CN107221061A - A kind of cipher management method of smart lock - Google Patents

A kind of cipher management method of smart lock Download PDF

Info

Publication number
CN107221061A
CN107221061A CN201710455739.5A CN201710455739A CN107221061A CN 107221061 A CN107221061 A CN 107221061A CN 201710455739 A CN201710455739 A CN 201710455739A CN 107221061 A CN107221061 A CN 107221061A
Authority
CN
China
Prior art keywords
password
time
server
information
smart lock
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710455739.5A
Other languages
Chinese (zh)
Inventor
余绵梓
温志明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shake Intelligent Technology Co Ltd
Original Assignee
Beijing Shake Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shake Intelligent Technology Co Ltd filed Critical Beijing Shake Intelligent Technology Co Ltd
Priority to CN201710455739.5A priority Critical patent/CN107221061A/en
Publication of CN107221061A publication Critical patent/CN107221061A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0645Rental transactions; Leasing transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • G07C2009/00238Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed
    • G07C2009/00253Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed dynamically, e.g. variable code - rolling code

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of cipher management method, the password is generated by seed and time reference by the computing of password generating algorithm, the effective period of time of each password of server record, the cipher management method includes password authentification step, the password authentification step includes judging in effective period of time, if the smart lock has locally contained Cryptosync information, judge input password whether in effective period of time according to the effective time segment information of Cryptosync information;If smart lock does not contain Cryptosync information locally, judge input password whether in effective period of time according to prior treaty rule.The cipher management method of the present invention, on the one hand, smart lock has been broken away to be depended on unduly to network;Other side server can not directly Modify password or set password.Solve potential safety hazard so that Password Management is safe and reliable, using flexible, and reduces the dependence to wireless network.

Description

A kind of cipher management method of smart lock
Technical field
The present invention is directly related to a kind of cipher management method, and more particularly to a kind of safe and reliable, management facilitates, uses spirit It is living, reduce the smart lock cipher management method relied on wireless network.
Background technology
Existing smart lock Password Management mode mainly has following several:
First, the preset password directly in lock, this is mode the most frequently used during conventional cipher is locked, i.e., if it is desired to the password of coded lock Be arranged to " 1234 ", then be accomplished by advance presetting into coded lock password " 1234 " by certain mode, it is normal in use, User inputs " 1234 ", the password that coded lock once matches input and the password prestored, then it represents that cryptographic acess success.
This mode is most simple, but uses limitation also maximum, and each Modify password is required for repairing beside coded lock Change, limit the physical location that password sets people so that inconvenient for use in many scenes, such as, in short rent field, if landlord Keep password constant, it is necessary to password be told the client of the another ripple of a ripple, it is clear that potential safety hazard occurs;The other inhabitation phase arrives Phase, if lessee can also be also unreasonable with original cryptographic acess room.If landlord is each lessee's assignment of password, it is Original code is failed upon expiration, it is necessary to which landlord will go to set new password by coded lock every time, this time cost and Transportation cost is very high for landlord, therefore convenience is excessively poor.
2nd, password is set by Server remote, this is the mode that current internet smart lock is taken extensively.Work as donor (smart lock keeper, landlord, or leasing company) needs to send password to lessee, and basic procedure is as shown in figure 1, as follows Realize:
During distributing passwords:
A.) during donor's distributing passwords, by client or app, Cloud Server is told, password is set to which smart lock;
B.) Cloud Server sets password by home router/home gateway to smart lock;
C.) simultaneously, this password by short message or app can be sent to licensee (such as lessee) by donor;
D. when) licensee goes to open the door, the password that smart lock can transmit above-mentioned two different approaches is matched, correspondence Upper this password of explanation is legal.
There is following defect in this mode:Defect one, this mode is very simple, directly perceived, but is cloud clothes the problem of bring Business device can be set and Modify password directly to smart lock, once by hacker attacks, or by insider malicious operation, all Smart lock is arranged to unified password, such as the password of all locks in a cell or system is all provided with being set to 1234, and that will Cause systematic risk.Defect two, if during distributing passwords, once home gateway or home router failure, Or wireless network signal poor quality, the password undelivered in password approach 1 is may result in, so as to cause the password distributed away It can not open the door, tenant is locked out.
The reasons for the above problems are:First, it is necessary to the participation of home gateway in the transmission process of password, therefore family Front yard gateway will necessarily influence function, authorization failure can cause licensee once breaking down or wireless network failure Lock out;Second, server not only controls substantial amounts of smart lock, password can also be set directly to lock, there is systemic peace Full hidden danger.
3rd, the offline cryptogram independent of network, it is according to internal algorithm, and synchronous parameter calculates associated secret code, but Still have three defects, present most of offline cryptogram all either with or without solving this defect, first, the password sent without Method is cancelled;Second, the effective period of time of password is dumb, such as it can only just support several days or more than ten days, if effective period of time It is elongated, it is necessary to which that the digit of password is elongated, but password digit is oversize, and such as more than 10, user is with regard to not convenient.Third, password Once after distributing away, it is impossible to change the effective period of time of this password.If user needs to re-rent, password can be caused more Change, can be made troubles to user.
Therefore, for the above-mentioned many disadvantages of prior art, it is necessary to which prior art is improved.
The content of the invention
The invention provides a kind of cipher management method, it can overcome drawbacks described above present in prior art, fusion Offline and online advantage, safe and reliable, management is convenient, using neatly carrying out Password Management.
To realize the purpose of the present invention, the technical solution adopted by the present invention is:A kind of cipher management method, the password by Seed and time reference are generated by the computing of password generating algorithm, and at least two backups of the seed, one of seed is standby Part is stored in intelligent lock end, and the backup of another seed is stored in server or client;Or another seed backup part Server, part is stored in preserve on the client;The time reference includes:In the very first time benchmark of intelligent lock end, and In server or the second time reference of client;Clock corresponding with the very first time benchmark and with the second time base Accurate corresponding clock, which is in due course, to be synchronized;The password generating algorithm includes two backups, one of password life The intelligent lock end is operated in into algorithm backup, the backup of another password generating algorithm operates in server or client, or Another password generating algorithm backup unit point of person operates in server, partly operates in client;The server record is each The effective period of time of password, the cipher management method includes:Password authentification step:When the password authentification step includes effective Between judge in section, if the smart lock has locally contained Cryptosync information, according to Cryptosync information it is effective when Between segment information judge input password whether in effective period of time;If smart lock does not contain Cryptosync information, root locally Judge input password whether in effective period of time according to prior treaty rule.
Preferably, the password authentification step also includes matching judgement, if intelligent lock end contains Cryptosync information, Base when the intelligent lock end determines password authentification according to Password Input moment and treaty rule, or determined according to Cryptosync information Base during password authentification, the local password of intelligent lock end is calculated by the seed and password generating algorithm of the intelligent lock end, and The local password and the input password of the intelligent lock end are checked, both are identical to think that the match is successful;If intelligence Lock end does not contain Cryptosync information, then the smart lock determines that password is tested according to the Password Input moment with prior treaty rule Base during card, the local password of intelligent lock end is calculated by the seed and password generating algorithm of the intelligent lock end, and will be described Local password and the input password of intelligent lock end are checked, and both are identical to think that the match is successful.
Preferably, if the input password of intelligent lock end is consistent with the local password matching of intelligent lock end, and defined In effective period of time, then it is assumed that input password is legal, otherwise it is assumed that input password is illegal.
Preferably, the input password includes cipher component row information, cipher component row information described in server record.
Preferably, when the intelligent lock end and the server, which are obtained, to be connected, the smart lock is Cryptosync information It is local from server sync to the smart lock.
Preferably, to enter row clock in the following manner with the server synchronous for the smart lock:The smart lock is in note During volume, the server is connected to by wireless network by app or direct and synchronized;Or the smart lock periodically passes through Wireless network is connected to server and synchronized;Or the smart lock is selected a good opportunity by wireless network after input password is by checking Network is connected to server and synchronized.
Preferably, each cipher component row number is furnished with several Codon sequences number.
Preferably, the cancellation of the password by the client, app or can go to cancel at the intelligent lock end.
Preferably, it is allowed to which the effective time segment information of the password is changed.
Cipher management method of the present invention has merged offline and online advantage, broken away from smart lock to network it is excessive according to Rely, compared with the prior art, following technological deficiency is solved well:
1.) when password is distributed, in the case where lock does not network network, success can also be sent, will not be because of wireless in lock ring border The problem of network, causes tenant to lock out.
2.) server can not set password, Modify password directly to lock, prevent potential safety hazard, because server controls Substantial amounts of lock, if server can set password or Modify password directly to lock, once by hacker attacks, or insider malice Operation, systematic potential safety hazard is serious.
3.) solve pure offline cryptogram and there are problems that three:A. certain password) is cancelled in advance in cryptographic validity Authority is cumbersome, it is necessary to which donor goes lock seaming to operate, and programming is also extremely complex.B.) Modify password effective time Duan Feichang is bothered, such as certain user was rented after one month, continued to re-rent, and changes the period of validity of original code, and pure is offline Password can not be realized.C.) general Password Length (4 or 6) can not support long period, the password of higher time precision to award Power, such as will reach 2 years mandate time, precision to hour rank, it is easy to more than more than 10, largely effect on customer experience.
Achieve significant progressive and prominent technique effect:On the one hand, smart lock has been broken away from depends on unduly to network, So that smart lock can also realize that password is distributed in the environment without network, and after networking, password can ensured not again In the case of change, can any Change Password effective period of time, other side server directly Modify password or can not set Password is put, but can be with the effective period of time of administrator password, or directly cancel password, solve potential safety hazard so that password pipe Reason is safe and reliable, using flexible, and reduction is to the dependence of wireless network.
Brief description of the drawings
Fig. 1 shows Password Management mode system framework figure of the prior art.
Fig. 2 shows that the when base in cipher management method of the present invention illustrates schematic diagram.
Fig. 3 shows Password Management mode system framework schematic diagram of the present invention.
Fig. 4 shows the input password authentification schematic flow sheet in cipher management method of the present invention.
The explanation of reference:Base when base, 3-password authentification when 1-password sends time, the generation of 2-password, 4-it is same Password effective period of time, 6-password input time after password effective period of time, 5-synchronization before step.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with accompanying drawing to the present invention Embodiment be described in detail.It should be noted that in the case where not conflicting, in the embodiment and embodiment in the present invention Feature can mutually be combined.
Clearly describing and readily appreciating for subsequent technology scheme, the explanation for the relevant technical terms used in embodiment Illustrate and agree as follows:
Donor:It possesses an account, smart lock is registered into intelligent lock administration system by this account, usually landlord, Or householder or artificial person's (being such as a leasing company) possess this account.Intelligent lock administration system at least includes (client refers to that operating in computer or smart mobile phone or a set of of other intelligent terminal answers for server, smart lock and client With program, typical ratio is if any client software on app, pc machine of smart mobile phone etc.).By registration, this account and intelligence It can lock and be bound, so-called binding can be to server application on the close of this smart lock after referring to this account binding smart lock Code service.It should be noted that donor above-mentioned power can be distributed to other people (be referred to as sub- donor) so that son is awarded Weighing people also can be to cryptographic service of the server application on this smart lock, and donor is according to circumstances, it may be necessary to sub- mandate People some is used to generate the key message of password (in the case where the part or all of information of seed is not put on the server). In this patent, donor is consistent with the role that sub- donor is served as, and it differs only in donor and obtains the authority authorized With information obtained in registration, and sub- donor, which obtains the authority authorized and information, to be obtained by the licensing process of donor , do not further discriminate between in the present invention, referred to as donor.
Password sends the time:Refer to that donor sends the time of password by client to licensee.Due to electronics key Spoon needs certain processing step and time course unlike traditional Physical key when key is generated, substantially at once Generation, thus it is consistent to think that password generation time and password send the time in the present invention, or it is very close.This Outside, it is not further to be distinguished, also because if do not sent after password generation in practical application, artificially deliberately The two differentiated time points that are divided into be no intrinsic value (not only without intrinsic value, in addition it is also necessary to which password is corresponding Store, therefore can also introduce extra hidden danger, therefore regeneration is more reasonable when sending password), therefore, if being Generation password time parameter have to be introduced in system, such as intentional setting code generation time and password, which send the time, a determination Relation, then be also understood in the protection domain that this specially invents.
Base during password:Base and base during password authentification when base is generated comprising password during password.
Base refers to time reference information of the password in generation when password is generated;Base is that smart lock is detected during password authentification During Password Input, when carrying out password authentification, the time reference information used.Password authentification timing information is substantially by password Send time decision.But base may have multiple according to actual needs during password authentification, such as arrange password only in working as receiving Before it or the 12 noon of second day effectively, then the when base on the day of base can attempt input time during password authentification, it is or preceding The when base of one day, any one when base match can (detailed process be referring to embodiment).
Password input time:Refer to that user actually enters the time of password, with certain randomness.
Password effective time:Including the effective period of time before synchronization and the effective period of time after synchronization.Donor is true Effective period of time of the password effective period of time of sincere hope typically and after synchronization is consistent, the effective period of time before synchronization Usual time span is limited, limited precision, such as agreement must receive password on the day of or the next morning input just have Effect.
On the time shaft shown in Fig. 2, base when illustrating base 2 when password sends time 1, password generation, password authentification 3rd, the effective period of time 4 before synchronization, the effective period of time 5 after synchronization and the mutual correspondence between password input time 6 are closed System.
The lock in time of Cryptosync information:After referring to that password is sent, smart lock is once and on server communication, and server is this The relevant information of password(Effective period of time, cipher component row number and the Codon sequences number of such as password, it might even be possible to which password is in itself Deng) it is synchronized to the time of intelligent lock end.
Cryptosync information:Cryptosync information comprises at least the effective time segment information corresponding to this password, generally also Can comprising cipher component row number or password in itself, Codon sequences number and password send the time, it might even be possible to include code book Body.
Cipher component row number:If referring to one smart lock needs while supporting multiple such passwords, when generating password, This sequence number can be embedded in password, during input password, intelligent lock end can extract corresponding cipher component row number from password.
Codon sequences number:Several Codon sequences number are set to be associated with correspondence for each cipher component row number.
Base during on password:
Shi Ji (time reference) is that timing information is included in the key concept in the present invention, encrypted message, is used during generation password When base with passwords when use when base must be consistent, password is only possible to match, the two when base be referred to as it is close Base during code generation, and base during password authentification.
Base is a virtual concept during password, and the method for base is many when determining, core concept is passed by certain mechanism A temporal information is passed, and is transmitted by appointing rule in advance, or by server, it is ensured that when both sides can obtain same Base.
1.) such as both sides arrange, and password is only on the day of transmission password or before second day 12 noon, and password just may be used It can match.The when base of so transmitting terminal can be (the time at transmission password moment 0 second time 0 point 0 minute on the day of sending password Stamp, in seconds, on the basis of 0 second January 1 day 0 point 0 minute in 1970), and if password is exactly on the day of or second day defeated Enter, then receiving terminal according to password input time, can obtain the same day or the previous day 0 point 0 second 0 minute as when base, the two When base when necessarily having one the when base of base and transmitting terminal match.It should be noted that when base can flexibly set, such as On the basis of when can not be by 1 day 0 January in 1970, and during by 1 day 0 January in 2000 on the basis of.
2.) mode of base is not by means of network, if by network, server and intelligence when above-mentioned acquisition is identical After lock connection is upper, directly the transmission time of password, or even the when base used during password generation can be written directly in lock, so Lock just can produce local password with base during simpler acquisition password authentification, so as to further match checking with the password of input.
When offline base mechanism represent can only using it is above-mentioned 1.) in similar mechanism, when base transmission rely only on rule, And Password Input moment and password produce the restriction relation at moment.
Online cipher mechanism is represented except that can directly can also be passed over in addition to above-mentioned offline mechanism from server Base when password authentification is directly or indirectly obtained in Cryptosync information.
In the present invention, offline mechanism and line mechanism are merged well, to have broken away from smart lock to network Depend on unduly.
On seed:
Donor, which obtains seed, generally two ways:
First, being obtained by registering or binding, when registration or binding, decided through consultation by client, server and some sides of smart lock Seed, at least two backups of seed, a seed, which is placed on, to be locked, and another seed is either on the server or in client End, or part is on the server, part is on the client.The donor for obtaining mandate qualification in registration process is referred to as root and awarded Weigh people.
Second, root donor makes sub- donor to be sent to server application by being authorized to other sub- donors Cryptographic service.It is substantially similar because this two class authorities people is when obtaining seed and authorizing qualification in addition to difference, therefore just Do not do and illustrate respectively, donor is referred to as in the present embodiment.
Seed is placed on client, or server end, and difference substantially will not be brought in whole Password Management mechanism, Difference is only whether to need to transmit all or part of seed information before generation password, in the present embodiment with seed in client Explanation exemplified by end.
On algorithm:
