CN110086863B - Double-key-based lockset control method - Google Patents

Double-key-based lockset control method Download PDF

Info

Publication number
CN110086863B
CN110086863B CN201910329467.3A CN201910329467A CN110086863B CN 110086863 B CN110086863 B CN 110086863B CN 201910329467 A CN201910329467 A CN 201910329467A CN 110086863 B CN110086863 B CN 110086863B
Authority
CN
China
Prior art keywords
lock
mobile terminal
unlocking device
server
terminal app
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910329467.3A
Other languages
Chinese (zh)
Other versions
CN110086863A (en
Inventor
吴玲敏
庞振泽
杨乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Zoneray Power Technology Co ltd
Original Assignee
Xiamen Zoneray Power Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Zoneray Power Technology Co ltd filed Critical Xiamen Zoneray Power Technology Co ltd
Priority to CN201910329467.3A priority Critical patent/CN110086863B/en
Publication of CN110086863A publication Critical patent/CN110086863A/en
Application granted granted Critical
Publication of CN110086863B publication Critical patent/CN110086863B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes

Abstract

The invention relates to a double-key-based lock management and control method, which comprises two parts of lock registration and lock operation, wherein the lock registration adopts an RSA asymmetric encryption technology, so that the reliability and safety of key agreement are ensured, meanwhile, different locks have different primary AES keys issued by a server during registration, so that the uniqueness of lock communication encryption is ensured, even if the AES keys of individual locks are cracked, the safety of other locks in a lock system can be ensured, and the reliability of the whole lock communication is enhanced.

Description

Double-key-based lockset control method
Technical Field
The invention relates to the field of lockset control, in particular to a lockset control method based on double keys.
Background
Along with the increasing demand of people to the intellectuality of tool to lock, informationization, present tool to lock generally is intelligent tool to lock. However, the encryption method of the existing lock is simple and easy to crack, and the safety of the whole lock system can be influenced.
In view of the above, the present inventors have made extensive conception on the problems and drawbacks of the existing lock management and control, and have developed the present invention.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide a dual-key based lock management and control method, which can improve the security of a lock system.
In order to achieve the purpose, the invention adopts the technical scheme that:
the utility model provides a tool to lock management and control method based on double-key, its based on by server, remove end APP, unlocker and tool to lock system realization that constitutes, server and removal end APP communication connection, remove end APP and unlocker communication connection, and the unlocker carries out communication connection with the tool to lock, tool to lock management and control method includes tool to lock registration and tool to lock operation two parts, specifically as follows:
step 1, registering locks
Step 1.1, when the unlocking device is in contact communication with the lock, the lock judges whether the unlocking device is registered in a server or not, if the lock is not registered, the lock randomly generates a 128-bit RSA public and private key, and simultaneously sends the ID of the lock and an RSA public key corresponding to the lock to the unlocking device;
step 1.2, after receiving the ID of the lock and a corresponding RSA public key, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds to the lock to register errors; if the communication connection between the mobile terminal APP and the unlocking device is established, the unlocking device sends the unlocking device ID and the received lockset ID and RSA public key to the mobile terminal APP;
step 1.3, after receiving the unlocking device ID, the lockset ID and the RSA public key, the mobile terminal APP judges whether the mobile terminal APP is online or not, and if the mobile terminal APP is not online, the mobile terminal APP responds to the lockset through the unlocking device to register errors; if the mobile terminal APP is online, the mobile terminal APP sends the user ID and the unlocking device ID, the lockset ID and the RSA public key received by the user ID to the server;
step 1.4, after receiving the user ID, the unlocking device ID, the lock ID and the RSA public key, the server judges whether the user ID and the unlocking device ID are legal or not, and if the user ID or the unlocking device ID is illegal, the lock registration fails; if the user ID and the unlocking device ID are both legal, the server randomly generates a 128-bit primary AES key, encrypts the primary AES key by using the RSA public key received by the server to form encrypted data, then sends the encrypted data to the mobile terminal APP, and sends the encrypted data to the lockset through the mobile terminal APP and the unlocking device; the lockset decrypts the encrypted data by using an RSA private key, obtains and records a primary AES key, and completes lockset registration;
step 2, operation of the lockset
Step 2.1, contacting the unlocking device with the lock, judging whether the lock is registered in the server or not by the lock, and if the lock is not registered in the server, performing the registration operation of the lock; if the lock is registered in the server, the lock sends a lock ID to the unlocking device;
step 2.2, after receiving the ID of the lock, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds an error to the lock; if the mobile terminal APP is connected with the unlocking device, the unlocking device sends an unlocking device ID and a lock ID to the mobile terminal APP;
step 2.3, after receiving the unlocking device ID and the lock ID, the mobile terminal APP judges whether the unlocking device ID and the lock ID are online, and if the mobile terminal APP is online, online operation of the lock is carried out; and if the mobile terminal APP is not on line, performing off-line operation on the lockset.
The lock has the following online operation:
step 2.4.1, the mobile terminal APP sends a user ID, an unlocking device ID, a lock ID and a lock operation instruction to the server, the server receives the user ID, the unlocking device ID, the lock ID and the lock operation instruction and then judges whether the user ID, the unlocking device ID and the lock ID are legal or not, and if the user ID, the unlocking device ID or the lock ID are illegal, the server responds to the lock by the mobile terminal APP and the unlocking device; if the user ID, the unlocking device ID and the lock ID are legal, the step 2.4.2 is carried out;
step 2.4.2, the server further judges whether the user ID has an operation authority, if the user ID does not have the operation authority, the server responds an error to the lockset through the mobile terminal APP and the unlocking device; if the user ID has the operation authority, the server encrypts a lockset operation instruction applied by the user ID by using a 128-bit AES key to form an operation ciphertext, then sends the operation ciphertext to the mobile terminal APP, and forwards the operation ciphertext to the lockset through the mobile terminal APP and the unlocking device;
step 2.4.3, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the primary AES key to obtain a corresponding lock operation instruction, and executes a response action according to the lock operation instruction, the lock monitors an operation result, responds the execution result to the server through the unlocking device and the mobile terminal APP, and the server receives and records a related operation result;
and 2.4.4, ending.
After the lockset is registered in the server, a user acquires an offline operation authority, which specifically comprises the following steps:
if the user applies offline operation authority to the server through the mobile terminal APP, or the server actively gives the offline operation authority to the user, the server judges whether the user ID and the unlocking device ID are legal, if the user ID and the unlocking device ID are both legal, the server randomly generates 128 bits, namely a secondary AES key, and then encrypts the secondary AES key and the corresponding lock ID by using the primary AES key to form an authorization ciphertext; the server sends the authorization ciphertext, the second-stage AES key and the corresponding lock ID to the mobile terminal APP, and the mobile terminal APP receives and stores the authorization ciphertext, the second-stage AES key and the corresponding lock ID, so that the offline operation authorization of the user is completed.
The offline operation of the lock is as follows:
step 2.5.1, the mobile terminal APP judges whether the user has the offline operation authority, namely whether the user stores an authorization ciphertext, a secondary AES key and a corresponding lock ID, and when the user stores the authorization ciphertext, the user is judged to have the offline operation authority; the mobile terminal APP further judges whether the mobile terminal APP sends an authorization ciphertext to the corresponding lock, and if not, the step 2.5.2 is carried out; if yes, entering step 2.5.3;
step 2.5.2, the mobile terminal APP sends an authorization ciphertext to the lock through the unlocking device, the unlocking device decrypts the authorization ciphertext according to the first-stage AES key when the unlocking device registers to obtain a second-stage AES key and temporarily store the second-stage AES key, then the mobile terminal APP responds successfully through the unlocking device, and the mobile terminal APP enters step 2.5.3 after receiving the response of the lock;
step 2.5.3, the mobile terminal APP generates a lock operation instruction according to the user authority, the lock operation instruction is encrypted by using a secondary AES key to form an operation ciphertext, the mobile terminal APP sends the operation ciphertext to the unlocking device, and the unlocking device sends the operation ciphertext to the lock;
step 2.5.4, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the secondary AES key to obtain a corresponding lock operation instruction and execute a response action (unlocking or locking) according to the lock operation instruction, the lock monitors an operation result, responds the execution result to the mobile terminal APP through the unlocking device, the mobile terminal APP receives and records the relevant operation result, and once the mobile terminal APP establishes communication connection with the server, the mobile terminal APP uploads the operation result to the server;
and step 2.5.5, ending.
After the scheme is adopted, the invention comprises two parts of lock registration and lock operation, wherein the lock registration adopts an RSA asymmetric encryption technology, so that the reliability and safety of key agreement are ensured, meanwhile, the primary AES keys issued by a server during the lock registration are different, so that the uniqueness of lock communication encryption is ensured, even if the AES keys of individual locks are cracked, the safety of other locks in a lock system can be ensured, and the reliability of the whole lock communication is enhanced.
The operation of tool to lock includes online operation and off-line operation, and wherein, the online operation of tool to lock is after tool to lock registers in the server, and removes the unblock or the shutting operation to the tool to lock under the prerequisite that end APP is connected with the server, and under the online operation, the operating instruction of tool to lock utilizes one-level AES secret key to encrypt in the server, then from conveying the tool to lock through communication media such as removal end APP, unlocking ware, the tool to lock is deciphered the back and is carried out unblock or shutting operation. In the whole online operation process, the mobile terminal APP and the unlocking device are only responsible for data transmission of data and cannot tamper with the lockset operation ciphertext, so that the safety and reliability of lockset operation are guaranteed.
The off-line operation of tool to lock is removing end APP and server and not being connected, and the user has the unblock or the shutting operation to the tool to lock under the prerequisite of off-line operation authorization, and under the off-line operation, the operating instruction of tool to lock utilizes second grade AES secret key to carry out encryption processing in removing end APP, then from transmitting to the tool to lock through the unlocker, the tool to lock execution after the deciphering is unblock or the shutting operation. In the offline operation of the lockset, a mobile terminal APP user needs to obtain offline operation authorization from a server, the server uses a second-level AES key to authorize the mobile terminal APP user within a controllable authority range, and if the second-level AES key of the mobile terminal APP user leaks, the server can use a first-level AES key to clear the second-level AES key so as to ensure the safety and reliability of the lockset system.
Drawings
FIG. 1 is a system flow diagram of the present invention;
FIG. 2 is a lock registration flow diagram of the present invention;
FIG. 3 is a schematic block diagram of a first AES key agreement during lock registration according to the present invention;
FIG. 4 is a flow chart of the lock operation of the present invention on-line;
FIG. 5 is a schematic block diagram of a one-stage AES key encryption communication during lock online operation of the present invention;
FIG. 6 is a flow chart of the lock offline operation of the present invention;
FIG. 7 is a schematic block diagram of the two-stage AES key encryption communication for lock offline operation of the present invention;
FIG. 8 is a flowchart illustrating a mobile-side APP user obtaining offline authorization operation in accordance with the present invention;
FIG. 9 is a schematic block diagram of mobile side APP user authorization in accordance with the present invention;
fig. 10 is a flowchart of two-stage AES key negotiation during mobile-side APP user authorization according to the present invention.
Detailed Description
As shown in fig. 1 to 7, the present invention discloses a method for managing and controlling a lock based on dual keys, which is implemented based on a lock system composed of a server, a mobile terminal APP, an unlocking device and a lock, wherein the server is in communication connection with the mobile terminal APP, the mobile terminal APP is in communication connection with the unlocking device, and the unlocking device is in communication connection with the lock. The lock management and control method specifically comprises two parts of lock registration and lock operation, and specifically comprises the following steps:
step 1, registering locks
Step 1.1, when the unlocking device is in contact communication with the lock, the lock judges whether the unlocking device is registered in the server or not, if the lock is not registered, the lock randomly generates a 128-bit RSA public and private key, and simultaneously sends a lock ID and an RSA public key corresponding to the lock to the unlocking device, wherein the lock ID is a unique random lock identification code built in the lock during production.
Step 1.2, after receiving the ID of the lock and a corresponding RSA public key, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds to the lock to register errors; if the two have established communication connection, the unlocking device sends the unlocking device ID and the received lockset ID and RSA public key to the mobile terminal APP.
Step 1.3, after receiving the unlocking device ID, the lock ID and the RSA public key, the mobile terminal APP judges whether the mobile terminal APP is online (namely whether the mobile terminal APP is in communication connection with the server is judged), and if the mobile terminal APP is not online, the mobile terminal APP responds to the lock through the unlocking device to register errors; if the mobile terminal APP is online, the mobile terminal APP sends the user ID and the unlocking device ID, the lock ID and the RSA public key received by the user ID to the server.
Step 1.4, after receiving the user ID, the unlocking device ID, the lock ID and the RSA public key, the server judges whether the user ID and the unlocking device ID are legal or not, and if the user ID or the unlocking device ID is illegal, the lock registration fails; if the user ID and the unlocking device ID are both legal, the server randomly generates a 128-bit AES key (primary AES key), encrypts the primary AES key by using the RSA public key received by the server to form encrypted data, then sends the encrypted data to the mobile terminal APP, and sends the encrypted data to the lockset through the mobile terminal APP and the unlocking device; the lockset decrypts the encrypted data by using an RSA private key, acquires and records a primary AES key, and completes lockset registration.
At this time, a common AES key is established between the lock and the server, the key negotiation is completed, and the subsequent communication between the lock and the server can be performed by using the AES key.
The lockset adopts the RSA asymmetric encryption technology when registering at the server side, thereby ensuring the reliability and safety of key agreement. Meanwhile, the AES keys of different locks are different, and even if the AES keys of individual locks are cracked, the safety of the whole lock system can still be ensured.
Step 2, operation of the lockset
Step 2.1, contacting the unlocking device with the lock, judging whether the lock is registered in the server or not by the lock, and if the lock is not registered in the server, performing the registration operation of the lock; if the lock is registered in the server, the lock sends a lock ID to the unlocker.
Step 2.2, after receiving the ID of the lock, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds an error to the lock; if the mobile terminal APP is connected with the unlocking device, the unlocking device sends an unlocking device ID and a lock ID to the mobile terminal APP.
Step 2.3, after receiving the unlocking device ID and the lock ID, the mobile terminal APP judges whether the mobile terminal APP is online (namely whether communication connection is established with a server), and if the mobile terminal APP is online, the mobile terminal APP enters step 2.4 to perform online operation of the lock; and if the mobile terminal APP is not on line, the step 2.5 is carried out, and the lock is operated off line.
Step 2.4, on-line operation of the lockset
Step 2.4.1, the mobile terminal APP sends a user ID, an unlocking device ID, a lock ID and a lock operation instruction to the server, the server judges whether the user ID, the unlocking device ID and the lock ID are legal or not after receiving the user ID, the unlocking device ID, the lock ID and the lock operation instruction, and if the user ID, the unlocking device ID or the lock ID are illegal, the server responds to the lock with an error (illegal ID) through the mobile terminal APP and the unlocking device; if the user ID, the unlocking device ID and the lock ID are legal, the step 2.4.2 is carried out;
step 2.4.2, the server further judges whether the user ID has an operation authority, if the user ID does not have the operation authority, the server responds an error (authority error) to the lock through the mobile terminal APP and the unlocker; if the user ID has the operation authority, the server encrypts a lockset operation instruction applied by the user ID by using a 128-bit AES key to form an operation ciphertext, then sends the operation ciphertext to the mobile terminal APP, and forwards the operation ciphertext to the lockset through the mobile terminal APP and the unlocking device.
And 2.4.3, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the first-stage AES key to obtain a corresponding lock operation instruction, and executes a response action (unlocking or locking) according to the lock operation instruction, the lock monitors an operation result, responds the execution result to the server through the unlocking device and the mobile terminal APP, and the server receives and records a related operation result.
And 2.4.4, ending.
Step 2.5, off-line operation of the lockset
Step 2.5.1, the mobile terminal APP judges whether the user has the offline operation authority, namely whether the user stores an authorization ciphertext, a secondary AES key and a corresponding lock ID, and when the user stores the authorization ciphertext, the user is judged to have the offline operation authority; the mobile terminal APP further judges whether the mobile terminal APP sends an authorization ciphertext to the corresponding lock, and if not, the step 2.5.2 is carried out; if yes, entering step 2.5.3;
step 2.5.2, the mobile terminal APP sends an authorization ciphertext to the lock through the unlocking device, the unlocking device decrypts the authorization ciphertext according to the first-stage AES key when the unlocking device registers to obtain a second-stage AES key and temporarily store the second-stage AES key, then the mobile terminal APP responds successfully through the unlocking device, and the mobile terminal APP enters step 2.5.3 after receiving the response of the lock;
and 2.5.3, generating a lock operation instruction by the mobile terminal APP according to the user permission, encrypting the lock operation instruction by using a secondary AES key to form an operation ciphertext, sending the operation ciphertext to the unlocking device by the mobile terminal APP, and sending the operation ciphertext to the lock by the unlocking device.
Step 2.5.4, the tool to lock utilizes second grade AES secret key to resolve after receiving the operation ciphertext, acquires corresponding tool to lock operating instruction and carries out the action (unblock or shutting) of response according to tool to lock operating instruction, tool to lock monitoring operation result to via the unlocking ware to removing end APP answer execution result, remove end APP and receive and take notes relevant operation result, in case remove end APP and server and establish communication connection, remove end APP and just upload to the server with this operation result.
And step 2.5.5, ending.
As shown in fig. 8 to 10, in the offline operation process, after the lock is registered in the server, the offline operation authority of the user is that the mobile terminal APP applies for the server or the server actively gives the mobile terminal APP, and the offline authorization specifically includes:
after the lock is registered in the server, if a user applies for an offline operation authority to the server through the mobile terminal APP, or the server actively gives the offline operation authority to the user, the server judges whether the user ID and the unlocking device ID are legal or not, if the user ID and the unlocking device ID are both legal, the server randomly generates a 128-bit temporary authorization code (namely a secondary AES key), and then encrypts the secondary AES key and the corresponding lock ID by using the primary AES key to form an authorization ciphertext; the server sends the authorization ciphertext, the second-stage AES key and the corresponding lock ID to the mobile terminal APP, and the mobile terminal APP receives and stores the authorization ciphertext, the second-stage AES key and the corresponding lock ID, so that the offline operation authorization of the user is completed.
The key point of the invention is that the invention comprises two parts of lock registration and lock operation, and the lock operation comprises on-line operation and off-line operation. The register of the lock adopts an RSA asymmetric encryption technology, so that the reliability and safety of key agreement are guaranteed, meanwhile, the primary AES keys issued by the server when different locks are registered are different, the uniqueness of lock communication encryption is guaranteed, even if the AES keys of individual locks are cracked, the safety of other locks in the lock system can be still guaranteed, and the reliability of the whole lock communication is enhanced. And the online operation of tool to lock is after tool to lock registers in the server, and removes the unblock or the shutting operation to the tool to lock under the prerequisite that end APP is connected with the server, and under the online operation, the operating instruction of tool to lock utilizes one-level AES secret key to carry out encryption processing in the server, then from carrying out the unblock or shutting operation through communication media such as removal end APP, unlocking ware, the tool to lock after the deciphering. In the whole online operation process, the mobile terminal APP and the unlocking device are only responsible for data transmission of data and cannot tamper with the lockset operation ciphertext, so that the safety and reliability of lockset operation are guaranteed. The off-line operation of tool to lock is removing end APP and server and not being connected, and the user has the unblock or the shutting operation to the tool to lock under the prerequisite of off-line operation authorization, and under the off-line operation, the operating instruction of tool to lock utilizes second grade AES secret key to carry out encryption processing in removing end APP, then from transmitting to the tool to lock through the unlocker, the tool to lock execution after the deciphering is unblock or the shutting operation. In the offline operation of the lockset, a mobile terminal APP user needs to obtain offline operation authorization from a server, the server uses a second-level AES key to authorize the mobile terminal APP user within a controllable authority range, and if the second-level AES key of the mobile terminal APP user leaks, the server can use a first-level AES key to clear the second-level AES key so as to ensure the safety and reliability of the lockset system.
The above description is only exemplary of the present invention and is not intended to limit the technical scope of the present invention, so that any minor modifications, equivalent changes and modifications made to the above exemplary embodiments according to the technical spirit of the present invention are within the technical scope of the present invention.

Claims (4)

1. The utility model provides a tool to lock management and control method based on double keys, its based on by server, removal end APP, unlocking ware and the tool to lock system realization that the tool to lock is constituteed, server and removal end APP communication connection, removal end APP and unlocking ware communication connection, and unlocking ware and tool to lock carry out communication connection, its characterized in that: the lock management and control method comprises two parts of lock registration and lock operation, and specifically comprises the following steps:
step 1, registering locks
Step 1.1, when the unlocking device is in contact communication with the lock, the lock judges whether the unlocking device is registered in a server or not, if the lock is not registered, the lock randomly generates a 128-bit RSA public and private key, and simultaneously sends the ID of the lock and an RSA public key corresponding to the lock to the unlocking device;
step 1.2, after receiving the ID of the lock and a corresponding RSA public key, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds to the lock to register errors; if the communication connection between the mobile terminal APP and the unlocking device is established, the unlocking device sends the unlocking device ID and the received lockset ID and RSA public key to the mobile terminal APP;
step 1.3, after receiving the unlocking device ID, the lockset ID and the RSA public key, the mobile terminal APP judges whether the mobile terminal APP is online or not, and if the mobile terminal APP is not online, the mobile terminal APP responds to the lockset through the unlocking device to register errors; if the mobile terminal APP is online, the mobile terminal APP sends the user ID and the unlocking device ID, the lockset ID and the RSA public key received by the user ID to the server;
step 1.4, after receiving the user ID, the unlocking device ID, the lock ID and the RSA public key, the server judges whether the user ID and the unlocking device ID are legal or not, and if the user ID or the unlocking device ID is illegal, the lock registration fails; if the user ID and the unlocker ID are both legal, the server randomly generates a 128-bit primary AES key, and encrypts the primary AES key by using the RSA public key received by the server to form encrypted data, wherein the primary AES keys of different locks are different; then, the server sends the encrypted data to the mobile terminal APP, and sends the encrypted data to the lock through the mobile terminal APP and the unlocking device; the lockset decrypts the encrypted data by using an RSA private key, obtains and records a primary AES key, and completes lockset registration;
step 2, operation of the lockset
Step 2.1, contacting the unlocking device with the lock, judging whether the lock is registered in the server or not by the lock, and if the lock is not registered in the server, performing the registration operation of the lock; if the lock is registered in the server, the lock sends a lock ID to the unlocking device;
step 2.2, after receiving the ID of the lock, the unlocking device judges whether the lock is connected with the APP of the mobile terminal, and if the lock is not connected with the APP of the mobile terminal, the unlocking device responds an error to the lock; if the mobile terminal APP is connected with the unlocking device, the unlocking device sends an unlocking device ID and a lock ID to the mobile terminal APP;
step 2.3, after receiving the unlocking device ID and the lock ID, the mobile terminal APP judges whether the unlocking device ID and the lock ID are online, and if the mobile terminal APP is online, online operation of the lock is carried out; and if the mobile terminal APP is not on line, performing off-line operation on the lockset.
2. The method for managing and controlling a lock based on double keys as claimed in claim 1, wherein: the lock has the following online operation:
step 2.4.1, the mobile terminal APP sends a user ID, an unlocking device ID, a lock ID and a lock operation instruction to the server, the server receives the user ID, the unlocking device ID, the lock ID and the lock operation instruction and then judges whether the user ID, the unlocking device ID and the lock ID are legal or not, and if the user ID, the unlocking device ID or the lock ID are illegal, the server responds to the lock by the mobile terminal APP and the unlocking device; if the user ID, the unlocking device ID and the lock ID are legal, the step 2.4.2 is carried out;
step 2.4.2, the server further judges whether the user ID has an operation authority, if the user ID does not have the operation authority, the server responds an error to the lockset through the mobile terminal APP and the unlocking device; if the user ID has the operation authority, the server encrypts a lockset operation instruction applied by the user ID by using a 128-bit AES key to form an operation ciphertext, then sends the operation ciphertext to the mobile terminal APP, and forwards the operation ciphertext to the lockset through the mobile terminal APP and the unlocking device;
step 2.4.3, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the primary AES key to obtain a corresponding lock operation instruction, and executes a response action according to the lock operation instruction, the lock monitors an operation result, responds the execution result to the server through the unlocking device and the mobile terminal APP, and the server receives and records a related operation result;
and 2.4.4, ending.
3. The method for managing and controlling a lock based on double keys as claimed in claim 1, wherein: after the lockset is registered in the server, a user acquires an offline operation authority, which specifically comprises the following steps:
if the user applies offline operation authority to the server through the mobile terminal APP, or the server actively gives the offline operation authority to the user, the server judges whether the user ID and the unlocking device ID are legal, if the user ID and the unlocking device ID are both legal, the server randomly generates 128 bits, namely a secondary AES key, and then encrypts the secondary AES key and the corresponding lock ID by using the primary AES key to form an authorization ciphertext; the server sends the authorization ciphertext, the second-stage AES key and the corresponding lock ID to the mobile terminal APP, and the mobile terminal APP receives and stores the authorization ciphertext, the second-stage AES key and the corresponding lock ID, so that the offline operation authorization of the user is completed;
remove end APP and issue the tool to lock through the unlocking ware with the ciphertext of authorizing, the tool to lock utilizes one-level AES secret key to decipher the ciphertext of authorizing, acquires the second grade secret key and saves.
4. The method for managing and controlling the double-key-based lock according to claim 3, wherein: the offline operation of the lock is as follows:
step 2.5.1, the mobile terminal APP judges whether the user has the offline operation authority, namely whether the user stores an authorization ciphertext, a secondary AES key and a corresponding lock ID, and when the user stores the authorization ciphertext, the user is judged to have the offline operation authority; the mobile terminal APP further judges whether the mobile terminal APP sends an authorization ciphertext to the corresponding lock, and if not, the step 2.5.2 is carried out; if yes, entering step 2.5.3;
step 2.5.2, the mobile terminal APP sends an authorization ciphertext to the lock through the unlocking device, the unlocking device decrypts the authorization ciphertext according to the first-stage AES key when the unlocking device registers to obtain a second-stage AES key and temporarily store the second-stage AES key, then the mobile terminal APP responds successfully through the unlocking device, and the mobile terminal APP enters step 2.5.3 after receiving the response of the lock;
step 2.5.3, the mobile terminal APP generates a lock operation instruction according to the user authority, the lock operation instruction is encrypted by using a secondary AES key to form an operation ciphertext, the mobile terminal APP sends the operation ciphertext to the unlocking device, and the unlocking device sends the operation ciphertext to the lock;
step 2.5.4, after receiving the operation ciphertext, the lock analyzes the operation ciphertext by using the second-level AES key to obtain a corresponding lock operation instruction and execute a response action according to the lock operation instruction, the lock monitors an operation result and responds the execution result to the mobile terminal APP through the unlocking device, the mobile terminal APP receives and records the relevant operation result, and once the mobile terminal APP establishes communication connection with the server, the mobile terminal APP uploads the operation result to the server;
and step 2.5.5, ending.
CN201910329467.3A 2019-04-23 2019-04-23 Double-key-based lockset control method Active CN110086863B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910329467.3A CN110086863B (en) 2019-04-23 2019-04-23 Double-key-based lockset control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910329467.3A CN110086863B (en) 2019-04-23 2019-04-23 Double-key-based lockset control method

Publications (2)

Publication Number Publication Date
CN110086863A CN110086863A (en) 2019-08-02
CN110086863B true CN110086863B (en) 2021-10-08

Family

ID=67416239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910329467.3A Active CN110086863B (en) 2019-04-23 2019-04-23 Double-key-based lockset control method

Country Status (1)

Country Link
CN (1) CN110086863B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102750785A (en) * 2012-06-19 2012-10-24 中国工商银行股份有限公司 ATM (Automatic Teller Machine) and security authentication system of ATM
CN105184912A (en) * 2015-07-15 2015-12-23 深圳市物联锁科技有限公司 Intelligent lock monitoring system based on Internet of Things and intelligent lock
CN107135248A (en) * 2017-03-20 2017-09-05 黄思颖 Intelligent domestic system
CN107507303A (en) * 2017-07-07 2017-12-22 安徽德诺科技股份公司 The method for unlocking of intelligent lock system and smart lock
CN107742339A (en) * 2017-09-30 2018-02-27 泉州国光软件开发有限责任公司 A kind of management method of the passive electronic lockset based on platform
CN109191616A (en) * 2017-07-07 2019-01-11 安徽德诺科技股份公司 intelligent lock system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IN2015CH04016A (en) * 2015-08-03 2015-08-14 Varadharajan Marur Srikrishna

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102750785A (en) * 2012-06-19 2012-10-24 中国工商银行股份有限公司 ATM (Automatic Teller Machine) and security authentication system of ATM
CN105184912A (en) * 2015-07-15 2015-12-23 深圳市物联锁科技有限公司 Intelligent lock monitoring system based on Internet of Things and intelligent lock
CN107135248A (en) * 2017-03-20 2017-09-05 黄思颖 Intelligent domestic system
CN107507303A (en) * 2017-07-07 2017-12-22 安徽德诺科技股份公司 The method for unlocking of intelligent lock system and smart lock
CN109191616A (en) * 2017-07-07 2019-01-11 安徽德诺科技股份公司 intelligent lock system
CN107742339A (en) * 2017-09-30 2018-02-27 泉州国光软件开发有限责任公司 A kind of management method of the passive electronic lockset based on platform

Also Published As

Publication number Publication date
CN110086863A (en) 2019-08-02

Similar Documents

Publication Publication Date Title
CN110086864B (en) Method for offline management and control by using double keys of lock
CN108055235B (en) Control method of intelligent lock, related equipment and system
JP5257814B2 (en) Secret key registration system and secret key registration method
CN101272301B (en) Safety access method of wireless metropolitan area network
CN105184929A (en) Intelligent door lock control method and device
CN102664739A (en) PKI (Public Key Infrastructure) implementation method based on safety certificate
CN1747382B (en) Random encryption and identity authentication
CN101272616A (en) Safety access method of wireless metropolitan area network
CN106506149B (en) Key generation method and system between a kind of TBOX terminal and TSP platform
CN103051869A (en) System and method for encrypting camera video in real time
CN107154847A (en) Towards the method for generating cipher code, verification method and its smart machine of offline environment
CN103560892A (en) Secret key generation method and secret key generation device
CN104282058A (en) Unlocking method of Bluetooth-based safety intelligent lock system with video monitoring function
CN106656489B (en) Mobile payment-oriented safety improvement method for information interaction between self-service selling equipment and server
CN104282060B (en) A kind of method for unlocking of safety intelligent lock system
CN103929308A (en) Information verification method applied to RFID card
CN110944327A (en) Information security method and device for rail transit zone controller
CN110574030A (en) Updating biometric template protection keys
CN109922022A (en) Internet of Things communication means, platform, terminal and system
CN110113154B (en) Method for online control by using double keys of lock
CN113115255A (en) Certificate issuing method, secret key authentication method, vehicle unlocking method, equipment and storage medium
CN110086863B (en) Double-key-based lockset control method
CN112530053B (en) Control method and system of intelligent lock, lock equipment, server and storage medium
CN107749795B (en) Automobile remote control method based on rolling code secondary encryption
WO2013025091A1 (en) Mobile access control system involving a quantum random number generator

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant