CN115798082A - Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment - Google Patents

Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment Download PDF

Info

Publication number
CN115798082A
CN115798082A CN202111061101.6A CN202111061101A CN115798082A CN 115798082 A CN115798082 A CN 115798082A CN 202111061101 A CN202111061101 A CN 202111061101A CN 115798082 A CN115798082 A CN 115798082A
Authority
CN
China
Prior art keywords
peripheral module
data
security chip
chip
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111061101.6A
Other languages
Chinese (zh)
Inventor
黎宗伟
唐阳
凌艺杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Technology Shenzhen Co ltd
Original Assignee
National Technology Shenzhen Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Technology Shenzhen Co ltd filed Critical National Technology Shenzhen Co ltd
Priority to CN202111061101.6A priority Critical patent/CN115798082A/en
Publication of CN115798082A publication Critical patent/CN115798082A/en
Pending legal-status Critical Current

Links

Images

Abstract

The application relates to the field of intelligent lock control, in particular to a safety control method for an intelligent electronic lock, wherein the intelligent electronic lock comprises a peripheral module and a safety chip, and the method comprises the following steps: carrying out validity verification on the peripheral module through the security chip; if the validity verification is passed, establishing an encrypted communication link between the security chip and the peripheral module; and the safety chip and the peripheral module carry out identity input on a user based on the encrypted communication link.

Description

Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment
Technical Field
The application relates to the field of intelligent lock control, in particular to a safety control method for an intelligent electronic lock.
Background
The intelligent electronic lock is a novel intelligent lock which appears in recent years, and has the advantages of no need of carrying a key, convenient and fast authentication, multifunctional integration and the like, so that the intelligent electronic lock is rapidly developed and popularized in the market.
It is very different from a conventional mechanical lock. Different from a mechanical key unlocking mode of a mechanical lock, the intelligent lock is mainly used for authenticating and opening a door by using a password, an RFID card, a fingerprint and other biological identification. The password of the common intelligent lock in the market at present, and the important data of the external modules such as the RFID card, the fingerprint template and the like are stored by the memory of an EEPROM, a FLASH or a Micro Control Unit (MCU); the communication link between the MCU and the semiconductor fingerprint, optical fingerprint or other biological characteristic modules, namely the peripheral modules, uses plaintext communication, so that an intruder can easily crack the stored data and the module communication data. And an intruder can also crack the intelligent electronic lock by tampering and replacing the peripheral module, so that the safety of the door lock is greatly reduced.
On the other hand, the user characteristic data acquired by the peripheral module has large data volume, and the whole data volume can occupy large storage space when being stored in the MCU.
Disclosure of Invention
Based on the above problems, the present application provides a security control method for an intelligent electronic lock, and an electronic device, in which a security chip is added to a structure of a conventional intelligent electronic lock, the security chip is used to replace a conventional MCU to encrypt and store important unlocking-related data, such as data related to user feature data, and the security chip is used to perform validity verification on an external module before establishing communication with the external module each time. And further generating characteristic verification data with smaller data quantity based on the user characteristic data and storing the characteristic verification data in the security chip so as to save the storage space of the security chip.
According to an aspect of the present application, a security control method for an intelligent electronic lock is proposed, the intelligent electronic lock including a peripheral module and a security chip, the method including:
carrying out validity verification on the peripheral module through the security chip;
if the validity verification is passed, establishing an encrypted communication link between the security chip and the peripheral module;
and the safety chip and the peripheral module carry out identity input on a user based on the encrypted communication link.
According to some embodiments, the aforementioned method further comprises: and carrying out validity recording on the peripheral module by utilizing the security chip: the security chip generates a first encryption factor, generates a first secret key based on a root secret key and the first secret key factor, and sends the first secret key to the peripheral module; the peripheral module generates a second encryption factor, generates a second secret key based on the second encryption factor and the received first secret key for storage, and sends the second encryption factor to the security chip; and the security chip generates and stores the second secret key based on the first secret key and the received second encryption factor.
According to some embodiments, the aforementioned method further comprises: the security chip generates a third encryption factor and sends the third encryption factor to the peripheral module; the peripheral module generates a fourth encryption factor, and generates a first session key based on the stored second key, the fourth encryption factor and the received third encryption factor; the peripheral module generates an authentication factor based on the first session key and the fourth encryption factor, and sends the fourth encryption factor and the authentication factor to the security chip; the secure chip generates a second session key based on the stored second key, the third encryption factor and the received fourth encryption factor; and the security chip carries out validity verification on the peripheral module based on the second session key, the received authentication factor and the received fourth encryption factor.
According to some embodiments, the aforementioned method further comprises: if the validity verification is passed, the first session key is the same as the second session key; and when the security chip is communicated with the peripheral module, transmitting the transmitted data after encrypting by using the first session key or the second session key.
According to some embodiments, the aforementioned method further comprises: the peripheral module executes the following operations: collecting user characteristics and generating characteristic data; storing the feature data as authentication feature data; generating feature verification data based on the authentication feature data; establishing an association of the authentication characteristic data with the characteristic verification data; synchronizing the feature verification data to the secure chip.
According to some embodiments, the feature verification data is a storage address of the authentication feature data in the peripheral module.
According to some embodiments, the aforementioned method further comprises: and the safety chip stores the characteristic verification data synchronized by the peripheral module as solidified characteristic verification data.
According to some embodiments, the aforementioned method further comprises: and (3) carrying out identity verification on the user: the peripheral module matches the characteristic data with the authentication characteristic data; the peripheral module sends the feature verification data associated with the matched authentication feature data to the security chip for identity verification; and the security chip receives the characteristic verification data for identity verification sent by the peripheral module and matches the characteristic verification data with the solidified characteristic verification data.
According to an aspect of the application, an intelligent electronic lock is proposed, comprising: the peripheral module is used for collecting user characteristics to generate and store authentication characteristic data and generating characteristic verification data based on the authentication characteristic data; and the safety chip is used for verifying the legality of the peripheral module, establishing an encrypted communication link between the safety chip and the peripheral module, and storing the characteristic verification data for authenticating the identity of a user.
According to an aspect of the present application, an electronic device is provided, including: one or more processors; storage means for storing one or more programs; when executed by the one or more processors, cause the one or more processors to implement a method as in any preceding claim.
The beneficial effect of this application:
according to some embodiments, the technical scheme of the application designs the safety chip which is used for verifying the legality of the peripheral module before communicating with the peripheral module each time, and the safety chip can be timely proved when the peripheral module is tampered and replaced, so that the safety of the intelligent electronic lock is guaranteed.
According to some embodiments, according to the technical scheme, after the peripheral module passes the validity verification, the encrypted communication link is directly established between the security chip and the peripheral module, and the encrypted communication link is used for data communication, so that the plaintext of data transmission in the communication process is prevented from being stolen, and the communication security is reported.
According to some embodiments, when a user enters identity information, the technical scheme of the application further processes the user feature data to obtain light feature verification data, and the light feature verification data is stored in a security chip and used for verifying the identity of the user so as to control unlocking. The storage space utilization rate of the security chip is improved, and the unlocking efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without exceeding the protection scope of the present application.
Fig. 1 shows a flowchart of a security control method for an intelligent electronic lock according to an embodiment of the present application.
Fig. 2 shows a peripheral module initialization timing diagram of a security control method for an intelligent electronic lock according to an embodiment of the application.
Fig. 3 shows a peripheral module validity verification timing diagram of a security control method for an intelligent electronic lock according to an embodiment of the present application.
Fig. 4 shows a user identity entry flowchart of a security control method for an intelligent electronic lock according to an embodiment of the present application.
Fig. 5 shows a block diagram of an intelligent electronic lock according to an embodiment of the present application.
Fig. 6 shows an electronic device according to an embodiment of the application.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the embodiments of the disclosure can be practiced without one or more of the specific details, or with other means, components, materials, devices, or the like. In such cases, well-known structures, methods, devices, implementations, materials, or operations will not be shown or described in detail.
The flowcharts shown in the figures are illustrative only and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
The peripheral module and the micro control unit of the existing intelligent electronic lock adopt plaintext communication, and the risk of interception by intruders exists. And the intruder can tamper and replace the peripheral module, so that the intelligent electronic lock can be cracked and unlocked. In addition, the data size of the user characteristic data book for verifying the user identity is large, and a large storage space is occupied.
Aiming at the problems, the intelligent electronic lock is provided with the safety chip which is used for verifying the legality of the peripheral module so as to prevent the peripheral module from being tampered and replaced; and the encryption communication link is also used for establishing an encryption communication link when communicating with the peripheral module, so that transmitted plaintext data is prevented from being intercepted and intercepted. In addition, the user characteristic data are subjected to lightweight processing and stored in the security chip, so that the storage efficiency of the security chip is improved, and the efficiency of user identity verification unlocking is improved to a certain extent. The present application will be further described with reference to the following examples and accompanying drawings.
Fig. 3 shows a peripheral module validity verification timing diagram of a security control method for an intelligent electronic lock according to an embodiment of the application.
Fig. 1 shows a flow chart of a security control method for an intelligent electronic lock according to an embodiment of the present application.
As shown in fig. 1, in S101, the peripheral module is validated by the security chip.
According to an embodiment, the security chip is a chip with a security lock control function, which is developed in a customized manner, and is used for implementing part of the method provided by the application.
According to one embodiment, the peripheral module is used for directly collecting the characteristics of the user and performing digital processing, and the peripheral module may be, for example, a fingerprint recognition device, an iris recognition device, a facial recognition device, or the like. For convenience of description, the embodiments of the present application will be described with reference to a fingerprint recognition device as an example. The peripheral module can also be customized and developed in function to a certain extent, and part of the method realized by the peripheral module in the application is realized after the peripheral module is customized and developed.
Although the safe chip replaces the MCU in the existing intelligent electronic lock to unlock the safe relevant process flow, the safe chip does not represent that the MCU is not arranged in the scheme provided by the application. The intelligent electronic lock still has the MCU for total control, data forwarding and the like.
According to the embodiment of the embodiment, before the peripheral module is legally verified through the security chip, firstly, the legality of the peripheral module is recorded by using the security chip. This step is typically performed at factory initialization of the intelligent electronic lock.
According to one embodiment, each security chip is provided with a key in the factory, and after the key is written in, the key cannot be modified or tampered, and is unreadable, and only the first key can be generated according to the input first key factor.
According to one embodiment, the type of key in the embodiment of the present application is a symmetric key.
Referring to the initialization sequence diagram of the peripheral module shown in fig. 2, according to an example embodiment, the security chip generates a first encryption factor, generates a first key based on the root key and the first key factor, and sends the first key to the peripheral module.
According to one embodiment, the encryption factor may be a random sequence, i.e., a random number.
According to an embodiment, the new first key is generated by encrypting the first encryption factor with the root key.
According to an embodiment, the security chip sends the first key to the peripheral module in a clear text. It is noted that in the field of encrypted communications, keys are not normally sent in clear because of the risk of revealing the key in the process. However, in the initialization stage of the intelligent electronic lock, the execution of all programs is guaranteed to be performed in an information security environment, so that the first secret key can be sent to the peripheral module only in a plaintext form, and the secret key synchronization between the security chip and the peripheral module can be performed.
According to the example embodiment, the peripheral module generates a second encryption factor, generates a second key based on the second encryption factor and the received first key for storage, and sends the second encryption factor to the security chip.
According to an embodiment, after receiving the first key, the peripheral module generates a second encryption factor, and encrypts the second encryption factor by using the first key to obtain a new second key for storing. And then the second encryption factor is sent to the security chip for storage.
According to the example embodiment, the secure chip generates and saves a second key based on the first key and the received second encryption factor.
According to an embodiment, after receiving the second encryption factor, the security chip encrypts the second encryption factor by using the first key, and then obtains a second key identical to the peripheral module.
According to an embodiment, the second key is a shared key after the encryption module and the security chip perform key synchronization. The second key is also called an authentication key, and is used for authenticating the security chip to the external module, which will be described in detail later.
And at this point, the legality record of the peripheral module by using the security chip is completed. And then before the security chip communicates with the peripheral module each time, the peripheral module needs to be validated through the security chip.
According to an exemplary embodiment, the secure chip generates a third encryption factor, which is sent to the peripheral module, and it should be noted that this "third" is only used to distinguish from the aforementioned "first" and "second" and has no other special meaning. According to one embodiment, the third encryption factor may be randomly generated according to the foregoing description, and thus in some cases, the third random factor may be the same in value as the first random factor, but may represent a different meaning. The meaning of the following "fourth" and the like is similar to this, and the description is omitted.
Referring to the sequence diagram for verifying the validity of the peripheral module shown in fig. 3, according to an exemplary embodiment, the peripheral module generates a fourth encryption factor, and generates the first session key based on the stored second key, the fourth encryption factor and the received third encryption factor.
According to an embodiment, the peripheral module first generates a fourth encryption factor, and then encrypts the fourth encryption factor and a third encryption factor sent by the security chip together by using a previously stored second key to obtain a new key, namely a first session key.
According to an embodiment, when the second key is used to encrypt the third encryption factor and the fourth encryption factor, the third encryption factor and the fourth encryption factor may be combined in a bit-ordered manner to generate a new sequence, and then encryption processing may be performed. For example, assuming that the third encryption factor is 11111111 and the fourth encryption factor is 22222222, the new sequence generated by combining them in bit-order is 1111111122222222. And encrypting the new sequence by using the second key to obtain the first session key. It can be seen that there is a requirement in this process for the order of the third encryption factor and the fourth encryption factor.
According to an example embodiment, the peripheral module generates an authentication factor based on the first session key and the fourth encryption factor, and sends the fourth encryption factor and the authentication factor to the security chip.
According to an embodiment, the peripheral module encrypts the fourth encryption factor by using the first session key to obtain the authentication factor. The Authentication factor is a Message Authentication Code (Message Authentication Code) and is used to authenticate whether the second key in the peripheral module is tampered, and the principle is described in detail later.
According to an example embodiment, the secure chip generates a second session key based on the stored second key, the third encryption factor, and the received fourth encryption factor.
According to an embodiment, if the peripheral module is tampered, the stored second key of the peripheral module is not consistent with the stored second key of the secure chip, and therefore the second session key obtained by the secure chip is different from the first session key. On the contrary, if the peripheral module is not tampered, the second session key of the secure chip and the first session key of the peripheral module are completely consistent.
According to an example embodiment, the security chip performs validity verification on the peripheral module based on the second session key, the received authentication factor and the received fourth encryption factor.
According to an embodiment, since it is impossible to verify whether the peripheral module is tampered by directly sending the second key between the secure chip and the peripheral module, it is necessary to indirectly verify whether the second key of the peripheral module is changed by using the authentication factor, that is, whether the peripheral module is tampered.
According to an embodiment, the secure chip decrypts the received authentication factor using the second session key it generated. If the peripheral module is not tampered, that is, the peripheral module is legal, the result obtained by decryption should be the same as the fourth encryption factor sent by the peripheral module together. On the contrary, if the decryption result is different from the fourth encryption factor, the peripheral module can be proved to be tampered, namely the peripheral module is illegal, and the validity verification of the peripheral module fails.
Thus, the legality verification of the peripheral module is completed.
In S103, if the validity verification passes, an encrypted communication link between the security chip and the peripheral module is established.
According to the exemplary embodiment, as described above, if the validity of the peripheral module passes the verification, the first session key is the same as the second session key.
According to the embodiment, when the security chip communicates with the peripheral module, the transmitted data is encrypted by using the first session key or the second session key and then is transmitted.
According to an embodiment, the information sent by the security chip to the peripheral module is encrypted by the second session key thereof, and the information sent by the peripheral module to the security chip is encrypted by the first session key. Thus forming an encrypted communication link.
According to an embodiment, the same first session key or the same second session key is used in a session of the security chip and the peripheral module, and the first session key and the second session key are destroyed when the session is ended. When a new session is started, a new session key will be derived based on each newly generated key factor. Thus, each time a different session key is utilized, the risk of the session key being compromised is greatly reduced.
At S105, the security chip and the peripheral module perform identity entry for the user based on the encrypted communication link.
Fig. 4 shows a user identity entry flowchart of a security control method for an intelligent electronic lock according to an embodiment of the present application. It should be noted that, the steps are all executed by the peripheral module.
As shown in fig. 4, in S401, user characteristics are acquired and characteristic data is generated.
According to an embodiment, the user characteristics are characteristics of the user, such as a fingerprint, an iris, facial characteristics, and the like of the user, which can be acquired by the peripheral module. The process of collecting is a process of imaging the user characteristics, and the like, and corresponds to the foregoing embodiment, that is, collecting the fingerprint image, the face image, the iris image, and the like of the user.
According to an embodiment, the feature data is data which is generated based on the image of the user feature and is easy to store and verify. Specifically, the image of the user feature may be first processed to make the feature more prominent, and then the feature data may be obtained by calculation using an algorithm corresponding to the user feature type. The feature data has uniqueness certainty that the feature data obtained for different user features must be different and one feature data must be able to correspond to one user feature. And storing the characteristic data in the peripheral module after the characteristic data is generated.
At S403, the feature data is stored as authentication feature data.
According to an embodiment, in the user identity entry stage, the peripheral module needs to store the obtained feature data.
At S405, feature verification data is generated based on the authentication feature data.
According to an embodiment, the feature verification data is a more lightweight data content generated based on the authentication feature data, which can be used to uniquely match to the feature data. The feature verification data is generated and stored by the peripheral module.
According to an embodiment, the feature verification data may be, for example, a storage address of the authentication feature data in the storage unit of the peripheral module, or may be a hash value obtained based on the authentication feature data. The method is characterized in that the data size is much smaller than that of the original authentication characteristic data, and the corresponding authentication characteristic data can be matched uniquely.
At S407, an association of the authentication feature data with the feature verification data is established.
According to an embodiment, the generated feature verification data is associated with the stored authentication feature data, so that the corresponding authentication feature data can be found according to the feature verification data, and the corresponding feature verification data can also be found through the authentication feature data.
In S409, the feature verification data is synchronized to the secure chip.
According to an embodiment, after the steps are executed, the peripheral module synchronously sends the generated feature verification data to the security chip.
According to an example embodiment, the security chip stores the feature verification data synchronized with the peripheral module as the solidified feature verification data.
According to an embodiment, based on the encrypted communication link, the security chip receives the feature verification data sent by the peripheral module. And stores it as solidified characteristic verification data for subsequent user authentication.
After the identity of the user is input, the identity of the user can be verified.
According to an example embodiment, the peripheral module matches the characteristic data with the authentication characteristic data.
According to one embodiment, during authentication, the peripheral module captures user characteristics and generates user characteristic data. And matching the generated user characteristic data in the stored authentication characteristic data, and searching for the same or high-similarity result.
According to an embodiment, if the matched authentication feature data is not matched, the table name fails to authenticate the user identity, and the intelligent electronic lock can send a corresponding prompt to the current user.
According to an example embodiment, the peripheral module sends feature verification data associated with the matched authentication feature data to the security chip for authentication.
According to an embodiment, after the authentication feature data is matched, the feature verification data corresponding to the authentication feature data is found and sent to the security chip for identity verification based on the encrypted communication link.
According to an example embodiment, the secure chip receives feature verification data for authentication sent by the peripheral module and matches the feature verification data with the solidified feature verification data.
According to one embodiment, the security chip searches and matches the received feature verification data in the stored solidified feature verification data, and if the same result is matched, the user identity verification is passed, and unlocking operation of the intelligent electronic lock can be performed.
According to some embodiments, the MCU needs to send a command to the peripheral module to control the peripheral module, but since the MCU and the peripheral module cannot directly establish an encrypted communication link, the command sent from the MCU to the peripheral module is encrypted and transferred by the security chip, i.e., the MCU sends the command for controlling the peripheral module to the security chip, and then the security chip sends the command to the peripheral module through the encrypted communication link.
Fig. 5 shows a block diagram of an intelligent electronic lock according to an embodiment of the application.
As shown in fig. 5, the intelligent electronic lock includes a peripheral module 501 and a security chip 503, wherein:
the peripheral module 501 collects user characteristics, generates and stores authentication characteristic data, and generates characteristic verification data based on the authentication characteristic data.
The security chip 503 is configured to perform validity verification on the peripheral module, establish an encrypted communication link with the peripheral module, and store the feature verification data for performing identity verification on the user.
The intelligent electronic lock performs similar functions to the method provided above, and other functions may participate in the foregoing description, which are not described herein again.
FIG. 6 shows a block diagram of an electronic device according to an example embodiment.
An electronic device 600 according to this embodiment of the present application is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 6, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one memory unit 620, a bus 630 that couples various system components including the memory unit 620 and the processing unit 610, a display unit 640, and the like.
Wherein the memory unit stores program code that can be executed by the processing unit 610, to cause the processing unit 610 to perform the methods according to various exemplary embodiments of the present application described herein. For example, the processing unit 610 may perform the methods described previously.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM) 6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 630 can be any bus representing one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 6001 (e.g., a keyboard, a pointing device, a bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., a router, a modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 via the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. The technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiments of the present application.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to perform the functions described above.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiment of the present application.
The foregoing embodiments have been described in detail to illustrate the principles and implementations of the present application, and the foregoing embodiments are only used to help understand the method and its core idea of the present application. Meanwhile, a person skilled in the art should, according to the idea of the present application, change or modify the embodiments and applications of the present application based on the scope of the present application. In view of the above, the description should not be taken as limiting the application.

Claims (10)

1. A security control method for an intelligent electronic lock, the intelligent electronic lock including a peripheral module and a security chip, the method comprising:
carrying out validity verification on the peripheral module through the security chip;
if the validity verification is passed, establishing an encrypted communication link between the security chip and the peripheral module;
and the safety chip and the peripheral module perform identity input on a user based on the encrypted communication link.
2. The security control method according to claim 1, wherein before the verifying the validity of the peripheral module by the security chip, the method further comprises:
carrying out legality recording on the peripheral module by utilizing the security chip:
the security chip generates a first encryption factor, generates a first secret key based on a root secret key and the first secret key factor, and sends the first secret key to the peripheral module;
the peripheral module generates a second encryption factor, generates a second secret key based on the second encryption factor and the received first secret key for storage, and sends the second encryption factor to the security chip;
and the security chip generates and stores the second secret key based on the first secret key and the received second encryption factor.
3. The security control method of claim 2, wherein the verifying the validity of the peripheral module by the security chip comprises:
the security chip generates a third encryption factor and sends the third encryption factor to the peripheral module;
the peripheral module generates a fourth encryption factor, and generates a first session key based on the stored second key, the fourth encryption factor and the received third encryption factor;
the peripheral module generates an authentication factor based on the first session key and the fourth encryption factor, and sends the fourth encryption factor and the authentication factor to the security chip;
the secure chip generates a second session key based on the stored second key, the third encryption factor and the received fourth encryption factor;
and the security chip carries out validity verification on the peripheral module based on the second session key, the received authentication factor and the received fourth encryption factor.
4. The security control method of claim 3, wherein establishing an encrypted communication link between the security chip and the peripheral module if the validity verification passes comprises:
if the validity verification is passed, the first session key is the same as the second session key;
and when the security chip is communicated with the peripheral module, transmitting the transmitted data after encrypting by using the first session key or the second session key.
5. The security control method of claim 1, wherein the security chip and the peripheral module perform identity entry for a user based on the encrypted communication link, comprising:
the peripheral module executes the following operations:
collecting user characteristics and generating characteristic data;
storing the feature data as authentication feature data;
generating feature verification data based on the authentication feature data;
establishing an association of the authentication characteristic data with the characteristic verification data;
synchronizing the feature verification data to the secure chip.
6. The security control method according to claim 5, wherein the feature verification data is a storage address of the authentication feature data in the peripheral module.
7. The security control method of claim 5, wherein the security chip and the peripheral module perform identity entry for a user based on the encrypted communication link, further comprising:
and the safety chip stores the characteristic verification data synchronized by the peripheral module as solidified characteristic verification data.
8. The security control method according to claim 7, wherein after the security chip and the peripheral module perform identity entry for a user based on the encrypted communication link, the method further comprises:
and (3) carrying out identity authentication on the user:
the peripheral module matches the characteristic data with the authentication characteristic data;
the peripheral module sends the feature verification data associated with the matched authentication feature data to the security chip for identity verification;
and the security chip receives the characteristic verification data for identity verification sent by the peripheral module and matches the characteristic verification data with the solidified characteristic verification data.
9. An intelligent electronic lock comprising:
the peripheral module is used for collecting user characteristics, generating and storing authentication characteristic data and generating characteristic verification data based on the authentication characteristic data;
and the safety chip is used for verifying the legality of the peripheral module, establishing an encrypted communication link between the safety chip and the peripheral module, and storing the characteristic verification data for authenticating the identity of a user.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-9.
CN202111061101.6A 2021-09-10 2021-09-10 Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment Pending CN115798082A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111061101.6A CN115798082A (en) 2021-09-10 2021-09-10 Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111061101.6A CN115798082A (en) 2021-09-10 2021-09-10 Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment

Publications (1)

Publication Number Publication Date
CN115798082A true CN115798082A (en) 2023-03-14

Family

ID=85473587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111061101.6A Pending CN115798082A (en) 2021-09-10 2021-09-10 Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment

Country Status (1)

Country Link
CN (1) CN115798082A (en)

Similar Documents

Publication Publication Date Title
US10681025B2 (en) Systems and methods for securely managing biometric data
US10601805B2 (en) Securitization of temporal digital communications with authentication and validation of user and access devices
EP3435591B1 (en) 1:n biometric authentication, encryption, signature system
CN101291224B (en) Method and system for processing data in communication system
EP1866873B1 (en) Method, system, personal security device and computer program product for cryptographically secured biometric authentication
KR100720962B1 (en) Method of mutual authentication and secure data communication in rfid-system
CN101765996A (en) Remote Authentication And Transaction Signatures
JP2015504222A (en) Data protection method and system
EP3398289B1 (en) A method, system and apparatus using forward-secure cryptography for passcode verification
CN109035519B (en) Biological feature recognition device and method
CN106789024B (en) A kind of remote de-locking method, device and system
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN103036681A (en) Password safety keyboard device and system
Griffin Telebiometric authentication objects
US7587051B2 (en) System and method for securing information, including a system and method for setting up a correspondent pairing
TW201426395A (en) Data security system and method
CN111698253A (en) Computer network safety system
CN202978979U (en) Password security keypad device and password security pad system
CN111541708B (en) Identity authentication method based on power distribution
CN115798082A (en) Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment
CN108985079B (en) Data verification method and verification system
CN1889420B (en) Method for realizing encrypting
JP2005237037A (en) Authentication system using authentication recording medium, and preparation method of authentication recording medium
KR101247521B1 (en) Security apparatus for mobile device
Liu et al. Efficient Authentication System Based On Blockchain Using eID card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination