CN111080845B - Temporary unlocking method, system, door lock, administrator terminal and readable storage medium - Google Patents

Temporary unlocking method, system, door lock, administrator terminal and readable storage medium Download PDF

Info

Publication number
CN111080845B
CN111080845B CN201911037465.3A CN201911037465A CN111080845B CN 111080845 B CN111080845 B CN 111080845B CN 201911037465 A CN201911037465 A CN 201911037465A CN 111080845 B CN111080845 B CN 111080845B
Authority
CN
China
Prior art keywords
door lock
temporary unlocking
key
encryption key
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911037465.3A
Other languages
Chinese (zh)
Other versions
CN111080845A (en
Inventor
严可
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Goodix Technology Co Ltd
Original Assignee
Shenzhen Goodix Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Goodix Technology Co Ltd filed Critical Shenzhen Goodix Technology Co Ltd
Priority to CN201911037465.3A priority Critical patent/CN111080845B/en
Publication of CN111080845A publication Critical patent/CN111080845A/en
Application granted granted Critical
Publication of CN111080845B publication Critical patent/CN111080845B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted

Abstract

The embodiment of the invention relates to the technical field of intelligent door locks, and discloses a temporary unlocking method, a temporary unlocking system, a door lock, an administrator terminal and a readable storage medium. In the present invention, the temporary unlocking method includes: generating a first encryption key according to the received administrator password; generating a temporary unlocking password according to first key information at least comprising a first encryption key; when temporary unlocking information matched with the temporary unlocking password is received, judging that the unlocking is successful; the temporary unlocking information is generated by the administrator terminal according to the second key information and is sent to the visitor terminal for the visitor to unlock; the second key information at least comprises a second encryption key which is the same as the first encryption key, and the second encryption key is acquired from the door lock when the administrator terminal is paired with the door lock, or is generated based on the received administrator password, so that the leakage of temporary unlocking information caused by the fact that the cloud server is attacked can be avoided, the safety of temporary unlocking is improved, and meanwhile, the temporary authorization of the administrator to the visitor is facilitated.

Description

Temporary unlocking method, system, door lock, administrator terminal and readable storage medium
Technical Field
The embodiment of the invention relates to the technical field of intelligent door locks, in particular to a temporary unlocking method, a temporary unlocking system, a door lock, an administrator terminal and a readable storage medium.
Background
With the rapid development and wide application of the internet of things technology, the interconnection between the intelligent door lock and the cloud server gradually becomes an irreversible trend. However, as an important entrance of home security, the security of the smart door lock is a major concern. In the related art, the cloud server stores key information capable of calculating the temporary unlocking information.
However, the inventors found that at least the following problems exist in the related art: the cloud server serves as a center of the network and faces threats such as internal stealing and external attack, if the cloud server is attacked, key information stored in the cloud server is easily leaked, an attacker can crack temporary unlocking information, and the safety of temporary unlocking is low.
Disclosure of Invention
The embodiment of the invention aims to provide a temporary unlocking method, which can avoid the leakage of temporary unlocking information caused by the attack of a cloud server, improve the safety of temporary unlocking and facilitate the temporary authorization of an administrator to a visitor.
In order to solve the above technical problem, an embodiment of the present invention provides a temporary unlocking method applied to a door lock, including: generating a first encryption key according to the received administrator password; generating a temporary unlocking password according to the first key information; wherein the first key information includes at least the first encryption key; when temporary unlocking information matched with the temporary unlocking password is received, judging that unlocking is successful; the temporary unlocking information matched with the temporary unlocking password is generated by the administrator terminal according to second key information and is sent to the visitor terminal for the visitor to unlock; the second key information at least includes a second encryption key that is the same as the first encryption key, and the second encryption key is obtained from the door lock by the administrator terminal when the door lock is paired with the administrator terminal, or is generated based on the received administrator password.
The embodiment of the invention also provides a temporary unlocking method, which is applied to an administrator terminal and comprises the following steps: generating a second encryption key based on the received administrator password, or taking a first encryption key acquired from the door lock when paired with the door lock as the second encryption key; wherein the first encryption key is the same as the second encryption key and is generated by the door lock based on the received administrator password; generating temporary unlocking information matched with the temporary unlocking password according to the second key information; wherein the second key information includes at least the second encryption key; the temporary unlocking password is generated by the door lock according to the first key information and is used for being matched with the received temporary unlocking information during unlocking; the first key information includes at least the first encryption key; and sending the temporary unlocking information matched with the temporary unlocking password to a visitor terminal for the visitor to unlock.
Embodiments of the present invention also provide a door lock including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the above-described temporary unlocking method applied to a door lock.
An embodiment of the present invention further provides an administrator terminal, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the above-described temporary unlocking method applied to the administrator terminal.
The embodiment of the invention also provides a temporary unlocking system, which comprises an administrator terminal and a door lock; the door lock generates a first encryption key according to the received administrator password, and generates a temporary unlocking password according to first key information at least comprising the first encryption key; the administrator terminal generates a second encryption key based on the received administrator password, or generates temporary unlocking information matched with the temporary unlocking password according to second key information at least comprising the second encryption key by taking a first encryption key acquired from the door lock when the administrator terminal is paired with the door lock as the second encryption key; and the administrator terminal sends the temporary unlocking information matched with the temporary unlocking password to the visitor terminal for the visitor to unlock.
An embodiment of the present invention also provides a computer-readable storage medium storing a computer program, which when executed by a processor, implements the above-described temporary unlocking method applied to a door lock, or implements the above-described temporary unlocking method applied to an administrator terminal.
Compared with the prior art, the method and the system have the advantages that the door lock generates a first encryption key according to the received administrator password; generating a temporary unlocking password according to first key information at least comprising a first encryption key; when temporary unlocking information matched with the temporary unlocking password is received, judging that the unlocking is successful; the temporary unlocking information matched with the temporary unlocking password is generated by the administrator terminal according to the second key information and is sent to the visitor terminal for the visitor to unlock; the second key information at least comprises a second encryption key which is the same as the first encryption key, and the second encryption key is acquired from the door lock when the administrator terminal is paired with the door lock, or is generated based on the received administrator password. That is, a first encryption key of the door lock is generated by the door lock based on the received administrator password, and a second encryption key in the administrator terminal that is the same as the first encryption key may be acquired from the door lock based on pairing with the door lock, or generated based on the received administrator password. In other words, no matter how the first encryption key obtained by the door lock or the second encryption key obtained by the administrator terminal passes through the cloud server, the cloud server cannot obtain the second encryption key generated according to the administrator password. Since the second encryption key is a necessary condition for obtaining the temporary unlocking information, even if the cloud server is attacked by an attacker, the second encryption key cannot be leaked. Moreover, the password of the administrator is usually only known by the administrator and cannot be known by an attacker, so that the temporary unlocking information cannot be cracked, and the temporary unlocking safety is improved. In addition, the administrator only needs to keep and manage the password of the administrator, no extra keeping burden is provided, and the administrator can conveniently and temporarily authorize the visitor.
In addition, the first key information and the second key information respectively further include a shared key which is generated by negotiation when the door lock is paired with the administrator terminal. The secret key is shared between the administrator terminal and the door lock during pairing, so that the privacy degree of the temporary unlocking information and the temporary unlocking password calculated by the administrator terminal and the door lock can be further improved. Meanwhile, the shared key is generated by negotiation when the door lock is matched with the administrator terminal, namely only the administrator terminal and the door lock know the shared key, and a third party cannot know the shared key, so that the technical difficulty of cracking the temporary unlocking information by the third party is increased, and the unlocking safety is further improved.
In addition, the first key information also comprises a random number generated by the door lock after a preset trigger condition is detected; the method further comprises the following steps: encrypting the random number by using the first encryption key, and sending the encrypted random number to the administrator terminal through a cloud server so that the administrator terminal can decrypt the random number based on the second encryption key to obtain the random number; wherein the second key information further includes the random number. The random number generated by the door lock is beneficial to increasing the randomness of generating temporary unlocking information and temporary unlocking passwords, so that the temporary unlocking information and the temporary unlocking passwords are not easy to crack. And the random number is encrypted by adopting the first encryption key and then uploaded to the cloud server for backup, so that the administrator terminal can acquire the encrypted random number from the cloud server and decrypt the encrypted random number by utilizing the second encryption key to obtain the random number. Moreover, since the cloud server stores the random number encrypted by the first encryption key, even if the cloud server is attacked and the encrypted random number is leaked, the third party cannot know the second encryption key which can be decrypted, and cannot crack the second encryption key to obtain the random number.
In addition, the preset trigger conditions include: and when the door lock receives temporary unlocking information matched with the temporary unlocking password, the door lock is judged to be successfully unlocked. Namely, after the temporary unlocking is successful, the door lock generates a random number to update the temporary unlocking password and the temporary unlocking information, so that the unlocking safety is ensured.
In addition, the method further comprises: encrypting the shared key by using the first encryption key, and backing up the encrypted shared key to a cloud server; wherein the encrypted shared key is decryptable by the second encryption key in the administrator terminal. The shared key is encrypted by the first encryption key and then uploaded to the cloud server for backup, so that the administrator terminal can download the encrypted shared key through the cloud server, and the shared key can be obtained by decryption through the second encryption key. Moreover, when the shared key of the administrator terminal is lost, the shared key does not need to be generated through the pairing negotiation between the administrator terminal and the door lock again, and the remote authorization of the visitor is conveniently realized. Meanwhile, the cloud server stores the shared key encrypted by the encryption key, so that even if the cloud server is attacked and the encrypted shared key is leaked, the third party cannot know the second encryption key and cannot crack the second encryption key to obtain the shared key.
Additionally, the second encryption key is generated based on the received administrator password; after the generating a second encryption key based on the received administrator password, further comprising: deleting the administrator password. The method is favorable for avoiding leakage of the administrator password caused by attack of the administrator terminal and ensuring the security of the administrator password.
Drawings
One or more embodiments are illustrated by the corresponding figures in the drawings, which are not meant to be limiting.
Fig. 1 is a flowchart of a temporary unlocking method according to a first embodiment of the present invention;
fig. 2 is a flowchart of a temporary unlocking method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a temporary unlocking method according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of a temporary unlocking system according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural view of a door lock according to a fifth embodiment of the present invention;
fig. 6 is a schematic configuration diagram of an administrator terminal according to a sixth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present invention, and the embodiments may be mutually incorporated and referred to without contradiction.
A first embodiment of the present invention relates to a temporary unlocking method applied to a door lock. It is to be understood that in a specific implementation, the temporary unlocking method may also be applied to a device which has the same property as a door lock and can be unlocked temporarily, such as a smart safe lock. The implementation details of the temporary unlocking method of the present embodiment are specifically described below, and the following description is only provided for the convenience of understanding, and is not necessary for implementing the present embodiment.
For ease of understanding, reference will first be made to this embodiment and to the following embodiments: the administrator, the administrator password, the temporary unlocking password and the application scene of temporary unlocking are simply explained as follows:
an administrator may be understood as a person responsible for managing the door lock. For a household door lock, an administrator can be understood as a member in the family who is responsible for managing the door lock; for non-home door locks, such as a corporate door lock, the administrator may understand the employee of the corporate employee who is responsible for managing the door lock.
The administrator password can be understood as a password set by an administrator and only known by the administrator, and the administrator password can be simultaneously used for unlocking by the administrator and enabling the door lock to generate a temporary unlocking password; or can be used alone to make the door lock generate a temporary unlocking code. A specific implementation manner of the door lock generating the temporary unlocking password will be specifically described in the second half of the present embodiment, and will not be described herein.
The temporary unlocking password can be understood as a password generated by the door lock and used for verifying the identity of a visitor, so that the visitor can temporarily unlock the door lock after verification. Wherein, the visitor can be a cleaning person, a maintenance person and other visitors; for the household door lock, the visitor can also be a member other than the family member, such as a relative and a friend of the family member, and for the door lock of the company, the visitor can also be a member who does not belong to the staff in the company but needs to be temporarily unlocked, such as a company client.
The temporary unlocking information can be understood as information generated by the administrator terminal and used for being sent to the visitor terminal, so that the visitor can utilize the information to perform temporary unlocking. The administrator terminal may be a terminal representing an identity of an administrator, such as a mobile phone, an intelligent bracelet, an intelligent watch, and the like used by the administrator. The visitor terminal may be understood as a terminal characterizing the identity of the visitor. In addition, a specific implementation manner of the administrator terminal generating the temporary unlocking information will be specifically described in the second half of the present embodiment, and will not be described herein.
The following description will be given by taking temporary unlocking based on home door lock as an example: the visitor can inform the administrator of the visiting information through the terminal equipment such as the mobile phone in advance, and under the condition that the administrator is not at home or does not want to open the door in person and the like, the administrator can use the administrator terminal to send the generated temporary unlocking information to the visitor terminal, so that the visitor can use the temporary unlocking information to realize temporary unlocking of the door lock.
In one example, the door lock may be a fingerprint lock, the fingerprint lock is generally provided with a fingerprint identification area and a keyboard area, the fingerprint identification area may be used for unlocking by inputting a fingerprint, and the keyboard area may be used for unlocking by inputting a character. For example, the fingerprint lock is a door lock of a company gate, so that employees in the company can input fingerprints in advance, and input the fingerprints in a fingerprint identification area when unlocking is needed, so that unlocking is completed after verification is passed. An employee, namely an administrator, in the company, who is responsible for managing the fingerprint lock can input a preset administrator password (letters, numbers, symbols or any combination thereof) in a keyboard area of the fingerprint lock, so that the fingerprint lock can generate a temporary unlocking password according to the administrator password. When a visitor comes to visit, the administrator can use the administrator terminal to send the temporary unlocking information generated according to the administrator password to the visitor, so that the visitor can input the received temporary unlocking information in the keyboard area of the fingerprint lock. The fingerprint lock matches the received temporary unlocking information with the generated temporary unlocking password, and the unlocking is successful if the matching is successful.
As shown in fig. 1, the temporary unlocking method in this embodiment specifically includes:
step 101: a first encryption key is generated based on the received administrator password.
The administrator password received by the door lock can be a password set when the door lock is paired with an administrator terminal, and generally comprises 6-8 digits. The administrator can be understood as a master of the door lock, the administrator terminal is a terminal used for representing the identity of the administrator, and the terminal can be a mobile phone, an intelligent bracelet, an intelligent watch and other devices used by the administrator.
In one example, the triggering manner of step 101 may be: the door lock is provided with a function key triggered only by the authority of an administrator, and if the door lock detects that the function key is pressed down, the first encryption key can be generated according to the received administrator password if the door lock receives the administrator password. For example, the door lock is a fingerprint lock, and in the fingerprint information recorded by the fingerprint lock, the fingerprint information of the administrator is marked. Before the administrator presses the function key, the administrator inputs the fingerprint firstly, and when the fingerprint lock detects that the input fingerprint is the marked fingerprint, the administrator is determined to operate the door lock at present. At this point, if it is detected that the function key is pressed again, step 101 may be triggered. In a specific implementation, the administrator may further press the function key first, and when detecting that the function key is pressed, the fingerprint lock sends out indication information to indicate the administrator to input authentication information, where the authentication information may be fingerprint information. After the fingerprint lock passes the authentication, step 101 is triggered.
In another example, the triggering manner of step 101 may be: when the door lock is paired with the administrator terminal, that is, when near field communication is established, the administrator terminal sends preset trigger information to the door lock, and the door lock starts to execute step 101 after receiving the trigger information. The trigger information may be set according to actual needs, and this embodiment is not particularly limited to this.
In one example, the manner in which the door lock receives the administrator password may be: and receiving the administrator password input by the administrator through the door lock keyboard, for example, when the door lock is in an open state, setting the administrator password through the back surface of the probe lock, namely the keys of the indoor part of the door lock.
In another example, the manner in which the door lock receives the administrator password may be: when the administrator terminal is matched with the door lock, the administrator password is transmitted to the door lock through the administrator terminal. The administrator terminal and the door lock are paired, so that near field communication is established between the administrator terminal and the door lock, an administrator password is input into the administrator terminal after near field connection, and then the administrator terminal sends the administrator password to the door lock based on the near field connection. The Near Field connection between the door lock and the administrator terminal may be a bluetooth connection, a Near Field Communication (NFC) connection, or the like. For example, an application program capable of managing the door lock is installed in the administrator terminal, and the administrator password can be synchronized to the door lock through the application program. It is worth mentioning that if the administrator password is transmitted to the door lock based on the near field communication established between the administrator terminal and the door lock, the administrator terminal can destroy the administrator password immediately after transmitting the administrator password to the door lock, which is beneficial to avoiding the leakage of the administrator password after the administrator terminal is attacked.
In addition, the door lock may store the administrator password in a memory within the door lock after receiving the administrator password. In specific implementation, in order to ensure the security of storage, the administrator password can be encrypted, and the encrypted administrator password is stored in a memory in the door lock.
Specifically, the method for generating the first encryption key by the door lock according to the received administrator password may be as follows: and splicing a preset character string after the administrator password, and calculating by using a one-way hash function. The one-way hash function is that an encryption key can be directly calculated through an administrator password, but the administrator password cannot be reversely deduced according to the encryption key. In a specific implementation, the one-way Hash function may be a Secure Hash function (SHA), such as the SHA2/SHA3/SM3 family. The preset character string may be set according to actual needs, for example, it may be: a door lock number, a user ID, a user nickname, pairing time, a random number, and the like, which is not specifically limited in this embodiment. Because the password of the administrator is usually simple and easy to remember, even if the first encryption key generated after splicing the character strings is stolen by an attacker, the attacker cannot guess the password of the administrator violently in a password dictionary mode, and the security of the first encryption key is improved. In one example, if the first encryption key is key, the administrator password is password, and the splicing string is string, then the first encryption key is: key H (password string), where H () is a one-way hash function.
It should be noted that the first encryption key in the door lock is substantially the same as the second encryption key in the administrator terminal mentioned below. It is understood that the encryption key in the door lock is referred to as a first encryption key, and the encryption key in the administrator terminal is referred to as a second encryption key. The references hereinafter to the first encryption key and the second encryption key may also be replaced by encryption keys.
In one example, after the door lock generates the first encryption key, a character string spliced after the administrator password may be synchronized to a cloud server, and the cloud server stores the character string. After the first encryption key in the administrator terminal is lost due to loss, damage or reset of the administrator terminal, the administrator logs in the cloud server by using a new mobile phone through modes of mobile phone numbers, short message verification codes and the like, and downloads the character strings stored by the cloud server. The new mobile phone can require an administrator to input an administrator password, then recalculate the administrator password and the downloaded character string through a one-way hash function to obtain an encryption key, and destroy the administrator password after obtaining the encryption key.
In one example, the first encryption key may be updated by resetting the administrator password or altering a string spliced after the administrator password.
Step 102: and generating a temporary unlocking password according to the first key information.
Wherein the first key information includes at least a first encryption key. The temporary unlocking password is used for matching with the received temporary unlocking information during unlocking.
Specifically, the first encryption key may be spliced with a number or a character, and a Pseudo random function (PRF function for short) is used to generate the temporary unlocking password. For example, the door lock keyboard is provided with keys 0 to 9, the temporary unlocking password is designed to be 8-digit, the pra function may adopt SHA2 to 256, and N temporary unlocking passwords are designed to be generated, and the ith (i ═ 1,1,2, …, N) temporary unlocking password (denoted as keyword (i)) may be calculated as follows:
keyword (i) ═ SHA2-256 (encryption key | | i)% 100000000
The symbol | | represents the concatenation of the character strings, and SHA2-256 is an Algorithm in a Secure Hash Algorithm (SHA for short) family.
It should be noted that the number of the temporary unlocking passwords generated by the door lock can be set according to actual needs. In one example, the door lock may generate a temporary unlocking code for each time and store the temporary unlocking code in the door lock, and delete the temporary unlocking code if the temporary unlocking code is successfully matched once or for a preset number of times. Then, different numbers are spliced after the first encryption key according to the formula to generate a new temporary unlocking password. In another example, the door lock may generate a plurality of temporary unlocking passwords at a time to be stored in the door lock, the door lock unlocks after receiving temporary unlocking information matched with any one of the stored temporary unlocking passwords, and the temporary unlocking password is deleted after one of the temporary unlocking passwords is successfully matched once or for a preset number of times. The preset times can be set according to actual needs, the use times of the temporary unlocking password are limited, and the safety of temporary unlocking is guaranteed. Because a plurality of generated temporary unlocking passwords are stored in the door lock, the tolerance to network faults from the door lock to the cloud server is high, the generation of the temporary unlocking passwords is not influenced even if long-time network faults occur, the administrator terminal can still calculate disposable temporary unlocking information, and the temporary unlocking information is remotely authorized to the visitor for unlocking the visitor. Meanwhile, the door lock does not need to acquire information from a cloud server through a network frequently, and can sleep for a long time, so that the service life of a battery in the door lock is prolonged.
In one example, in addition to the first encryption key and the second encryption key, any one or a combination of the following may be included in the first key information and the second key information: when the door lock is matched with the administrator terminal, a shared secret key generated through negotiation, a door lock random number generated by the door lock and a cloud random number generated by the cloud server are generated. The following description sequentially describes the shared secret key, the door lock random number and the cloud random number:
in one example, the first key information and the second key information may each further include: and when the door lock is matched with the administrator terminal, the generated shared secret key is negotiated. Specifically, when the administrator terminal is paired with the door lock, data interaction can be performed in a near field communication manner, and a preset key agreement protocol is used to negotiate and generate a shared key. The key agreement protocol may be an Elliptic curve cryptography (ECDH) algorithm, that is, both the door lock and the administrator terminal use the same public Elliptic curve, for example, a P256 curve recommended by National Institute of Standards and Technology (NIST) may be used, and a generation point of the curve is G (public parameter), then the agreement flow of the shared key is as follows:
1) the door lock generates a random number a, and A is calculated as aG;
2) the administrator terminal generates a random number B, and calculates B as bG;
3) the door lock transmits the A to an administrator terminal; since the discrete logarithm problem of elliptic curves is a difficult problem, an attacker cannot calculate a through A, G;
4) the administrator terminal transmits the B to the door lock;
5) a door lock calculation shared key (noted as DHkey) DHKey is bA;
6) the administrator terminal calculates a shared key DHKey (aB); it can be proven that the shared key calculated by both parties is the same.
In a specific implementation, the negotiated shared secret key may also be: DHKey ═ H (key | | a | | b); the key is an encryption key generated by an administrator.
In an example, the negotiation timing of the shared key may be when the shared key needs to be updated, specifically, the administrator terminal may update the shared key DHKey by updating the random numbers a and b when the administrator terminal is connected to the door lock through near field communication.
In one example, the first key information may further include: the door lock generates a random number after detecting a preset trigger condition. The preset trigger condition may include: when the door lock receives the temporary unlocking information matched with the temporary unlocking password, the door lock is judged to be successfully unlocked, namely the door lock can generate a random number after the temporary unlocking is successful every time. The preset trigger conditions may further include: the door lock generates a random number when detecting that door lock information needs to be uploaded to the cloud server, and the door lock information can be as follows: unlocking information, electric quantity information, time information and the like. In a specific implementation, the door lock may also generate a random number at intervals according to a preset mechanism. When the door lock generates the random number, the door lock and the administrator terminal are not necessarily in communication connection. Therefore, in order for the administrator terminal to obtain the random number generated by the door lock, the door lock may encrypt the random number with the first encryption key, and transmit the encrypted random number to the administrator terminal through the cloud server. For example, the door lock may upload the encrypted random number to a cloud server for storage by the cloud server. In specific implementation, the door lock can carry the encrypted random number in the door lock information which needs to be uploaded to the cloud server, that is, only tens of bytes of random number need to be uploaded, and the protocol overhead can be almost ignored. The administrator can log in the cloud server by using the administrator terminal with the administrator identity, the encrypted random number uploaded by the door lock recently is downloaded, and the administrator terminal can decrypt the random number by using the second encryption key. So that the administrator terminal can generate temporary unlocking information based on the second key information including at least the second encryption key and the door lock random number.
The encryption mode of the random number generated by the door lock can be as follows: first, d ═ CRC32(m) is calculated; then c ═ Crypt (key, m | | d) is calculated; the random number generated by the door lock is recorded as m, the checksum of cyclic Redundancy Check (CRC 32 for short) of 32 codes is recorded as d, and the encrypted random number is recorded as c; the Crypt function can be a symmetric encryption algorithm such as AES, SM2 and the like, and the key is a first encryption key. The manner in which the administrator terminal decrypts the downloaded encrypted random number using the second encryption key may be: firstly, a plaintext and a checksum d are obtained through a decryption algorithm, namely m | | | d ═ Crypt-1(key, c); then, whether d is CRC32(m) is calculated again, if so, the data is correct, otherwise, the data can be tampered by a man-in-the-middle. It should be noted that, since the first encryption key is the same as the second encryption key, the above equations are all represented by keys.
In one example, for the convenience of the user, the cloud server may refuse to update the random number generated by the door lock within a period of time, such as one hour, after the administrator terminal successfully logs in, at this time, the door lock will use the latest random number to calculate the temporary unlocking password, so as to ensure that the validity period of the temporary unlocking information generated by the administrator terminal is at least one hour after the successful logging in.
In one example, the first key information may further include: a random number generated by the cloud server. In order to distinguish the random number generated by the door lock from the random number generated by the cloud server, in the following description, the random number generated by the door lock is referred to as a door lock random _ door, and the random number generated by the cloud server is referred to as a cloud random _ server. The cloud random number may be generated at the following time: and after receiving the door lock information uploaded by the door lock, the cloud server generates a cloud random number and transmits the cloud random number to the door lock. After confirming that the door lock receives the cloud random number, the cloud server can update the random _ server if receiving confirmation receiving information returned by the door lock; the door lock will also synchronously update random _ server in the door lock after returning the acknowledgement receipt message. Namely, the door lock and the cloud server are ensured to synchronously update random _ server. In addition, the administrator terminal may download the random _ server after successfully logging in the cloud server, so that the temporary unlocking information may be generated based on the second key information at least including the second encryption key and the cloud random number.
In one example, the first key information may include: the system comprises a first encryption key, a shared key, a door lock random number and a cloud random number. The second key information may include: a second encryption key, a shared key, a door lock random number and a cloud random number. Wherein the first encryption key is the same as the second encryption key. The door lock can generate a door lock session key firstly according to the first key information, and then calculate a temporary unlocking password according to the door lock session key. The administrator terminal may generate the terminal session key first according to the second key information, and then calculate the temporary unlocking information according to the terminal session key. Normally, since the first key information and the second key information are substantially the same, the generated door lock session key and the terminal session key should theoretically be the same, and the temporary unlocking password calculated by the door lock and the temporary unlocking information calculated by the administrator terminal should theoretically be the same. The following description takes the calculation of the door lock session key as an example:
the calculation of the door lock session key may adopt a PRF function, and an operator of the PRF function is denoted as PRF (i), and may include: the expressions for the encryption key (key), the shared key (DHKey), the door lock random number (random _ door), the cloud random number (random _ server), and the number i, prf (i) may be as follows:
PRF(i)=H(key||DHKey||random_door||random_server||i)
the function H () is a preset hash function, and the symbol | | | represents the concatenation of the character strings.
According to the PRF (i), a session key with N bytes can be generated, namely, the calculation mode of the door lock session key is as follows:
lock session key trunk (N | | PRF (0) | | PRF (1) |
And M is equal to N/Hash _ size, and the Hash _ size is the number of output bytes of the selected Hash function. It is understood that the output of each hash function has a length limit, such as 32 bytes for the SHA2 function mentioned above. If the required number of bytes N of the door lock session key is larger than the number of bytes output by the hash function, the calculated PRF (i) result can be spliced into a character string which is larger than or equal to N bytes, and the first N bytes are taken as the door lock session key. In the above formula, trunc (N, c) represents the first N bytes of the string c, i is made to be 0,1,2, …, M, the calculated prf (i) result is spliced into a string just larger than or equal to N bytes, and the first N bytes are taken as the door lock session key. It should be noted that the way of calculating the session key of the door lock is substantially the same as the way of calculating the session key of the terminal by the administrator terminal, and is not described in detail here to avoid repetition.
Further, the way of the door lock calculating the temporary unlocking password according to the calculated door lock session key may be as follows: and converting the door lock session key according to the door lock design and the length of the required temporary unlocking password to obtain the final temporary unlocking password.
In one example, the door lock is designed to: the length of the needed temporary unlocking password is as follows: the 8-bit PRF function adopts SHA2-256, and n temporary unlocking passwords are designed and generated, and then the calculation method of the ith (i ═ 1,2,3, …, n) temporary unlocking password is denoted as keyword (i) is as follows:
keyword (i) ═ SHA2-256 (door lock session key | | i)% 100000000
In one example, the door lock is designed to: the key keyboard is provided with keys 0-9 and A-F, and the length of the needed temporary unlocking password is as follows: the 8-bit PRF function adopts an SHA3 function, and n temporary unlocking passwords are designed and generated, and then the calculation method of the ith (i ═ 1,2,3, …, n) temporary unlocking password is denoted as keyword (i) is as follows:
keyword (i) trunk (8, SHA3 (door lock session key | | | i))
Namely, the first 8 bytes of the calculation result of the PRF function are taken as the temporary unlocking password.
In one example, the door lock is designed to: the bluetooth key of cell-phone unblanks, and the length of the interim unblock password that needs is: 32 bytes, the PRF function adopts SHA2-256 (32 bytes output) of SHA2 function family, and the calculation mode of the temporary unlocking password key is as follows:
keyword (i) ═ SHA2-256 (door lock session key)
It should be noted that, in the embodiment, only the three examples are described above, and the conversion of the door lock session key to obtain the final temporary unlocking password is taken as an example, which is not limited in the specific implementation. It should be further noted that, since the way of the administrator terminal calculating the temporary unlocking information according to the terminal session key is substantially the same as the way of the door lock calculating the temporary unlocking password according to the door lock session key, no further description is given here to avoid repetition.
In one example, the door lock session key and the terminal session key may be updated at intervals, and the updating may include:
updating of the administrator password: in the unlocking state of the door lock, the door lock and a mobile phone (administrator terminal) can reset an administrator password in a near field communication mode, the reset door lock encrypts and stores the administrator password, and the mobile phone stores an encryption key generated by the administrator, so that an attacker is prevented from directly obtaining the administrator password to obtain unlocking authority.
Updating of the shared key: the door lock and the mobile phone (administrator identity login) can perform key agreement again each time the lock is successfully unlocked, and calculate the same character string, which is the updated shared key. Therefore, the mobile phone and the door lock can synchronously update the shared secret key. And then, the mobile phone or the door lock encrypts the shared key by using the encryption key and uploads the encrypted shared key to the cloud server for storage.
Updating the random number: when the door lock uploads door lock information such as door opening records and electric quantity information, a door lock random number is generated and encrypted by an encryption key, the door lock information is uploaded to a cloud server, and the cloud random number of the cloud server is optionally downloaded. The updating of the random number requires synchronization of the door lock and the cloud server, and if the door lock is not connected with the network, the random number is not updated. When the terminal session key is stolen due to the safety problem of the application program in the mobile phone, the leaked terminal session key can be automatically disabled in a short time through the updating of the door lock random number/the cloud random number.
Updating the random number of the mobile phone terminal: after the mobile phone logs in an application program for managing the door lock, the cloud server issues a random number ciphertext uploaded recently by the door lock after the identity is verified, and the mobile phone decrypts by using the encryption key to obtain the random number of the door lock.
The cloud random number and the door lock random number are updated regularly, so that the temporary unlocking password is updated randomly, even if sensitive information is stolen by a Trojan in a manager terminal, an attacker also needs to obtain APP login credentials at the same time, and the common technical difficulty is very high. Since the APP producer can verify the identity of the login user by using the mobile phone + sms, third party authorization (such as WeChat, QQ credential authorization) and the like, this means that the attacker must control the mobile phone APP and the third party authorization server/sms server at the same time, and then go to the door lock to unlock the lock in this time, it is very difficult to complete the above process in a short time. Meanwhile, the terminal session key stolen by an attacker is invalid due to the update of the random number in a short time, so that the attack of the attacker is extremely difficult.
It can be understood that the encryption key, the shared key, the door lock random number, the cloud random number, the terminal session key, and the door lock session key related in this embodiment are completely transparent to the user, i.e., the administrator, i.e., the user does not need to know, and the user only needs to keep the administrator password, and the management burden of the user on the password is not increased.
Step 103: and when the temporary unlocking information matched with the temporary unlocking password is received, judging that the unlocking is successful.
And the temporary unlocking information matched with the temporary unlocking password is generated by the administrator terminal according to the second key information and is sent to the visitor terminal for the visitor to unlock. The second key information at least comprises a second encryption key which is the same as the first encryption key, and the second encryption key is acquired from the door lock when the administrator terminal is paired with the door lock, or is generated based on the received administrator password.
That is, the administrator terminal may generate the second encryption key based on the received administrator password, or when the door lock is in a paired state with the administrator terminal, the door lock transmits the first encryption key generated based on the administrator password to the administrator terminal, and the administrator terminal takes the received first encryption key as the second encryption key. It is worth mentioning that, if the administrator terminal generates the second encryption key based on the received administrator password, the administrator password in the administrator terminal may be deleted after the second encryption key is generated.
Further, the administrator terminal may generate temporary unlocking information that matches the temporary unlocking password from second key information including at least the second encryption key. The mode of the administrator terminal generating the temporary unlocking information matched with the temporary unlocking password is approximately the same as the mode of the door lock generating the temporary unlocking password, and repeated description is omitted here for avoiding repetition. The manager terminal can send generated temporary unlocking information matched with the temporary unlocking password to the visitor terminal when a visitor needs to temporarily unlock, the visitor inputs the received temporary unlocking information to the door lock, the door lock matches the received temporary unlocking information with the stored temporary unlocking password, and if the matching is successful, namely the received temporary unlocking information is the same as the temporary unlocking password, the unlocking is judged to be successful, and the unlocking is completed.
In one example, the administrator terminal may generate a temporary unlocking message when a visitor requests temporary unlocking, for example, the administrator terminal may open an application program for managing a door lock and click an interface for generating the temporary unlocking message, and then the administrator terminal may generate a temporary unlocking message to be displayed on the interface of the administrator terminal. The administrator can send the generated temporary unlocking information to the visitor terminal through communication modes such as short messages and telephones, so that the visitor terminal can unlock by using the temporary unlocking information.
In another example, the administrator terminal may generate a plurality of temporary unlocking information in advance to be stored in the administrator terminal after acquiring the second encryption key, and after a visitor requests temporary unlocking, the administrator terminal may open an application program for managing a door lock, and click an interface for acquiring the temporary unlocking information, so that any one of the stored temporary unlocking information may be displayed on a screen of the administrator terminal.
The above examples in the present embodiment are only for convenience of understanding, and do not limit the technical aspects of the present invention.
Compared with the prior art, in the embodiment, the first encryption key of the door lock is generated by the door lock based on the received administrator password, and the second encryption key in the administrator terminal, which is the same as the first encryption key, can be obtained from the door lock based on pairing with the door lock, or generated based on the received administrator password. In other words, no matter how the first encryption key obtained by the door lock or the second encryption key obtained by the administrator terminal passes through the cloud server, the cloud server cannot obtain the second encryption key generated according to the administrator password. Because the second encryption key is a necessary condition for obtaining the temporary unlocking information, even if the cloud server is attacked by an attacker, the second encryption key cannot be leaked, the management is facilitated, and the construction and maintenance cost of the information security of the cloud server can be greatly saved. Moreover, the password of the administrator is usually only known by the administrator and cannot be known by an attacker, so that the temporary unlocking information cannot be cracked, and the temporary unlocking safety is improved. In addition, the administrator only needs to keep and manage the password of the administrator, no extra keeping burden is provided, and the administrator can conveniently and temporarily authorize the visitor.
A second embodiment of the present invention relates to a temporary unlocking method, and the temporary unlocking method in this embodiment is shown in fig. 2, and specifically includes:
step 201: a first encryption key is generated based on the received administrator password.
Step 202: a temporary unlocking password is generated from first key information including at least a first encryption key and a shared key.
Steps 201 to 202 are substantially the same as steps 101 to 102 in the first embodiment, except that: the first key information in step 102 includes at least a first encryption key, the first key information in step 202 includes at least a first encryption key and a shared key, and the second key information includes at least a second encryption key and a shared key.
Step 203: and encrypting the shared key by using the first encryption key, and backing up the encrypted shared key to the cloud server.
Wherein the encrypted shared key can be decrypted by a second encryption key in the administrator terminal that is the same as the first encryption key.
Specifically, the way in which the door lock encrypts the shared key by using the first encryption key is substantially the same as the way in which the door lock encrypts the random number of the door lock by using the first encryption key in the first embodiment, and details are not described herein again in order to avoid repetition. The door lock can send the encrypted shared secret key to the cloud server, so that the cloud server can store the encrypted shared secret key. In specific implementation, the shared key is generated by negotiation when the door lock is paired with the administrator terminal, so that the administrator terminal can encrypt the shared key by using a second encryption key which is the same as the first encryption key, and then the administrator terminal sends the encrypted shared key to the cloud server for backup of the cloud server.
In one example, if the administrator terminal loses the shared key due to damage or loss of the administrator terminal, the administrator may log in the cloud server with the administrator identity, and the cloud server allows a new administrator terminal logged in with the administrator identity to download the stored encrypted shared key. The new administrator terminal may recover the second encryption key according to the administrator password re-entered by the administrator, and then decrypt the downloaded encrypted shared key using the second encryption key to recover the shared key on the new administrator terminal.
It should be noted that, in this embodiment, only step 203 is executed after step 202 is executed as an example, and in a specific implementation, step 203 may be executed as long as the first encryption key and the shared key are generated, but this embodiment is not limited to this specifically.
Step 204: and when the temporary unlocking information matched with the temporary unlocking password is received, judging that the unlocking is successful.
Step 204 is substantially the same as step 103 in the first embodiment, and is not repeated here to avoid repetition.
Compared with the prior art, in the embodiment, the shared key is encrypted by the first encryption key and then uploaded to the cloud server for backup, so that the administrator terminal can download the encrypted shared key through the cloud server, and the shared key can be obtained by decryption through the second encryption key. Moreover, when the shared key of the administrator terminal is lost, the shared key does not need to be generated through the pairing negotiation between the administrator terminal and the door lock again, and the remote authorization of the visitor is conveniently realized. Meanwhile, the cloud server stores the shared key encrypted by the encryption key, so that even if the cloud server is attacked and the encrypted shared key is leaked, the third party cannot know the second encryption key and cannot crack the second encryption key to obtain the shared key. Meanwhile, because a trust root, namely an encryption key, can be established in a near field communication mode, and a symmetric encryption and authentication method can be adopted for direct communication or indirect communication between the administrator terminal and the door lock, namely transfer by a cloud server, the cracking difficulty is not lower than that of an asymmetric encryption algorithm, the algorithm efficiency is high, and meanwhile, software/hardware public key module support is not needed, so that the software/hardware cost can be saved.
The third embodiment of the invention relates to a temporary unlocking method, which is applied to an administrator terminal. The implementation details of the temporary unlocking method of the present embodiment are specifically described below, and the following description is only provided for the convenience of understanding, and is not necessary for implementing the present embodiment.
Step 301: and generating a second encryption key based on the received administrator password, or using the first encryption key acquired from the door lock when the door lock is paired as the second encryption key.
Wherein the first encryption key is the same as the second encryption key and is generated by the door lock based on the received administrator password.
Step 302: and generating temporary unlocking information matched with the temporary unlocking password according to the second key information.
The second key information at least comprises a second encryption key, the temporary unlocking password is generated by the door lock according to the first key information and is used for being matched with the received temporary unlocking information during unlocking, and the first key information at least comprises a first encryption key.
Step 303: and sending the temporary unlocking information matched with the temporary unlocking password to the visitor terminal for the visitor to unlock.
Since the unlocking method of the third embodiment is applied to the administrator terminal and the unlocking methods of the first and second embodiments are applied to the door lock, that is, the third embodiment corresponds to the first or second embodiment, the present embodiment can be implemented in cooperation with the first or second embodiment. The related technical details mentioned in the first or second embodiment are still valid in this embodiment, and the technical effects that can be achieved in the first or second embodiment can also be achieved in this embodiment, and are not described here again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the first or second embodiment.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
A fourth embodiment of the present invention relates to a temporary unlocking system, as shown in fig. 4, including: an administrator terminal 401 and a door lock 402.
Specifically, the door lock 402 generates a first encryption key based on the received administrator password, and generates a temporary unlock password based on first key information including at least the first encryption key. The administrator terminal 401 generates a second encryption key based on the received administrator password, or generates temporary unlocking information matched with the temporary unlocking password from second key information at least including the second encryption key, using a first encryption key acquired from the door lock when the door lock is paired as the second encryption key. The administrator terminal 401 sends the temporary unlocking information matched with the temporary unlocking password to the visitor terminal for the visitor to unlock.
This embodiment is an embodiment of a system corresponding to the first to third embodiments. Therefore, this embodiment mode can be implemented in cooperation with the first to third embodiment modes. The related technical details mentioned in the first to third embodiments are still valid in the present embodiment, and the technical effects that can be achieved in the first to third embodiments can also be achieved in the present embodiment, and are not described herein again in order to reduce the repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the first to third embodiments.
A fifth embodiment of the present invention relates to a door lock, as shown in fig. 5, comprising at least one processor 501; and a memory 502 communicatively coupled to the at least one processor 501; the memory 502 stores instructions executable by the at least one processor 501, and the instructions are executed by the at least one processor 501 to enable the at least one processor 501 to execute the temporary unlocking method in the first or second embodiment.
The memory 502 and the processor 501 are coupled by a bus, which may include any number of interconnected buses and bridges that couple one or more of the various circuits of the processor 501 and the memory 502 together. The bus may also connect various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 501 is transmitted over a wireless medium through an antenna, which further receives the data and transmits the data to the processor 501.
The processor 501 is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 502 may be used to store data used by processor 501 in performing operations.
A sixth embodiment of the present invention relates to an administrator terminal, as shown in fig. 6, including at least one processor 601; and a memory 602 communicatively coupled to the at least one processor 601; the memory 602 stores instructions executable by the at least one processor 601, and the instructions are executed by the at least one processor 601 to enable the at least one processor 601 to execute the temporary unlocking method according to the third embodiment.
Where the memory 602 and the processor 601 are coupled by a bus, the bus may comprise any number of interconnected buses and bridges that couple one or more of the various circuits of the processor 601 and the memory 602 together. The bus may also connect various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 601 is transmitted over a wireless medium via an antenna, which further receives the data and transmits the data to the processor 601.
The processor 601 is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. While memory 602 may be used to store data used by processor 601 in performing operations.
A seventh embodiment of the present invention relates to a computer-readable storage medium storing a computer program. The computer program realizes the above-described method embodiments when executed by a processor.
That is, as can be understood by those skilled in the art, all or part of the steps in the method for implementing the embodiments described above may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.

Claims (10)

1. A temporary unlocking method is characterized by being applied to a door lock and comprising the following steps:
generating a first encryption key according to the received administrator password;
generating a temporary unlocking password according to the first key information; wherein the first key information includes at least the first encryption key;
when temporary unlocking information matched with the temporary unlocking password is received, judging that unlocking is successful;
the temporary unlocking information matched with the temporary unlocking password is generated by the administrator terminal according to second key information and is sent to the visitor terminal for the visitor to unlock; the second key information at least comprises a second encryption key which is the same as the first encryption key, and the second encryption key is acquired from the door lock by the administrator terminal when the administrator terminal is paired with the door lock or is generated based on the received administrator password;
the first key information and the second key information respectively further comprise a shared key which is generated by negotiation when the door lock is paired with the administrator terminal; the method further comprises the following steps:
encrypting the shared key by using the first encryption key, and backing up the encrypted shared key to a cloud server; wherein the encrypted shared key is decryptable by the second encryption key in the administrator terminal;
the door lock generates a plurality of temporary unlocking passwords every time and stores the temporary unlocking passwords in the door lock, the door lock unlocks after receiving temporary unlocking information matched with any one of the stored temporary unlocking passwords, and after any one of the temporary unlocking passwords is successfully matched for a preset number of times, the temporary unlocking password which is successfully matched for the preset number of times is deleted.
2. The temporary unlocking method according to claim 1, wherein the first key information further includes a random number generated by the door lock after detecting a preset trigger condition; the method further comprises the following steps:
encrypting the random number by using the first encryption key, and sending the encrypted random number to the administrator terminal through a cloud server so that the administrator terminal can decrypt the random number based on the second encryption key to obtain the random number; wherein the second key information further includes the random number.
3. The temporary unlocking method according to claim 2, wherein the preset trigger condition comprises:
and when the door lock receives temporary unlocking information matched with the temporary unlocking password, the door lock is judged to be successfully unlocked.
4. A temporary unlocking method is applied to an administrator terminal and comprises the following steps:
generating a second encryption key based on the received administrator password, or taking a first encryption key acquired from the door lock when the door lock is paired as the second encryption key; wherein the first encryption key is the same as the second encryption key and is generated by the door lock based on the received administrator password;
generating temporary unlocking information matched with the temporary unlocking password according to the second key information; wherein the second key information includes at least the second encryption key; the temporary unlocking password is generated by the door lock according to the first key information and is used for being matched with the received temporary unlocking information during unlocking; the first key information includes at least the first encryption key;
sending the temporary unlocking information matched with the temporary unlocking password to a visitor terminal for the visitor to unlock;
the first key information and the second key information respectively further comprise a shared key which is generated by negotiation when the door lock is paired with the administrator terminal; the method further comprises the following steps:
encrypting the shared key by using the second encryption key, and backing up the encrypted shared key to a cloud server;
the door lock generates a plurality of temporary unlocking passwords every time and stores the temporary unlocking passwords in the door lock, the door lock unlocks after receiving temporary unlocking information matched with any one of the stored temporary unlocking passwords, and after any one of the temporary unlocking passwords is successfully matched for a preset number of times, the temporary unlocking password which is successfully matched for the preset number of times is deleted.
5. The temporary unlocking method according to claim 4, wherein the first key information further includes a random number generated by the door lock after detecting a preset trigger condition; the method further comprises the following steps:
acquiring the encrypted random number through a cloud server, and decrypting the encrypted random number based on the second encryption key to obtain the random number; the encrypted random number is encrypted by the door lock by using the first encryption key and then sent to the administrator terminal through the cloud server; the second key information further includes the random number.
6. The temporary unlocking method according to claim 4, wherein the second encryption key is generated based on the received administrator password; after the generating a second encryption key based on the received administrator password, further comprising:
deleting the administrator password.
7. A door lock, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the temporary unlocking method of any one of claims 1 to 3.
8. An administrator terminal, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the temporary unlocking method of any one of claims 4 to 6.
9. A temporary unlocking system, comprising: an administrator terminal and a door lock;
the door lock generates a first encryption key according to the received administrator password, and generates a temporary unlocking password according to first key information at least comprising the first encryption key;
the administrator terminal generates a second encryption key based on the received administrator password, or generates temporary unlocking information matched with the temporary unlocking password according to second key information at least comprising the second encryption key by taking a first encryption key acquired from the door lock when the administrator terminal is paired with the door lock as the second encryption key;
the administrator terminal sends the temporary unlocking information matched with the temporary unlocking password to the visitor terminal for the visitor to unlock;
the first key information and the second key information respectively further comprise a shared key which is generated by negotiation when the door lock is paired with the administrator terminal;
the door lock encrypts the shared secret key by using the first encryption secret key, and backs up the encrypted shared secret key to a cloud server; wherein the encrypted shared key is decryptable by the second encryption key in the administrator terminal;
the door lock generates a plurality of temporary unlocking passwords every time and stores the temporary unlocking passwords in the door lock, the door lock unlocks after receiving temporary unlocking information matched with any one of the stored temporary unlocking passwords, and after any one of the temporary unlocking passwords is successfully matched for a preset number of times, the temporary unlocking password which is successfully matched for the preset number of times is deleted.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the temporary unlocking method of any one of claims 1 to 3, or implements the temporary unlocking method of any one of claims 4 to 6.
CN201911037465.3A 2019-10-29 2019-10-29 Temporary unlocking method, system, door lock, administrator terminal and readable storage medium Active CN111080845B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911037465.3A CN111080845B (en) 2019-10-29 2019-10-29 Temporary unlocking method, system, door lock, administrator terminal and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911037465.3A CN111080845B (en) 2019-10-29 2019-10-29 Temporary unlocking method, system, door lock, administrator terminal and readable storage medium

Publications (2)

Publication Number Publication Date
CN111080845A CN111080845A (en) 2020-04-28
CN111080845B true CN111080845B (en) 2022-04-01

Family

ID=70310572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911037465.3A Active CN111080845B (en) 2019-10-29 2019-10-29 Temporary unlocking method, system, door lock, administrator terminal and readable storage medium

Country Status (1)

Country Link
CN (1) CN111080845B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112950815A (en) * 2020-10-16 2021-06-11 云南电网有限责任公司丽江供电局 Control system and control method of intelligent lock
CN112446993B (en) * 2020-12-16 2022-05-20 珠海格力电器股份有限公司 Intelligent door lock system and unlocking method
CN112950817B (en) * 2021-01-28 2022-12-02 深圳市凯迪仕智能科技有限公司 Encryption communication method of split type intelligent lock and split type intelligent lock
CN113554793A (en) * 2021-07-29 2021-10-26 西交利物浦大学 Temporary access method, equipment, storage medium and system of intelligent access control system
CN113706745A (en) * 2021-08-16 2021-11-26 广州朗国电子科技股份有限公司 Method for generating offline password of door lock and related equipment
CN114821860A (en) * 2022-03-30 2022-07-29 深圳绿米联创科技有限公司 Password generation method, device and system and electronic equipment
CN116669020B (en) * 2022-12-29 2024-03-26 荣耀终端有限公司 Password management method, password management system and electronic equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588377A (en) * 2009-06-18 2009-11-25 成都市华为赛门铁克科技有限公司 Obtaining method, system and device of session key
CN104631961A (en) * 2014-02-17 2015-05-20 袁磊 Dynamic password electronic lock system in which password changes according to random codes
CN107358441A (en) * 2017-06-26 2017-11-17 北京明华联盟科技有限公司 Method, system and the mobile device and safety certificate equipment of payment verification
CN107657692A (en) * 2017-09-12 2018-02-02 佛山君兰智能科技有限公司 A kind of temporary password generates system and method
CN108288314A (en) * 2017-12-20 2018-07-17 珠海耀阳电子科技有限公司 It is a kind of intelligence lock cipher generate and verification method
CN108449177A (en) * 2018-03-16 2018-08-24 东莞盛世科技电子实业有限公司 The use control method and system of temporary password
CN109410410A (en) * 2018-11-29 2019-03-01 深圳绿米联创科技有限公司 Method, apparatus, system and the electronic equipment of intelligent door lock Cipher Processing
CN109872436A (en) * 2019-03-20 2019-06-11 苏州迈瑞微电子有限公司 A kind of control method of smart lock, device, system and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005085102A (en) * 2003-09-10 2005-03-31 Canon Inc Guarantee system
US20130159699A1 (en) * 2011-12-16 2013-06-20 F-Secure Corporation Password Recovery Service
CN208272988U (en) * 2017-12-01 2018-12-21 江苏乐希科技有限公司 A kind of coding lock system and device
CN109544747A (en) * 2018-11-20 2019-03-29 北京千丁互联科技有限公司 Encryption key update method, system and the computer storage medium of intelligent door lock
CN110381044A (en) * 2019-07-08 2019-10-25 紫光云技术有限公司 A kind of encryption system based on pluggable key management end

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588377A (en) * 2009-06-18 2009-11-25 成都市华为赛门铁克科技有限公司 Obtaining method, system and device of session key
CN104631961A (en) * 2014-02-17 2015-05-20 袁磊 Dynamic password electronic lock system in which password changes according to random codes
CN107358441A (en) * 2017-06-26 2017-11-17 北京明华联盟科技有限公司 Method, system and the mobile device and safety certificate equipment of payment verification
CN107657692A (en) * 2017-09-12 2018-02-02 佛山君兰智能科技有限公司 A kind of temporary password generates system and method
CN108288314A (en) * 2017-12-20 2018-07-17 珠海耀阳电子科技有限公司 It is a kind of intelligence lock cipher generate and verification method
CN108449177A (en) * 2018-03-16 2018-08-24 东莞盛世科技电子实业有限公司 The use control method and system of temporary password
CN109410410A (en) * 2018-11-29 2019-03-01 深圳绿米联创科技有限公司 Method, apparatus, system and the electronic equipment of intelligent door lock Cipher Processing
CN109872436A (en) * 2019-03-20 2019-06-11 苏州迈瑞微电子有限公司 A kind of control method of smart lock, device, system and storage medium

Also Published As

Publication number Publication date
CN111080845A (en) 2020-04-28

Similar Documents

Publication Publication Date Title
CN111080845B (en) Temporary unlocking method, system, door lock, administrator terminal and readable storage medium
CN106104562B (en) System and method for securely storing and recovering confidential data
CN102546155B (en) On-demand safe key generates method and system
WO2016062157A1 (en) Method, terminal, and network server for information encryption and decryption and key management
US9992017B2 (en) Encrypting and storing data
EP3293995B1 (en) Locking system and secure token and ownership transfer
CN109951513B (en) Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card
CN107306181B (en) Authentication system and encryption and verification method and device of authentication information thereof
CN106464493B (en) Permanent authentication system containing one-time pass code
CN113411187B (en) Identity authentication method and system, storage medium and processor
CN112738064A (en) Method for improving security of SSH protocol based on SM2 and SM4 cryptographic algorithm
US11665539B2 (en) Communication system
CN108206738B (en) Quantum key output method and system
CN114205090B (en) Safe file sharing method and system based on cryptographic algorithm
CN103152326A (en) Distributed authentication method and authentication system
CN112425116B (en) Intelligent door lock wireless communication method, intelligent door lock, gateway and communication equipment
CN107104792B (en) Portable mobile password management system and management method thereof
CN111563980B (en) Bluetooth lock key generation and authentication method
CN111489462B (en) Personal Bluetooth key system
JP6174796B2 (en) Security system, management device, permission device, terminal device, security method, and program
CN111489461B (en) Bluetooth key system for group
CN109922042B (en) Method and system for managing sub-keys of lost equipment
AU2018286642A1 (en) Method and system for providing secure access to secret information
CN115348578B (en) Method and device for tracking contacter
CN115276991B (en) Secure chip dynamic key generation method, secure chip device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant