CN114120496A - Unlocking control method, server, encryption component and device - Google Patents

Unlocking control method, server, encryption component and device Download PDF

Info

Publication number
CN114120496A
CN114120496A CN202111452542.9A CN202111452542A CN114120496A CN 114120496 A CN114120496 A CN 114120496A CN 202111452542 A CN202111452542 A CN 202111452542A CN 114120496 A CN114120496 A CN 114120496A
Authority
CN
China
Prior art keywords
key
random number
ciphertext
lock
check value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111452542.9A
Other languages
Chinese (zh)
Inventor
张扬
吴迪
吴渊
管正国
任玉栋
杨亚平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202111452542.9A priority Critical patent/CN114120496A/en
Publication of CN114120496A publication Critical patent/CN114120496A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00896Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
    • G07C9/00912Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses for safes, strong-rooms, vaults or the like
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The embodiment of the application provides a method, a server, an encryption component and a device for unlocking control. The method comprises the following steps: determining a lock ID, a first random number ciphertext and a first check value of the first random number ciphertext; determining a first encryption factor of the lock according to the ID of the lock; and outputting the first encryption factor, the first random number ciphertext and the first check value to an encryption component, so that the encryption component determines a lock working key according to the first encryption factor, and generates an unlocking code according to the lock working key, the first random number ciphertext and the first check value. Through the encryption factor of keeping the tool to lock at the server, when needs are unblanked, find corresponding first encryption factor according to tool to lock ID for the encryption subassembly is confirmed the same work secret key with the tool to lock according to first encryption factor, and calculates the unlock code. Therefore, the situation that a plurality of keys are configured for different locks is avoided, and the unlocking efficiency is improved.

Description

Unlocking control method, server, encryption component and device
Technical Field
The application relates to the technical field of equipment safety, in particular to a method, a server, an encryption component and a device for unlocking control.
Background
At present, the collecting and paying bags of each business network of a bank are generally transported by an escort company, and are transported to the network from a vault in the morning and are transported back to the vault at night. The cashbox or the website generally use a mechanical key to open after receiving the cash box, and partial banks also explore to use a fingerprint key to open the lock bound on the cash box, but no matter which kind of opening mode, if the banks purchase locks of a plurality of manufacturers and different models, then, each paying-off case and bag mechanism which possibly receives the bound lock at the bank needs to be provided with keys of corresponding manufacturers and models, so that management of the keys can bring a lot of workload to the cashbox and the website, even cause management confusion, and reduce unlocking efficiency.
Disclosure of Invention
The embodiment of the application aims to provide a method, a server, an encryption assembly and a device for unlocking control, and aims to solve the problem that in the prior art, the number of keys corresponding to a lock is large, so that the management of the keys is disordered.
In order to achieve the above object, a first aspect of the present application provides a method for unlocking control, applied to a server, including:
determining a lock ID, a first random number ciphertext and a first check value of the first random number ciphertext;
determining a first encryption factor of the lock according to the ID of the lock;
and outputting the first encryption factor, the first random number ciphertext and the first check value to the encryption component, so that the encryption component determines a lock working key according to the first encryption factor, and generates an unlocking code according to the lock working key, the first random number ciphertext and the first check value.
In this embodiment of the present application, determining a first check value of a lock ID, a first random number ciphertext, and a first random number ciphertext includes:
acquiring a data file sent by a fingerprint key;
acquiring a fingerprint key working key;
and decrypting the data file according to the fingerprint key working key to obtain the lockset ID, the first random number ciphertext and the first check value.
In this application embodiment, according to tool to lock work secret key, first random number ciphertext and first check value generation unlock code, include:
verifying and decrypting the first random number ciphertext according to the lock working key and the first check value to obtain a random number plaintext;
and generating an unlocking code according to the plaintext of the random number.
In an embodiment of the present application, the method for unlocking control further includes:
acquiring personnel information and a lockset ID sent by a fingerprint key;
determining whether the fingerprint key is allowed to unlock according to the personnel information and the ID of the lock;
and under the condition that the fingerprint key is determined to be allowed to be unlocked, an unlocking instruction is sent to the fingerprint key, so that the fingerprint key controls the lockset to output a first random number ciphertext and a first check value according to the unlocking instruction.
In an embodiment of the present application, the method for unlocking control further includes:
controlling the fingerprint key to initialize so that the fingerprint key stores a fingerprint key ID and a fingerprint key working key;
and controlling the lock to initialize so that the lock stores the lock ID and the lock working key.
In the embodiment of the present application, controlling the fingerprint key to perform initialization includes:
obtaining a public key from an encryption component;
generating a fingerprint key ID;
outputting the public key and the fingerprint key ID to the fingerprint key so that the fingerprint key determines a second random number ciphertext and a second check value of the second random number ciphertext according to the public key;
acquiring a first time stamp, a second random number ciphertext and a second check value;
outputting the first time stamp, the second random number ciphertext and the second check value to the encryption component, so that the encryption component determines a first working key ciphertext and a third check value of the first working key ciphertext according to a private key corresponding to the public key, the first time stamp, the second random number ciphertext and the second check value;
acquiring a first work key ciphertext and a third check value from the encryption component;
and outputting the first work key ciphertext and the third check value to the fingerprint key so that the fingerprint key determines the fingerprint key work key according to the first work key ciphertext and the third check value.
In an embodiment of the present application, determining the second random number ciphertext and the second check value of the second random number ciphertext according to the public key includes:
generating a first random number;
generating a first communication key according to the first random number;
saving the first communication key;
and encrypting the first random number through the public key to obtain a second random number ciphertext and a second check value of the second random number ciphertext.
In this embodiment of the present application, determining the first work key ciphertext and the third check value of the first work key ciphertext according to the private key, the first timestamp, the second random number ciphertext, and the second check value corresponding to the public key includes:
verifying and decrypting the second random number ciphertext through a private key corresponding to the public key and a second verification value to obtain a first random number;
generating a first communication key according to the first random number and the first timestamp;
generating a fingerprint key working key;
and encrypting the fingerprint key working key through the first communication key to obtain a first working key ciphertext and a third check value.
In this embodiment of the present application, determining a fingerprint key work key according to the first work key ciphertext and the third check value includes:
and verifying and decrypting the first working key ciphertext through the first communication key and the third check value to obtain the fingerprint key working key.
In this application embodiment, control the tool to lock and initialize, include:
generating a lockset ID;
acquiring a fingerprint key ID and a second timestamp;
determining a second encryption factor of the fingerprint key according to the fingerprint key ID;
outputting the second encryption factor, the lock ID and the second timestamp to the encryption component, so that the encryption component determines a second work key ciphertext according to the second encryption factor, the lock ID and the second timestamp;
and outputting the second work key ciphertext and the lock ID to the fingerprint key so that the fingerprint key decrypts the second work key ciphertext to obtain the lock work key, and outputting the lock work key and the lock ID to the lock.
In this embodiment of the application, determining a second work key ciphertext according to the second encryption factor, the lock ID, and the second timestamp, includes:
generating a fingerprint key working key according to the second encryption factor;
generating a second random number;
generating a lockset working key according to the lockset ID, the second timestamp and the second random number;
and encrypting the lock working key through the fingerprint key working key to obtain a second working key ciphertext.
The second aspect of the present application provides a method for unlocking control, applied to an encryption component, including:
receiving a first encryption factor, a first random number ciphertext and a first check value of the first random ciphertext of the lock sent by the server;
determining a lock working key according to the first encryption factor;
and generating an unlocking code according to the lockset working key, the first random number ciphertext and the first check value.
In this application embodiment, according to tool to lock work secret key, first random number ciphertext and first check value generation unlock code, include:
verifying and decrypting the first random number ciphertext according to the lock working key and the first check value to obtain a random number plaintext;
and generating an unlocking code according to the plaintext of the random number.
In an embodiment of the present application, the method for unlocking control further includes:
receiving a second check value of the first timestamp, the second random number ciphertext and the second random number ciphertext sent by the server;
and determining a first working key ciphertext and a third check value of the first working key ciphertext according to a private key corresponding to the public key, the first timestamp, the second random number ciphertext and the second check value.
In this embodiment of the present application, determining the first work key ciphertext and the third check value of the first work key ciphertext according to the private key, the first timestamp, the second random number ciphertext, and the second check value corresponding to the public key includes:
verifying and decrypting the second random number ciphertext through a private key corresponding to the public key and a second verification value to obtain a first random number;
generating a first communication key according to the first random number and the first timestamp;
generating a fingerprint key working key;
and encrypting the fingerprint key working key through the first communication key to obtain a first working key ciphertext and a third check value.
In an embodiment of the present application, the method for unlocking control further includes:
receiving a second encryption factor, a lock ID and a second timestamp of the fingerprint key sent by the server;
and determining a second work key ciphertext according to the second encryption factor, the lockset ID and the second timestamp.
In this embodiment of the application, determining a second work key ciphertext according to the second encryption factor, the lock ID, and the second timestamp, includes:
generating a fingerprint key working key according to the second encryption factor;
generating a second random number;
generating a lockset working key according to the lockset ID, the second timestamp and the second random number;
and encrypting the lock working key through the fingerprint key working key to obtain a second working key ciphertext.
A third aspect of the present application provides a server comprising:
a memory configured to store instructions; and
a processor configured to call the instruction from the memory and to implement the method for unlocking control described above when executing the instruction.
A fourth aspect of the present application provides an encryption component comprising:
a memory configured to store instructions; and
a processor configured to call the instruction from the memory and to implement the method for unlocking control described above when executing the instruction.
A fifth aspect of the present application provides a device for unlocking control, including:
the above-mentioned server; and
the encryption component described above.
A sixth aspect of the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the method for unlocking control described above.
Through the technical scheme, the encryption factors of the lock are stored in the server, when the lock needs to be unlocked, the corresponding first encryption factor is found according to the ID of the lock, so that the encryption component determines the working key same as the lock according to the first encryption factor, and calculates the unlocking code. Therefore, the situation that a plurality of keys are configured for different locks is avoided, and the management efficiency is improved.
Additional features and advantages of embodiments of the present application will be described in detail in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the embodiments of the disclosure, but are not intended to limit the embodiments of the disclosure. In the drawings:
fig. 1 schematically shows an application environment diagram of a method for unlocking control according to an embodiment of the present application;
FIG. 2 schematically illustrates a flow diagram of a method for unlocking control according to an embodiment of the present application;
FIG. 3 schematically shows a timing diagram of an unlocking procedure according to an embodiment of the present application;
FIG. 4 schematically illustrates a timing diagram for fingerprint key initialization according to an embodiment of the present application;
FIG. 5 schematically illustrates a timing diagram for lock initialization according to an embodiment of the present application;
FIG. 6 schematically illustrates a flow diagram of a method for unlocking control in accordance with another embodiment of the present application;
fig. 7 schematically shows an internal structure diagram of a computer device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the specific embodiments described herein are only used for illustrating and explaining the embodiments of the present application and are not used for limiting the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that if directional indications (such as up, down, left, right, front, and back … …) are referred to in the embodiments of the present application, the directional indications are only used to explain the relative positional relationship between the components, the movement situation, and the like in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indications are changed accordingly.
In addition, if there is a description of "first", "second", etc. in the embodiments of the present application, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
The method for unlocking control provided by the application can be applied to the application environment shown in fig. 1. Wherein, the lockset is a dynamic coded lock and is arranged in the box body of the money box; the fingerprint key is a key for identity authentication through fingerprint scanning, and the fingerprint key can communicate with a lock through Bluetooth and is communicated with an in-line Internet of things equipment management platform through a special wireless network in a bank, and is interacted with an in-line core system through the management platform. The inline core system comprises servers of different applications, such as servers for operating distribution, an encryption component, a fingerprint authentication component and the like.
Fig. 2 schematically shows a flow diagram of a method for unlocking control according to an embodiment of the present application. As shown in fig. 2, in the embodiment of the present application, a method for unlocking control is provided, and the present embodiment is mainly illustrated by applying the method to the server in fig. 1, and includes the following steps:
step 202, a first check value of the lock ID, the first random number ciphertext and the first random number ciphertext is determined.
It should be noted that the lock ID is an identifier of the lock, the lock generates a random number when receiving an unlocking instruction sent by the fingerprint key, encrypts the random number with the lock working key to obtain a first random number ciphertext and a first check value, and sends the lock ID, the first random number ciphertext and the first check value to the fingerprint key, and the server may obtain related information from the fingerprint key and determine the lock ID, the first random number ciphertext and the first check value.
Fig. 3 schematically shows a timing diagram of an unlocking process according to an embodiment of the present application, with reference to fig. 1, 2 and 3, in one example, when a user needs to unlock the lock, authentication is performed using a fingerprint key. The fingerprint key obtains personnel information of the user, obtains the lock ID from the lock, and sends the personnel information and the lock ID to a server of the inline core system.
The server judges the authority according to the personnel information and the ID of the lockset and determines whether the fingerprint key is allowed to unlock; and sending an unlocking instruction to the fingerprint key when the fingerprint key is determined to be allowed to be unlocked.
The fingerprint key controls the lock to output a first random number ciphertext and a first check value according to the unlocking instruction. Specifically, after receiving an unlocking instruction, the fingerprint key sends the unlocking instruction to the lock, the lock responds to the unlocking instruction, generates a random number, encrypts the random number by using a lock working key to obtain a first random number ciphertext and a first check value, and sends the lock ID, the first random number ciphertext and the first check value to the fingerprint key. The fingerprint key encrypts the lockset ID, the first random number ciphertext and the first check value by using a fingerprint key working key to form a data file and sends the data file to the server.
The server acquires a data file sent by the fingerprint key; acquiring a fingerprint key working key; and decrypting the data file according to the fingerprint key working key to obtain the lockset ID, the first random number ciphertext and the first check value.
Step 204, determining a first encryption factor of the lock according to the lock ID.
In one example, after determining the lock ID, the server may look up the corresponding encryption factor in the database according to the lock ID to determine the first encryption factor of the lock.
And step 206, outputting the first encryption factor, the first random number ciphertext and the first check value to the encryption component, so that the encryption component determines a lock working key according to the first encryption factor, and generates an unlocking code according to the lock working key, the first random number ciphertext and the first check value.
It should be understood that the encryption component may reversely deduce a lock working key according to the first encryption factor and a preset rule, and then verify and decrypt the first random number ciphertext according to the lock working key and the first check value to obtain a random number plaintext; and generating an unlocking code according to the random number plaintext and a preset algorithm and rule, and returning the unlocking code to the server.
The server will unlock the sign indicating number and send to the fingerprint key, and the fingerprint key passes through bluetooth signal transmission to tool to lock with unlocking the sign indicating number, and whether the tool to lock is correct according to the random number check unlocking sign indicating number, if unlock the sign indicating number correct, then the check-up passes through, and the tool to lock is unblanked, otherwise does not unblank.
Certainly, in order to realize unlocking control, the server also needs to control the fingerprint key to initialize so that the fingerprint key stores a fingerprint key ID and a fingerprint key working key; and controlling the lock to initialize so that the lock stores the lock ID and the lock working key.
Fig. 4 schematically shows a timing diagram of fingerprint key initialization according to an embodiment of the application. Referring to fig. 1 and 4 together, the steps of initializing the fingerprint key are as follows:
the server acquires a public key from the encryption component; generating a fingerprint key ID; and outputting the public key and the fingerprint key ID to the fingerprint key. Specifically, the server may apply the public key of the public-private key pair to the encryption component (e.g., operation distribution application), then randomly generate a globally unique fingerprint key ID, and issue the public key and the fingerprint key ID to the fingerprint key through the management platform.
The fingerprint key determines a second random number ciphertext and a second check value of the second random number ciphertext according to the public key. Specifically, the fingerprint key may generate a first random number; generating a first communication key according to the first random number and a preset encryption algorithm (such as a national encryption algorithm); saving the first communication key; and encrypting the first random number through the public key to obtain a second random number ciphertext and a second check value of the second random number ciphertext, and returning the second random number ciphertext and the second check value to the server through the management platform.
The server acquires a first timestamp, a second random number ciphertext and a second check value; and outputting the first time stamp, the second random number ciphertext and the second check value to the encryption component. Specifically, the server may further generate a record of the fingerprint key, record the fingerprint key ID and the first timestamp, and then send the fingerprint key ID, the first timestamp, the second random number ciphertext, and the second check value to the encryption component.
And the encryption component determines a first working key ciphertext and a third check value of the first working key ciphertext according to a private key corresponding to the public key, the first timestamp, the second random number ciphertext and the second check value. Specifically, the encryption component may verify and decrypt the second random number ciphertext through a private key corresponding to the public key and a second check value, to obtain a first random number; generating a first communication key of the fingerprint key according to the first random number and the first timestamp; meanwhile, the encryption component generates a fingerprint key working key; and encrypting the fingerprint key working key through the first communication key to obtain a first working key ciphertext and a third check value, and then returning the first random number, the first working key ciphertext and the third check value to the server.
The server acquires the first work key ciphertext and the third check value from the encryption component and outputs the first work key ciphertext and the third check value to the fingerprint key. Specifically, the server may further store a first random number corresponding to the fingerprint key, and issue the first work key ciphertext and the third check value to the fingerprint key through the management platform.
And the fingerprint key determines the fingerprint key working key according to the first working key ciphertext and the third check value. Specifically, the first work key ciphertext can be verified and decrypted through the first communication key and the third check value, so that the fingerprint key work key is obtained.
Therefore, the fingerprint key obtains the fingerprint key ID and the fingerprint key working key, the fingerprint key working key is written into the encryption chip, and meanwhile, the fingerprint key ID is written into the fingerprint key to complete initialization.
Fig. 5 schematically shows a timing diagram of lock initialization according to an embodiment of the present application. Referring to fig. 1 and 5 together, the steps of initializing the fingerprint key are as follows:
the server generates a lock ID; acquiring a fingerprint key ID and a second timestamp; determining a second encryption factor of the fingerprint key according to the fingerprint key ID; and outputting the second encryption factor, the lock ID and the second timestamp to the encryption component. Specifically, the server may generate a lock record after generating the lock ID and acquiring the second timestamp, query the fingerprint key ID currently connected to the system, and search for the encryption factor corresponding to the fingerprint key ID to determine the second encryption factor of the fingerprint key.
And the encryption component determines a second work key ciphertext according to the second encryption factor, the lock ID and the second timestamp. Specifically, the encryption component may generate a fingerprint key work key according to the second encryption factor; generating a second random number; generating a lockset working key according to the lockset ID, the second timestamp and the second random number; and encrypting the lock working key through the fingerprint key working key to obtain a second working key ciphertext, and returning the second working key ciphertext and the second random number to the server.
And the server outputs the second work key ciphertext and the lock ID to the fingerprint key. Further, the server can also store a second random number and issue the second work key ciphertext and the lock ID to the fingerprint key through the management platform.
The fingerprint key decrypts the second work key ciphertext to obtain a lock work key, and outputs the lock work key and the lock ID to the lock. Specifically, the fingerprint key can decrypt the second work key ciphertext with the fingerprint key work key to obtain the tool to lock work key, and send tool to lock work key and tool to lock ID to the tool to lock through the bluetooth.
So, the tool to lock has obtained tool to lock ID and tool to lock work key, writes into tool to lock work key to encrypting the chip, writes into the tool to lock ID simultaneously in, accomplishes the initialization.
Through the technical scheme, the encryption factors of the lock are stored in the server, when the lock needs to be unlocked, the corresponding first encryption factor is found according to the ID of the lock, so that the encryption component determines the working key same as the lock according to the first encryption factor, and calculates the unlocking code. Therefore, the situation that a plurality of keys are configured for different locks is avoided, and the management efficiency is improved.
Fig. 6 schematically shows a flow chart of a method for unlocking control according to another embodiment of the present application. As shown in fig. 6, in the embodiment of the present application, a method for unlocking control is provided, and the present embodiment is mainly exemplified by applying the method to the encryption component in fig. 1, and includes the following steps:
and 208, receiving a first encryption factor of the lock, a first random number ciphertext and a first check value of the first random number ciphertext, which are sent by the server.
Step S210: and determining a lock working key according to the first encryption factor.
Step S212: and generating an unlocking code according to the lockset working key, the first random number ciphertext and the first check value.
It should be understood that when the lock receives an unlocking instruction sent by the fingerprint key, the lock generates a random number, encrypts the random number by using the lock working key to obtain a first random number ciphertext and a first check value, and sends the lock ID, the first random number ciphertext and the first check value to the fingerprint key, and the server may obtain relevant information from the fingerprint key and determine the lock ID, the first random number ciphertext and the first check value.
Referring to fig. 3 and 6 together, in an example, after the server obtains the lock ID, the first random number ciphertext and the first check value, the server searches for a first encryption factor of the lock according to the lock ID, and sends the first encryption factor, the first random number ciphertext and the first check value of the first random number ciphertext to the encryption component.
The encryption component can reversely deduce a lock working key according to the first encryption factor and a preset rule, and then verify and decrypt the first random number ciphertext through the lock working key and the first check value to obtain a random number plaintext; and generating an unlocking code according to the random number plaintext and a preset algorithm and rule, and returning the unlocking code to the server.
Furthermore, in order to realize unlocking control, the encryption component can be matched with a server to realize initialization of a fingerprint key and a lock.
When the fingerprint key is initialized, the encryption component can receive a first timestamp, a second random number ciphertext and a second check value of the second random number ciphertext, which are sent by the server; and determining a first working key ciphertext and a third check value of the first working key ciphertext according to a private key corresponding to the public key, the first timestamp, the second random number ciphertext and the second check value.
Specifically, the second random number ciphertext may be verified and decrypted by a private key corresponding to the public key and the second verification value, so as to obtain a first random number; generating the first communication key according to the first random number and the first timestamp; generating a fingerprint key working key; and encrypting the fingerprint key working key through the first communication key to obtain a first working key ciphertext and the third check value.
When the lock is initialized, the encryption component can receive a second encryption factor, a lock ID and a second timestamp of the fingerprint key sent by the server; and determining a second work key ciphertext according to the second encryption factor, the lockset ID and the second timestamp.
Specifically, a fingerprint key working key may be generated according to the second encryption factor; generating a second random number; generating a lock working key according to the lock ID, the second timestamp and the second random number; and encrypting the lock working key through the lock working key pair and the fingerprint key working key pair to obtain a second working key ciphertext.
According to the embodiment of the application, the lock working key is reversely deduced through the encryption component according to the first encryption factor, and according to the lock working key, the first random number ciphertext and the unlocking code is generated by the first check value, so that repeated activation of the lock after the lock reaches a new mechanism is avoided, and the unlocking efficiency is improved.
Fig. 2 and 6 are flow diagrams of a method for unlocking control in one embodiment. It should be understood that although the steps in the flowcharts of fig. 2 and 6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2 and 6 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least some of the sub-steps or stages of other steps.
An embodiment of the present application further provides a server, including: a memory configured to store instructions; and a processor configured to call the instructions from the memory and to implement the above-described method for unlocking control when the instructions are executed.
An embodiment of the present application further provides an encryption component, including: a memory configured to store instructions; and a processor configured to call the instructions from the memory and to implement the above-described method for unlocking control when the instructions are executed.
The embodiment of the application also provides a device for unlocking control, which comprises the server and the encryption component.
The embodiment of the present application further provides a computer program product, which includes a computer program, and the computer program, when being executed by a processor, implements the method for unlocking control described above.
An embodiment of the present application further provides a computer device, where the computer device may be a terminal, and an internal structure diagram of the computer device may be as shown in fig. 7. The computer apparatus includes a processor a01, a network interface a02, a display screen a04, an input device a05, and a memory (not shown in the figure) connected through a system bus. Wherein processor a01 of the computer device is used to provide computing and control capabilities. The memory of the computer device comprises an internal memory a03 and a non-volatile storage medium a 06. The nonvolatile storage medium a06 stores an operating system B01 and a computer program B02. The internal memory a03 provides an environment for the operation of the operating system B01 and the computer program B02 in the nonvolatile storage medium a 06. The network interface a02 of the computer device is used for communication with an external terminal through a network connection. The computer program when executed by the processor a01 implements a method for unlocking control. The display screen a04 of the computer device may be a liquid crystal display screen or an electronic ink display screen, and the input device a05 of the computer device may be a touch layer covered on the display screen, a button, a trackball or a touch pad arranged on a casing of the computer device, or an external keyboard, a touch pad or a mouse.
Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, which include both non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (22)

1. A method for unlocking control, which is applied to a server, is characterized by comprising the following steps:
determining a lock ID, a first random number ciphertext and a first check value of the first random number ciphertext;
determining a first encryption factor of the lock according to the ID of the lock;
and outputting the first encryption factor, the first random number ciphertext and the first check value to an encryption component, so that the encryption component determines a lock working key according to the first encryption factor, and generates an unlocking code according to the lock working key, the first random number ciphertext and the first check value.
2. The method of claim 1, wherein determining the lock ID, the first random number ciphertext, and the first check value of the first random number ciphertext comprises:
acquiring a data file sent by a fingerprint key;
acquiring a fingerprint key working key;
and decrypting the data file according to the fingerprint key working key to obtain the lockset ID, the first random number ciphertext and the first check value.
3. The method of claim 1, wherein generating an unlock code from the lock operation key, the first random number cipher text, and the first check value comprises:
verifying and decrypting the first random number ciphertext according to the lockset working key and the first check value to obtain a random number plaintext;
and generating an unlocking code according to the plaintext of the random number.
4. The method of claim 2, further comprising:
acquiring personnel information and the lock ID sent by the fingerprint key;
determining whether the fingerprint key is allowed to unlock according to the personnel information and the lock ID;
and under the condition that the fingerprint key is determined to be allowed to be unlocked, an unlocking instruction is sent to the fingerprint key, so that the fingerprint key controls the lock to output the first random number ciphertext and the first check value according to the unlocking instruction.
5. The method of claim 4, further comprising:
controlling the fingerprint key to initialize so that the fingerprint key stores a fingerprint key ID and the fingerprint key working key;
and controlling the lockset to initialize so that the lockset stores the lockset ID and the lockset work secret key.
6. The method of claim 5, wherein the controlling the fingerprint key to initialize comprises:
obtaining a public key from the cryptographic component;
generating a fingerprint key ID;
outputting the public key and the fingerprint key ID to the fingerprint key so that the fingerprint key determines a second random number ciphertext and a second check value of the second random number ciphertext according to the public key;
obtaining a first timestamp, the second random number ciphertext, and the second check value;
outputting the first timestamp, the second random number ciphertext, and the second check value to the encryption component, so that the encryption component determines a first working key ciphertext and a third check value of the first working key ciphertext according to a private key corresponding to the public key, the first timestamp, the second random number ciphertext, and the second check value;
obtaining the first work key ciphertext and the third check value from the encryption component;
and outputting the first working key ciphertext and the third check value to the fingerprint key so that the fingerprint key determines the fingerprint key working key according to the first working key ciphertext and the third check value.
7. The method of claim 6, wherein determining the second random number cipher text and the second check value for the second random number cipher text based on the public key comprises:
generating a first random number;
generating a first communication key according to the first random number;
saving the first communication key;
and encrypting the first random number through the public key to obtain a second random number ciphertext and a second check value of the second random number ciphertext.
8. The method of claim 7, wherein determining the first working key ciphertext and the third check value of the first working key ciphertext according to the private key corresponding to the public key, the first timestamp, the second random number ciphertext, and the second check value comprises:
verifying and decrypting the second random number ciphertext through a private key corresponding to the public key and the second verification value to obtain the first random number;
generating the first communication key according to the first random number and the first timestamp;
generating a fingerprint key working key;
and encrypting the fingerprint key working key through the first communication key to obtain a first working key ciphertext and the third check value.
9. The method of claim 8, wherein determining the fingerprint key work key based on the first work key ciphertext and the third check value comprises:
and verifying and decrypting the first work key ciphertext through the first communication key and the third check value to obtain the fingerprint key work key.
10. The method of claim 5, wherein the controlling the lock to initialize comprises:
generating a lockset ID;
acquiring the ID of the fingerprint key and a second timestamp;
determining a second encryption factor of the fingerprint key according to the fingerprint key ID;
outputting the second encryption factor, the lock ID and the second timestamp to the encryption component, so that the encryption component determines a second work key ciphertext according to the second encryption factor, the lock ID and the second timestamp;
and outputting the second work key ciphertext and the lock ID to the fingerprint key so that the fingerprint key decrypts the second work key ciphertext to obtain a lock work key, and outputting the lock work key and the lock ID to the lock.
11. The method of claim 10, wherein determining a second work key ciphertext from the second encryption factor, the lock ID, and the second timestamp comprises:
generating a fingerprint key working key according to the second encryption factor;
generating a second random number;
generating a lock working key according to the lock ID, the second timestamp and the second random number;
and encrypting the lock working key through the fingerprint key working key to obtain a second working key ciphertext.
12. A method for unlocking control, which is applied to an encryption component, and is characterized in that the method comprises the following steps:
receiving a first encryption factor, a first random number ciphertext and a first check value of the first random ciphertext of a lockset, which are sent by a server;
determining a lock working key according to the first encryption factor;
and generating an unlocking code according to the lockset working key, the first random number ciphertext and the first check value.
13. The method of claim 12, wherein generating an unlock code from the lock operation key, the first random number cipher text, and the first check value comprises:
verifying and decrypting the first random number ciphertext according to the lockset working key and the first check value to obtain a random number plaintext;
and generating an unlocking code according to the plaintext of the random number.
14. The method of claim 12, further comprising:
receiving a first time stamp, a second random number ciphertext and a second check value of the second random number ciphertext sent by the server;
and determining a first working key ciphertext and a third check value of the first working key ciphertext according to a private key corresponding to the public key, the first timestamp, the second random number ciphertext and the second check value.
15. The method of claim 14, wherein determining the first working key ciphertext and the third check value of the first working key ciphertext according to the private key corresponding to the public key, the first timestamp, the second random number ciphertext, and the second check value comprises:
verifying and decrypting the second random number ciphertext through a private key corresponding to the public key and the second verification value to obtain a first random number;
generating the first communication key according to the first random number and the first timestamp;
generating a fingerprint key working key;
and encrypting the fingerprint key working key through the first communication key to obtain a first working key ciphertext and the third check value.
16. The method of claim 15, further comprising:
receiving a second encryption factor, a lock ID and a second timestamp of the fingerprint key sent by the server;
and determining a second work key ciphertext according to the second encryption factor, the lockset ID and the second timestamp.
17. The method of claim 16, wherein determining a second work key ciphertext from the second encryption factor, the lock ID, and the second timestamp comprises:
generating a fingerprint key working key according to the second encryption factor;
generating a second random number;
generating a lock working key according to the lock ID, the second timestamp and the second random number;
and encrypting the lock working key through the fingerprint key working key to obtain a second working key ciphertext.
18. A server, comprising:
a memory configured to store instructions; and
a processor configured to call the instructions from the memory and to enable the method for unlocking control according to any one of claims 1 to 11 when executing the instructions.
19. An encryption component, comprising:
a memory configured to store instructions; and
a processor configured to call the instructions from the memory and to enable the method for unlocking control according to any one of claims 12 to 17 when executing the instructions.
20. A device for unlocking control, comprising:
the server of claim 18; and
the cryptographic component of claim 19.
21. A computer program product comprising a computer program, characterized in that the computer program realizes the method for unlocking control according to any one of claims 1 to 11 when executed by a processor.
22. A computer program product comprising a computer program, characterized in that the computer program realizes the method for unlocking control according to any one of claims 12 to 17 when executed by a processor.
CN202111452542.9A 2021-12-01 2021-12-01 Unlocking control method, server, encryption component and device Pending CN114120496A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111452542.9A CN114120496A (en) 2021-12-01 2021-12-01 Unlocking control method, server, encryption component and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111452542.9A CN114120496A (en) 2021-12-01 2021-12-01 Unlocking control method, server, encryption component and device

Publications (1)

Publication Number Publication Date
CN114120496A true CN114120496A (en) 2022-03-01

Family

ID=80369362

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111452542.9A Pending CN114120496A (en) 2021-12-01 2021-12-01 Unlocking control method, server, encryption component and device

Country Status (1)

Country Link
CN (1) CN114120496A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852911A (en) * 2015-04-27 2015-08-19 小米科技有限责任公司 Safety verification method, device and system
CN109005028A (en) * 2018-11-02 2018-12-14 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN111815810A (en) * 2020-06-22 2020-10-23 北京智辉空间科技有限责任公司 Safe unlocking method and device for electronic lock
WO2020237868A1 (en) * 2019-05-24 2020-12-03 平安科技(深圳)有限公司 Data transmission method, electronic device, server and storage medium
CN113674456A (en) * 2021-08-19 2021-11-19 中国建设银行股份有限公司 Unlocking method, unlocking device, electronic equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852911A (en) * 2015-04-27 2015-08-19 小米科技有限责任公司 Safety verification method, device and system
CN109005028A (en) * 2018-11-02 2018-12-14 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
WO2020237868A1 (en) * 2019-05-24 2020-12-03 平安科技(深圳)有限公司 Data transmission method, electronic device, server and storage medium
CN111815810A (en) * 2020-06-22 2020-10-23 北京智辉空间科技有限责任公司 Safe unlocking method and device for electronic lock
CN113674456A (en) * 2021-08-19 2021-11-19 中国建设银行股份有限公司 Unlocking method, unlocking device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
WO2018046008A1 (en) Storage design method of blockchain encrypted radio frequency chip
KR101608510B1 (en) System and method for key management for issuer security domain using global platform specifications
US6839437B1 (en) Method and apparatus for managing keys for cryptographic operations
CN100578521C (en) Method for accessing information on object having tag and relative device
CN102208001A (en) Hardware supported virtualized cryptographic service
CN111047313B (en) Code scanning payment, information sending and key management method, device and equipment
CN106936588B (en) Hosting method, device and system of hardware control lock
CN110401542A (en) Electronic identity voucher generation method, terminal and server
EP3703306A1 (en) Data registration method, data decoding method, data structure, computer, and program
CN113282944B (en) Intelligent lock unlocking method and device, electronic equipment and storage medium
CN109615376B (en) Transaction method and device based on zero-knowledge proof
EP3984161A1 (en) Cryptographic key generation using external entropy generation
CN108650214B (en) Dynamic page encryption anti-unauthorized method and device
CN110914826B (en) System and method for distributed data mapping
GB2407948A (en) Encryption where there exists a computable bilinear map for two elements, using a smartcard
US20080205654A1 (en) Method and Security System for the Secure and Unequivocal Encoding of a Security Module
CN107852328B (en) Enhanced obfuscation or randomization for secure product identification and verification
KR20220086135A (en) Block chain-based power transaction operation system
CN115086037B (en) Data processing method and device, storage medium and electronic equipment
US20210105255A1 (en) Encrypted Data Processing System and Program
CN116015846A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN114120496A (en) Unlocking control method, server, encryption component and device
JP2004140715A (en) System and method for managing electronic document
AnwarBasha et al. A proficient remote information responsibility check protocol in multi-cloud environment
CN113393180A (en) Bin data processing method and device, electronic equipment and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination