CN105635089A - Authentication method, unlocking method and unlocking system for dynamic password lock - Google Patents
Authentication method, unlocking method and unlocking system for dynamic password lock Download PDFInfo
- Publication number
- CN105635089A CN105635089A CN201410714971.2A CN201410714971A CN105635089A CN 105635089 A CN105635089 A CN 105635089A CN 201410714971 A CN201410714971 A CN 201410714971A CN 105635089 A CN105635089 A CN 105635089A
- Authority
- CN
- China
- Prior art keywords
- lock
- dynamic puzzle
- key
- dynamic
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides an authentication method, an unlocking method and an unlocking system for a dynamic password lock. The authentication method comprises the following steps: setting a third algorithm corresponding to a first algorithm and a fourth algorithm according to a second algorithm in a hand-held terminal for unlocking the dynamic password lock; generating a first authentication sequence on the hand-held terminal side by use of a first key number set through the third algorithm, and generating a second authentication sequence through a second key number set received from the dynamic password lock through the fourth algorithm; generating a fourth authentication sequence on the dynamic password lock side through the second key number set of the current side through the second algorithm, and generating a third authentication sequence through a first key number set received from the dynamic password lock through the first algorithm; and carrying out corresponding steps, and determining that the authentication is passed in the case that the first and the third authentication sequences are correspondent and the second and the fourth authentication sequences are correspondent. By adopting the authentication method provided by the invention, the security performance of the dynamic password lock can be improved.
Description
Technical field
The present invention relates to a kind of security and guard technology, particularly relate to the open method of a kind of lockset, specifically a kind of method for unlocking based on hand-held terminal device.
Background technology
At present, national treasury, armament depot, ATM, safety cabinet, condom, classified document cabinet etc. are all the equipment that security requirement is very high, are emphasis security protection parts. As such security protection measure it is important that door lock. Existing door lock is generally coded lock, generally there are GPRS password and can open cabinet door. The leakage of password is easy to cause serious robber to rob accident.
Summary of the invention
Problem to be solved by this invention is existing dynamic puzzle-lock poor safety performance, hold password people be easy to reveal password cause illegally unlatching cabinet door so that potential safety hazard increase, it is provided that the method for authenticating of a kind of dynamic puzzle-lock, method for unlocking and unlocking system.
In order to solve the problems referred to above, the present invention provides the method for authenticating of a kind of dynamic puzzle-lock, is preset with the first algorithm and the second algorithm in this dynamic puzzle-lock, and method includes:
The handheld terminal that dynamic puzzle-lock is unblanked arranges the third algorithm corresponding with the first algorithm and fourth algorithm corresponding with the second algorithm;
In handheld terminal side, it utilizes the first crucial manifold of this side to generate the first authentication sequence by third algorithm, and utilizes the be received from dynamic puzzle-lock second crucial manifold to generate the second authentication sequence by the 4th algorithm;
In dynamic puzzle-lock side, it utilizes the second crucial manifold of this side to generate the 4th authentication sequence by the second algorithm, and utilizes the be received from handheld terminal first crucial manifold to generate the 3rd authentication sequence by the first algorithm;
Carry out corresponding step, corresponding with the 3rd authentication sequence in the first authentication sequence, and when the second authentication sequence is corresponding with the 4th authentication sequence, authentication is passed through.
As preferably, the information in the first crucial manifold includes facility information and the KI of handheld terminal.
As preferably, the facility information of the information dynamic puzzle-lock in the second crucial manifold and the first random number of dynamic puzzle-lock stochastic generation.
As preferably, the first algorithm and the second algorithm are at least one of respectively:
3DES��DES��SM1��SM2��SM4��SHA��AES��
The present invention also provides for the method for unlocking of a kind of dynamic puzzle-lock, and this dynamic puzzle-lock is for equipment, and this equipment has it is carried out uniquely identified facility information, and based on above-mentioned method for authenticating, method for unlocking includes:
Step S1, pre-typing log-on message and the facility information of equipment, the facility information of dynamic puzzle-lock, KI, dynamic puzzle-lock key in the server, and the login mode of the handheld terminal specified is set according to log-on message, and log-on message, KI, dynamic puzzle-lock key are sent to handheld terminal;
Step S3, logs in handheld terminal according to login mode, and activating after login that dynamic puzzle-lock is at can unlocking condition;
Step S5, log-on message and dynamic puzzle-lock key are sent to dynamic puzzle-lock by handheld terminal;
Step S7, dynamic puzzle-lock generates the first dynamic password according to dynamic puzzle-lock key by the 5th algorithm, and sends log-on message and the facility information of equipment that prestores to server;
Step S9, server is by the facility information of the log-on message received and equipment, the facility information of the log-on message pre-recorded with server internal respectively and equipment carries out consistency checking, when consistent, generate the second dynamic password according to dynamic puzzle-lock key by the 6th algorithm corresponding with the 5th algorithm, and this second dynamic password is sent to dynamic puzzle-lock;
Step S11, when the first dynamic password and the second dynamic password are consistent, authenticated by above-mentioned method for authenticating based on the facility information of dynamic puzzle-lock and KI between dynamic puzzle-lock and handheld terminal, when authentication by, dynamic puzzle-lock realize unblank.
As preferably, step S1 also includes: pre-record into master key in the server, and master key is sent to handheld terminal by server;
Then step S5 also includes: master key is sent to dynamic puzzle-lock by handheld terminal;
Hereafter, the information between dynamic puzzle-lock and handheld terminal is based on master key alternately and is encrypted transmission.
As preferably, farther including step 4 after step s 3, dynamic password is locked in after being activated, and generates working key;
Hereafter, the information between dynamic puzzle-lock and server is based on working key alternately and is encrypted transmission.
As preferably, log-on message includes the code of unlocking staff and the identification information thereof specified, and identification information includes password authentification, fingerprint authentication and/or information button checking.
As preferably, the information between dynamic puzzle-lock and server carries out each through industrial computer alternately.
As preferably, above-mentioned method for unlocking also includes:
After handheld terminal receives log-on message, KI and dynamic puzzle-lock key, if be not logged in first scheduled time, then carry out self-locking; From being certainly locked in during second scheduled time, handheld terminal is used to cannot be carried out logging in.
As preferably, the generation method of master key and dynamic puzzle-lock key comprises the following steps:
Step S01: password generates main frame based on its facility information and the second random number, and the facility information generating main frame with password generates master key for key by the 7th algorithm;
Step S02: password generates main frame based on its facility information and the 3rd random number, generates KI for key by the 8th algorithm with master key, and master key and KI are loaded into key evaluator;
Step S05: key evaluator, based on its facility information, current time and the 4th random number, generates dynamic puzzle-lock key for key by the 9th algorithm with master key.
As preferably, also including between step S02 and step S05:
Step S03: password generates main frame and master key and KI are respectively partially loaded into the first read-write card and the second read-write card so that be provided simultaneously with the first read-write card and the second read-write card could obtain master key and KI;
Step S04: by making master key and KI be loaded into key evaluator in key evaluator brush the first read-write card and the second read-write card.
As preferably, also including after step S05:
Step S06: dynamic puzzle-lock key is loaded into third reading and writes card and the 4th read-write card by key evaluator so that be provided simultaneously with third reading and write card and the 4th read-write card could obtain dynamic puzzle-lock key;
Step S07: write card and the 4th read-write card by master key, KI and dynamic puzzle-lock key typing server by the first read-write card, the second read-write card, third reading.
As preferably, the information between server and handheld terminal is undertaken by the first communication module of the first communication module of server Yu handheld terminal alternately;
Information between server and dynamic puzzle-lock is undertaken by the second communication module of the second communication module of server Yu dynamic puzzle-lock alternately;
Information between dynamic puzzle-lock and handheld terminal is undertaken by the second communication module of the first communication module of dynamic puzzle-lock Yu handheld terminal alternately.
As preferably, step S7 farther includes: the last time locking information is sent to server by dynamic puzzle-lock, and the last locking information includes blocking time and normal locking whether information.
The present invention also provides for the unlocking system of a kind of dynamic puzzle-lock, and this dynamic puzzle-lock is for equipment, and unlocking system includes server, handheld terminal and is arranged at secret generation module and the communication module that dynamic password is locked, wherein,
Server configures is that pre-typing has log-on message and the facility information of equipment, the facility information of dynamic puzzle-lock, KI, dynamic puzzle-lock key, and be configured to arrange the login mode of the handheld terminal specified according to log-on message, and it is configured to send to handheld terminal log-on message, KI, dynamic puzzle-lock key;
Handheld terminal is configured to log according to login mode, and be configured to activate after login dynamic puzzle-lock be at can unlocking condition, and log-on message and dynamic puzzle-lock key are sent to dynamic puzzle-lock;
Secret generation module is configured to generate the first dynamic password according to dynamic puzzle-lock key by the 5th algorithm, and communication module is configured to send to server log-on message and the facility information of equipment that prestores; And
Server is additionally configured to the facility information of the log-on message of reception and equipment and the facility information of the log-on message pre-recorded inside it and equipment are carried out consistency checking, when consistent, it is additionally configured to generate the second dynamic password according to dynamic puzzle-lock key by the 6th algorithm corresponding with the 5th algorithm, and is configured to send to dynamic puzzle-lock this second dynamic password;
When the first dynamic password and the second dynamic password are consistent, dynamic puzzle-lock and handheld terminal are additionally configured to be authenticated by above-mentioned method for authenticating based on KI, when authentication by, dynamic puzzle-lock is unblanked.
Having the beneficial effects that of the method for authenticating of the present invention, by the bi-directional authentification between dynamic puzzle-lock and handheld terminal, could open dynamic puzzle-lock, it is possible to increase the security performance of dynamic puzzle-lock after authenticating successfully;
Having the beneficial effects that of the method for unlocking of the present invention, mutual by the information between dynamic puzzle-lock, server, handheld terminal, make really have the handheld terminal obtaining server mandate just to have the qualification opening dynamic puzzle-lock, improve the safe class of equipment;
Having the beneficial effects that of the method for unlocking of the present invention, is encrypted, by the information between dynamic puzzle-lock and handheld terminal, the peace degree that raising information is mutual alternately;
Having the beneficial effects that of the method for unlocking of the present invention, is encrypted, by the information between dynamic puzzle-lock and server, the peace degree that raising information is mutual alternately;
Having the beneficial effects that of the method for unlocking of the present invention, can improve, by industrial computer, the efficiency that the information between dynamic puzzle-lock and server is mutual;
Having the beneficial effects that of the method for unlocking of the present invention, by storing master key, KI and dynamic puzzle-lock key respectively, it is possible to increase the storage security of key;
Having the beneficial effects that of the method for unlocking of the present invention, server, handheld terminal and dynamic puzzle-lock information between any two is undertaken by proprietary communication module alternately, it is possible to increase the mutual efficiency with process of information.
Accompanying drawing explanation
Fig. 1 is the step schematic diagram of the method for authenticating of dynamic puzzle-lock according to embodiments of the present invention;
Fig. 2 is method for authenticating according to an embodiment of the invention;
Flow chart when Fig. 3 is be applied on atm device by method for unlocking according to one embodiment of present invention;
Fig. 4 is the diagram generating and storing master key, KI and dynamic puzzle-lock key according to one embodiment of present invention;
Fig. 5 is unlocking system according to an embodiment of the invention.
Detailed description of the invention
Below in conjunction with accompanying drawing being described in detail the present invention.
Handheld terminal mentioned in literary composition can include mobile phone, panel computer, PDA (PersonalDigitalAssistant), and handheld terminal is preferably PDA. And dynamic puzzle-lock can be arranged at bank, armament depot, ATM, safety cabinet, condom, classified document cabinet etc. and have on the equipment of privacy requirements.
According to embodiments of the invention, provide the method for authenticating of a kind of dynamic puzzle-lock, this method for authenticating carries out between dynamic puzzle-lock and handheld terminal, wherein, when needing such equipment that need to maintain secrecy is opened, the first algorithm and the second algorithm is preset, as it is shown in figure 1, the method may include that in dynamic puzzle-lock
Step E1, arranges the third algorithm corresponding with the first algorithm and fourth algorithm corresponding with the second algorithm in the handheld terminal that will dynamic puzzle-lock be unblanked;
Step E2, in handheld terminal side, it utilizes the first crucial manifold of this side to generate the first authentication sequence by third algorithm, and utilizes the be received from dynamic puzzle-lock second crucial manifold to generate the second authentication sequence by the 4th algorithm;
Step E3, in dynamic puzzle-lock side, it utilizes the second crucial manifold of this side to generate the 4th authentication sequence by the second algorithm, and utilizes the be received from described handheld terminal first crucial manifold to generate the 3rd authentication sequence by the first algorithm;
Step E4, corresponding step, corresponding with the 3rd authentication sequence in the first authentication sequence, and when the second authentication sequence is corresponding with the 4th authentication sequence, authentication is passed through.
Should be appreciated that and between step E2 and step E3, be absent from sequencing, it is possible to carry out simultaneously, or any one first carries out, as long as finally performing the two step it is thus possible to perform the corresponding step of step E4.
The essence of the method for authenticating of the present invention is in that, the first algorithm and the second algorithm in dynamic puzzle-lock are usually preset by server, when equipment is operated by needs, when namely needing the dynamic puzzle-lock opening on equipment, the third algorithm corresponding respectively with the first algorithm and the second algorithm and the 4th algorithm are arranged in the handheld terminal that will go to unblank by server, namely, this handheld terminal is carried out unique corresponding with dynamic puzzle-lock, only this authorized handheld terminal just can be opened, the staff only holding this handheld terminal is made just to have the right to open dynamic puzzle-lock, thus improve the safety of equipment.
Information in first crucial manifold can include facility information and the KI of handheld terminal, and wherein the facility information of handheld terminal is preferably the device numbering of handheld terminal.
Information in second crucial manifold can include the facility information of dynamic puzzle-lock (in actual applications, the facility information of this dynamic puzzle-lock can be receive in dynamic puzzle-lock in authentication process and obtain, can also be pre-set in this handheld terminal, it is preferably and is arranged in this handheld terminal by server in advance) and the first random number of dynamic puzzle-lock stochastic generation, wherein the facility information of dynamic puzzle-lock is preferably the device numbering of dynamic puzzle-lock. first algorithm and the second algorithm (also including all algorithms mentioned in literary composition) can be following algorithm: 3DES respectively, DES, SM1, SM2, SM4, SHA, other algorithms most in use known to AES or those skilled in the art, and the first algorithm and the second algorithm can be identical, can also differ, and so-called " third algorithm corresponding with the first algorithm " can refer to that third algorithm is identical with the first algorithm, can also refer to that third algorithm is and the corresponding relation of the first algorithm can determine that the corresponding relation between the first authentication sequence generated by third algorithm and the 3rd authentication sequence generated by the first algorithm. namely, for instance, when the first authentication sequence is 1234, the 3rd authentication sequence is also the 1234 special correspondences of the one of which belonging in corresponding relation, namely identical, when the 3rd authentication sequence is 5678, then the first authentication sequence and the 3rd authentication sequence there is also a kind of corresponding relation, it is believed that this corresponding relation is, the bits per inch of the 3rd authentication sequence is all that the bits per inch of the first authentication sequence is plus 4, can certainly there is other corresponding relation, be not repeated herein.
As shown in Figure 2, for method for authenticating according to an embodiment of the invention, bi-directional authentification can also be called, namely, only can unblank after PDA and dynamic puzzle-lock all adopt unanimously, mainly include (1) PDA and dynamic puzzle-lock and generate authentication sequence each through KI AMK, PAD numbering respectively with KI AMK for key, compare concordance; (2) PDA and dynamic puzzle-lock also generate authentication sequence each through KI AMK, the device numbering ID3 of dynamic puzzle-lock, the random parameter RAND 4 that randomly generated by dynamic puzzle-lock with AMK for key respectively, compare concordance.
Specifically include the following information interactive step of following PDA and dynamic puzzle-lock, wherein,
PDA side:
PDA numbers (i.e. the device numbering of PDA) and KI AMK (PDA numbering and KI AMK are namely corresponding to the crucial manifold of first above) send to dynamic puzzle-lock;
Number based on PDA, AMK generates authentication sequence PUSN (i.e. corresponding first authentication sequence above) with AMK for key by engagement arithmetic (i.e. corresponding the first algorithm above);
Dynamic puzzle-lock side:
Receive PDA numbering and AMK, generate authentication sequence RPUSN (i.e. corresponding threeth authentication sequence above) with AMK for key by engagement arithmetic (i.e. corresponding third algorithm above) based on PDA numbering, AMK;
Generate random parameter RAND 4 (i.e. the first random number above);
RPUSN and RAND4 is sent to PDA;
PDA side:
Receive RPUSN and RAND4;
Judging that whether PUSN is equal to RPUSN, this is the authentication of PDA side, if PUSN is not equal to RPUSN, then and failed authentication;
If PUSN is equal to RPUSN, namely, if the first authentication sequence mentioned above is corresponding with the 3rd authentication sequence, the then authentication success of PDA side, authentication sequence RLUSN (i.e. corresponding second authentication sequence above) is generated with AMK for key by engagement arithmetic (i.e. corresponding the second algorithm above) based on RAND4, ID3 (i.e. the device numbering of dynamic puzzle-lock, this ID3 is pre-set in PDA by server), AMK;
RLUSN is sent to dynamic puzzle-lock side;
Dynamic puzzle-lock side:
Authentication sequence LUSN (i.e. corresponding fourth authentication sequence above) is generated with AMK for key by engagement arithmetic (i.e. corresponding the second algorithm above) based on RAND4, ID3, AMK;
Receive RLUSN;
Judge that whether RLUSN is equal to LUSN, if RLUSN is not equal to LUSN, then the failed authentication of dynamic puzzle-lock side;
If RLUSN is equal to LUSN, i.e. if the second authentication sequence mentioned above is corresponding with the 4th authentication sequence, then the authentication success of dynamic puzzle-lock side.
That is, the authentication on both sides each through, then bi-directional authentification success, now dynamic puzzle-lock is opened. Additionally, dynamic puzzle-lock can set that blocking time limits, while opening dynamic puzzle-lock, start blocking time countdown, do not shut at the appointed time, then carry out automatic blocking or alert notice.
According to embodiments of the invention, it is provided that the method for unlocking of a kind of dynamic puzzle-lock, dynamic puzzle-lock is for equipment, and this equipment has it is carried out uniquely identified facility information, and based on bi-directional authentification method mentioned above, this method for unlocking includes:
Step S1, pre-typing log-on message and the facility information of equipment, the facility information of dynamic puzzle-lock, KI, dynamic puzzle-lock key in the server, and the login mode (being described below) of the handheld terminal specified is set according to log-on message, and log-on message, KI, dynamic puzzle-lock key are sent to handheld terminal;
Step S3, handheld terminal is logged according to login mode, activating after login that dynamic puzzle-lock is at can unlocking condition, dynamic puzzle-lock is in inoperable state at ordinary times, unlocking action just can be carried out after only activating, and after logging in handheld terminal, it is possible to by mode wirelessly activating dynamic puzzle-locks such as radio frequencies;
Step S5, log-on message and dynamic puzzle-lock key are sent to dynamic puzzle-lock by handheld terminal;
Step S7, dynamic puzzle-lock generates the first dynamic password according to dynamic puzzle-lock key by the 5th algorithm, and sends log-on message and the facility information of equipment that prestores to server;
Step S9, server is by the facility information of the log-on message received and equipment, the facility information of the log-on message pre-recorded with server internal respectively and equipment carries out consistency checking, if the facility information of two equipment is consistent, then can be concluded that this equipment is the equipment needing to carry out opening, and can be determined that this handheld device is that handheld device through authorizing by the concordance of log-on message. When both of which is consistent, generates the second dynamic password according to dynamic puzzle-lock key by the 6th algorithm corresponding with the 5th algorithm, and this second dynamic password is sent to dynamic puzzle-lock;
Step S11, when the first dynamic password and the second dynamic password are consistent, undertaken by method for authenticating above based on the facility information of dynamic puzzle-lock and KI between dynamic puzzle-lock and handheld terminal, when authentication by, dynamic puzzle-lock realize unblank. Wherein, method for authenticating can be carried out wirelessly, or when handheld terminal have physics unblank head, can by after tapered end be inserted dynamic puzzle-lock, carrying out authenticating when being directly connected to, the information between dynamic puzzle-lock and handheld terminal involved in certain literary composition all can carry out based on this tapered end alternately.
According to a preferred embodiment of the present invention, the step S1 in method for unlocking also includes: pre-record into master key in the server, and master key is sent to handheld terminal by server; Then step S5 also includes: master key is sent to dynamic puzzle-lock by handheld terminal; Hereafter, the information between dynamic puzzle-lock and handheld terminal is based on master key alternately and is encrypted transmission.
According to a preferred embodiment of the present invention, method for unlocking farther includes step 4 after step s 3, and dynamic password is locked in after being activated, and generates working key; Hereafter, the information between dynamic puzzle-lock and server is based on working key alternately and is encrypted transmission, it is preferable that be encrypted by aes algorithm.
According to a preferred embodiment of the present invention, handheld terminal also has the recognition functions such as password authentification, information button checking or fingerprint authentication after login, require over log-on message to log in, then pass through identification information carry out password authentification, fingerprint authentication and/or information button checking just can carry out logging in and unlocking operation. Wherein, log-on message includes code (preferably name, the numbering of the unlocking staff specified, also other user-defined user name being made up of letter, numeral, character etc. is included) and the information of identification, identification information includes password authentification, fingerprint authentication and/or information button checking, and login mode is set according to log-on message and includes using the code (name and/or numbering) of unlocking staff as user name, then log in identification information. Additionally, handheld terminal can also have time module and self-locking module, after the information receiving server, limit login time at 5-30min, as overtime is not logged in, will locking, and can activation manipulation again after 1-24h. Does (the what is called task of unblanking indicate whether when various information are conveyed to handheld terminal by server when the task of unblanking is assigned?) limit the uncaging time (login time of the PDA whether namely limited?), PDA carries out time verifying when logging in.
According to a preferred embodiment of the present invention, the information between dynamic puzzle-lock and server carries out each through industrial computer alternately, industrial computer namely with the device of coordinative composition of equipments, it is possible to improve the mutual efficiency of information.
According to a preferred embodiment of the present invention, method for unlocking also includes:
After handheld terminal receives log-on message, KI and dynamic puzzle-lock key, if be not logged in first scheduled time, then carry out self-locking; From being certainly locked in during second scheduled time, use handheld terminal to cannot be carried out logging in, be therefore possible to prevent illegally to use handheld terminal.
According to a preferred embodiment of the present invention, server has key evaluator, generating main frame by password and generate various key, and server is generated main frame with password and is connected by wired or wireless communication, the generation method of master key and dynamic puzzle-lock key comprises the following steps:
Step S01: password generates the second random number that main frame inputs voluntarily based on its facility information and manager, the facility information generating main frame with password generates master key for key by the 7th algorithm;
Step S02: password generates the 3rd random number that main frame inputs voluntarily based on its facility information and manager, KI is generated for key by the 8th algorithm with master key, and master key and KI are loaded into key evaluator, wherein, key evaluator is arranged at the client being connected with server network, task of unblanking is responsible for by client, and password is generated main frame and can be connected by USB interface or serial port form with server;
Step S05: key evaluator, based on its facility information, current time and the 4th random number, generates dynamic puzzle-lock key for key by the 9th algorithm with master key, and wherein, key evaluator is connected by wired or wireless mode with server.
According to a preferred embodiment of the present invention, method for unlocking also includes between step S02 and step S05:
Step S03: password generates main frame and master key and KI is respectively partially loaded in two blank the first read-write card and the second read-write card so that be provided simultaneously with the first read-write card and the second read-write card could obtain master key and KI;
Step S04: by making master key and KI be loaded into key evaluator in key evaluator brush the first read-write card and the second read-write card. According to a preferred embodiment of the present invention, method for unlocking also includes after step S05:
Step S06: dynamic puzzle-lock key is loaded into third reading and writes card and the 4th read-write card by key evaluator so that be provided simultaneously with third reading and write card and the 4th read-write card could obtain dynamic puzzle-lock key;
Step S07: write card and the 4th read-write card by master key, KI and dynamic puzzle-lock key typing server by the first read-write card, the second read-write card, third reading, and, the various keys that password generation main frame generates simply are transferred to miscellaneous equipment (such as dynamic puzzle-lock etc.) through server, it is possible to understand that do not store various key for server itself. Additionally, in other cases, it is also possible to directly handheld terminal is authorized by key evaluator, namely complete to authorize by writing with a brush dipped in Chinese ink UkeyA2 and UkeyB2 on handheld terminal.
According to a preferred embodiment of the present invention, the information between server and handheld terminal is undertaken by the first communication module of the first communication module of server Yu handheld terminal alternately;
Information between server and dynamic puzzle-lock is undertaken by the second communication module of the second communication module of server Yu dynamic puzzle-lock alternately;
Information between dynamic puzzle-lock and handheld terminal is undertaken by the second communication module of the first communication module of dynamic puzzle-lock Yu handheld terminal alternately.
According to a preferred embodiment of the present invention, in method for unlocking, step S7 farther includes: the last time locking information is sent to server by dynamic puzzle-lock, the last locking information can include blocking time and normal locking whether information, it is also possible to includes the information such as device numbering of handheld terminal corresponding when such as locking personnel, locking.
In actual applications, it is possible to the method for unlocking of the present invention is applied on the atm device of bank, ATM is had add paper money task time, as it is shown on figure 3, specifically can be undertaken by following steps:
Step U1: add paper money person A, add paper money person B on PDA and verify user profile, namely user name is inputted, and the identification information of the password symbol such as fingerprint or digital alphabet etc, after being verified, user profile is sent to dynamic puzzle-lock by short-distance wireless communication (can be frequency for communication);
Step U2: the user profile that dynamic puzzle-lock will receive, and need the facility information of the equipment (ATM) opened to be sent to industrial computer A TMC by USB interface, wherein, equipment is connected by USB with industrial computer;
Step U3:ATMC sends to background application server by network data (user profile and facility information) and is verified;
Step U4: verify whether this atm device has and add paper money task, whether checking and user legal?
Step U5: if this atm device does not add paper money task and/or user is illegal, then by ATM network bank within, transmission failure information is to dynamic puzzle-lock;
Step U6: failure information is wirelessly sent to PDA by dynamic puzzle-lock;
Step U7:PDA points out operation failure, and shows failure cause;
Step U8: if step U4's is verified, i.e. this atm device has and adds paper money task and user is legal, then by ATM network, send dynamic password of unblanking, wait to unload, treat that paper money case information is to dynamic puzzle-lock;
Step U9: whether dynamic puzzle-lock checking dynamic password is correct, and proof procedure refers to step S7-S11;
Step U10: dynamic password lock handle correct information is by being wirelessly transmitted to PDA;
Step U11:PDA prompting please be unblanked;
Step U12: PDA is inserted dynamic puzzle-lock, after bi-directional authentification, rotates PDA and unblanks.
Additionally, after opening lockset, it is also possible to notify handheld terminal and server respectively through communication module E and communication module F, lockset has turned on.
According to one embodiment of present invention, can generate and store master key, KI and dynamic puzzle-lock key in actual applications based on following methods, as shown in Figure 4, for generating and store the diagram of master key, KI and dynamic puzzle-lock key according to one embodiment of present invention, wherein
Password generates main frame place and comprises the following steps:
Key injects, and becomes raw master key MK with ID1 for key by engagement arithmetic with random parameter RAND 1 (i.e. corresponding the second random number above) based on ID1 (device numbering of password generation main frame);
Initialize, become raw KI AMK with MK for key by engagement arithmetic (the 8th algorithm corresponding in literary composition) with random parameter RAND 2 (i.e. corresponding the 3rd random number above) based on ID1;
Load, MK and AMK is loaded into UKeyA1 (namely corresponding to the first read-write card in literary composition) and UKeyB1 (namely corresponding to the second read-write card in literary composition), MK and AMK is not individually stored to a read-write card by this loading simply, but such as MK is disassembled part with certain isolation and deposit to UKeyA1, another part stores to UKeyB1, can preset should the merging mode of isolation in the follow-up device that need to load these two passwords, it is possible to avoid a wherein read-write card to lose and cause password to lose the situation that the password caused is stolen.
Key evaluator place comprises the following steps:
It is authorized to, namely authorized by UKeyA1 and UKeyB1 and key is loaded into key evaluator (password generates host authorization key evaluator and authorized by writing with a brush dipped in Chinese ink UkeyA1 and UkeyB1), so that key evaluator receives UKeyA1 and UKeyB1, and storage after being identified;
Initialize, generate dynamic puzzle-lock key with MK for key by engagement arithmetic (the 9th algorithm corresponding in literary composition) based on ID2 (device numbering of key evaluator), current time, random parameter RAND 3 (the 4th random number corresponding in literary composition);
Load, DMK is loaded into UKeyA2 and UKeyB2 with the method similar with MK and AMK;
Authorize, send MK and AMK (please change herein, and which read-write card is authorized by Fig. 4, and the mandate of UKeyA2 and UKeyB2 can only be sent DMK) by the mandate of UKeyA2 and UKeyB2.
According to embodiments of the invention, it is provided that the unlocking system of a kind of dynamic puzzle-lock, dynamic puzzle-lock is for equipment, and unlocking system includes server, handheld terminal and is arranged at secret generation module and the communication module that dynamic password is locked, wherein,
Server configures is that pre-typing has log-on message and the facility information of equipment, the facility information of dynamic puzzle-lock, KI, dynamic puzzle-lock key, and be configured to arrange the login mode of the handheld terminal specified according to log-on message, and it is configured to send to handheld terminal log-on message, KI, dynamic puzzle-lock key;
Handheld terminal is configured to log according to login mode, and be configured to activate after login dynamic puzzle-lock is at can unlocking condition; And
Log-on message and dynamic puzzle-lock key are sent to dynamic puzzle-lock;
Secret generation module is configured to generate the first dynamic password according to dynamic puzzle-lock key by the 5th algorithm, and communication module is configured to send to server log-on message and the facility information of equipment that prestores; And
Server is additionally configured to the facility information of the log-on message of reception and equipment and the facility information of the log-on message pre-recorded inside it and equipment are carried out consistency checking, when consistent, it is additionally configured to generate the second dynamic password according to dynamic puzzle-lock key by the 6th algorithm corresponding with the 5th algorithm, and is configured to send to dynamic puzzle-lock this second dynamic password;
When the first dynamic password and the second dynamic password are consistent, dynamic puzzle-lock and handheld terminal are additionally configured to be undertaken by method for authenticating above based on KI, when authentication by, dynamic puzzle-lock is unblanked.
The connected mode of each equipment in unlocking system according to an embodiment of the invention is described referring to Fig. 5, wherein, handheld terminal can include communication module C (third communication module corresponding in literary composition) and communication module E (the fifth communication module corresponding in literary composition), server includes communication module A (first communication module corresponding in literary composition) and communication module B (second communication module corresponding in literary composition), dynamic puzzle-lock includes communication module D (the fourth communication module corresponding in literary composition) and communication module F (the 6th communication module corresponding in literary composition), industrial computer includes communication module H (the 7th communication module corresponding in literary composition) and communication module G (the 8th communication module corresponding in literary composition).
Wired mode and/or wireless mode can be used between communication module C and communication module A to carry out communication; Can make between communication module B and communication module H wirelessly to carry out communication; The communication module G of dynamic puzzle-lock, with USB interface, can be used for carrying out communication with communication module D by USB; By carrying out communication connection between module F and communication module E wirelessly, handheld terminal PDA with dynamic puzzle-lock by short-distance wireless communication mode, can also can adopt existing Zigbee, bluetooth or other special communication protocol.
Random number mentioned in literary composition, for instance RAND1, RAND2, RAND3 and/or RAND4 can determine as required voluntarily, and figure place is more many more safe, it is proposed that no less than 6 figure places.
Dynamic puzzle-lock, with warning function, can receive error message when dynamic puzzle-lock and PDA bi-directional authentification mistake, receive the error message of dynamic puzzle-lock communication module less than 3 times, starts and reports to the police.
Server is assigned and to, after hand-held authorization terminal, after step 7, notifying that handheld terminal has new task with note form;
Step 7, notifies handheld terminal with note form, and note is automatically to be sent during task by under server.
Above example is only the exemplary embodiment of the present invention, is not used in the restriction present invention, and protection scope of the present invention is defined by the claims. The present invention in the essence of the present invention and protection domain, can be made various amendment or equivalent replacement by those skilled in the art, and this amendment or equivalent replacement also should be regarded as being within the scope of the present invention.
Claims (16)
1. the method for authenticating of a dynamic puzzle-lock, it is characterised in that being preset with the first algorithm and the second algorithm in described dynamic puzzle-lock, described method includes:
The handheld terminal that described dynamic puzzle-lock is unblanked arranges the third algorithm corresponding with described first algorithm and fourth algorithm corresponding with described second algorithm;
In described handheld terminal side, it utilizes the first crucial manifold of this side to generate the first authentication sequence by described third algorithm, and utilizes the be received from described dynamic puzzle-lock second crucial manifold to generate the second authentication sequence by described 4th algorithm;
In described dynamic puzzle-lock side, it utilizes the described second crucial manifold of this side to generate the 4th authentication sequence by described second algorithm, and utilizes the be received from described handheld terminal first crucial manifold to generate the 3rd authentication sequence by described first algorithm;
Carry out corresponding step, corresponding with described 3rd authentication sequence in described first authentication sequence, and when described second authentication sequence is corresponding with described 4th authentication sequence, authentication is passed through.
2. method according to claim 1, it is characterised in that the information in the described first crucial manifold includes facility information and the KI of described handheld terminal.
3. method according to claim 1, it is characterised in that the facility information of dynamic puzzle-lock described in the information in the described second crucial manifold and the first random number of described dynamic puzzle-lock stochastic generation.
4. method according to claim 1, it is characterised in that described first algorithm and the second algorithm are at least one of respectively:
3DES��DES��SM1��SM2��SM4��SHA��AES��
5. a method for unlocking for dynamic puzzle-lock, described dynamic puzzle-lock is for equipment, and this equipment has it is carried out uniquely identified facility information, it is characterised in that based on the method for authenticating described in claim 1, described method for unlocking includes:
Step S1, pre-typing log-on message and the facility information of described equipment, the facility information of dynamic puzzle-lock, KI, dynamic puzzle-lock key in the server, and the login mode of the handheld terminal specified is set according to described log-on message, and described log-on message, described KI, dynamic puzzle-lock key are sent to described handheld terminal;
Step S3, logs in described handheld terminal according to described login mode, and activating after login that described dynamic puzzle-lock is at can unlocking condition;
Step S5, described log-on message and dynamic puzzle-lock key are sent to described dynamic puzzle-lock by described handheld terminal;
Step S7, described dynamic puzzle-lock generates the first dynamic password according to described dynamic puzzle-lock key by the 5th algorithm, and sends described log-on message and the facility information of described equipment that prestores to described server;
Step S9, described server is by the facility information of the log-on message received and equipment, the facility information of the described log-on message pre-recorded with described server internal respectively and described equipment carries out consistency checking, when consistent, generate the second dynamic password according to described dynamic puzzle-lock key by the 6th algorithm corresponding with described 5th algorithm, and this second dynamic password is sent to described dynamic puzzle-lock;
Step S11, when described first dynamic password and the second dynamic password are consistent, authenticated by method for authenticating as claimed in claim 1 based on the facility information of described dynamic puzzle-lock and described KI between described dynamic puzzle-lock and handheld terminal, when authentication by, described dynamic puzzle-lock realize unblank.
6. method for unlocking according to claim 5, it is characterised in that step S1 also includes: pre-record into master key in described server, and described server is by described master key transmission to described handheld terminal;
Then step S5 also includes: described master key is sent to described dynamic puzzle-lock by described handheld terminal;
Hereafter, the information between described dynamic puzzle-lock and described handheld terminal is based on described master key alternately and is encrypted transmission.
7. method for unlocking according to claim 5, it is characterised in that farther including step 4 after step s 3, described dynamic password is locked in after being activated, generates working key;
Hereafter, the information between described dynamic puzzle-lock and described server is based on described working key alternately and is encrypted transmission.
8. method for unlocking according to claim 5, it is characterised in that described log-on message includes the code of unlocking staff and the identification information thereof specified, described identification information includes password authentification, fingerprint authentication and/or information button checking.
9. method for unlocking according to claim 5, it is characterised in that the information between described dynamic puzzle-lock and described server carries out each through industrial computer alternately.
10. method for unlocking according to claim 5, it is characterised in that also include:
After described handheld terminal receives described log-on message, described KI and dynamic puzzle-lock key, if be not logged in first scheduled time, then carry out self-locking; From being certainly locked in during second scheduled time, described handheld terminal is used to cannot be carried out logging in.
11. method for unlocking according to claim 6, it is characterised in that the generation method of described master key and dynamic puzzle-lock key comprises the following steps:
Step S01: password generates main frame based on its facility information and the second random number, and the facility information generating main frame with described password generates described master key for key by the 7th algorithm;
Step S02: described password generates main frame based on its facility information and the 3rd random number, generates described KI for key by the 8th algorithm with described master key, and described master key and described KI are loaded into key evaluator;
Step S05: described key evaluator, based on its facility information, current time and the 4th random number, generates described dynamic puzzle-lock key for key by the 9th algorithm with described master key.
12. method for unlocking according to claim 11, it is characterised in that also include between step S02 and step S05:
Step S03: described password generates main frame and described master key and described KI are respectively partially loaded into the first read-write card and the second read-write card so that be provided simultaneously with described first read-write card and the second read-write card could obtain described master key and described KI;
Step S04: by making described master key and described KI be loaded into described key evaluator in the first read-write card and the second read-write card described in described key evaluator brush.
13. method for unlocking according to claim 12, it is characterised in that also include after step S05:
Step S06: described dynamic puzzle-lock key is loaded into third reading and writes card and the 4th read-write card by described key evaluator so that be provided simultaneously with described third reading and write card and the 4th read-write card could obtain described dynamic puzzle-lock key;
Step S07: write card and the 4th read-write card by server described in described master key, KI and dynamic puzzle-lock key typing by described first read-write card, the second read-write card, third reading.
14. method for unlocking according to claim 5, it is characterised in that the information between described server and described handheld terminal is undertaken by the first communication module of the first communication module of described server Yu described handheld terminal alternately;
Information between described server and described dynamic puzzle-lock is undertaken by the second communication module of the second communication module of described server Yu described dynamic puzzle-lock alternately;
Information between described dynamic puzzle-lock and described handheld terminal is undertaken by the second communication module of the first communication module of described dynamic puzzle-lock Yu described handheld terminal alternately.
15. method for unlocking according to claim 5, it is characterized in that, step S7 farther includes: the last time locking information is sent to described server by described dynamic puzzle-lock, and described the last locking information includes blocking time and normal locking whether information.
16. a unlocking system for dynamic puzzle-lock, described dynamic puzzle-lock is for equipment, it is characterised in that described unlocking system includes server, handheld terminal and is arranged at secret generation module and the communication module that described dynamic password is locked, wherein,
Described server configures is that pre-typing has log-on message and the facility information of described equipment, the facility information of dynamic puzzle-lock, KI, dynamic puzzle-lock key, and be configured to arrange the login mode of the handheld terminal specified according to described log-on message, and it is configured to send to described handheld terminal described log-on message, described KI, dynamic puzzle-lock key;
Described handheld terminal is configured to log according to described login mode, and be configured to activate after login described dynamic puzzle-lock be at can unlocking condition, and described log-on message and dynamic puzzle-lock key are sent to described dynamic puzzle-lock;
Described secret generation module is configured to generate the first dynamic password according to described dynamic puzzle-lock key by the 5th algorithm, and described communication module is configured to send to described server described log-on message and the facility information of described equipment that prestores; And
Described server is additionally configured to the facility information of the log-on message of reception and equipment and the facility information of the described log-on message pre-recorded inside it and described equipment are carried out consistency checking, when consistent, it is additionally configured to generate the second dynamic password according to described dynamic puzzle-lock key by the 6th algorithm corresponding with described 5th algorithm, and is configured to send to described dynamic puzzle-lock this second dynamic password;
When described first dynamic password and the second dynamic password are consistent, described dynamic puzzle-lock and handheld terminal are additionally configured to be authenticated by method for authenticating as claimed in claim 1 based on described KI, when authentication by, described dynamic puzzle-lock is unblanked.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410714971.2A CN105635089B (en) | 2014-11-28 | 2014-11-28 | Authentication method, unlocking method and unlocking system of dynamic coded lock |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410714971.2A CN105635089B (en) | 2014-11-28 | 2014-11-28 | Authentication method, unlocking method and unlocking system of dynamic coded lock |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105635089A true CN105635089A (en) | 2016-06-01 |
| CN105635089B CN105635089B (en) | 2020-10-09 |
Family
ID=56049585
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410714971.2A Active CN105635089B (en) | 2014-11-28 | 2014-11-28 | Authentication method, unlocking method and unlocking system of dynamic coded lock |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105635089B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106780880A (en) * | 2016-12-12 | 2017-05-31 | 国网北京市电力公司 | Method for generating cipher code, device and smart lock |
| CN106920306A (en) * | 2017-03-01 | 2017-07-04 | 成都优客智家信息科技有限公司 | Intelligent door card encryption system |
| CN107989514A (en) * | 2018-01-02 | 2018-05-04 | 宁波耀龙软件科技有限公司 | There is the safety box of dynamic password |
| CN108055235A (en) * | 2017-11-01 | 2018-05-18 | 华中科技大学 | A kind of control method of smart lock, relevant device and system |
| CN109743159A (en) * | 2018-01-09 | 2019-05-10 | 詹贯峰 | A kind of inter-authentication method for realizing authentication with authorization using bidirectional dynamic password |
| CN110415414A (en) * | 2019-07-31 | 2019-11-05 | 中国工商银行股份有限公司 | The unlocking method and device of dynamic puzzle-lock based on both sides' verifying |
| CN112564894A (en) * | 2020-11-11 | 2021-03-26 | 杭州浙程科技有限公司 | Method for unlocking passive lock by intelligent key dynamic secret key |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030215114A1 (en) * | 2002-05-15 | 2003-11-20 | Biocom, Llc | Identity verification system |
| CN1770682A (en) * | 2004-11-02 | 2006-05-10 | 华为技术有限公司 | Method for producing user card authentication random number of network apparatus and authentication method |
| CN101163326A (en) * | 2006-10-12 | 2008-04-16 | 华为技术有限公司 | Method, system and mobile terminal of preventing playback attack |
| WO2009052548A1 (en) * | 2007-10-22 | 2009-04-30 | Microlatch Pty Ltd | A transmitter for transmitting a secure access signal |
| CN103530924A (en) * | 2013-10-25 | 2014-01-22 | 北京金储自动化技术有限公司 | Dynamic password lock system and method for self-help network management |
| CN103903319A (en) * | 2014-02-10 | 2014-07-02 | 袁磊 | Electronic lock system based on internet dynamic authorization |
-
2014
- 2014-11-28 CN CN201410714971.2A patent/CN105635089B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030215114A1 (en) * | 2002-05-15 | 2003-11-20 | Biocom, Llc | Identity verification system |
| CN1770682A (en) * | 2004-11-02 | 2006-05-10 | 华为技术有限公司 | Method for producing user card authentication random number of network apparatus and authentication method |
| CN101163326A (en) * | 2006-10-12 | 2008-04-16 | 华为技术有限公司 | Method, system and mobile terminal of preventing playback attack |
| WO2009052548A1 (en) * | 2007-10-22 | 2009-04-30 | Microlatch Pty Ltd | A transmitter for transmitting a secure access signal |
| CN103530924A (en) * | 2013-10-25 | 2014-01-22 | 北京金储自动化技术有限公司 | Dynamic password lock system and method for self-help network management |
| CN103903319A (en) * | 2014-02-10 | 2014-07-02 | 袁磊 | Electronic lock system based on internet dynamic authorization |
Non-Patent Citations (1)
| Title |
|---|
| 卿利: "安全子网的双向认证访问控制研究", 《全国优秀硕士学位论文》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106780880A (en) * | 2016-12-12 | 2017-05-31 | 国网北京市电力公司 | Method for generating cipher code, device and smart lock |
| CN106780880B (en) * | 2016-12-12 | 2019-04-12 | 国网北京市电力公司 | Method for generating cipher code, device and smart lock |
| CN106920306A (en) * | 2017-03-01 | 2017-07-04 | 成都优客智家信息科技有限公司 | Intelligent door card encryption system |
| CN106920306B (en) * | 2017-03-01 | 2019-05-17 | 优客逸家(成都)信息科技有限公司 | Intelligent door card encryption system |
| CN108055235A (en) * | 2017-11-01 | 2018-05-18 | 华中科技大学 | A kind of control method of smart lock, relevant device and system |
| CN108055235B (en) * | 2017-11-01 | 2020-09-18 | 华中科技大学 | Control method of intelligent lock, related equipment and system |
| CN107989514A (en) * | 2018-01-02 | 2018-05-04 | 宁波耀龙软件科技有限公司 | There is the safety box of dynamic password |
| CN109743159A (en) * | 2018-01-09 | 2019-05-10 | 詹贯峰 | A kind of inter-authentication method for realizing authentication with authorization using bidirectional dynamic password |
| CN110415414A (en) * | 2019-07-31 | 2019-11-05 | 中国工商银行股份有限公司 | The unlocking method and device of dynamic puzzle-lock based on both sides' verifying |
| CN110415414B (en) * | 2019-07-31 | 2021-09-21 | 中国工商银行股份有限公司 | Unlocking method and device of dynamic coded lock based on two-party authentication |
| CN112564894A (en) * | 2020-11-11 | 2021-03-26 | 杭州浙程科技有限公司 | Method for unlocking passive lock by intelligent key dynamic secret key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105635089B (en) | 2020-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105635089A (en) | Authentication method, unlocking method and unlocking system for dynamic password lock | |
| CN107978047B (en) | Use the methods, devices and systems of password unlocking | |
| US20210070252A1 (en) | Method and device for authenticating a user to a transportation vehicle | |
| US9479329B2 (en) | Motor vehicle control unit having a cryptographic device | |
| CN111768522B (en) | CTID-based intelligent door lock unlocking method and system | |
| CN105827576A (en) | Unlocking method and system based on dynamic cipher lock | |
| JPH11265432A (en) | Personal identification fob | |
| CN105005862A (en) | Internet dynamic password unlocking management system | |
| CN109035519B (en) | Biological feature recognition device and method | |
| CN104408363B (en) | Security code system | |
| CN101298817B (en) | Lock body control device and method thereof | |
| CN109003368B (en) | Bluetooth access control system offline password updating method and Bluetooth access control system | |
| CN104583026A (en) | One-way key fob and vehicle pairing verification, retention, and revocation | |
| CN112615824B (en) | Anti-leakage one-time pad communication method and device | |
| CN102761871A (en) | Method for preventing fake device during other party identity authentication of wireless communication devices | |
| US9609512B2 (en) | Wireless authentication system and wireless authentication method | |
| CN106789024A (en) | A kind of remote de-locking method, device and system | |
| CN104820805A (en) | Method and device for burglary prevention of user identity identification card information | |
| CN105632002A (en) | Multiple determination safety mechanism with identity recognition and movable location based on Internet of Things | |
| CN114758433A (en) | Cloud-based dynamic password generation method and system and intelligent lock | |
| CN104144411A (en) | Encryption and decryption terminal and encryption and decryption method applied to encryption terminal and decryption terminal | |
| CN104363093A (en) | Method for encrypting file data by dynamic authorization code | |
| CN104537313A (en) | Data protection method, terminal and server | |
| WO2012023153A1 (en) | A mobile phone operable electro-mechanical lock and a method thereof | |
| US20230299981A1 (en) | Method and System for Authentication of a Computing Device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |