CN112002080B - Bank terminal, bank terminal equipment and information security processing method - Google Patents
Bank terminal, bank terminal equipment and information security processing method Download PDFInfo
- Publication number
- CN112002080B CN112002080B CN201910448941.4A CN201910448941A CN112002080B CN 112002080 B CN112002080 B CN 112002080B CN 201910448941 A CN201910448941 A CN 201910448941A CN 112002080 B CN112002080 B CN 112002080B
- Authority
- CN
- China
- Prior art keywords
- identification code
- hardware identification
- bank terminal
- personal computer
- industrial personal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 15
- 238000012795 verification Methods 0.000 claims abstract description 66
- 239000007787 solid Substances 0.000 claims description 6
- 238000000034 method Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000004064 recycling Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
- G07F19/209—Monitoring, auditing or diagnose of functioning of ATMs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- Finance (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a bank terminal, bank terminal equipment and a processing method for information security, wherein the bank terminal comprises an industrial personal computer, the industrial personal computer comprises an industrial personal computer mainboard and a memory, the industrial personal computer mainboard is also connected with an encryption chip, when the bank terminal is started for the first time, the industrial personal computer mainboard acquires a unique hardware identification code of the memory connected with the industrial personal computer mainboard, carries out validity verification on the hardware identification code and a preset hardware identification code, carries out legal marking if the validity verification passes, sends the hardware identification code to the encryption chip for the encryption chip to encrypt, and starts an operating system after encryption; when the computer is started again, the only hardware identification code of the memory connected with the main board of the industrial personal computer is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip to be checked and signed, and the operating system is started after the hardware identification code passes the checking and signing. The invention can prevent the memory from being replaced maliciously and improve the use safety of the bank terminal machine.
Description
Technical Field
The invention relates to the technical field of terminal equipment, in particular to a bank terminal, bank terminal equipment and an information security processing method.
Background
Currently, many terminals of a bank can provide services to customers, and the terminals generally require the customers to input personal related information, such as basic information of the customers, account password information and the like, and then store the information in a memory of the terminals when providing the services. Due to the lack of security protection measures, the memory may be maliciously replaced by another memory, so that some illegal operations are performed on the bank terminal, a safe and reliable use environment cannot be provided, and the security needs to be improved.
Disclosure of Invention
The invention aims to provide a bank terminal, bank terminal equipment and an information security processing method, aiming at preventing a memory from being replaced maliciously and improving the use security of the bank terminal.
In order to achieve the above object, the present invention provides a bank terminal, which includes an industrial personal computer, wherein the industrial personal computer includes an industrial personal computer motherboard and a memory connected with the industrial personal computer motherboard, the industrial personal computer motherboard is further connected with an encryption chip arranged in a safe, wherein:
the industrial personal computer mainboard is used for acquiring a unique hardware identification code of a memory connected with the industrial personal computer mainboard when the bank terminal is started for the first time, carrying out validity verification on the hardware identification code and a preset hardware identification code, carrying out legal marking if the validity verification passes, sending the hardware identification code to the encryption chip, encrypting the hardware identification code by the encryption chip by adopting a preset encryption algorithm, and starting an operating system of the bank terminal after encryption;
when the bank terminal is started up again, the only hardware identification code of the memory connected with the main board of the industrial personal computer is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip to be checked and signed, and an operating system of the bank terminal is started after the sign is checked and signed.
Preferably, the industrial personal computer motherboard is further configured to obtain a unique hardware identification code of a memory connected to the industrial personal computer motherboard when the bank terminal is powered on again, and perform validity verification on the hardware identification code and a preset hardware identification code if the hardware identification code is not legally marked.
Preferably, the industrial personal computer mainboard is further configured to refuse to start the operating system of the bank terminal when the validity verification fails or the verification tag fails.
Preferably, the memory is a solid state disk.
Preferably, the industrial personal computer mainboard is connected with the memory through an SATA interface, and is connected with the encryption chip through a serial RS 232.
Preferably, the bank terminal is a self-service terminal or an automatic terminal.
In order to achieve the above object, the present invention further provides a bank terminal device, where the bank terminal device includes a safe and the bank terminal, an encryption chip is disposed in the safe, and the industrial personal computer motherboard is connected to the encryption chip, where:
the industrial personal computer mainboard is used for acquiring a unique hardware identification code of a memory connected with the industrial personal computer mainboard when the bank terminal equipment is started for the first time, carrying out validity verification on the hardware identification code and a preset hardware identification code, carrying out legal marking if the validity verification passes, sending the hardware identification code to the encryption chip, encrypting the hardware identification code by the encryption chip by adopting a preset encryption algorithm, and starting an operating system of the bank terminal equipment after encryption;
when the bank terminal equipment is started up again, the only hardware identification code of the memory connected with the main board of the industrial personal computer is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip to be checked and signed, and an operating system of the bank terminal equipment is started after the sign is checked and signed.
The invention also provides an information security processing method applied to the bank terminal, which comprises the following steps:
when the bank terminal is started for the first time, acquiring a unique hardware identification code of a memory connected with a mainboard of the industrial personal computer, carrying out validity verification on the hardware identification code and a preset hardware identification code, if the validity verification passes, carrying out legal marking, sending the hardware identification code to the encryption chip, encrypting the hardware identification code by the encryption chip by adopting a preset encryption algorithm, and starting an operating system of the bank terminal after encryption;
when the bank terminal is started up again, the only hardware identification code of the memory connected with the main board of the industrial personal computer is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip to be checked and signed, and an operating system of the bank terminal is started after the sign is checked and signed.
Preferably, the information security processing method further includes:
and when the bank terminal is started up again, acquiring the unique hardware identification code of the memory connected with the main board of the industrial personal computer, and if the hardware identification code is not legally marked, carrying out legality verification on the hardware identification code and a preset hardware identification code.
Preferably, the information security processing method further includes: and refusing to start the operating system of the bank terminal when the validity verification fails or the signature verification fails.
The invention has the beneficial effects that: when the bank terminal is started for the first time, the unique hardware identification code of the memory of the bank terminal is subjected to legality verification and encryption processing, when the bank terminal is started subsequently, whether the stored hardware identification code is legally marked or not is judged at first, if the stored hardware identification code is legally marked, the stored hardware identification code is directly sent to the encryption chip for signature verification processing, and the operating system of the bank terminal can be started only after the signature verification passes.
Drawings
FIG. 1 is a diagram of a hardware architecture of an embodiment of a bank terminal according to the present invention;
FIG. 2 is a schematic diagram of a software architecture of the motherboard of the industrial personal computer shown in FIG. 1;
fig. 3 is a schematic diagram of a hardware architecture of an embodiment of the banking terminal device of the present invention;
fig. 4 is a flowchart illustrating an embodiment of a processing method for information security according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Fig. 1 is a schematic view of an application environment of a bank terminal according to a preferred embodiment of the present invention. In this embodiment, the banking terminal 1 includes an industrial personal computer 10, it being understood that the banking terminal 1 may include the industrial personal computer 10 and a display, which may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (organic light-emitting diode) touch device, and the like in some embodiments. The display is used to display information processed in the bank terminal 1 and to display a visual user interface for operation. The industrial personal computer 10 comprises an industrial personal computer mainboard 101 and a memory 102 connected with the industrial personal computer mainboard 101, and the industrial personal computer mainboard 101 is further connected with an encryption chip arranged in the safety box.
It is to be noted that fig. 1 only shows the bank terminal 1 with the components industrial computer 10 and display, but it is to be understood that not all the shown components are required to be implemented, and more or less components may be implemented instead.
The bank terminal 1 is a self-service terminal or an automatic terminal. The self-service terminal machine comprises cash self-service equipment and non-cash self-service equipment, wherein the cash self-service equipment comprises an Automatic Teller Machine (ATM), an automatic deposit machine (CDM), a cash recycling machine (CRS), a high-speed cash recycling machine (TCR) and the like; the non-cash self-service equipment comprises a deposit book registering machine, a self-service inquiry machine, a self-service payment machine, a self-service card sender, a multimedia self-service terminal, an IC (integrated circuit) rand depositing machine, a self-service internet bank machine and the like. The automatic terminal machine is a terminal machine which generally has the functions of inquiry, transfer, money storage and money taking.
The industrial personal computer mainboard 101 is used for acquiring a unique hardware identification code of a memory 102 connected with the industrial personal computer mainboard 101 when the bank terminal 1 is started up for the first time, carrying out validity verification on the hardware identification code and a preset hardware identification code, carrying out legal marking if the validity verification passes, sending the hardware identification code to the encryption chip, encrypting the hardware identification code by the encryption chip by adopting a preset encryption algorithm, and starting an operating system of the bank terminal 1 after encryption; when the bank terminal 1 is started up again, the only hardware identification code of the memory 102 connected with the industrial personal computer mainboard 101 is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip to be checked and signed, and an operating system of the bank terminal 1 is started after the check and sign are passed.
Referring to fig. 2, an industrial personal computer motherboard 101 may run an industrial personal computer self-start program, a bottom driver, and an operating system program. When the bank terminal 1 is started for the first time, the self-starting program of the industrial personal computer and the bottom layer driving program operate. Then, a bottom driver is used for obtaining a unique hardware identification code of a memory 102 connected with the industrial personal computer mainboard 101, at least one legal hardware identification code is preset in the industrial personal computer mainboard 101, and one hardware identification code corresponds to one memory. The industrial personal computer self-starting program carries out validity verification on the hardware identification code and a preset hardware identification code, if the validity verification fails, the operating system of the bank terminal 1 is not started, and if the validity verification passes, legal marking is carried out, and the hardware identification code is sent to the encryption chip. The encryption chip encrypts the hardware identification code by adopting a preset encryption algorithm, feeds back an encrypted message to an industrial personal computer self-starting program after encryption, and finally starts an operating system of the bank terminal 1, namely, runs the operating system program, and at the moment, the bank terminal 1 can be normally used.
When the bank terminal 1 is used subsequently and the industrial personal computer is started, the self-starting program and the bottom layer driving program of the industrial personal computer run. Then, the only hardware identification code of the memory connected with the industrial personal computer mainboard 101 is obtained again through the bottom driver, if the hardware identification code is legally marked, the encryption operation is performed, the industrial personal computer self-starting program directly sends the hardware identification code to the encryption chip to check the signature, when the signature is checked, the encryption chip encrypts the hardware identification code by adopting a preset encryption algorithm, the encrypted hardware identification code is compared with the encrypted hardware identification code when the machine is started for the first time to check the signature, the operating system of the bank terminal 1 is started after the signature passes the check, and the operating system of the bank terminal 1 is not started when the signature fails the check.
According to the method, when the terminal is started for the first time, the only hardware identification code of the memory of the bank terminal is subjected to legality verification and encryption processing, when the terminal is started for the subsequent time, whether the stored hardware identification code is legally marked or not is judged at first, if the hardware identification code is legally marked, the stored hardware identification code is directly sent to the encryption chip for signature verification processing, the operating system of the bank terminal can be started after the signature verification passes, if the memory is replaced, the operating system cannot be started, the memory is prevented from being maliciously replaced, and the use safety of the bank terminal is improved.
In another embodiment, the industrial personal computer main board 101 obtains a unique hardware identification code of a memory connected with the industrial personal computer main board 101 when the banking terminal 1 is powered on again, and if the hardware identification code is not legally marked, the hardware identification code and a preset hardware identification code are legally verified.
There may be two cases where the hardware identifier of the memory is not legally labeled: one is that the memory is replaced by an illegal memory, and the other is that the memory is legal but is not legally verified for other reasons when the computer is started for the first time, for example, the legal memory is not connected with the industrial personal computer main board 101 when the computer is started for the first time.
When the hardware identification code is not legally marked, legality verification needs to be carried out on the hardware identification code and a preset hardware identification code, if the legality verification fails, the memory can be determined to be maliciously replaced, and an operating system is not started at the moment; and if the validity verification is passed, legally marking is carried out, and the hardware identification code is sent to the encryption chip for encryption, so that the legality verification is not carried out when the hardware identification code is started for the first time, at the moment, the operating system is not started, and when the hardware identification code is started again subsequently, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip for signature verification, and the operating system of the bank terminal 1 is started after the signature verification is passed.
In this embodiment, when the bank terminal 1 is powered on again, the legality of the hardware identifier that is not legally marked is verified, so that the memory that is maliciously replaced can be eliminated, or the legal hardware identifier that is not legally verified when the bank terminal is powered on for the first time is included, thereby improving the flexibility of application.
Preferably, the memory 102 is a solid state disk.
Further, the industrial personal computer main board 101 is connected with the memory 102 (solid state disk) through a SATA interface, and the industrial personal computer main board 101 is connected with the encryption chip through a serial port RS 232.
As shown in fig. 3, fig. 3 is a schematic diagram of a hardware architecture of an embodiment of the bank terminal device of the present invention, the bank terminal device 01 includes a safe 2 and the bank terminal 1 of the above embodiment, an encryption chip 20 is disposed in the safe 2, and an industrial personal computer motherboard 101 is connected to the encryption chip 20.
When the bank terminal device 01 is started up for the first time, the industrial personal computer mainboard 101 acquires a unique hardware identification code of a memory 102 connected with the industrial personal computer mainboard 101, carries out validity verification on the hardware identification code and a preset hardware identification code, carries out legal marking if the validity verification passes, sends the hardware identification code to the encryption chip 20, and enables the encryption chip 20 to encrypt the hardware identification code by adopting a preset encryption algorithm, and starts an operating system of the bank terminal device 01 after encryption; when the bank terminal 1 is powered on again, the only hardware identification code of the memory 102 connected with the industrial personal computer mainboard 101 is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip for signature verification, and an operating system of the bank terminal device 01 is started after the signature verification is passed.
For a program that can run in the industrial personal computer main board 101, please refer to the embodiment described in fig. 2, which is not described herein again.
The preset encryption algorithm is a symmetric encryption algorithm or an asymmetric encryption algorithm.
Preferably, the memory 102 is a solid state disk.
Further, the industrial personal computer main board 101 is connected with the memory 102 (solid state disk) through a SATA interface, and the industrial personal computer main board 101 is connected with the encryption chip through a serial port RS 232.
The invention also provides an information security processing method, which is applied to the bank terminal, as shown in fig. 4, and comprises the following steps:
step S1, when the bank terminal is started for the first time, acquiring a unique hardware identification code of a memory connected with the mainboard of the industrial personal computer, carrying out validity verification on the hardware identification code and a preset hardware identification code, carrying out legal marking if the validity verification passes, sending the hardware identification code to the encryption chip, encrypting the hardware identification code by the encryption chip by adopting a preset encryption algorithm, and starting an operating system of the bank terminal after encryption;
and step S2, when the bank terminal machine is started up again, acquiring a unique hardware identification code of a memory connected with the mainboard of the industrial personal computer, if the hardware identification code is legally marked, sending the hardware identification code to the encryption chip for signature verification, and starting an operating system of the bank terminal machine after the signature verification passes.
The industrial personal computer mainboard can run an industrial personal computer self-starting program, a bottom layer driving program and an operating system program. And when the bank terminal is started for the first time, the self-starting program of the industrial personal computer and the bottom layer driving program operate. And then, acquiring a unique hardware identification code of a memory connected with the industrial personal computer mainboard through a bottom layer driving program, wherein at least one legal hardware identification code is preset on the industrial personal computer mainboard, and one hardware identification code corresponds to one memory. The industrial personal computer self-starting program carries out validity verification on the hardware identification code and a preset hardware identification code, if the validity verification fails, an operating system of the bank terminal is not started, and if the validity verification passes, legal marking is carried out, and the hardware identification code is sent to the encryption chip. The encryption chip encrypts the hardware identification code by adopting a preset encryption algorithm, feeds back an encrypted message to an industrial personal computer self-starting program after encryption, and finally starts an operating system of the bank terminal, namely, an operating system program, at this moment, the bank terminal 1 can be normally used.
When the bank terminal is used subsequently, the self-starting program and the bottom layer driving program of the industrial personal computer run when the bank terminal is started. Then, a bottom driver program is used for obtaining the only hardware identification code of a memory connected with the mainboard of the industrial personal computer again, if the hardware identification code is legally marked, the hardware identification code is encrypted, the automatic starting program of the industrial personal computer directly sends the hardware identification code to an encryption chip for signature verification, when signature verification is carried out, the encryption chip encrypts the hardware identification code by adopting a preset encryption algorithm, the encrypted hardware identification code is compared with the encrypted hardware identification code when the machine is started for the first time for signature verification, an operating system of the bank terminal is started after signature verification is passed, and the operating system of the bank terminal is not started when signature verification is failed.
According to the method, when the terminal is started for the first time, the only hardware identification code of the memory of the bank terminal is subjected to legality verification and encryption processing, when the terminal is started for the subsequent time, whether the stored hardware identification code is legally marked or not is judged at first, if the hardware identification code is legally marked, the stored hardware identification code is directly sent to the encryption chip for signature verification processing, the operating system of the bank terminal can be started after the signature verification passes, if the memory is replaced, the operating system cannot be started, the memory is prevented from being maliciously replaced, and the use safety of the bank terminal is improved.
Further, after the step S1, the information security processing method further includes:
and when the bank terminal is started up again, acquiring the unique hardware identification code of the memory connected with the main board of the industrial personal computer, and if the hardware identification code is not legally marked, carrying out legality verification on the hardware identification code and a preset hardware identification code.
There may be two cases where the hardware identifier of the memory is not legally labeled: one is that the memory is replaced by an illegal memory, and the other is that the memory is legal but is not subjected to validity verification due to other reasons when the computer is started for the first time, for example, the legal memory is not connected with the mainboard of the industrial personal computer when the computer is started for the first time.
When the hardware identification code is not legally marked, legality verification needs to be carried out on the hardware identification code and a preset hardware identification code, if the legality verification fails, the memory can be determined to be maliciously replaced, and an operating system is not started at the moment; and when the legality verification is passed, legality marking is carried out, and the hardware identification code is sent to the encryption chip for encryption, so that the legality verification is not carried out when the hardware identification code is started for the first time, at the moment, an operating system is not started, and when the hardware identification code is started again subsequently, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip for signature verification, and the operating system of the bank terminal is started after the signature verification is passed.
In the embodiment, when the bank terminal is started again, the legality of the hardware identification code which is not legally marked is verified, so that the memory which is maliciously replaced can be eliminated, or the legal hardware identification code which is not legally verified when the bank terminal is started for the first time is included, and the application flexibility is improved.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. The utility model provides a bank terminal machine, its characterized in that, bank terminal machine includes the industrial computer, the industrial computer include the industrial computer mainboard and with the memory that the industrial computer mainboard is connected, the industrial computer mainboard still with set up the encryption chip connection in the safe deposit box, wherein:
the industrial personal computer mainboard is used for acquiring a unique hardware identification code of a memory connected with the industrial personal computer mainboard when the bank terminal is started for the first time, comparing the hardware identification code with a preset hardware identification code to verify the legality, marking legality if the legality passes through the verification, sending the hardware identification code to the encryption chip, encrypting the hardware identification code by the encryption chip through a preset encryption algorithm, and starting an operating system of the bank terminal after encryption;
when the bank terminal is started up again, the only hardware identification code of the memory connected with the main board of the industrial personal computer is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip to be checked and signed, and an operating system of the bank terminal is started after the sign is checked and signed.
2. The banking terminal according to claim 1, wherein the industrial personal computer motherboard is further configured to obtain a unique hardware identification code of a memory connected to the industrial personal computer motherboard when the banking terminal is powered on again, and perform validity verification on the hardware identification code and a preset hardware identification code if the hardware identification code is not legally labeled.
3. The bank terminal according to claim 2, wherein the industrial personal computer motherboard is further configured to refuse to start the operating system of the bank terminal when the validity verification fails or the signature verification fails.
4. The bank terminal according to any one of claims 1 to 3, wherein the memory is a solid state drive.
5. The bank terminal according to claim 4, wherein the industrial personal computer motherboard is connected with the memory through a SATA interface, and is connected with the encryption chip through a serial port RS 232.
6. A bank terminal according to any one of claims 1 to 3, wherein the bank terminal is a self-service terminal or an automated terminal.
7. A bank terminal device, characterized in that, the bank terminal device includes a safe and a bank terminal machine according to any one of claims 1-6, an encryption chip is arranged in the safe, the industrial computer mainboard is connected with the encryption chip, wherein:
the industrial personal computer mainboard is used for acquiring a unique hardware identification code of a memory connected with the industrial personal computer mainboard when the bank terminal equipment is started for the first time, comparing the hardware identification code with a preset hardware identification code to verify the legality, marking legality if the legality passes through the verification, sending the hardware identification code to the encryption chip, encrypting the hardware identification code by the encryption chip through a preset encryption algorithm, and starting an operating system of the bank terminal equipment after encryption;
when the bank terminal equipment is started up again, the only hardware identification code of the memory connected with the main board of the industrial personal computer is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip to be checked and signed, and an operating system of the bank terminal equipment is started after the sign is checked and signed.
8. An information security processing method applied to the bank terminal according to any one of claims 1 to 6, wherein the information security processing method comprises the following steps:
when the bank terminal is started for the first time, acquiring a unique hardware identification code of a memory connected with a mainboard of the industrial personal computer, comparing the hardware identification code with a preset hardware identification code to verify the legality, if the legality is verified to pass, carrying out legal marking, sending the hardware identification code to the encryption chip, encrypting the hardware identification code by the encryption chip by adopting a preset encryption algorithm, and starting an operating system of the bank terminal after encryption;
when the bank terminal is started up again, the only hardware identification code of the memory connected with the main board of the industrial personal computer is obtained, if the hardware identification code is legally marked, the hardware identification code is sent to the encryption chip to be checked and signed, and an operating system of the bank terminal is started after the sign is checked and signed.
9. The information security processing method according to claim 8, further comprising:
and when the bank terminal is started up again, acquiring the unique hardware identification code of the memory connected with the main board of the industrial personal computer, and if the hardware identification code is not legally marked, carrying out legality verification on the hardware identification code and a preset hardware identification code.
10. The information security processing method according to claim 9, further comprising: and refusing to start the operating system of the bank terminal when the validity verification fails or the signature verification fails.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910448941.4A CN112002080B (en) | 2019-05-27 | 2019-05-27 | Bank terminal, bank terminal equipment and information security processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910448941.4A CN112002080B (en) | 2019-05-27 | 2019-05-27 | Bank terminal, bank terminal equipment and information security processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112002080A CN112002080A (en) | 2020-11-27 |
| CN112002080B true CN112002080B (en) | 2022-02-15 |
Family
ID=73461827
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910448941.4A Active CN112002080B (en) | 2019-05-27 | 2019-05-27 | Bank terminal, bank terminal equipment and information security processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112002080B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006228080A (en) * | 2005-02-21 | 2006-08-31 | Hitachi Omron Terminal Solutions Corp | Biometric authentication device, terminal device and automatic transaction device |
| CN201910094U (en) * | 2010-10-29 | 2011-07-27 | 中国工商银行股份有限公司 | Transaction realizing system and terminal |
| CN202049561U (en) * | 2011-05-18 | 2011-11-23 | 东华大学 | Financial IC (integrated circuit) card terminal |
| CN104247369A (en) * | 2012-02-22 | 2014-12-24 | 高通股份有限公司 | Method and equipment for blurring equipment tags |
| CN104951713A (en) * | 2014-03-26 | 2015-09-30 | 丛树业 | Safe processor for online financial information |
| CN105577611A (en) * | 2014-10-10 | 2016-05-11 | 广州联奕信息科技有限公司 | Computer safety realization method and computer safety realization device based on hardware and server authentication |
| CN205992270U (en) * | 2016-03-14 | 2017-03-01 | 河南诚讯电子商务有限公司 | A kind of data management system of transaction self-service terminal machine |
| CN207068131U (en) * | 2017-08-29 | 2018-03-02 | 成都诺达佳自动化技术有限公司 | The anti-information theft device of self-aided terminal |
| CN108229210A (en) * | 2017-12-26 | 2018-06-29 | 深圳市金立通信设备有限公司 | A kind of method, terminal and computer readable storage medium for protecting data |
| CN108416898A (en) * | 2018-04-25 | 2018-08-17 | 中电金融设备系统(深圳)有限公司 | Financial self-service equipment |
| CN109087466A (en) * | 2018-07-27 | 2018-12-25 | 江苏瑞银科技有限公司 | Huimin financial service terminal, financial service interacted system and working method |
Family Cites Families (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0952564A3 (en) * | 1998-04-16 | 2003-09-17 | Citicorp Development Center, Inc. | System and method for alternative encryption techniques |
| JP2001222740A (en) * | 2000-02-09 | 2001-08-17 | Sony Corp | Electronic money system and electronic money terminal device |
| ATE357710T1 (en) * | 2003-12-12 | 2007-04-15 | Banksys Sa | ELECTRONIC DATA PROCESSING DEVICE |
| WO2005109360A1 (en) * | 2004-05-10 | 2005-11-17 | Hani Girgis | Secure pin entry using personal computer |
| KR20060046933A (en) * | 2004-11-12 | 2006-05-18 | 노틸러스효성 주식회사 | Pinpad module protector |
| JP2010267152A (en) * | 2009-05-15 | 2010-11-25 | Oki Electric Ind Co Ltd | Cash processor |
| CN101957897B (en) * | 2009-07-20 | 2014-07-09 | 精品科技股份有限公司 | Storage device management method, computer system control method and information storage device |
| CN102346940A (en) * | 2011-01-06 | 2012-02-08 | 杨明生 | Forward bank counter system and method for utilizing same to conduct forward bank counter business |
| US20130086298A1 (en) * | 2011-10-04 | 2013-04-04 | International Business Machines Corporation | Live Logical Partition Migration with Stateful Offload Connections Using Context Extraction and Insertion |
| US9286466B2 (en) * | 2013-03-15 | 2016-03-15 | Uniloc Luxembourg S.A. | Registration and authentication of computing devices using a digital skeleton key |
| US9230137B2 (en) * | 2013-05-30 | 2016-01-05 | Dell Products, L.P. | Secure original equipment manufacturer (OEM) identifier for OEM devices |
| CN104077616B (en) * | 2014-07-02 | 2017-08-25 | 广州广电运通金融电子股份有限公司 | Self-aided terminal retain card processing method and system |
| CN106600846A (en) * | 2016-11-10 | 2017-04-26 | 东软集团股份有限公司 | Self-service terminal safety control method and apparatus and self-service terminal |
| CN106529349A (en) * | 2016-12-14 | 2017-03-22 | 武汉瑞纳捷电子技术有限公司 | Security chip and access control method thereof |
| CN206921102U (en) * | 2017-07-04 | 2018-01-23 | 赵勇 | A kind of intelligent Web credit intelligent terminal based on big data cloud |
| CN109756447B (en) * | 2017-11-01 | 2022-03-29 | 华为技术有限公司 | Security authentication method and related equipment |
| CN108462700B (en) * | 2018-02-10 | 2021-03-16 | 中电金融设备系统(深圳)有限公司 | Background server, terminal device, safety early warning method suitable for face recognition and storage medium |
| CN108765786B (en) * | 2018-04-03 | 2020-11-24 | 中电金融设备系统(深圳)有限公司 | Two-dimensional code withdrawal safety verification method and system and computer storage medium |
| CN208369623U (en) * | 2018-07-04 | 2019-01-11 | 成都立鑫新技术科技有限公司 | A kind of encryption equipment and encryption transmission system |
-
2019
- 2019-05-27 CN CN201910448941.4A patent/CN112002080B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006228080A (en) * | 2005-02-21 | 2006-08-31 | Hitachi Omron Terminal Solutions Corp | Biometric authentication device, terminal device and automatic transaction device |
| CN201910094U (en) * | 2010-10-29 | 2011-07-27 | 中国工商银行股份有限公司 | Transaction realizing system and terminal |
| CN202049561U (en) * | 2011-05-18 | 2011-11-23 | 东华大学 | Financial IC (integrated circuit) card terminal |
| CN104247369A (en) * | 2012-02-22 | 2014-12-24 | 高通股份有限公司 | Method and equipment for blurring equipment tags |
| CN104951713A (en) * | 2014-03-26 | 2015-09-30 | 丛树业 | Safe processor for online financial information |
| CN105577611A (en) * | 2014-10-10 | 2016-05-11 | 广州联奕信息科技有限公司 | Computer safety realization method and computer safety realization device based on hardware and server authentication |
| CN205992270U (en) * | 2016-03-14 | 2017-03-01 | 河南诚讯电子商务有限公司 | A kind of data management system of transaction self-service terminal machine |
| CN207068131U (en) * | 2017-08-29 | 2018-03-02 | 成都诺达佳自动化技术有限公司 | The anti-information theft device of self-aided terminal |
| CN108229210A (en) * | 2017-12-26 | 2018-06-29 | 深圳市金立通信设备有限公司 | A kind of method, terminal and computer readable storage medium for protecting data |
| CN108416898A (en) * | 2018-04-25 | 2018-08-17 | 中电金融设备系统(深圳)有限公司 | Financial self-service equipment |
| CN109087466A (en) * | 2018-07-27 | 2018-12-25 | 江苏瑞银科技有限公司 | Huimin financial service terminal, financial service interacted system and working method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112002080A (en) | 2020-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106688004B (en) | Transaction authentication method and device, mobile terminal, POS terminal and server | |
| US8967477B2 (en) | Smart card reader with a secure logging feature | |
| US9646174B2 (en) | Learning a new peripheral using a security provisioning manifest | |
| CN110276588B (en) | Electronic signature authentication method and device and computer readable storage medium | |
| US9509686B2 (en) | Secure element authentication | |
| US20130087612A1 (en) | Method and devices for the production and use of an identification document that can be displayed on a mobile device. | |
| EP2690840A1 (en) | Internet based security information interaction apparatus and method | |
| US20140172741A1 (en) | Method and system for security information interaction based on internet | |
| AU2011313826A1 (en) | System and method of conducting transactions | |
| US20140172721A1 (en) | Method for Securing a Transaction | |
| US10839383B2 (en) | System and method for providing transaction verification | |
| EP4081966A1 (en) | Authentication for third party digital wallet provisioning | |
| US20150200783A1 (en) | Secure access for sensitive digital information | |
| CN102111271A (en) | Network security authentication method and device, and handheld electronic device authentication method | |
| CN105721425B (en) | information processing method and electronic equipment | |
| US20160035021A1 (en) | Method and system for verifying an account | |
| CN108768973B (en) | Trusted application operation request auditing method and trusted application management server | |
| CN114827354A (en) | Identity authentication information display method and device, electronic equipment and readable storage medium | |
| CN106851613A (en) | Service request method, the verification method of business handling number and its terminal | |
| CN112002080B (en) | Bank terminal, bank terminal equipment and information security processing method | |
| US20100211488A1 (en) | License enforcement | |
| CN114710297B (en) | Block chain evidence storing method, device and equipment based on aggregated signature and storage medium | |
| KR20170066955A (en) | Electronic payment certification server based on payment image matched with phone number, electronic payment system, electronic payment method and electronic payment application | |
| CN115482132A (en) | Data processing method and device for electronic contract based on block chain and server | |
| CN103959830A (en) | Method and system to capture and validate a signature using a mobile device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |