CN105471903B - The production method and related system of electronic lock active information, equipment and method for unlocking - Google Patents

The production method and related system of electronic lock active information, equipment and method for unlocking Download PDF

Info

Publication number
CN105471903B
CN105471903B CN201511021439.3A CN201511021439A CN105471903B CN 105471903 B CN105471903 B CN 105471903B CN 201511021439 A CN201511021439 A CN 201511021439A CN 105471903 B CN105471903 B CN 105471903B
Authority
CN
China
Prior art keywords
electronic lock
root key
lock
unlocking
active information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201511021439.3A
Other languages
Chinese (zh)
Other versions
CN105471903A (en
Inventor
韦彪茂
郭敏鸿
罗恕人
石瑜育
马亮亮
余学武
黄�俊
张上仪
曹海鹰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN201511021439.3A priority Critical patent/CN105471903B/en
Publication of CN105471903A publication Critical patent/CN105471903A/en
Application granted granted Critical
Publication of CN105471903B publication Critical patent/CN105471903B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B15/00Other details of locks; Parts for engagement by bolts of fastening devices
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B47/00Operating or controlling locks or other fastening devices by electric or magnetic means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention discloses a kind of production method and related system of electronic lock active information, equipment and method for unlocking.Wherein, the production method of the electronic lock active information includes:System root key is generated according to the system root key component that at least two different subjects are held;It is numbered according to the electronic lock of system root key and each electronic lock, disperses lock root key via decentralized algorithm;Electronic lock active information is generated according to lock root key, temporal information.Technical solution using the present invention, has the following advantages:Lock root key is generated using the elements dispersion such as system root key and electronic lock number, solves the problems, such as that existing all electronic lock root keys are identical;Lock root key is written using networking transport active information, solves region covering problem, reduces write device and lays cost and staff training cost;Electronic lock active information includes element of time, only cracks lock root key and cannot still be computed correctly unlocking cipher without the time, improves safety.

Description

The production method and related system of electronic lock active information, equipment and method for unlocking
Technical field
The present invention relates to security technology areas, more particularly, it is related to a kind of production method of electronic lock active information And related system, equipment and method for unlocking.
Background technology
Dynamic electronic cipher lock is to carry out key distribution, cryptographic calculations, cryptographic check using cryptography and information technology Novel lock, the tradition machinery coded lock of the current cash class self-service device (ATM) of can effectively replace.Electronic coding lock system is a kind of Control and supervise a whole set of ATM Password Management and the operation and maintenance tools of ATM lower box Safet puzzle locks switch flow.
The password of dynamic electronic cipher lock have change over time, expired invalid, the effective feature of single.Inner key cylinder piece has There is operation note to achieve function, historical operation record can be traced at any time.The unlocking cipher of electronic password lock is by cipher server meter It calculates and generates, by manually being inputted on electronic lock, finally verified by electronic lock.Electronic lock whether can correct check password, depend on Electronic lock whether with cipher server have same Information base --- lock root key.Lock root key is to calculate unlocking cipher One of important authority, another important authority are cryptographic calculations algorithms.The two, which lacks one, cannot calculate correctly to open Lock cipher.
Existing password can be used to gain knowledge with algorithm through one for currently marketed dynamic electronic cipher lock cipher computational algorithm It is transformed and obtains calmly.However, a part of electronic lock is collectively written into lock root key by Lock Factory quotient before manufacture, manufacturer had both grasped lock root Key grasps unlocking cipher computational algorithm again, and there are the risks that manufacturer unlocks.Potential more risk is the lock root of manufacturer's write-in There may be each for key all identical problem, causes an electronic lock to be broken and all locks the consequence being all broken afterwards.
Invention content
In view of the drawbacks described above of the prior art, embodiments of the present invention provide a kind of more safely and effectively electronic lock The production method and related system of active information, equipment and method for unlocking.
On the one hand, embodiments of the present invention provide a kind of production method of electronic lock active information, wherein the side Method includes:System root key is generated according to the system root key component that at least two different subjects are held;According to the system root The electronic lock of key and each electronic lock is numbered, and disperses the lock root key of each electronic lock via decentralized algorithm;According to described Root key, temporal information generation electronic lock active information are locked, the electronic lock active information contains temporal information.
On the other hand, embodiments of the present invention provide a kind of method for unlocking of electronic lock, wherein the method packet It includes:Cipher server uses the private of electronic lock manufacturer according to the interlock code of electronic lock active information, current time, Current electronic lock There is algorithm to calculate unlocking cipher, wherein the electronic lock active information contains temporal information, and calculated unlocking cipher is sent out Give person of unlocking;Receive the unlocking cipher of person of unlocking input, the electronic lock according in the unlocking cipher term of validity when Between sequence, the electronic lock storage electronic lock active information and lock combinations calculate the keying sequence in the term of validity, Determined whether to execute unlocking operation according to the unlocking cipher of input and the keying sequence.
In another aspect, embodiments of the present invention provide a kind of cipher server, wherein the cipher server packet It includes:
System root key generation module, the system root key component for being held according at least two different subjects generate system System root key;
Root key generation module is locked, for being numbered according to the electronic lock of the system root key and each electronic lock, via Decentralized algorithm disperses the lock root key of each electronic lock;
Active information generation module, it is described for generating electronic lock active information according to the lock root key, temporal information Electronic lock active information contains temporal information.
Another aspect, embodiments of the present invention provide a kind of electronic lock, wherein the electronic lock includes:
Active information receiving module, the electronic lock active information for receiving cipher server transmission, the electronic lock swash Information living contains temporal information;
Active module adds for activating itself according to the electronic lock active information and being written to electronic lock active information Close memory block;
Unlocking authentication module, for executing operations described below:The unlocking cipher for receiving person of unlocking's input, according to unlocking The electronic lock active information and lock combinations of time series, encryption memory block in cryptographic validity calculate in the term of validity Keying sequence, according to the unlocking cipher of input and the keying sequence determine whether execute unlocking operation.
In addition, embodiments of the present invention additionally provide a kind of electronic cipher with above-mentioned cipher server and electronic lock Lock system, wherein the cipher server and electronic lock pass through network connection.
Technical solution using the present invention, has the following advantages:
Lock root key is generated using the elements dispersion such as system root key and electronic lock number, solves existing all electronics Lock the identical problem of root key;
Lock root key is written using networking transport active information, solves region covering problem, reduces write device and lays into Sheet and staff training cost;
Electronic lock active information includes element of time, only crack lock root key and without the time still cannot be computed correctly unlock it is close Code, improves safety.
Description of the drawings
Fig. 1 is the flow chart for the production method for showing a kind of electronic lock active information according to embodiment of the present invention;
Fig. 2 is the flow chart for the method for unlocking for showing a kind of electronic lock according to embodiment of the present invention;
Fig. 3 is the block diagram for showing a kind of electronic coding lock system according to embodiment of the present invention;
Fig. 4 is the block diagram for showing the embodiment 1 according to the cipher server of embodiment of the present invention;
Fig. 5 is the block diagram for showing the embodiment 2 according to the cipher server of embodiment of the present invention;
Fig. 6 is the block diagram for showing the embodiment 3 according to the cipher server of embodiment of the present invention;
Fig. 7 is the block diagram for showing the embodiment 4 according to the cipher server of embodiment of the present invention;
Fig. 8 is the block diagram for showing a kind of electronic lock according to embodiment of the present invention;
Fig. 9 is to show that bank self-aid apparatus field will be applied to according to the electronic coding lock system of embodiment of the present invention System architecture diagram.
Specific implementation mode
The various aspects of technical solution, feature and advantage to facilitate the understanding of the present invention, below in conjunction with the accompanying drawings to this hair It is bright to be specifically described.It should be appreciated that following various embodiments are served only for for example, and is not intended to limit the present invention Protection domain.
With reference to figure 1, it illustrates the production methods according to a kind of electronic lock active information of embodiment of the present invention.At this In each embodiment of invention, the electronic lock active information can be generated by following processing, including but not limited to:
S110. the system root key held according at least two different subjects (for example, banking person and technical staff) Component generates system root key;The present invention is not limited the number of different subjects, can be the arbitrary of two or more Number.
S120. it is numbered according to the electronic lock of the system root key and each electronic lock, disperses respectively via decentralized algorithm The lock root key of a electronic lock;
S130. electronic lock active information is generated according to the lock root key, temporal information, the electronic lock active information contains Having time information.
According to embodiment of the present invention, lock root key is generated using the elements dispersion such as system root key and electronic lock number, Solve the problems, such as that existing all electronic lock root keys are identical;Electronic lock active information includes element of time, only cracks lock root Key and unlocking cipher cannot be still computed correctly without the time, improve safety.
In one embodiment of the invention, processing S110 may include:Obtain what at least two different subjects were held System root key component;At least two systems root key component progress string-concatenation is obtained into system root key.
Preferably, the decentralized algorithm is non-reversible algorithm, such as, but not limited to,:MD5 algorithms, SHA256 algorithms, Whirlpool algorithms, RIPEMD-160 algorithms etc..Wherein, MD5 algorithms, that is, 5 (information-of Message-DigestAlgorithm Digest algorithm 5), the hash algorithm that SHA256 algorithms, that is, cryptographic Hash size is 256, Whirlpool algorithms are one kind by Billy When people Paulo Barreto and Vincent Rijmen design one-way Hash algorithm, RIPEMD-160 algorithms i.e. 160 RACE raw integrity verification message digest algorithms.
In a preferred embodiment of the invention, processing S130 may include:By the lock root key, temporal information and random Number carries out string-concatenation and obtains electronic lock active information.It should be noted that this be for example, the present invention is not limited to This, processing S130 may include that root key, temporal information and the random number known in the art of capable of locking be worked into electronic lock and swash Information living is so that electronic lock active information includes any method of element of time, for example, it is also possible to use character transposition, BASE64 Other character treating methods such as coding.
In the other embodiment of the present invention, the electronic lock active information of the generation is transferred to phase after encryption The electronic lock answered is to activate the electronic lock.It is preferred that being encrypted using public private key pair and decrypting the electronic lock active information, thus solve Certainly lock the safety problem of root key synchronous transfer.
With reference to figure 2, it illustrates the method for unlocking according to a kind of electronic lock of embodiment of the present invention.Wherein, described to open Locking method may include:
S210. cipher server uses electronics according to the interlock code of electronic lock active information, current time, Current electronic lock The privately owned algorithm of Lock Factory quotient calculates unlocking cipher, wherein and the electronic lock active information contains temporal information,
S220. calculated unlocking cipher is sent to person of unlocking;
S230. the unlocking cipher of person of unlocking's input is received, the electronic lock is according in the unlocking cipher term of validity Time series, the electronic lock active information stored in the electronic lock and lock combinations calculate the cipher component in the term of validity Row,
S240. determined whether to execute unlocking operation according to the unlocking cipher of input and the keying sequence.
Determine whether to hold according to the unlocking cipher of input and the keying sequence in handling S240 as a kind of selection Row unlocking operation may include:Contain the unlocking cipher in the keying sequence, then executes unlocking operation;In the keying sequence There is no the unlocking cipher, then refuses unlocking operation.It will be appreciated by those skilled in the art that the invention is not limited thereto, can adopt Determine whether unlocking cipher is accurate and whether executes unlocking operation with other any cipher verification techniques known in the art.
According to embodiment of the present invention, electronic lock active information includes element of time, only crack lock root key and without the time It cannot be still computed correctly unlocking cipher, improve safety.
The various embodiments of the method for the present invention are illustrated above in association with attached drawing, it is right below in conjunction with the accompanying drawings The system and relevant device for executing above-mentioned processing illustrate.
With reference to figure 3, it illustrates a kind of electronic coding lock systems according to embodiment of the present invention.The electronic password lock System may include cipher server and electronic lock, wherein the cipher server passes through network connection with the electronic lock.On The processing or step for stating various different embodiments records can completely or partially take in the password of the electronic coding lock system It executes on business device or electronic lock, about this point, sees below.
With reference to figure 4, it illustrates the embodiments 1 according to the cipher server of embodiment of the present invention.In embodiment 1, The cipher server may include:
System root key generation module 410, the system root key component life for being held according at least two different subjects At system root key;
Root key generation module 420 is locked, for being numbered according to the electronic lock of the system root key and each electronic lock, warp Disperse the lock root key of each electronic lock by decentralized algorithm;
Active information generation module 430, for generating electronic lock active information according to the lock root key, temporal information, The electronic lock active information contains temporal information.
According to embodiment of the present invention, lock root key is generated using the elements dispersion such as system root key and electronic lock number, Solve the problems, such as that existing all electronic lock root keys are identical;Electronic lock active information includes element of time, only cracks lock root Key and unlocking cipher cannot be still computed correctly without the time, improve safety.
In another realization method of the present embodiment, the system root key generation module 410 according at least two not Generating system root key with the system root key component that main body is held may include:Obtain that at least two different subjects hold is System root key component, for example, the key components respectively held are poured into cipher server by banking person and technical staff respectively In;At least two systems root key component progress string-concatenation is obtained into system root key.
Alternatively, the decentralized algorithm is non-reversible algorithm, for example, MD5 algorithms, SHA256 algorithms, Whirlpool are calculated Method, RIPEMD-160 algorithms.
In another realization method of the present embodiment, the active information generation module 430 according to the lock root key, Temporal information generates electronic lock active information:The lock root key, temporal information and random number are subjected to character string Splicing obtains electronic lock active information.Certainly, it will be appreciated by those skilled in the art that be only here for example, the present invention not Be limited to this, active information generation module 430 can also use it is known in the art can will lock root key, temporal information and random Number is worked into electronic lock active information so that electronic lock active information includes any method of element of time.
With reference to figure 5, it illustrates the embodiments 2 according to the cipher server of embodiment of the present invention.In example 2, The cipher server may include:
System root key generation module 510, the system root key component life for being held according at least two different subjects At system root key;
Root key generation module 520 is locked, for being numbered according to the electronic lock of the system root key and each electronic lock, warp Disperse the lock root key of each electronic lock by decentralized algorithm;
Active information generation module 530, for generating electronic lock active information according to the lock root key, temporal information, The electronic lock active information contains temporal information;And
Active information transmission module 540, for the electronic lock active information of the generation to be transferred to phase after encryption The electronic lock answered is to activate the electronic lock.
It in embodiment, can be with any encrypted transmission technology known in the art, it is preferred to use public private key pair encryption reconciliation Thus the close electronic lock active information solves the safety problem of lock root key synchronous transfer.
With reference to figure 6, it illustrates the embodiments 3 according to the cipher server of embodiment of the present invention.In embodiment 3, The cipher server may include:
System root key generation module 610, the system root key component life for being held according at least two different subjects At system root key;
Root key generation module 620 is locked, for being numbered according to the electronic lock of the system root key and each electronic lock, warp Disperse the lock root key of each electronic lock by decentralized algorithm;
Active information generation module 630, for generating electronic lock active information according to the lock root key, temporal information, The electronic lock active information contains temporal information;
Unlocking cipher generation module 640, for being locked according to the electronic lock active information, current time, Current electronic Interlock code calculates unlocking cipher using the privately owned algorithm of electronic lock manufacturer;And
Password transmission module 650, for calculated unlocking cipher to be sent to person of unlocking.
Through this embodiment, unlocking cipher is calculated by cipher server and is generated, and the password unlocked each time is different from, into One step improves the safety of electronic coding lock system.
With reference to figure 7, it illustrates the implementations 4 according to the cipher server of embodiment of the present invention.In example 4, institute Stating cipher server may include:
System root key generation module 710, the system root key component life for being held according at least two different subjects At system root key;
Root key generation module 720 is locked, for being numbered according to the electronic lock of the system root key and each electronic lock, warp Disperse the lock root key of each electronic lock by decentralized algorithm;
Active information generation module 730, for generating electronic lock active information according to the lock root key, temporal information, The electronic lock active information contains temporal information;
Active information transmission module 740, for the electronic lock active information of the generation to be transferred to phase after encryption The electronic lock answered is to activate the electronic lock;
Unlocking cipher generation module 750, for being locked according to the electronic lock active information, current time, Current electronic Interlock code calculates unlocking cipher using the privately owned algorithm of electronic lock manufacturer;And
Password transmission module 760, for calculated unlocking cipher to be sent to person of unlocking.
In the present embodiment, cipher server has the repertoire for implementing 2 and embodiment 3 simultaneously, not only realizes activation The safe transmission of information, but also the calculating of unlocking cipher is realized to improve the safety of electronic lock.
It should be noted that above is only that the cipher server of embodiment of the present invention is illustrated, this hair It is bright without being limited thereto.Under the premise of not departing from spirit of the invention, can to the present invention various embodiments or embodiment into Row changes or combination, thus obtains new embodiment or embodiment equally falls into protection scope of the present invention.For example, activation letter Breath transmission and password transmission be not it is inevitable realized by two independent modules, such as:Above-mentioned active information transmission module 740 and close Code transmission module 760, can also be realized by the same module.
With reference to figure 8, it illustrates a kind of electronic locks according to embodiment of the present invention.In the various embodiments of the present invention In electronic coding lock system, electronic lock can include but is not limited to:Active information receiving module 810, is unlocked at active module 820 Authentication module 830.Specifically, active information receiving module 810 is used to receive the electronic lock activation letter of cipher server transmission Breath, the electronic lock active information contain temporal information, if the electronic lock active information that cipher server is sent is encrypted, Active information receiving module 810 is additionally operable to that encrypted electronic lock active information is decrypted;Active module 820 is used for according to institute Electronic lock active information is stated to activate itself and electronic lock active information is written to encryption memory block;Unlocking authentication module 830 is used In execution operations described below:The unlocking cipher for receiving person of unlocking input, according in the unlocking cipher term of validity time series, The electronic lock active information and lock combinations for encrypting memory block calculate the keying sequence in the term of validity, according to opening for input Lock cipher and the keying sequence determine whether to execute unlocking operation.
According to embodiment of the present invention, electronic lock active information includes element of time, only crack lock root key and without the time It cannot be still computed correctly unlocking cipher, improve safety.
Optionally, the unlocking authentication module 830 determines whether to hold according to the unlocking cipher and the keying sequence of input Row unlocking operation may include:Contain the unlocking cipher in the keying sequence, then executes unlocking operation;The keying sequence In there is no the unlocking cipher, then refuse unlocking operation.Certainly, it will be appreciated by those skilled in the art that the invention is not limited thereto, Other any cipher verification techniques known in the art may be used to determine whether unlocking cipher is accurate and whether executes out Lock operation.
It should be noted that it will be appreciated by those skilled in the art that processing described in above-mentioned various method embodiments and The function of each module of above system can be executed by an equipment or two equipment, can also be by an equipment or two equipment realities The processing of existing function or execution, which is distributed in other equipment, to be executed, and the embodiment thus constituted is equally for the present invention Objective illustrate, and fall within the scope of the present invention.Below to be carried using the present invention in bank self-aid apparatus field For the electronic coding lock system gone out, to various aspects of the present invention, feature and advantage illustrate.
With reference to figure 9, it illustrates use the total of electronic coding lock system proposed by the present invention in bank self-aid apparatus field Body Organization Chart.
1. system architecture describes
As can be seen from FIG. 9, system architecture according to the present embodiment may include cipher server, ATMVH, ATM and electronics Lock.Wherein, ATM, that is, cash class self-service device, including cash dispenser, deposit machine, circulator, cash recycling system.In self-service device On be provided with safety cabinet for placing cash box, internal preset cash is withdrawn the money for holder.Electronic lock is a kind of close by dynamic Code input comes control circuit or chip operation, to control the closure of safety cabinet mechanical switch, completes to unlock, is latched task Electronic product.ATMVH, that is, ATM monitoring systems, are used for:The real-time deal of monitoring ATM, equipment state, failure monitoring;Software is provided The remote control functions such as update, day-to-day drawing;And provide necessary electronic lock monitoring, electronics lock management, personnel and rights management Etc. functions.Wherein, cipher server passes through the internet and ATMVH TCP/IP (transmission control protocol/Internet Protocol) i.e. Communication, ATMVH are communicated by producing network (bank has network by oneself) with ATM, and ATM passes through USB (universal serial bus) and electronics Lock connection, the information such as lock root key that cipher server generates as a result, can be by network security transmission to electronic lock, and does not have to For to each electronic lock human configuration, human cost is greatly improved work efficiency and reduced.
