning, the authority and the information are attached to the ordinary user, a part of own authority is granted to the temporary user for a certain ordinary user, the temporary user is invalid after specific operation times and time, and the authorized ordinary user operation is recorded in the log information (but the temporary operation is marked for explanation). The specific operation is accomplished primarily by a temporary authorization code.

The identity authentication method of the embodiment of the application is designed as follows:

the identity authentication mode is configured by an administrator, a global default authentication mode can be configured, and a key cabinet can be configured independently. The content that the administrator needs to configure is a list of supported combinations of authentication methods, for example: the method comprises the steps of account password authentication, face authentication and mobile phone verification code authentication. After configuration, the user must complete any one authentication mode combination required in the authentication mode list to enter the system. The configuration design of the identity authentication mode ensures the diversity and the flexibility of the identity authentication mode, and can be adjusted by an administrator according to the requirements of safety and convenience.

The authentication modes supported by the system are 7 types, wherein part of the authentication modes have requirements on hardware of the key cabinet, but the hardware is an option, and if the required hardware does not exist in the key cabinet, the combination containing the authentication modes is automatically disabled.

(1) Password: the traditional account password consists of numbers, letters and special characters in an English state

(2) Short message verification code: when the identity is verified, a one-time short message verification code is sent to the mobile phone number bound by the user and consists of 4-8 digits. The authentication means is only available when the key locker is networked.

(3) Fingerprint: when the identity is verified, the user presses the fingerprint and compares the fingerprint with the fingerprint prestored by the user to verify the identity. Only the fingerprint identification module is loaded and available when the key locker enters relevant information.

(4) IC/ID card: and the identity authentication is completed by reading the card number of the IC/ID card. The authentication method does not suggest separate use and can be input as an account number.

(5) Face: and acquiring a face picture and carrying out living body detection through the binocular structure optical camera, and identifying and matching face information and prestored information to finish identity authentication. The verification means is only provided with a camera and can be used when the key cabinet enters relevant information.

(6) Secondary (secure) password: the secondary security password used for specific key cabinet operation or specific operation increases the security of sensitive operation.

(7) Temporary authorization code: a temporary authorization code generated by the ordinary user for completing a specific operation.

The network connection and operation mode of the embodiment of the application is designed as follows:

(1) an off-line mode: in this mode, the key locker operates in a stand-alone manner without the need to configure a network connection. The mode has no application end and server end, does not need deployment configuration of the server end, and only needs to select an offline mode and configure an administrator account after a key cabinet is started for the first time. And then, the administrator adds and manages the information of the key and the user, and the key and the user can be put into use. In this mode, since networking is impossible, the short message verification code and the temporary authorization code cannot be used for identity authentication, and the temporary user is not supported.

(2) Intranet connection mode: in the mode, the key cabinet and the server end are forbidden to access the external network, so that the active leakage of information is avoided.

The server side should have intranet IP, all key cabinets can be directly accessed, and the key cabinets can be connected with WIFI through network cables by RJ45 network ports (not suggested). In the network configuration process, the network segment where the intranet IP of the server is located cannot be the same as the network segment of the key cabinet internal network, and if the network segment is the same, one network segment needs to be selected for modification. The user needs to configure the server end and the rear part of the key cabinet to be available for use, and the application end is only available when the intranet is connected. In this mode, since the external network cannot be connected, the short message authentication code cannot be used for authentication.

(3) Public network connection mode: in this mode, the server side should have an external network IP, and all key cabinets are accessible, and the key cabinets are connected with WIFI (not suggested) by RJ45 network port network cable connection, and may be optionally equipped with GPRS traffic cards as backup connections. The user needs to configure the server side and the key cabinet back to be available for use, and all functions can be enabled in the mode if the hardware limitation is not considered.

The intelligent key cabinet management system of the embodiment of the application has the following functions:

1. identity authentication

1.1 acquisition of information required for authentication

The acquisition of the partial authentication information requires the hardware of the key locker, but the hardware is an option, and if the required hardware is not present in the key locker, the combination containing the authentication mode is automatically disabled. A key locker labeled "key only" allows information entry only at the key locker.

(1) Name of account

The unique identifier of the table name user identity is composed of certain characters and can be a user number, a user name, a bound mobile phone number, a mailbox address and the like. Part of the information is generated by the system, and the user can set part of the information by himself or herself, and the user inputs the information on a key cabinet, a PC or a mobile device by using a keyboard (including a virtual keyboard).

(2) Cipher code

The traditional account password is composed of certain characters. When the administrator adds the user or the user sets the password by himself, the user uses a keyboard (including a virtual keyboard) to input on a key cabinet, a PC or a mobile device.

(3) Short message identifying code (public network connection mode only)

When the identity is verified, the key cabinet or the server generates a disposable verification code and sends a short message containing the disposable verification code to the mobile phone number bound by the user, and the user inputs the disposable verification code on the key cabinet, the PC and the mobile device by using a keyboard (including a virtual keyboard).

