CN109816831A - A kind of authentication method and system of the smart lock based on national secret algorithm - Google Patents
A kind of authentication method and system of the smart lock based on national secret algorithm Download PDFInfo
- Publication number
- CN109816831A CN109816831A CN201910100104.2A CN201910100104A CN109816831A CN 109816831 A CN109816831 A CN 109816831A CN 201910100104 A CN201910100104 A CN 201910100104A CN 109816831 A CN109816831 A CN 109816831A
- Authority
- CN
- China
- Prior art keywords
- key
- smart lock
- cloud platform
- certification cloud
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a kind of authentication methods of smart lock based on national secret algorithm, provide a certification cloud platform and multiple smart locks, and each smart lock includes the close chip of a state;After authenticating cloud platform reception trigger signal, an asymmetric key pair, including a public key and a private key are generated, the public key is sent to smart lock.Certification cloud platform is based on the asymmetric key pair with the smart lock and exchanges symmetric key.Symmetric key exchange process is the following steps are included: instruction is asked in A1, smart lock reception;A2, smart lock generate symmetric key according to instruction is asked for;A3, smart lock use public key encryption symmetric key;Symmetric key is uploaded to certification cloud platform by A4, smart lock;A5, certification cloud platform is using private key decrypted symmetric key and saves.Above-mentioned technical proposal the utility model has the advantages that guaranteeing that algorithm autonomous controllable, variable-key and certification authority authority are credible, solve current smart lock data transmission security hidden danger.
Description
Technical field
The present invention relates to smart lock technical field more particularly to a kind of authentication method of the smart lock based on national secret algorithm and
System.
Background technique
Lockset is almost the necessary tool of daily life and industry and commerce field, with the fast development of intellectualized technology, intelligence
Energy lockset also obtains more quickly popularizing.Smart lock (outer literary fame Intelligent Lock), which refers to, is different from tradition machinery
Lock, in user's identification, safety, the more intelligentized lockset of managerial aspect, smart lock is the execution locked a door in access control system
Component.
Smart lock is divided into non-networked smart lock and networking smart lock two major classes.The unlocking voucher typing of non-networked smart lock with
Authentication is in local completion;Networking smart lock needs are interacted with Server remote.Currently, between smart lock and server
Communication containing authentication procedures mostly uses Advanced Encryption Standard (Advanced Encryption Standard, AES) etc. non-
National secret algorithm encrypted transmission.AES is also known as Rijndael enciphered method in cryptography, is a kind of block that U.S. Federal Government uses
Encryption standard is published on FIPS PUB 197 on November 26th, 2001 by National Institute of Standards and Technology (NIST),
And become effective standard on May 26th, 2002.
Current networking smart lock existing deficiency in terms of safety certification: first is that the algorithm used is non-national secret algorithm, no
With autonomous controllability, it not can guarantee that there is no back doors;Second is that a lock is throughout one's life using a key or only in a limited space
Key is selected, is easy to be cracked;Third is that each self-built authentication system of smart lock manufacturer, it is reliable to lack authoritative institution's offer
Identity authentication service, user security must not be not entirely dependent on the sincerity of manufacturer.
Summary of the invention
According to the above-mentioned problems in the prior art, a kind of authentication method of smart lock based on national secret algorithm is now provided
And system, it is intended to guarantee that the autonomous controllable, variable-key of algorithm and certification authority authority are credible, solve current smart lock data
The security risk of transmission, it is ensured that authentication procedures it is safe and reliable, promote mainstream smart lock market from non-networked smart lock
Transformation to networking smart lock.
Above-mentioned technical proposal specifically includes:
A kind of authentication method of the smart lock based on national secret algorithm, provides a certification cloud platform and multiple smart locks, each
The smart lock includes the close chip of a state;
The authentication method includes that unsymmetrical key generation issues process, comprising the following steps:
Step S1 after the certification cloud platform receives a trigger signal, generates a key pair for the smart lock, described
Key pair includes a public key and a private key, and the public key is sent to the smart lock;
Step S2, the smart lock receive the public key and save to the close chip of the state;
The authentication method further includes a symmetrical key exchange process, comprising the following steps:
Step A1, the smart lock receive it is described certification cloud platform send ask for instruction;
Step A2, the smart lock ask for instruction according to and generate a symmetric key;
Step A3, the close chip of the state in the smart lock carry out at encryption the symmetric key using the public key
Reason;
The symmetric key after encryption is uploaded to the certification cloud platform by step A4, the smart lock;
Step A5, the certification cloud platform are decrypted and are saved to the symmetric key using the private key.
Preferably, in the step S1, the trigger signal are as follows:
The smart lock is sent to the initializing signal of the certification cloud platform;Or
The smart lock is sent to the key updating signal of the certification cloud platform.
Preferably, the step S1 is specifically included:
Step S11, the trigger signal is transmitted to by the certification cloud platform to be set to inside the certification cloud platform
In one first key generator;
Step S12, the first key generator are that the smart lock generates the key pair;
Step S13, the certification cloud platform save the private key of the cipher key pair;
The public key of the cipher key pair is sent to the smart lock by step S14, the certification cloud platform.
Preferably, the step S14 is specifically included:
The public key is sent to the smart lock by internet by step S141, the certification cloud platform;
Step S142, the smart lock receive the public key and save to the close chip of the state;
Step S143, the close chip of state generate a return signal;
Step S144, the smart lock send a receipt to the certification cloud platform according to the return signal.
Preferably, the symmetric key is used for the business datum transmitted between the smart lock and the certification cloud platform
Carry out cryptographic operation;
The symmetric key exchange process is then executed when meeting a preset give-and-take conditions;
The give-and-take conditions include completing a business operation or by a preset period of time.
Preferably, the close chip of the state includes one second key generator;
Then the step A2 is specifically included:
Step A21, the smart lock ask for instruction according to and generate new key and instruct and be sent to the state
Close chip;
Step A22, second key generator generate the symmetric key and export.
It preferably, further include the certification process of the cloud platform to the smart lock transmission services data, including following step
It is rapid:
Step B1, the certification cloud platform obtain the symmetric key of Intelligent target lock;
Step B2, the certification cloud platform are encrypted the business datum and are sent to the Intelligent target
Lock;
Step B3, the Intelligent target interlocking receive the business datum and call the close chip of the state to the business datum
It is decrypted;
Step B4, the Intelligent target lock execute local service and generate one first return data;
Step B5, the smart lock call the close chip of state first return data to be encrypted and will be through
The return data for crossing encryption is sent to the certification cloud platform;
Step B6, the certification cloud platform are decrypted first return data and execute local service.
It preferably, further include process of the smart lock to the certification cloud platform transmission services data, including following step
It is rapid:
Step C1, the smart lock calling close chip of state are encrypted the business datum and will be by adding
The business datum of close processing is sent to the certification cloud platform;
Step C2, the certification cloud platform obtain the symmetric key of the smart lock;
The business datum is decrypted in step C3, the certification cloud platform;
Step C4, the certification cloud platform execute local service and generate one second return data;
Step C5, the certification cloud platform are encrypted second return data and are sent to the intelligence
Lock;
Step C6, the smart lock call the close chip of state to be decrypted and execute second return data
Local service.
A kind of Verification System is applied to smart lock;It is worked using above-mentioned authentication method;
Include: in the Verification System
Cloud platform is authenticated, it is described for generating the key pair for the smart lock according to the trigger signal is received
Key pair includes the public key and the private key, and the public key is sent to the smart lock;
Smart lock, for receiving the public key of the certification cloud platform transmission and saving;
The certification cloud platform includes:
First receiving module, for receiving the symmetric key and the trigger signal;
First key generation module connects first receiving module, for according to the trigger signal, use to be preset
Rivest, shamir, adelman generates the key pair;The key pair includes the public key and the private key;
First memory module is separately connected first receiving module and the first key generation module, is used for institute
It states symmetric key or the private key and the smart lock is performed in accordance with preservation;
Directive generation module is asked for, described asks for instruction for generating;
First encryption/decryption module is separately connected the memory module and first receiving module, for using the private
Key is decrypted the symmetric key and saves to first memory module;
First sending module, be separately connected the first key generation module and it is described ask for directive generation module, be used for
By the public key or described ask for instruction and be sent to the smart lock;
The smart lock includes:
Second receiving module, for receiving the public key or described asking for instruction;
Second key production module connects second receiving module, and for asking for instruction according to, use is preset
Symmetric encipherment algorithm generates the symmetric key;
Second memory module is separately connected second receiving module and second key production module, for saving
The public key and the symmetric key;
Trigger signal generation module, for generating the trigger signal;The trigger signal includes the initializing signal
With the key updating signal;
Second encryption/decryption module is separately connected second key production module and second memory module, for adopting
With the public key, the symmetric key is encrypted and is exported;
Second sending module is separately connected the trigger signal generation module and second encryption/decryption module, and being used for will
The trigger signal or the symmetric key Jing Guo encryption are sent to the cloud authentication platform.
The beneficial effect of above-mentioned technical proposal is: guaranteeing that the autonomous controllable, variable-key of algorithm and certification authority authority can
Letter solves the security risk of current smart lock data transmission, it is ensured that safe and reliable, the promotion mainstream intelligence of authentication procedures
Transformation of the market from non-networked smart lock to networking smart lock can be locked.
Detailed description of the invention
Fig. 1 is a kind of totality of the authentication method of the smart lock based on national secret algorithm in preferred embodiment of the invention
Flow diagram;
Fig. 2 is in preferred embodiment of the invention, a kind of authentication method of the smart lock based on national secret algorithm it is symmetrical
The overall procedure schematic diagram of key exchange process;
Fig. 3 is in preferred embodiment of the invention, on the basis of Fig. 1, to recognizing for the smart lock based on national secret algorithm
The flow diagram that card method is described further;
Fig. 4 is in preferred embodiment of the invention, on the basis of Fig. 3, to recognizing for the smart lock based on national secret algorithm
The flow diagram that card method is described further;
Fig. 5 is in preferred embodiment of the invention, on the basis of Fig. 1, to recognizing for the smart lock based on national secret algorithm
The flow diagram that the symmetric key exchange process of card method is described further;
Fig. 6 is a kind of certification of the authentication method of the smart lock based on national secret algorithm in preferred embodiment of the invention
Process from cloud platform to smart lock transmission services data overall procedure schematic diagram;
Fig. 7 is a kind of intelligence of the authentication method of the smart lock based on national secret algorithm in preferred embodiment of the invention
Lock the overall procedure schematic diagram of the process to certification cloud platform transmission services data;
Fig. 8 is a kind of general structure schematic diagram of Verification System in preferred embodiment of the invention;
Fig. 9 is in preferred embodiment of the invention, a kind of overall structure signal of the certification cloud platform in Verification System
Figure;
Figure 10 is in preferred embodiment of the invention, a kind of general structure schematic diagram of the smart lock in Verification System.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art without creative labor it is obtained it is all its
His embodiment, shall fall within the protection scope of the present invention.
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention can phase
Mutually combination.
The present invention will be further explained below with reference to the attached drawings and specific examples, but not as the limitation of the invention.
Based on the above-mentioned problems in the prior art, the present invention provides a kind of certification of smart lock based on national secret algorithm
Method, provides a certification cloud platform and multiple smart locks, and each smart lock includes the close chip of a state;
Authentication method includes that unsymmetrical key generation issues process, as shown in Figure 1, comprising the following steps:
Step S1 after certification cloud platform receives a trigger signal, generates a key pair for smart lock, key pair includes one
Public key and a private key, and public key is sent to smart lock;
Step S2, smart lock receive public key and save to the close chip of state;
Authentication method further includes a symmetrical key exchange process, as shown in Figure 2, comprising the following steps:
Step A1, smart lock receive certification cloud platform send ask for instruction;
Step A2, smart lock generate a symmetric key according to instruction is asked for;
Step A3, the close chip of state in smart lock are encrypted symmetric key using public key;
Symmetric key after encryption is uploaded to certification cloud platform by step A4, smart lock;
Step A5, certification cloud platform are decrypted and are saved to symmetric key using private key.
Specifically, the present invention uses the safe transmission system between national secret algorithm building certification cloud and smart lock of networking.Make
Business datum is encrypted with symmetric encipherment algorithm, symmetric encipherment algorithm refers to encryption and decryption adding using same key
The encryption key of close algorithm, symmetric encipherment algorithm can be calculated from decruption key, while decruption key can also be from adding
It is calculated in key.In most of symmetric encipherment algorithm, encryption key and decruption key are identical, so also referred to as
This Encryption Algorithm is secret-key algorithm or single key algorithm.It requires sender and recipient before secure communication, quotient
A fixed key.The safety of symmetry algorithm depends on key, and leakage key means that anyone can send them
Or received message decryption, so the confidentiality of key is most important to the safety of communication.
Further, using the key of rivest, shamir, adelman cryptographic symmetrical cryptographic algorithm.Rivest, shamir, adelman needs
One key pair, include two keys: public-key cryptography (public key) i.e. public key and private cipher key (private key) is i.e. private
Key.Public key and private key are a pair, if encrypted with public key to data, could only be decrypted with corresponding private key;If with
Private key encrypts data, then could only be decrypted with corresponding public key.
In the embodiment of the present invention, provide a certification cloud platform and multiple smart locks, each smart lock can with it is above-mentioned
Cloud platform is authenticated by internet communication, and the safety of the embedded support national secret algorithm for being known as the close chip of state of the smart lock networked
Chip;The negative key pair that can complete rivest, shamir, adelman of above-mentioned certification cloud platform generates, under key management and unlocking voucher
The tasks such as hair.It should be noted that certification cloud platform is open system, the networking smart lock of all insertion close chips of state is equal
It can access certification cloud platform, and provide service by certification cloud platform for it.
In above-described embodiment, certification cloud platform authenticates in cloud platform after the trigger signal for receiving smart lock transmission
The key generator of rivest, shamir, adelman is that the smart lock generates a corresponding key pair, wherein the key pair includes
One public key and a private key;Public key is sent to above-mentioned smart lock and private key is stored in certification cloud platform by certification cloud platform;Intelligence
Energy interlocking is received the public key that certification cloud platform issues and is saved into the close chip of state.
In specific embodiments of the present invention, smart lock receive certification cloud platform send it is new symmetrical close about asking for
Key ask for instruction after, generate a symmetric key simultaneously using the rivest, shamir, adelman public key that is stored in the smart lock to symmetrical
Key is encrypted;The ciphertext of symmetric key is uploaded to certification cloud platform by smart lock;Certification cloud platform uses asymmetric
Symmetric key is decrypted in the private key of Encryption Algorithm, obtains the symmetric key of symmetric encipherment algorithm and preservation.
It should be noted that above-mentioned trigger signal is the initializing signal or smart lock that smart lock is sent to certification cloud platform
It is sent to the key updating signal of certification cloud platform.Above-mentioned symmetric key will be used to encryption certification cloud platform and the smart lock it
Between subsequent interaction business datum, until this service interaction complete or the expired symmetric key of time window be updated.
In preferred embodiment of the invention, as shown in figure 3, step S1 is specifically included:
Step S11, it is raw that trigger signal is transmitted to the first key being set to inside certification cloud platform by certification cloud platform
In growing up to be a useful person;
Step S12, first key generator are that smart lock generates key pair;
Step S13, certification cloud platform save the private key of cipher key pair;
Step S14 authenticates cloud platform for the public key of cipher key pair and is sent to smart lock.
Specifically, certification cloud platform includes a first key generator for being built-in with rivest, shamir, adelman, in certification cloud
After platform receives the trigger signal of smart lock upload, first key generator is that smart lock generation is non-right according to trigger signal
Claim key pair, private key is stored in certification cloud platform, and public key is issued in smart lock.
In preferred embodiment of the invention, as shown in figure 4, step S14 is specifically included:
Step S141 authenticates cloud platform by internet and public key is sent to smart lock;
Step S142, smart lock receive public key and save to the close chip of state;
Step S143, the close chip of state generate a return signal;
Step S144, smart lock send a receipt to certification cloud platform according to return signal.
Specifically, in above-described embodiment, certification cloud platform transmits public key to smart lock by internet first;Smart lock exists
It is written into the close chip of state after receiving public key;The close chip of state saves public key;The close chip of state generates a return signal and exports;Intelligence
It can lock and a receipt is generated according to return signal and is sent to certification cloud platform.
In preferred embodiment of the invention, symmetric key is used for the business transmitted between smart lock and certification cloud platform
Data carry out cryptographic operation;
Symmetric key exchange process is then executed when meeting a preset give-and-take conditions;
Give-and-take conditions include completing a business operation or by a preset period of time.
Specifically, the mechanism of one " one-time pad " or " periodically changing close " is provided.In above-described embodiment, preset give-and-take conditions
It can set and complete business behaviour or by a preset period of time, wherein business operation can be set to unlock or other are operated,
Preset period of time can be set as 24 hours or other suitable periods.When meeting any one in above-mentioned give-and-take conditions, more
The corresponding symmetric key of the smart lock is changed, i.e. smart lock generates new symmetric key and is uploaded to certification cloud platform.
In preferred embodiment of the invention, the close chip of state includes one second key generator;
Then as shown in figure 5, step A2 is specifically included:
Step A21, smart lock are instructed and are sent to the close chip of state according to asking for instruction and generate new key;
Step A22, the second key generator generate symmetric key and export.
It further include certification process of the cloud platform to smart lock transmission services data, such as in preferred embodiment of the invention
Shown in Fig. 6, comprising the following steps:
Step B1, certification cloud platform obtain the symmetric key of Intelligent target lock;
Step B2, certification cloud platform are encrypted business datum and are sent to Intelligent target lock;
Step B3, Intelligent target interlocking receive business datum and call the close chip of state that business datum is decrypted;
Step B4, Intelligent target lock execute local service and generate one first return data;
Step B5, smart lock call the close chip of state that the first return data is encrypted and will pass through encryption
Return data is sent to certification cloud platform;
Step B6, certification cloud platform are decrypted the first return data and execute local service.
Specifically, firstly, certification cloud platform, which takes out Intelligent target, locks corresponding symmetric key, and business is added
It is close and be sent to Intelligent target lock;Intelligent target is locked after receiving business datum, and calling is stored in symmetrical in the close chip of state
Key pair business datum is decrypted;Subsequent Intelligent target lock executes local service and generates the first return data;Later,
Intelligent target lock will call again the close chip of state using symmetric encipherment algorithm to the first return data carry out encryption and will be in ciphertext
Reach certification cloud;Finally, certification cloud platform executes local service after using symmetric key decryption business datum.
It further include process of the smart lock to certification cloud platform transmission services data, such as in preferred embodiment of the invention
Shown in Fig. 7, comprising the following steps:
Step C1, smart lock call state's close chip business datum to be encrypted and by the business Jing Guo encryption
Data are sent to certification cloud platform;
Step C2, certification cloud platform obtain the symmetric key of smart lock;
Business datum is decrypted in step C3, certification cloud platform;
Step C4, certification cloud platform execute local service and generate one second return data;
Step C5, certification cloud platform are encrypted the second return data and are sent to smart lock;
Step C6, smart lock call the close chip of state to be decrypted to the second return data and execute local service.
In above-described embodiment, it is intelligently locked into the number that the data transmission of certification cloud platform is locked with certification cloud platform to Intelligent target
It is similar according to transmitting, bi-directional data is encrypted using symmetric encipherment algorithm.
A kind of Verification System is applied to smart lock 2;It is worked using above-mentioned authentication method;
As shown in figure 8, including: in Verification System
Cloud platform 1 is authenticated, for generating key pair for smart lock 2, key pair includes public key according to trigger signal is received
And private key, public key is sent to smart lock 2;
Smart lock 2, for receiving the public key and preservation that certification cloud platform 1 is sent;
As shown in figure 9, certification cloud platform 1 includes:
First receiving module 11, for receiving symmetric key and trigger signal;
First key generation module 12 connects the first receiving module 11, is used for according to trigger signal, using preset non-right
Encryption Algorithm is claimed to generate key pair;Key pair includes public key and private key;
First memory module 13 is separately connected the first receiving module 11 and first key generation module 12, and being used for will be symmetrical
Key or private key and smart lock 2 are performed in accordance with preservation;
Directive generation module 14 is asked for, asks for instruction for generating;
First encryption/decryption module 15 is separately connected memory module and the first receiving module 11, for using private key, to symmetrical
Key is decrypted and saves to the first memory module 13;
First sending module 16 is separately connected first key generation module 12 and asks for directive generation module 14, and being used for will
Public key asks for instruction and is sent to smart lock 2;
As shown in Figure 10, smart lock 2 includes:
Second receiving module 21, for receiving public key or asking for instruction;
Second key production module 22 connects the second receiving module 21, asks for instruction for basis, using preset symmetrical
Encryption Algorithm generates symmetric key;
Second memory module 23 is separately connected the second receiving module 21 and the second key production module 22, for saving public affairs
Key and symmetric key;
Trigger signal generation module 24, for generating trigger signal;Trigger signal includes initializing signal and key updating
Signal;
Second encryption/decryption module 25 is separately connected the second key production module 22 and the second memory module 23, for using
Public key is encrypted symmetric key and exports;
Second sending module 26 is separately connected trigger signal generation module 24 and the second encryption/decryption module 25, for that will touch
It signals or the symmetric key Jing Guo encryption is sent to cloud authentication platform.
Specifically, in specific embodiments of the present invention, a kind of Verification System applied to smart lock 2 includes: that certification cloud is flat
Platform 1 and the multiple smart locks 2 being connect with it by internet, wherein certification cloud platform 1 can be according to the smart lock 2 received
The trigger signal of generation generates key pair for smart lock 2, and key pair includes public key and private key and public key is sent to smart lock 2;
Smart lock 2 receives the public key that certification cloud platform 1 is sent and preservation;
In above-described embodiment, certification cloud platform 1 generates key pair and public key is handed down to smart lock 2 and saves.In smart lock 2
Trigger signal generation module 24 generate and trigger signal and trigger signal be sent to certification cloud platform by the second sending module 26
1;Trigger signal includes initializing signal and key updating signal;After first receiving module 11 receives above-mentioned trigger signal, by
First key generation module 12 generates key pair according to trigger signal, using preset rivest, shamir, adelman, wherein key pair
For asymmetric key pair and including a public key and private key on the other side;It is set to the first memory module 13 of certification cloud platform 1
Private key and smart lock 2 are associated preservation;Public key is sent to corresponding smart lock 2 by the first sending module 16, and second receives
Module 21 receives public key and saves into the second memory module 23.
In above-described embodiment, certification cloud platform 1 can control smart lock 2 and generate symmetric key and upload preservation.Authenticate cloud
The generation of directive generation module 14 one of asking in platform 1 asks for instruction and is sent to the second receiving module by the first sending module 16
21;Second key production module 22 generates symmetric key and preservation extremely according to instruction is asked for, using preset symmetric encipherment algorithm
In second memory module 23;Second encryption/decryption module 25 uses public key, is encrypted and exports to symmetric key;Second hair
Send module 26 that the symmetric key Jing Guo encryption is sent to cloud authentication platform;First receiving module 11 is symmetrical by what is received
Cipher key delivery to the first encryption/decryption module 15, then again by the first encryption/decryption module 15 using and corresponding private key in smart lock 2, it is right
Symmetric key is decrypted and saves to the first memory module 13.
The foregoing is merely preferred embodiments of the present invention, are not intended to limit embodiments of the present invention and protection model
It encloses, to those skilled in the art, should can appreciate that all with made by description of the invention and diagramatic content
Equivalent replacement and obviously change obtained scheme, should all be included within the scope of the present invention.
Claims (9)
1. a kind of authentication method of the smart lock based on national secret algorithm, which is characterized in that provide a certification cloud platform and multiple intelligence
It can lock, each smart lock includes the close chip of a state;
The authentication method includes that unsymmetrical key generation issues process, comprising the following steps:
Step S1 after the certification cloud platform receives a trigger signal, generates a key pair, the key for the smart lock
To including a public key and a private key, and the public key is sent to the smart lock;
Step S2, the smart lock receive the public key and save to the close chip of the state;
The authentication method further includes a symmetrical key exchange process, comprising the following steps:
Step A1, the smart lock receive it is described certification cloud platform send ask for instruction;
Step A2, the smart lock ask for instruction according to and generate a symmetric key;
Step A3, the close chip of the state in the smart lock are encrypted the symmetric key using the public key;
The symmetric key after encryption is uploaded to the certification cloud platform by step A4, the smart lock;
Step A5, the certification cloud platform are decrypted and are saved to the symmetric key using the private key.
2. authentication method as described in claim 1, which is characterized in that in the step S1, the trigger signal are as follows:
The smart lock is sent to the initializing signal of the certification cloud platform;Or
The smart lock is sent to the key updating signal of the certification cloud platform.
3. authentication method as claimed in claim 2, which is characterized in that the step S1 is specifically included:
The trigger signal is transmitted to one the be set to inside the certification cloud platform by step S11, the certification cloud platform
In one key generator;
Step S12, the first key generator are that the smart lock generates the key pair;
Step S13, the certification cloud platform save the private key of the cipher key pair;
The public key of the cipher key pair is sent to the smart lock by step S14, the certification cloud platform.
4. authentication method as claimed in claim 3, which is characterized in that the step S14 is specifically included:
The public key is sent to the smart lock by internet by step S141, the certification cloud platform;
Step S142, the smart lock receive the public key and save to the close chip of the state;
Step S143, the close chip of state generate a return signal;
Step S144, the smart lock send a receipt to the certification cloud platform according to the return signal.
5. authentication method as described in claim 1, which is characterized in that the symmetric key is used for the smart lock and described
The business datum transmitted between certification cloud platform carries out cryptographic operation;
The symmetric key exchange process is then executed when meeting a preset give-and-take conditions;
The give-and-take conditions include completing a business operation or by a preset period of time.
6. authentication method as described in claim 1, which is characterized in that the close chip of state includes one second key generator;
Then the step A2 is specifically included:
Step A21, the smart lock ask for instruction according to and generate new key and instruct and be sent to the close core of the state
Piece;
Step A22, second key generator generate the symmetric key and export.
7. authentication method as described in claim 1, which is characterized in that further include that the certification cloud platform is passed to the smart lock
The process of defeated business datum, comprising the following steps:
Step B1, the certification cloud platform obtain the symmetric key of Intelligent target lock;
Step B2, the certification cloud platform are encrypted the business datum and are sent to the Intelligent target lock;
Step B3, the Intelligent target interlocking receive the business datum and the close chip of the state are called to carry out the business datum
Decryption processing;
Step B4, the Intelligent target lock execute local service and generate one first return data;
Step B5, the smart lock calling close chip of state are encrypted first return data and will be by adding
The return data of close processing is sent to the certification cloud platform;
Step B6, the certification cloud platform are decrypted first return data and execute local service.
8. authentication method as described in claim 1, which is characterized in that further include that the smart lock is passed to the certification cloud platform
The process of defeated business datum, comprising the following steps:
Step C1, the smart lock call the close chip of state to be encrypted and will pass through at encryption to the business datum
The business datum of reason is sent to the certification cloud platform;
Step C2, the certification cloud platform obtain the symmetric key of the smart lock;
The business datum is decrypted in step C3, the certification cloud platform;
Step C4, the certification cloud platform execute local service and generate one second return data;
Step C5, the certification cloud platform are encrypted second return data and are sent to the smart lock;
Step C6, the smart lock call the close chip of state to be decrypted to second return data and execute local
Business.
9. a kind of Verification System is applied to smart lock;It is characterized in that, using as described in any one of claim 1-8
Authentication method works;
Include: in the Verification System
Cloud platform is authenticated, for generating the key pair, the key for the smart lock according to the trigger signal is received
To including the public key and the private key, the public key is sent to the smart lock;
Smart lock, for receiving the public key of the certification cloud platform transmission and saving;
The certification cloud platform includes:
First receiving module, for receiving the symmetric key and the trigger signal;
First key generation module connects first receiving module, is used for according to the trigger signal, using preset non-right
Encryption Algorithm is claimed to generate the key pair;The key pair includes the public key and the private key;
First memory module is separately connected first receiving module and the first key generation module, and being used for will be described right
Key or the private key and the smart lock is claimed to be performed in accordance with preservation;
Directive generation module is asked for, described asks for instruction for generating;
First encryption/decryption module is separately connected the memory module and first receiving module, right for using the private key
The symmetric key is decrypted and saves to first memory module;
First sending module, be separately connected the first key generation module and it is described ask for directive generation module, for by institute
It states public key or described ask for instruction and be sent to the smart lock;
The smart lock includes:
Second receiving module, for receiving the public key or described asking for instruction;
Second key production module connects second receiving module, for asking for instruction according to, using preset symmetrical
Encryption Algorithm generates the symmetric key;
Second memory module is separately connected second receiving module and second key production module, described for saving
Public key and the symmetric key;
Trigger signal generation module, for generating the trigger signal;The trigger signal includes the initializing signal and institute
State key updating signal;
Second encryption/decryption module is separately connected second key production module and second memory module, for using institute
Public key is stated, the symmetric key is encrypted and is exported;
Second sending module is separately connected the trigger signal generation module and the second encryption solution module, and being used for will be described
Trigger signal or the symmetric key Jing Guo encryption are sent to the cloud authentication platform.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910100104.2A CN109816831A (en) | 2019-01-31 | 2019-01-31 | A kind of authentication method and system of the smart lock based on national secret algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910100104.2A CN109816831A (en) | 2019-01-31 | 2019-01-31 | A kind of authentication method and system of the smart lock based on national secret algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109816831A true CN109816831A (en) | 2019-05-28 |
Family
ID=66606284
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910100104.2A Pending CN109816831A (en) | 2019-01-31 | 2019-01-31 | A kind of authentication method and system of the smart lock based on national secret algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109816831A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110276870A (en) * | 2019-06-25 | 2019-09-24 | 北京智宝云科科技有限公司 | A kind of finger prints processing method and system |
CN111131204A (en) * | 2019-12-12 | 2020-05-08 | 公安部第三研究所 | Information security transmission method and system |
CN112019552A (en) * | 2020-08-31 | 2020-12-01 | 公安部第三研究所 | Internet of things secure communication method |
CN112671804A (en) * | 2021-01-21 | 2021-04-16 | 国网新疆电力有限公司信息通信公司 | Data security protection method and device based on symmetric and asymmetric technologies |
CN112967430A (en) * | 2021-03-22 | 2021-06-15 | 深圳指芯物联技术有限公司 | Intelligent lock communication system and safety communication method |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103927802A (en) * | 2014-04-18 | 2014-07-16 | 深圳市威富安防有限公司 | Door lock control method and system |
CN204759556U (en) * | 2015-07-09 | 2015-11-11 | 陕西昌大科技有限公司 | Access control ware |
CN105049653A (en) * | 2015-05-29 | 2015-11-11 | 深圳光启智能光子技术有限公司 | Method and system for controlling unlocking authority of locks based on network |
CN105049401A (en) * | 2015-03-19 | 2015-11-11 | 浙江大学 | Secure communication method based on intelligent vehicle |
CN105139499A (en) * | 2015-09-08 | 2015-12-09 | 蔡炜 | Mobile phone door lock system based on asymmetric secret key and realization method thereof |
CN105281910A (en) * | 2015-06-26 | 2016-01-27 | 浙江巨联科技股份有限公司 | Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method |
CN106487783A (en) * | 2016-09-28 | 2017-03-08 | 深圳市速美特电子科技有限公司 | The encryption method connecting for vehicle communication and device |
EP3244568A1 (en) * | 2016-05-13 | 2017-11-15 | rogainformatika s.r.o. | Electronic locking system |
CN108173822A (en) * | 2017-12-18 | 2018-06-15 | 惠州Tcl家电集团有限公司 | Intelligent door lock management-control method, intelligent door lock and computer readable storage medium |
CN108510626A (en) * | 2018-02-23 | 2018-09-07 | 深圳同心科技有限公司 | A kind of dynamic password access control management method and its management system |
US10097353B1 (en) * | 2015-09-22 | 2018-10-09 | Amazon Technologies, Inc. | Digital unlocking of secure containers |
CN208400235U (en) * | 2018-02-12 | 2019-01-18 | 中国电力科学研究院有限公司 | A kind of USBKEY secure storage cabinet with encryption and decryption functions |
-
2019
- 2019-01-31 CN CN201910100104.2A patent/CN109816831A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103927802A (en) * | 2014-04-18 | 2014-07-16 | 深圳市威富安防有限公司 | Door lock control method and system |
CN105049401A (en) * | 2015-03-19 | 2015-11-11 | 浙江大学 | Secure communication method based on intelligent vehicle |
CN105049653A (en) * | 2015-05-29 | 2015-11-11 | 深圳光启智能光子技术有限公司 | Method and system for controlling unlocking authority of locks based on network |
CN105281910A (en) * | 2015-06-26 | 2016-01-27 | 浙江巨联科技股份有限公司 | Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method |
CN204759556U (en) * | 2015-07-09 | 2015-11-11 | 陕西昌大科技有限公司 | Access control ware |
CN105139499A (en) * | 2015-09-08 | 2015-12-09 | 蔡炜 | Mobile phone door lock system based on asymmetric secret key and realization method thereof |
US10097353B1 (en) * | 2015-09-22 | 2018-10-09 | Amazon Technologies, Inc. | Digital unlocking of secure containers |
EP3244568A1 (en) * | 2016-05-13 | 2017-11-15 | rogainformatika s.r.o. | Electronic locking system |
CN106487783A (en) * | 2016-09-28 | 2017-03-08 | 深圳市速美特电子科技有限公司 | The encryption method connecting for vehicle communication and device |
CN108173822A (en) * | 2017-12-18 | 2018-06-15 | 惠州Tcl家电集团有限公司 | Intelligent door lock management-control method, intelligent door lock and computer readable storage medium |
CN208400235U (en) * | 2018-02-12 | 2019-01-18 | 中国电力科学研究院有限公司 | A kind of USBKEY secure storage cabinet with encryption and decryption functions |
CN108510626A (en) * | 2018-02-23 | 2018-09-07 | 深圳同心科技有限公司 | A kind of dynamic password access control management method and its management system |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110276870A (en) * | 2019-06-25 | 2019-09-24 | 北京智宝云科科技有限公司 | A kind of finger prints processing method and system |
CN111131204A (en) * | 2019-12-12 | 2020-05-08 | 公安部第三研究所 | Information security transmission method and system |
CN112019552A (en) * | 2020-08-31 | 2020-12-01 | 公安部第三研究所 | Internet of things secure communication method |
CN112671804A (en) * | 2021-01-21 | 2021-04-16 | 国网新疆电力有限公司信息通信公司 | Data security protection method and device based on symmetric and asymmetric technologies |
CN112967430A (en) * | 2021-03-22 | 2021-06-15 | 深圳指芯物联技术有限公司 | Intelligent lock communication system and safety communication method |
CN112967430B (en) * | 2021-03-22 | 2023-01-10 | 深圳指芯物联技术有限公司 | Intelligent lock communication system and safety communication method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109816831A (en) | A kind of authentication method and system of the smart lock based on national secret algorithm | |
CN103618610B (en) | A kind of information security algorithm based on energy information gateway in intelligent grid | |
CN102215221B (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
CN105162599B (en) | A kind of data transmission system and its transmission method | |
US20140325225A1 (en) | Self-authenticated method with timestamp | |
CN103118027A (en) | Transport layer security (TLS) channel constructing method based on cryptographic algorithm | |
CN113746632B (en) | Multi-level identity authentication method for Internet of things system | |
CN104202170B (en) | A kind of identity authorization system and method based on mark | |
CN107154847A (en) | Towards the method for generating cipher code, verification method and its smart machine of offline environment | |
CN101640590A (en) | Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof | |
CN107104795B (en) | Method, framework and system for injecting RSA key pair and certificate | |
CN105282179A (en) | Family Internet of things security control method based on CPK | |
CN109243020A (en) | A kind of smart lock identity identifying method based on no certificate | |
CN108932771A (en) | A kind of long-range temporary Authorization, method for unlocking and system | |
CN109495251A (en) | Anti- quantum calculation wired home cloud storage method and system based on key card | |
CN101931623B (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
CN108074299A (en) | A kind of smart mobile phone key controller method and control system | |
CN113411187B (en) | Identity authentication method and system, storage medium and processor | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN110224816A (en) | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number | |
CN104125239A (en) | Network authentication method and system based on data link encryption transmission | |
WO2020030132A1 (en) | Control method and device for smart door lock, and storage medium | |
KR100986758B1 (en) | Security dedicated device for securities of communication apparatus | |
CN103281324A (en) | Safety communication method for Android client side |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190528 |