CN113596842A

CN113596842A - Control method, system and related device

Info

Publication number: CN113596842A
Application number: CN202111125596.4A
Authority: CN
Inventors: 陈栋梁; 潘嘉明; 于海波; 张东胜
Original assignee: Yunding Network Technology Beijing Co Ltd
Current assignee: Yunding Network Technology Beijing Co Ltd
Priority date: 2021-09-26
Filing date: 2021-09-26
Publication date: 2021-11-02
Anticipated expiration: 2041-09-26
Also published as: CN113596842B

Abstract

The embodiment of the application provides a control method, a control system and a related device. The server is used for writing the authentication information of the server and the group identification of the control authority of the smart card into the smart card and writing the group identification of the control equipment into the control equipment, and any group identification indicates a group comprising a plurality of control equipment. Therefore, the control device verifies whether the group identifier of the control device is included in the authority information (the group identifier of the smart card with the control authority) sent by the smart card on the premise that the server configured with the smart card is the same as the server configured with the control device, and if so, the control device passes the verification and sends a control instruction. The scheme does not need to set the control authority of the intelligent card and the control devices respectively, can realize the purpose that one intelligent card controls the control devices, and improves the convenience and the success rate of the control process of the control devices.

Description

Control method, system and related device

Technical Field

The present application relates to the field of data processing technologies, and in particular, to a control method, a control system, and a related apparatus.

Background

At present, the convenience of a control method is greatly improved by utilizing a smart card to realize control over control equipment, for example, an electronic lock is generally used, and a technology of unlocking the electronic lock by using an NFC (Near Field Communication) card is used.

How to improve the convenience and success rate of controlling a plurality of control devices by one smart card becomes a difficult problem to be solved urgently at present.

Disclosure of Invention

The application provides a control method, a control device and a readable storage medium, aiming at improving the convenience and the success rate of the control method, and comprising the following steps:

a control method is applied to a smart card and comprises the following steps:

responding to the communication with a control device, sending authentication information of a first server to the control device, so that the control device verifies whether the first server is a server for configuring the control device, wherein the first server is a server for configuring the smart card, and the authentication information of the first server is configured in the smart card in advance;

after the authentication information of the first server is sent to the control equipment, authority information is sent to the control equipment, so that the control equipment sends out a control instruction under the condition that the authority information comprises the group identification of the control equipment; the authority information comprises group identifications for representing that the smart card has control authority, and any group identification indicates a group comprising a plurality of control devices.

Optionally, the authentication information of the first server includes: the identity certificate is obtained by signing the private key of the intelligent card by using the private key of the first server;

the sending authentication information of a first server to the control apparatus to cause the control apparatus to verify whether the first server is a server configuring the control apparatus includes:

and sending the identity certificate to the control equipment so that the control equipment checks the identity certificate by using a preset public key, wherein the preset public key is a public key of a server configured with the control equipment.

Optionally, before the sending the authority information to the control device, the method further includes:

in response to receiving a random key sent by the control equipment, encrypting a group identifier of the smart card with control authority by using the random key;

and taking the encrypted group identification of the smart card with the control authority as the authority information.

Optionally, the configuration process of the group identifier with the control authority of the smart card includes:

in response to the received encryption authority information, decrypting the encryption authority information by using a public key of the first server, and storing a decryption result as a group identifier of the smart card with control authority;

the encryption authority information is obtained by encrypting a preset group identification with control authority of the smart card by using a private key of the first server, and a public key of the first server is configured in the smart card in advance.

Optionally, the authority information further includes a validity period corresponding to a group identifier of the smart card having the control authority, and/or a card identifier of the smart card.

A control method is applied to a control device and comprises the following steps:

in response to receiving authentication information of a first server sent by a smart card, verifying whether the first server is a server configuring the control device; the first server is a server for configuring the smart card;

responding to the verification and receiving the authority information sent by the intelligent card, and judging whether the authority information comprises the group identification of the control equipment; the authority information comprises group identifications for representing that the smart card has control authority, and any group identification indicates a group comprising a plurality of control devices;

and if the authority information comprises the group identification of the control equipment, sending a control instruction.

the verifying whether the first server is a server configuring the control device includes:

using a preset public key to check and sign the identity certificate, wherein the preset public key is a public key of a server configured with the control equipment, and the preset public key is configured in the control equipment in advance;

and if the verification passes, determining that the first server is a server for configuring the control equipment.

Optionally, the method further comprises:

generating a random key in response to determining that the first server is a server configuring the control device;

and sending the random key to the intelligent card so that the intelligent card encrypts the group identification of the intelligent card with the control authority by using the random key, and taking the encrypted group identification of the intelligent card with the control authority as the authority information.

Optionally, the determining whether the permission information includes a group identifier of the control device includes:

decrypting the authority information by using the random key to obtain a decryption result;

and judging whether the decryption result comprises the group identification of the control equipment.

Optionally, the authority information further includes a validity period corresponding to a group identifier of the smart card having the control authority, and/or a card identifier of the smart card;

if the permission information includes the group identifier of the control device, sending a control instruction, including:

if the authority information comprises the group identification of the control equipment and meets a preset condition, sending a control instruction;

the conditions include: the current moment is in the valid period corresponding to the group identification of the control equipment, and/or the card identification of the intelligent card is not in a preset list; the preset list comprises card identifiers of smart cards which are pre-configured in the control equipment and rejected by the control equipment.

Optionally, the method further comprises:

receiving smart card management information issued by the server configured with the control device, wherein the smart card management information comprises an identifier to be managed and a management validity period, and the identifier to be managed comprises a card identifier of a smart card rejected by the control device;

adding the identifier to be managed into the preset list, and correspondingly recording the management validity period;

and in response to the management validity period being exceeded, deleting the to-be-managed identification from the preset list.

A control system, comprising: the system comprises a server, a smart card and a control device;

the server is configured to:

writing the authentication information of the server and the group identification of the smart card with the control authority into the smart card;

writing the group identification of the control device into the control device; any group identification indicates a group including a plurality of control devices;

the intelligent card is used for realizing each step of the control method;

the control device is used for realizing each step of the control method.

Optionally, the server is further configured to:

before the authentication information of the server is written into the smart card, the private key of the server is used for signing the private key of the smart card to obtain an identity certificate, and the identity certificate is used as the authentication information of the server;

and writing the public key of the server into the control equipment.

A communication device, comprising:

the identity verification unit is used for responding to the establishment of communication with the control equipment and sending authentication information of a first server to the control equipment so that the control equipment verifies whether the first server is a server for configuring the control equipment or not, wherein the first server is a server for configuring a smart card, and the authentication information of the first server is configured in the smart card in advance;

the control device comprises an authority verification unit, a first server and a second server, wherein the authority verification unit is used for sending authority information to the control device after the authentication information of the first server is sent to the control device, so that the control device sends a control instruction under the condition that the authority information comprises a group identification of the control device; the authority information comprises group identifications for representing that the smart card has control authority, and any group identification indicates a group comprising a plurality of control devices.

A control device, comprising:

the identity verification unit is used for responding to the received authentication information of the first server sent by the intelligent card and verifying whether the first server is a server for configuring the control equipment; the first server is a server for configuring the smart card;

the permission verification unit is used for responding to the verification and receiving permission information sent by the intelligent card, and judging whether the permission information comprises the group identification of the control equipment; the authority information comprises group identifications for representing that the smart card has control authority, and any group identification indicates a group comprising a plurality of control devices;

and the control unit is used for sending a control instruction if the authority information comprises the group identification of the control equipment.

A data processing apparatus comprising: a memory and a processor;

the memory is used for storing programs;

the processor is configured to execute the program to implement the steps of the control method.

A readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the control method as described above.

According to the control method, the control system and the related device provided by the embodiment of the application, the server is used for writing the authentication information of the server and the group identification of the smart card with the control authority into the smart card and writing the group identification of the control device into the control device, and any group identification indicates a group comprising a plurality of control devices. Therefore, the control device verifies whether the authority information includes the identifier of the control device on the premise that the server configured with the smart card is the same as the server configured with the control device, and if the authority information includes the group identifier of the control device, the control device passes the verification and sends a control instruction. Because the authority information comprises the group identification of the control authority of the intelligent card, when the authority information comprises the group identification of the control equipment, the intelligent card is proved to have the control authority to the control equipment, and because any group identification indicates the group comprising a plurality of control equipment, the intelligent card can control the plurality of control equipment. Therefore, the method can realize the purpose that one intelligent card controls a plurality of control devices without setting the control authority of the intelligent card and the control devices respectively, and improves the convenience and the success rate of control.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic structural diagram of an intelligent lock control system according to an embodiment of the present application;

fig. 2 is a schematic flowchart of an identity configuration method according to an embodiment of the present application;

fig. 3 is a schematic flowchart of a permission configuration method according to an embodiment of the present application;

fig. 4 is a schematic flowchart of a specific implementation of an unlocking method according to an embodiment of the present application;

fig. 5 is a schematic flowchart of an unlocking method according to an embodiment of the present application;

fig. 6 is a schematic flowchart of a control method according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a smart card according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a control device according to an embodiment of the present disclosure;

fig. 9 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The control method provided by the embodiment of the application is applied to but not limited to an intelligent device security management system. For example, the intelligent lock control system included in the intelligent device security management system, the control method provided by the embodiment of the application is applied to the intelligent lock control system. Fig. 1 is a schematic view of an application scenario of an intelligent lock control system according to an embodiment of the present application.

As shown in FIG. 1, the smart lock control system 100 may include at least a server 110, a network 120, a smart lock device 130, and a smart management card 140. The intelligent lock control system provided by the embodiment of the application can realize control, such as unlocking control, on the intelligent lock equipment. The intelligent lock device can be used for access management devices (door locks, garage locks, door controls and the like) in public areas, such as factories, office buildings, schools, hospitals, residential quarters and the like, or security devices in private areas, such as residential houses, garages, safe cases, storage cabinets and the like.

Server 110 may process data and/or signals associated with smart lock device 130 or smart management card 140 to perform one or more of the functions described herein. In some embodiments, server 110 may include one or more processors to process relevant data and/or information. For example, the authentication information of the server and the group identifier of the smart management card with the control authority are written into the smart management card, and the group identifier of the smart lock device is written into the smart lock device, so that the control authority configuration of the smart management card to a plurality of smart lock devices is realized. For another example, the server 110 may use the private key of the server to sign the private key of the smart management card to obtain an identity certificate, use the identity certificate as the authentication information of the server, and write the public key of the server into the smart lock device, so as to implement setting of the identity authority of the smart management card by the smart lock device. In some embodiments, the server 110 may be a single server or a group of servers. The server farm can be centralized or distributed (e.g., server 110 can be a distributed system). In some embodiments, the server 110 may be local or remote. In some embodiments, the server 110 may be implemented on a cloud platform. By way of example only, the cloud platform may include a private cloud, a public cloud, a hybrid cloud, a community cloud, a distributed cloud, between clouds, multiple clouds, the like, or any combination of the above. In some embodiments, the server 110 may be implemented on a computing device. In some embodiments, the server 110 may be implemented on a mobile device.

Network 120 may be used for the exchange of information and/or data. Information/data may be sent between one or more components in the system (server 110, security device 130, and user terminal 140) to other components over network 120. In some embodiments, the network 120 may be any one or combination of a wired network or a wireless network. For example, network 120 may include a cable network, a wired network, a fiber optic network, a telecommunications network, an intranet, the internet, a Local Area Network (LAN), a Wide Area Network (WAN), a Wireless Local Area Network (WLAN), a Metropolitan Area Network (MAN), a Public Switched Telephone Network (PSTN), a general packet radio network (GPRS), a mobile telephone network, a bluetooth network, a ZigBee network, a Near Field Communication (NFC) network, a narrowband internet of things NB-IoT/LoRa, and the like, or any combination thereof. In some embodiments, network 120 may include one or more network access points. For example, the network 120 may include wired or wireless network access points, such as base stations and/or Internet switching points 120-1, 120-2, and so forth. Through the access point, one or more components of system 100 may connect to network 120 to exchange data and/or information.

The smart lock device 130 receives the authentication information of the first server sent by the smart management card 140, verifies whether the first server is a server configured with the smart lock device 130, determines whether the authority information includes the group identifier of the smart lock device 130 after the verification passes and the authority information sent by the smart management card 130 is received, and sends a control instruction if the authority information includes the group identifier of the smart lock device 130. The smart lock device 130 may be applied to an access management device (door lock, garage lock, door lock, etc.), a safe, a locker, and the like. In some embodiments, the smart lock device is pre-installed on the security device, such as a security door, a fire curtain, etc.

The smart management card 140 may send the authentication information of the first server to the smart lock device 130 after establishing communication with the smart lock device 130, so that the smart lock device 130 verifies whether the first server is a server configuring the control device. The permission information is further sent to the smart lock device 130, so that the smart lock device 130 sends a control instruction under the condition that the permission information includes the identifier of the control device, thereby realizing control over the smart lock device 130. The smart management card may be a physical card, a virtual card, or a management key provided in the terminal device application software. In some embodiments, the management card may be a key, an IC (integrated circuit) card, an access card, and in some embodiments, the management card may be a key configured into a bracelet, a mobile smart device, or a client through network technologies such as NFC (near field communication), bluetooth (tm), WIFI, or LAN (local area network). For example, the smart management card is a virtual card, and may be disposed in a user terminal, including but not limited to a desktop computer, a laptop computer, a smart phone, a Personal Digital Assistant (PDA), a tablet computer, a handheld game console, smart glasses, a smart watch, a wearable device, a virtual display device, a display enhancement device, and the like, or any combination thereof.

The user terminal may include one or more terminals. The user terminal may be a user of the smart lock device 130 or an administrator. Multiple user terminals may communicate with one server 110 or multiple user terminals may exchange data with other devices in the system 100. In some embodiments, the user terminal may be a terminal device of a security device user, which may communicate directly or indirectly (e.g., through a server) with a security device, such as smart lock device 130.

In some embodiments, the server 110, the smart lock device 130, and the smart management card 140 may each be provided with a separate storage device, or separate storage devices may be provided within the system 100 for storing data and/or instructions. For example, server 110 may have an integrated storage device or may have a separately located storage device (e.g., a big data server) that server 110 may access over network 120. In some embodiments, the storage device may include mass storage, removable storage, volatile read-write memory, random access memory, read-only memory (ROM), the like, or any combination of the above. Exemplary mass storage devices may include magnetic disks, optical disks, solid state drives, and the like. Exemplary removable memory may include flash memory disks, floppy disks, optical disks, memory cards, compact disks, magnetic tape, and the like. Exemplary volatile read-only memory can include Random Access Memory (RAM). Exemplary random access memories may include Dynamic Random Access Memory (DRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Static Random Access Memory (SRAM), silicon controlled random access memory (T-RAM), zero capacitance memory (Z-RAM), and the like. Exemplary read-only memories may include mask read-only memory (MROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), compact disk read-only memory (CD-ROM), digital versatile disk read-only memory (dfrom), and the like. In some embodiments, the storage device may also be implemented on a cloud platform. For example, the cloud platform may include private clouds, public clouds, hybrid clouds, community clouds, distributed clouds, between clouds, multiple clouds, the like, or any combination of the above.

Taking an intelligent management card as an NFC chip (the NFC chip can be carried on any carrier, such as a mobile phone APP or an entity card) as an example, detailed specific functions of each constituent structure of the above-mentioned intelligent lock control system are as follows:

in this embodiment, the server is configured to configure the identity information of the NFC chip and the identity information of the smart lock device, and fig. 2 illustrates an optional configuration method applied to the identity information of the server, which specifically includes:

s201, obtaining a key pair of the server and a key pair of the NFC chip.

In this embodiment, the key pair of the server includes a private key of the server and a public key of the server, and the key pair of the NFC chip includes a private key of the NFC chip and a public key of the NFC chip.

It should be noted that, the key pair of the server uniquely indicates one server, the key pair of the NFC chip uniquely indicates one NFC chip, and a specific implementation manner of obtaining the key pair may refer to the prior art.

S202, the private key of the NFC chip is signed by using the private key of the server, and an identity certificate is generated.

The specific signature method is referred to in the prior art, and this embodiment is not described in detail.

And S203, writing the identity certificate into the NFC chip as the authentication information of the server.

Optionally, the server further writes the public key of the server and the key pair of the NFC chip into the NFC chip.

And S204, writing the public key of the server and the preset group identification of the intelligent lock device into the intelligent lock device.

In this embodiment, the group identifier of the intelligent lock device indicates the group to which the intelligent lock device belongs, and any group includes a plurality of intelligent lock devices, that is, the group identifiers of the plurality of intelligent lock devices belonging to the same group are the same.

It should be noted that, in the process of configuring, by S201 to S203, the identity information of the NFC chip for the server, where the identity information of the NFC chip includes an identity certificate (which is used to indicate a server configured with the NFC chip), and is executed in a card making stage (i.e., an initial setting stage) of the NFC chip, S204 is a process of configuring, by the server, the identity information of the smart lock device (including a public key of the server and a preset group identifier of the smart lock device, where the public key of the server indicates the server configured with the smart lock device, and the group identifier of the smart lock device indicates a group to which the smart lock device belongs), and is executed in a manufacturing stage (i.e., the initial setting stage) of the smart lock device, where the process of configuring, by the server, the identity information of the NFC chip and the process of configuring, by the server, the identity information of the smart lock device are independent from each other, and an execution sequence is not limited in this embodiment.

It should be further noted that specific implementations of the server writing information to the NFC chip and the smart lock device include multiple implementations, for example, writing information to the NFC chip or the smart lock device by using a card writing device (e.g., a card recorder).

In this embodiment, the server is further configured to configure a control right of the NFC chip, in this embodiment, the control right at least includes an unlocking right, taking the unlocking right as an example, fig. 3 illustrates an optional control right configuration method applied to the server, and specifically includes:

s301, encrypting preset authority group information by using a private key of the server to generate encrypted authority information.

In this embodiment, the permission group information at least includes a group identifier that the NFC chip is configured in advance and has an unlocking permission, and the permission group information may further include a validity period corresponding to each group identifier that the NFC chip has the unlocking permission.

It should be noted that the group indicated by each group identifier includes multiple intelligent lock devices, and the validity period corresponding to each group identifier indicates the valid time period in which the intelligent lock devices in the group have the unlocking right.

For example, the group identifier of the NFC chip having the unlocking authority includes a group 3 and a group 5, the validity period corresponding to the group 3 is 11/month 1 to 11/month 30 in 2020, and the validity period corresponding to the group 5 is 12/month 1 to 11/month 31 in 2020.

It should be noted that the permission group information may further include a card identifier of the NFC chip.

S302, sending the encryption authority information to the NFC chip.

It should be noted that, S301 to S302 are configuration methods for the server to unlock the NFC chip, and are executed in the permission setting stage after the NFC chip leaves the factory, for example, in practical applications, the server encrypts permission group information entered by a building administrator through a log-in device and sends the encrypted permission group information to the NFC chip, and specific implementation manners may refer to the prior art.

It can be seen from the process of configuring the intelligent lock device and the NFC chip by the server, the NFC chip in the NFC chip has the group identifier of the unlocking authority configured in advance, the group identifier of the intelligent lock device in the intelligent lock device is also configured in advance, and each group identifier indicates the group including the plurality of intelligent lock devices, so when the plurality of intelligent lock devices are unlocked by the NFC chip, only the group identifiers of the same members of the plurality of intelligent lock devices are configured on the NFC chip, and it is not necessary to set the unlocking authority for each intelligent lock device in the plurality of intelligent lock devices, thereby improving convenience on the one hand, and on the other hand, avoiding high network delay and low configuration success rate due to multiple configurations.

Furthermore, the preconfigured authority group information also comprises the validity period corresponding to each group identifier of the NFC chip with the unlocking authority, so that the configuration flexibility is improved, and the safety can be improved.

It should be noted that any step in fig. 2 or fig. 3 may be implemented in the smart security device control system 100 shown in fig. 1. For example, one or more of steps S301-S302 or S201-S203 may be stored as instructions in a storage device and invoked and/or executed by one or more processors. In some embodiments, the one or more processors may be processors of server 110, and thus S301-S302 or S201-S203 may be implemented on server 110.

It should be noted that, because the information preconfigured in the NFC chip and the information preconfigured in the smart lock device are different from those in the prior art, based on the configuration flows shown in fig. 2 and fig. 3, the present application also provides an unlocking flow, fig. 4 is a specific implementation process of the unlocking method provided in the embodiment of the present application, and an optional application scenario is that an NFC card is used to be close to the smart lock device, and a data processing flow for unlocking the smart lock device is implemented through data interaction between the smart lock device built in the smart lock device and the chip built in the NFC card. It should be noted that, the data interaction between the NFC chip and the smart lock device is performed in a near field communication manner, as shown in fig. 4, specifically, the data interaction may include:

s401, responding to the establishment of near field communication with the intelligent lock device, and sending an identity certificate to the intelligent lock device by the NFC chip.

In this embodiment, the identity certificate is obtained by signing the private key of the NFC chip using the private key of the first server, where the first server is a server configured with the NFC chip, and it can be understood that the first server has a right to write information into the NFC chip.

S402, the intelligent lock device responds to the received identity certificate, checks the identity certificate by using a preset public key, if the identity certificate passes the checking, S403 is executed, and if the identity certificate does not pass the checking, a preset warning signal is sent.

In this embodiment, the preset public key is pre-configured in the public key of the server configured with the intelligent lock device in the intelligent lock device. The specific method for verifying the identity certificate by using the preset public key refers to the prior art.

It should be noted that the preset warning signal includes, but is not limited to, flashing of a warning light and warning voice indicating that the warning light is not passed.

And S403, the intelligent lock device sends the generated random key to the NFC chip.

In this embodiment, the intelligent lock device automatically generates the random key in response to the passing of the verification of the identity certificate, and the generation method may refer to the prior art.

S404, the NFC chip encrypts the authority group information by using the random key, and the encrypted authority group information is used as the authority information.

In this embodiment, the permission group information at least includes a group identifier of a preset NFC chip having an unlocking permission, and optionally, the permission group information further includes a validity period corresponding to each group identifier and/or a card identifier of the NFC chip.

In this embodiment, the group indicated by any group identifier includes multiple intelligent lock devices, that is, the group identifiers of multiple intelligent lock devices belonging to the same group are the same. And the valid period corresponding to each group identifier indicates that the NFC chip has the valid time period of the unlocking permission to the group indicated by the preset permission group information.

In this embodiment, the permission group information is pre-configured in the NFC chip, and taking a group identifier of the NFC chip having an unlocking permission as an example, the configuration method for configuring the permission group information includes:

and receiving the encryption authority information sent by the first server, decrypting the encryption authority information by using the public key of the first server, and using the decryption result as the group identification of the NFC chip with the unlocking authority. It should be noted that the public key of the first server is pre-configured in the NFC chip, and the encryption permission information is generated by encrypting the group identifier, which has the unlocking permission, of the NFC chip by using the private key of the first server.

S405, the NFC chip sends the permission information to the intelligent lock device.

S406, the intelligent lock device decrypts the authority information by using the random key to obtain the authority group information.

S407, the intelligent lock device judges whether the authority group information is valid according to the group identification and the authority group information of the intelligent lock device.

In this embodiment, the group identifier of the intelligent lock device is pre-configured in the intelligent lock device.

In this embodiment, the condition for determining whether the permission group information is valid includes: the permission group information comprises a group identification of the intelligent lock device, and the current time is in the valid period corresponding to the group identification of the intelligent lock device.

It should be noted that, when the authority group information does not include the group identifier of the intelligent lock device, and/or the validity period corresponding to the group identifier of the intelligent lock device at the current time, it is determined that the authority group information is invalid.

And S408, the intelligent lock device sends an unlocking instruction under the condition that the authority group information is valid, and sends a preset warning signal under the condition that the authority group information is invalid.

For example, the permission group information includes a group 3 and a group 5, the identifier validity period of the group 3 is from 11/month 1 to 11/month 30 in 2020, the identifier validity period of the group 5 is from 12/month 1 to 11/month 31 in 2020, and the current time is 11/month 5, the group identifier of the smart lock device indicates that the group to which the smart lock device belongs is the group 3, that is, the permission group information includes the group identifier of the smart lock device, and the current time is within the identifier validity period of the group 3. At the moment, the intelligent lock device sends an unlocking instruction so that the intelligent lock device is opened.

According to the technical scheme, the unlocking method provided by the embodiment is characterized in that the intelligent lock device verifies whether the authority information is valid on the premise that the server configured with the NFC chip is the same as the server configured with the intelligent lock device, when the authority group information comprises the group identification of the intelligent lock device and is in the valid period corresponding to the group identification at the current moment, the NFC chip has the unlocking authority on the intelligent lock device, and when the NFC chip and the intelligent lock device perform near field communication, the NFC chip can open the intelligent lock device where the intelligent lock device is located.

Because the NFC chip is preconfigured in the NFC chip with the group identification of the unlocking authority and the identification validity period of each group identification, namely authority group information, each intelligent lock device is preconfigured with the group identification of the intelligent lock device, and because any group identification indicates the group comprising a plurality of intelligent lock devices, the NFC chip can unlock the plurality of intelligent lock devices. Therefore, the method can realize the purpose of unlocking a plurality of intelligent lock devices by one NFC chip without setting the unlocking permission of the NFC chip and the intelligent lock devices respectively, and improves the convenience and the success rate of unlocking.

Furthermore, through the verification of the identity certificate sent by the NFC chip by the intelligent lock device, whether the NFC chip and the intelligent lock device are configured by the same server or not can be verified, and the information interaction safety and the unlocking accuracy in the unlocking process are improved.

Furthermore, random keys are generated in each unlocking process and are sent to the NFC chip, the fixed keys do not need to be stored in the NFC chip and the intelligent lock device, and the data storage requirement is reduced.

Furthermore, the authority information is encrypted through the NFC chip, and the intelligent lock device further improves the safety of the unlocking process through decryption of the authority information sent by the NFC chip.

Furthermore, the unlocking permission of the NFC chip to each intelligent lock device does not need to be activated online, the combination of the activation process and the unlocking process of the NFC chip in an off-line mode is achieved, and convenience and unlocking success rate are improved. It should be noted that any step in fig. 4 described above may be implemented in the smart security device control system 100 shown in fig. 1. For example, one or more of steps S401-S408 may be stored as instructions in a storage device and invoked and/or executed by one or more processors. In some embodiments, the one or more processors may be a processor of the smart lock device 130 and/or a processor of the smart management card 140, and thus S401-S408 may be implemented on the smart lock device 130 and the smart management card 140.

Fig. 4 is only a specific implementation process of an unlocking method provided in the embodiment of the present application, and the present application further includes other specific implementation processes.

For example, the method further comprises:

and receiving the management information of the smart card sent by a server configured with the control equipment, adding the identifier to be managed into a preset list, and correspondingly recording the management validity period. And in response to the exceeding of the management validity period, deleting the to-be-managed identification from the preset list.

The smart card management information comprises an identifier to be managed and a management validity period, the control device can perform preset management operation on the identifier to be managed in the management validity period, optionally, the identifier to be managed comprises a card identifier of the smart card rejected by the control device, and the control device can reject the smart card indicated by the identifier to be managed through preset management and control measures such as freezing in the management validity period.

In the application scenario of this embodiment, the preset list includes a preset blacklist. The method for judging whether the authority group information is valid further comprises the following steps:

and judging whether the card identification of the NFC chip belongs to a rejection identification or not according to a preset blacklist, if so, rejecting unlocking and sending a preset warning signal.

In this embodiment, the preset blacklist is pre-configured in the intelligent lock device, and the preset blacklist includes a card identifier of the NFC chip that the intelligent lock device rejects unlocking and a rejection validity period corresponding to the card identifier. It should be noted that the blacklist in the intelligent lock device is updated and stored by the blacklist information issued by the server, for example, when the time exceeds the validity period of rejection corresponding to the card identifier, the card identifier is automatically removed from the blacklist, and thus, the method realizes deletion or addition of the card authority by configuring the intelligent lock device.

The conditions for judging that the card identification belongs to the rejection identification comprise: the card identification of the NFC chip exists in a preset blacklist, and the current time is within a rejection validity period corresponding to the card identification of the NFC chip.

If the card identification of the NFC chip does not belong to the rejection identification, whether the permission group information comprises the preset identification or not is judged, whether the current time is in the identification validity period corresponding to the preset identification or not is judged, and if the permission group information comprises the preset identification or not is judged, the current time is in the identification validity period corresponding to the preset identification, and then an unlocking instruction is sent.

For another example, the optional configuration method for permission group information in another NFC chip includes: and receiving and storing the authority group information sent by the first server.

For another example, the permission group information only includes a group identifier that the NFC chip has the unlocking permission, that is, the permission information only includes a group identifier that the NFC chip has the unlocking permission, and then the method for the intelligent lock device to determine whether the permission group information is valid includes: and judging whether the authority information comprises the group identification of the intelligent lock equipment.

In summary, the probability of the unlocking method provided in the embodiment of the present application is summarized as the flow shown in fig. 5, and it should be noted that fig. 5 illustrates an interaction process of the smart lock device and the NFC chip that establish communication in the unlocking process.

S501, the NFC chip sends the authentication information of the first server to the intelligent lock device.

In this embodiment, the first server is a server configured with an NFC chip, and the authentication information of the first server is configured in advance in the NFC chip.

It should be noted that the configuration method of the authentication information of the first server may include multiple methods, for example, the authentication information of the first server includes an identity certificate of the first server, and the configuration process may refer to the foregoing embodiments, which is not described in detail in this embodiment.

S502, the intelligent lock device verifies whether the first server is the server configured with the intelligent lock device.

It should be noted that, specific methods for verifying whether the first server is a server configured with the smart lock device include multiple types, for example, when the authentication information of the first server includes an identity certificate, the identity certificate is verified by using a preset public key, which may be specifically referred to in the foregoing embodiments.

S503, the NFC chip sends the permission information to the intelligent lock device.

In this embodiment, the permission information includes a group identifier that a preset NFC chip has an unlocking permission, the group identifier that the NFC chip has the unlocking permission is pre-configured in the NFC chip, the group identifier of the intelligent lock device is pre-configured in the intelligent lock device, and any group identifier indicates a group including a plurality of intelligent lock devices.

Optionally, the sending opportunity of the NFC chip sending the permission information to the smart lock device may include:

and after the authentication information of the first server is sent to the intelligent lock device, the authentication information is automatically and periodically sent. Or after receiving a verification passing instruction for verifying that the first server is the server configured with the intelligent lock device by the intelligent lock device, sending the authority information. This embodiment will not be described in detail.

S504, after the first server is determined to be the server configured with the intelligent lock device, the intelligent lock device responds to the received permission information and judges whether the permission information includes the group identification of the intelligent lock device.

And S505, if the authority information comprises the group identification of the intelligent lock device, the intelligent lock device sends an unlocking instruction.

According to the technical scheme, the intelligent lock device verifies whether the permission information comprises the group identification of the intelligent lock device on the premise that the server configured with the NFC chip is the same as the server configured with the intelligent lock device, and if the permission information comprises the group identification of the intelligent lock device, the verification is passed and the unlocking instruction is sent. Because the group identification that the NFC chip that authority information includes has the unblock authority is disposed in the NFC chip in advance, so when the authority information includes the group identification that disposes in advance in the intelligence lock equipment, show that the NFC chip has the unblock authority to this intelligence lock equipment, because, the group that arbitrary group identification instruction includes a plurality of intelligence lock equipment is in addition because, so a plurality of intelligence lock equipment of NFC chip unblock. Therefore, the method can realize the purpose of unlocking a plurality of intelligent lock devices by one NFC chip without setting the unlocking permission of the NFC chip and the intelligent lock devices respectively, and improves the convenience and the success rate of unlocking.

It should be noted that fig. 2 to fig. 5 are only specific implementation flows of a control method applied to the scenario shown in fig. 1, where the control method is specifically an unlocking method.

In some embodiments, when the control method is applied to the smart lock control system shown in fig. 1, the smart management card is not limited to the NFC chip, but may also be a bluetooth communication device, and the like, and is not limited to an unlocking method, and may also be other control methods, for example, a delayed unlocking setting method of the smart lock device. In addition, fig. 1 is only an application scenario schematic diagram of an intelligent lock control system provided in an embodiment of the present application, and in some embodiments, the present application may also be applied to other scenarios, for example, a control method provided in the present application is applied to a control system of any intelligent security device in an intelligent device security management system to implement control of the intelligent security device, for example, an intelligent camera control system to implement at least one of management identity authentication, control authority verification, and security control of an intelligent management card on an intelligent camera.

In summary, the control system applied to the control method provided by the embodiment of the present application includes a control device, a smart card, and a server. The control device includes, but is not limited to, a smart security device, such as the smart lock device mentioned in the foregoing embodiment, the smart card includes, but is not limited to, a smart management card, such as the NFC chip mentioned in the foregoing embodiment, and the server includes, but is not limited to, an individual server or a server group, such as the first server mentioned in the foregoing embodiment. It should be noted that the intelligent lock control system is an optional specific structure of the control system provided in the embodiments of the present application.

The server in the control system is used for configuring authority information and authentication information, and is specifically used for:

1. and writing the authentication information of the server and the group identification of the control authority of the smart card into the smart card.

2. And writing the group identification of the control device into the control device. Wherein any one of the group identification indicates a group including a plurality of control devices. It should be noted that, for the specific process of implementing the functions of the server, reference is made to the foregoing embodiments, and details are not described in this embodiment.

Further, fig. 6 illustrates a flow chart of a control method applied to the control system. As shown in fig. 6, the method includes:

s601, responding to the communication with the control device, and sending the authentication information of the first server to the control device by the smart card.

S602, the control device verifies whether the first server is a server for configuring the control device.

And S603, the smart card sends the authority information to the control equipment.

S604, after determining that the first server is a server for configuring the control device, the control device responds to the received permission information and judges whether the permission information includes a group identifier of the control device.

And S605, if the authority information comprises the group identification of the control equipment, the control equipment sends out a control instruction.

It should be noted that, a specific implementation manner of the flow shown in fig. 6 may refer to the flow shown in fig. 5, where the unlocking authority is a selectable one of the control authorities, and the unlocking instruction is a selectable one of the control instructions.

As can be seen from the control method shown in fig. 6, in the control method and system provided in the embodiment of the present application, the server is configured to write the authentication information of the server and the group identifier of the smart card having the control authority into the smart card, and write the group identifier of the control device into the control device, where any group identifier indicates a group including a plurality of control devices. Therefore, the control device verifies whether the authority information includes the identifier of the control device on the premise that the server configured with the smart card is the same as the server configured with the control device, and if the authority information includes the group identifier of the control device, the control device passes the verification and sends a control instruction. Since the authority information is pre-configured in the smart card and includes the group identifier of the control authority of the smart card, when the authority information includes the group identifier pre-configured in the control device, it indicates that the smart card has the control authority to the control device, and since any group identifier indicates the group including the plurality of control devices, the smart card can control the plurality of control devices. Therefore, the method can realize the purpose that one intelligent card controls a plurality of control devices without setting the control authority of the intelligent card and the control devices respectively, and improves the convenience and the success rate of control.

Fig. 7 shows a schematic structural diagram of a communication device according to an embodiment of the present application, and as shown in fig. 7, the communication device may include:

an identity verification unit 701, configured to send, in response to establishing communication with a control device, authentication information of a first server to the control device, so that the control device verifies whether the first server is a server that configures the control device, where the first server is a server that configures a smart card, and the authentication information of the first server is pre-configured in the smart card;

an authority verification unit 702, configured to send authority information to the control device after the sending of the authentication information of the first server to the control device, so that the control device sends a control instruction when the authority information includes the group identifier of the control device; the authority information comprises group identifications for representing that the smart card has control authority, and any group identification indicates a group comprising a plurality of control devices.

an identity verification unit for transmitting authentication information of a first server to the control apparatus to cause the control apparatus to verify whether the first server is a server configuring the control apparatus, comprising: the identity verification unit is specifically configured to:

Optionally, the smart card further comprises a permission encrypting unit, configured to, before the permission information is sent to the control device, in response to receiving a random key sent by the control device, encrypt, by using the random key, a group identifier of the smart card having a control permission; and taking the encrypted group identification of the smart card with the control authority as the authority information.

Optionally, the smart card further comprises an authority configuration unit, configured to, in response to the received encryption authority information, decrypt the encryption authority information using the public key of the first server, and store a decryption result as a group identifier of the smart card having a control authority; the encryption authority information is obtained by encrypting a preset group identification with control authority of the smart card by using a private key of the first server, and a public key of the first server is configured in the smart card in advance.

Fig. 8 shows a schematic structural diagram of a control device provided in an embodiment of the present application, and as shown in fig. 8, the control device may include:

an identity verification unit 801, configured to verify whether the first server is a server configuring a control device in response to receiving authentication information of the first server sent by the smart card; the first server is a server for configuring the smart card;

the permission verification unit 802 is configured to respond to a verification pass and receive permission information sent by the smart card, and determine whether the permission information includes a group identifier of the control device; the authority information comprises group identifications for representing that the smart card has control authority, and any group identification indicates a group comprising a plurality of control devices;

a control unit 803, configured to issue a control instruction if the permission information includes the group identifier of the control device.

an authentication unit configured to authenticate whether the first server is a server configuring the control device, comprising: the permission verification unit is specifically configured to:

Optionally, the control device further comprises an encryption unit, configured to generate a random key in response to determining that the first server is a server configuring the control device; and sending the random key to the intelligent card so that the intelligent card encrypts the group identification of the intelligent card with the control authority by using the random key, and taking the encrypted group identification of the intelligent card with the control authority as the authority information.

Optionally, the authority verifying unit, configured to determine whether the group identifier of the control device is included in the authority information, includes: the permission verification unit is specifically configured to:

a control unit, configured to issue a control instruction if the permission information includes the group identifier of the control device, including: the control unit is specifically configured to:

if the authority information comprises the group identification of the control equipment and meets a preset condition, sending a control instruction; the conditions include: the current moment is in the valid period corresponding to the group identification of the control equipment, and/or the card identification of the intelligent card is not in a preset list; the preset list comprises card identifiers of smart cards which are pre-configured in the control equipment and rejected by the control equipment.

Optionally, the system further includes a list management unit, configured to:

Fig. 9 shows a schematic structural diagram of a data processing apparatus, which may include: at least one processor 901, at least one communication interface 902, at least one memory 903 and at least one communication bus 904;

in the embodiment of the present application, the number of the processor 901, the communication interface 902, the memory 903, and the communication bus 904 is at least one, and the processor 901, the communication interface 902, and the memory 903 complete communication with each other through the communication bus 904;

processor 901 may be a central processing unit CPU, or an application Specific Integrated circuit asic, or one or more Integrated circuits configured to implement embodiments of the present invention, etc.;

the memory 903 may include a high-speed RAM memory, a non-volatile memory (non-volatile memory), and the like, such as at least one disk memory;

the memory stores a program, and the processor can execute the program stored in the memory to realize the steps of the control method provided by the embodiment of the application, as follows:

a control method is applied to a smart card and comprises the following steps:

Optionally, the method further comprises:

The embodiment of the present application further provides a readable storage medium, where the readable storage medium may store a computer program suitable for being executed by a processor, and when the computer program is executed by the processor, the computer program implements the steps of the control method provided in the embodiment of the present application, as follows:

a control method is applied to a smart card and comprises the following steps:

Optionally, the method further comprises:

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A control method is applied to a smart card and comprises the following steps:

2. The method of claim 1, wherein the authentication information of the first server comprises: the identity certificate is obtained by signing the private key of the intelligent card by using the private key of the first server;

3. The method of claim 1, wherein prior to said sending the permission information to the control device, further comprising:

4. The method of claim 1, wherein the configuration process of the smart card with the group identification of the control authority comprises:

5. The method according to claim 1, wherein the authority information further comprises a validity period corresponding to a group identifier of the smart card having the control authority, and/or a card identifier of the smart card.

6. A control method is applied to a control device and comprises the following steps:

7. The method of claim 6, wherein the authentication information of the first server comprises: the identity certificate is obtained by signing the private key of the intelligent card by using the private key of the first server;

8. The method of claim 6 or 7, further comprising:

9. The method of claim 8, wherein the determining whether the group identifier of the control device is included in the permission information comprises:

10. The method according to claim 6, wherein the authority information further comprises an expiration date corresponding to a group identifier of the smart card having the control authority, and/or a card identifier of the smart card;

11. The method of claim 10, further comprising:

12. A control system, comprising: the system comprises a server, a smart card and a control device;

the server is configured to:

the smart card is used for realizing the steps of the control method according to any one of claims 1-5;

the control device is used for realizing the steps of the control method according to any one of claims 6-11.

13. The system of claim 12, wherein the server is further configured to:

and writing the public key of the server into the control equipment.

14. A communications apparatus, comprising:

15. A control device, comprising:

16. A data processing apparatus, characterized by comprising: a memory and a processor;

the memory is used for storing programs;

the processor is used for executing the program and realizing the steps of the control method according to any one of claims 1-5 or 6-11.

17. A readable storage medium on which a computer program is stored, the computer program, when executed by a processor, implementing the steps of the control method according to any one of claims 1 to 5 or 6 to 11.