The algorithm of generation password can also be disposed on the server, or in client, or partial deployment is on the server, portions On the client, embodiments thereof does not have essential distinction for administration, if algorithm partial deployment on the server, partial deployment is in visitor On the end of family, then password generation process need simultaneously by server and client side processing, and accordingly increase several times communication and Transmitting procedure, in the present embodiment by algorithm deployment on the server exemplified by explanation.
The present embodiment arranges seed in client, algorithm scene on the server to explain, and other situations can be with class Push away, do not do describing one by one.
The system framework of Password Management is illustrated referring to Fig. 3, specific work process is as follows:
Step 1: donor is when installing smart lock, and smart lock determines seed (seed is the term inside cryptography) jointly, At least two backups of seed, a seed backup is on smart lock, the client that the backup of another seed is used in donor; Generating the algorithm of password includes two backups, and an algorithm backup operates in intelligent lock end, and the backup of another algorithm operates in clothes It is engaged on device.
Step 2: when donor needs to authorize, the calculation on its seed information and time reference Information Pull server Method is calculated, and generates the input password to be used in intelligent lock end.
Step 3: the input password is informed licensee by donor by short message or app.
Step 4: licensee goes intelligence lock seaming to use input password.
Step 5: intelligent lock end is according to local cryptographic algorithm (this algorithm is consistent with the algorithm on Cloud Server), seed The local password of intelligent lock end is calculated with time reference, if this input password is consistent with local password, it is believed that password match Success.
Step 6: after this input password match success, smart lock is attempted to connect with server, this synchronous input password Cryptosync information(Including effective period of time information etc.)If the password of input is unlocked in effective period of time.
Each key link in this implementation row is further explained:
1st, the generation of password
(1)Intelligent lock cipher itself comprises at least two aspect information, seed information(iSeed), timing information(iTime).These Information obtains a value by some special function computings, and described value need to do further subsequent treatment as needed, obtain most Whole intelligent lock cipher, some special functions are usually some specific functions in cryptography, such as MD5, SHA-1, SHA-3 etc., the present embodiment selects SHA-1 ()
Wherein:
A.) seed information iSeed source can very flexibly, can be from random number, the ID of lock, the ID of user, user cipher, lock Times of registration sequence number, or other any decide through consultation arbitrarily select some information in value, directly using or use its derivation information.
B.) timing information iTime can be the current time for generating password, or according to treaty rule and generation password Obtained derivative time time, such as authorize effective period of time to be the year two thousand twenty January 1, this time can be the year two thousand twenty January 1 day or the year two thousand twenty January 10 (being than late 9 days of the time of generation password equivalent to treaty rule), as long as lock end password That arranges when being generated during checking with password is regular consistent, and same determination can be obtained from known information and treaty rule Value.
C.) sequence number information iSeq, if system supports multiple such passwords, this sequence number is essential, if being System only supports such password, is which password without repartitioning, this sequence number can be saved.Intelligent lock end is received after password, is led to The numerical value for crossing received password extracts sequence number information, passes through this sequence number information and server docking and this synchronous password Encrypted message.
(2)Subsequence information iSubSeq can also be added when producing password, sequence number information iSubSeq's adds Entering can make cryptographic function more powerful, can preferably support password to cancel function.
Here,
A.) each sequence number information iSeq several subsequence information iSubSeq of correspondence, such as be assumed to be each sequence number If 10 sub- sequence number information iSubSeq of information iSeq correspondence distribution, the rolling of 0-9 10 Arabic numerals can be used Dynamic information, it is sequence number iSeq which attached password to represent this password, and it, which acts on mainly coordinating, cancels password work( New password and can be distributed for some cipher component row number.
B.) embodiment is:If smart lock receives iSubSeq (iSubSeq_I) value than the preservation in lock The difference of iSubSeq (iSubSeq_L) value is less than N (iSubSeq_I- iSubSeq_L_<N, the present embodiment N are 5, it is noted that If iSubSeq_I- iSubSeq_L are negative, first Jia 10 and compare again, such as iSubSeq_I=1, iSubSeq_L=8, ISubSeq_I- iSubSeq_L=- 7, then first Jia 10=3 before comparison, as a result less than 5), then illustrating received password It may be valid password.If on the contrary, smart lock receives iSubSeq (iSubSeq_I) value than the preservation in lock The difference of iSubSeq (iSubSeq_L) value is less than M (0<iSubSeq_L- iSubSeq_I_<M, the present embodiment M are 4, note Meaning, if iSubSeq_L- iSubSeq_I are negative, first Jia 10 compares (with reference to above way, be not repeated) again, such as ISubSeq_I=7, iSubSeq_L=8, iSubSeq_L- iSubSeq_I=1, as a result less than 4 but more than 0, represents this password very It is probably the password being cancelled, depending on this password useless), then illustrate that the password received may be close for what is be cancelled Code.M, N value can sets itselfs as needed, it is however generally that M+N<ISubSeq total amount, come distinguish valid password and by The password of cancellation.The present embodiment is that can flexibly be set according to this principle in example explanation, practical application.
(3)Seed information iSeed, sequence number iSeq, subsequence iSubSeq and cryptographic algorithm can portions as needed Administration on a client or server, is generated after password, it is also possible to be sent to licensee by server, or client.
2nd, after generation password, server can need to note down the corresponding some encrypted messages of the password according to application, such as:It is close Base when code, the transmission time of cipher component row number, Codon sequences number, the effective period of time of password, password, password authentification, even Password is in itself etc..
3rd, Password Input:Input after password, carry out password authentification, password authentification is divided into two sub-steps, and checking password is Whether no matching, and checking input password are located in effective period of time.
Fig. 4 illustrates the idiographic flow of password authentification:
(1)Password match
A.) intelligent lock end recovers A (iSeq), B (iSubSeq) according to the password of input.
B.) with it is online when base computing mechanism or it is offline when base mechanism calculate the local XYZW of lock, and with the password of input Match somebody with somebody, if the match is successful for consistent explanation.
C. iSubSeq_L and iSubSeq_I relation) is verified, as it was previously stated, confirming whether inputted password is to be taken The failure password disappeared, if the verification passes, then updates iSubSeq_L=iSubSeq_I, is otherwise considered as failure password.
(2)Password effective period of time is verified
If smart lock has locally contained Cryptosync information, judge this input password whether in effective period of time according to According to the effective time segment information from Cryptosync information;If smart lock does not contain Cryptosync information locally, judge Whether the basis source in effective period of time is in prior rule agreement for this password.
On illustrating that password effective period of time is verified:
If lock locally contained Cryptosync information, judge this password whether the basis source in effective period of time in The effective time segment information of Cryptosync information, such as the effective time segment information of Cryptosync information is from June 1st, 2015 12 noon is to 6 pm on May 30th, 2016;If lock does not locally contain Cryptosync information, whether this password is judged Basis source in effective period of time is in prior rule agreement, such as password was sent at 15 points at noon on June 1st, 2015 , then if agreement be password must be on the day of or the morning input of second day, the effective period of time of password is defaulted as June 2 15 points to 2015 of noon on June 1st, 2015 12 noon.
One real case of password generation:
A.) SHA-1 () input parameter is:
iSeq:Cipher component row number, valid value range is 0-9
iSubSeq:The current corresponding Codon sequences number of the subsequence number, valid value range is 0-9
iSeed:Length is the character array of 64 characters, and the present embodiment is directly using lock ID
iRegNum:This times of registration of lock in systems is represented, registration every time can Jia one automatically, unsigned int data, 4 Byte, the present embodiment is not added to this parameter information in seed, but directly to generate encrypted message, to illustrate life Into the flexibility of password.
iStartTime = iCurTime - iCurTime%(24*3600), wherein iCurTime:Send the password moment Timestamp, in seconds, during by 1 day 0 January in 1970 on the basis of, no symbol long long types, 8 bytes.
B.)Take SHA-1 () result szHashOut 0-3 bytes(Labeled as szHashOut [0], szHashOut [1], SzHashOut [2], szHashOut [3])
C.)Calculated with following algorithm and obtain iOutLow
iOutLow=(szHashOut[3]*256*256*256+szHashOut[2]*256*256+szHashOut[1]*256+ szHashOut[0])%10000
Therefore, iOutLow is 0-9999 number
D.)Each digit of iOutLow 10 systems is taken successively(Labeled as XYZW)
E.)By following algorithm, final password is obtained
ISeq is labeled as A
ISubSeq is labeled as B
The 1st numerical character of password be:P=(X+Y+Z+A)%10
The 2nd numerical character of password be:X
The 3rd numerical character of password be:Y
The 4th numerical character of password be:Z
The 5th numerical character of password be:W
The 6th numerical character of password be:Q=(Y+Z+W+B)%10
In above-mentioned real case,
1st, the password generating algorithm when password generating algorithm in the checking flow of password is sent with password is consistent, and difference is: ISeq and iSubSeq are first extracted from password in difference one, the checking flow of password.
IStartTime determination in difference two, the acquisition of base during on password authentification, i.e., above-mentioned algorithm, during password authentification The acquisition of base includes three kinds of typical implementations:
A.) by the time point (iCurTime) of Password Input, iStartTime=iCurTime-iCurTime% are determined (24*3600), wherein iCurTime:Send the password moment timestamp, in seconds, using during 1 day 0 January in 1970 as base Standard, no symbol long long types, 8 bytes.It is also similar if the previous day.
B.) server is directly directly delivered to iStartTime during generation password, or iCurTime in lock, so that Base when lock is easier to obtain checking password.
C.) server in itself (can directly be not essential password), or cipher component row number and its it is corresponding effective when Between section or its send password temporal information be sent directly to lock, lock be easily determined correspondence password when base.
2nd, the effective period of time of Modify password, or delete the implementation method of password
1.) sequence number of smart lock correspondence password is found in client or app ends.
2.) its effective period of time is directly changed, or deletes the effective period of time of this password.
3.) this application can be submitted to server by client or app ends, and server carries out mark, in next smart lock and On this synchronizing information to smart lock during server communication.
4.) periodically or non-periodically, automatically or under artificial triggering, and server is communicated smart lock, and Synchronizing Passwords Relevant information.
Finally require supplementation with specification is:
(1)In the present invention, the connection of smart lock and server can be first passed through by various wireless networks, such as smart lock Wifi, 433, zigBee are linked to gateway, then are connected with server, and smart lock can also directly pass through wifi and router obtains company Connect, and further obtain connection etc. with server.
(2)It is also possible without iSubSeq on iSubSeq, such as more iSeq capacity is set, iSeq Packet transaction is carried out, such as one has 100 iSeq, and every 10 are divided into one group, deal with and iSeq, iSubSeq are similar, only It is to have made accommodation in technical finesse means, belongs to an inventive concept.
By the description of above-described embodiment, the present invention conventional cipher management method relatively has broken away from smart lock to network Depend on unduly, with following advantage:
1.) cipher component row information is added in password and Codon sequences information allows to support multiple such passwords, and The function of each password is more powerful.It can support multiple passwords simultaneously, and multiple passwords can be carried out cancelling respectively and again Authorized operation.
2.) server can be synchronized on smart lock with the effective period of time of Modify password after modification, but server The password of smart lock can not be changed, so both can be with the effective period of time of administrator password, or directly cancel password (this be just need), Again can not directly Modify password or set password, solve potential safety hazard.
3.) password for distributing to oneself can be revised as the password oneself liked by user locking.
Although disclosed herein embodiment as above, described content is only to facilitate understanding the present invention and using Embodiment, is not limited to the present invention.Any those skilled in the art to which this invention pertains, are not departing from the present invention On the premise of disclosed spirit and scope, any modification and change can be made in the implementing form and in details, but all It should fall in the protection domain of the application.

Claims (9)

1. a kind of cipher management method, the password is generated by seed and time reference by the computing of password generating algorithm, described At least two backups of seed, one of seed backup is stored in intelligent lock end, and the backup of another seed is stored in server Or in client;Or another seed backup unit code insurance presence server, part are preserved on the client;The time reference Including:In the very first time benchmark of intelligent lock end, and in server or the second time reference of client;With the very first time The corresponding clock of benchmark and clock corresponding with second time reference are in due course and synchronized;The password generation Algorithm includes two backups, and one of password generating algorithm backup operates in the intelligent lock end, and the generation of another password is calculated Method backup operates in server, and either client or another password generating algorithm backup unit point operate in server, part Operate in client;The effective period of time of each password of server record, it is characterised in that the cipher management method bag Include:
Password authentification step:The password authentification step includes judging in effective period of time, if the smart lock is local Containing Cryptosync information, then judge input password whether in effective time according to the effective time segment information of Cryptosync information In section;If smart lock does not contain Cryptosync information locally, according to prior treaty rule judge input password whether In effective period of time.
2. cipher management method according to claim 1, it is characterised in that
The password authentification step also includes matching and judged, if intelligent lock end contains Cryptosync information, the smart lock Base when end determines password authentification according to Password Input moment and treaty rule, or when determining password authentification according to Cryptosync information Base, the local password of intelligent lock end is calculated by the seed and password generating algorithm of the intelligent lock end, and will be described local Password and the input password of the intelligent lock end are checked, and both are identical to think that the match is successful;If intelligent lock end does not contain Cryptosync information, then base when the smart lock determines password authentification according to Password Input moment and prior treaty rule, leads to The seed and password generating algorithm for crossing the intelligent lock end calculate the local password of intelligent lock end, and by the local password with The input password of intelligent lock end is checked, and both are identical to think that the match is successful.
3. the cipher management method according to claim any one of 1-2, it is characterised in that if the input of intelligent lock end Password is consistent with the local password matching of intelligent lock end, and in defined effective period of time, then it is assumed that input password is legal, no Then think that input password is illegal.
4. the cipher management method according to claim any one of 1-3, it is characterised in that the input password is comprising close Code sequence number information, cipher component row information described in server record.
5. the cipher management method according to claim any one of 1-4, it is characterised in that when the intelligent lock end and institute When stating server acquirement connection, the smart lock is local from server sync to the smart lock Cryptosync information.
6. the cipher management method according to claim any one of 1-5, it is characterised in that the smart lock and the clothes It is synchronous that business device enters row clock in the following manner:The smart lock by app or is directly connected in registration by wireless network Synchronized to the server;Or the smart lock is periodically connected to server by wireless network and synchronized;Or The smart lock is selected a good opportunity after input password is by checking and is connected to server by wireless network and synchronizes.
7. the cipher management method according to claim any one of 4-6, it is characterised in that each cipher component row number Equipped with several Codon sequences number.
8. the cipher management method according to claim any one of 1-7, it is characterised in that the cancellation of the password can be with By the client, app or go to cancel at the intelligent lock end.
9. the cipher management method according to claim any one of 1-8, it is characterised in that allow the effective of the password Time segment information is changed.
CN201710455739.5A 2017-06-16 2017-06-16 A kind of cipher management method of smart lock Pending CN107221061A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710455739.5A CN107221061A (en) 2017-06-16 2017-06-16 A kind of cipher management method of smart lock

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710455739.5A CN107221061A (en) 2017-06-16 2017-06-16 A kind of cipher management method of smart lock

Publications (1)

Publication Number Publication Date
CN107221061A true CN107221061A (en) 2017-09-29

Family

ID=59949691

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710455739.5A Pending CN107221061A (en) 2017-06-16 2017-06-16 A kind of cipher management method of smart lock

Country Status (1)

Country Link
CN (1) CN107221061A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108076151A (en) * 2017-12-19 2018-05-25 众算(上海)数据科技有限公司 A kind of platform and control method based on NB-IOT networks
CN109525391A (en) * 2018-10-14 2019-03-26 浙江鸿利锁业有限公司 A kind of method that server is synchronous with lockset information security
CN109872421A (en) * 2019-01-08 2019-06-11 博拉网络股份有限公司 A kind of big data access control management method and its management system
CN109951319A (en) * 2019-02-22 2019-06-28 北京深思数盾科技股份有限公司 The method and encryption machine equipment of backup encryption equipment administrator lock
CN110211268A (en) * 2019-06-04 2019-09-06 北京一砂信息技术有限公司 A kind of client, server, system, method and the storage medium of timeliness random cipher unlock smart lock
WO2020088623A1 (en) * 2018-10-31 2020-05-07 云丁网络技术(北京)有限公司 Intelligent device control method and system
CN112184952A (en) * 2019-06-17 2021-01-05 中国电信股份有限公司 Intelligent lock control system, method and storage medium
CN114694279A (en) * 2020-12-28 2022-07-01 深圳Tcl新技术有限公司 Method for acquiring offline password, computer readable storage medium and terminal device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101294463A (en) * 2008-06-18 2008-10-29 大连交通大学 Dynamically encrypting and unlock method based on electronic trick lock
CN104631961A (en) * 2014-02-17 2015-05-20 袁磊 Dynamic password electronic lock system in which password changes according to random codes
CN105827576A (en) * 2015-01-05 2016-08-03 珠海汇金科技股份有限公司 Unlocking method and system based on dynamic cipher lock
CN106127905A (en) * 2016-07-05 2016-11-16 杭州摇光科技有限公司 A kind of electrical lock apparatus, system and method for unlocking thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101294463A (en) * 2008-06-18 2008-10-29 大连交通大学 Dynamically encrypting and unlock method based on electronic trick lock
CN104631961A (en) * 2014-02-17 2015-05-20 袁磊 Dynamic password electronic lock system in which password changes according to random codes
CN105827576A (en) * 2015-01-05 2016-08-03 珠海汇金科技股份有限公司 Unlocking method and system based on dynamic cipher lock
CN106127905A (en) * 2016-07-05 2016-11-16 杭州摇光科技有限公司 A kind of electrical lock apparatus, system and method for unlocking thereof

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108076151A (en) * 2017-12-19 2018-05-25 众算(上海)数据科技有限公司 A kind of platform and control method based on NB-IOT networks
CN109525391A (en) * 2018-10-14 2019-03-26 浙江鸿利锁业有限公司 A kind of method that server is synchronous with lockset information security
CN109525391B (en) * 2018-10-14 2021-12-03 浙江鸿利锁业有限公司 Method for safely synchronizing information of server and lockset
WO2020088623A1 (en) * 2018-10-31 2020-05-07 云丁网络技术(北京)有限公司 Intelligent device control method and system
CN109872421A (en) * 2019-01-08 2019-06-11 博拉网络股份有限公司 A kind of big data access control management method and its management system
CN109951319A (en) * 2019-02-22 2019-06-28 北京深思数盾科技股份有限公司 The method and encryption machine equipment of backup encryption equipment administrator lock
CN110211268A (en) * 2019-06-04 2019-09-06 北京一砂信息技术有限公司 A kind of client, server, system, method and the storage medium of timeliness random cipher unlock smart lock
CN112184952A (en) * 2019-06-17 2021-01-05 中国电信股份有限公司 Intelligent lock control system, method and storage medium
CN114694279A (en) * 2020-12-28 2022-07-01 深圳Tcl新技术有限公司 Method for acquiring offline password, computer readable storage medium and terminal device

Similar Documents

Publication Publication Date Title
CN107221061A (en) A kind of cipher management method of smart lock
CN109272606B (en) Intelligent lock supervision equipment and method based on block chain and storage medium
CN207409010U (en) The newer temporary password access control system of encryption parameter dynamic
CN108055235B (en) Control method of intelligent lock, related equipment and system
CN107274532A (en) The temporary password gate control system that encryption parameter dynamically updates
CN1323538C (en) A dynamic identity certification method and system
CN101222488B (en) Method and network authentication server for controlling client terminal access to network appliance
CN103491093B (en) A kind of smart power grid user access authorization methods
CN107833317A (en) Control of bluetooth access control system and method
CN108711209A (en) dynamic password generation and verification method and system
CN105635094A (en) Security authentication method, security authentication device and security verification system
CN104769602A (en) Method and system for verifying an access request
CN107146307A (en) A kind of method of securely unlocking of intelligent lock system
CN107154847A (en) Towards the method for generating cipher code, verification method and its smart machine of offline environment
CN105933318A (en) Data secret-keeping method, device and system
CN106060073B (en) Channel key machinery of consultation
CN106027467B (en) A kind of identity card reading response system
CN104539420A (en) General intelligent hardware safe secret key management method
CN104580246B (en) Dynamic and intelligent safe key is produced and managing and control system and method under WiFi environment
CN104125230A (en) Short message authentication service system and authentication method
CN109936552A (en) A kind of cipher key authentication method, server and system
CN109525391A (en) A kind of method that server is synchronous with lockset information security
CN107958513A (en) A kind of offline authorization method and system of electronic lock
CN105069920A (en) Password-dynamic-synchronization-based collection system
CN108734812A (en) Remote unlocking method, apparatus based on ZigBee and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170929