CN105635089B - Authentication method, unlocking method and unlocking system of dynamic coded lock - Google Patents
Authentication method, unlocking method and unlocking system of dynamic coded lock Download PDFInfo
- Publication number
- CN105635089B CN105635089B CN201410714971.2A CN201410714971A CN105635089B CN 105635089 B CN105635089 B CN 105635089B CN 201410714971 A CN201410714971 A CN 201410714971A CN 105635089 B CN105635089 B CN 105635089B
- Authority
- CN
- China
- Prior art keywords
- key
- dynamic
- authentication
- lock
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Lock And Its Accessories (AREA)
Abstract
The invention provides an authentication method, an unlocking method and an unlocking system of a dynamic coded lock, wherein the authentication method comprises the following steps: setting a third algorithm corresponding to the first algorithm and a fourth algorithm corresponding to the second algorithm in a handheld terminal for unlocking the dynamic coded lock; on the hand-held terminal side, a first key set of the hand-held terminal side is utilized to generate a first authentication sequence through a third algorithm, and a second key set of the receiving automatic password lock is utilized to generate a second authentication sequence through a fourth algorithm; on the dynamic password lock side, a fourth authentication sequence is generated by a second algorithm by utilizing a second key number set of the side, and a third authentication sequence is generated by a first algorithm by utilizing a first key number set received from the handheld terminal; and performing a corresponding step, wherein the authentication is passed under the condition that the first authentication sequence corresponds to the third authentication sequence and the second authentication sequence corresponds to the fourth authentication sequence. The technical scheme of the invention can improve the safety performance of the dynamic coded lock.
Description
Technical Field
The invention relates to a security technology, in particular to a lock opening method, and specifically relates to an unlocking method based on a handheld terminal device.
Background
At present, a vault, a firearms vault, an automatic teller machine, a safe, a confidential document cabinet and the like are all devices with very high safety requirements, and are key security and protection parts. The key point of the security measures is the door lock. The existing door lock is generally a coded lock, and the cabinet door can be opened as long as the code is mastered. The leakage of the password can easily cause serious robbery accidents.
Disclosure of Invention
The invention aims to solve the problems that the existing dynamic coded lock is poor in safety performance, a person holding the coded lock easily leaks the code to illegally open a cabinet door, so that potential safety hazards are increased, and provides an authentication method, an unlocking method and an unlocking system of the dynamic coded lock.
In order to solve the above problems, the present invention provides an authentication method for a dynamic combination lock, in which a first algorithm and a second algorithm are preset, the method comprising:
setting a third algorithm corresponding to the first algorithm and a fourth algorithm corresponding to the second algorithm in a handheld terminal for unlocking the dynamic coded lock;
on the hand-held terminal side, a first key set of the hand-held terminal side is utilized to generate a first authentication sequence through a third algorithm, and a second key set of the receiving automatic password lock is utilized to generate a second authentication sequence through a fourth algorithm;
on the dynamic password lock side, a fourth authentication sequence is generated by a second algorithm by utilizing a second key number set of the side, and a third authentication sequence is generated by a first algorithm by utilizing a first key number set received from the handheld terminal;
and performing a corresponding step, wherein the authentication is passed under the condition that the first authentication sequence corresponds to the third authentication sequence and the second authentication sequence corresponds to the fourth authentication sequence.
Preferably, the information in the first key number set includes device information and an authentication key of the handheld terminal.
Preferably, the device information of the dynamic password lock for information in the second key number set and the first random number generated by the dynamic password lock at random are used.
Preferably, the first algorithm and the second algorithm are each at least one of:
3DES、DES、SM1、SM2、SM4、SHA、AES。
the invention also provides an unlocking method of the dynamic coded lock, the dynamic coded lock is used on equipment, the equipment has equipment information for uniquely identifying the equipment, and based on the authentication method, the unlocking method comprises the following steps:
step S1, pre-recording login information and equipment information of equipment, equipment information of a dynamic coded lock, an authentication key and a dynamic coded lock key in a server, setting a specified login mode of the handheld terminal according to the login information, and sending the login information, the authentication key and the dynamic coded lock key to the handheld terminal;
step S3, logging in the hand-held terminal according to the logging-in mode, activating the dynamic password lock after logging in to make it in the unlocking state;
step S5, the hand-held terminal sends the login information and the dynamic coded lock key to the dynamic coded lock;
step S7, the dynamic password lock generates a first dynamic password through a fifth algorithm according to the dynamic password lock key, and sends login information and pre-stored equipment information of the equipment to a server;
step S9, the server respectively judges the consistency of the received login information and the equipment information of the equipment with the login information and the equipment information of the equipment pre-recorded in the server, and under the condition of consistency, a second dynamic password is generated through a sixth algorithm corresponding to the fifth algorithm according to the dynamic password lock key, and the second dynamic password is sent to the dynamic password lock;
and step S11, under the condition that the first dynamic password is consistent with the second dynamic password, the device information and the authentication key of the dynamic password lock between the dynamic password lock and the handheld terminal are authenticated through the authentication method, and under the condition that the authentication is passed, the dynamic password lock realizes unlocking.
Preferably, step S1 further includes: pre-recording a master key in a server, and sending the master key to the handheld terminal by the server;
step S5 further includes: the handheld terminal sends the master key to the dynamic coded lock;
and then, the information interaction between the dynamic coded lock and the handheld terminal is encrypted and transmitted based on the master key.
Preferably, after step S3, a step 4 is further included, in which the dynamic password lock generates a working key after being activated;
and then, the information interaction between the dynamic coded lock and the server is encrypted and transmitted based on the working key.
Preferably, the login information includes a code of the designated unlocking person and identification information thereof, and the identification information includes password authentication, fingerprint authentication and/or information button authentication.
Preferably, information interaction between the dynamic coded lock and the server is carried out through an industrial personal computer.
Preferably, the unlocking method further includes:
after the handheld terminal receives the login information, the authentication key and the dynamic password lock key, if the handheld terminal does not log in within first preset time, self-locking is carried out; and the user can not log in the handheld terminal from the self-locking to the second preset time period.
Preferably, the method for generating the master key and the dynamic password lock key comprises the following steps:
step S01: the password generation host generates a master key through a seventh algorithm by taking the equipment information of the password generation host as a key based on the equipment information and the second random number;
step S02: the password generation host generates an authentication key through an eighth algorithm by taking the master key as the key based on the equipment information and the third random number of the password generation host, and loads the master key and the authentication key to the key identifier;
step S05: and the key identifier generates a dynamic cipher lock key by taking the master key as the key through a ninth algorithm based on the equipment information, the current time and the fourth random number.
Preferably, the method further includes, between step S02 and step S05:
step S03: the password generation host loads the master key and the authentication key to the first read-write card and the second read-write card respectively and partially, so that the master key and the authentication key can be obtained only by the first read-write card and the second read-write card;
step S04: the master key and the authentication key are loaded to the key identifier by swiping a first read-write card and a second read-write card through the key identifier.
Preferably, step S05 is followed by:
step S06: the key recognizer loads the dynamic cipher lock key to a third read-write card and a fourth read-write card, so that the third read-write card and the fourth read-write card can acquire the dynamic cipher lock key;
step S07: and the master key, the authentication key and the dynamic password lock key are recorded into the server through the first read-write card, the second read-write card, the third read-write card and the fourth read-write card.
Preferably, information interaction between the server and the handheld terminal is carried out through a first communication module of the server and a first communication module of the handheld terminal;
the information interaction between the server and the dynamic coded lock is carried out through a second communication module of the server and a second communication module of the dynamic coded lock;
the information interaction between the dynamic coded lock and the handheld terminal is carried out through a first communication module of the dynamic coded lock and a second communication module of the handheld terminal.
Preferably, step S7 further includes: the dynamic coded lock sends the latest locking information to the server, and the latest locking information comprises locking time and normal locking information.
The invention also provides an unlocking system of the dynamic coded lock, the dynamic coded lock is used on equipment, the unlocking system comprises a server, a handheld terminal, a password generation module and a communication module, wherein the password generation module and the communication module are arranged on the dynamic coded lock,
the server is configured to pre-input login information, equipment information of equipment, equipment information of the dynamic coded lock, an authentication key and a dynamic coded lock key, set a specified login mode of the handheld terminal according to the login information and send the login information, the authentication key and the dynamic coded lock key to the handheld terminal;
the handheld terminal is configured to log in according to a login mode, and is configured to activate the dynamic coded lock after logging in so that the dynamic coded lock is in an unlocking state, and login information and a dynamic coded lock key are sent to the dynamic coded lock;
the password generation module is configured to generate a first dynamic password through a fifth algorithm according to the dynamic password lock key, and the communication module is configured to send login information and pre-stored equipment information of the equipment to the server; and is
The server is further configured to perform consistency judgment on the received login information and the equipment information of the equipment and the login information prerecorded in the server and the equipment information of the equipment, and under the condition of consistency, the server is further configured to generate a second dynamic password through a sixth algorithm corresponding to the fifth algorithm according to the dynamic password lock key and send the second dynamic password to the dynamic password lock;
and under the condition that the first dynamic password is consistent with the second dynamic password, the dynamic password lock and the handheld terminal are also configured to be authenticated through the authentication method based on the authentication key, and under the condition that the authentication is passed, the dynamic password lock is unlocked.
The authentication method has the advantages that the dynamic coded lock can be unlocked only after the authentication is successful through the bidirectional authentication between the dynamic coded lock and the handheld terminal, so that the safety performance of the dynamic coded lock can be improved;
the unlocking method has the advantages that through information interaction among the dynamic coded lock, the server and the handheld terminal, the handheld terminal which is really authorized by the server has the qualification of unlocking the dynamic coded lock, and the safety level of equipment is improved;
the unlocking method has the advantages that the safety degree of information interaction is improved by encrypting the information interaction between the dynamic coded lock and the handheld terminal;
the unlocking method has the advantages that the safety degree of information interaction is improved by encrypting the information interaction between the dynamic coded lock and the server;
the unlocking method has the advantages that the efficiency of information interaction between the dynamic coded lock and the server can be improved through the industrial personal computer;
the unlocking method has the advantages that the master key, the authentication key and the dynamic coded lock key are respectively stored, so that the storage safety of the keys can be improved;
the unlocking method has the advantages that the information interaction between the server, the handheld terminal and the dynamic coded lock is carried out through the special communication module, and the information interaction and processing efficiency can be improved.
Drawings
FIG. 1 is a diagram illustrating steps of a method for authenticating a dynamic combination lock according to an embodiment of the present invention;
FIG. 2 is a method of authentication according to one embodiment of the present invention;
FIG. 3 is a flow chart of the unlocking method applied to an ATM device according to one embodiment of the present invention;
FIG. 4 is a diagram of generating and storing a master key, an authentication key, and a dynamic password lock key, according to one embodiment of the present invention;
fig. 5 is an unlocking system according to one embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings.
The handheld terminal mentioned herein may include a mobile phone, a tablet computer, and a PDA (personal digital assistant), and the handheld terminal is preferably a PDA. The dynamic coded lock can be arranged on equipment with security requirements, such as banks, firearm storehouses, automatic teller machines, safe cases, safe cabinets, and the like.
According to an embodiment of the present invention, there is provided an authentication method for a dynamic password lock, the authentication method being performed between the dynamic password lock and a handheld terminal, wherein when a device to be kept secret needs to be unlocked, a first algorithm and a second algorithm are preset in the dynamic password lock, as shown in fig. 1, the method may include:
step E1, setting a third algorithm corresponding to the first algorithm and a fourth algorithm corresponding to the second algorithm in the handheld terminal for unlocking the dynamic coded lock;
step E2, at the hand-held terminal side, the first key number set of the side is used for generating a first authentication sequence through a third algorithm, and the second key number set of the receiving automatic password lock is used for generating a second authentication sequence through a fourth algorithm;
step E3, on the dynamic password lock side, generating a fourth authentication sequence by the second algorithm using the second key number set of the side, and generating a third authentication sequence by the first algorithm using the first key number set received from the handheld terminal;
step E4, corresponding to the step, in which the authentication is passed under the condition that the first authentication sequence corresponds to the third authentication sequence and the second authentication sequence corresponds to the fourth authentication sequence.
It should be understood that there is no precedence order between step E2 and step E3, and that it may be done simultaneously, or either one first, as long as both steps are finally performed so that the corresponding steps of step E4 can be performed.
The essence of the authentication method of the invention is that the first algorithm and the second algorithm in the dynamic password lock are usually preset by the server, when the equipment needs to be operated, namely the dynamic password lock on the equipment needs to be opened, the server arranges the third algorithm and the fourth algorithm which respectively correspond to the first algorithm and the second algorithm in the handheld terminal to be unlocked, namely, the handheld terminal and the dynamic password lock are uniquely corresponding, only the authorized handheld terminal can be opened, only a worker holding the handheld terminal has the right to open the dynamic password lock, thereby improving the safety of the equipment.
The information in the first key number set may include device information of the handheld terminal and an authentication key, wherein the device information of the handheld terminal is preferably a device number of the handheld terminal.
The information in the second key number set may include device information of the dynamic password lock (in practical applications, the device information of the dynamic password lock may be received from the dynamic password lock during the authentication process, or may be pre-set in the handheld terminal, preferably pre-set in the handheld terminal by the server), and a first random number randomly generated by the dynamic password lock, where the device information of the dynamic password lock is preferably a device number of the dynamic password lock. The first and second algorithms (including also all algorithms mentioned herein) may be the following algorithms, respectively: 3DES, SM1, SM2, SM4, SHA, AES, or other commonly used algorithms known to those skilled in the art, wherein the first algorithm and the second algorithm may be the same or different, and the term "the third algorithm corresponding to the first algorithm" may mean that the third algorithm is the same as the first algorithm, or may mean that the third algorithm is a correspondence relationship with the first algorithm that can determine a correspondence relationship between the first authentication sequence generated by the third algorithm and the third authentication sequence generated by the first algorithm. That is, for example, when the first authentication sequence is 1234, the third authentication sequence is also one of the special correspondences of the correspondence relationship of 1234, that is, all the same; when the third authentication sequence is 5678, there is a corresponding relationship between the first authentication sequence and the third authentication sequence, and it can be considered that each bit number of the third authentication sequence is equal to the number of each bit of the first authentication sequence plus 4, and of course, there may be other corresponding relationships, which are not described herein.
As shown in fig. 2, the authentication method according to an embodiment of the present invention, which may also be referred to as bidirectional authentication, that is, unlocking can be performed only after the PDA and the dynamic combination lock are consistent, and mainly includes (1) the PDA and the dynamic combination lock respectively generate authentication sequences through an authentication key AMK and a PAD number, and the authentication key AMK is used as a key, and the authentication sequences are relatively consistent; (2) the PDA and the dynamic password lock respectively generate authentication sequences by an authentication key AMK, an equipment number ID3 of the dynamic password lock and a random number RAND4 randomly generated by the dynamic password lock by taking the AMK as the key, and the authentication sequences are compared to be consistent.
Particularly comprises the following information interaction steps of the PDA and the dynamic coded lock, wherein,
a PDA side:
sending the PDA number (namely the device number of the PDA) and the authentication key AMK (namely the PDA number and the authentication key AMK correspond to the first key number set in the above) to the dynamic password lock;
based on the PDA number and the AMK, generating an authentication sequence PUSN (corresponding to the first authentication sequence) by using the AMK as a key through an appointed algorithm (corresponding to the first algorithm in the above);
dynamic password lock side:
receiving the PDA number and the AMK, and generating an authentication sequence RPUSN (corresponding to the third authentication sequence in the above) by using the AMK as a key through an agreed algorithm (corresponding to the third algorithm in the above) based on the PDA number and the AMK;
generating a random number RAND4 (i.e. the first random number above);
send RPUSN and RAND4 to the PDA;
a PDA side:
receiving RPUSN and RAND 4;
judging whether the PUSN is equal to the RPUSN, namely the authentication of the PDA side, if the PUSN is not equal to the RPUSN, the authentication fails;
if the PUSN is equal to RPUSN, that is, if the first authentication sequence corresponds to the third authentication sequence as described above, the authentication on the PDA side is successful, based on RAND4, ID3 (i.e., the device number of the dynamic password lock, ID3 is preset in the PDA by the server), and the AMK generates the authentication sequence RLUSN (i.e., corresponding to the second authentication sequence as described above) with the AMK as a key through a convention algorithm (i.e., corresponding to the second algorithm as described above);
sending the RLUSN to the dynamic password lock side;
dynamic password lock side:
generating an authentication sequence LUSN (corresponding to the fourth authentication sequence in the above) by using an agreed algorithm (corresponding to the second algorithm in the above) and AMK as a key based on the RAND4, the ID3 and the AMK;
receiving RLUSN;
judging whether the RLUSN is equal to the LUSN or not, if the RLUSN is not equal to the LUSN, the authentication of the dynamic password lock side fails;
the authentication of the dynamic cipher lock side is successful if RLUSN is equal to the LUSN, i.e. if the second authentication sequence corresponds to the fourth authentication sequence as described above.
Namely, the authentication on both sides is passed, the bidirectional authentication is successful, and at this time, the dynamic coded lock is opened. In addition, the dynamic coded lock can be set with a locking time limit, the locking time countdown is started when the dynamic coded lock is opened, and automatic locking or alarm notification is carried out when the dynamic coded lock is not closed within a specified time.
According to an embodiment of the present invention, there is provided an unlocking method for a dynamic combination lock, where the dynamic combination lock is used for a device, the device has device information for uniquely identifying the device, and the unlocking method includes:
step S1, pre-recording login information and equipment information of equipment, equipment information of a dynamic coded lock, an authentication key and a dynamic coded lock key in a server, setting a specified login mode (described in the following) of the handheld terminal according to the login information, and sending the login information, the authentication key and the dynamic coded lock key to the handheld terminal;
step S3, logging in the hand-held terminal according to the logging-in mode, activating the dynamic coded lock to make it in the unlocking state after logging in, the dynamic coded lock is in the state of being inoperable when the dynamic coded lock is flat, only after activating, the unlocking action can be carried out, after logging in the hand-held terminal, the dynamic coded lock can be activated wirelessly through radio frequency and other modes;
step S5, the hand-held terminal sends the login information and the dynamic coded lock key to the dynamic coded lock;
step S7, the dynamic password lock generates a first dynamic password through a fifth algorithm according to the dynamic password lock key, and sends login information and pre-stored equipment information of the equipment to a server;
and step S9, the server judges the consistency between the received login information and the device information of the device and the login information and the device information pre-recorded in the server, if the device information of the two devices is consistent, the device is judged to be a device needing to be started, and the handheld device is judged to be the authorized handheld device through the consistency of the login information. Under the condition that the two are consistent, generating a second dynamic password through a sixth algorithm corresponding to the fifth algorithm according to the dynamic password lock key, and sending the second dynamic password to the dynamic password lock;
and step S11, under the condition that the first dynamic password is consistent with the second dynamic password, the equipment information and the authentication key based on the dynamic password lock between the dynamic password lock and the handheld terminal are carried out by the authentication method in the above, and under the condition that the authentication is passed, the dynamic password lock realizes unlocking. The authentication method can be performed in a wireless manner, or the authentication can be performed under the condition of direct connection after the lock head is inserted into the dynamic coded lock under the condition that the handheld terminal has a physical unlocking head, and certainly, the information interaction between the dynamic coded lock and the handheld terminal related in the text can be performed on the basis of the lock head.
According to a preferred embodiment of the present invention, the step S1 in the unlocking method further includes: pre-recording a master key in a server, and sending the master key to the handheld terminal by the server; step S5 further includes: the handheld terminal sends the master key to the dynamic coded lock; and then, the information interaction between the dynamic coded lock and the handheld terminal is encrypted and transmitted based on the master key.
According to a preferred embodiment of the present invention, the unlocking method further comprises step 4 after step S3, after the dynamic password lock is activated, generating a working key; and then, the information interaction between the dynamic password lock and the server is encrypted and transmitted based on the working key, and preferably encrypted by an AES algorithm.
According to a preferred embodiment of the invention, the handheld terminal has identification functions such as password authentication, information button authentication or fingerprint authentication after login, login is performed through login information, and then password authentication, fingerprint authentication and/or information button authentication are performed through the identification information to perform login and unlocking operations. The login information comprises a code (preferably a name and a number) of a designated unlocking person and identification information thereof, wherein the code (preferably the name and the number, and also comprises a user name which is self-defined by other users and consists of letters, numbers, characters and the like), the identification information comprises password authentication, fingerprint authentication and/or information button authentication, and the login mode is set according to the login information and comprises the code (the name and/or the number) of the unlocking person as the user name, and then login is carried out according to the identification information. In addition, the handheld terminal can also be provided with a time module and a self-locking module, the login time is limited to be 5-30min after the information of the server is received, if the login does not occur after the time is exceeded, the handheld terminal is locked, and the operation can be activated again after 1-24 h. When the unlocking task is issued (whether the unlocking task indicates that the server transmits various information to the handheld terminal.
According to a preferred embodiment of the invention, information interaction between the dynamic coded lock and the server is carried out through an industrial personal computer, and the industrial personal computer is a device matched with equipment, so that the information interaction efficiency can be improved.
According to a preferred embodiment of the present invention, the unlocking method further comprises:
after the handheld terminal receives the login information, the authentication key and the dynamic password lock key, if the handheld terminal does not log in within first preset time, self-locking is carried out; the handheld terminal can not be used for logging in from self-locking to the second preset time, so that illegal use of the handheld terminal can be prevented.
According to a preferred embodiment of the present invention, the server has a key identifier therein, and generates various keys by the password generation host, and the server and the password generation host are connected by wired or wireless communication, and the generation method of the master key and the dynamic password lock key comprises the following steps:
step S01: the password generation host generates a master key through a seventh algorithm by taking the equipment information of the password generation host as a key based on the equipment information of the password generation host and a second random number input by an administrator;
step S02: the password generation host generates an authentication key by taking a master key as a key through an eighth algorithm based on the equipment information of the password generation host and a third random number input by an administrator, and loads the master key and the authentication key to a key identifier, wherein the key identifier is arranged at a client connected with a server network, an unlocking task is taken by the client, and the password generation host and the server can be connected in a USB (universal serial bus) interface or serial port mode;
step S05: and the key identifier generates a dynamic coded lock key by taking the master key as the key through a ninth algorithm based on the equipment information, the current time and the fourth random number, wherein the key identifier is connected with the server in a wired or wireless mode.
According to a preferred embodiment of the present invention, the unlocking method further includes, between the step S02 and the step S05:
step S03: the password generation host loads the master key and the authentication key into two blank first read-write cards and second read-write cards respectively and partially, so that the master key and the authentication key can be obtained only by the first read-write card and the second read-write card;
step S04: the master key and the authentication key are loaded to the key identifier by swiping a first read-write card and a second read-write card through the key identifier. According to a preferred embodiment of the present invention, the unlocking method further includes, after step S05:
step S06: the key recognizer loads the dynamic cipher lock key to a third read-write card and a fourth read-write card, so that the third read-write card and the fourth read-write card can acquire the dynamic cipher lock key;
step S07: the master key, the authentication key and the dynamic password lock key are recorded into the server through the first read-write card, the second read-write card, the third read-write card and the fourth read-write card, and the various keys generated by the password generation host are only transmitted to other devices (such as a dynamic password lock) through the server, so that the server does not store the various keys. In addition, in other cases, the handheld terminal can be directly authorized through the key identifier, namely, the authorization is completed by swiping Ukey A2 and Ukey B2 on the handheld terminal.
According to a preferred embodiment of the invention, information interaction between the server and the handheld terminal is carried out through the first communication module of the server and the first communication module of the handheld terminal;
the information interaction between the server and the dynamic coded lock is carried out through a second communication module of the server and a second communication module of the dynamic coded lock;
the information interaction between the dynamic coded lock and the handheld terminal is carried out through a first communication module of the dynamic coded lock and a second communication module of the handheld terminal.
According to a preferred embodiment of the present invention, step S7 in the unlocking method further includes: the dynamic coded lock sends the latest locking information to the server, wherein the latest locking information can comprise locking time and normal locking information, and can also comprise information such as locking personnel, equipment numbers of corresponding handheld terminals during locking and the like.
In practical application, the unlocking method of the present invention can be applied to an ATM device of a bank, and when a cash adding task is performed on the ATM, as shown in fig. 3, the method specifically includes the following steps:
step U1: the money adder A and the money adder B verify user information on the PDA, namely input user names and identification information such as symbol passwords like fingerprints or digital letters, and after verification is passed, the user information is sent to the dynamic password lock through short-distance wireless communication (which can be frequency communication);
step U2: the dynamic coded lock sends the received user information and the equipment information of equipment (ATM) to be opened to an industrial personal computer ATMC through a USB interface, wherein the equipment is connected with the industrial personal computer through a USB;
step U3: the ATMC sends data (user information and equipment information) to a background application server through a network for verification;
step U4: is the ATM device validated for the cash dispensing job, is the user validated?
Step U5: if the ATM equipment does not have the money adding task and/or the user is illegal, sending failure information to the dynamic coded lock through an ATM network in the bank;
step U6: the dynamic coded lock sends the failure information to the PDA in a wireless mode;
step U7: the PDA prompts the operation failure and displays the failure reason;
step U8: if the verification in the step U4 is passed, namely the ATM equipment has a money adding task and the user is legal, sending information of an unlocking dynamic password, a money box to be unloaded and a money box to be loaded to the dynamic password lock through the ATM network;
step U9: the dynamic password lock verifies whether the dynamic password is correct, and the verification process is detailed in steps S7-S11;
step U10: the dynamic password lock wirelessly transmits the correct information to the PDA;
step U11: PDA prompts to unlock;
step U12: the PDA is inserted into the dynamic coded lock, and the PDA is rotated to unlock after bidirectional authentication.
In addition, after the lockset is unlocked, the handheld terminal and the server can be informed through the communication module E and the communication module F respectively, and the lockset is unlocked.
In practical applications, the master key, the authentication key and the dynamic password lock key may be generated and stored based on the following method, as shown in fig. 4, which is a diagram of generating and storing the master key, the authentication key and the dynamic password lock key according to an embodiment of the present invention, wherein,
the password generation host comprises the following steps:
key injection, generating a master key MK with ID1 as a key by a commitment algorithm based on ID1 (the device number of the cryptographic generation host) and a random number RAND 1 (i.e., corresponding to the second random number above);
initializing, generating an authentication key AMK by using MK as a key through a convention algorithm (corresponding to the eighth algorithm) based on ID1 and the random number RAND 2 (i.e. corresponding to the third random number in the above text);
loading, namely, loading MK and AMK to UKey a1 (corresponding to the first read/write card in the text) and UKey B1 (corresponding to the second read/write card in the text), wherein the loading does not simply store MK and AMK separately to one read/write card, but for example, decomposes MK in a certain decomposition manner and stores it partially to UKey a1, and stores it partially to UKey B1, so that a merging manner corresponding to the decomposition manner can be preset in a subsequent device that needs to load the two passwords, and the situation that the password is stolen due to password loss caused by loss of one read/write card can be avoided.
The key identifier comprises the following steps:
authorized, namely, the key is authorized to be loaded to the key identifier through UKey A1 and UKey B1 (the password generation host authorizes the key identifier to be completed through flashing Ukey A1 and Ukey B1), so that the key identifier receives UKey A1 and UKey B1, and stores after identification;
initializing, generating a dynamic cipher lock key by a convention algorithm (corresponding to the ninth algorithm herein) with MK as a key based on ID2 (device number of key identifier), current time, random number RAND 3 (corresponding to the fourth random number herein);
loading, loading DMK to UKey a2 and UKey B2 in a similar way as MK and AMK;
authorization, MK, and AMK are sent through authorization of UKey a2 and UKey B2 (please change here, and fig. 4 which read-write cards are authorized, authorization of UKey a2 and UKey B2 can only send DMK).
According to an embodiment of the present invention, there is provided an unlocking system of a dynamic password lock, the dynamic password lock is used for a device, the unlocking system includes a server, a handheld terminal, and a password generation module and a communication module which are disposed on the dynamic password lock, wherein,
the server is configured to pre-input login information, equipment information of equipment, equipment information of the dynamic coded lock, an authentication key and a dynamic coded lock key, set a specified login mode of the handheld terminal according to the login information and send the login information, the authentication key and the dynamic coded lock key to the handheld terminal;
the handheld terminal is configured to log in according to a login mode and is configured to activate the dynamic coded lock to enable the dynamic coded lock to be in an unlocking state after logging in; and are
Sending the login information and the dynamic coded lock key to the dynamic coded lock;
the password generation module is configured to generate a first dynamic password through a fifth algorithm according to the dynamic password lock key, and the communication module is configured to send login information and pre-stored equipment information of the equipment to the server; and is
The server is further configured to perform consistency judgment on the received login information and the equipment information of the equipment and the login information prerecorded in the server and the equipment information of the equipment, and under the condition of consistency, the server is further configured to generate a second dynamic password through a sixth algorithm corresponding to the fifth algorithm according to the dynamic password lock key and send the second dynamic password to the dynamic password lock;
and under the condition that the first dynamic password is consistent with the second dynamic password, the dynamic password lock and the handheld terminal are further configured to pass the authentication method based on the authentication key, and under the condition that the authentication passes, the dynamic password lock is unlocked.
The connection mode of each device in the unlocking system according to an embodiment of the present invention is described below with reference to fig. 5, in which the handheld terminal may include a communication module C (corresponding to the third communication module in the text) and a communication module E (corresponding to the fifth communication module in the text), the server includes a communication module a (corresponding to the first communication module in the text) and a communication module B (corresponding to the second communication module in the text), the dynamic password lock includes a communication module D (corresponding to the fourth communication module in the text) and a communication module F (corresponding to the sixth communication module in the text), and the industrial personal computer includes a communication module H (corresponding to the seventh communication module in the text) and a communication module G (corresponding to the eighth communication module in the text).
The communication module C and the communication module A can communicate in a wired mode and/or a wireless mode; the communication module B and the communication module H can communicate in a wireless mode; the communication module G of the dynamic coded lock is provided with a USB interface and can be used for communicating with the communication module D through a USB; through carrying out communication connection between module F and the communication module E through wireless mode, handheld terminal PDA can also pass through short distance wireless communication mode with dynamic trick lock, can adopt current Zigbee, bluetooth or other special communication protocol.
The random numbers mentioned herein, e.g., RAND 1, RAND 2, RAND 3 and/or RAND4, can be determined on their own as needed, the more secure the more bits, the less than 6-bit numbers are recommended.
The dynamic coded lock has an alarm function, can receive error information when the bidirectional authentication of the dynamic coded lock and the PDA is wrong, and starts an alarm when the error information of the communication module of the dynamic coded lock is received for no more than 3 times.
After the server issues and authorizes the handheld terminal, and after step 7, the handheld terminal is informed of a new task in a short message form;
and 7, informing the handheld terminal in a short message form, wherein the short message is automatically sent out when the server performs a task.
The above embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and the scope of the present invention is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present invention, and such modifications and equivalents should also be considered as falling within the scope of the present invention.
Claims (12)
1. The unlocking method of the dynamic coded lock is characterized in that the unlocking method of the dynamic coded lock is based on an authentication method of the dynamic coded lock, a first algorithm and a second algorithm are preset in the dynamic coded lock, and the authentication method of the dynamic coded lock comprises the following steps:
setting a third algorithm corresponding to the first algorithm and a fourth algorithm corresponding to the second algorithm in a handheld terminal for unlocking the dynamic coded lock;
on the hand-held terminal side, the hand-held terminal generates a first authentication sequence by the third algorithm by using the first key number set of the hand-held terminal side, and generates a second authentication sequence by the fourth algorithm by using the second key number set received from the dynamic password lock;
on the dynamic password lock side, a fourth authentication sequence is generated by the second key set of the local side through the second algorithm, and a third authentication sequence is generated by the first key set received from the handheld terminal through the first algorithm;
performing a corresponding step, and if the first authentication sequence corresponds to the third authentication sequence and the second authentication sequence corresponds to the fourth authentication sequence, passing the authentication;
the unlocking method of the dynamic coded lock comprises the following steps:
step S1, pre-recording login information, equipment information of the equipment, equipment information of a dynamic coded lock, an authentication key and a dynamic coded lock key in a server, setting a login mode of a specified handheld terminal according to the login information, and sending the login information, the authentication key and the dynamic coded lock key to the handheld terminal;
step S3, logging in the hand-held terminal according to the logging-in mode, and activating the dynamic coded lock to enable the dynamic coded lock to be in an unlocking state after logging in;
step S5, the hand-held terminal sends the login information and the dynamic coded lock key to the dynamic coded lock;
step S7, the dynamic password lock generates a first dynamic password through a fifth algorithm according to the dynamic password lock key, and sends the login information and the pre-stored equipment information of the equipment to the server;
step S9, the server respectively carries out consistency judgment on the received login information and the equipment information of the equipment and the login information and the equipment information of the equipment which are pre-recorded in the server, and under the condition of consistency, a second dynamic password is generated through a sixth algorithm corresponding to the fifth algorithm according to the dynamic password lock key and is sent to the dynamic password lock;
and step S11, under the condition that the first dynamic password is consistent with the second dynamic password, the authentication between the dynamic password lock and the handheld terminal is carried out through the authentication method of the dynamic password lock based on the equipment information of the dynamic password lock and the authentication key, and under the condition that the authentication is passed, the unlocking of the dynamic password lock is realized.
2. The unlocking method according to claim 1, wherein step S1 further includes: pre-recording a master key in the server, and sending the master key to the handheld terminal by the server;
step S5 further includes: the handheld terminal sends the master key to the dynamic coded lock;
and then, the information interaction between the dynamic coded lock and the handheld terminal is encrypted and transmitted based on the master key.
3. The unlocking method according to claim 1, further comprising a step 4 after the step S3, wherein the dynamic combination lock generates a work key after being activated;
and then, the information interaction between the dynamic coded lock and the server is encrypted and transmitted based on the working key.
4. The unlocking method according to claim 1, wherein the login information includes a code of a designated unlocking person and identification information thereof, the identification information including password authentication, fingerprint authentication and/or information button authentication.
5. The unlocking method according to claim 1, wherein information interaction between the dynamic coded lock and the server is performed through an industrial personal computer.
6. The unlocking method according to claim 1, further comprising:
after the handheld terminal receives the login information, the authentication key and the dynamic password lock key, if the handheld terminal does not log in within first preset time, self-locking is carried out; and the handheld terminal cannot be used for logging in from self-locking to a second preset time period.
7. The unlocking method according to claim 2, wherein the generation method of the master key and the dynamic combination lock key includes the steps of:
step S01: the password generation host generates the master key through a seventh algorithm by taking the equipment information of the password generation host as a key based on the equipment information and a second random number;
step S02: the password generation host generates the authentication key through an eighth algorithm by taking the master key as a key based on the equipment information and a third random number of the password generation host, and loads the master key and the authentication key to a key identifier;
step S05: and the key identifier generates the dynamic coded lock key by taking the master key as a key through a ninth algorithm based on the equipment information, the current time and a fourth random number.
8. The unlocking method according to claim 7, wherein between the step S02 and the step S05 further includes:
step S03: the password generation host loads the master key and the authentication key to a first read-write card and a second read-write card respectively and partially, so that the master key and the authentication key can be acquired only by the first read-write card and the second read-write card;
step S04: loading the master key and the authentication key to the key identifier by swiping the first read-write card and the second read-write card through the key identifier.
9. The unlocking method according to claim 8, further comprising, after step S05:
step S06: the key recognizer loads the dynamic password lock key to a third read-write card and a fourth read-write card, so that the third read-write card and the fourth read-write card are simultaneously provided to obtain the dynamic password lock key;
step S07: and the master key, the authentication key and the dynamic password lock key are recorded into the server through the first read-write card, the second read-write card, the third read-write card and the fourth read-write card.
10. The unlocking method of claim 1, wherein the information interaction between the server and the handheld terminal is performed through a first communication module of the server and a first communication module of the handheld terminal;
the information interaction between the server and the dynamic coded lock is carried out through a second communication module of the server and a second communication module of the dynamic coded lock;
and the information interaction between the dynamic coded lock and the handheld terminal is carried out through a first communication module of the dynamic coded lock and a second communication module of the handheld terminal.
11. The unlocking method according to claim 1, wherein the step S7 further includes: and the dynamic coded lock sends the latest locking information to the server, wherein the latest locking information comprises locking time and normal locking information.
12. An unlocking system of a dynamic coded lock, the dynamic coded lock is used on equipment, and is characterized in that the unlocking system comprises a server, a handheld terminal, a code generation module and a communication module which are arranged on the dynamic coded lock, wherein,
the server is configured to pre-input login information, equipment information of the equipment, equipment information of the dynamic password lock, an authentication key and a dynamic password lock key, set a specified login mode of the handheld terminal according to the login information and send the login information, the authentication key and the dynamic password lock key to the handheld terminal;
the handheld terminal is configured to log in according to the login mode, and is configured to activate the dynamic coded lock after logging in so that the dynamic coded lock can be in an unlocking state, and the login information and the dynamic coded lock key are sent to the dynamic coded lock;
the password generation module is configured to generate a first dynamic password through a fifth algorithm according to the dynamic password lock key, and the communication module is configured to send the login information and pre-stored equipment information of the equipment to the server; and is
The server is further configured to perform consistency judgment on the received login information and equipment information of the equipment and the login information prerecorded in the server and the equipment information of the equipment, and in the case of consistency, the server is further configured to generate a second dynamic password according to the dynamic password lock key through a sixth algorithm corresponding to the fifth algorithm and send the second dynamic password to the dynamic password lock;
in case the first dynamic password and the second dynamic password are identical, the dynamic password lock and the handheld terminal are further configured to perform authentication by the authentication method according to claim 1 based on the authentication key, and in case of passing authentication, the dynamic password lock is unlocked.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410714971.2A CN105635089B (en) | 2014-11-28 | 2014-11-28 | Authentication method, unlocking method and unlocking system of dynamic coded lock |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410714971.2A CN105635089B (en) | 2014-11-28 | 2014-11-28 | Authentication method, unlocking method and unlocking system of dynamic coded lock |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105635089A CN105635089A (en) | 2016-06-01 |
| CN105635089B true CN105635089B (en) | 2020-10-09 |
Family
ID=56049585
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410714971.2A Active CN105635089B (en) | 2014-11-28 | 2014-11-28 | Authentication method, unlocking method and unlocking system of dynamic coded lock |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105635089B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106780880B (en) * | 2016-12-12 | 2019-04-12 | 国网北京市电力公司 | Method for generating cipher code, device and smart lock |
| CN106920306B (en) * | 2017-03-01 | 2019-05-17 | 优客逸家(成都)信息科技有限公司 | Intelligent door card encryption system |
| CN108055235B (en) * | 2017-11-01 | 2020-09-18 | 华中科技大学 | Control method of intelligent lock, related equipment and system |
| CN107989514A (en) * | 2018-01-02 | 2018-05-04 | 宁波耀龙软件科技有限公司 | There is the safety box of dynamic password |
| CN109743159A (en) * | 2018-01-09 | 2019-05-10 | 詹贯峰 | A kind of inter-authentication method for realizing authentication with authorization using bidirectional dynamic password |
| CN110415414B (en) * | 2019-07-31 | 2021-09-21 | 中国工商银行股份有限公司 | Unlocking method and device of dynamic coded lock based on two-party authentication |
| CN112564894A (en) * | 2020-11-11 | 2021-03-26 | 杭州浙程科技有限公司 | Method for unlocking passive lock by intelligent key dynamic secret key |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009052548A1 (en) * | 2007-10-22 | 2009-04-30 | Microlatch Pty Ltd | A transmitter for transmitting a secure access signal |
| CN103903319A (en) * | 2014-02-10 | 2014-07-02 | 袁磊 | Electronic lock system based on internet dynamic authorization |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6853739B2 (en) * | 2002-05-15 | 2005-02-08 | Bio Com, Llc | Identity verification system |
| CN100518056C (en) * | 2004-11-02 | 2009-07-22 | 华为技术有限公司 | Method for producing user card authentication random number of network apparatus and authentication method |
| CN101163326A (en) * | 2006-10-12 | 2008-04-16 | 华为技术有限公司 | Method, system and mobile terminal of preventing playback attack |
| CN103530924B (en) * | 2013-10-25 | 2016-06-01 | 北京金储自动化技术有限公司 | A kind of dynamic puzzle-lock system for Possum network management and method |
-
2014
- 2014-11-28 CN CN201410714971.2A patent/CN105635089B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009052548A1 (en) * | 2007-10-22 | 2009-04-30 | Microlatch Pty Ltd | A transmitter for transmitting a secure access signal |
| CN103903319A (en) * | 2014-02-10 | 2014-07-02 | 袁磊 | Electronic lock system based on internet dynamic authorization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105635089A (en) | 2016-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105635089B (en) | Authentication method, unlocking method and unlocking system of dynamic coded lock | |
| CN111884806B (en) | System and hardware authentication token for authenticating a user or securing interactions | |
| CN101742499B (en) | Account number protection system for mobile communication equipment terminal and application method thereof | |
| EP2743868A1 (en) | Virtual vehicle key | |
| CN109088849B (en) | Method and device for authenticating a user on a vehicle | |
| CN100533459C (en) | Data safety reading method and safety storage apparatus thereof | |
| CN107771383A (en) | At least two authenticating devices are mapped to the method for user account using certificate server | |
| JP6911122B2 (en) | Permission method and system to acquire terminal attack warning message log | |
| JPH11265432A (en) | Personal identification fob | |
| CN102800141A (en) | Entrance guard controlling method and system based on bidirectional authentication | |
| KR20040033285A (en) | Security system | |
| WO2013188599A4 (en) | Securely communicating between a card reader and a mobile device | |
| CN105005862A (en) | Internet dynamic password unlocking management system | |
| CN106912046B (en) | One-way key fob and vehicle pairing | |
| JP2019511791A (en) | Data security system with encryption | |
| CN109035519B (en) | Biological feature recognition device and method | |
| CN104333544A (en) | Encryption method for data file based on mobile terminal | |
| CN106789024A (en) | A kind of remote de-locking method, device and system | |
| CN104820805A (en) | Method and device for burglary prevention of user identity identification card information | |
| US20150026783A1 (en) | Wireless authentication system and wireless authentication method | |
| CN112039665A (en) | Key management method and device | |
| CN115150180A (en) | Storage device management method, storage device, management device, and storage medium | |
| CN114758433A (en) | Cloud-based dynamic password generation method and system and intelligent lock | |
| WO2001020463B1 (en) | Security arrangement | |
| CN104363093A (en) | Method for encrypting file data by dynamic authorization code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |