CN107221061A - A kind of cipher management method of smart lock - Google Patents
A kind of cipher management method of smart lock Download PDFInfo
- Publication number
- CN107221061A CN107221061A CN201710455739.5A CN201710455739A CN107221061A CN 107221061 A CN107221061 A CN 107221061A CN 201710455739 A CN201710455739 A CN 201710455739A CN 107221061 A CN107221061 A CN 107221061A
- Authority
- CN
- China
- Prior art keywords
- password
- time
- server
- information
- smart lock
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00182—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0645—Rental transactions; Leasing transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00182—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
- G07C2009/00238—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed
- G07C2009/00253—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed dynamically, e.g. variable code - rolling code
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Development Economics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Economics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of cipher management method, the password is generated by seed and time reference by the computing of password generating algorithm, the effective period of time of each password of server record, the cipher management method includes password authentification step, the password authentification step includes judging in effective period of time, if the smart lock has locally contained Cryptosync information, judge input password whether in effective period of time according to the effective time segment information of Cryptosync information;If smart lock does not contain Cryptosync information locally, judge input password whether in effective period of time according to prior treaty rule.The cipher management method of the present invention, on the one hand, smart lock has been broken away to be depended on unduly to network;Other side server can not directly Modify password or set password.Solve potential safety hazard so that Password Management is safe and reliable, using flexible, and reduces the dependence to wireless network.
Description
Technical field
The present invention is directly related to a kind of cipher management method, and more particularly to a kind of safe and reliable, management facilitates, uses spirit
It is living, reduce the smart lock cipher management method relied on wireless network.
Background technology
Existing smart lock Password Management mode mainly has following several:
First, the preset password directly in lock, this is mode the most frequently used during conventional cipher is locked, i.e., if it is desired to the password of coded lock
Be arranged to " 1234 ", then be accomplished by advance presetting into coded lock password " 1234 " by certain mode, it is normal in use,
User inputs " 1234 ", the password that coded lock once matches input and the password prestored, then it represents that cryptographic acess success.
This mode is most simple, but uses limitation also maximum, and each Modify password is required for repairing beside coded lock
Change, limit the physical location that password sets people so that inconvenient for use in many scenes, such as, in short rent field, if landlord
Keep password constant, it is necessary to password be told the client of the another ripple of a ripple, it is clear that potential safety hazard occurs;The other inhabitation phase arrives
Phase, if lessee can also be also unreasonable with original cryptographic acess room.If landlord is each lessee's assignment of password, it is
Original code is failed upon expiration, it is necessary to which landlord will go to set new password by coded lock every time, this time cost and
Transportation cost is very high for landlord, therefore convenience is excessively poor.
2nd, password is set by Server remote, this is the mode that current internet smart lock is taken extensively.Work as donor
(smart lock keeper, landlord, or leasing company) needs to send password to lessee, and basic procedure is as shown in figure 1, as follows
Realize:
During distributing passwords:
A.) during donor's distributing passwords, by client or app, Cloud Server is told, password is set to which smart lock;
B.) Cloud Server sets password by home router/home gateway to smart lock;
C.) simultaneously, this password by short message or app can be sent to licensee (such as lessee) by donor;
D. when) licensee goes to open the door, the password that smart lock can transmit above-mentioned two different approaches is matched, correspondence
Upper this password of explanation is legal.
There is following defect in this mode:Defect one, this mode is very simple, directly perceived, but is cloud clothes the problem of bring
Business device can be set and Modify password directly to smart lock, once by hacker attacks, or by insider malicious operation, all
Smart lock is arranged to unified password, such as the password of all locks in a cell or system is all provided with being set to 1234, and that will
Cause systematic risk.Defect two, if during distributing passwords, once home gateway or home router failure,
Or wireless network signal poor quality, the password undelivered in password approach 1 is may result in, so as to cause the password distributed away
It can not open the door, tenant is locked out.
The reasons for the above problems are:First, it is necessary to the participation of home gateway in the transmission process of password, therefore family
Front yard gateway will necessarily influence function, authorization failure can cause licensee once breaking down or wireless network failure
Lock out;Second, server not only controls substantial amounts of smart lock, password can also be set directly to lock, there is systemic peace
Full hidden danger.
3rd, the offline cryptogram independent of network, it is according to internal algorithm, and synchronous parameter calculates associated secret code, but
Still have three defects, present most of offline cryptogram all either with or without solving this defect, first, the password sent without
Method is cancelled;Second, the effective period of time of password is dumb, such as it can only just support several days or more than ten days, if effective period of time
It is elongated, it is necessary to which that the digit of password is elongated, but password digit is oversize, and such as more than 10, user is with regard to not convenient.Third, password
Once after distributing away, it is impossible to change the effective period of time of this password.If user needs to re-rent, password can be caused more
Change, can be made troubles to user.
Therefore, for the above-mentioned many disadvantages of prior art, it is necessary to which prior art is improved.
The content of the invention
The invention provides a kind of cipher management method, it can overcome drawbacks described above present in prior art, fusion
Offline and online advantage, safe and reliable, management is convenient, using neatly carrying out Password Management.
To realize the purpose of the present invention, the technical solution adopted by the present invention is:A kind of cipher management method, the password by
Seed and time reference are generated by the computing of password generating algorithm, and at least two backups of the seed, one of seed is standby
Part is stored in intelligent lock end, and the backup of another seed is stored in server or client;Or another seed backup part
Server, part is stored in preserve on the client;The time reference includes:In the very first time benchmark of intelligent lock end, and
In server or the second time reference of client;Clock corresponding with the very first time benchmark and with the second time base
Accurate corresponding clock, which is in due course, to be synchronized;The password generating algorithm includes two backups, one of password life
The intelligent lock end is operated in into algorithm backup, the backup of another password generating algorithm operates in server or client, or
Another password generating algorithm backup unit point of person operates in server, partly operates in client;The server record is each
The effective period of time of password, the cipher management method includes:Password authentification step:When the password authentification step includes effective
Between judge in section, if the smart lock has locally contained Cryptosync information, according to Cryptosync information it is effective when
Between segment information judge input password whether in effective period of time;If smart lock does not contain Cryptosync information, root locally
Judge input password whether in effective period of time according to prior treaty rule.
Preferably, the password authentification step also includes matching judgement, if intelligent lock end contains Cryptosync information,
Base when the intelligent lock end determines password authentification according to Password Input moment and treaty rule, or determined according to Cryptosync information
Base during password authentification, the local password of intelligent lock end is calculated by the seed and password generating algorithm of the intelligent lock end, and
The local password and the input password of the intelligent lock end are checked, both are identical to think that the match is successful;If intelligence
Lock end does not contain Cryptosync information, then the smart lock determines that password is tested according to the Password Input moment with prior treaty rule
Base during card, the local password of intelligent lock end is calculated by the seed and password generating algorithm of the intelligent lock end, and will be described
Local password and the input password of intelligent lock end are checked, and both are identical to think that the match is successful.
Preferably, if the input password of intelligent lock end is consistent with the local password matching of intelligent lock end, and defined
In effective period of time, then it is assumed that input password is legal, otherwise it is assumed that input password is illegal.
Preferably, the input password includes cipher component row information, cipher component row information described in server record.
Preferably, when the intelligent lock end and the server, which are obtained, to be connected, the smart lock is Cryptosync information
It is local from server sync to the smart lock.
Preferably, to enter row clock in the following manner with the server synchronous for the smart lock:The smart lock is in note
During volume, the server is connected to by wireless network by app or direct and synchronized;Or the smart lock periodically passes through
Wireless network is connected to server and synchronized;Or the smart lock is selected a good opportunity by wireless network after input password is by checking
Network is connected to server and synchronized.
Preferably, each cipher component row number is furnished with several Codon sequences number.
Preferably, the cancellation of the password by the client, app or can go to cancel at the intelligent lock end.
Preferably, it is allowed to which the effective time segment information of the password is changed.
Cipher management method of the present invention has merged offline and online advantage, broken away from smart lock to network it is excessive according to
Rely, compared with the prior art, following technological deficiency is solved well:
1.) when password is distributed, in the case where lock does not network network, success can also be sent, will not be because of wireless in lock ring border
The problem of network, causes tenant to lock out.
2.) server can not set password, Modify password directly to lock, prevent potential safety hazard, because server controls
Substantial amounts of lock, if server can set password or Modify password directly to lock, once by hacker attacks, or insider malice
Operation, systematic potential safety hazard is serious.
3.) solve pure offline cryptogram and there are problems that three:A. certain password) is cancelled in advance in cryptographic validity
Authority is cumbersome, it is necessary to which donor goes lock seaming to operate, and programming is also extremely complex.B.) Modify password effective time
Duan Feichang is bothered, such as certain user was rented after one month, continued to re-rent, and changes the period of validity of original code, and pure is offline
Password can not be realized.C.) general Password Length (4 or 6) can not support long period, the password of higher time precision to award
Power, such as will reach 2 years mandate time, precision to hour rank, it is easy to more than more than 10, largely effect on customer experience.
Achieve significant progressive and prominent technique effect:On the one hand, smart lock has been broken away from depends on unduly to network,
So that smart lock can also realize that password is distributed in the environment without network, and after networking, password can ensured not again
In the case of change, can any Change Password effective period of time, other side server directly Modify password or can not set
Password is put, but can be with the effective period of time of administrator password, or directly cancel password, solve potential safety hazard so that password pipe
Reason is safe and reliable, using flexible, and reduction is to the dependence of wireless network.
Brief description of the drawings
Fig. 1 shows Password Management mode system framework figure of the prior art.
Fig. 2 shows that the when base in cipher management method of the present invention illustrates schematic diagram.
Fig. 3 shows Password Management mode system framework schematic diagram of the present invention.
Fig. 4 shows the input password authentification schematic flow sheet in cipher management method of the present invention.
The explanation of reference:Base when base, 3-password authentification when 1-password sends time, the generation of 2-password, 4-it is same
Password effective period of time, 6-password input time after password effective period of time, 5-synchronization before step.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with accompanying drawing to the present invention
Embodiment be described in detail.It should be noted that in the case where not conflicting, in the embodiment and embodiment in the present invention
Feature can mutually be combined.
Clearly describing and readily appreciating for subsequent technology scheme, the explanation for the relevant technical terms used in embodiment
Illustrate and agree as follows:
Donor:It possesses an account, smart lock is registered into intelligent lock administration system by this account, usually landlord,
Or householder or artificial person's (being such as a leasing company) possess this account.Intelligent lock administration system at least includes
(client refers to that operating in computer or smart mobile phone or a set of of other intelligent terminal answers for server, smart lock and client
With program, typical ratio is if any client software on app, pc machine of smart mobile phone etc.).By registration, this account and intelligence
It can lock and be bound, so-called binding can be to server application on the close of this smart lock after referring to this account binding smart lock
Code service.It should be noted that donor above-mentioned power can be distributed to other people (be referred to as sub- donor) so that son is awarded
Weighing people also can be to cryptographic service of the server application on this smart lock, and donor is according to circumstances, it may be necessary to sub- mandate
People some is used to generate the key message of password (in the case where the part or all of information of seed is not put on the server).
In this patent, donor is consistent with the role that sub- donor is served as, and it differs only in donor and obtains the authority authorized
With information obtained in registration, and sub- donor, which obtains the authority authorized and information, to be obtained by the licensing process of donor
, do not further discriminate between in the present invention, referred to as donor.
Password sends the time:Refer to that donor sends the time of password by client to licensee.Due to electronics key
Spoon needs certain processing step and time course unlike traditional Physical key when key is generated, substantially at once
Generation, thus it is consistent to think that password generation time and password send the time in the present invention, or it is very close.This
Outside, it is not further to be distinguished, also because if do not sent after password generation in practical application, artificially deliberately
The two differentiated time points that are divided into be no intrinsic value (not only without intrinsic value, in addition it is also necessary to which password is corresponding
Store, therefore can also introduce extra hidden danger, therefore regeneration is more reasonable when sending password), therefore, if being
Generation password time parameter have to be introduced in system, such as intentional setting code generation time and password, which send the time, a determination
Relation, then be also understood in the protection domain that this specially invents.
Base during password:Base and base during password authentification when base is generated comprising password during password.
Base refers to time reference information of the password in generation when password is generated;Base is that smart lock is detected during password authentification
During Password Input, when carrying out password authentification, the time reference information used.Password authentification timing information is substantially by password
Send time decision.But base may have multiple according to actual needs during password authentification, such as arrange password only in working as receiving
Before it or the 12 noon of second day effectively, then the when base on the day of base can attempt input time during password authentification, it is or preceding
The when base of one day, any one when base match can (detailed process be referring to embodiment).
Password input time:Refer to that user actually enters the time of password, with certain randomness.
Password effective time:Including the effective period of time before synchronization and the effective period of time after synchronization.Donor is true
Effective period of time of the password effective period of time of sincere hope typically and after synchronization is consistent, the effective period of time before synchronization
Usual time span is limited, limited precision, such as agreement must receive password on the day of or the next morning input just have
Effect.
On the time shaft shown in Fig. 2, base when illustrating base 2 when password sends time 1, password generation, password authentification
3rd, the effective period of time 4 before synchronization, the effective period of time 5 after synchronization and the mutual correspondence between password input time 6 are closed
System.
The lock in time of Cryptosync information:After referring to that password is sent, smart lock is once and on server communication, and server is this
The relevant information of password(Effective period of time, cipher component row number and the Codon sequences number of such as password, it might even be possible to which password is in itself
Deng) it is synchronized to the time of intelligent lock end.
Cryptosync information:Cryptosync information comprises at least the effective time segment information corresponding to this password, generally also
Can comprising cipher component row number or password in itself, Codon sequences number and password send the time, it might even be possible to include code book
Body.
Cipher component row number:If referring to one smart lock needs while supporting multiple such passwords, when generating password,
This sequence number can be embedded in password, during input password, intelligent lock end can extract corresponding cipher component row number from password.
Codon sequences number:Several Codon sequences number are set to be associated with correspondence for each cipher component row number.
Base during on password:
Shi Ji (time reference) is that timing information is included in the key concept in the present invention, encrypted message, is used during generation password
When base with passwords when use when base must be consistent, password is only possible to match, the two when base be referred to as it is close
Base during code generation, and base during password authentification.
Base is a virtual concept during password, and the method for base is many when determining, core concept is passed by certain mechanism
A temporal information is passed, and is transmitted by appointing rule in advance, or by server, it is ensured that when both sides can obtain same
Base.
1.) such as both sides arrange, and password is only on the day of transmission password or before second day 12 noon, and password just may be used
It can match.The when base of so transmitting terminal can be (the time at transmission password moment 0 second time 0 point 0 minute on the day of sending password
Stamp, in seconds, on the basis of 0 second January 1 day 0 point 0 minute in 1970), and if password is exactly on the day of or second day defeated
Enter, then receiving terminal according to password input time, can obtain the same day or the previous day 0 point 0 second 0 minute as when base, the two
When base when necessarily having one the when base of base and transmitting terminal match.It should be noted that when base can flexibly set, such as
On the basis of when can not be by 1 day 0 January in 1970, and during by 1 day 0 January in 2000 on the basis of.
2.) mode of base is not by means of network, if by network, server and intelligence when above-mentioned acquisition is identical
After lock connection is upper, directly the transmission time of password, or even the when base used during password generation can be written directly in lock, so
Lock just can produce local password with base during simpler acquisition password authentification, so as to further match checking with the password of input.
When offline base mechanism represent can only using it is above-mentioned 1.) in similar mechanism, when base transmission rely only on rule,
And Password Input moment and password produce the restriction relation at moment.
Online cipher mechanism is represented except that can directly can also be passed over in addition to above-mentioned offline mechanism from server
Base when password authentification is directly or indirectly obtained in Cryptosync information.
In the present invention, offline mechanism and line mechanism are merged well, to have broken away from smart lock to network
Depend on unduly.
On seed:
Donor, which obtains seed, generally two ways:
First, being obtained by registering or binding, when registration or binding, decided through consultation by client, server and some sides of smart lock
Seed, at least two backups of seed, a seed, which is placed on, to be locked, and another seed is either on the server or in client
End, or part is on the server, part is on the client.The donor for obtaining mandate qualification in registration process is referred to as root and awarded
Weigh people.
Second, root donor makes sub- donor to be sent to server application by being authorized to other sub- donors
Cryptographic service.It is substantially similar because this two class authorities people is when obtaining seed and authorizing qualification in addition to difference, therefore just
Do not do and illustrate respectively, donor is referred to as in the present embodiment.
Seed is placed on client, or server end, and difference substantially will not be brought in whole Password Management mechanism,
Difference is only whether to need to transmit all or part of seed information before generation password, in the present embodiment with seed in client
Explanation exemplified by end.
On algorithm:
The algorithm of generation password can also be disposed on the server, or in client, or partial deployment is on the server, portions
On the client, embodiments thereof does not have essential distinction for administration, if algorithm partial deployment on the server, partial deployment is in visitor
On the end of family, then password generation process need simultaneously by server and client side processing, and accordingly increase several times communication and
Transmitting procedure, in the present embodiment by algorithm deployment on the server exemplified by explanation.
The present embodiment arranges seed in client, algorithm scene on the server to explain, and other situations can be with class
Push away, do not do describing one by one.
The system framework of Password Management is illustrated referring to Fig. 3, specific work process is as follows:
Step 1: donor is when installing smart lock, and smart lock determines seed (seed is the term inside cryptography) jointly,
At least two backups of seed, a seed backup is on smart lock, the client that the backup of another seed is used in donor;
Generating the algorithm of password includes two backups, and an algorithm backup operates in intelligent lock end, and the backup of another algorithm operates in clothes
It is engaged on device.
Step 2: when donor needs to authorize, the calculation on its seed information and time reference Information Pull server
Method is calculated, and generates the input password to be used in intelligent lock end.
Step 3: the input password is informed licensee by donor by short message or app.
Step 4: licensee goes intelligence lock seaming to use input password.
Step 5: intelligent lock end is according to local cryptographic algorithm (this algorithm is consistent with the algorithm on Cloud Server), seed
The local password of intelligent lock end is calculated with time reference, if this input password is consistent with local password, it is believed that password match
Success.
Step 6: after this input password match success, smart lock is attempted to connect with server, this synchronous input password
Cryptosync information(Including effective period of time information etc.)If the password of input is unlocked in effective period of time.
Each key link in this implementation row is further explained:
1st, the generation of password
(1)Intelligent lock cipher itself comprises at least two aspect information, seed information(iSeed), timing information(iTime).These
Information obtains a value by some special function computings, and described value need to do further subsequent treatment as needed, obtain most
Whole intelligent lock cipher, some special functions are usually some specific functions in cryptography, such as MD5, SHA-1,
SHA-3 etc., the present embodiment selects SHA-1 ()
Wherein:
A.) seed information iSeed source can very flexibly, can be from random number, the ID of lock, the ID of user, user cipher, lock
Times of registration sequence number, or other any decide through consultation arbitrarily select some information in value, directly using or use its derivation information.
B.) timing information iTime can be the current time for generating password, or according to treaty rule and generation password
Obtained derivative time time, such as authorize effective period of time to be the year two thousand twenty January 1, this time can be the year two thousand twenty January
1 day or the year two thousand twenty January 10 (being than late 9 days of the time of generation password equivalent to treaty rule), as long as lock end password
That arranges when being generated during checking with password is regular consistent, and same determination can be obtained from known information and treaty rule
Value.
C.) sequence number information iSeq, if system supports multiple such passwords, this sequence number is essential, if being
System only supports such password, is which password without repartitioning, this sequence number can be saved.Intelligent lock end is received after password, is led to
The numerical value for crossing received password extracts sequence number information, passes through this sequence number information and server docking and this synchronous password
Encrypted message.
(2)Subsequence information iSubSeq can also be added when producing password, sequence number information iSubSeq's adds
Entering can make cryptographic function more powerful, can preferably support password to cancel function.
Here,
A.) each sequence number information iSeq several subsequence information iSubSeq of correspondence, such as be assumed to be each sequence number
If 10 sub- sequence number information iSubSeq of information iSeq correspondence distribution, the rolling of 0-9 10 Arabic numerals can be used
Dynamic information, it is sequence number iSeq which attached password to represent this password, and it, which acts on mainly coordinating, cancels password work(
New password and can be distributed for some cipher component row number.
B.) embodiment is:If smart lock receives iSubSeq (iSubSeq_I) value than the preservation in lock
The difference of iSubSeq (iSubSeq_L) value is less than N (iSubSeq_I- iSubSeq_L_<N, the present embodiment N are 5, it is noted that
If iSubSeq_I- iSubSeq_L are negative, first Jia 10 and compare again, such as iSubSeq_I=1, iSubSeq_L=8,
ISubSeq_I- iSubSeq_L=- 7, then first Jia 10=3 before comparison, as a result less than 5), then illustrating received password
It may be valid password.If on the contrary, smart lock receives iSubSeq (iSubSeq_I) value than the preservation in lock
The difference of iSubSeq (iSubSeq_L) value is less than M (0<iSubSeq_L- iSubSeq_I_<M, the present embodiment M are 4, note
Meaning, if iSubSeq_L- iSubSeq_I are negative, first Jia 10 compares (with reference to above way, be not repeated) again, such as
ISubSeq_I=7, iSubSeq_L=8, iSubSeq_L- iSubSeq_I=1, as a result less than 4 but more than 0, represents this password very
It is probably the password being cancelled, depending on this password useless), then illustrate that the password received may be close for what is be cancelled
Code.M, N value can sets itselfs as needed, it is however generally that M+N<ISubSeq total amount, come distinguish valid password and by
The password of cancellation.The present embodiment is that can flexibly be set according to this principle in example explanation, practical application.
(3)Seed information iSeed, sequence number iSeq, subsequence iSubSeq and cryptographic algorithm can portions as needed
Administration on a client or server, is generated after password, it is also possible to be sent to licensee by server, or client.
2nd, after generation password, server can need to note down the corresponding some encrypted messages of the password according to application, such as:It is close
Base when code, the transmission time of cipher component row number, Codon sequences number, the effective period of time of password, password, password authentification, even
Password is in itself etc..
3rd, Password Input:Input after password, carry out password authentification, password authentification is divided into two sub-steps, and checking password is
Whether no matching, and checking input password are located in effective period of time.
Fig. 4 illustrates the idiographic flow of password authentification:
(1)Password match
A.) intelligent lock end recovers A (iSeq), B (iSubSeq) according to the password of input.
B.) with it is online when base computing mechanism or it is offline when base mechanism calculate the local XYZW of lock, and with the password of input
Match somebody with somebody, if the match is successful for consistent explanation.
C. iSubSeq_L and iSubSeq_I relation) is verified, as it was previously stated, confirming whether inputted password is to be taken
The failure password disappeared, if the verification passes, then updates iSubSeq_L=iSubSeq_I, is otherwise considered as failure password.
(2)Password effective period of time is verified
If smart lock has locally contained Cryptosync information, judge this input password whether in effective period of time according to
According to the effective time segment information from Cryptosync information;If smart lock does not contain Cryptosync information locally, judge
Whether the basis source in effective period of time is in prior rule agreement for this password.
On illustrating that password effective period of time is verified:
If lock locally contained Cryptosync information, judge this password whether the basis source in effective period of time in
The effective time segment information of Cryptosync information, such as the effective time segment information of Cryptosync information is from June 1st, 2015
12 noon is to 6 pm on May 30th, 2016;If lock does not locally contain Cryptosync information, whether this password is judged
Basis source in effective period of time is in prior rule agreement, such as password was sent at 15 points at noon on June 1st, 2015
, then if agreement be password must be on the day of or the morning input of second day, the effective period of time of password is defaulted as
June 2 15 points to 2015 of noon on June 1st, 2015 12 noon.
One real case of password generation:
A.) SHA-1 () input parameter is:
iSeq:Cipher component row number, valid value range is 0-9
iSubSeq:The current corresponding Codon sequences number of the subsequence number, valid value range is 0-9
iSeed:Length is the character array of 64 characters, and the present embodiment is directly using lock ID
iRegNum:This times of registration of lock in systems is represented, registration every time can Jia one automatically, unsigned int data, 4
Byte, the present embodiment is not added to this parameter information in seed, but directly to generate encrypted message, to illustrate life
Into the flexibility of password.
iStartTime = iCurTime - iCurTime%(24*3600), wherein iCurTime:Send the password moment
Timestamp, in seconds, during by 1 day 0 January in 1970 on the basis of, no symbol long long types, 8 bytes.
B.)Take SHA-1 () result szHashOut 0-3 bytes(Labeled as szHashOut [0], szHashOut [1],
SzHashOut [2], szHashOut [3])
C.)Calculated with following algorithm and obtain iOutLow
iOutLow=(szHashOut[3]*256*256*256+szHashOut[2]*256*256+szHashOut[1]*256+
szHashOut[0])%10000
Therefore, iOutLow is 0-9999 number
D.)Each digit of iOutLow 10 systems is taken successively(Labeled as XYZW)
E.)By following algorithm, final password is obtained
ISeq is labeled as A
ISubSeq is labeled as B
The 1st numerical character of password be:P=(X+Y+Z+A)%10
The 2nd numerical character of password be:X
The 3rd numerical character of password be:Y
The 4th numerical character of password be:Z
The 5th numerical character of password be:W
The 6th numerical character of password be:Q=(Y+Z+W+B)%10
In above-mentioned real case,
1st, the password generating algorithm when password generating algorithm in the checking flow of password is sent with password is consistent, and difference is:
ISeq and iSubSeq are first extracted from password in difference one, the checking flow of password.
IStartTime determination in difference two, the acquisition of base during on password authentification, i.e., above-mentioned algorithm, during password authentification
The acquisition of base includes three kinds of typical implementations:
A.) by the time point (iCurTime) of Password Input, iStartTime=iCurTime-iCurTime% are determined
(24*3600), wherein iCurTime:Send the password moment timestamp, in seconds, using during 1 day 0 January in 1970 as base
Standard, no symbol long long types, 8 bytes.It is also similar if the previous day.
B.) server is directly directly delivered to iStartTime during generation password, or iCurTime in lock, so that
Base when lock is easier to obtain checking password.
C.) server in itself (can directly be not essential password), or cipher component row number and its it is corresponding effective when
Between section or its send password temporal information be sent directly to lock, lock be easily determined correspondence password when base.
2nd, the effective period of time of Modify password, or delete the implementation method of password
1.) sequence number of smart lock correspondence password is found in client or app ends.
2.) its effective period of time is directly changed, or deletes the effective period of time of this password.
3.) this application can be submitted to server by client or app ends, and server carries out mark, in next smart lock and
On this synchronizing information to smart lock during server communication.
4.) periodically or non-periodically, automatically or under artificial triggering, and server is communicated smart lock, and Synchronizing Passwords
Relevant information.
Finally require supplementation with specification is:
(1)In the present invention, the connection of smart lock and server can be first passed through by various wireless networks, such as smart lock
Wifi, 433, zigBee are linked to gateway, then are connected with server, and smart lock can also directly pass through wifi and router obtains company
Connect, and further obtain connection etc. with server.
(2)It is also possible without iSubSeq on iSubSeq, such as more iSeq capacity is set, iSeq
Packet transaction is carried out, such as one has 100 iSeq, and every 10 are divided into one group, deal with and iSeq, iSubSeq are similar, only
It is to have made accommodation in technical finesse means, belongs to an inventive concept.
By the description of above-described embodiment, the present invention conventional cipher management method relatively has broken away from smart lock to network
Depend on unduly, with following advantage:
1.) cipher component row information is added in password and Codon sequences information allows to support multiple such passwords, and
The function of each password is more powerful.It can support multiple passwords simultaneously, and multiple passwords can be carried out cancelling respectively and again
Authorized operation.
2.) server can be synchronized on smart lock with the effective period of time of Modify password after modification, but server
The password of smart lock can not be changed, so both can be with the effective period of time of administrator password, or directly cancel password (this be just need),
Again can not directly Modify password or set password, solve potential safety hazard.
3.) password for distributing to oneself can be revised as the password oneself liked by user locking.
Although disclosed herein embodiment as above, described content is only to facilitate understanding the present invention and using
Embodiment, is not limited to the present invention.Any those skilled in the art to which this invention pertains, are not departing from the present invention
On the premise of disclosed spirit and scope, any modification and change can be made in the implementing form and in details, but all
It should fall in the protection domain of the application.
Claims (9)
1. a kind of cipher management method, the password is generated by seed and time reference by the computing of password generating algorithm, described
At least two backups of seed, one of seed backup is stored in intelligent lock end, and the backup of another seed is stored in server
Or in client;Or another seed backup unit code insurance presence server, part are preserved on the client;The time reference
Including:In the very first time benchmark of intelligent lock end, and in server or the second time reference of client;With the very first time
The corresponding clock of benchmark and clock corresponding with second time reference are in due course and synchronized;The password generation
Algorithm includes two backups, and one of password generating algorithm backup operates in the intelligent lock end, and the generation of another password is calculated
Method backup operates in server, and either client or another password generating algorithm backup unit point operate in server, part
Operate in client;The effective period of time of each password of server record, it is characterised in that the cipher management method bag
Include:
Password authentification step:The password authentification step includes judging in effective period of time, if the smart lock is local
Containing Cryptosync information, then judge input password whether in effective time according to the effective time segment information of Cryptosync information
In section;If smart lock does not contain Cryptosync information locally, according to prior treaty rule judge input password whether
In effective period of time.
2. cipher management method according to claim 1, it is characterised in that
The password authentification step also includes matching and judged, if intelligent lock end contains Cryptosync information, the smart lock
Base when end determines password authentification according to Password Input moment and treaty rule, or when determining password authentification according to Cryptosync information
Base, the local password of intelligent lock end is calculated by the seed and password generating algorithm of the intelligent lock end, and will be described local
Password and the input password of the intelligent lock end are checked, and both are identical to think that the match is successful;If intelligent lock end does not contain
Cryptosync information, then base when the smart lock determines password authentification according to Password Input moment and prior treaty rule, leads to
The seed and password generating algorithm for crossing the intelligent lock end calculate the local password of intelligent lock end, and by the local password with
The input password of intelligent lock end is checked, and both are identical to think that the match is successful.
3. the cipher management method according to claim any one of 1-2, it is characterised in that if the input of intelligent lock end
Password is consistent with the local password matching of intelligent lock end, and in defined effective period of time, then it is assumed that input password is legal, no
Then think that input password is illegal.
4. the cipher management method according to claim any one of 1-3, it is characterised in that the input password is comprising close
Code sequence number information, cipher component row information described in server record.
5. the cipher management method according to claim any one of 1-4, it is characterised in that when the intelligent lock end and institute
When stating server acquirement connection, the smart lock is local from server sync to the smart lock Cryptosync information.
6. the cipher management method according to claim any one of 1-5, it is characterised in that the smart lock and the clothes
It is synchronous that business device enters row clock in the following manner:The smart lock by app or is directly connected in registration by wireless network
Synchronized to the server;Or the smart lock is periodically connected to server by wireless network and synchronized;Or
The smart lock is selected a good opportunity after input password is by checking and is connected to server by wireless network and synchronizes.
7. the cipher management method according to claim any one of 4-6, it is characterised in that each cipher component row number
Equipped with several Codon sequences number.
8. the cipher management method according to claim any one of 1-7, it is characterised in that the cancellation of the password can be with
By the client, app or go to cancel at the intelligent lock end.
9. the cipher management method according to claim any one of 1-8, it is characterised in that allow the effective of the password
Time segment information is changed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710455739.5A CN107221061A (en) | 2017-06-16 | 2017-06-16 | A kind of cipher management method of smart lock |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710455739.5A CN107221061A (en) | 2017-06-16 | 2017-06-16 | A kind of cipher management method of smart lock |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107221061A true CN107221061A (en) | 2017-09-29 |
Family
ID=59949691
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710455739.5A Pending CN107221061A (en) | 2017-06-16 | 2017-06-16 | A kind of cipher management method of smart lock |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107221061A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108076151A (en) * | 2017-12-19 | 2018-05-25 | 众算(上海)数据科技有限公司 | A kind of platform and control method based on NB-IOT networks |
CN109525391A (en) * | 2018-10-14 | 2019-03-26 | 浙江鸿利锁业有限公司 | A kind of method that server is synchronous with lockset information security |
CN109872421A (en) * | 2019-01-08 | 2019-06-11 | 博拉网络股份有限公司 | A kind of big data access control management method and its management system |
CN109951319A (en) * | 2019-02-22 | 2019-06-28 | 北京深思数盾科技股份有限公司 | The method and encryption machine equipment of backup encryption equipment administrator lock |
CN110211268A (en) * | 2019-06-04 | 2019-09-06 | 北京一砂信息技术有限公司 | A kind of client, server, system, method and the storage medium of timeliness random cipher unlock smart lock |
WO2020088623A1 (en) * | 2018-10-31 | 2020-05-07 | 云丁网络技术(北京)有限公司 | Intelligent device control method and system |
CN112184952A (en) * | 2019-06-17 | 2021-01-05 | 中国电信股份有限公司 | Intelligent lock control system, method and storage medium |
CN114694279A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Method for acquiring offline password, computer readable storage medium and terminal device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101294463A (en) * | 2008-06-18 | 2008-10-29 | 大连交通大学 | Dynamically encrypting and unlock method based on electronic trick lock |
CN104631961A (en) * | 2014-02-17 | 2015-05-20 | 袁磊 | Dynamic password electronic lock system in which password changes according to random codes |
CN105827576A (en) * | 2015-01-05 | 2016-08-03 | 珠海汇金科技股份有限公司 | Unlocking method and system based on dynamic cipher lock |
CN106127905A (en) * | 2016-07-05 | 2016-11-16 | 杭州摇光科技有限公司 | A kind of electrical lock apparatus, system and method for unlocking thereof |
-
2017
- 2017-06-16 CN CN201710455739.5A patent/CN107221061A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101294463A (en) * | 2008-06-18 | 2008-10-29 | 大连交通大学 | Dynamically encrypting and unlock method based on electronic trick lock |
CN104631961A (en) * | 2014-02-17 | 2015-05-20 | 袁磊 | Dynamic password electronic lock system in which password changes according to random codes |
CN105827576A (en) * | 2015-01-05 | 2016-08-03 | 珠海汇金科技股份有限公司 | Unlocking method and system based on dynamic cipher lock |
CN106127905A (en) * | 2016-07-05 | 2016-11-16 | 杭州摇光科技有限公司 | A kind of electrical lock apparatus, system and method for unlocking thereof |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108076151A (en) * | 2017-12-19 | 2018-05-25 | 众算(上海)数据科技有限公司 | A kind of platform and control method based on NB-IOT networks |
CN109525391A (en) * | 2018-10-14 | 2019-03-26 | 浙江鸿利锁业有限公司 | A kind of method that server is synchronous with lockset information security |
CN109525391B (en) * | 2018-10-14 | 2021-12-03 | 浙江鸿利锁业有限公司 | Method for safely synchronizing information of server and lockset |
WO2020088623A1 (en) * | 2018-10-31 | 2020-05-07 | 云丁网络技术(北京)有限公司 | Intelligent device control method and system |
CN109872421A (en) * | 2019-01-08 | 2019-06-11 | 博拉网络股份有限公司 | A kind of big data access control management method and its management system |
CN109951319A (en) * | 2019-02-22 | 2019-06-28 | 北京深思数盾科技股份有限公司 | The method and encryption machine equipment of backup encryption equipment administrator lock |
CN110211268A (en) * | 2019-06-04 | 2019-09-06 | 北京一砂信息技术有限公司 | A kind of client, server, system, method and the storage medium of timeliness random cipher unlock smart lock |
CN112184952A (en) * | 2019-06-17 | 2021-01-05 | 中国电信股份有限公司 | Intelligent lock control system, method and storage medium |
CN114694279A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Method for acquiring offline password, computer readable storage medium and terminal device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107221061A (en) | A kind of cipher management method of smart lock | |
CN109272606B (en) | Intelligent lock supervision equipment and method based on block chain and storage medium | |
CN207409010U (en) | The newer temporary password access control system of encryption parameter dynamic | |
CN108055235B (en) | Control method of intelligent lock, related equipment and system | |
CN107274532A (en) | The temporary password gate control system that encryption parameter dynamically updates | |
CN1323538C (en) | A dynamic identity certification method and system | |
CN101222488B (en) | Method and network authentication server for controlling client terminal access to network appliance | |
CN103491093B (en) | A kind of smart power grid user access authorization methods | |
CN107833317A (en) | Control of bluetooth access control system and method | |
CN108711209A (en) | dynamic password generation and verification method and system | |
CN105635094A (en) | Security authentication method, security authentication device and security verification system | |
CN104769602A (en) | Method and system for verifying an access request | |
CN107146307A (en) | A kind of method of securely unlocking of intelligent lock system | |
CN107154847A (en) | Towards the method for generating cipher code, verification method and its smart machine of offline environment | |
CN105933318A (en) | Data secret-keeping method, device and system | |
CN106060073B (en) | Channel key machinery of consultation | |
CN106027467B (en) | A kind of identity card reading response system | |
CN104539420A (en) | General intelligent hardware safe secret key management method | |
CN104580246B (en) | Dynamic and intelligent safe key is produced and managing and control system and method under WiFi environment | |
CN104125230A (en) | Short message authentication service system and authentication method | |
CN109936552A (en) | A kind of cipher key authentication method, server and system | |
CN109525391A (en) | A kind of method that server is synchronous with lockset information security | |
CN107958513A (en) | A kind of offline authorization method and system of electronic lock | |
CN105069920A (en) | Password-dynamic-synchronization-based collection system | |
CN108734812A (en) | Remote unlocking method, apparatus based on ZigBee and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170929 |