(4) Mailbox verification code (public network connection mode only)

When the identity is verified, the server generates a disposable verification code and sends a mail containing the disposable verification code to a mailbox bound by the user, and the user inputs the disposable verification code on a key cabinet, a PC (personal computer) and mobile equipment by using a keyboard (including a virtual keyboard).

(5) Fingerprint (Key cabinet, hardware requirement)

The user fingerprint is read through a fingerprint identification module provided by a third party.

(6) IC/ID card (Key cabinet only)

And controlling a card reader to read the card number of the IC/ID card through serial port communication.

(7) Face (Key cabinet, hardware requirements)

And acquiring a human face picture and carrying out living body detection through a binocular structure optical camera and a related technology interface.

(8) Secondary (safety) cipher

The secondary security password used for specific key cabinet operation or specific operation increases the security of sensitive operation. The user sets the key by himself, and the user uses a keyboard (including a virtual keyboard) to input on a key cabinet, a PC and a mobile device.

(9) Temporary authorization code (Key cabinet, public network or intranet connection mode)

The temporary authorization code is generated by a common user, and after the operation authority and the effective times and time of the user are appointed, the server generates a temporary authorization code for finishing specific operation and displays the temporary authorization code and the application terminal. The user uses the keyboard (including the virtual keyboard) on the key cabinet to input.

1.2 authentication

The user selects a verification mode on an interface, including selecting a local identity or a networking identity, an authentication mode and the like, the equipment acquires information required by authentication according to requirements, and the equipment is matched with information stored in a local database according to the selection or performs data matching on a server database through a server API.

2. Adding local administrator account numbers in key cabinets

(1) The user enters the system through the identity authentication of a system maintainer.

(2) And the system displays an operation interface, and a user clicks a button related to the account number of the local administrator of the added key cabinet to enter the account number interface of the local administrator of the added key cabinet.

(3) The user fills in and adds local administrator account information including user name, password, phone, IC/ID card number, etc. according to the interface guide. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code.

(4) And inquiring whether conflict data exist in the database through corresponding SQL statements, such as the same user name, the same mobile phone number, the same card number and the like.

(5) If so, the system displays an associated error prompt. And if the data do not conflict, the system inserts the data into the database for storage through corresponding SQL statements and displays a success prompt.

3. Resetting local administrator accounts in a key locker

(2) And the system displays an operation interface, and a user clicks a button related to account management of a local administrator of the key cabinet to enter the account management interface of the local administrator of the key cabinet.

(3) And the user retrieves and inquires on the management interface, selects the user needing to operate, and clicks the reset button to perform corresponding operation.

(4) And the user fills in new local administrator account information according to the interface guide, wherein the new local administrator account information comprises identity information such as passwords, telephones, IC/ID card numbers and the like. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code.

(5) And inquiring whether conflict data exist in the database through corresponding SQL statements, such as the same mobile phone number, the same card number and the like.

(6) If so, the system displays an associated error prompt. If not, the system updates the database record through the corresponding SQL statement and displays a success prompt.

4. Deleting local administrator accounts in a key locker

(3) The user retrieves the query and selects the user needing to operate on the management interface, and clicks the delete button.

(4) And deleting the corresponding user account information record from the database through the corresponding SQL statement.

(5) If so, the system displays a relevant error prompt. If no error occurs, a success prompt is displayed.

5. Adding local common user account in key cabinet

(1) And the user enters the system through the identity authentication of the administrator.

(2) And the system displays an operation interface, and a user clicks a button related to a local common user account of the added key cabinet to enter a local common user account interface of the added key cabinet.

(3) The user fills in and adds local common user account information including user name, password, telephone, IC/ID card number and the like according to the interface guide. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code.

6. Modifying local common user account in key cabinet

(2) And the system displays an operation interface, and a user clicks a button related to the local common user account management of the key cabinet to enter the local common user account management interface of the key cabinet.

(3) And the user retrieves and inquires on the management interface, selects the user needing to operate, and clicks the modification button to perform corresponding operation.

(4) And filling in new local common user account information needing to be modified by the user according to the interface guidance. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code.

7. Deleting local common user account in key cabinet

8. Adding online administrator account number at application terminal

(2) And the system displays an operation interface, and a user clicks a button related to adding the online administrator account to enter an adding online administrator account interface.

(3) The user fills in and adds the account information of the online administrator according to the interface guide, including a user name, a password, a telephone, an IC/ID card number and the like. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code. And if the mailbox is filled in, verifying the validity of the mailbox through the mailbox verification code.

(4) The application terminal calls a server terminal API through an HTTP request, the server terminal generates and executes a corresponding SQL statement according to the request content, and whether conflict data exist or not is inquired in a database, such as the same user name, the same mobile phone number, the same card number and the like.

(5) And if the conflict exists, the server side returns error information, and the application end system displays a related error prompt. If not, the server system inserts the data into the database for storage through the corresponding SQL statement, and returns success information, and the application end displays a success prompt.

9. Resetting online administrator accounts at application

(2) And the system displays an operation interface, and a user clicks a button related to account management of the online administrator to enter the account management interface of the online administrator.

(4) And the user fills in new account information of the online administrator according to the interface guide, wherein the new account information comprises identity information such as passwords, telephones, IC/ID card numbers and the like. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code. And if the mailbox is filled in, verifying the validity of the mailbox through the mailbox verification code.

(5) The application terminal calls a server terminal API through the HTTP request, the server terminal generates and executes a corresponding SQL statement according to the request content, and whether conflict data exist or not, such as the same mobile phone number, the same card number and the like, is inquired in a database.

(6) And if the conflict exists, the server side returns error information, and the application end system displays a related error prompt. If the conflict does not exist, the server system updates the database record through the corresponding SQL statement, and returns success information, and the application end displays a success prompt.

10. Deleting online administrator account at application end

(4) And the application terminal calls a server terminal API through the HTTP request, and the server terminal generates and executes a corresponding SQL statement according to the request content and deletes the information record of the corresponding user account from the database.

(5) And if the error occurs, the server side returns error information, and the application end system displays a related error prompt. If no error occurs, a success message is returned, and the application end displays a success prompt.

11. Adding single online common user account at application terminal

(2) And the system displays an operation interface, and the user clicks a button related to adding the online common user account to enter an adding online common user account interface.

(3) And the user fills in and adds on-line common user account information including user name, password, telephone, IC/ID card number and the like according to the interface guide. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code. And if the mailbox is filled in, verifying the validity of the mailbox through the mailbox verification code.

12. Adding online common user accounts in batches at application end

(2) And the system displays an operation interface, and a user clicks a button related to batch adding of the online common user accounts to enter a batch adding online common user account interface.

(3) And the user fills and generates information of the online common user accounts needing to be added in batches according to interface prompt, and stores the information according to processable formats such as csv or json. (Note that validation of the cell phone number and mailbox is not verified here)

(4) And clicking to upload the information storage file. And the application terminal uploads the data file to the server terminal through a POST request of HTTP.

(5) The server checks the validity of the data format, executes a corresponding SQL statement, and inquires whether conflict data exist in a database, such as the same user name, the same mobile phone number, the same card number and the like.

(6) And if the data is invalid or conflicted, the server side returns error information, and the application end system displays a related error prompt. If not, the server system inserts the data into the database for storage through the corresponding SQL statement, and returns success information, and the application end displays a success prompt.

13. On-line common user account number is automatically registered at application terminal (the function is automatically selected by administrator to be opened or not)

(1) And clicking a button related to adding the online common user account by the user to enter an interface for adding the online common user account.

(2) And the user fills in and adds on-line common user account information including user name, password, telephone, IC/ID card number and the like according to the interface guide. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code. And if the mailbox is filled in, verifying the validity of the mailbox through the mailbox verification code.

(3) The application terminal calls a server terminal API through an HTTP request, the server terminal generates and executes a corresponding SQL statement according to the request content, and whether conflict data exist or not is inquired in a database, such as the same user name, the same mobile phone number, the same card number and the like.

(4) And if the conflict exists, the server side returns error information, and the application end system displays a related error prompt. If not, the server system inserts the data into the database for storage through the corresponding SQL statement, and returns success information, and the application end displays a success prompt.

14. Modifying online common user account at application terminal

(2) And the system displays an operation interface, and a user clicks a button related to the on-line common user account management to enter the on-line common user account management interface.

(4) And filling new online common user account information needing to be modified by the user according to the interface guidance. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code. And if the mailbox is filled in, verifying the validity of the mailbox through the mailbox verification code.

15. Deleting online common user account at application terminal

16. Modifying local account information of the user in a key cabinet

(1) And the user enters the system through identity authentication.

(2) The system displays an operation interface, and a user clicks a button related to personal information, enters a personal information interface and clicks the maintenance personal information again.

(3) And filling in new personal information needing to be modified by the user according to the interface guide. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code. (personal information that the ordinary user allows to change is set by the administrator, and the ordinary user cannot modify the authority information)

(4) And inquiring whether conflict data exist in the database through corresponding SQL statements, such as the same mobile phone number, the same card number and the like.

(5) If so, the system displays an associated error prompt. If not, the system updates the database record through the corresponding SQL statement and displays a success prompt.

17. Modifying the information of the online account of the person

(1) And the user enters the system through identity authentication.

(3) And filling in new personal information needing to be modified by the user according to the interface guide. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code. And if the mailbox is filled in, verifying the validity of the mailbox through the mailbox verification code. (personal information that the ordinary user allows to change is set by the administrator, and the ordinary user cannot modify the authority information)

(5) The application end/the key cabinet calls the server end API through the HTTP request, the server end generates and executes corresponding SQL sentences according to the request content, and whether conflict data exist or not is inquired in a database, such as the same mobile phone number, the same card number and the like.

(6) And if the conflict exists, the server side returns error information, and the application side/key cabinet system displays a related error prompt. If the data does not conflict with the data, the server system updates the database records through corresponding SQL statements and returns success information, and the application end/the key cabinet displays a success prompt.

18. Adding keys in key cabinet

(2) The system displays an operation interface, a user clicks a key management related button, enters a key adding management interface, and then clicks a key adding button to enter the key adding interface.

(3) The user fills in key information according to the interface guide, including key hanging positions, key numbers, key names, key descriptions and the like.

(4) And clicking an adding button by the user to enter a key identification mode. The user pins the key into the key ring with the RFID chip and presses the key with the key ring close to the card reader. The system reads the number of the RFID of the key ring through the card reader and records the number.

(5) Through the corresponding SQL statement, whether conflict data exist is inquired in the database, such as the same key hanging bit, the same key number, the same RFID number and the like.

(6) If so, the system displays an associated error prompt. If the system does not conflict, the system unlocks the corresponding key position and allows the user to place the key position.

(7) After the user confirms that the placement is completed, the system locks the key position, inserts the key data into the database for storage through corresponding SQL sentences, and displays a success prompt.

19. Modifying key data in a key locker

(2) The system displays an operation interface, and a user clicks a key management related button to enter a key adding management interface.

(3) And the user searches and inquires on the management interface, selects the key needing to be operated, and clicks the modification button to carry out corresponding operation.

(4) And filling in new local common user account information needing to be modified by the user according to the interface guidance. If the key ring needs to be replaced, the key ring number updating button is clicked to enter a key identification mode, a user enables a key with a new key ring to be close to a card reader, and the system reads the RFID number of the key ring through the card reader and records the RFID number. After finishing the modification, the user clicks the save button.

(5) Through the corresponding SQL statement, the database is queried for the presence of conflicting data, such as the same key number, the same RFID number, etc.

20. Deleting keys in key cabinet

(3) And the user searches and inquires on the management interface, selects the key needing to be operated, and clicks the delete button to carry out corresponding operation.

(4) The system unlocks the corresponding key position.

(5) And entering a key identification mode for secondary confirmation. The user pins the key into the key ring with the RFID chip and presses the key with the key ring close to the card reader. The system reads the number of the RFID of the key ring through the card reader and compares whether the number is the number corresponding to the key to be deleted. If not, prompting the user to re-identify. (optional)

(6) And after clicking a deletion confirmation button, deleting the corresponding key record from the database through a corresponding SQL statement.

(7) If so, the system displays a relevant error prompt. If no error occurs, a success prompt is displayed.

21. Synchronizing key cabinet-side and server-side key data

(1) And the user manually clicks a synchronization button, or the data changes the data of the automatic synchronization key, or the server side issues a synchronization instruction.

(2) And the key cabinet end system inquires the last synchronization timestamp record stored in the database configuration table through an SQL statement, and if the last synchronization timestamp record does not exist or needs full synchronization, the last synchronization timestamp record is set to be 0.

(3) The key locker queries the database for records in the key table for which the last update time (lastModifiedTime) of the key information is greater than the last synchronization timestamp, via a corresponding SQL statement.

(4) And (4) converting the records which are obtained by query and need to be uploaded (namely the records obtained by query in the step (3)) into JSON format package by the key cabinet.

(5) The key cabinet requests the synchronous interface to upload JSON data to the server side through a POST method of HTTP.

(6) The server side receives the data, analyzes and verifies the data format, queries the latest update time (lastModifiedTime) of the key information corresponding to each submitted key number to be synchronously recorded in the server database through SQL statements, and filters out records which are newer than the data stored in the server database (the latest update time of the key information at the key cabinet side is more than the latest update time of the key information at the server side).

(7) If (6) there is error, the server does not process any, and returns error information, and goes to (12).

(8) If (6) all is normal, generating a corresponding SQL statement for the new record (including setting the record update source as a key cabinet) and submitting the SQL statement to the server database.

(9) And the server side queries the key information latest updating time (lastModifiedTime) in the database through a corresponding SQL statement according to the requested last synchronization timestamp record, wherein the latest updating time (lastModifiedTime) is greater than the last synchronization timestamp and the record of the key table of which the updating source is the application side.

(10) And the server end converts the records which are obtained by query and need to be issued (namely the records obtained by query in the step 9) into JSON format package.

(11) And the server side returns success information and JSON data of the key record needing to be updated to the key cabinet.

(12) If the key cabinet receives the error prompt, the key cabinet retries the whole synchronization process after several seconds. If the data is successful, the returned data is analyzed and verified, the new data is converted into a corresponding SQL statement to update the record of the database, and the last synchronous timestamp record in the database configuration table is updated as the request sending time.

22. Borrowing key

(1) The user enters the system through the identity authentication of the ordinary user or the temporary user, and the system displays all keys which the user has the right to borrow in the current key cabinet.

(2) The selection click requires a key. The system queries the relevant data of the key, the borrowing information of the borrower and the current borrower information of the key through SQL sentences.

(3) If the borrower has reached a maximum number of borrowings, a limit prompt is displayed. If the key has been borrowed, borrower information and contact information are displayed.

(4) If the maximum borrowing number is not reached and the key is in a borrowable state, the corresponding key bit is unlocked.

(5) And entering a key identification mode for secondary confirmation. The user pins the key into the key ring with the RFID chip and presses the key with the key ring close to the card reader. The system reads the number of the RFID of the key ring through the card reader and compares whether the number is the number corresponding to the borrowed key. If not, prompting the user to re-identify. (optional)

(6) The user confirms that the borrowing operation is completed, and the system locks the corresponding key position.

23. Return key

(1) The user enters the system through the identity authentication of a common user or a temporary user.

(2) And clicking a return button to enter a key identification mode.

(3) The user pins the key into the key ring with the RFID chip and presses the key with the key ring close to the card reader. The system reads the RFID number of the key ring through the card reader and detects whether the key is a lent key of the key cabinet. If not, an error is prompted. If yes, unlocking the corresponding key position, and prompting the user to place the key.

(4) The user confirms that the return operation is completed, and the system locks the corresponding key position.

24. Generating user authorization codes

(1) And the user enters the application system at the application end through the identity authentication of the common user or the temporary user.

(2) And clicking a button for generating the user authorization code to enter a user authorization code generation interface.

(3) The key and action of the running operation, such as key 1 of return key a, is selected.

(4) The number of available times (default to 1) and the time limit (default to 1 day) are set. (optional)

(5) The application end submits data to the server end through an HTTP protocol. After receiving the request, the server checks the user authorization. After no error, generating non-repeated random character string, and storing the character string, authorized user, key, action, effective times and time limit in the database. And then, the server side returns the generated character string (namely the user authorization code) to the application side.

(6) And the application end displays the returned user authorization code.

25. Administrator query key usage log

(2) The system displays an operation interface, and a user clicks a button related to key management to enter the key management interface.

(3) And the user searches and inquires on the management interface, selects a key needing to be operated, and clicks a log viewing button to carry out corresponding operation.

(4) And the key cabinet end or the server end searches the operation log corresponding to the user key ID in the database and displays the operation log in pages.

(5) The user can carry out secondary retrieval on the fields existing in the log according to requirements.

26. Administrator inquiry user operation log

(2) And the system displays an operation interface, and a user clicks a button related to management corresponding to the account needing to be searched to enter the account management interface.

(3) And the user searches and inquires on the management interface, selects the user needing to operate, and clicks a log viewing button to perform corresponding operation.

(4) And the key cabinet end or the server end searches the operation log corresponding to the user ID in the database and displays the operation log in pages.

27. Cabinet with keys

(1) And entering the system through the identity authentication of a system maintainer.

(2) The user sets key locker attributes such as the external number of the key locker, the name of the key locker, key locker information, and key locker description, and clicks the save button. The system will save the information to the configuration table of the database by for SQL statements.

(3) Adding a local administrator account.

(4) The networking mode is set. If the key cabinet is in the off-line mode, the setting is finished, otherwise, the server terminal address, the network connection authentication information and the like need to be set, and the key cabinet related attributes are submitted through the access server interface to confirm the connection.

(5) If the server receives new key locker information, the information is stored in a database, and the key locker corresponding MQTT theme is added.

28. Key cabinet configuration for synchronizing key cabinet end and server end

(1) And a user manually clicks a synchronization button, or data changes the configuration data of the automatic synchronization key cabinet, or a server side issues a synchronization instruction.

(2) And the key cabinet end system inquires the last configuration synchronization timestamp record stored in the database configuration table through an SQL statement, and if the last configuration synchronization timestamp record does not exist or needs full synchronization, the last configuration synchronization timestamp record is set to be 0.

(3) The key locker queries the record of the last synchronization timestamp that the latest update time (lastModifiedTime) of the information in the configuration table in the database through the corresponding SQL statement.

(6) The server side receives the data, analyzes and verifies the data format, queries the latest update time (lastModifiedTime) of the configuration information corresponding to the configuration name of each submitted to-be-synchronized record in the server database through SQL statements, and filters out records which are newer than the data stored in the server database (the latest update time of the configuration information of the key cabinet side is more than the latest update time of the configuration information of the server side).

(9) And the server side queries the record of the configuration table of which the update source is the application side and the latest update time (lastModifiedTime) of the configuration information in the database is greater than the last synchronization timestamp through a corresponding SQL statement according to the requested last synchronization timestamp record.

Note that: the last synchronization timestamp record in the configuration table does not participate in the synchronization.

29. Communication encryption

(1) A built-in self-issued SSL certificate is used as a HTTPS and MQTT communication certificate between a server side and a key cabinet.

(2) MQTT and HTTPS communication between all server sides and the key cabinet only trust self-signed certificates and are encrypted through a communication protocol.

(3) The communication between the interfaces of the application end and the server end is encrypted by adopting a CBC mode and a PKCS5Padding filling mode of an AES encryption algorithm.

30. Log logging

(1) At the key cabinet end, all operations and login and query operations of a user on the key cabinet but related to database write operation can be kept to the database, and logs are uploaded.

(2) At the application end, all operations related to database writing operation, login, query and remote instruction issuing operation of a user on the application end can keep operation users, operation types, specific operations, operation objects and operation time to the database.

31. Key cabinet log uploading

(1) And the key cabinet automatically triggers log uploading when new log information is tried. If the mode is the offline mode, the log uploading function is disabled.

(2) The key cabinet system converts the log needing to be uploaded into JSON format package.

(3) The key cabinet requests the synchronous interface to upload JSON data to the server side through a POST method of HTTP.

(4) And after receiving the data, the server analyzes and verifies the data format, adds the log into a database, and returns success information.

(5) If the uploading fails, the log is retried when being uploaded next time or after a certain time.

32. Key unlocking

(1) The outer lock is unlocked. The external lock is a normal key lock, which is opened by an administrator after a predetermined time, and the user can take the key through the user operation area.

(2) And unlocking the electromagnetic lock. After the user passes through the used operation area and passes through the specified steps, the electronic lock in the operation authority of the user is opened, the electromagnetic lock is opened for twenty seconds for the user to take the key, and the lockset is closed again after twenty seconds

33. Key lock

(1) The external lock is locked. The external lock is a common key lock, and when a manager closes the cabinet body through the external lock, a user cannot operate the internal lock area and the control area.

(2) And locking the electromagnetic lock. The electromagnetic lock will remain locked until the user removes the key. After a user opens the lock in the own right through the operating system, twenty seconds of key taking-away time is provided, and the electromagnetic lock returns to the locking state after twenty seconds.

34. Key cabinet structure

The key cabinet mainly comprises a shell, an internal supporting and fixing structure, a lockset area, an electronic control area and a user operation area.

(1) A housing. Mainly by plastics constitution, guarantee stable in structure, waterproof while, alleviateed weight again, have the key lock that supplies the staff to be responsible for on the shell, control opening of whole key cabinet door and close.

(2) Internal support and securing structures. The cabinet mainly comprises metal and plastic, the inner space of the cabinet body is divided into two areas by the isolation board, and the area observed by a user consists of a lockset, a key and an operation panel. The area within the separator plate is the electronic control area.

(3) A lock area. The tool to lock district comprises electromagnetic lock in inside top, can set up the tool to lock of different quantity according to the user's demand.

(4) A user operation area. The user operation area is arranged below the lock area and is composed of a touch screen, and a user controls the lock to be opened and closed through operation steps under the authority set by an administrator.

(5) An electronic control area. The electronic control area is positioned in the isolation board and is composed of various electronic elements to control the operation of the whole key cabinet.

35. Modifying local account information of key cabinet at application end

(2) And the system displays an operation interface, and a user clicks a button related to the local user account management of the key cabinet to enter the local user account management interface of the key cabinet. And selecting a key cabinet needing to modify the local account information, and entering a local user account management interface of the key cabinet.

(4) And filling in new user account information needing to be modified by the user according to the interface guidance. The system reads and verifies the relevant information in the mode of '1.1 obtaining the information required by authentication'. And if the mobile phone number is filled in, the validity of the mobile phone number is verified through the short message verification code.

(5) And the application terminal calls a server terminal API through the HTTP request, and the server terminal generates an instruction according to the request content. And issuing a command for modifying the local account information of the key cabinet and related data through a remote command issuing function.

(6) And after the key cabinet receives the instruction, checking the instruction issuing time, if the difference between the instruction issuing time and the current time does not exceed the threshold value. The relevant data will be read and analyzed and corresponding SQL statements will be executed, and the database is queried for whether there is conflicting data, such as the same mobile phone number, the same card number, etc.

(7) And if the threshold value is exceeded or the data conflict occurs, the key cabinet sends error information to the server side through the HTTP interface. And if the key cabinet does not conflict with the server, the key cabinet updates the database record through the corresponding SQL statement and sends success information to the server.

(8) And the server side returns error information if receiving the error information of the key cabinet or not receiving the information of the key cabinet after overtime, and the application side displays a related error prompt. And the server side returns success information after receiving the success information of the key cabinet, and the application side displays a success prompt.

36. Disabling local account numbers of key cabinets at application terminals

(3) And the user retrieves and inquires in the management interface, selects a user needing to operate, and clicks the disabling button to perform disabling processing.

(5) And the application terminal calls a server terminal API through the HTTP request, and the server terminal generates an instruction according to the request content. And issuing a local account information instruction and related data of the forbidden key cabinet through a remote instruction issuing function.

(6) And after the key cabinet receives the instruction, checking the instruction issuing time, if the difference between the instruction issuing time and the current time does not exceed the threshold value. The relevant data will be read and parsed and the corresponding SQL statement will be executed, disabling the user account.

37. Remote instruction issuing of server side

(1) In the configuration key cabinet, the key cabinet sends the related information of the key cabinet, and the server side generates the theme corresponding to the key cabinet in the MQTT server.

(2) Under the non-offline mode, the key cabinet can automatically subscribe the theme corresponding to the local machine of the MQTT server at the server side.

(3) The subject name consists of a fixed string + a unique number inside the key locker.

(4) When the server side issues the command, the server side issues the command in a mode of issuing command data to the theme corresponding to the target key cabinet.

(5) Instruction data is encapsulated by the format of json or msgpack or protobuff, including the name of the instruction, time, timeout, instruction-related data, etc.

(6) After receiving the instruction, the key locker sends the processing result through the HTTP interface of the request server side, and the processing result may not be sent if an error occurs or the time is over. And if the key cabinet can not finish the operation and the transmission of the processing result within the appointed overtime time, rolling back the operation of the instruction.

(7) And if the server side does not receive the processing result within the specified time, the server side is regarded as processing failure, and prompts the user to carry out error processing.

In addition, the server of the embodiment of the application adopts a Linux system, and relevant server software is operated on the Linux system. The server side is divided into 3 parts, namely an MQTT server, an API server and a webpage server. The MQTT server is realized by a third party, and an EMQ X Broker or Eclipse Mosquitto is used as the MQTT server. The API server and the webpage server both adopt Java Web as development technology stacks, share one running environment and development framework, and use Nginx as a reverse proxy to provide services to the outside.

Techniques for API server and web server

The server system is based on a Spring + Spring MVC + Mybatis framework, an MVC mode is used for design and development, Spring security is adopted to realize access authority control, and the DBCP serves as a database connection pool. In the implementation, the webpage returned as the view layer of the webpage server is mainly a static webpage, and the content is dynamically loaded from the API interface by adopting the Ajax technology. For the API interface, all non-binary data are serialized into a JSON format for transmission, and encryption and decryption of requests are realized through an AOP mechanism of Spring.

After API calls, the operation that the key cabinet needs to give instructions is realized by adopting an MQTT protocol, the server system realizes communication with an MQTT server by adopting Spring Integration MQTT, and the back of the server system is based on an Eclipse Paho library.

The database uses MariaDB, hot backup and incremental backup of the database are realized by adopting Mariabackup, and automatic backup is realized by regularly running and writing a backup script.

2. Database design for servers

The design of the database table on the server side is very similar to that of the key locker software, and the difference between the two will be explained here.

On the user table, there is no "bound server-side user id (remoteuserld)" attribute, added with the true name (realName), certificate type (cardType), certificate number (cardumber) attributes.

A key cabinet (cabinet) attribute is added to a key table, a user key authority table and a log table.

The server also has a new table: a key cabinet watch. The key locker (locker) table includes a key locker global unique identifier (locker id), a key locker name (name), a key locker external number (outId), a key locker position (position), a key locker description (desc), whether enabled (enable), a last updated time of information (lastModifiedTime), a management key amount (keyNumber), a current key amount (currKeyNumber).

Design of application end

The application end and the server end adopt an HTTP protocol to communicate, and do not directly communicate with the key cabinet. In order to ensure the communication security, the communication content accessing the API is encrypted by adopting a CBC mode of an AES encryption algorithm and a PKCS5Padding mode.

In order to guarantee safety, all operations of fingerprints, face information, account numbers of local administrators of the key cabinet, login of maintainers, use of related functions, addition, deletion and key return are all operated by personnel who need to go to the key cabinet, and if the operations of biological information are not involved, the personnel are not required to be the personal. Therefore, the application end does not support direct remote borrowing, but if the application end does not want to log in again on the key cabinet, a temporary code corresponding to the operation can be generated at the application end, and the temporary code is directly input into the key cabinet to execute the corresponding operation.

1. Mobile phone application end design

And the mobile phone application terminal is developed by using a Qt frame, so that a set of codes can run on the iOS and Android dual-mobile phone platform. And in the development process, QML is taken as a main part, C + + is taken as an auxiliary part, the QML is responsible for realizing interaction logic of all interfaces and users, and C + + is responsible for data encryption and decryption and API (application programming interface) calling of a native platform.

When the mobile phone application terminal is used for the first time, the address of the server terminal (or an address two-dimensional code provided by a scanning key cabinet) is required to be input, and after the server is successfully connected, a user can log in an account through an account password and a short message verification code.

At the mobile phone application end, functions which can be used by a common user include checking and modifying personal information, generating a temporary borrowing and returning code, submitting a key authority application, checking the key state and the like; the functions that the administrator user can use are to find, disable the normal user and modify the information and authority, modify personal information, query key or user log, modify key information and disable key, modify the description information of the key cabinet, etc.

2. Webpage version application end design

The webpage side adopts HTML5+ CSS3+ JavaScript as a basic technology, and Bootstrap and Bootstraptable are used as a front-end development frame. In the using process, most data are accessed and loaded to the API by using the Ajax technology, and the CryptoJS library is used for encrypting and decrypting the data.

The web page end is basically consistent with the mobile phone application end in function, but special adaptation and adjustment can be performed on a large screen and a wide screen, and functions of log query browsing, key state batch browsing, batch operation and the like can be greatly changed in user experience. Besides, the web page version also provides related functions required by the maintainer, such as system configuration, administrator information resetting and the like.

Compared with the prior art, the method has the following advantages:

the method and the device have a temporary authorization function, and the requirements of temporary borrowing and replacement returning are met. The user is allowed to balance the requirements of safety and portability in the aspect of identity authentication, an administrator is allowed to flexibly configure different authentication modes to be combined with each other to serve as identity authentication, meanwhile, the identity authentication mode of each key cabinet is allowed to be configured independently, and different authentication mode strategies can be adopted by the key cabinets according to local conditions and different safety requirements. The method and the device can adapt to three network environments of intranet connection, public network connection and offline, and are set according to specific conditions during deployment. When the network is temporarily unavailable, the network can be returned to an offline mode in an intranet connection or a public network connection, and the basic operation is maintained. In security concerns, an administrator is allowed to set a secondary security password for sensitive operations.

The method and the system can enable an administrator to conveniently manage and emergently control, provide the function of remotely configuring the key cabinet, modify key cabinet information, forbid or modify local account numbers of the key cabinet and the like. In order to ensure that the key can be normally used in an emergency, a spare mechanical lock key area is designed, the area has backup of all keys, an electronic system of the key cabinet is forcibly interrupted after the mechanical lock key area is opened, and key management duty is handed over to a manager. In the aspect of a key cabinet system, the system can be automatically restarted and recovered under the abnormal conditions of breakdown, system resource shortage and the like.

While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

1. An intelligent key cabinet management system is characterized by comprising a cabinet end, a server end and an application end; the hardware part of the cabinet end comprises a cabinet body, a lockset, an embedded mainboard, a touch display screen, a sensor group and a key ring, and the software part of the cabinet end comprises a Linux system;

2. The system of claim 1, wherein the cabinet comprises an outer shell, an internal support and securing structure, a lock zone, an electronic control zone, a user operating zone;

3. The system of claim 1, wherein the hardware portion of the cabinet end further comprises an emergency mechanical latch, an electromagnetic lock, a network relay, a transformer, a touch screen display, an RFID reader, and a router.

4. The system of claim 3, wherein the hardware portion of the cabinet end further comprises an emergency power supply, a binocular structured light camera, a fingerprint module, a GPRS module, a GPS module, and a wireless network card.

5. An implementation method of an intelligent key cabinet management system is characterized by comprising the following steps:

6. The method of claim 5, further comprising:

authenticating the identity of the user; adding a local administrator account number in a key cabinet; resetting a local administrator account in the key locker;

deleting a local administrator account number in the key cabinet; adding a local common user account in a key cabinet; modifying a local common user account in the key cabinet; deleting a local common user account in the key cabinet; modifying local account information of the user in a key cabinet; modifying the information of the online account of the person; adding keys in a key cabinet; modifying key data in the key locker; deleting keys in the key cabinet;

and synchronizing key data of the key cabinet end and the server end.

7. The method of claim 5, further comprising:

8. The method of claim 5, further comprising the steps of encrypting the communication; the communication encryption step specifically comprises:

9. The method of claim 5, further comprising:

10. The method according to any one of claims 5-9, further comprising:

adding an online administrator account at an application end; resetting an online administrator account at an application terminal; deleting an online administrator account at an application terminal; adding a single online common user account at an application end; adding online common user accounts in batches at an application end;

an online common user account is automatically registered at an application terminal; modifying an online common user account at an application terminal; and deleting the online common user account at the application terminal.