CN108055124A - Lock administration system and lock management method - Google Patents
Lock administration system and lock management method Download PDFInfo
- Publication number
- CN108055124A CN108055124A CN201711128861.8A CN201711128861A CN108055124A CN 108055124 A CN108055124 A CN 108055124A CN 201711128861 A CN201711128861 A CN 201711128861A CN 108055124 A CN108055124 A CN 108055124A
- Authority
- CN
- China
- Prior art keywords
- unlocking
- authorized
- authorization message
- smart lock
- lock
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 17
- 238000013475 authorization Methods 0.000 claims abstract description 135
- 238000000034 method Methods 0.000 claims abstract description 21
- 230000008569 process Effects 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 230000009471 action Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000005764 inhibitory process Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00412—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Lock And Its Accessories (AREA)
Abstract
The present invention provides a kind of lock administration system and lock management methods, are related to smart lock technical field.User can establish corresponding account by account subsystem, and the unlocking authority of smart lock can be authorized to other by authorization subsystem and be authorized to side, it needs to use authorized party's digital signature during mandate, authorized party's digital signature has unique correspondence with authorized party so that the operation of mandate can not be counterfeited.It is simultaneously to have the authorized of authorized information that the ciphertext of smart lock can be decrypted just now so that can not unlock without authorized personnel to smart lock.The unlocking of smart lock need to only be can be realized by electronic equipment by being authorized to side, without carrying physical key so that licensing process is simpler.Meanwhile the corresponding public private key pair of authorized party stores respectively in lock administration system and personal terminal, can not all realize mandate and unlocking separately through public key or private key, unlocking process is safer.
Description
Technical field
The present invention relates to smart lock technical field, in particular to a kind of lock administration system and lock management method.
Background technology
Existing gate inhibition or other many Practical Intelligents in place to be opened the door by lockset control are locked to improve security.Mostly
Smart lock when licensing to other users and being unlocked, the problem of often being faced with security and.For example, some are simple
Password by setting password for lock, is then informed user by authorization unlocking method.In this way, password is knowable to third party, hold very much
Easily leakage needs to tell others' password if other people is authorized to open.Secondly, password degree of safety itself is not high, also exists and is cracked
Risk.
The content of the invention
In view of this, the present invention provides a kind of lock administration system based on asymmetric encryption techniques, it can realize and more pacify
Full unlocking management.
Technical solution provided by the invention is as follows:
A kind of lock administration system, including:
Account subsystem, for distributing public private key pair according to the identity of user for the user, wherein described public and private
Key is stored in including public key and corresponding private key, the public key in the lock administration system, the private key be stored in it is described
In the corresponding personal terminal of user;
Authorization subsystem is locked, for the unlocking authority of smart lock to be licensed to the intelligence according to the authorization message received
Lock corresponding authorized side;
Unlocking subsystem, for determining whether the unlocking received request has unlocking authority, if the request of unlocking
With unlocking authority, the unlocking instruction with the corresponding smart lock of unlocking request is generated, to open the smart lock.
Further, the lock authorization subsystem is in the following manner according to authorization message the opening smart lock received
Permission grant is locked to corresponding authorized side:
Receive the authorization message for the smart lock that authorized party sends;
The authorization message is encrypted, authorized informative abstract;
Authorization message summary is encrypted using private key corresponding with the authorized party, generation authorized party's number label
Name;
Using the corresponding public key of the authorized side to authorized party's digital signature of the authorization message and generation into
Row encryption, and encrypted authorization message and authorized party's digital signature are stored in the smart lock, complete smart lock mandate.
Further, the unlocking subsystem determines unlocking request according to the unlocking request received in the following manner
Whether there is unlocking authority:
The private key for being authorized to and just providing is provided, the corresponding ciphertext of the smart lock is decrypted using the private key, and root
Judge to unlock according to decrypted result and ask whether corresponding authorized side has unlocking authority;
If obtaining the authorization message and authorized party's digital signature after the ciphertext is decrypted, show to receive
To unlocking corresponding authorized side is asked to possess unlocking authority;
If the ciphertext, which is decrypted, cannot obtain decrypted result, show that the unlocking received request is corresponding and awarded
Quan Fang does not possess unlocking authority.
Further, the corresponding ciphertext of the smart lock is decrypted using the private key, authorized information and mandate
After square digital signature, the unlocking subsystem is additionally operable to:
Public key corresponding with the authorized party is obtained according to the authorization message;
The authorized party's digital signature obtained using the public key corresponding with the authorized party to decryption is decrypted, and is obtained
First authorization message is made a summary;
Computing is decrypted in the authorization message obtained to decryption, obtains the second authorization message summary;
First authorization message summary is compared with second authorization message summary, if described first authorizes
Informative abstract is identical with the second authorization message summary, shows that the corresponding authorized party of the smart lock has unlocking authority, to
The smart lock sends unlocking instruction.
Further, the unlocking subsystem is additionally operable in first authorization message summary and second authorization message
When making a summary inconsistent, determine that the corresponding authorized party of the smart lock is insincere, record the information of the authorized side, to the intelligence
It can lock transmission refusal unlocking instruction.
Further, which further includes the alert sub-system being connected with the unlocking subsystem, the alert sub-system
For in first authorization message summary and inconsistent second authorization message summary, generating warning message, this being reported
Alert information is sent to authorized party corresponding with the smart lock.
The present invention also provides a kind of lock management method, including:
Public private key pair is distributed for the user according to the identity of user, wherein the public private key pair includes public key and right
The private key answered, the public key are stored in the lock administration system, and the private key is stored in corresponding with the user personal whole
In end;
The unlocking authority of smart lock is licensed to by the corresponding authorized side of smart lock according to the authorization message received;
Whether the sender for determining unlocking information according to the unlocking information of reception has unlocking authority, if described sender
With unlocking authority, the unlocking instruction of generation smart lock corresponding with the unlocking information, to open the smart lock.
Further, the unlocking authority of smart lock licenses to smart lock is corresponding to be awarded according to the authorization message received
The step of Quan Fang includes:
Receive the authorization message for the smart lock that authorized party sends;
The authorization message is encrypted, authorized informative abstract;
Authorization message summary is encrypted using private key corresponding with the authorized party, generation authorized party's number label
Name;
Using the corresponding public key of the authorized side to authorized party's digital signature of the authorization message and generation into
Row encryption, and encrypted authorization message and authorized party's digital signature are stored in the smart lock, complete smart lock mandate.
Further, whether the sender for determining unlocking information according to the unlocking information of reception has the step of unlocking authority
Including:
The private key for being authorized to and just providing is provided, the corresponding ciphertext of the smart lock is decrypted using the private key, and root
Judge to unlock according to decrypted result and ask whether corresponding authorized side has unlocking authority;
If obtaining the authorization message and authorized party's digital signature after the ciphertext is decrypted, show to receive
To unlocking request possess unlocking authority;
If the ciphertext, which is decrypted, cannot obtain decrypted result, show that the unlocking received request is corresponding and awarded
Quan Fang does not possess unlocking authority.
Further, the authorization message and authorized party's digital signature are obtained after the ciphertext is decrypted
After step, this method further includes:
Public key corresponding with the authorized party is obtained according to the authorization message;
The authorized party's digital signature obtained using the public key to decryption is decrypted, and obtains the first authorization message summary;
Computing is decrypted in the authorization message obtained to decryption, obtains the second authorization message summary;
First authorization message summary is compared with second authorization message summary, if described first authorizes
Informative abstract is identical with the second authorization message summary, shows that the corresponding authorized party of the smart lock has unlocking authority, to
The smart lock sends unlocking instruction.
An embodiment of the present invention provides a kind of lock administration system based on asymmetric encryption techniques, user can pass through account
Subsystem establishes corresponding account, and can authorize the unlocking authority of smart lock to other by authorization subsystem and be authorized to side,
It is needed during mandate using authorized party's digital signature, which has unique corresponding pass with authorized party
System so that the operation of mandate can not be counterfeited.It is simultaneously to have the authorized of authorized information just now can be to the ciphertext of smart lock
It is decrypted so that can not unlock without authorized personnel to smart lock.Being authorized to side only need to pass through electronic equipment
The unlocking of smart lock can be realized, without carrying physical key so that licensing process is simpler.Meanwhile the corresponding public affairs of authorized party
Private key can not all realize mandate separately through public key or private key and open to being stored respectively in lock administration system and personal terminal
Lock, unlocking process are safer.
For the above objects, features and advantages of the present invention is enable to be clearer and more comprehensible, preferred embodiment cited below particularly, and coordinate
Appended attached drawing, is described in detail below.
Description of the drawings
It in order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of scope, for those of ordinary skill in the art, without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is a kind of schematic diagram of lock administration system provided in an embodiment of the present invention.
Fig. 2 is the flow chart of the lock management method applied to the lock administration system.
Fig. 3 is the submethod flow diagram of the step S20 of Fig. 2.
Fig. 4 is the submethod flow diagram of the step S30 of Fig. 2.
Fig. 5 is the schematic diagram of another lock administration system provided in an embodiment of the present invention.
Icon:10- lock administration systems;101- account subsystems;102- locks authorization subsystem;103- unlocking subsystems;
104- alert sub-systems.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Ground describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.Usually exist
The component of the embodiment of the present invention described and illustrated in attached drawing can configure to arrange and design with a variety of herein.Cause
This, the detailed description of the embodiment of the present invention to providing in the accompanying drawings is not intended to limit claimed invention below
Scope, but it is merely representative of the selected embodiment of the present invention.Based on the embodiment of the present invention, those skilled in the art are not doing
Go out all other embodiments obtained on the premise of creative work, belong to the scope of protection of the invention.
It should be noted that:Similar label and letter represents similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent attached drawing in a attached drawing.Meanwhile the present invention's
In description, term " first ", " second " etc. are only used for distinguishing description, and it is not intended that instruction or hint relative importance.
An embodiment of the present invention provides a kind of lock administration system 10 based on asymmetric encryption techniques, as shown in Figure 1, including
Account subsystem 101, lock authorization subsystem 102 and unlocking subsystem 103.The lock administration system 10 carries out intelligent lock management
Method is method as shown in Figure 2.
Detailed, account subsystem 101, for distributing public private key pair according to the identity of user for the user,
Described in public private key pair include public key and corresponding private key, the public key is stored in the lock administration system 10, the private key
It is stored in personal terminal corresponding with the user.
User can first pass through mobile terminal or other-end is established and the communication connection of lock administration system 10, establishes communication
Conventional Account Registration can be carried out after connection.User can upload in oneself corresponding account shows personal identification
Identity, the identification information of name, passport NO. or other forms can be included.Account subsystem 101 is receiving use
After the identity that family uploads, public private key pair can be distributed for the user according to default allocation algorithm.Public private key pair includes public affairs
Key and corresponding private key, the public key can be stored in the lock administration system 10, the private key can be stored in it is described
In the corresponding personal terminal of user.
Public key and private key are stored separately, can fully ensure that the privacy of key, can not be extrapolated separately through public key
Private key can not also extrapolate public key separately through private key.Even if the public key information in lock administration system 10 is leaked, other people also without
Method passes through the safety of asymmetrical encryption technology realization key by public key acquisition to corresponding private key.
User can also register corresponding smart lock by account subsystem 101, which can be on logistics cabinet
The door-control lock or the smart lock of other forms that lockset or access control open or close, smart lock can pass through communication equipment and lock
Management system 10 establishes communication connection, and can be opened when lock administration system 10 issues unlocking instruction or in lock-out state
Under locking when receiving blocking order.User can register the intelligent lock information of smart lock in account subsystem 101
Storage, and the mapping relations with the public private key pair of the user can be established.One user can obtain one or more pairs of public and private keys
It is right, so as to establish the correspondence of a pair of of public private key pair and multiple smart locks or each smart lock is made to be corresponding with difference
Public private key pair.
Authorization subsystem 102 is locked, it is described for being licensed to the unlocking authority of smart lock according to the authorization message received
The corresponding authorized side of smart lock.
Lock authorization subsystem 102 can authorize the unlocking authority of chartered smart lock.Detailed, such as Fig. 3
Shown, lock authorization subsystem 102 can realize the mandate of unlocking authority by following steps.
Step S101 receives the authorization message for the smart lock that authorized party sends.
Authorized party can be the user registered in advance in lock administration system 10, which can open corresponding
Lock permission authorizes other and is authorized to side.Authorization message can be the letter of the mark comprising openable smart lock that authorized party provides
Breath or uncaging time information.For example, authorized party can determine to be authorized to the specific number of the openable smart lock in side, can beat
Specific period for opening, the service life of unlocking authority, out-of-service time etc. information.
The authorization message is encrypted in step S102, authorized informative abstract.
Encryption Algorithm can be used, such as Hash Encryption Algorithm, authorization message is encrypted, authorized information after encryption
Summary.
Step S103 is encrypted authorization message summary using private key corresponding with the authorized party, and generation is awarded
Power side's digital signature.
Step S104, using the corresponding public key of the authorized side to the mandate number formulary of the authorization message and generation
Word signature is encrypted, and encrypted authorization message and authorized party's digital signature are stored in the smart lock, completes intelligence
It can lock mandate.
The private key for having arrived authorized party and institute of the public key to authorization message and generation for being authorized to side are used in licensing process
It states authorized party's digital signature to be encrypted, encrypted authorization message and authorized party's digital signature can serve as the close of smart lock
Text, the ciphertext can be stored in smart lock.Due to the use of the public key of authorized side, the mandate to being authorized to side is realized.
The identity information for being authorized to side can be predefined, and then the public key for being authorized to side is determined in lock administration system 10.It is awarded
Quan Fang can pass through the decryption and verification to the ciphertext when needing to open the smart lock, it is determined whether can open corresponding
Smart lock.
The unlocking authority of one smart lock can be authorized one or more authorized sides by authorized party, can also be by more intelligence
The unlocking authority that can be locked authorizes one or more authorized sides simultaneously.The unlocking authority of a smart lock can be authorized simultaneously more
A authorized side, and only multiple authorized sides can just obtain the intelligence simultaneously all when providing the unlocking authority of the smart lock
The complete unlocking authority that can be locked.
Unlocking subsystem 103, for determining whether the unlocking received request has unlocking authority, if the unlocking please
It asks with unlocking authority, the unlocking instruction with the corresponding smart lock of unlocking request is generated, to open the smart lock.
It is understood that being authorized to side when needing to unlock to a certain smart lock, can establish and lock management system
The communication connection of system 10, such as the connection with lock administration system 10 can be established by mobile terminal.It can be upon establishment of a connection
The request that will unlock is sent to lock administration system 10, and unlocking subsystem 103, can be to the unlocking after receiving and being unlocked request
Request is verified, determines whether unlocking request has unlocking authority, and can ask have the power of unlocking in the definite unlocking
In limited time, unlocking instruction is generated, corresponding smart lock is opened.Unlocking subsystem 103, which can be set in advance in, is authorized to side's use
Electronic equipment in or set in the server.
Detailed, as shown in figure 4, unlocking subsystem 103 can realize the judgement of unlocking authority by following steps.
Step S201 receives the private key for being authorized to and just providing, and the corresponding ciphertext of the smart lock is carried out using the private key
Decryption.
Step S202, if obtaining the authorization message M and authorized party number label after the ciphertext is decrypted
Name s shows that the unlocking received request possesses unlocking authority.
Since the ciphertext of smart lock is private key and the authorized square public key encryption by authorized party, it is permissible to be authorized to side
The communication connection with smart lock is established, obtains the ciphertext stored in smart lock, and is reused corresponding with the public key of the authorized side
Private key ciphertext is decrypted, correct private key can decrypt to obtain authorization message M and the authorized party's number that ciphertext includes
Sign s.It, only just can be to by corresponding to the private key with correct correspondence due to the unique corresponding relation of public key and private key
The information of public key encryption be decrypted, ensure the correctness authorized.
Step S203 if the ciphertext, which is decrypted, cannot obtain decrypted result, shows that the unlocking received is asked
Corresponding authorized side does not possess unlocking authority.
Can by obtaining decrypted result, it be trusted or fly-by-night to determine that this is authorized to side, also, lock management
System 10 can store the result, be recorded by inquiring about unlock corresponding with smart lock, which understanding has be authorized to
Side attempts to be unlocked, while will be seen that the relevant informations such as the time for attempting to unlock.
If being authorized to side has been previously obtained the unlocking authority for being directed to a certain smart lock, due in the licensing process of smart lock
Using the public key to authorized side, since public key and corresponding private key have default correspondence.It is authorized to side with this
The corresponding private key of public key is exactly that the ciphertext of the smart lock can be carried out to strive for decryption.Lock administration system 10 is by being authorized to side
The private key of offer can decrypt the ciphertext of smart lock authorized information M and authorized party's digital signature s.Unlocking subsystem
103 can realize issuing for further unlocking instruction by following steps again.
Step S204 obtains public key corresponding with the authorized party according to the authorization message M.
After ciphertext being decrypted authorized information M and authorized party's digital signature s, progress is included in authorization message
The relevant information of the authorized party of mandate can determine corresponding public key according to the authorization message from lock administration system 10.
Step S205, using the public key corresponding with the authorized party to the obtained authorized party's digital signature s of decryption into
Row decryption obtains the first authorization message summary H.
, can be for authorization to informative abstract by the decryption to authorized party's digital signature s, the mandate which is obtained is believed
Breath summary is as the first authorization message summary H.
Computing is decrypted in step S206, the authorization message M obtained to decryption, obtains the second authorization message summary h.
Default decipherment algorithm, such as hash algorithm can be used, computing is decrypted to authorization message M, is decrypted
Authorization message summary after computing, using the authorization message obtained after the decryption computing summary as the second authorization message summary h.
First authorization message summary h is compared step S207 with second authorization message summary H, if
The first authorization message summary h is identical with the second authorization message H summaries, shows the corresponding authorized party's tool of the smart lock
There is unlocking authority, unlocking instruction is sent to the smart lock.
Through the above steps, awarded if the first authorization message summary h can be obtained by comparison with described second
Power information H summaries are identical as a result, showing that being authorized to side has obtained the correct mandate for the smart lock.Lock administration system 10
Unlocking instruction can be issued to smart lock, smart lock is after unlocking instruction is received, you can carry out unlocking action.Authorized side is just
By the unlocking for after the mandate of authorized party, realizing smart lock.
If by the first authorization message summary h and the second authorization message make a summary it is being obtained after H is compared the result shows that, two
Person is inconsistent, and it is not mandate letter corresponding or to forge to show that this is authorized to the smart lock that authorizes just obtained
Breath shows that the authorized side for attempting to unlock does not obtain correct unlocking authority, belongs to and assume another's name to unlock.At this point, lock management
System 10 can send the instruction that refusal is unlocked to smart lock, and the smart lock is made not to be opened.Meanwhile this can be attempted
The corresponding identification information of terminal unlocked is recorded, such as can record the MAC Address of the terminal, SIM card
The information such as (Subscriber Identification Module, subscriber identification card) card number.It is emitted further, it is also possible to establish
The blacklist for the terminal of assuming another's name that name is unlocked stores the relevant information for the terminal unlocked of assuming another's name.
Authorizing the unlocking authority of a smart lock to multiple authorized sides, and only multiple authorized sides all carry simultaneously
When can just obtain the complete unlocking authority of the smart lock for the unlocking authority of the smart lock, which opens all quilts needed
Authorized party is required for providing respective part unlocking authority to lock administration system 10, and unlocking subsystem 103 can be awarded all
The part unlocking authority that Quan Fang is provided forms complete unlocking authority, and the complete unlocking authority is carried out above-mentioned judgement step
Suddenly, and final judgement is obtained as a result, realizing that the unlocking of smart lock or refusal are unlocked.Such situation can be realized only multiple
Authorized side only possesses the part unlocking authority of a smart lock, and it is the unlocking that can not complete the smart lock that one, which is authorized to side,
, the only corresponding all authorized sides of the smart lock both provide correct authorization message, could realize the correct of smart lock
It unlocks.Such mode causes one multiple authorized sides to be needed to provide unlocking request simultaneously smart lock, only possesses which part
Being authorized to the information of Fang Fang can not unlock, and in some special unlocking occasions, further improve the safety that smart lock is unlocked
Property.
In addition, as shown in figure 5, the lock administration system 10 can also include alert sub-system 104, in unlocking subsystem
103 during whether the unlocking request for determining to receive has unlocking authority, has obtained the request of unlocking and has not unlocked
Permission as a result, can generate notification information notifies the alert sub-system 104.Alert sub-system 104 can be according to notification information
It alarms, such as prompt messages can be sent to the electric terminal of authorized party corresponding with smart lock, to smart lock
Owner carry out warning reminding, it is prompted to have the person of unlocking to assume another's name that the unlocking assumed another's name has been used to ask to attempt to carry out smart lock
Unlocking operation.Simultaneously the information such as the coding of smart lock, position can be sent to authorized party together, to assume another's name unlock behavior into
Row warning reminding.
An embodiment of the present invention provides a kind of lock administration system 10 based on asymmetric encryption techniques, user can pass through account
Family subsystem 101 establishes corresponding account, and can authorize the unlocking authority of smart lock to other by authorization subsystem and be awarded
Quan Fang is needed during mandate using authorized party's digital signature, which has unique with authorized party
Correspondence so that the operation of mandate can not be counterfeited.It is simultaneously to have the authorized of authorized information just now can be to smart lock
Ciphertext be decrypted so that can not unlock without authorized personnel to smart lock.Being authorized to side only need to pass through electricity
The unlocking of smart lock can be realized in sub- equipment, without carrying physical key so that licensing process is simpler.Meanwhile authorized party couple
The public private key pair answered stores respectively in lock administration system 10 and personal terminal, can not all realize and award separately through public key or private key
Power and unlocking, unlocking process are safer.
The embodiment of the present invention additionally provides a kind of lock management method, then as shown in Fig. 2, comprises the following steps.
Step S10 distributes public private key pair, wherein the public private key pair includes according to the identity of user for the user
Public key and corresponding private key, the public key are stored in the lock administration system, and the private key is stored in corresponding with the user
Personal terminal in.Detailed, it may refer to the description of above-mentioned account subsystem.
The unlocking authority of smart lock, is licensed to that smart lock is corresponding to be awarded according to the authorization message received by step S20
Quan Fang.Detailed, it may refer to the description of above-mentioned lock authorization subsystem.
Step S30, whether the sender for determining unlocking information according to the unlocking information of reception has unlocking authority, if institute
Sender is stated with unlocking authority, the unlocking instruction of generation smart lock corresponding with the unlocking information, to open the smart lock.
Detailed, it may refer to the description of above-mentioned unlocking subsystem.
The unlocking authority of smart lock is licensed to the step of the corresponding authorized side of smart lock according to the authorization message received
Suddenly include:Receive the authorization message for the smart lock that authorized party sends;The authorization message is encrypted, authorized letter
Breath summary;Authorization message summary is encrypted using private key corresponding with the authorized party, generation authorized party's number label
Name;Authorized party's digital signature of the authorization message and generation is added using the authorized side corresponding public key
It is close, and encrypted authorization message and authorized party's digital signature are stored in the smart lock, complete smart lock mandate.In detail
, it may refer to descriptions of the above-mentioned steps S101 to step S104.
Whether the sender for determining unlocking information according to the unlocking information of reception there is the step of unlocking authority can include:
The private key for being authorized to and just providing is provided, the corresponding ciphertext of the smart lock is decrypted using the private key;If to described close
Text obtains the authorization message and authorized party's digital signature after being decrypted, show that the unlocking received request possesses unlocking
Permission;If the ciphertext, which is decrypted, cannot obtain decrypted result, show that the unlocking received request is corresponding and be authorized to
Side does not possess unlocking authority.Detailed, it may refer to descriptions of the above-mentioned steps S201 to step S203.
After the step of authorization message and authorized party's digital signature are obtained after the ciphertext is decrypted,
This method further includes:Public key corresponding with the authorized party is obtained according to the authorization message;Using the public key to decrypting
To authorized party's digital signature be decrypted, obtain the first authorization message summary;The authorization message that decryption obtains is carried out
Computing is decrypted, obtains the second authorization message summary;By first authorization message summary with second authorization message make a summary into
Row compares, if first authorization message summary is identical with the second authorization message summary, shows that the smart lock corresponds to
Authorized party have unlocking authority, to the smart lock send unlocking instruction.Detailed, above-mentioned steps S204 is may refer to step
The description of rapid S207.
In several embodiments provided herein, it should be understood that disclosed apparatus and method can also pass through
Other modes are realized.The apparatus embodiments described above are merely exemplary, for example, flow chart and block diagram in attached drawing
Show the devices of multiple embodiments according to the present invention, method and computer program product architectural framework in the cards,
Function and operation.In this regard, each box in flow chart or block diagram can represent the one of a module, program segment or code
Part, a part for the module, program segment or code include one or more and are used to implement holding for defined logic function
Row instruction.It should also be noted that at some as in the realization method replaced, the function that is marked in box can also be to be different from
The order marked in attached drawing occurs.For example, two continuous boxes can essentially perform substantially in parallel, they are sometimes
It can perform in the opposite order, this is depending on involved function.It is it is also noted that every in block diagram and/or flow chart
The combination of a box and the box in block diagram and/or flow chart can use function or the dedicated base of action as defined in performing
It realizes or can be realized with the combination of specialized hardware and computer instruction in the system of hardware.
In addition, each function module in each embodiment of the present invention can integrate to form an independent portion
Point or modules individualism, can also two or more modules be integrated to form an independent part.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should all be included in the protection scope of the present invention.It should be noted that:Similar label and letter exists
Similar terms is represented in following attached drawing, therefore, once being defined in a certain Xiang Yi attached drawing, is then not required in subsequent attached drawing
It is further defined and is explained.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can readily occur in change or replacement, should all contain
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention described should be subject to the protection scope in claims.
Claims (10)
1. a kind of lock administration system, which is characterized in that including:
Account subsystem, for distributing public private key pair according to the identity of user for the user, wherein the public private key pair
Including public key and corresponding private key, the public key is stored in the lock administration system, and the private key is stored in and the user
In corresponding personal terminal;
Authorization subsystem is locked, for the unlocking authority of smart lock to be licensed to the smart lock pair according to the authorization message received
The authorized side answered;
Unlocking subsystem, for determining whether the unlocking received request has unlocking authority, if the request of unlocking has
Unlocking authority generates the unlocking instruction with the corresponding smart lock of unlocking request, to open the smart lock.
2. lock administration system according to claim 1, which is characterized in that described to lock authorization subsystem root in the following manner
The unlocking authority of smart lock is licensed into corresponding authorized side according to the authorization message received:
Receive the authorization message for the smart lock that authorized party sends;
The authorization message is encrypted, authorized informative abstract;
Authorization message summary is encrypted using private key corresponding with the authorized party, generates authorized party's digital signature;
Authorized party's digital signature of the authorization message and generation is added using the authorized side corresponding public key
It is close, and encrypted authorization message and authorized party's digital signature are stored in the smart lock, complete smart lock mandate.
3. lock administration system according to claim 2, which is characterized in that unlocking subsystem basis in the following manner
The unlocking request received determines whether unlocking request has unlocking authority:
The private key for being authorized to and just providing is provided, the corresponding ciphertext of the smart lock is decrypted using the private key, and according to solution
Close result, which judges to unlock, asks whether corresponding authorized side has unlocking authority;
If obtaining the authorization message and authorized party's digital signature after the ciphertext is decrypted, show what is received
It unlocks and corresponding authorized side is asked to possess unlocking authority;
If the ciphertext, which is decrypted, cannot obtain decrypted result, show that corresponding authorized side is asked in the unlocking received
Do not possess unlocking authority.
4. lock administration system according to claim 3, which is characterized in that corresponding to the smart lock close using the private key
Text is decrypted, and after authorized information and authorized party's digital signature, the unlocking subsystem is additionally operable to:
Public key corresponding with the authorized party is obtained according to the authorization message;
The authorized party's digital signature obtained using the public key corresponding with the authorized party to decryption is decrypted, and obtains first
Authorization message is made a summary;
Computing is decrypted in the authorization message obtained to decryption, obtains the second authorization message summary;
First authorization message summary is compared with second authorization message summary, if first authorization message
Summary is identical with the second authorization message summary, shows the corresponding authorized party of the smart lock with unlocking authority, to described
Smart lock sends unlocking instruction.
5. lock administration system according to claim 4, which is characterized in that the unlocking subsystem is additionally operable to described first
When authorization message is made a summary and second authorization message summary is inconsistent, determine that the corresponding authorized party of the smart lock is insincere,
The information of the authorized side is recorded, refusal unlocking instruction is sent to the smart lock.
6. lock administration system according to claim 5, which is characterized in that the system is further included to be connected with the unlocking subsystem
The alert sub-system connect, the alert sub-system are used to make a summary with second authorization message in first authorization message summary
When inconsistent, warning message is generated, which is sent to authorized party corresponding with the smart lock.
7. a kind of lock management method, which is characterized in that including:
Public private key pair is distributed for the user according to the identity of user, wherein the public private key pair includes public key and corresponding
Private key, the public key are stored in the lock administration system, and the private key is stored in personal terminal corresponding with the user;
The unlocking authority of smart lock is licensed to by the corresponding authorized side of smart lock according to the authorization message received;
Whether the sender for determining unlocking information according to the unlocking information of reception has unlocking authority, if described sender has
Unlocking authority generates the unlocking instruction of smart lock corresponding with the unlocking information, to open the smart lock.
8. lock management method according to claim 7, which is characterized in that according to the authorization message received by smart lock
The step that unlocking authority licenses to the corresponding authorized side of smart lock includes:
Receive the authorization message for the smart lock that authorized party sends;
The authorization message is encrypted, authorized informative abstract;
Authorization message summary is encrypted using private key corresponding with the authorized party, generates authorized party's digital signature;
Authorized party's digital signature of the authorization message and generation is added using the authorized side corresponding public key
It is close, and encrypted authorization message and authorized party's digital signature are stored in the smart lock, complete smart lock mandate.
9. lock management method according to claim 8, which is characterized in that unlocking information is determined according to the unlocking information of reception
Sender whether have unlocking authority the step of include:
The private key for being authorized to and just providing is provided, the corresponding ciphertext of the smart lock is decrypted using the private key, and according to solution
Close result, which judges to unlock, asks whether corresponding authorized side has unlocking authority;
If obtaining the authorization message and authorized party's digital signature after the ciphertext is decrypted, show what is received
Request of unlocking possesses unlocking authority;
If the ciphertext, which is decrypted, cannot obtain decrypted result, show that corresponding authorized side is asked in the unlocking received
Do not possess unlocking authority.
10. lock management method according to claim 9, which is characterized in that institute is obtained after the ciphertext is decrypted
After the step of stating authorization message and authorized party's digital signature, this method further includes:
Public key corresponding with the authorized party is obtained according to the authorization message;
The authorized party's digital signature obtained using the public key to decryption is decrypted, and obtains the first authorization message summary;
Computing is decrypted in the authorization message obtained to decryption, obtains the second authorization message summary;
First authorization message summary is compared with second authorization message summary, if first authorization message
Summary is identical with the second authorization message summary, shows the corresponding authorized party of the smart lock with unlocking authority, to described
Smart lock sends unlocking instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711128861.8A CN108055124A (en) | 2017-11-15 | 2017-11-15 | Lock administration system and lock management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711128861.8A CN108055124A (en) | 2017-11-15 | 2017-11-15 | Lock administration system and lock management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108055124A true CN108055124A (en) | 2018-05-18 |
Family
ID=62120106
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711128861.8A Pending CN108055124A (en) | 2017-11-15 | 2017-11-15 | Lock administration system and lock management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108055124A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108830983A (en) * | 2018-05-29 | 2018-11-16 | 广州蛙管家科技有限公司 | A kind of access control system and its working method based on block chain |
| CN109617703A (en) * | 2019-01-31 | 2019-04-12 | 北京深思数盾科技股份有限公司 | Key management method and device, electronic equipment and storage medium |
| CN110310406A (en) * | 2019-07-24 | 2019-10-08 | 珠海格力电器股份有限公司 | Unlocking method of intelligent door lock and intelligent door lock |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104933793A (en) * | 2015-06-11 | 2015-09-23 | 宁波飞拓电器有限公司 | Two-dimension code electronic key implementation method based on digital signature |
| US20160197893A1 (en) * | 2015-01-07 | 2016-07-07 | WaveLynx Technologies Corporation | Systems and methods for secure electronic access control |
| CN105931337A (en) * | 2016-05-09 | 2016-09-07 | 杭州摇光科技有限公司 | Electronic lock device and system and authorizing method of electronic lock system |
| CN106603484A (en) * | 2016-10-25 | 2017-04-26 | 雷飏 | Virtual key method and apparatus using the same, background system, and user terminal |
| CN106652129A (en) * | 2016-11-29 | 2017-05-10 | 宁波飞拓电器有限公司 | Door control system design method based on mobile phone APP (application) |
| US20170180125A1 (en) * | 2015-12-17 | 2017-06-22 | Deutsche Post Ag | Device and method for the personalized provision of a key |
-
2017
- 2017-11-15 CN CN201711128861.8A patent/CN108055124A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160197893A1 (en) * | 2015-01-07 | 2016-07-07 | WaveLynx Technologies Corporation | Systems and methods for secure electronic access control |
| CN104933793A (en) * | 2015-06-11 | 2015-09-23 | 宁波飞拓电器有限公司 | Two-dimension code electronic key implementation method based on digital signature |
| US20170180125A1 (en) * | 2015-12-17 | 2017-06-22 | Deutsche Post Ag | Device and method for the personalized provision of a key |
| CN105931337A (en) * | 2016-05-09 | 2016-09-07 | 杭州摇光科技有限公司 | Electronic lock device and system and authorizing method of electronic lock system |
| CN106603484A (en) * | 2016-10-25 | 2017-04-26 | 雷飏 | Virtual key method and apparatus using the same, background system, and user terminal |
| CN106652129A (en) * | 2016-11-29 | 2017-05-10 | 宁波飞拓电器有限公司 | Door control system design method based on mobile phone APP (application) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108830983A (en) * | 2018-05-29 | 2018-11-16 | 广州蛙管家科技有限公司 | A kind of access control system and its working method based on block chain |
| CN108830983B (en) * | 2018-05-29 | 2021-03-02 | 广州足迹体育文化发展有限公司 | Access control system based on block chain and working method thereof |
| CN109617703A (en) * | 2019-01-31 | 2019-04-12 | 北京深思数盾科技股份有限公司 | Key management method and device, electronic equipment and storage medium |
| CN109617703B (en) * | 2019-01-31 | 2022-07-05 | 北京深思数盾科技股份有限公司 | Key management method and device, electronic equipment and storage medium |
| CN110310406A (en) * | 2019-07-24 | 2019-10-08 | 珠海格力电器股份有限公司 | Unlocking method of intelligent door lock and intelligent door lock |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6073237A (en) | Tamper resistant method and apparatus | |
| JP3595109B2 (en) | Authentication device, terminal device, authentication method in those devices, and storage medium | |
| CN1820482B (en) | Method for generating and managing a local area network | |
| US20070271596A1 (en) | Security, storage and communication system | |
| CN107492161A (en) | A kind of lock management scheme of time-based dynamic token and low-power consumption bluetooth technology | |
| WO2007103298A2 (en) | Security, storage and communication system | |
| CN108900296B (en) | Secret key storage method based on biological feature identification | |
| US20130097427A1 (en) | Soft-Token Authentication System | |
| CN108447154A (en) | Safe unlocking method and device, encryption and decryption method and device, lock and server | |
| CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
| CN112565265B (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN109272609A (en) | A kind of CPU safety door inhibition control method and system | |
| CN103391194B (en) | The method and system that the safety equipment of user are unlocked | |
| CN109285256A (en) | Computer room based on block chain authentication enter permission give method | |
| CN113886771A (en) | Software authorization authentication method | |
| CN111540093A (en) | Access control system and control method thereof | |
| CN108055124A (en) | Lock administration system and lock management method | |
| CN101192927B (en) | Authorization based on identity confidentiality and multiple authentication method | |
| CN1953366B (en) | Password management method and system for intelligent secret key device | |
| CN114401087B (en) | Passive lock identity authentication and key agreement system based on state cryptographic algorithm | |
| CN112073422A (en) | Intelligent home protection system and protection method thereof | |
| CN104753886B (en) | It is a kind of to the locking method of remote user, unlocking method and device | |
| CN106027464B (en) | A kind of security information control method and identity card card-reading terminal | |
| CN106855924A (en) | Embedded intelligent chip equipment and background application system | |
| CN107104792B (en) | Portable mobile password management system and management method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190214 Address after: Room 340, 1st floor, No. 350 Xianxia Road, Changning District, Shanghai, 200336 Applicant after: Shanghai Miaolian Digital Technology Co., Ltd. Address before: 200020 No. 47, Nanchang Road, Shanghai, Luwan District Applicant before: Lv Feng |
|
| TA01 | Transfer of patent application right | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180518 |
|
| RJ01 | Rejection of invention patent application after publication |