Each section of system architecture is specifically described below.
Electronic lock
Unlocking cipher is verified
Activate electronic lock function
Cryptographic authorization functions
Information authentication function
It is sent in lock open and close and other states
Lock is opened, locks and sent in off status
Password attempt number is excessive, high temperature, shakes and is sent in the states such as alarm
Electronics lock status controls
It is interacted with ATMC
Offline, power down abnormal conditions are handled
ATMC (ATM control systems)
Lock activation, lock are opened flow and are supported
Electronic lock activation process is supported
Unlocking flow is supported
Electronics lock status is received and dispatched and early warning
The states such as switch, the uncaging time time-out of door lock are received and dispatched
Electronics lock management
Electronic lock parameter is set
Periodically extraction lock usage log
ATMVH
Lock activation, lock are opened flow and are supported
Electronic lock activation process is supported
Unlocking flow is supported
Monitoring management
Electronic lock user and authority management module
Clear adds paper money plan, circuit to formulate module
The monitoring of electronic lock service condition, warning module
Electronic lock uses Reports module
Cipher server management
Password generates key, communication key perfusion
Cipher server extracts usage log
Cipher server
Disperse every active information electronic lock
Root key is generated according to password and electronic lock ID disperses every active information electronic lock
The active information of electronic lock is encrypted to each using the public key of electronic lock
Unlocking cipher is generated according to password forming element
Verify the signature of electronic lock
Generate unlocking cipher
Log recording
Record log
2. the password of electronic lock activation generates key
The activation of cipher server
Cipher server before use, need to (be the generation root key that banking personnel and technical staff hold respectively System root key:RootKey two sections of components Rs ootKeyA, RootKeyB) pour into cipher server.Each electronic lock manufacturer is close The root key that code server is poured into is different.
RootKey=RootKeyA | | RootKeyB
" | | " it is string-concatenation, similarly hereinafter.
Cipher server before use, cipher server communication key (CommKey) need to be circulated into cipher server, This key calculates the unlocking cipher generated for Crypted password server.Encryption Algorithm uses DES (data encryption standards), AES Symmetric encipherment algorithms such as (Advanced Encryption Standards).The each not phase of the communication key that the cipher server of each electronic lock manufacturer is poured into Together, the risk of producer's crosstalk is effectively taken precautions against.
The generation of electronic lock active information
I. electronic lock active information (AI) is calculated by cipher server and is generated, and steps are as follows:
First, one components R ootKeyA of system root key and two components R ootKeyB of system root key are carried out character string spelling It connects to obtain system root key RootKey.Thereafter, system root key RootKey and electronic lock are numbered (ID), is dispersed through algorithm (dis) disperse (for example, by using n times hash algorithm MD5, SHA256, Whirlpool, RIPEMD-160 etc.) each electronic lock Active information, that is, lock root key (LKEY):
LKEY=dis (RootKeyA | | RootKeyB, ID)
Decentralized algorithm should be non-reversible algorithm, and algorithm should be ensured that LKEY should be fifty-fifty distributed to dispersion as far as possible In aiming field.The identical hardly possible appearance of problem of lock root key as a result, also prevents the root key by breaking through a lock The risk of reverse calculation system root key.
Ii. the time is set as TIME, and time change algorithm is tts, and the random number that cipher server generates is RAN.LKEY, Timestamp tts (TIME), random number RA N carry out string-concatenation and obtain AI, then cipher server generates one and swashs at the moment Information AI living:
AI=LKEY | | tts (TIME) | | RAN
Iii. electronic lock active information AI is as a result,:
AI=dis (RootKeyA | | RootKeyB, ID) | | tts (TIME) | | RAN
Can be seen that electronic lock active information AI from formula above includes element of time, only crack lock root key LKEY or Disperse lock root key by system root key RootKey and electronic lock number, but without element of time, cannot still calculate correct Unlocking cipher.This improves the safeties of system.
Iv. the electronic lock active information of transmission is set as AIT, and Encryption Algorithm enc, asymmetric encryption public key is LPUK, then AIT:Electronic lock active information AI is obtained by electronic lock public key for the rivest, shamir, adelman encryption of LPUK.
AIT=enc (AI, LPUK)
ATMVH and ATMC are penetrated by bank's Intranet by encrypted lock active information AIT, are transferred to electronic lock.It should Asymmetric encryption solves the safety problem of lock active information transmission.
The decryption and use of electronic lock active information
After electronic lock receives AIT, AI, decipherment algorithm are obtained using private key (LPRK) the decryption AIT of rivest, shamir, adelman For dec:
AI=dec (AIT, LPRK)
Electronic lock activates itself using AI, and AI is written in encryption memory block.After electronic lock activation, all unlockings Password is both needed to participate in calculating using AI as key element.
The decryption and use of electronic lock active information when activating again
When electronic lock will activate again, TIME and RAN in AI change, and LKEY still keeps original state, if new Active information is AI ':
AI '=LKEY | | tts (TIME ') | | RAN '
Electronic lock receives AI ', splits out its LKEY and is verified.Electronic lock swashs again if being not change if LKEY It is living, active information is re-write to encryption memory block.If LKEY changes, illustrate that the AI ' is the active information forged, being can not Letter, then electronic lock does not reactivate, and does not re-write active information to encryption memory block.
It only needs to activate once generally in the life cycle of electronic lock, the scene activated again has:Doubtful mistake is locked in activation When losing, when telephone-moving.
Active information is calculating use when starting password
The calculation of unlocking cipher Psw:
Psw=function (AI | | ShutCode | | Date&Time)
Wherein, function (function) is the privately owned algorithm of each electronic lock manufacturer, each element:The activation of AI --- lock is believed Breath;ShutCode --- locking code-locked is locked after the completion of unlocking, the set of number code that lock tongue generates during packing up; Date&Time --- date and time is used for the available time of limit for cryptographic.
It is described below during unlocking, the use example of active information AI:
Cipher server is according to the formula for calculating unlocking cipher, the locking that current time Date&Time, Current electronic are locked Code ShutCode is added in calculating, and unlocking cipher (PswTry) is calculated:
PswTry=function (AI | | ShutCode | | Date&Time)
When unlocking person receives the password, and when locking input PswTry, electronic lock has password also according to the formula The keying sequence in a series of term of validity is calculated in Date&Time time serieses in the effect phase with AI, ShutCode respectively PswSerial.In the presence of PswTry is in PswSerial this sequence, then it is assumed that unlocking cipher is correct, locks normal open.
In conclusion according to various embodiments of the present invention, having the advantages that:
1. the root key of all electronic locks is generated using the elements dispersion such as electronic lock system root key and lock number, institute is solved The problem for having electronic lock root key identical.
2. using networking transport write-in lock root key (electronic lock active information), region covering problem is solved, reduces write-in Equipment lays cost and staff training cost.
3. locking root key using public private key pair encryption and decryption, the safety problem of lock root key synchronous transfer is solved.
Root key verification scheme is locked when 4. re-writing lock root key, effectively takes precautions against the problem of forging lock root key.
4. root key includes element of time, only cracks lock root key and still cannot correctly calculate unlocking cipher without the time.
A variety of different embodiments of the present invention described in detail above, the description present invention is real in another form below Other aspects or feature of the technical solution of mode are applied, and are not limited to a series of following paragraphs, for the sake of clear and be effective, The some or all of paragraphs in these paragraphs can be given to specify alphanumeric.Each section in these paragraphs can be with any suitable The content group that other paragraphs of mode and one or more than one combine.The item of the example of some in not limiting suitable combination Under part, some paragraphs hereinafter especially quote other paragraphs and further limit other paragraphs.
A1. a kind of production method of electronic lock active information may include:It is according to what at least two different subjects were held Root key component of uniting generates system root key;According to the electronic lock of the system root key and each electronic lock number, via point Scattered algorithm disperses the lock root key of each electronic lock;Electronic lock active information is generated according to the lock root key, temporal information, The electronic lock active information contains temporal information.
A2. the method according to paragraph A1, wherein the key components life held according at least two different subjects May include at system root key:Obtain the system root key component that at least two different subjects are held;By described at least two System root key component carries out string-concatenation and obtains system root key.
A3. the method according to paragraph A1 or A2, wherein the decentralized algorithm is non-reversible algorithm.
A4. the method according to paragraph A3, wherein the decentralized algorithm may include MD5 algorithms, SHA256 algorithms, Whirlpool algorithms, RIPEMD-160 algorithms etc..
A5. the method according to paragraph A1 or A4, wherein electronic lock is generated according to the lock root key, temporal information Active information may include:The lock root key, temporal information and random number progress string-concatenation are obtained into electronic lock activation Information.
A6. the method according to one of paragraph A1~A5, may also include:By the electronic lock active information of the generation Corresponding electronic lock is transferred to after encryption to activate the electronic lock.
B1. a kind of method for unlocking of electronic lock may include:Cipher server according to electronic lock active information, it is current when Between, Current electronic lock interlock code calculate unlocking cipher using the privately owned algorithm of electronic lock manufacturer, wherein the electronic lock swash Information living contains temporal information, and calculated unlocking cipher is sent to person of unlocking;Receive the unlocking of person of unlocking's input Password, the electronic lock according in the unlocking cipher term of validity time series, the electronic lock store electronic lock active information The keying sequence in the term of validity is calculated with lock combinations, is according to the unlocking cipher of input and keying sequence determination No execution unlocking operation.
B2. the method according to paragraph B1, wherein determined whether according to the unlocking cipher of input and the keying sequence Executing unlocking operation may include:Contain the unlocking cipher in the keying sequence, then executes unlocking operation;The cipher component There is no the unlocking cipher in row, then refuses unlocking operation.
C1. a kind of cipher server may include:System root key generation module, for according at least two different subjects The system root key component held generates system root key;Lock root key generation module, for according to the system root key and The electronic lock of each electronic lock is numbered, and disperses the lock root key of each electronic lock via decentralized algorithm;Active information generates mould Block, for generating electronic lock active information according to the lock root key, temporal information, the electronic lock active information contains having time Information.
C2. the cipher server according to paragraph C1, wherein the system root key generation module is according at least two The system root key component that different subjects are held generates system root key:Obtain what at least two different subjects were held System root key component;At least two systems root key component progress string-concatenation is obtained into system root key.
C3. the cipher server according to paragraph C1 or C2, wherein the decentralized algorithm is non-reversible algorithm.
C4. the cipher server according to paragraph C3, wherein the decentralized algorithm may include MD5 algorithms, SHA256 Algorithm, Whirlpool algorithms, RIPEMD-160 algorithms etc..
C5. the cipher server according to paragraph C1 to C4 any one, wherein active information generation module is according to institute State lock root key, temporal information generates electronic lock active information and may include:By the lock root key, temporal information and random number It carries out string-concatenation and obtains electronic lock active information.
C6. the cipher server according to paragraph C1 can also include:Active information transmission module is used for institute The electronic lock active information for stating generation is transferred to corresponding electronic lock to activate the electronic lock after encryption.
C7. the cipher server according to one of C1~C6, can further include:Unlocking cipher generation module, For using the privately owned calculation of electronic lock manufacturer according to the interlock code of the electronic lock active information, current time, Current electronic lock Method calculates unlocking cipher;Password transmission module, for calculated unlocking cipher to be sent to person of unlocking.
D1. a kind of electronic lock may include:Active information receiving module, the electricity for receiving cipher server transmission Son lock active information, the electronic lock active information contain temporal information;Active module is believed for being activated according to the electronic lock Electronic lock active information is simultaneously written to encryption memory block by breath activation itself;Unlocking authentication module, for executing operations described below:It connects The unlocking cipher for receiving person of unlocking's input, according to the electronics of time series, encryption memory block in the unlocking cipher term of validity Lock active information and lock combinations calculate the keying sequence in the term of validity, according to the unlocking cipher of input and the password Sequence determines whether to execute unlocking operation.
D2. the electronic lock according to paragraph D1, wherein unlocking cipher and institute of the unlocking authentication module according to input It states keying sequence and determines whether that executing unlocking operation includes:Contain the unlocking cipher in the keying sequence, then executes unlocking Operation;There is no the unlocking cipher in the keying sequence, then refuses unlocking operation.
E1. a kind of electronic coding lock system may include:Cipher server described in paragraph C1 to C7 any one and section Fall the electronic lock described in D1 or D2, wherein the cipher server passes through network connection with the electronic lock.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can be by The mode of software combination hardware platform is realized.Based on this understanding, technical scheme of the present invention makes tribute to background technology That offers can be expressed in the form of software products in whole or in part, which can be stored in storage and be situated between In matter, such as ROM/RAM, magnetic disc, CD, including some instructions use is so that a computer equipment (can be individual calculus Machine, server either network equipment etc.) execute method described in certain parts of each embodiment of the present invention or embodiment.
Skilled person should be appreciated that disclosed above is only embodiments of the present invention, certainly cannot be with This limits the interest field of the present invention, according to equivalent variations made by embodiment of the present invention, still belongs to the claims in the present invention institute The range covered.

Claims (18)

1. a kind of production method of electronic lock active information, which is characterized in that the method includes:
System root key is generated according to the system root key component that at least two different subjects are held;
It is numbered according to the electronic lock of the system root key and each electronic lock, disperses each electronic lock via decentralized algorithm Lock root key;
Electronic lock active information is generated according to the lock root key, temporal information, the electronic lock active information is believed containing having time Breath.
2. according to the method described in claim 1, it is characterized in that, the key held according at least two different subjects point Measuring generation system root key includes:
Obtain the system root key component that at least two different subjects are held;
At least two systems root key component progress string-concatenation is obtained into system root key.
3. method according to claim 1 or 2, which is characterized in that the decentralized algorithm is non-reversible algorithm.
4. according to the method described in claim 3, it is characterized in that, the decentralized algorithm include MD5 algorithms, SHA256 algorithms, Whirlpool algorithms, RIPEMD-160 algorithms.
5. method according to claim 1 or 4, which is characterized in that generate electronics according to the lock root key, temporal information Active information is locked, including:
The lock root key, temporal information and random number progress string-concatenation are obtained into electronic lock active information.
6. according to the method described in claim 1, it is characterized in that, further including:
The electronic lock active information of the generation is transferred to corresponding electronic lock to activate the electronic lock after encryption.
7. a kind of method for unlocking of electronic lock, which is characterized in that the method includes:
Electronic lock active information, current time, Current electronic lock of the cipher server according to any one of claim 1-6 Interlock code calculate unlocking cipher using the privately owned algorithm of electronic lock manufacturer, wherein the electronic lock active information is containing sometimes Between information,
Calculated unlocking cipher is sent to person of unlocking;
Receive the unlocking cipher of person of unlocking input, the electronic lock according in the unlocking cipher term of validity time series, The keying sequence in the term of validity is calculated in the electronic lock active information and lock combinations of electronic lock storage,
Determined whether to execute unlocking operation according to the unlocking cipher of input and the keying sequence.
8. the method according to the description of claim 7 is characterized in that being determined according to the unlocking cipher of input and the keying sequence Whether executing unlocking operation includes:
Contain the unlocking cipher in the keying sequence, then executes unlocking operation;
There is no the unlocking cipher in the keying sequence, then refuses unlocking operation.
9. a kind of cipher server, which is characterized in that the cipher server includes:
System root key generation module, the system root key component for being held according at least two different subjects generate system root Key;
Root key generation module is locked, for being numbered according to the electronic lock of the system root key and each electronic lock, via dispersion Algorithm disperses the lock root key of each electronic lock;
Active information generation module, for generating electronic lock active information, the electronics according to the lock root key, temporal information Lock active information contains temporal information.
10. cipher server according to claim 9, which is characterized in that the system root key generation module is according to extremely The system root key component that few two different subjects are held generates system root key:
Obtain the system root key component that at least two different subjects are held;
At least two systems root key component progress string-concatenation is obtained into system root key.
11. cipher server according to claim 9 or 10, which is characterized in that the decentralized algorithm is non-reversible algorithm.
12. cipher server according to claim 11, which is characterized in that the decentralized algorithm include MD5 algorithms, SHA256 algorithms, Whirlpool algorithms, RIPEMD-160 algorithms.
13. the cipher server according to claim 9 or 12, which is characterized in that active information generation module is according to Lock root key, temporal information generate electronic lock active information and include:
The lock root key, temporal information and random number progress string-concatenation are obtained into electronic lock active information.
14. cipher server according to claim 9, which is characterized in that further include:
Active information transmission module, for the electronic lock active information of the generation to be transferred to corresponding electronics after encryption Lock is to activate the electronic lock.
15. the cipher server according to claim 9 or 14, which is characterized in that further include:
Unlocking cipher generation module, for being made according to the interlock code of the electronic lock active information, current time, Current electronic lock Unlocking cipher is calculated with the privately owned algorithm of electronics Lock Factory quotient;
Password transmission module, for calculated unlocking cipher to be sent to person of unlocking.
16. a kind of electronic lock, which is characterized in that including:
Active information receiving module, the electronic lock sent for receiving the cipher server described in any one of claim 9-15 Active information, the electronic lock active information contain temporal information;
Active module is deposited for activating itself according to the electronic lock active information and electronic lock active information being written to encryption Storage area;
Unlocking authentication module, for executing operations described below:The unlocking cipher for receiving person of unlocking's input, according to unlocking cipher The electronic lock active information and lock combinations of time series, encryption memory block in the term of validity calculate close in the term of validity Code sequence determines whether to execute unlocking operation according to the unlocking cipher of input and the keying sequence.
17. electronic lock according to claim 16, which is characterized in that the unlocking authentication module is close according to the unlocking of input Code and the keying sequence determine whether that executing unlocking operation includes:
Contain the unlocking cipher in the keying sequence, then executes unlocking operation;
There is no the unlocking cipher in the keying sequence, then refuses unlocking operation.
18. a kind of electronic coding lock system, which is characterized in that the system comprises:Described in claim 9 to 15 any one Electronic lock described in cipher server and claim 16 or 17, wherein the cipher server passes through net with the electronic lock Network connects.
CN201511021439.3A 2015-12-31 2015-12-31 The production method and related system of electronic lock active information, equipment and method for unlocking Active CN105471903B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511021439.3A CN105471903B (en) 2015-12-31 2015-12-31 The production method and related system of electronic lock active information, equipment and method for unlocking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511021439.3A CN105471903B (en) 2015-12-31 2015-12-31 The production method and related system of electronic lock active information, equipment and method for unlocking

Publications (2)

Publication Number Publication Date
CN105471903A CN105471903A (en) 2016-04-06
CN105471903B true CN105471903B (en) 2018-11-02

Family

ID=55609173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511021439.3A Active CN105471903B (en) 2015-12-31 2015-12-31 The production method and related system of electronic lock active information, equipment and method for unlocking

Country Status (1)

Country Link
CN (1) CN105471903B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106131179A (en) * 2016-07-05 2016-11-16 林哲敏 The password Rights Management System of a kind of intelligent door lock and method
CN106211048A (en) * 2016-08-31 2016-12-07 重庆智城互盈科技发展有限公司 The password unlocking method of smart lock, Apparatus and system
CN106780880B (en) * 2016-12-12 2019-04-12 国网北京市电力公司 Method for generating cipher code, device and smart lock
CN106953732B (en) * 2017-03-10 2020-02-07 南方城墙信息安全科技有限公司 Key management system and method for chip card
CN106992850B (en) * 2017-03-16 2019-10-08 武汉世纪金桥安全技术有限公司 A kind of secret key verification method of blue-tooth intelligence lock controller
CN107135229A (en) * 2017-06-02 2017-09-05 云丁网络技术(北京)有限公司 Intelligent home information safe verification method, device, equipment and system
CN108320356B (en) * 2018-02-02 2021-07-23 陈旭 Lock control method, device and system
CN108999489A (en) * 2018-06-26 2018-12-14 月神科技(北京)有限公司 A kind of control electronic lock access right and the business method using payment
CN109741500B (en) * 2018-12-29 2022-05-10 北京方正数码有限公司 Temporary password setting and verification method for intelligent lock
CN109787749B (en) * 2019-01-07 2022-05-10 中国电子科技集团公司第七研究所 Door lock password generation method based on DES algorithm and password management method thereof
CN113470224A (en) * 2021-06-16 2021-10-01 支付宝(杭州)信息技术有限公司 Unlocking method and system
CN114401426B (en) * 2021-12-31 2023-05-05 珠海迈科智能科技股份有限公司 Dynamic key generation method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101444036A (en) * 2006-05-11 2009-05-27 萨基姆玛尼特公司 Terminal activation method
CN102750785A (en) * 2012-06-19 2012-10-24 中国工商银行股份有限公司 ATM (Automatic Teller Machine) and security authentication system of ATM
CN103731272A (en) * 2014-01-06 2014-04-16 飞天诚信科技股份有限公司 Identity authentication method, system and equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012014231A1 (en) * 2010-07-29 2012-02-02 Nirmal Juthani System and method for generating a strong multi factor personalized server key from a simple user password

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101444036A (en) * 2006-05-11 2009-05-27 萨基姆玛尼特公司 Terminal activation method
CN102750785A (en) * 2012-06-19 2012-10-24 中国工商银行股份有限公司 ATM (Automatic Teller Machine) and security authentication system of ATM
CN103731272A (en) * 2014-01-06 2014-04-16 飞天诚信科技股份有限公司 Identity authentication method, system and equipment

Also Published As

Publication number Publication date
CN105471903A (en) 2016-04-06

Similar Documents

Publication Publication Date Title
CN105471903B (en) The production method and related system of electronic lock active information, equipment and method for unlocking
CN102077545B (en) Personal security manager for ubiquitous patient monitoring
CN107579817A (en) User ID authentication method, apparatus and system based on block chain
CN102036231B (en) Network architecture security system for Internet of Things and security method thereof
CN107528688A (en) A kind of keeping of block chain key and restoration methods, device based on encryption commission technology
CN101945114B (en) Identity authentication method based on fuzzy vault and digital certificate
CN104464048B (en) A kind of electronic password lock method for unlocking and device
CN102509034B (en) Software license control method of software license control device
CN110519046A (en) Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD
CN110460438A (en) The lightweight means of communication with privacy of user defencive function
CN109981290A (en) The communication system and method close based on no certificate label under a kind of intelligent medical environment
CN106789029A (en) A kind of auditing system and auditing method and quantum fort machine system based on quantum fort machine
Xu et al. A secure mutual authentication scheme of blockchain-based in WBANs
CN110310406A (en) Unlocking method of intelligent door lock and intelligent door lock
CN110505055A (en) Based on unsymmetrical key pond to and key card outer net access identity authentication method and system
CN110163995A (en) Remote control electric lock system and its encipher-decipher method
CN110322600A (en) The control method and electronic lock of electronic lock
CN1953366B (en) Password management method and system for intelligent secret key device
CN110519040A (en) The anti-quantum calculation digital signature method and system of identity-based
CN110519222A (en) Outer net access identity authentication method and system based on disposable asymmetric key pair and key card
CN112530053B (en) Control method and system of intelligent lock, lock equipment, server and storage medium
CN101496021A (en) Method for generating access data for a medical device
CN110138792A (en) A kind of public health geodata goes privacy processing method and system
CN116318901A (en) Privacy and verifiable internet of things data aggregation method integrating blockchain
CN115118751A (en) Block chain-based supervision system, method, equipment and medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant