CN111243129A - Secure communication system and method for transmitting paper files - Google Patents

Secure communication system and method for transmitting paper files Download PDF

Info

Publication number
CN111243129A
CN111243129A CN201811440938.XA CN201811440938A CN111243129A CN 111243129 A CN111243129 A CN 111243129A CN 201811440938 A CN201811440938 A CN 201811440938A CN 111243129 A CN111243129 A CN 111243129A
Authority
CN
China
Prior art keywords
information
module
unlocking
ciphertext
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811440938.XA
Other languages
Chinese (zh)
Other versions
CN111243129B (en
Inventor
孙晓鹏
彭金辉
刘武忠
廖正赟
周小欠
韩秀德
梁松涛
卫志刚
曹剑
韩金池
张晓龙
徐瑞军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN201811440938.XA priority Critical patent/CN111243129B/en
Publication of CN111243129A publication Critical patent/CN111243129A/en
Application granted granted Critical
Publication of CN111243129B publication Critical patent/CN111243129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a secure communication system and a secure communication method for transmitting paper files, which comprise at least one file insurance device, an NB-IOT communication base station, a server and at least one terminal device; the file insurance equipment is used for executing locking and unlocking actions, acquiring and verifying the biological characteristic information of a transmitter, encrypting data comprising an unlocking request and position information and decrypting a received authorization unlocking information ciphertext; the NB-IOT communication base station is used for transmitting a data ciphertext containing an unlocking request and position information to the server and receiving an authorized unlocking information ciphertext transmitted by the server; the server is used for transmitting a data ciphertext containing the unlocking request and the position information to the terminal equipment and receiving an authorized unlocking information ciphertext transmitted by the terminal equipment; the terminal equipment is used for carrying out decryption processing on the data ciphertext containing the unlocking request and the position information and carrying out encryption processing on the generated authorized unlocking information.

Description

Secure communication system and method for transmitting paper files
Technical Field
The invention relates to the technical field of wireless communication, in particular to a secure communication system and a secure communication method for transmitting paper files.
Background
When sensitive paper files need to be transmitted among departments such as public security, court and inspection institute, the traditional solution is that a transmitter, a monitoring person, a committee and the like need to monitor the transmission process of the sensitive paper files in the whole process, so as to ensure the consistency and safe transmission of the sensitive paper files. However, this method requires a plurality of workers, which results in a great reduction in work efficiency, and once there is a problem of negligence of the workers involved, the consistency and safety of the paper file cannot be effectively ensured.
In order to solve the problems of consistency and safety in the traditional sensitive paper file transfer process, people always seek an ideal technical solution.
Disclosure of Invention
The invention aims to provide a safe communication system and a method for transmitting paper files, which aim to overcome the defects in the prior art, realize the consistency of sensitive paper files and the safety of a transmission process by adopting an intelligent lock and combining an NB-IOT technology, a data encryption technology and a safety module with high safety performance, and greatly improve the working efficiency.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a secure communication system for transmitting paper files comprises at least one file insurance device, an NB-IOT communication base station, a server and at least one terminal device, wherein the NB-IOT communication base station is in communication connection with the file insurance device and the server respectively, and the server is in communication connection with the terminal device;
the file insurance equipment is used for executing locking and unlocking actions, acquiring and verifying biological characteristic information of a transmitter, encrypting data comprising an unlocking request and position information and decrypting a received authorization unlocking information ciphertext;
the NB-IOT communication base station is used for transmitting the data ciphertext containing the unlocking request and the position information to the server and receiving the authorized unlocking information ciphertext transmitted by the server;
the server is used for transmitting the data ciphertext containing the unlocking request and the position information to the terminal equipment and receiving the authorized unlocking information ciphertext transmitted by the terminal equipment;
and the terminal equipment is used for decrypting the data ciphertext containing the unlocking request and the position information and encrypting the generated authorized unlocking information.
Based on the above, the file insurance equipment is provided with an intelligent lock, and the intelligent lock comprises a microprocessor, an execution module, a biological feature recognition module, a positioning module, a first security module and an NB-IOT communication module; the microprocessor is respectively connected with the execution module, the biological feature recognition module, the positioning module, the first security module and the NB-IOT communication module and is used for carrying out information cooperation and interaction with the modules; the execution module is used for executing locking and unlocking actions according to the information of the microprocessor; the biological characteristic identification module is used for acquiring human body biological characteristic information; the positioning module is used for acquiring the position information of the file insurance equipment; the first security module is used for encrypting data comprising the unlocking request and the position information and decrypting the authorized unlocking information ciphertext; the NB-IOT communication module is used for sending the data ciphertext containing the unlocking request and the position information and receiving the authorized unlocking information ciphertext.
Based on the above, the terminal device comprises a processor, a network communication module, a second security module and a display module; the processor is respectively connected with the network communication module, the second safety module and the display module and is used for carrying out information cooperation and interaction with the modules; the network communication module is used for receiving the unlocking request and the ciphertext of the position information and sending the authorized unlocking information ciphertext; the second security module is used for decrypting the unlocking request and the position information and encrypting the authorized unlocking information ciphertext; the display module is used for displaying the unlocking request and the position information.
Based on the above, the biometric identification module includes at least one of a fingerprint module, an iris module, a human face module, a finger vein module, a palm print module, and a voice print module.
Based on the above, the file insurance equipment is further provided with a display device at least used for displaying the biometric verification information, the authorized unlocking information and the related process prompt information of the deliverer.
The invention also provides a secure communication method of the secure communication system for transmitting the paper file, which specifically comprises the following steps:
s1, after the paper file is locked into the file insurance equipment, the biological characteristic information of a transmitter is collected and stored through the biological characteristic identification module in the file insurance equipment, and the biological characteristic information is used as preset biological characteristic information;
s2, after the piece insurance equipment stored with the paper piece is transmitted to a target place, the biological characteristic information of a transmitter is collected through the biological characteristic identification module and is compared with the preset biological characteristic information for verification;
s3, after the verification is passed, the file insurance equipment acquires the data comprising the unlocking request and the position information, encrypts the data by the first security module, and sends the data to the server by the NB-IOT communication base station, and the server receives the data ciphertext comprising the unlocking request and the position information and forwards the data ciphertext to the terminal equipment;
s4, the terminal equipment decrypts the data ciphertext including the unlocking request and the position information through the second security module, and then obtains the data plaintext including the unlocking request and the position information;
s5, after verifying that the file insurance equipment is transmitted to a target location through the position information, the terminal equipment returns an authorized unlocking information ciphertext to the file insurance equipment according to the unlocking request, and the file insurance equipment decrypts the authorized unlocking information ciphertext, collects the biological characteristic information of the transmitter again and compares and verifies the biological characteristic information;
and S6, after the verification is passed, opening the file insurance equipment through the intelligent lock, and taking out the paper file from the file insurance equipment by a deliverer.
Based on the above, before S1, the method further includes: and carrying out information binding on the file insurance equipment and the terminal equipment.
Based on the above, before S3, the method further includes that the file insurance device performs two-way identity authentication based on a digital certificate with the terminal device; and the file insurance equipment and the terminal equipment perform key negotiation to obtain a session key for encrypting and decrypting communication information between the file insurance equipment and the terminal equipment.
Based on the above, the process of returning, according to the unlocking request, authorized unlocking information to the file insurance device in S5, and the process of decrypting, by the file insurance device, the authorized unlocking information ciphertext and acquiring again biometric information of the deliverer to verify includes:
the terminal equipment encrypts the generated authorized unlocking information through the second security module and then sends the encrypted authorized unlocking information to the server through the network communication module, and the server sends the ciphertext of the authorized unlocking information to the NB-IOT communication module through the NB-IOT communication base station;
the file insurance equipment receives the ciphertext of the authorized unlocking information through the NB-IOT communication module, decrypts the ciphertext of the authorized unlocking information through the first security module to obtain the plaintext of the authorized unlocking information, and acquires the biological characteristic information of a transmitter through the biological characteristic identification module to compare with the preset biological characteristic information for verification.
Based on the above, the process of performing digital certificate-based bidirectional identity authentication between the file insurance device and the terminal device and the process of performing key agreement between the file insurance device and the terminal device are all completed on the basis of the NB-IOT communication base station and the transmission channel built by the server.
Compared with the prior art, the invention has prominent substantive characteristics and remarkable progress, particularly:
(1) by introducing the NB-IOT communication technology, the system has wide coverage, low power consumption and capability of supporting mass connection;
(2) the first security module and the second security module are respectively arranged in the file insurance equipment and the terminal equipment, so that a security channel between the file insurance equipment and the terminal equipment is constructed, a malicious attacker is effectively prevented from intercepting data information, and the transmission security of data including an unlocking request and position information and authorized unlocking information is ensured;
(3) the biological characteristic recognition module of the intelligent lock arranged on the file insurance equipment can collect the biological characteristic information of a transmitter, and subsequently, whether the biological characteristic information is correct or not is verified to ensure the safety and consistency of the sensitive paper file in the transmission process, so that the file insurance equipment is more intelligent and networked;
(4) one or more superior leaders can be configured through the terminal equipment to transmit authorized unlocking information, and only after the authorized unlocking information transmitted by the terminal equipment is obtained and the biological characteristic information is verified to be correct, the intelligent lock can be correctly unlocked, the file insurance equipment can be unlocked, and the consistency and the safety of sensitive paper files can be ensured;
(5) identity authentication and key agreement are carried out between the file insurance equipment and the terminal equipment, so that the legality of the identities of the two parties and the safety of data transmission are ensured, and the damage of illegal equipment and malicious molecules to the transmission of sensitive paper files is prevented;
(6) by collecting and verifying the biological characteristic information of the deliverer for multiple times, the safety and consistency of the delivery of the paper file are effectively ensured, and the situation that persons except the deliverer illegally send an unlocking request and obtain authorized unlocking information so as to illegally obtain the paper file is avoided;
(7) the invention only needs a deliverer, thereby greatly improving the working efficiency.
Drawings
FIG. 1 is an overall block diagram of the secure communication system for communicating paper documents of the present invention.
FIG. 2 is a block diagram of a file insurance device in a secure communication system for communicating paper files in accordance with the present invention.
Fig. 3 is a block diagram illustrating a terminal device in a secure communication system for transferring paper documents according to the present invention.
FIG. 4 is a flow chart of a method of secure communication for communicating paper documents in accordance with the present invention.
Detailed Description
In order to make the present invention clearer, the technical solution of the present invention is further described in detail by the following embodiments.
As shown in fig. 1, a secure communication system for delivering paper documents includes at least one document insurance device, an NB-IOT communication base station, a server, and at least one terminal device, where the NB-IOT communication base station is in communication connection with the document insurance device and the server, respectively, and the server is in communication connection with the terminal device;
the file insurance equipment is used for executing locking and unlocking actions, acquiring and verifying biological characteristic information of a transmitter, encrypting data comprising an unlocking request and position information and decrypting a received authorization unlocking information ciphertext;
the NB-IOT communication base station is used for transmitting the data ciphertext containing the unlocking request and the position information to the server and receiving the authorized unlocking information ciphertext transmitted by the server;
the server is used for transmitting the data ciphertext containing the unlocking request and the position information to the terminal equipment and receiving the authorized unlocking information ciphertext transmitted by the terminal equipment;
and the terminal equipment is used for decrypting the data ciphertext containing the unlocking request and the position information and encrypting the generated authorized unlocking information.
As shown in fig. 2, specifically, an intelligent lock is disposed on the file insurance device, and the intelligent lock includes a microprocessor, an execution module, a biometric identification module, a positioning module, a first security module, and an NB-IOT communication module; the microprocessor is respectively connected with the execution module, the biological feature recognition module, the positioning module, the first security module and the NB-IOT communication module and is used for carrying out information cooperation and interaction with the modules; the execution module is used for executing locking and unlocking actions according to the information of the microprocessor; the biological characteristic identification module is used for acquiring human body biological characteristic information; the positioning module is used for acquiring the position information of the file insurance equipment; the first security module is used for encrypting data comprising the unlocking request and the position information and decrypting the authorized unlocking information ciphertext; the NB-IOT communication module is used for sending the data ciphertext containing the unlocking request and the position information and receiving the authorized unlocking information ciphertext.
As shown in fig. 3, specifically, the terminal device includes a processor, a network communication module, a second security module, and a display module; the processor is respectively connected with the network communication module, the second safety module and the display module and is used for carrying out information cooperation and interaction with the modules; the network communication module is used for receiving the unlocking request and the ciphertext of the position information and sending the authorized unlocking information ciphertext; the second security module is used for decrypting the unlocking request and the position information and encrypting the authorized unlocking information ciphertext; the display module is used for displaying the unlocking request and the position information.
Specifically, the biometric identification module comprises at least one of a fingerprint module, an iris module, a human face module, a finger vein module, a palm print module and a voiceprint module.
Specifically, the file insurance device is further provided with a display device at least used for displaying the biometric verification information, the authorized unlocking information and the related process prompt information of the deliverer.
As shown in fig. 4, the present invention further provides a secure communication method of a secure communication system for transferring a paper file, where the secure communication method specifically includes:
s1, after the paper file is locked into the file insurance equipment, the biological characteristic information of a transmitter is collected and stored through the biological characteristic identification module in the file insurance equipment, and the biological characteristic information is used as preset biological characteristic information;
s2, after the piece insurance equipment stored with the paper piece is transmitted to a target place, the biological characteristic information of a transmitter is collected through the biological characteristic identification module and is compared with the preset biological characteristic information for verification;
s3, after the verification is passed, the file insurance equipment acquires the data comprising the unlocking request and the position information, encrypts the data by the first security module, and sends the data to the server by the NB-IOT communication base station, and the server receives the data ciphertext comprising the unlocking request and the position information and forwards the data ciphertext to the terminal equipment;
s4, the terminal equipment decrypts the data ciphertext including the unlocking request and the position information through the second security module, and then obtains the data plaintext including the unlocking request and the position information;
s5, after verifying that the file insurance equipment is transmitted to a target location through the position information, the terminal equipment returns an authorized unlocking information ciphertext to the file insurance equipment according to the unlocking request, and the file insurance equipment decrypts the authorized unlocking information ciphertext, collects the biological characteristic information of the transmitter again and compares and verifies the biological characteristic information;
and S6, after the verification is passed, opening the file insurance equipment through the intelligent lock, and taking out the paper file from the file insurance equipment by a deliverer.
In practical application, in order to ensure that a deliverer can safely deliver paper files and ensure the consistency and the safety of the paper files, the biological characteristic information of the deliverer, such as information of fingerprints, human faces, finger veins and the like, needs to be collected for many times; after the target location is reached, the unlocking request and the position information are sent only after the collected biological characteristic information of the deliverer is verified to be correct, and other people except the deliverer are prevented from sending the unlocking request and the position information; when the file insurance equipment receives the authorized unlocking information, the file insurance equipment cannot be directly opened, but the biological characteristic information of the deliverer is collected again, and if the biological characteristic information passes the verification, the file insurance equipment can be opened, so that the situation that other personnel except the deliverer obtain the paper file on site is effectively avoided.
Specifically, before S1, the method further includes: and carrying out information binding on the file insurance equipment and the terminal equipment.
Specifically, before S3, the method further includes that the file insurance device performs two-way identity authentication based on a digital certificate with the terminal device; and the file insurance equipment and the terminal equipment perform key negotiation to obtain a session key for encrypting and decrypting communication information between the file insurance equipment and the terminal equipment.
Specifically, the process of returning, according to the unlocking request, authorized unlocking information to the file insurance device in S5, and the process of decrypting, by the file insurance device, the authorized unlocking information ciphertext and acquiring again biometric information of the deliverer to verify the biometric information includes:
the terminal equipment encrypts the generated authorized unlocking information through the second security module and then sends the encrypted authorized unlocking information to the server through the network communication module, and the server sends the ciphertext of the authorized unlocking information to the NB-IOT communication module through the NB-IOT communication base station;
the file insurance equipment receives the ciphertext of the authorized unlocking information through the NB-IOT communication module, decrypts the ciphertext of the authorized unlocking information through the first security module to obtain the plaintext of the authorized unlocking information, and acquires the biological characteristic information of a transmitter through the biological characteristic identification module to compare with the preset biological characteristic information for verification.
Specifically, the process of performing digital certificate-based bidirectional identity authentication on the file insurance device and the terminal device and the process of performing key agreement on the file insurance device and the terminal device are all completed on the basis of the NB-IOT communication base station and a transmission channel built by the server.
It should be finally noted that the above-mentioned embodiments are only used for illustrating the technical solutions of the present invention and not for limiting the same, and those skilled in the art should make modifications to the specific embodiments of the present invention or make equivalent substitutions for part of technical features without departing from the spirit of the technical solutions of the present invention, and all of them should be covered in the technical solutions claimed in the present invention.

Claims (10)

1. A secure communication system for transmitting paper files is characterized by comprising at least one file insurance device, an NB-IOT communication base station, a server and at least one terminal device, wherein the NB-IOT communication base station is in communication connection with the file insurance device and the server respectively, and the server is in communication connection with the terminal device;
the file insurance equipment is used for executing locking and unlocking actions, acquiring and verifying biological characteristic information of a transmitter, encrypting data comprising an unlocking request and position information and decrypting a received authorization unlocking information ciphertext;
the NB-IOT communication base station is used for transmitting the data ciphertext containing the unlocking request and the position information to the server and receiving the authorized unlocking information ciphertext transmitted by the server;
the server is used for transmitting the data ciphertext containing the unlocking request and the position information to the terminal equipment and receiving the authorized unlocking information ciphertext transmitted by the terminal equipment;
and the terminal equipment is used for decrypting the data ciphertext containing the unlocking request and the position information and encrypting the generated authorized unlocking information.
2. The secure communication system for communicating paper documents as claimed in claim 1, wherein an intelligent lock is provided on said document insurance device, said intelligent lock comprising a microprocessor, an execution module, a biometric identification module, a positioning module, a first security module and an NB-IOT communication module; the microprocessor is respectively connected with the execution module, the biological feature recognition module, the positioning module, the first security module and the NB-IOT communication module and is used for carrying out information cooperation and interaction with the modules; the execution module is used for executing locking and unlocking actions according to the information of the microprocessor; the biological characteristic identification module is used for acquiring human body biological characteristic information; the positioning module is used for acquiring the position information of the file insurance equipment; the first security module is used for encrypting data comprising the unlocking request and the position information and decrypting the authorized unlocking information ciphertext; the NB-IOT communication module is used for sending the data ciphertext containing the unlocking request and the position information and receiving the authorized unlocking information ciphertext.
3. The secure communication system for communicating paper documents as claimed in claim 1, wherein said terminal device comprises a processor, a network communication module, a second security module, a display module; the processor is respectively connected with the network communication module, the second safety module and the display module and is used for carrying out information cooperation and interaction with the modules; the network communication module is used for receiving the unlocking request and the ciphertext of the position information and sending the authorized unlocking information ciphertext; the second security module is used for decrypting the unlocking request and the position information and encrypting the authorized unlocking information ciphertext; the display module is used for displaying the unlocking request and the position information.
4. The secure communication system for communicating paper documents as claimed in claim 2, wherein said biometric module comprises at least one of a fingerprint module, an iris module, a face module, a finger vein module, a palm print module, a voice print module.
5. The secure communication system for delivery of paper files of claim 2, wherein a display device is further provided on the file insurance device for displaying at least the biometric verification information of the delivery person, the authorized unlocking information, and the associated process prompting information.
6. A secure communication method using the secure communication system for delivering paper documents according to any one of claims 1 to 5, the secure communication method comprising:
s1, after the paper file is locked into the file insurance equipment, the biological characteristic information of a transmitter is collected and stored through the biological characteristic identification module in the file insurance equipment, and the biological characteristic information is used as preset biological characteristic information;
s2, after the piece insurance equipment stored with the paper piece is transmitted to a target place, the biological characteristic information of a transmitter is collected through the biological characteristic identification module and is compared with the preset biological characteristic information for verification;
s3, after the verification is passed, the file insurance equipment acquires the data comprising the unlocking request and the position information, encrypts the data by the first security module, and sends the data to the server by the NB-IOT communication base station, and the server receives the data ciphertext comprising the unlocking request and the position information and forwards the data ciphertext to the terminal equipment;
s4, the terminal equipment decrypts the data ciphertext including the unlocking request and the position information through the second security module, and then obtains the data plaintext including the unlocking request and the position information;
s5, after verifying that the file insurance equipment is transmitted to a target location through the position information, the terminal equipment returns an authorized unlocking information ciphertext to the file insurance equipment according to the unlocking request, and the file insurance equipment decrypts the authorized unlocking information ciphertext, collects the biological characteristic information of the transmitter again and compares and verifies the biological characteristic information;
and S6, after the verification is passed, opening the file insurance equipment through the intelligent lock, and taking out the paper file from the file insurance equipment by a deliverer.
7. The secure communication method for communicating paper parcels of claim 6, further comprising, prior to S1: and carrying out information binding on the file insurance equipment and the terminal equipment.
8. The secure communication method for communicating paper portfolio of claim 6, further comprising, prior to S3, the portfolio insurance device performing digital certificate-based two-way identity authentication with the terminal device; and the file insurance equipment and the terminal equipment perform key negotiation to obtain a session key for encrypting and decrypting communication information between the file insurance equipment and the terminal equipment.
9. The secure communication method for delivering paper files according to claim 6, wherein the step of returning authorized unlocking information to the file insurance device according to the unlocking request in S5, the process of decrypting the authorized unlocking information ciphertext by the file insurance device and collecting the biometric information of the deliverer again for verification comprises:
the terminal equipment encrypts the generated authorized unlocking information through the second security module and then sends the encrypted authorized unlocking information to the server through the network communication module, and the server sends the ciphertext of the authorized unlocking information to the NB-IOT communication module through the NB-IOT communication base station;
the file insurance equipment receives the ciphertext of the authorized unlocking information through the NB-IOT communication module, decrypts the ciphertext of the authorized unlocking information through the first security module to obtain the plaintext of the authorized unlocking information, and acquires the biological characteristic information of a transmitter through the biological characteristic identification module to compare with the preset biological characteristic information for verification.
10. The secure communication method for delivering paper files according to claim 8, wherein the process of performing two-way identity authentication based on a digital certificate with the terminal device and performing key agreement with the terminal device is completed on the basis of a transmission channel established by the NB-IOT communication base station and the server.
CN201811440938.XA 2018-11-29 2018-11-29 Secure communication system and method for transmitting paper files Active CN111243129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811440938.XA CN111243129B (en) 2018-11-29 2018-11-29 Secure communication system and method for transmitting paper files

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811440938.XA CN111243129B (en) 2018-11-29 2018-11-29 Secure communication system and method for transmitting paper files

Publications (2)

Publication Number Publication Date
CN111243129A true CN111243129A (en) 2020-06-05
CN111243129B CN111243129B (en) 2022-02-11

Family

ID=70864049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811440938.XA Active CN111243129B (en) 2018-11-29 2018-11-29 Secure communication system and method for transmitting paper files

Country Status (1)

Country Link
CN (1) CN111243129B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN204087261U (en) * 2014-07-18 2015-01-07 安然 A kind of valuables logistics distribution system
CN105298298A (en) * 2015-11-04 2016-02-03 上海太赫紫电子科技有限公司 Safety type safety box unlocked through mobile phone
CN105901964A (en) * 2016-06-24 2016-08-31 青岛安正网络科技有限公司 Intelligent paper medium archive management device
CN206124508U (en) * 2016-11-05 2017-04-26 金香华 Prevent file for economy lost
CN108354296A (en) * 2018-02-09 2018-08-03 深圳市安卓工控设备有限公司 A kind of concerning security matters vectors safe carrying box
CN108900530A (en) * 2018-07-30 2018-11-27 郑州信大捷安信息技术股份有限公司 A kind of safe communication system and method
CN109392190A (en) * 2018-11-16 2019-02-26 国网安徽省电力有限公司淮南供电公司 Confidential document flow system and control method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN204087261U (en) * 2014-07-18 2015-01-07 安然 A kind of valuables logistics distribution system
CN105298298A (en) * 2015-11-04 2016-02-03 上海太赫紫电子科技有限公司 Safety type safety box unlocked through mobile phone
CN105901964A (en) * 2016-06-24 2016-08-31 青岛安正网络科技有限公司 Intelligent paper medium archive management device
CN206124508U (en) * 2016-11-05 2017-04-26 金香华 Prevent file for economy lost
CN108354296A (en) * 2018-02-09 2018-08-03 深圳市安卓工控设备有限公司 A kind of concerning security matters vectors safe carrying box
CN108900530A (en) * 2018-07-30 2018-11-27 郑州信大捷安信息技术股份有限公司 A kind of safe communication system and method
CN109392190A (en) * 2018-11-16 2019-02-26 国网安徽省电力有限公司淮南供电公司 Confidential document flow system and control method

Also Published As

Publication number Publication date
CN111243129B (en) 2022-02-11

Similar Documents

Publication Publication Date Title
CN111614637B (en) Secure communication method and system based on software cryptographic module
US8843760B2 (en) Biometric identification method
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
US7725717B2 (en) Method and apparatus for user authentication
CN101958892B (en) Electronic data protection method, device and system based on face recognition
CN105847247A (en) Authentication system and working method thereof
CN106488452B (en) Mobile terminal safety access authentication method combining fingerprint
CN101340436B (en) Method and apparatus implementing remote access control based on portable memory apparatus
CN109410406A (en) A kind of authorization method, device and system
CN109150535A (en) A kind of identity identifying method, equipment, computer readable storage medium and device
CN101420301A (en) Human face recognizing identity authentication system
CN102448061A (en) Method and system for preventing phishing attack on basis of mobile terminal
CN102572817A (en) Method and intelligent memory card for realizing mobile communication confidentiality
CN107989514A (en) There is the safety box of dynamic password
CN104935441A (en) Authentication method and relevant devices and systems
CN109889669A (en) A kind of unlocked by mobile telephone method and system based on secure cryptographic algorithm
CN106789024A (en) A kind of remote de-locking method, device and system
CN107911211B (en) Two-dimensional code authentication system based on quantum communication network
CN101908964A (en) Method for authenticating remote virtual cryptographic equipment
CN103152326A (en) Distributed authentication method and authentication system
CN110738764A (en) Security control system and method based on intelligent lock
CN107786978B (en) NFC authentication system based on quantum encryption
CN107888376B (en) NFC authentication system based on quantum communication network
CN111243129B (en) Secure communication system and method for transmitting paper files
Chen et al. Design of a secure medical data sharing system via an authorized mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant