CN105471903A - Method for generating electronic lock activation information and related system, device and unlocking method - Google Patents

Method for generating electronic lock activation information and related system, device and unlocking method Download PDF

Info

Publication number
CN105471903A
CN105471903A CN201511021439.3A CN201511021439A CN105471903A CN 105471903 A CN105471903 A CN 105471903A CN 201511021439 A CN201511021439 A CN 201511021439A CN 105471903 A CN105471903 A CN 105471903A
Authority
CN
China
Prior art keywords
electronic lock
root key
lock
active information
cipher
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201511021439.3A
Other languages
Chinese (zh)
Other versions
CN105471903B (en
Inventor
韦彪茂
郭敏鸿
罗恕人
石瑜育
马亮亮
余学武
黄�俊
张上仪
曹海鹰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN201511021439.3A priority Critical patent/CN105471903B/en
Publication of CN105471903A publication Critical patent/CN105471903A/en
Application granted granted Critical
Publication of CN105471903B publication Critical patent/CN105471903B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B15/00Other details of locks; Parts for engagement by bolts of fastening devices
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B47/00Operating or controlling locks or other fastening devices by electric or magnetic means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention discloses a method for generating electronic lock activation information and a related system, a device and an unlocking method. The method for generating the electronic lock activation information comprises the following steps: according to a system root key according to system root key components of at least two different bodies; dispersing lock root keys according to the system root key and electronic lock serial numbers of electronic locks by a dispersion algorithm; and generating the electronic lock activation information according to the lock root keys and time information. The method disclosed by the technical scheme of the invention has the following advantages: the system root key and the electronic lock serial numbers and other factors are dispersed to generate the lock root keys, so as to solve the problem that all existing electronic locks have the same root key; the activation information is transmitted by the Internet and is written in the lock root keys to solve the geographical coverage problem and reduce the deployment cost of a writing device and the personnel training cost; and the electronic lock activation information comprises a time factor, and an unlocking password cannot be correctly calculated if only obtaining the lock root keys but obtaining no time, so that the security is improved.

Description

The production method of electronic lock active information and related system, equipment and method for unlocking
Technical field
The present invention relates to security technology area, specifically, relate to a kind of production method and related system, equipment and method for unlocking of electronic lock active information.
Background technology
Dynamic electronic cipher lock is the novel lock utilizing cryptography and information technology to carry out key distribution, cryptographic calculations, cryptographic check, effectively can substitute traditional mechanical code lock of current cash class Possum (ATM).Electronic coding lock system a kind ofly controls and supervise a whole set of ATM Password Management and operation and maintenance tools of ATM lower box Safet puzzle lock switch flow process.
The password of dynamic electronic cipher lock has change, expired invalid, the effective feature of single in time.Inner key cylinder sheet has operation note file function, can review historical operation record at any time.The unlocking cipher of electronic password lock is calculated by cipher server and produces, and by manually inputting on electronic lock, is finally verified by electronic lock.Whether electronic lock correctly can verify password, depends on whether electronic lock has same Information base with cipher server---lock root key.Lock root key is one of important authority calculating unlocking cipher, and another important authority is cryptographic calculations algorithm.The two lacks one and all can not calculate correct unlocking cipher.
Currently marketed dynamic electronic cipher lock cipher computational algorithm can use existing password to gain knowledge and algorithm obtains through certain transformation.But a part of electronic lock is collectively written into lock root key by Lock Factory business before dispatching from the factory, manufacturer not only grasps lock root key but also grasps unlocking cipher computational algorithm, there is the risk that manufacturer unblanks.Potential more risk is that the lock root key of manufacturer's write may exist each all identical problem, the consequence causing an electronic lock to be broken rear whole lock being all broken.
Summary of the invention
In view of the above-mentioned defect of prior art, embodiments of the present invention provide a kind of production method and related system, equipment and method for unlocking of the active information of electronic lock more safely and effectively.
On the one hand, embodiments of the present invention provide a kind of production method of electronic lock active information, and wherein, described method comprises: the system root key component generation system root key held according at least two different subjects; Number according to the electronic lock of described system root key with each electronic lock, divide the lock root key of each electronic lock that sheds via decentralized algorithm; Generate electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information.
On the other hand, embodiments of the present invention provide a kind of method for unlocking of electronic lock, wherein, described method comprises: cipher server uses the privately owned algorithm of electronic lock manufacturer to calculate unlocking cipher according to the interlock code of electronic lock active information, current time, Current electronic lock, wherein, described electronic lock active information contains temporal information, and the unlocking cipher calculated is sent to the person of unblanking; The unlocking cipher of the person's of unblanking input described in receiving, described electronic lock calculates the keying sequence in the described term of validity according to the time series in the unlocking cipher term of validity, the electronic lock active information stored at this electronic lock and lock combinations, determine whether to perform unlock operation according to the unlocking cipher of input and described keying sequence.
Again on the one hand, embodiments of the present invention provide a kind of cipher server, and wherein, described cipher server comprises:
System root key generation module, for the system root key component generation system root key held according at least two different subjects;
Lock root key generation module, for numbering according to the electronic lock of described system root key with each electronic lock, divides the lock root key of each electronic lock that sheds via decentralized algorithm;
Active information generation module, for generating electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information.
Another aspect, embodiments of the present invention provide a kind of electronic lock, and wherein, described electronic lock comprises:
Active information receiver module, for receiving the electronic lock active information that cipher server sends, described electronic lock active information contains temporal information;
Active module, for activating self according to described electronic lock active information and electronic lock active information being written to cryptographic storage district;
To unblank authentication module, for performing following operation: the unlocking cipher of the person's of unblanking input described in receiving, calculate the keying sequence in the described term of validity according to the electronic lock active information in the time series in the unlocking cipher term of validity, cryptographic storage district and lock combinations, determine whether to perform unlock operation according to the unlocking cipher of input and described keying sequence.
In addition, embodiments of the present invention additionally provide a kind of electronic coding lock system with above-mentioned cipher server and electronic lock, and wherein, described cipher server is connected by network with electronic lock.
Adopt technical scheme of the present invention, have the following advantages:
The key element dispersions such as use system root key and electronic lock numbering produce lock root key, solve the problem that existing all electronic lock root keys are identical;
Use networking transport active information write lock root key, solve region covering problem, reduce write device and lay cost and staff training cost;
Electronic lock active information comprises element of time, only cracks lock root key and still correctly can not calculate unlocking cipher without the time, improve fail safe.
Accompanying drawing explanation
Fig. 1 is the flow chart of the production method of a kind of electronic lock active information illustrated according to embodiment of the present invention;
Fig. 2 is the flow chart of the method for unlocking of a kind of electronic lock illustrated according to embodiment of the present invention;
Fig. 3 is the block diagram of a kind of electronic coding lock system illustrated according to embodiment of the present invention;
Fig. 4 is the block diagram of the embodiment 1 illustrated according to the cipher server of embodiment of the present invention;
Fig. 5 is the block diagram of the embodiment 2 illustrated according to the cipher server of embodiment of the present invention;
Fig. 6 is the block diagram of the embodiment 3 illustrated according to the cipher server of embodiment of the present invention;
Fig. 7 is the block diagram of the embodiment 4 illustrated according to the cipher server of embodiment of the present invention;
Fig. 8 is the block diagram of a kind of electronic lock illustrated according to embodiment of the present invention;
Fig. 9 is the system architecture diagram illustrated being applied to bank self-aid apparatus field according to the electronic coding lock system of embodiment of the present invention.
Embodiment
For the ease of understanding the various aspects of technical solution of the present invention, feature and advantage, below in conjunction with accompanying drawing, the present invention is specifically described.Should be appreciated that following various execution modes are only for illustrating, but not for limiting the scope of the invention.
With reference to figure 1, it illustrates the production method of a kind of electronic lock active information according to embodiment of the present invention.In various embodiments of the present invention, described electronic lock active information produces by following process, includes but not limited to:
S110. according to the system root key component generation system root key that at least two different subjects (such as, banking person and technical staff) are held; The present invention does not limit the number of different subjects, can be two or arbitrary number more than two.
S120. number according to the electronic lock of described system root key with each electronic lock, divide the lock root key of each electronic lock that sheds via decentralized algorithm;
S130. generate electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information.
According to embodiment of the present invention, use the dispersion of the key element such as system root key and electronic lock numbering to produce lock root key, solve the problem that existing all electronic lock root keys are identical; Electronic lock active information comprises element of time, only cracks lock root key and still correctly can not calculate unlocking cipher without the time, improve fail safe.
In one embodiment of the invention, treatment S 110 can comprise: obtain the system root key component that at least two different subjects are held; Described at least two system root key components are carried out string-concatenation and obtains system root key.
Preferably, described decentralized algorithm is non-reversible algorithm, such as, but not limited to: MD5 algorithm, SHA256 algorithm, Whirlpool algorithm, RIPEMD-160 algorithm etc.Wherein, MD5 algorithm and Message-DigestAlgorithm5 (Message-Digest Algorithm 5), SHA256 algorithm and cryptographic Hash size are the hash algorithm of 256, Whirlpool algorithm is a kind of one-way Hash algorithm designed by Belgian PauloBarreto and VincentRijmen, the RIPEMD-160 algorithm i.e. RACE raw integrity verification message digest algorithm of 160.
In a preferred embodiment of the invention, treatment S 130 can comprise: described lock root key, temporal information and random number are carried out string-concatenation and obtains electronic lock active information.It should be noted that, at this for illustrating, the present invention is not limited thereto, treatment S 130 can comprise known in the art can by lock root key, temporal information and random number be worked into electronic lock active information with any method making electronic lock active information comprise element of time, such as, other character treating methods such as character transposition, BASE64 coding can also be used.
In other execution modes of the present invention, the electronic lock active information of described generation is transferred to corresponding electronic lock to activate this electronic lock after encryption.Electronic lock active information described in the encryption and decryption of preferred employing public private key pair, solves the safety problem of lock root key synchronous transmission thus.
With reference to figure 2, it illustrates the method for unlocking of a kind of electronic lock according to embodiment of the present invention.Wherein, described method for unlocking can comprise:
S210. cipher server uses the privately owned algorithm of electronic lock manufacturer to calculate unlocking cipher according to the interlock code of electronic lock active information, current time, Current electronic lock, and wherein, described electronic lock active information contains temporal information,
S220. the unlocking cipher calculated is sent to the person of unblanking;
The unlocking cipher of the person's of unblanking input described in S230. receiving, described electronic lock calculates the keying sequence in the described term of validity according to the time series in the unlocking cipher term of validity, the electronic lock active information stored at this electronic lock and lock combinations,
S240. determine whether to perform unlock operation according to the unlocking cipher inputted and described keying sequence.
Select as one, in treatment S 240, determine whether that performing unlock operation can comprise according to the unlocking cipher inputted and described keying sequence: containing described unlocking cipher in described keying sequence, then perform unlock operation; There is no described unlocking cipher in described keying sequence, then refuse unlock operation.It will be appreciated by those skilled in the art that and the present invention is not limited thereto, other any cipher verification techniques known in the art can be adopted whether to determine unlocking cipher accurately and whether perform unlock operation.
According to embodiment of the present invention, electronic lock active information comprises element of time, only cracks lock root key and still correctly can not calculate unlocking cipher without the time, improve fail safe.
Below by reference to the accompanying drawings the various execution modes of method of the present invention are illustrated, below in conjunction with accompanying drawing, the system and relevant device that perform above-mentioned process are described.
With reference to figure 3, it illustrates a kind of electronic coding lock system according to embodiment of the present invention.Described electronic coding lock system can comprise cipher server and electronic lock, and wherein, described cipher server is connected by network with described electronic lock.The process that above-mentioned various different execution mode is recorded or step can all or part of cipher server at described electronic coding lock system or electronic lock perform, and about this point, refer to hereafter.
With reference to figure 4, it illustrates the embodiment 1 according to the cipher server of embodiment of the present invention.In embodiment 1, described cipher server can comprise:
System root key generation module 410, for the system root key component generation system root key held according at least two different subjects;
Lock root key generation module 420, for numbering according to the electronic lock of described system root key with each electronic lock, divides the lock root key of each electronic lock that sheds via decentralized algorithm;
Active information generation module 430, for generating electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information.
According to embodiment of the present invention, use the dispersion of the key element such as system root key and electronic lock numbering to produce lock root key, solve the problem that existing all electronic lock root keys are identical; Electronic lock active information comprises element of time, only cracks lock root key and still correctly can not calculate unlocking cipher without the time, improve fail safe.
In the another kind of implementation of the present embodiment, the system root key component generation system root key that described system root key generation module 410 is held according at least two different subjects can comprise: obtain the system root key component that at least two different subjects are held, such as, the key components held separately pours in cipher server by banking person and technical staff respectively; Described at least two system root key components are carried out string-concatenation and obtains system root key.
As selection, described decentralized algorithm is non-reversible algorithm, such as, and MD5 algorithm, SHA256 algorithm, Whirlpool algorithm, RIPEMD-160 algorithm.
In the another kind of implementation of the present embodiment, described active information generation module 430 generates electronic lock active information can comprise according to described lock root key, temporal information: described lock root key, temporal information and random number are carried out string-concatenation and obtains electronic lock active information.Certainly, those skilled in the art are to be understood that, here only for illustrating, the present invention is not limited thereto, active information generation module 430 can also adopt known in the art can by lock root key, temporal information and random number be worked into electronic lock active information with any method making electronic lock active information comprise element of time.
With reference to figure 5, it illustrates the embodiment 2 according to the cipher server of embodiment of the present invention.In example 2, described cipher server can comprise:
System root key generation module 510, for the system root key component generation system root key held according at least two different subjects;
Lock root key generation module 520, for numbering according to the electronic lock of described system root key with each electronic lock, divides the lock root key of each electronic lock that sheds via decentralized algorithm;
Active information generation module 530, for generating electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information; And
Active information transport module 540, for being transferred to corresponding electronic lock to activate this electronic lock by the electronic lock active information of described generation after encryption.
In an embodiment, can any encrypted transmission technology known in the art, preferably electronic lock active information described in the encryption and decryption of employing public private key pair, the thus safety problem of solution lock root key synchronous transmission.
With reference to figure 6, it illustrates the embodiment 3 according to the cipher server of embodiment of the present invention.In embodiment 3, described cipher server can comprise:
System root key generation module 610, for the system root key component generation system root key held according at least two different subjects;
Lock root key generation module 620, for numbering according to the electronic lock of described system root key with each electronic lock, divides the lock root key of each electronic lock that sheds via decentralized algorithm;
Active information generation module 630, for generating electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information;
Unlocking cipher generation module 640, for using the privately owned algorithm of electronic lock manufacturer to calculate unlocking cipher according to the interlock code of described electronic lock active information, current time, Current electronic lock; And
Password transmission module 650, for sending to the unlocking cipher calculated the person of unblanking.
By the present embodiment, unlocking cipher is calculated by cipher server and produces, and the password of unblanking each time is not identical, further increases the fail safe of electronic coding lock system.
With reference to figure 7, it illustrates the enforcement 4 according to the cipher server of embodiment of the present invention.In example 4, described cipher server can comprise:
System root key generation module 710, for the system root key component generation system root key held according at least two different subjects;
Lock root key generation module 720, for numbering according to the electronic lock of described system root key with each electronic lock, divides the lock root key of each electronic lock that sheds via decentralized algorithm;
Active information generation module 730, for generating electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information;
Active information transport module 740, for being transferred to corresponding electronic lock to activate this electronic lock by the electronic lock active information of described generation after encryption;
Unlocking cipher generation module 750, for using the privately owned algorithm of electronic lock manufacturer to calculate unlocking cipher according to the interlock code of described electronic lock active information, current time, Current electronic lock; And
Password transmission module 760, for sending to the unlocking cipher calculated the person of unblanking.
In the present embodiment, cipher server has the repertoire of enforcement 2 and embodiment 3 simultaneously, not only realizes the safe transmission of active information, but also the calculating realizing unlocking cipher is to improve the fail safe of electronic lock.
It should be noted that, above is only be illustrated the cipher server of embodiment of the present invention, the present invention is not limited thereto.Under the prerequisite not departing from aim of the present invention, can various execution mode of the present invention or embodiment be changed or be combined, obtain new execution mode thus or embodiment falls into protection scope of the present invention equally.Such as, active information transmission and password transmission are not inevitable by two independently module realizations, such as: above-mentioned active information transport module 740 and password transmission module 760, can be realized by same module yet.
With reference to figure 8, it illustrates a kind of electronic lock according to embodiment of the present invention.In the electronic coding lock system of the various execution mode of the present invention, electronic lock can include but not limited to: active information receiver module 810, active module 820, authentication module 830 of unblanking.Specifically, the electronic lock active information that active information receiver module 810 sends for receiving cipher server, described electronic lock active information contains temporal information, if the electronic lock active information that cipher server sends is encryption, active information receiver module 810 is also for being decrypted the electronic lock active information of encryption; Active module 820 is for activating self according to described electronic lock active information and electronic lock active information being written to cryptographic storage district; Unblank authentication module 830 for performing following operation: the unlocking cipher of the person's of unblanking input described in receiving, calculate the keying sequence in the described term of validity according to the electronic lock active information in the time series in the unlocking cipher term of validity, cryptographic storage district and lock combinations, determine whether to perform unlock operation according to the unlocking cipher of input and described keying sequence.
According to embodiment of the present invention, electronic lock active information comprises element of time, only cracks lock root key and still correctly can not calculate unlocking cipher without the time, improve fail safe.
Alternatively, according to the unlocking cipher of input and described keying sequence, authentication module 830 of unblanking described in determines whether that performing unlock operation can comprise: containing described unlocking cipher in described keying sequence, then perform unlock operation; There is no described unlocking cipher in described keying sequence, then refuse unlock operation.Certainly, it will be appreciated by those skilled in the art that and the present invention is not limited thereto, other any cipher verification techniques known in the art can be adopted whether to determine unlocking cipher accurately and whether perform unlock operation.
It should be noted that; those skilled in the art are to be understood that; process described in above-mentioned various method execution mode and the function of each module of said system can be performed by an equipment or two equipment; the function that also an equipment or two equipment can be realized or the process of execution are distributed on other equipment and perform; the execution mode formed thus is used to be described aim of the present invention equally, and falls into protection scope of the present invention.Below for the electronic coding lock system using the present invention to propose in bank self-aid apparatus field, to various aspects of the present invention, characteristics and advantages is described.
With reference to figure 9, it illustrates the general frame figure of the electronic coding lock system using the present invention to propose in bank self-aid apparatus field.
1. system architecture describes
According to Fig. 9, system architecture according to the present embodiment can comprise cipher server, ATMVH, ATM and electronic lock.Wherein, ATM and cash class Possum, comprise cash dispenser, deposit machine, circulator, cash recycling system.Possum is provided with the safety cabinet for placing paper money case, and inner preset cash is withdrawn the money for holder.Electronic lock a kind of comes control circuit or chip operation by dynamic password input, thus control the closed of safety cabinet mechanical switch, complete unblank, the electronic product of locking task.ATMVH and ATM supervisory control system, for: real-time deal, equipment state, the failure monitoring of monitoring ATM; The remote control function such as software upgrading, flowing water extraction is provided; And the functions such as necessary electronic lock monitoring, electronic lock management, personnel and rights management are provided.Wherein, namely cipher server is communicated with ATMVH internet by TCP/IP (transmission control protocol/Internet Protocol), ATMVH communicates with ATM by producing network (bank has network by oneself), ATM is connected with electronic lock by USB (USB), thus, the information such as the lock root key that cipher server produces can by network security transmission to electronic lock, and for giving each electronic lock human configuration, operating efficiency need not be substantially increased and reduce human cost.
Below each several part of system architecture is specifically described.
Electronic lock
unlocking cipher is verified
Active electron lock function
Cryptographic authorization functions
Information authentication function
lock open and close and other states are sent
Lock leaves, locks in off status and send
The states such as password attempt number of times is too much, high temperature, vibrations warning are sent
electronic lock state controls
Mutual with ATMC
Off-line, the process of power down abnormal conditions
ATMC (ATM control system)
lock activates, flow process support opened by lock
Electronic lock activation process is supported
Flow process of unblanking support
the transmitting-receiving of electronic lock state and early warning
The state transmitting-receiving such as switch, uncaging time time-out of door lock
electronic lock manages
Electronic lock parameter is set
Regular extraction lock usage log
ATMVH
lock activates, flow process support opened by lock
Electronic lock activation process is supported
Flow process of unblanking support
monitoring management
Electronic lock user and authority management module
Clear adds paper money plan, circuit formulates module
The monitoring of electronic lock service condition, warning module
Electronic lock uses Reports module
cryptographic service management
Password generates key, communication key perfusion
Cipher server extracts usage log
Cipher server
dispersion is often the active information of electronic lock
Disperse often the active information of electronic lock according to password generation root key and electronic lock ID
The active information of PKI to each electronic lock of electronic lock is used to be encrypted
unlocking cipher is generated according to password forming element
The signature of verification electronic lock
Generate unlocking cipher
log recording
Log
2. the password that electronic lock activates generates key
the activation of cipher server
Before use, two sections of components R ootKeyA, RootKeyB of the generation root key (system root key: RootKey) banking personnel and technical staff need held respectively pour into cipher server to cipher server.The root key that the cipher server of each electronic lock manufacturer pours into is different.
RootKey=RootKeyA||RootKeyB
" || " is string-concatenation, lower same.
Cipher server before use, need be circulated in cipher server cipher server communication key (CommKey), and this key is used for Crypted password server and calculates the unlocking cipher produced.Cryptographic algorithm adopts the symmetric encipherment algorithms such as DES (data encryption standard), AES (Advanced Encryption Standard).The communication key that the cipher server of each electronic lock manufacturer pours into is different, effectively takes precautions against the risk of producer's crosstalk.
the generation of electronic lock active information
I. electronic lock active information (AI) is calculated by cipher server and produces, and step is as follows:
First, system root key one components R ootKeyA and system root key two components R ootKeyB is carried out string-concatenation and obtain system root key RootKey.Thereafter, system root key RootKey and electronic lock are numbered (ID), divide the active information of each electronic lock that sheds through decentralized algorithm (dis) (such as adopting n hash algorithm MD5, SHA256, Whirlpool, RIPEMD-160 etc.), namely lock root key (LKEY):
LKEY=dis(RootKeyA||RootKeyB,ID)
Decentralized algorithm should be non-reversible algorithm, and algorithm should ensure that LKEY should be distributed in discrete target territory as far as possible fifty-fifty.Thus, the problem that lock root key is identical may occur hardly, also prevent the risk of the reverse calculation system root key of root key by breaking through a lock.
Ii. set the time as TIME, time change algorithm is tts, and the random number that cipher server generates is RAN.LKEY, timestamp tts (TIME), random number RA N are carried out string-concatenation and obtain AI, then cipher server generates an active information AI at the moment:
AI=LKEY||tts(TIME)||RAN
Iii. thus, electronic lock active information AI is:
AI=dis(RootKeyA||RootKeyB,ID)||tts(TIME)||RAN
As can be seen from formula above, electronic lock active information AI comprises element of time, only cracks lock root key LKEY or to be shed lock root key by system root key RootKey and electronic lock numbering point, but without element of time, still can not calculate correct unlocking cipher.This improves the fail safe of system.
Iv. set the electronic lock active information of transmission as AIT, cryptographic algorithm is enc, and asymmetric encryption PKI is LPUK, then AIT: the rivest, shamir, adelman encryption that electronic lock active information AI is LPUK through electronic lock PKI obtains.
AIT=enc(AI,LPUK)
Through the lock active information AIT of encryption, by bank's Intranet, penetrate ATMVH and ATMC, be transferred to electronic lock.This asymmetric encryption solves the safety problem of lock active information transmission.
the deciphering of electronic lock active information and use
After electronic lock receives AIT, use the private key (LPRK) of rivest, shamir, adelman to decipher AIT and obtain AI, decipherment algorithm is dec:
AI=dec(AIT,LPRK)
Electronic lock uses AI to activate self, and AI is written in cryptographic storage district.After electronic lock activates, all unlocking ciphers all need to use AI to participate in calculating as key element.
the deciphering of electronic lock active information and use when again activating
When electronic lock is about to again activate, TIME and RAN in AI changes, and LKEY still maintains the original state, if new active information is AI ':
AI’=LKEY||tts(TIME’)||RAN’
Electronic lock receives AI ', splits out its LKEY and verifies.If LKEY does not change, electronic lock reactivates, and re-writes active information to cryptographic storage district.If LKEY changes, then illustrate that this AI ' is the active information forged, be incredible, then electronic lock does not reactivate, and does not re-write active information to cryptographic storage district.
General only needs in the life cycle of electronic lock is activated once, and the scene again activated has: activate lock doubtful failed time, telephone-moving time.
the use of active information when calculating beginning password
The account form of unlocking cipher Psw:
Psw=function(AI||ShutCode||Date&Time)
Wherein, function (function) is the privately owned algorithm of each electronic lock manufacturer, the active information of each key element: AI---lock; ShutCode---locking code-locked, is namely locked in after having unblanked, the set of number code produced in the process that dead bolt is packed up; Date & Time---date and time, for the available time of limit for cryptographic.
Introducing below unblanks in process, the use example of active information AI:
Cipher server, according to the formula calculating unlocking cipher, joins the interlock code ShutCode of current time Date & Time, Current electronic lock in the middle of calculating, calculates unlocking cipher (PswTry):
PswTry=function(AI||ShutCode||Date&Time)
When unlocking person receives this password, and when locking input PswTry, electronic lock, equally according to this formula, calculates the Date & Time time series in cryptographic validity the keying sequence PswSerial in a series of term of validity respectively with AI, ShutCode.When PswTry exists in this sequence of PswSerial, then think that unlocking cipher is correct, lock is normally opened.
In sum, according to various execution mode of the present invention, there is following beneficial effect:
1. the root key of all electronic locks uses the key element dispersion such as electronic lock system root key and lock numbering to produce, and solves the problem that all electronic lock root keys are identical.
2. use networking transport write lock root key (electronic lock active information), solve region covering problem, reduce write device and lay cost and staff training cost.
3. use public private key pair encryption and decryption lock root key, solve the safety problem of lock root key synchronous transmission.
4. lock root key verification scheme when re-writing lock root key, effectively take precautions against the problem of forging lock root key.
4. root key comprises element of time, only cracks lock root key and still correctly can not calculate unlocking cipher without the time.
More than specifically describe various different execution mode of the present invention, other aspects or the feature of the technical scheme of embodiment of the present invention are described below in another form, and be not limited to following a series of paragraph, in order to clear and effectively for the purpose of, the some or all of paragraph designated word alphamerics in these paragraphs can be given.The content group that each section in these paragraphs can combine with one or more than one other paragraph in any suitable manner.Under the condition of the example of some do not limited in suitable combination, some paragraphs are hereinafter quoted other paragraphs especially and are limited other paragraphs further.
A1. the production method of an electronic lock active information can comprise: the system root key component generation system root key held according at least two different subjects; Number according to the electronic lock of described system root key with each electronic lock, divide the lock root key of each electronic lock that sheds via decentralized algorithm; Generate electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information.
A2. the method according to paragraph A1, wherein, the key components generation system root key that described basis at least two different subjects are held can comprise: obtain the system root key component that at least two different subjects are held; Described at least two system root key components are carried out string-concatenation and obtains system root key.
A3. the method according to paragraph A1 or A2, wherein, described decentralized algorithm is non-reversible algorithm.
A4. the method according to paragraph A3, wherein, described decentralized algorithm can comprise MD5 algorithm, SHA256 algorithm, Whirlpool algorithm, RIPEMD-160 algorithm etc.
A5. the method according to paragraph A1 or A4, wherein, generates electronic lock active information can comprise according to described lock root key, temporal information: described lock root key, temporal information and random number are carried out string-concatenation and obtains electronic lock active information.
A6. according to the method one of paragraph A1 ~ A5 Suo Shu, it also can comprise: the electronic lock active information of described generation is transferred to corresponding electronic lock to activate this electronic lock after encryption.
B1. the method for unlocking of an electronic lock can comprise: cipher server uses the privately owned algorithm of electronic lock manufacturer to calculate unlocking cipher according to the interlock code of electronic lock active information, current time, Current electronic lock, wherein, described electronic lock active information contains temporal information, and the unlocking cipher calculated is sent to the person of unblanking; The unlocking cipher of the person's of unblanking input described in receiving, described electronic lock calculates the keying sequence in the described term of validity according to the time series in the unlocking cipher term of validity, the electronic lock active information stored at this electronic lock and lock combinations, determine whether to perform unlock operation according to the unlocking cipher of input and described keying sequence.
B2. according to the unlocking cipher inputted and described keying sequence, the method according to paragraph B1, wherein, determines whether that performing unlock operation can comprise: containing described unlocking cipher in described keying sequence, then perform unlock operation; There is no described unlocking cipher in described keying sequence, then refuse unlock operation.
C1. cipher server can comprise: a system root key generation module, for the system root key component generation system root key held according at least two different subjects; Lock root key generation module, for numbering according to the electronic lock of described system root key with each electronic lock, divides the lock root key of each electronic lock that sheds via decentralized algorithm; Active information generation module, for generating electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information.
C2. the cipher server according to paragraph C1, wherein, the system root key component generation system root key that described system root key generation module is held according at least two different subjects can comprise: obtain the system root key component that at least two different subjects are held; Described at least two system root key components are carried out string-concatenation and obtains system root key.
C3. the cipher server according to paragraph C1 or C2, wherein, described decentralized algorithm is non-reversible algorithm.
C4. the cipher server according to paragraph C3, wherein, described decentralized algorithm can comprise MD5 algorithm, SHA256 algorithm, Whirlpool algorithm, RIPEMD-160 algorithm etc.
C5. the cipher server according to paragraph C1 to C4 any one, wherein, active information generation module generates electronic lock active information can comprise according to described lock root key, temporal information: described lock root key, temporal information and random number are carried out string-concatenation and obtains electronic lock active information.
C6. the cipher server according to paragraph C1, it can also comprise: active information transport module, for the electronic lock active information of described generation is transferred to corresponding electronic lock to activate this electronic lock after encryption.
C7. according to the cipher server one of C1 ~ C6 Suo Shu, it can comprise further: unlocking cipher generation module, for using the privately owned algorithm of electronic lock manufacturer to calculate unlocking cipher according to the interlock code of described electronic lock active information, current time, Current electronic lock; Password transmission module, for sending to the unlocking cipher calculated the person of unblanking.
D1. an electronic lock, it can comprise: active information receiver module, and for receiving the electronic lock active information that cipher server sends, described electronic lock active information contains temporal information; Active module, for activating self according to described electronic lock active information and electronic lock active information being written to cryptographic storage district; To unblank authentication module, for performing following operation: the unlocking cipher of the person's of unblanking input described in receiving, calculate the keying sequence in the described term of validity according to the electronic lock active information in the time series in the unlocking cipher term of validity, cryptographic storage district and lock combinations, determine whether to perform unlock operation according to the unlocking cipher of input and described keying sequence.
D2. the electronic lock according to paragraph D1, wherein, described in authentication module of unblanking determine whether that performing unlock operation comprises according to the unlocking cipher of input and described keying sequence: containing described unlocking cipher in described keying sequence, then perform unlock operation; There is no described unlocking cipher in described keying sequence, then refuse unlock operation.
E1. electronic coding lock system can comprise: the cipher server described in paragraph C1 to C7 any one and the electronic lock described in paragraph D1 or D2, wherein, described cipher server is connected by network with described electronic lock.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode of software combined with hardware platform.Based on such understanding, what technical scheme of the present invention contributed to background technology can embody with the form of software product in whole or in part, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
Skilled person should be appreciated that and disclosed is only embodiments of the present invention above, and certainly can not limit the interest field of the present invention with this, the equivalent variations done according to embodiment of the present invention, still belongs to the scope that the claims in the present invention contain.

Claims (18)

1. a production method for electronic lock active information, is characterized in that, described method comprises:
According to the system root key component generation system root key that at least two different subjects are held;
Number according to the electronic lock of described system root key with each electronic lock, divide the lock root key of each electronic lock that sheds via decentralized algorithm;
Generate electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information.
2. method according to claim 1, is characterized in that, the key components generation system root key that described basis at least two different subjects are held comprises:
Obtain the system root key component that at least two different subjects are held;
Described at least two system root key components are carried out string-concatenation and obtains system root key.
3. method according to claim 1 and 2, is characterized in that, described decentralized algorithm is non-reversible algorithm.
4. method according to claim 3, is characterized in that, described decentralized algorithm comprises MD5 algorithm, SHA256 algorithm, Whirlpool algorithm, RIPEMD-160 algorithm.
5. the method according to claim 1 or 4, is characterized in that, generates electronic lock active information, comprising according to described lock root key, temporal information:
Described lock root key, temporal information and random number are carried out string-concatenation and obtains electronic lock active information.
6. method according to claim 1, is characterized in that, also comprises:
The electronic lock active information of described generation is transferred to corresponding electronic lock to activate this electronic lock after encryption.
7. a method for unlocking for electronic lock, is characterized in that, described method comprises:
Cipher server uses the privately owned algorithm of electronic lock manufacturer to calculate unlocking cipher according to the interlock code of electronic lock active information, current time, Current electronic lock, and wherein, described electronic lock active information contains temporal information,
The unlocking cipher calculated is sent to the person of unblanking;
The unlocking cipher of the person's of unblanking input described in receiving, described electronic lock calculates the keying sequence in the described term of validity according to the time series in the unlocking cipher term of validity, the electronic lock active information stored at this electronic lock and lock combinations,
Determine whether to perform unlock operation according to the unlocking cipher inputted and described keying sequence.
8. method according to claim 7, is characterized in that, determines whether that performing unlock operation comprises according to the unlocking cipher inputted and described keying sequence:
Containing described unlocking cipher in described keying sequence, then perform unlock operation;
There is no described unlocking cipher in described keying sequence, then refuse unlock operation.
9. a cipher server, is characterized in that, described cipher server comprises:
System root key generation module, for the system root key component generation system root key held according at least two different subjects;
Lock root key generation module, for numbering according to the electronic lock of described system root key with each electronic lock, divides the lock root key of each electronic lock that sheds via decentralized algorithm;
Active information generation module, for generating electronic lock active information according to described lock root key, temporal information, described electronic lock active information contains temporal information.
10. cipher server according to claim 9, is characterized in that, the system root key component generation system root key that described system root key generation module is held according at least two different subjects comprises:
Obtain the system root key component that at least two different subjects are held;
Described at least two system root key components are carried out string-concatenation and obtains system root key.
11. cipher servers according to claim 9 or 10, it is characterized in that, described decentralized algorithm is non-reversible algorithm.
12. cipher servers according to claim 11, is characterized in that, described decentralized algorithm comprises MD5 algorithm, SHA256 algorithm, Whirlpool algorithm, RIPEMD-160 algorithm.
13. cipher servers according to claim 9 or 12, is characterized in that, active information generation module generates electronic lock active information comprise according to described lock root key, temporal information:
Described lock root key, temporal information and random number are carried out string-concatenation and obtains electronic lock active information.
14. cipher servers according to claim 9, is characterized in that, also comprise:
Active information transport module, for being transferred to corresponding electronic lock to activate this electronic lock by the electronic lock active information of described generation after encryption.
15. cipher servers according to claim 9 or 14, is characterized in that, also comprise:
Unlocking cipher generation module, for using the privately owned algorithm of electronic lock manufacturer to calculate unlocking cipher according to the interlock code of described electronic lock active information, current time, Current electronic lock;
Password transmission module, for sending to the unlocking cipher calculated the person of unblanking.
16. 1 kinds of electronic locks, is characterized in that, comprising:
Active information receiver module, for receiving the electronic lock active information that cipher server sends, described electronic lock active information contains temporal information;
Active module, for activating self according to described electronic lock active information and electronic lock active information being written to cryptographic storage district;
To unblank authentication module, for performing following operation: the unlocking cipher of the person's of unblanking input described in receiving, calculate the keying sequence in the described term of validity according to the electronic lock active information in the time series in the unlocking cipher term of validity, cryptographic storage district and lock combinations, determine whether to perform unlock operation according to the unlocking cipher of input and described keying sequence.
17. electronic locks according to claim 16, is characterized in that, described in unblank authentication module according to input unlocking cipher and described keying sequence determine whether perform unlock operation comprise:
Containing described unlocking cipher in described keying sequence, then perform unlock operation;
There is no described unlocking cipher in described keying sequence, then refuse unlock operation.
18. 1 kinds of electronic coding lock systems, is characterized in that, described system comprises: the cipher server described in claim 9 to 15 any one and the electronic lock described in claim 16 or 17, and wherein, described cipher server is connected by network with described electronic lock.
CN201511021439.3A 2015-12-31 2015-12-31 The production method and related system of electronic lock active information, equipment and method for unlocking Active CN105471903B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511021439.3A CN105471903B (en) 2015-12-31 2015-12-31 The production method and related system of electronic lock active information, equipment and method for unlocking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511021439.3A CN105471903B (en) 2015-12-31 2015-12-31 The production method and related system of electronic lock active information, equipment and method for unlocking

Publications (2)

Publication Number Publication Date
CN105471903A true CN105471903A (en) 2016-04-06
CN105471903B CN105471903B (en) 2018-11-02

Family

ID=55609173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511021439.3A Active CN105471903B (en) 2015-12-31 2015-12-31 The production method and related system of electronic lock active information, equipment and method for unlocking

Country Status (1)

Country Link
CN (1) CN105471903B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106131179A (en) * 2016-07-05 2016-11-16 林哲敏 The password Rights Management System of a kind of intelligent door lock and method
CN106211048A (en) * 2016-08-31 2016-12-07 重庆智城互盈科技发展有限公司 The password unlocking method of smart lock, Apparatus and system
CN106780880A (en) * 2016-12-12 2017-05-31 国网北京市电力公司 Method for generating cipher code, device and smart lock
CN106953732A (en) * 2017-03-10 2017-07-14 南方城墙信息安全科技有限公司 The key management system and method for chip card
CN106992850A (en) * 2017-03-16 2017-07-28 武汉世纪金桥安全技术有限公司 A kind of secret key verification method of blue-tooth intelligence lock controller
CN107135229A (en) * 2017-06-02 2017-09-05 云丁网络技术(北京)有限公司 Intelligent home information safe verification method, device, equipment and system
CN108320356A (en) * 2018-02-02 2018-07-24 陈旭 Lock control method, apparatus and system
CN108999489A (en) * 2018-06-26 2018-12-14 月神科技(北京)有限公司 A kind of control electronic lock access right and the business method using payment
CN109741500A (en) * 2018-12-29 2019-05-10 北京方正数码有限公司 A kind of setting of the temporary password of smart lock and its verification method
CN109787749A (en) * 2019-01-07 2019-05-21 中国电子科技集团公司第七研究所 A kind of door lock method for generating cipher code and its cipher management method based on DES algorithm
CN113470224A (en) * 2021-06-16 2021-10-01 支付宝(杭州)信息技术有限公司 Unlocking method and system
CN114401426A (en) * 2021-12-31 2022-04-26 珠海迈科智能科技股份有限公司 Method and system for generating dynamic key

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101444036A (en) * 2006-05-11 2009-05-27 萨基姆玛尼特公司 Terminal activation method
CN102750785A (en) * 2012-06-19 2012-10-24 中国工商银行股份有限公司 ATM (Automatic Teller Machine) and security authentication system of ATM
US20130124292A1 (en) * 2010-07-29 2013-05-16 Nirmal Juthani System and method for generating a strong multi factor personalized server key from a simple user password
CN103731272A (en) * 2014-01-06 2014-04-16 飞天诚信科技股份有限公司 Identity authentication method, system and equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101444036A (en) * 2006-05-11 2009-05-27 萨基姆玛尼特公司 Terminal activation method
US20130124292A1 (en) * 2010-07-29 2013-05-16 Nirmal Juthani System and method for generating a strong multi factor personalized server key from a simple user password
CN102750785A (en) * 2012-06-19 2012-10-24 中国工商银行股份有限公司 ATM (Automatic Teller Machine) and security authentication system of ATM
CN103731272A (en) * 2014-01-06 2014-04-16 飞天诚信科技股份有限公司 Identity authentication method, system and equipment

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106131179A (en) * 2016-07-05 2016-11-16 林哲敏 The password Rights Management System of a kind of intelligent door lock and method
CN106211048A (en) * 2016-08-31 2016-12-07 重庆智城互盈科技发展有限公司 The password unlocking method of smart lock, Apparatus and system
CN106780880B (en) * 2016-12-12 2019-04-12 国网北京市电力公司 Method for generating cipher code, device and smart lock
CN106780880A (en) * 2016-12-12 2017-05-31 国网北京市电力公司 Method for generating cipher code, device and smart lock
CN106953732B (en) * 2017-03-10 2020-02-07 南方城墙信息安全科技有限公司 Key management system and method for chip card
CN106953732A (en) * 2017-03-10 2017-07-14 南方城墙信息安全科技有限公司 The key management system and method for chip card
CN106992850B (en) * 2017-03-16 2019-10-08 武汉世纪金桥安全技术有限公司 A kind of secret key verification method of blue-tooth intelligence lock controller
CN106992850A (en) * 2017-03-16 2017-07-28 武汉世纪金桥安全技术有限公司 A kind of secret key verification method of blue-tooth intelligence lock controller
CN107135229A (en) * 2017-06-02 2017-09-05 云丁网络技术(北京)有限公司 Intelligent home information safe verification method, device, equipment and system
CN108320356A (en) * 2018-02-02 2018-07-24 陈旭 Lock control method, apparatus and system
CN108999489A (en) * 2018-06-26 2018-12-14 月神科技(北京)有限公司 A kind of control electronic lock access right and the business method using payment
CN109741500A (en) * 2018-12-29 2019-05-10 北京方正数码有限公司 A kind of setting of the temporary password of smart lock and its verification method
CN109741500B (en) * 2018-12-29 2022-05-10 北京方正数码有限公司 Temporary password setting and verification method for intelligent lock
CN109787749A (en) * 2019-01-07 2019-05-21 中国电子科技集团公司第七研究所 A kind of door lock method for generating cipher code and its cipher management method based on DES algorithm
CN109787749B (en) * 2019-01-07 2022-05-10 中国电子科技集团公司第七研究所 Door lock password generation method based on DES algorithm and password management method thereof
CN113470224A (en) * 2021-06-16 2021-10-01 支付宝(杭州)信息技术有限公司 Unlocking method and system
CN114401426A (en) * 2021-12-31 2022-04-26 珠海迈科智能科技股份有限公司 Method and system for generating dynamic key
CN114401426B (en) * 2021-12-31 2023-05-05 珠海迈科智能科技股份有限公司 Dynamic key generation method and system

Also Published As

Publication number Publication date
CN105471903B (en) 2018-11-02

Similar Documents

Publication Publication Date Title
CN105471903A (en) Method for generating electronic lock activation information and related system, device and unlocking method
US7260834B1 (en) Cryptography and certificate authorities in gaming machines
CN102724215B (en) Method for storing user key safely and improving data security of cloud platform based on user login password
DE60212577T2 (en) METHOD AND DEVICE FOR CERTIFYING DATA
CN107579817A (en) User ID authentication method, apparatus and system based on block chain
CN107528688A (en) A kind of keeping of block chain key and restoration methods, device based on encryption commission technology
AT512289B1 (en) CRYPTOGRAPHIC AUTHENTICATION AND IDENTIFICATION METHOD FOR MOBILE TELEPHONE AND COMMUNICATION DEVICES WITH REAL-TIME ENCRYPTION DURING THE ACTION PERIOD
CN105245341A (en) Remote identity authentication method and system and remote account opening method and system
CN102509034B (en) Software license control method of software license control device
CN104464048B (en) A kind of electronic password lock method for unlocking and device
CN101159556A (en) Group key server based key management method in sharing encryption file system
CN109543434B (en) Block chain information encryption method, decryption method, storage method and device
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN108471352A (en) Processing method, system, computer equipment based on distributed private key and storage medium
CN101945114A (en) Identity authentication method based on fuzzy vault and digital certificate
CN108830983A (en) A kind of access control system and its working method based on block chain
CN105915523A (en) Implementation method of safety configuration device based on cloud calculation
CN102915411A (en) Dereplication encryption lock for software and hardware of embedded system
CN111314074A (en) Secret sharing and timestamp based quantum secret communication key distribution and negotiation system
CN107800537A (en) Encrypting database system and method, storage method and querying method based on quantum key distribution technology
CN106934886A (en) A kind of dynamic puzzle-lock OTC keys are set and update method
CN110505055A (en) Based on unsymmetrical key pond to and key card outer net access identity authentication method and system
CN110138548A (en) Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system
CN108882030A (en) A kind of monitor video classification encryption and decryption method and system based on time-domain information
CN114267100A (en) Unlocking authentication method and device, security chip and electronic key management system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant