CN110086863B - Double-key-based lockset control method - Google Patents
Double-key-based lockset control method Download PDFInfo
- Publication number
- CN110086863B CN110086863B CN201910329467.3A CN201910329467A CN110086863B CN 110086863 B CN110086863 B CN 110086863B CN 201910329467 A CN201910329467 A CN 201910329467A CN 110086863 B CN110086863 B CN 110086863B
- Authority
- CN
- China
- Prior art keywords
- lock
- mobile terminal
- unlocking device
- server
- terminal app
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00571—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
The invention relates to a double-key-based lock management and control method, which comprises two parts of lock registration and lock operation, wherein the lock registration adopts an RSA asymmetric encryption technology, so that the reliability and safety of key agreement are ensured, meanwhile, different locks have different primary AES keys issued by a server during registration, so that the uniqueness of lock communication encryption is ensured, even if the AES keys of individual locks are cracked, the safety of other locks in a lock system can be ensured, and the reliability of the whole lock communication is enhanced.
Description
Technical Field
The invention relates to the field of lockset control, in particular to a lockset control method based on double keys.
Background
Along with the increasing demand of people to the intellectuality of tool to lock, informationization, present tool to lock generally is intelligent tool to lock. However, the encryption method of the existing lock is simple and easy to crack, and the safety of the whole lock system can be influenced.
In view of the above, the present inventors have made extensive conception on the problems and drawbacks of the existing lock management and control, and have developed the present invention.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide a dual-key based lock management and control method, which can improve the security of a lock system.
In order to achieve the purpose, the invention adopts the technical scheme that:
the utility model provides a tool to lock management and control method based on double-key, its based on by server, remove end APP, unlocker and tool to lock system realization that constitutes, server and removal end APP communication connection, remove end APP and unlocker communication connection, and the unlocker carries out communication connection with the tool to lock, tool to lock management and control method includes tool to lock registration and tool to lock operation two parts, specifically as follows:
step 1, registering locks
Step 1.1, when the unlocking device is in contact communication with the lock, the lock judges whether the unlocking device is registered in a server or not, if the lock is not registered, the lock randomly generates a 128-bit RSA public and private key, and simultaneously sends the ID of the lock and an RSA public key corresponding to the lock to the unlocking device;
step 1.2, after receiving the ID of the lock and a corresponding RSA public key, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds to the lock to register errors; if the communication connection between the mobile terminal APP and the unlocking device is established, the unlocking device sends the unlocking device ID and the received lockset ID and RSA public key to the mobile terminal APP;
step 1.3, after receiving the unlocking device ID, the lockset ID and the RSA public key, the mobile terminal APP judges whether the mobile terminal APP is online or not, and if the mobile terminal APP is not online, the mobile terminal APP responds to the lockset through the unlocking device to register errors; if the mobile terminal APP is online, the mobile terminal APP sends the user ID and the unlocking device ID, the lockset ID and the RSA public key received by the user ID to the server;
step 1.4, after receiving the user ID, the unlocking device ID, the lock ID and the RSA public key, the server judges whether the user ID and the unlocking device ID are legal or not, and if the user ID or the unlocking device ID is illegal, the lock registration fails; if the user ID and the unlocking device ID are both legal, the server randomly generates a 128-bit primary AES key, encrypts the primary AES key by using the RSA public key received by the server to form encrypted data, then sends the encrypted data to the mobile terminal APP, and sends the encrypted data to the lockset through the mobile terminal APP and the unlocking device; the lockset decrypts the encrypted data by using an RSA private key, obtains and records a primary AES key, and completes lockset registration;
step 2, operation of the lockset
Step 2.1, contacting the unlocking device with the lock, judging whether the lock is registered in the server or not by the lock, and if the lock is not registered in the server, performing the registration operation of the lock; if the lock is registered in the server, the lock sends a lock ID to the unlocking device;
step 2.2, after receiving the ID of the lock, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds an error to the lock; if the mobile terminal APP is connected with the unlocking device, the unlocking device sends an unlocking device ID and a lock ID to the mobile terminal APP;
step 2.3, after receiving the unlocking device ID and the lock ID, the mobile terminal APP judges whether the unlocking device ID and the lock ID are online, and if the mobile terminal APP is online, online operation of the lock is carried out; and if the mobile terminal APP is not on line, performing off-line operation on the lockset.
The lock has the following online operation:
step 2.4.1, the mobile terminal APP sends a user ID, an unlocking device ID, a lock ID and a lock operation instruction to the server, the server receives the user ID, the unlocking device ID, the lock ID and the lock operation instruction and then judges whether the user ID, the unlocking device ID and the lock ID are legal or not, and if the user ID, the unlocking device ID or the lock ID are illegal, the server responds to the lock by the mobile terminal APP and the unlocking device; if the user ID, the unlocking device ID and the lock ID are legal, the step 2.4.2 is carried out;
step 2.4.2, the server further judges whether the user ID has an operation authority, if the user ID does not have the operation authority, the server responds an error to the lockset through the mobile terminal APP and the unlocking device; if the user ID has the operation authority, the server encrypts a lockset operation instruction applied by the user ID by using a 128-bit AES key to form an operation ciphertext, then sends the operation ciphertext to the mobile terminal APP, and forwards the operation ciphertext to the lockset through the mobile terminal APP and the unlocking device;
step 2.4.3, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the primary AES key to obtain a corresponding lock operation instruction, and executes a response action according to the lock operation instruction, the lock monitors an operation result, responds the execution result to the server through the unlocking device and the mobile terminal APP, and the server receives and records a related operation result;
and 2.4.4, ending.
After the lockset is registered in the server, a user acquires an offline operation authority, which specifically comprises the following steps:
if the user applies offline operation authority to the server through the mobile terminal APP, or the server actively gives the offline operation authority to the user, the server judges whether the user ID and the unlocking device ID are legal, if the user ID and the unlocking device ID are both legal, the server randomly generates 128 bits, namely a secondary AES key, and then encrypts the secondary AES key and the corresponding lock ID by using the primary AES key to form an authorization ciphertext; the server sends the authorization ciphertext, the second-stage AES key and the corresponding lock ID to the mobile terminal APP, and the mobile terminal APP receives and stores the authorization ciphertext, the second-stage AES key and the corresponding lock ID, so that the offline operation authorization of the user is completed.
The offline operation of the lock is as follows:
step 2.5.1, the mobile terminal APP judges whether the user has the offline operation authority, namely whether the user stores an authorization ciphertext, a secondary AES key and a corresponding lock ID, and when the user stores the authorization ciphertext, the user is judged to have the offline operation authority; the mobile terminal APP further judges whether the mobile terminal APP sends an authorization ciphertext to the corresponding lock, and if not, the step 2.5.2 is carried out; if yes, entering step 2.5.3;
step 2.5.2, the mobile terminal APP sends an authorization ciphertext to the lock through the unlocking device, the unlocking device decrypts the authorization ciphertext according to the first-stage AES key when the unlocking device registers to obtain a second-stage AES key and temporarily store the second-stage AES key, then the mobile terminal APP responds successfully through the unlocking device, and the mobile terminal APP enters step 2.5.3 after receiving the response of the lock;
step 2.5.3, the mobile terminal APP generates a lock operation instruction according to the user authority, the lock operation instruction is encrypted by using a secondary AES key to form an operation ciphertext, the mobile terminal APP sends the operation ciphertext to the unlocking device, and the unlocking device sends the operation ciphertext to the lock;
step 2.5.4, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the secondary AES key to obtain a corresponding lock operation instruction and execute a response action (unlocking or locking) according to the lock operation instruction, the lock monitors an operation result, responds the execution result to the mobile terminal APP through the unlocking device, the mobile terminal APP receives and records the relevant operation result, and once the mobile terminal APP establishes communication connection with the server, the mobile terminal APP uploads the operation result to the server;
and step 2.5.5, ending.
After the scheme is adopted, the invention comprises two parts of lock registration and lock operation, wherein the lock registration adopts an RSA asymmetric encryption technology, so that the reliability and safety of key agreement are ensured, meanwhile, the primary AES keys issued by a server during the lock registration are different, so that the uniqueness of lock communication encryption is ensured, even if the AES keys of individual locks are cracked, the safety of other locks in a lock system can be ensured, and the reliability of the whole lock communication is enhanced.
The operation of tool to lock includes online operation and off-line operation, and wherein, the online operation of tool to lock is after tool to lock registers in the server, and removes the unblock or the shutting operation to the tool to lock under the prerequisite that end APP is connected with the server, and under the online operation, the operating instruction of tool to lock utilizes one-level AES secret key to encrypt in the server, then from conveying the tool to lock through communication media such as removal end APP, unlocking ware, the tool to lock is deciphered the back and is carried out unblock or shutting operation. In the whole online operation process, the mobile terminal APP and the unlocking device are only responsible for data transmission of data and cannot tamper with the lockset operation ciphertext, so that the safety and reliability of lockset operation are guaranteed.
The off-line operation of tool to lock is removing end APP and server and not being connected, and the user has the unblock or the shutting operation to the tool to lock under the prerequisite of off-line operation authorization, and under the off-line operation, the operating instruction of tool to lock utilizes second grade AES secret key to carry out encryption processing in removing end APP, then from transmitting to the tool to lock through the unlocker, the tool to lock execution after the deciphering is unblock or the shutting operation. In the offline operation of the lockset, a mobile terminal APP user needs to obtain offline operation authorization from a server, the server uses a second-level AES key to authorize the mobile terminal APP user within a controllable authority range, and if the second-level AES key of the mobile terminal APP user leaks, the server can use a first-level AES key to clear the second-level AES key so as to ensure the safety and reliability of the lockset system.
Drawings
FIG. 1 is a system flow diagram of the present invention;
FIG. 2 is a lock registration flow diagram of the present invention;
FIG. 3 is a schematic block diagram of a first AES key agreement during lock registration according to the present invention;
FIG. 4 is a flow chart of the lock operation of the present invention on-line;
FIG. 5 is a schematic block diagram of a one-stage AES key encryption communication during lock online operation of the present invention;
FIG. 6 is a flow chart of the lock offline operation of the present invention;
FIG. 7 is a schematic block diagram of the two-stage AES key encryption communication for lock offline operation of the present invention;
FIG. 8 is a flowchart illustrating a mobile-side APP user obtaining offline authorization operation in accordance with the present invention;
FIG. 9 is a schematic block diagram of mobile side APP user authorization in accordance with the present invention;
fig. 10 is a flowchart of two-stage AES key negotiation during mobile-side APP user authorization according to the present invention.
Detailed Description
As shown in fig. 1 to 7, the present invention discloses a method for managing and controlling a lock based on dual keys, which is implemented based on a lock system composed of a server, a mobile terminal APP, an unlocking device and a lock, wherein the server is in communication connection with the mobile terminal APP, the mobile terminal APP is in communication connection with the unlocking device, and the unlocking device is in communication connection with the lock. The lock management and control method specifically comprises two parts of lock registration and lock operation, and specifically comprises the following steps:
step 1, registering locks
Step 1.1, when the unlocking device is in contact communication with the lock, the lock judges whether the unlocking device is registered in the server or not, if the lock is not registered, the lock randomly generates a 128-bit RSA public and private key, and simultaneously sends a lock ID and an RSA public key corresponding to the lock to the unlocking device, wherein the lock ID is a unique random lock identification code built in the lock during production.
Step 1.2, after receiving the ID of the lock and a corresponding RSA public key, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds to the lock to register errors; if the two have established communication connection, the unlocking device sends the unlocking device ID and the received lockset ID and RSA public key to the mobile terminal APP.
Step 1.3, after receiving the unlocking device ID, the lock ID and the RSA public key, the mobile terminal APP judges whether the mobile terminal APP is online (namely whether the mobile terminal APP is in communication connection with the server is judged), and if the mobile terminal APP is not online, the mobile terminal APP responds to the lock through the unlocking device to register errors; if the mobile terminal APP is online, the mobile terminal APP sends the user ID and the unlocking device ID, the lock ID and the RSA public key received by the user ID to the server.
Step 1.4, after receiving the user ID, the unlocking device ID, the lock ID and the RSA public key, the server judges whether the user ID and the unlocking device ID are legal or not, and if the user ID or the unlocking device ID is illegal, the lock registration fails; if the user ID and the unlocking device ID are both legal, the server randomly generates a 128-bit AES key (primary AES key), encrypts the primary AES key by using the RSA public key received by the server to form encrypted data, then sends the encrypted data to the mobile terminal APP, and sends the encrypted data to the lockset through the mobile terminal APP and the unlocking device; the lockset decrypts the encrypted data by using an RSA private key, acquires and records a primary AES key, and completes lockset registration.
At this time, a common AES key is established between the lock and the server, the key negotiation is completed, and the subsequent communication between the lock and the server can be performed by using the AES key.
The lockset adopts the RSA asymmetric encryption technology when registering at the server side, thereby ensuring the reliability and safety of key agreement. Meanwhile, the AES keys of different locks are different, and even if the AES keys of individual locks are cracked, the safety of the whole lock system can still be ensured.
Step 2, operation of the lockset
Step 2.1, contacting the unlocking device with the lock, judging whether the lock is registered in the server or not by the lock, and if the lock is not registered in the server, performing the registration operation of the lock; if the lock is registered in the server, the lock sends a lock ID to the unlocker.
Step 2.2, after receiving the ID of the lock, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds an error to the lock; if the mobile terminal APP is connected with the unlocking device, the unlocking device sends an unlocking device ID and a lock ID to the mobile terminal APP.
Step 2.3, after receiving the unlocking device ID and the lock ID, the mobile terminal APP judges whether the mobile terminal APP is online (namely whether communication connection is established with a server), and if the mobile terminal APP is online, the mobile terminal APP enters step 2.4 to perform online operation of the lock; and if the mobile terminal APP is not on line, the step 2.5 is carried out, and the lock is operated off line.
Step 2.4, on-line operation of the lockset
Step 2.4.1, the mobile terminal APP sends a user ID, an unlocking device ID, a lock ID and a lock operation instruction to the server, the server judges whether the user ID, the unlocking device ID and the lock ID are legal or not after receiving the user ID, the unlocking device ID, the lock ID and the lock operation instruction, and if the user ID, the unlocking device ID or the lock ID are illegal, the server responds to the lock with an error (illegal ID) through the mobile terminal APP and the unlocking device; if the user ID, the unlocking device ID and the lock ID are legal, the step 2.4.2 is carried out;
step 2.4.2, the server further judges whether the user ID has an operation authority, if the user ID does not have the operation authority, the server responds an error (authority error) to the lock through the mobile terminal APP and the unlocker; if the user ID has the operation authority, the server encrypts a lockset operation instruction applied by the user ID by using a 128-bit AES key to form an operation ciphertext, then sends the operation ciphertext to the mobile terminal APP, and forwards the operation ciphertext to the lockset through the mobile terminal APP and the unlocking device.
And 2.4.3, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the first-stage AES key to obtain a corresponding lock operation instruction, and executes a response action (unlocking or locking) according to the lock operation instruction, the lock monitors an operation result, responds the execution result to the server through the unlocking device and the mobile terminal APP, and the server receives and records a related operation result.
And 2.4.4, ending.
Step 2.5, off-line operation of the lockset
Step 2.5.1, the mobile terminal APP judges whether the user has the offline operation authority, namely whether the user stores an authorization ciphertext, a secondary AES key and a corresponding lock ID, and when the user stores the authorization ciphertext, the user is judged to have the offline operation authority; the mobile terminal APP further judges whether the mobile terminal APP sends an authorization ciphertext to the corresponding lock, and if not, the step 2.5.2 is carried out; if yes, entering step 2.5.3;
step 2.5.2, the mobile terminal APP sends an authorization ciphertext to the lock through the unlocking device, the unlocking device decrypts the authorization ciphertext according to the first-stage AES key when the unlocking device registers to obtain a second-stage AES key and temporarily store the second-stage AES key, then the mobile terminal APP responds successfully through the unlocking device, and the mobile terminal APP enters step 2.5.3 after receiving the response of the lock;
and 2.5.3, generating a lock operation instruction by the mobile terminal APP according to the user permission, encrypting the lock operation instruction by using a secondary AES key to form an operation ciphertext, sending the operation ciphertext to the unlocking device by the mobile terminal APP, and sending the operation ciphertext to the lock by the unlocking device.
Step 2.5.4, the tool to lock utilizes second grade AES secret key to resolve after receiving the operation ciphertext, acquires corresponding tool to lock operating instruction and carries out the action (unblock or shutting) of response according to tool to lock operating instruction, tool to lock monitoring operation result to via the unlocking ware to removing end APP answer execution result, remove end APP and receive and take notes relevant operation result, in case remove end APP and server and establish communication connection, remove end APP and just upload to the server with this operation result.
And step 2.5.5, ending.
As shown in fig. 8 to 10, in the offline operation process, after the lock is registered in the server, the offline operation authority of the user is that the mobile terminal APP applies for the server or the server actively gives the mobile terminal APP, and the offline authorization specifically includes:
after the lock is registered in the server, if a user applies for an offline operation authority to the server through the mobile terminal APP, or the server actively gives the offline operation authority to the user, the server judges whether the user ID and the unlocking device ID are legal or not, if the user ID and the unlocking device ID are both legal, the server randomly generates a 128-bit temporary authorization code (namely a secondary AES key), and then encrypts the secondary AES key and the corresponding lock ID by using the primary AES key to form an authorization ciphertext; the server sends the authorization ciphertext, the second-stage AES key and the corresponding lock ID to the mobile terminal APP, and the mobile terminal APP receives and stores the authorization ciphertext, the second-stage AES key and the corresponding lock ID, so that the offline operation authorization of the user is completed.
The key point of the invention is that the invention comprises two parts of lock registration and lock operation, and the lock operation comprises on-line operation and off-line operation. The register of the lock adopts an RSA asymmetric encryption technology, so that the reliability and safety of key agreement are guaranteed, meanwhile, the primary AES keys issued by the server when different locks are registered are different, the uniqueness of lock communication encryption is guaranteed, even if the AES keys of individual locks are cracked, the safety of other locks in the lock system can be still guaranteed, and the reliability of the whole lock communication is enhanced. And the online operation of tool to lock is after tool to lock registers in the server, and removes the unblock or the shutting operation to the tool to lock under the prerequisite that end APP is connected with the server, and under the online operation, the operating instruction of tool to lock utilizes one-level AES secret key to carry out encryption processing in the server, then from carrying out the unblock or shutting operation through communication media such as removal end APP, unlocking ware, the tool to lock after the deciphering. In the whole online operation process, the mobile terminal APP and the unlocking device are only responsible for data transmission of data and cannot tamper with the lockset operation ciphertext, so that the safety and reliability of lockset operation are guaranteed. The off-line operation of tool to lock is removing end APP and server and not being connected, and the user has the unblock or the shutting operation to the tool to lock under the prerequisite of off-line operation authorization, and under the off-line operation, the operating instruction of tool to lock utilizes second grade AES secret key to carry out encryption processing in removing end APP, then from transmitting to the tool to lock through the unlocker, the tool to lock execution after the deciphering is unblock or the shutting operation. In the offline operation of the lockset, a mobile terminal APP user needs to obtain offline operation authorization from a server, the server uses a second-level AES key to authorize the mobile terminal APP user within a controllable authority range, and if the second-level AES key of the mobile terminal APP user leaks, the server can use a first-level AES key to clear the second-level AES key so as to ensure the safety and reliability of the lockset system.
The above description is only exemplary of the present invention and is not intended to limit the technical scope of the present invention, so that any minor modifications, equivalent changes and modifications made to the above exemplary embodiments according to the technical spirit of the present invention are within the technical scope of the present invention.
Claims (4)
1. The utility model provides a tool to lock management and control method based on double keys, its based on by server, removal end APP, unlocking ware and the tool to lock system realization that the tool to lock is constituteed, server and removal end APP communication connection, removal end APP and unlocking ware communication connection, and unlocking ware and tool to lock carry out communication connection, its characterized in that: the lock management and control method comprises two parts of lock registration and lock operation, and specifically comprises the following steps:
step 1, registering locks
Step 1.1, when the unlocking device is in contact communication with the lock, the lock judges whether the unlocking device is registered in a server or not, if the lock is not registered, the lock randomly generates a 128-bit RSA public and private key, and simultaneously sends the ID of the lock and an RSA public key corresponding to the lock to the unlocking device;
step 1.2, after receiving the ID of the lock and a corresponding RSA public key, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds to the lock to register errors; if the communication connection between the mobile terminal APP and the unlocking device is established, the unlocking device sends the unlocking device ID and the received lockset ID and RSA public key to the mobile terminal APP;
step 1.3, after receiving the unlocking device ID, the lockset ID and the RSA public key, the mobile terminal APP judges whether the mobile terminal APP is online or not, and if the mobile terminal APP is not online, the mobile terminal APP responds to the lockset through the unlocking device to register errors; if the mobile terminal APP is online, the mobile terminal APP sends the user ID and the unlocking device ID, the lockset ID and the RSA public key received by the user ID to the server;
step 1.4, after receiving the user ID, the unlocking device ID, the lock ID and the RSA public key, the server judges whether the user ID and the unlocking device ID are legal or not, and if the user ID or the unlocking device ID is illegal, the lock registration fails; if the user ID and the unlocker ID are both legal, the server randomly generates a 128-bit primary AES key, and encrypts the primary AES key by using the RSA public key received by the server to form encrypted data, wherein the primary AES keys of different locks are different; then, the server sends the encrypted data to the mobile terminal APP, and sends the encrypted data to the lock through the mobile terminal APP and the unlocking device; the lockset decrypts the encrypted data by using an RSA private key, obtains and records a primary AES key, and completes lockset registration;
step 2, operation of the lockset
Step 2.1, contacting the unlocking device with the lock, judging whether the lock is registered in the server or not by the lock, and if the lock is not registered in the server, performing the registration operation of the lock; if the lock is registered in the server, the lock sends a lock ID to the unlocking device;
step 2.2, after receiving the ID of the lock, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds an error to the lock; if the mobile terminal APP is connected with the unlocking device, the unlocking device sends an unlocking device ID and a lock ID to the mobile terminal APP;
step 2.3, after receiving the unlocking device ID and the lock ID, the mobile terminal APP judges whether the unlocking device ID and the lock ID are online, and if the mobile terminal APP is online, online operation of the lock is carried out; and if the mobile terminal APP is not on line, performing off-line operation on the lockset.
2. The method for managing and controlling a lock based on double keys as claimed in claim 1, wherein: the lock has the following online operation:
step 2.4.1, the mobile terminal APP sends a user ID, an unlocking device ID, a lock ID and a lock operation instruction to the server, the server receives the user ID, the unlocking device ID, the lock ID and the lock operation instruction and then judges whether the user ID, the unlocking device ID and the lock ID are legal or not, and if the user ID, the unlocking device ID or the lock ID are illegal, the server responds to the lock by the mobile terminal APP and the unlocking device; if the user ID, the unlocking device ID and the lock ID are legal, the step 2.4.2 is carried out;
step 2.4.2, the server further judges whether the user ID has an operation authority, if the user ID does not have the operation authority, the server responds an error to the lockset through the mobile terminal APP and the unlocking device; if the user ID has the operation authority, the server encrypts a lockset operation instruction applied by the user ID by using a 128-bit AES key to form an operation ciphertext, then sends the operation ciphertext to the mobile terminal APP, and forwards the operation ciphertext to the lockset through the mobile terminal APP and the unlocking device;
step 2.4.3, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the primary AES key to obtain a corresponding lock operation instruction, and executes a response action according to the lock operation instruction, the lock monitors an operation result, responds the execution result to the server through the unlocking device and the mobile terminal APP, and the server receives and records a related operation result;
and 2.4.4, ending.
3. The method for managing and controlling a lock based on double keys as claimed in claim 1, wherein: after the lockset is registered in the server, a user acquires an offline operation authority, which specifically comprises the following steps:
if the user applies offline operation authority to the server through the mobile terminal APP, or the server actively gives the offline operation authority to the user, the server judges whether the user ID and the unlocking device ID are legal, if the user ID and the unlocking device ID are both legal, the server randomly generates 128 bits, namely a secondary AES key, and then encrypts the secondary AES key and the corresponding lock ID by using the primary AES key to form an authorization ciphertext; the server sends the authorization ciphertext, the second-stage AES key and the corresponding lock ID to the mobile terminal APP, and the mobile terminal APP receives and stores the authorization ciphertext, the second-stage AES key and the corresponding lock ID, so that the offline operation authorization of the user is completed;
remove end APP and issue the tool to lock through the unlocking ware with the ciphertext of authorizing, the tool to lock utilizes one-level AES secret key to decipher the ciphertext of authorizing, acquires the second grade secret key and saves.
4. The method for managing and controlling the double-key-based lock according to claim 3, wherein: the offline operation of the lock is as follows:
step 2.5.1, the mobile terminal APP judges whether the user has the offline operation authority, namely whether the user stores an authorization ciphertext, a secondary AES key and a corresponding lock ID, and when the user stores the authorization ciphertext, the user is judged to have the offline operation authority; the mobile terminal APP further judges whether the mobile terminal APP sends an authorization ciphertext to the corresponding lock, and if not, the step 2.5.2 is carried out; if yes, entering step 2.5.3;
step 2.5.2, the mobile terminal APP sends an authorization ciphertext to the lock through the unlocking device, the unlocking device decrypts the authorization ciphertext according to the first-stage AES key when the unlocking device registers to obtain a second-stage AES key and temporarily store the second-stage AES key, then the mobile terminal APP responds successfully through the unlocking device, and the mobile terminal APP enters step 2.5.3 after receiving the response of the lock;
step 2.5.3, the mobile terminal APP generates a lock operation instruction according to the user authority, the lock operation instruction is encrypted by using a secondary AES key to form an operation ciphertext, the mobile terminal APP sends the operation ciphertext to the unlocking device, and the unlocking device sends the operation ciphertext to the lock;
step 2.5.4, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the second-level AES key to obtain a corresponding lock operation instruction and execute a response action according to the lock operation instruction, the lock monitors an operation result and responds the execution result to the mobile terminal APP through the unlocking device, the mobile terminal APP receives and records the relevant operation result, and once the mobile terminal APP establishes communication connection with the server, the mobile terminal APP uploads the operation result to the server;
and step 2.5.5, ending.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910329467.3A CN110086863B (en) | 2019-04-23 | 2019-04-23 | Double-key-based lockset control method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910329467.3A CN110086863B (en) | 2019-04-23 | 2019-04-23 | Double-key-based lockset control method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110086863A CN110086863A (en) | 2019-08-02 |
CN110086863B true CN110086863B (en) | 2021-10-08 |
Family
ID=67416239
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910329467.3A Active CN110086863B (en) | 2019-04-23 | 2019-04-23 | Double-key-based lockset control method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110086863B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102750785A (en) * | 2012-06-19 | 2012-10-24 | 中国工商银行股份有限公司 | ATM (Automatic Teller Machine) and security authentication system of ATM |
CN105184912A (en) * | 2015-07-15 | 2015-12-23 | 深圳市物联锁科技有限公司 | Intelligent lock monitoring system based on Internet of Things and intelligent lock |
CN107135248A (en) * | 2017-03-20 | 2017-09-05 | 黄思颖 | Intelligent domestic system |
CN107507303A (en) * | 2017-07-07 | 2017-12-22 | 安徽德诺科技股份公司 | The method for unlocking of intelligent lock system and smart lock |
CN107742339A (en) * | 2017-09-30 | 2018-02-27 | 泉州国光软件开发有限责任公司 | A kind of management method of the passive electronic lockset based on platform |
CN109191616A (en) * | 2017-07-07 | 2019-01-11 | 安徽德诺科技股份公司 | intelligent lock system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IN2015CH04016A (en) * | 2015-08-03 | 2015-08-14 | Varadharajan Marur Srikrishna |
-
2019
- 2019-04-23 CN CN201910329467.3A patent/CN110086863B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102750785A (en) * | 2012-06-19 | 2012-10-24 | 中国工商银行股份有限公司 | ATM (Automatic Teller Machine) and security authentication system of ATM |
CN105184912A (en) * | 2015-07-15 | 2015-12-23 | 深圳市物联锁科技有限公司 | Intelligent lock monitoring system based on Internet of Things and intelligent lock |
CN107135248A (en) * | 2017-03-20 | 2017-09-05 | 黄思颖 | Intelligent domestic system |
CN107507303A (en) * | 2017-07-07 | 2017-12-22 | 安徽德诺科技股份公司 | The method for unlocking of intelligent lock system and smart lock |
CN109191616A (en) * | 2017-07-07 | 2019-01-11 | 安徽德诺科技股份公司 | intelligent lock system |
CN107742339A (en) * | 2017-09-30 | 2018-02-27 | 泉州国光软件开发有限责任公司 | A kind of management method of the passive electronic lockset based on platform |
Also Published As
Publication number | Publication date |
---|---|
CN110086863A (en) | 2019-08-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110086864B (en) | Method for offline management and control by using double keys of lock | |
CN108055235B (en) | Control method of intelligent lock, related equipment and system | |
JP5257814B2 (en) | Secret key registration system and secret key registration method | |
CN101272301B (en) | Safety access method of wireless metropolitan area network | |
CN105184929A (en) | Intelligent door lock control method and device | |
CN102664739A (en) | PKI (Public Key Infrastructure) implementation method based on safety certificate | |
CN1747382B (en) | Random encryption and identity authentication | |
CN101272616A (en) | Safety access method of wireless metropolitan area network | |
CN106506149B (en) | Key generation method and system between a kind of TBOX terminal and TSP platform | |
CN103051869A (en) | System and method for encrypting camera video in real time | |
CN107154847A (en) | Towards the method for generating cipher code, verification method and its smart machine of offline environment | |
CN103560892A (en) | Secret key generation method and secret key generation device | |
CN104282058A (en) | Unlocking method of Bluetooth-based safety intelligent lock system with video monitoring function | |
CN106656489B (en) | Mobile payment-oriented safety improvement method for information interaction between self-service selling equipment and server | |
CN104282060B (en) | A kind of method for unlocking of safety intelligent lock system | |
CN103929308A (en) | Information verification method applied to RFID card | |
CN110944327A (en) | Information security method and device for rail transit zone controller | |
CN110574030A (en) | Updating biometric template protection keys | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
CN110113154B (en) | Method for online control by using double keys of lock | |
CN113115255A (en) | Certificate issuing method, secret key authentication method, vehicle unlocking method, equipment and storage medium | |
CN110086863B (en) | Double-key-based lockset control method | |
CN112530053B (en) | Control method and system of intelligent lock, lock equipment, server and storage medium | |
CN107749795B (en) | Automobile remote control method based on rolling code secondary encryption | |
WO2013025091A1 (en) | Mobile access control system involving a quantum random number generator |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |