CN111478918B - Device with access control function - Google Patents

Device with access control function Download PDF

Info

Publication number
CN111478918B
CN111478918B CN202010308850.3A CN202010308850A CN111478918B CN 111478918 B CN111478918 B CN 111478918B CN 202010308850 A CN202010308850 A CN 202010308850A CN 111478918 B CN111478918 B CN 111478918B
Authority
CN
China
Prior art keywords
key
data
virtual
virtual key
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010308850.3A
Other languages
Chinese (zh)
Other versions
CN111478918A (en
Inventor
雷飏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Applied Technology Co Ltd
Original Assignee
China Applied Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Applied Technology Co Ltd filed Critical China Applied Technology Co Ltd
Priority to CN202010308850.3A priority Critical patent/CN111478918B/en
Publication of CN111478918A publication Critical patent/CN111478918A/en
Application granted granted Critical
Publication of CN111478918B publication Critical patent/CN111478918B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The technical scheme of the invention solves the defects of the prior art in safety, reliability, expandability, scale, universality and flexibility. The main design idea is that a background system generates a virtual lock cylinder corresponding to each virtual key of each access control device aiming at each access control device and stores the virtual lock cylinder in the access control device, the virtual lock cylinder can be opened and read only by the combination of the corresponding virtual key and a virtual key patch, and the virtual key patch are generated by the background system and transmitted to a user terminal of an authorized user for storage; the user terminal transmits the virtual key and the virtual key affix to the access control device in a specially designed mode to complete operations of pairing, unlocking and detailed information comparison with the virtual lock cylinder. The whole processing process has the capabilities of preventing falsification, brute force and cracking, information leakage and counterfeiting, and the flexibility and the expandability of lock control are kept.

Description

Device with access control function
The application is a divisional application of a patent with the application date of 2016, 10, 25 and the application number of 201610932849.1, namely a virtual key method and a device, a background system and a user terminal applying the method.
Technical Field
The present invention relates to a technology for operating an access control device, and more particularly, to a technology for securely operating an intelligent access control device having a networking function, a background system, and a terminal.
Background
Techniques used by currently available access control devices include: entity key, password input, ID/IC card identification, RFID card identification, magnetic card identification, two-dimensional code identification, Bluetooth identification, NFC identification, biological characteristic identification (such as human face, fingerprint, iris, palm print and the like) and the like. Besides biological characteristic identification, several technologies of entity key, password input, ID/IC card identification, RFID card identification and magnetic card identification are applied for many years, but the defects of troublesome management (especially when personnel mobility is high), low confidentiality, easy cracking or copying, difficult invalidation after loss and the like exist; two-dimensional codes, bluetooth and NFC are popularized along with popularization of smart phones in recent years, but products or technologies for realizing operation of an access control device by using the smart phones in the prior art are insufficient in safety, reliability, flexibility, expandability, scaleability and universality.
In the previous patent application 201610914471.2, an object access right management method based on virtual key and virtual key package technology, and a corresponding background system, access control device and user terminal are disclosed. However, the disclosed technical scheme is only a general virtual key technical basic framework and does not relate to a security scheme of a virtual key.
Disclosure of Invention
The invention aims to provide a safe, reliable and flexible method for operating a lock command by a virtual key operation access control device, and a device, a background system and a user terminal applying the method.
The method specifically comprises the following steps:
generating and storing a device public key and a device private key of the access control device for the access control device by the background system, delivering the device public key to the access control device for storage, and returning and storing a project domain key;
the background system generates and stores a public key and a private key of a user when the user terminal registers a new user, and the user public key is delivered to the user terminal for storage;
the background system generates a virtual key affix for an access control device needing to generate a virtual key in a virtual key package of a user, wherein the virtual key affix is formed by encrypting a private key of the user by using a device public key corresponding to the access control device;
the virtual key package data transmitted to the user terminal by the background system comprises one or more (device identification, virtual key affix) element groups;
the access control device recognizes that the user terminal approaches from the short-distance input module, receives data related to the virtual key from the user terminal and completes the locking command operation of the virtual key, and the specific steps comprise:
s1, the user terminal approaches the short distance input module of the access control device, and the access control device confirms and starts to receive input;
s2, the user terminal sends the user mark to the access control device;
s3, the access control device receives the user identification and searches whether the key authority record of the user identification exists locally, if not, the operation is terminated;
s4, the access control device sends the device identification, the project domain key and the first time stamp data to the user terminal for authentication;
s5, the user terminal receives the device identifier, the project domain key, and the first timestamp data required for authentication, and finds a corresponding virtual key affix and a virtual key record in the virtual key package of the user, where the virtual key record and the command type form a first key, where the command type includes: unlocking, locking and back locking;
s6, returning an authentication response to the access control device, the response parameters including: step S6-1, calculating a first symmetric key through a hash algorithm pair (a first timestamp, a device identifier, an item domain key and a user identifier), step S6-2, encrypting the first encrypted virtual key data by using the first symmetric key and a symmetric encryption algorithm, and step S6-3, calculating a first signature;
after receiving the authentication response, the access control device of S7 executes the following steps:
s7-1, checking the first signature data, if the signature data do not accord with each other, the operation is terminated;
s7-2, using the private key of the device to decrypt the private key of the user in the virtual key patch, and if the decryption fails, terminating the operation;
s7-3, decrypting the virtual lock cylinder data in the key authority record by using the decrypted user private key to obtain first lock cylinder data, and if decryption fails, terminating the operation;
s7-4, calculating a first symmetric key according to the data including the data related to the virtual key;
s7-5, decrypting the first encrypted virtual key data by using the first symmetric key to obtain first key data, and if the decryption fails, terminating the operation;
s7-6, checking specific parameters in the first lock cylinder data and the first key data, and if the checking is incorrect, terminating the operation;
and S7-7, after all the first key data are checked to be correct, sending a corresponding lock command to the electric lock control interface according to the command type parameter in the first key data, and if no command type parameter is found, sending an unlocking command by default.
The method is applicable to user terminals using NFC near-field communication and bluetooth low energy communication, and only needs to use a corresponding communication protocol and a corresponding message processing flow, which may be referred to as an embodiment in the detailed description. The method can also be realized by other short-distance wireless communication networks or point-to-point wireless communication modes.
The method is not only suitable for common intelligent access control devices, but also suitable for intelligent lock devices with networking functions. In some embodiments, the access control device can be connected and communicated with a vehicle control system to realize the control of opening the door and unlocking the door, thereby realizing safe, flexible and convenient vehicle renting management. The same is true for other movable objects, such as smart lock devices on objects such as safe deposit boxes, safes, etc. In addition, the method may also operate the access control device to perform an anti-lock function.
The technical scheme has the design idea that a background system generates a virtual lock cylinder corresponding to each virtual key of each access control device aiming at each access control device and stores the virtual lock cylinder in the access control device, the virtual lock cylinder can be opened and read only by the combination of the corresponding virtual key and a virtual key patch, and the virtual key patch are generated by the background system and transmitted to a user terminal of an authorized user for storage; the user terminal transmits the virtual key and the virtual key affix to the access control device in a specially designed mode to complete operations of pairing, unlocking and detailed information comparison with the virtual lock cylinder. The data in the whole processing process has the capabilities of preventing falsification, brute force and cracking, information leakage and counterfeiting. At the same time, the flexibility of lock control information is maintained. In addition, when the access control device is temporarily disconnected from the network, the user terminal and the access control device can complete unlocking, locking or back-locking operations, and are not affected by the disconnection of the network. And the data in the access control device does not store the private sensitive information of the user, and the risk of data leakage, falsification and forgery is avoided.
The access control device receives the virtual key updating message from the background system only when the background system has the virtual key aiming at the device to be updated so as to keep the consistency of the data in the device and the background system data. When the virtual key in the virtual key packet of the user changes, the background system sends a virtual key update message to the corresponding access control device, and the virtual key record comprises: authorizers, authorized persons, virtual cylinder data; the access control device updates the virtual key data stored in the device after receiving the virtual key update message.
In order to strengthen the security of transferring the virtual key and the virtual key affix between the user terminal and the access control device, the scheme uses a dynamic time stamp to require the user terminal to encrypt and sign so as to ensure a high level of anti-attack and anti-information leakage capability. The time stamp may be replaced by a pseudo-random number, with equal effect.
In order to increase the encryption strength and the matching precision, the technical scheme also designs the use of a project domain key. The similar access control devices deployed in the same project domain all have the same project domain description, the project domain description comprises a project domain key, and the key is generated by a background system and is sent to the access control device for storage and use. The method can enhance the data security during data transmission and facilitate the user terminal to manage the virtual key packet. In different embodiments, a project domain description of a specific format may also be used to indicate that different encryption/decryption algorithms, public-private key pair strengths, and hashing algorithms are used, highlighting the scalability of this scheme.
The invention does not limit what kind of asymmetric encryption and decryption algorithm and key strength are used, and the invention only needs to support the asymmetric encryption and decryption algorithm of the public and private key pair and meet the requirements of the application scene on safety and performance. In general, RSA, ECC, SM2 may be used.
In implementation, the hash algorithm may also be selected from commonly used algorithms such as MD5, SHA1, SHA256, SM3, etc., as needed. The signature algorithm may be a hash algorithm, or in a less demanding scenario, CRC32 or even CRC16 may be used.
In practice, the symmetric encryption algorithm recommends the use of an algorithm such as AES-128, AES-192 or AES-256.
In the above step S7-6, the first cylinder data and the first key data each include: validity period, type includes: the preparation method is not limited to one time and is only once every day in the validity period. This is where virtual key technology is more flexible, convenient and extensible than physical keys or physical cards. More flexible and convenient authorization modes can be designed in implementation to meet the requirements of users and markets, and more field data and subsequent processing can be added to enhance the safety.
For the virtual key only used once, after unlocking, the access control device removes the record from the key authority table and sends a first notification message to the background system, wherein the message parameters comprise device identification, user identification and time. And the background system receives the first notification message from the access control device, records the first notification message in a log, updates the state data of the corresponding virtual key in the virtual key packet of the user, and then sends the updated virtual key data to the user terminal through a second notification message. And the user terminal receives a second notification message from the background system and updates the locally stored virtual key data.
In different embodiments, the user terminal may be an intelligent device with different communication modules, display modes, and interaction modes, such as a smart phone, a tablet computer, a smart watch, a vehicle-mounted device, smart glasses, a smart robot, and the like.
A second object of the present invention is to provide a method for unlocking a medium using a bluetooth accessory device as a virtual key, and an access control device, a background system, and a user terminal applying the method. The specific method comprises the following steps:
the access control device with the low-power-consumption Bluetooth module further comprises an accessory authority list, wherein an accessory list which can be used for the access control device to unlock the electric lock is recorded, and each record content comprises: the accessory identification, the second timestamp, the virtual accessory lock cylinder data encrypted by using the symmetric encryption algorithm and the second signature data are sent to the access control device in a mode of receiving a virtual key updating message sent by the background system and are stored; the access control device communicates with a Bluetooth accessory device close to the access control device through Bluetooth wireless connection to obtain a Bluetooth address identifier of the Bluetooth accessory device; checking the received Bluetooth address identifier in an accessory authority list, wherein the steps comprise:
b1, converting the Bluetooth address identifier into an accessory identifier;
b2, searching whether a corresponding attachment authority record exists in the attachment authority list by using the attachment identification, and if not, checking to terminate;
b3, taking out a second time stamp in the attachment authority record;
b4, calculating the private key fingerprint of the device by using a data fingerprint algorithm;
b5, calculating a second symmetric key using a hash algorithm pair (second timestamp, device identification, accessory identification, item domain key, device private key fingerprint);
b6, decrypting the virtual accessory lock cylinder data in the accessory authority record by using the second symmetric key to obtain accessory lock cylinder data;
b7, carrying out signature calculation according to the data (the second timestamp, the device identifier, the accessory lock cylinder data, the project domain key and the device private key fingerprint) to obtain a second verification signature;
b8, checking the second verification signature with the second signature data in the attachment authority record, and terminating if the check is not in accordance;
b9, checking the valid period time and the state in the accessory lock cylinder data, wherein the state comprises the following steps: effective and ineffective;
b10, if the valid period is within and the state is valid, the verification is successful, and an unlocking command is sent to the electric lock control interface; and if the type in the accessory lock cylinder data is only one-time type, after unlocking is finished, the access control device removes the accessory authority record from the accessory authority table and sends a first notification message to the background system, wherein the message parameters comprise device identification, user identification and time.
The method for generating the virtual key update message required by the accessory device by the background system comprises the following steps: the authorized person information in the virtual key record comprises identification information of the short-distance wireless accessory device bound by the user at the user terminal, namely an accessory identification, and the virtual key updating message also comprises a second timestamp, virtual accessory lock cylinder data encrypted by using a symmetric encryption algorithm and second signature data; the second time stamp is dynamically generated by the background system; the virtual accessory lock cylinder data is formed by encrypting a second symmetric key, and the second symmetric key is obtained by calculating a hash algorithm pair (a second timestamp, an access control device identifier, an accessory identifier, an item domain key and a device private key fingerprint); and the second signature data is obtained by performing signature algorithm calculation according to the data (the second timestamp, the device identifier, the accessory lock cylinder data, the project domain key and the device private key fingerprint). The device private key fingerprint is a hash calculation of the payload data of the device private key. The algorithm solves the problem that the Bluetooth accessory device cannot store and transmit the encrypted user private key, and has higher safety.
For the access control device receiving the virtual key update message, if the authorizer of the received virtual key is the virtual key user, the authorizer information in the virtual key record includes the identification information of the short-distance wireless accessory device bound by the user at the user terminal, namely the accessory identification, and meanwhile, the virtual key update message also includes a second timestamp, virtual accessory lock cylinder data encrypted by using a symmetric encryption algorithm, and second signature data; and when the access control device receives the virtual key updating message of the type, the access control device updates the related data to the accessory authority table.
The technical scheme solves the problem that a user can wear a Bluetooth wearable device bound with authorization in advance because the user does not temporarily carry a mobile phone, such as a bracelet, a watch and other portable devices. However, in general, these bluetooth devices cannot be reprogrammed to implement the communication method (the method of dynamically transferring the virtual key and performing verification) in the previous technical solution of the present invention, and as a compromise, this technical solution selects a method of converting the bluetooth address of the bluetooth accessory device into an accessory identifier and generating corresponding virtual accessory cylinder data for it. Although the method does not use an asymmetric encryption and decryption algorithm, the security is slightly low, but the method is simple, convenient and easy to implement for users and has low cost.
In specific implementation, the technical scheme can also be used for binding the existing NFC compatible format ID card in the general format with the user account, but does not suggest to do so, and after all, the technical scheme has the problems and risks of troublesome management and easy copying.
Generally, the invention provides a safe, reliable, convenient, intelligent and large-scale popularization virtual key technical scheme.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a system block diagram of a backend system in one embodiment;
FIG. 2 is a system block diagram of an access control device in one embodiment;
FIG. 3 is a system block diagram of a user terminal in one embodiment;
FIG. 4 is a schematic diagram of a process for generating a virtual lock cylinder and a virtual key pad by a backend system according to an embodiment;
FIG. 5 is a diagram illustrating data processing performed by the access control device and the user terminal when an unlocking operation is performed through NFC or Bluetooth communication in one embodiment (note: the signature verification process is omitted);
FIG. 6 is a schematic diagram of a process for a backend system to generate a second virtual lock cylinder set, a second signature, in one embodiment;
FIG. 7 is a diagram illustrating data processing performed by a Bluetooth accessory device between an access control device and a user terminal to perform an unlocking operation in one embodiment;
FIG. 8 is a timing diagram illustrating an operation of a user terminal unlocking an access control device via NFC according to an embodiment;
fig. 9 is a timing diagram illustrating a user terminal completing an unlocking operation of the access control device via bluetooth in one embodiment.
Detailed Description
The following description is presented to enable any person skilled in the art to make and use the embodiments, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present disclosure. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
The data structures and code described in the detailed description are typically stored on a computer-readable storage medium, which can be any device or medium that can store code and/or data for use by a computer system. Computer-readable storage media include, but are not limited to, volatile memory, non-volatile memory, magnetic storage devices, and optical storage devices (e.g., disk drives, magnetic tape, CDs (compact discs), DVDs (digital versatile discs or digital video discs), or other media capable of storing code and/or data now known or later developed.
The methods and processes described in the detailed description section can be implemented as code and/or data, which can be stored in a computer-readable storage medium as described above. When a computer system reads and executes the code and/or data stored on the computer-readable storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the computer-readable storage medium.
Also, the methods and processes described herein can be embodied within hardware modules or devices. These modules or devices may include, but are not limited to, an Application Specific Integrated Circuit (ASIC) chip, a Field Programmable Gate Array (FPGA), a dedicated or shared processor that executes a particular software module or piece of code at a particular time, and/or other programmable logic devices now known or later developed. When activated, the hardware modules or devices perform the methods and processes contained within them.
FIG. 1 illustrates a backend system 100 according to one embodiment. The background system 100 may correspond to a server, a cluster, a service program running on a virtual machine, and a service program running in a cloud system container, where each module may also be a server, a cluster, a service program running on a virtual machine, and a service program running in a cloud system container. Referring to fig. 1, the user service module 101 processes a request from a user terminal 300: registration request processing 133, registration request processing 132, and virtual key-related request processing 131. When the virtual key data is updated, the message processing module 105 sends a virtual key update message to the access control device 200, and the new virtual key data is also returned to the user terminal 300. The user service module 101 accesses the access control device table 122 through the global object access service 111 interface access object access authority table 125 and the project domain information access service 110 interface access control device table. The user's virtual key package and virtual key data are stored in the user key package 126 database, while the user account database 127 only stores data relevant for user login; all operations for the user account and virtual key package, virtual key, are recorded in the database user access log 128. The system management module 104 manages and monitors the system-wide running status of the backend system 100, and particularly, the system management module 104 manages the starting and running of a plurality of instances of the project domain management module 102, wherein the instances are isolated and independent from each other without interference and influence, and the database between the instances is also isolated and independent. Each project domain manager logs in the background management 130 of the project domain through the project domain manager terminal 199 to complete the entry and editing management of the object owner information 120, the object information 121, and the access control device table 122. The information in the access control device table includes: area number, device hardware identification, device type, associated device list, device installation information, which should be entered when installing and configuring the access control device. The global project domain information summarization 136 service is used to automatically summarize data in different instances of the project domain management module 102, and the summarized results are stored in the object access permission table 125.
The global object access service module 103 further includes a device public/private key table 129 that records public and private keys of all service control devices, where the public and private keys are generated by the background system after the devices are successfully registered, and return the device private key to the access control device. The global object access service 111 provides access operations to other modules of the backend system to include the device public and private key table 129.
The user account 127 is also used to store the user's public and private keys, which are generated by the back-end system at the time of user registration and return the user's public key to the user terminal.
In the embodiment shown in fig. 1, a system administrator of the backend system 100 uses a system administrator terminal 198 to log in the system management module 104 for system level management and maintenance.
In some embodiments, the manager of the community property service company inputs the house information, owner information, building information, and entrance guard equipment information of the community into the corresponding background management operation interface of the community.
In some embodiments, the manager serving the apartment enters the house information, the floor information and the intelligent lock device information of the apartment in the background management operation interface corresponding to the apartment project.
In some embodiments, a manager of a car rental company inputs car information and intelligent car lock device information in a corresponding background management operation interface of the company.
In some embodiments, the project domain management module also implements device, manager monitoring 137. Each project domain manager can complete the entry and editing management of the manager identification information 123 and the object partition number list 124 by the project domain manager logging in the background management 130 of the project domain through the terminal 199. This information is also automatically summarized into the object access rights table 125.
In some embodiments, the manager of the community property service company also inputs property service personnel information, building partition information and property service personnel partition service information of the community into the corresponding background management operation interface of the community.
In some embodiments, a manager serving an apartment enters information such as management and service personnel information, partition authority and the like of the apartment in a background management operation interface corresponding to an apartment project.
In some embodiments, the virtual key record includes: authorizer, authorizee, authorization validity period, authorization type, access control device information of authorized access. According to the embodiment of different application scenes, richer virtual key record information can be designed to meet the requirements of the application scenes. For example, in some embodiments, a single access control device may manage and control a group of multiple safe deposit boxes, in which case the opening of a particular sub-safe deposit box may be controlled by simply adding the number of the sub-box to the virtual key record for verification.
Fig. 2 illustrates an access control device 200 according to an embodiment. The access control device 200 may be implemented as various access devices, various smart locks, and various entry and exit gates. Referring to fig. 2, the central processing unit 212 is responsible for controlling and managing the operation of all the processing units of the processor 201. The network module 204 is used for connecting the access control device 200 to the backend system 100, and after the login to the backend system 100 is completed through the login registration processing unit 204, the service of the backend system 100 can be accessed, and the virtual key update message from the backend system 100 is received. If the virtual key update message from the background system 100 is received, the message processing unit 213 delivers the message to the virtual key processing unit 210 for processing, and the virtual key processing unit 210 verifies the message first and updates the message to the virtual key library encrypted and stored in the device local storage 202 after the verification is successful. The input module 203 receives the data related to the virtual key from the user terminal 300, the received data related to the virtual key is sent to the input identification processing unit 211 for processing, and the identification and processing are completed, and then the virtual key processing unit 210 performs further checksum processing. If the received data related to the virtual key passes the verification, the central processing unit 212 sends a lock command to the electric lock control interface 205 to drive the electric lock 299 to perform the operation of the lock command.
In some embodiments, the input module comprises: NFC near field communication unit, low-power consumption bluetooth communication unit, two-dimensional code scanning unit.
Fig. 3 illustrates a user terminal 300 according to an embodiment. The user terminal 300 may be various mobile terminals, smart phones, tablet computers, notebook computers, smart watches, smart glasses, vehicle-mounted computers, and the like. Referring to fig. 3, the central processing unit 313 is responsible for controlling and managing the operation of all the processing units of the processor 301. The network module 303 is used for the user terminal 300 to connect to the backend system 100, and after completing the login to the backend system 100 through the login registration processing unit 316, the user terminal can access the service of the backend system 100 and receive the virtual key update message from the backend system 100. If the virtual key update message from the background system 100 is received, the message processing unit 314 delivers the message to the virtual key processing unit 311 for processing, and the virtual key processing unit 311 verifies the message first, and updates the message to the virtual key library encrypted and stored in the device local storage 302 after the verification is successful. The input module 305 receives an operation input of a user, the output module 304 outputs a feedback to the user, the user interaction processing unit 315 completes interaction with the user through the input module 305 and the output module 304, such as interaction operations of selection and viewing of a virtual key package, member management, management and addition authorization of a virtual key, and then sends a virtual key request to the background system 100 through the virtual key processing unit 311, the virtual key request unit 312, the network connection processing unit 317, and the network module 303. After logging in to the background system 100, the saved virtual key package data is decrypted from the local storage 302, and if not found, a request for obtaining the virtual key package is sent to the background system 100. The short-range communication module 306 can transmit the virtual key data to the access control device 200 to perform the lock command operation.
In some embodiments, the short-range communication module 306 includes an NFC near-field communication unit, a bluetooth low energy communication unit. The short-range communication processing unit 319 is responsible for processing the connection and communication of these short-range communications.
In some embodiments, the binding with the short-range wireless accessory device 399 may be accomplished via the user interaction processing unit 315, the accessory processing unit 310, and the short-range communication module 306, and then the add virtual key request may be sent to the background system 100 via the virtual key unit 311, the virtual key request unit 312, authorizing the short-range wireless accessory device to perform a virtual key unlock operation.
In some embodiments, the virtual key may be output to the display screen through the output module 304 in the form of a two-dimensional code for recognition by the two-dimensional code recognition unit of the access control device 200 or after being photographed by the camera unit.
Fig. 4 presents a schematic diagram illustrating a process for generating a virtual lock cylinder, virtual keymat by a backend system according to an embodiment.
First, for the existing virtual key record, the items used for checking and checking are extracted, these items include (validity period, type), and the first lock cylinder is formed (step 400). The authorized person information in the virtual key record is then used to retrieve from the user account 127 database the user public key and the user private key of the user authorized to use the virtual key (step 402). The first lock core data is then encrypted using an asymmetric encryption algorithm using the user public key just obtained as the key (step 404). The encrypted result forms a virtual lock cylinder (step 406).
Next, the global object access service 111 is called using the device information in the virtual key record (step 410), and the device public key is acquired (step 412). The user private key obtained at step 402 is encrypted using the device public key just obtained as a key with an asymmetric encryption algorithm (step 414). The encryption results in the formation of a virtual key (step 416).
Each time there is a change in the virtual key record in the back-end system, the virtual lock cylinder and virtual key affix (if there is a change in device information) need to be regenerated. The updated virtual cylinder data is sent to the access control device 200 by the back-office system 100 in a virtual key update message. The virtual key typically is part of a user virtual key package and is returned to the user terminal 300 when the user terminal 300 sends a request to the background system 100 to obtain the virtual key package.
Fig. 5 is a schematic diagram illustrating data processing performed when the unlocking operation is completed through NFC or bluetooth communication between the access control device and the user terminal according to an embodiment (note: the signature verification process is omitted because the signature verification process itself is verified during NFC or bluetooth communication, and a simple verification value is calculated by using a common CRC16 or CRC32 algorithm during implementation, so that the response time of the user terminal to the NFC command can be saved). Referring to fig. 5:
step S1, the user terminal approaches the short distance input module of the access control device, and the access control device confirms and starts to receive input;
step S2, the user terminal sends the user mark to the access control device;
step S3, the access control device receives the user identification and searches whether there is the key authority record of the user identification locally, if not, the operation is terminated;
step S4, the access control device sends the device identification, project domain key and first time stamp data to the user terminal for authentication;
step S5, the user terminal receives the device identifier, the project domain key, and the first timestamp data required for authentication, and finds a corresponding virtual key affix and a virtual key record in the virtual key package of the user, where the virtual key record and the command type form a first key, where the command type includes: unlocking, locking and back locking;
step S6, an authentication response is returned to the access control device, and the response parameters include: step S6-1, calculating a first symmetric key through a hash algorithm pair (a first timestamp, a device identifier, an item domain key and a user identifier), and step S6-2, encrypting the first encrypted virtual key data by using a symmetric encryption algorithm on the first key through the first symmetric key; step S6-3 calculating a first signature;
in step S7, after receiving the authentication response, the access control device executes the following steps:
step S7-1, checking the first signature data, if the signature data do not conform, the operation is terminated (the step is not shown in the figure);
step S7-2, using the private key of the device to decrypt the private key of the user in the virtual key patch, and if the decryption fails, terminating the operation;
step S7-3, decrypting the virtual lock core data in the key authority record by using the decrypted user private key to obtain first lock core data, and if decryption fails, terminating the operation;
step S7-4, calculating a first symmetric key according to data including data related to the virtual key;
step S7-5, decrypting the first encrypted virtual key data by using the first symmetric key to obtain first key data, and if the decryption fails, terminating the operation;
step S7-6, checking specific parameters in the first lock cylinder data and the first key data, and if the checking is incorrect, terminating the operation;
and step S7-7, after all the first key data are checked to be correct, sending a corresponding lock command to the electric lock control interface according to the command type parameter in the first key data, and if no command type parameter is available, sending an unlocking command by default.
In some embodiments, no command type may be added to the first key in step S5, so that only an unlocking operation is possible. In some embodiments, the interactive interface on the user terminal 300 may specify whether to unlock or lock or unlock the user terminal 300 next to the access control device 200.
FIG. 6 presents a process diagram illustrating a background system generating a virtual accessory lock cylinder and a second signature for a Bluetooth accessory device in accordance with one embodiment.
First, for the existing virtual key record, the items used for verification and check are extracted, these items include (validity period, type), and the accessory lock cylinder is formed (step 600). A second timestamp is then generated (step 602). The fingerprint of the device private key is then computed using a data fingerprinting algorithm, resulting in a device private key fingerprint (step 604). Then, in step 606, a hash value of (second timestamp, device identification, accessory identification entry domain key, device private key fingerprint) is calculated, wherein the accessory identification is derived from the authorizer information in the virtual key. The result of the calculation of step 606 is a second symmetric key (step 608). The accessory cylinder data is encrypted using a symmetric encryption algorithm with the second symmetric key as the key (step 610). The result of the encryption is a virtual accessory cylinder (step 612). Then the signature data is computed and at step 614 the signature computation is performed on (second timestamp, device identification, accessory cylinder second cylinder, project domain key, device private key fingerprint). The result of the computation is a second signature (step 616).
Fig. 7 presents a process diagram illustrating an access control device receiving a user unlocking operation using a bluetooth accessory device in accordance with one embodiment. Firstly, the access control device finds that the Bluetooth accessory device is close to the access control device, and after entering a certain distance range, the access control device carries out the following processing steps:
b1, converting the Bluetooth address identifier of the Bluetooth accessory device into an accessory identifier;
b2, searching whether a corresponding attachment authority record exists in the attachment authority list by using the attachment identification, and if not, checking to terminate;
b3, taking out a second time stamp in the attachment authority record;
b4, calculating the private key fingerprint of the device by using a data fingerprint algorithm;
b5, calculating a second symmetric key using a hash algorithm pair (second timestamp, device identification, accessory identification, item domain key, device private key fingerprint);
b6, decrypting the virtual accessory lock cylinder data in the accessory authority record by using the second symmetric key to obtain accessory lock cylinder data;
b7, carrying out signature calculation according to the data (the second timestamp, the device identifier, the accessory lock cylinder data, the project domain key and the device private key fingerprint) to obtain a second verification signature;
b8, checking the second verification signature with the second signature data in the corresponding record, and terminating if the checking is not consistent;
b9, checking the valid period time and the state in the accessory lock cylinder data, wherein the state comprises the following steps: effective and ineffective;
b10, if the valid period is within and the state is valid, the verification is successful, and an unlocking command is sent to the electric lock control interface; and if the type in the accessory lock cylinder data is only one-time type, after unlocking is finished, removing the record from the accessory authority list by the device and sending a first notification message to the background system, wherein the message parameters comprise device identification, user identification and time.
Fig. 8 is a schematic diagram illustrating a process of an access control device performing an unlocking operation through NFC communication with a user terminal according to an embodiment. Referring to FIG. 8, the steps therein can be seen in contrast to the steps in FIG. 5. The difference is mainly that fig. 5 is a processing flow based on a data structure, and fig. 8 is a processing flow when NFC communication is specifically used.
First, after the access control device 200 is started, the input recognition unit 211 finds that the NFC communication unit is in the input module 203, and starts the card reader mode of the NFC HCE mode to wait for recognizing that the user terminal 300 subjected to the NFC card simulation approaches. When the user terminal 300 having the NFC card emulation is found to be in proximity to the access control device 200, an NFC command SELECT FILE APDU is sent to the user terminal 300. Note that: for related NFC APDU commands, see ISO-IEC-7816-4 specification, and for NFC HCE mode, see ISO 14443-4 specification.
On the side of the user terminal 300, the short-range communication processing unit 319 has an NFC card emulation processing program for processing an NFC command received from the NFC communication unit in the short-range communication module 306. In an embodiment, only SELECT FILE and INTERNAL AUTHENTICATE commands from access control terminal 200 are processed.
After the user terminal 300 has executed step S6, the access control terminal 200 starts the respective substeps of step S7.
Fig. 9 is a schematic diagram illustrating a process of an access control device performing an unlocking operation with a user terminal through bluetooth communication according to an embodiment. Referring to FIG. 9, the steps therein can be seen in contrast to the steps in FIG. 5. The difference is that fig. 5 is a process flow based on a data structure, and fig. 9 is a process flow when bluetooth communication is used specifically.
First, when the access control device 200 is activated, the input recognition unit 211 finds that there is a bluetooth low energy communication unit in the input module 203, and then the bluetooth enabled peripheral mode waits for the user terminal 300 that also uses bluetooth communication to approach and connect. When the user approaches the access control device 200, the user terminal 300 is opened, and the bluetooth unlocking is started through the interactive operation. The bluetooth processing program in the short-range communication processing unit 319 in the user terminal 300 searches whether there is a bluetooth peripheral (attached to the access control device 200) of a specified type in the vicinity, and inquires whether there is a custom bluetooth virtual key unlocking service after the search (step S1), and if so, the connection is successful. The customized Bluetooth virtual key unlocking service is a Bluetooth service defined by the embodiment, and provides a series of read/write services with customized attributes. Then, the user terminal 300 transmits a command to write the user identification attribute (step S2). The access control device 200 checks whether a record of the user identifier exists after receiving the user identifier (step S3), and if not, returns an error response, otherwise, returns a success response. After receiving the success response, the user terminal 300 transmits a read authentication credential attribute command to the access control apparatus 200 (step S4); the access control device 200 then calculates a time stamp and returns the attribute data (device identification, project domain key, time stamp) requested by the user terminal 300; the subsequent steps are substantially the same as the processing flow in fig. 5, except that the communication is realized by using the bluetooth write attribute.
It will be appreciated by those skilled in the art that the components of the apparatus and steps of the method provided in the embodiments of the invention described above may be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented in program code executable by a computing device. Thus, they may be stored in a memory device for execution by a computing device, or they may be separately fabricated as individual integrated circuit modules, or multiple modules or steps thereof may be fabricated as a single integrated circuit module for implementation. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention, but should not be taken as limiting the scope of the invention, which is defined by the appended claims.

Claims (7)

1. An apparatus having an access control function, comprising:
the device generates and returns a device private key of the device by a background system after the device is registered in the background system through a network;
the key authority table records a virtual lock cylinder corresponding to a virtual key which can be used for unlocking by the device, and each record content comprises: user identification, virtual lock cylinder data encrypted by using a user public key;
an input module for receiving virtual key related data from a user terminal, the virtual key related data comprising: the system comprises a user identifier, a virtual key affix, first encrypted virtual key data and first signature data; the virtual key affix is formed by encrypting a user private key by using a device public key corresponding to the access control device by the background system, and the first encrypted virtual key data is the virtual key data encrypted by using a symmetric encryption algorithm by the user terminal;
the processor is configured to check the virtual key and the virtual lock cylinder after receiving the data related to the virtual key;
the electric lock control interface controls the electric lock to unlock if an unlocking command is received after the virtual key and virtual lock cylinder checking process is successful, controls the electric lock to lock if a locking command is received, and controls the electric lock to reversely lock if a reverse locking command is received;
the processor is further configured to process a virtual key update message from the background system, updating the key authority table according to the message parameters.
2. The apparatus of claim 1, wherein the step of checking the virtual key against the virtual key cylinder comprises:
whether a key authority record corresponding to the user identification exists in a key authority table or not is judged, and if not, the checking is terminated;
verifying the first signature data, and terminating the verification if the verification fails;
decrypting the virtual key by using the private key of the device to obtain a private key of the user, and terminating verification if decryption fails;
fourthly, the decrypted user private key is used for decrypting the virtual lock cylinder data in the key authority record to obtain first lock cylinder data, and if decryption fails, checking is stopped;
calculating a first symmetric key according to data including the data related to the virtual key, decrypting the first encrypted virtual key data to obtain first key data, and terminating the verification if the decryption fails;
checking specific parameters in the first lock cylinder data and the first key data, stopping checking if the checking is incorrect, sending a corresponding locking command to the electric lock control interface according to command type parameters in the first key data after the checking is successful, and sending an unlocking command by default if no command type parameters exist.
3. The device of claim 2, wherein the input module comprises a short-range wireless communication unit, and the short-range wireless communication comprises bluetooth low energy communication and NFC near field communication.
4. The apparatus of claim 2, wherein, after successful registration in the background system, a project domain description of the apparatus is further received from the background system and saved, the project domain description having the same project domain description as all apparatuses deployed in the same project domain, the project domain description including a project domain key.
5. The apparatus of claim 2, wherein the first cylinder data and the first key data each comprise: validity period, type includes: the number of times is not limited, the time is limited to one, and the time is once per day in the validity period; and comparing and checking the validity period and the type in the first lock cylinder data and the first key data when checking.
6. The device of claim 5, wherein if the check is passed and the type in the first cylinder data is one-time only type, the device removes the record from the key authority table and sends a first notification message to the background system, wherein the message parameters comprise device identification, user identification and time.
7. The device of claim 1, wherein after receiving the virtual key update message from the background system, it is determined according to the message parameter that the virtual key update message of the accessory is received, and the accessory permission table is updated.
CN202010308850.3A 2016-10-25 2016-10-25 Device with access control function Active CN111478918B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010308850.3A CN111478918B (en) 2016-10-25 2016-10-25 Device with access control function

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010308850.3A CN111478918B (en) 2016-10-25 2016-10-25 Device with access control function
CN201610932849.1A CN106603484B (en) 2016-10-25 2016-10-25 Virtual key method, device applying same, background system and user terminal

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201610932849.1A Division CN106603484B (en) 2016-10-25 2016-10-25 Virtual key method, device applying same, background system and user terminal

Publications (2)

Publication Number Publication Date
CN111478918A CN111478918A (en) 2020-07-31
CN111478918B true CN111478918B (en) 2022-04-12

Family

ID=58556360

Family Applications (4)

Application Number Title Priority Date Filing Date
CN202010308848.6A Active CN111478917B (en) 2016-10-25 2016-10-25 Background system for providing network service for access control device and user terminal
CN201610932849.1A Active CN106603484B (en) 2016-10-25 2016-10-25 Virtual key method, device applying same, background system and user terminal
CN202010308849.0A Active CN111464556B (en) 2016-10-25 2016-10-25 Portable user terminal
CN202010308850.3A Active CN111478918B (en) 2016-10-25 2016-10-25 Device with access control function

Family Applications Before (3)

Application Number Title Priority Date Filing Date
CN202010308848.6A Active CN111478917B (en) 2016-10-25 2016-10-25 Background system for providing network service for access control device and user terminal
CN201610932849.1A Active CN106603484B (en) 2016-10-25 2016-10-25 Virtual key method, device applying same, background system and user terminal
CN202010308849.0A Active CN111464556B (en) 2016-10-25 2016-10-25 Portable user terminal

Country Status (1)

Country Link
CN (4) CN111478917B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111478917B (en) * 2016-10-25 2022-04-15 上海秋庚咨询管理有限公司 Background system for providing network service for access control device and user terminal
CN107103227B (en) * 2017-06-02 2019-12-03 广东汇泰龙科技有限公司 A kind of method and its system of the pattern unlock verifying based on cloud lock
CN107426178A (en) * 2017-06-13 2017-12-01 上海奥宜电子科技有限公司 A kind of data managing method and system of virtual key
CN107370733A (en) * 2017-07-18 2017-11-21 电子科技大学 A kind of intelligent lock management method based on Rijndael and ECC Hybrid Encryptions
CN108055124A (en) * 2017-11-15 2018-05-18 吕锋 Lock administration system and lock management method
CN109936833B (en) * 2017-12-15 2021-08-13 蔚来(安徽)控股有限公司 Vehicle virtual key generation and use method and system and user terminal
CN108985977B (en) * 2018-07-18 2022-02-11 石伟男 Property intelligent supervision and management system
CN111599041B (en) * 2020-03-31 2022-03-08 杭州龙纪科技有限公司 Safe unlocking method and system of intelligent door lock
CN111815811B (en) * 2020-06-22 2022-09-06 合肥智辉空间科技有限责任公司 Electronic lock safety coefficient
CN111784883B (en) * 2020-07-20 2022-05-24 深圳可信物联科技有限公司 Intelligent lock configuration method and system
CN111935302B (en) * 2020-08-20 2023-01-31 捷德(中国)科技有限公司 Key management device, method and equipment
CN112102529B (en) * 2020-09-25 2022-05-20 无锡职业技术学院 Power facility protection system based on passive intelligent lock and execution process thereof
CN112396735B (en) * 2020-11-27 2022-09-02 昕培科技(北京)有限公司 Internet automobile digital key safety authentication method and device
CN113823018A (en) * 2021-09-30 2021-12-21 重庆长安汽车股份有限公司 Method and system for unlocking and starting vehicle based on external voice system
CN113920625B (en) * 2021-10-18 2022-10-28 安徽江淮汽车集团股份有限公司 Vehicle NFC key authentication method
CN113781682A (en) * 2021-10-22 2021-12-10 上海瓶钵信息科技有限公司 Reliable failure method and system for off-line digital key

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201037941Y (en) * 2007-03-20 2008-03-19 上海鼎松信息技术有限公司 Electronic lock system by using public key system to verify digital signature
CN103946898A (en) * 2011-11-22 2014-07-23 三菱电机株式会社 Electronic key system, and lock-side terminal and portable terminal employed in the same
CN104574593A (en) * 2014-12-24 2015-04-29 浙江银江研究院有限公司 Virtual key based on Bluetooth communication as well as anti-theft lock system and application method thereof
CN104933793A (en) * 2015-06-11 2015-09-23 宁波飞拓电器有限公司 Two-dimension code electronic key implementation method based on digital signature
CN105871874A (en) * 2016-04-27 2016-08-17 武汉市国扬科技有限公司 Mobile Internet virtual key authorizing system and hardware door lock control method thereof
JP2016529841A (en) * 2013-08-27 2016-09-23 クアルコム,インコーポレイテッド Owner access point for controlling entrance unlocking
CN106603484A (en) * 2016-10-25 2017-04-26 雷飏 Virtual key method and apparatus using the same, background system, and user terminal

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI20002255A (en) * 2000-10-13 2002-04-14 Nokia Corp A method for controlling and controlling locks
CN101465728A (en) * 2008-12-17 2009-06-24 成都市华为赛门铁克科技有限公司 Method, system and device for distributing cipher key
US8825011B2 (en) * 2008-12-19 2014-09-02 Tecore, Inc. Intelligent network access control
CN101944996B (en) * 2010-07-09 2012-11-21 北京海泰方圆科技有限公司 Button type ekey and method for prefabricating certificate for ekey
KR20120129140A (en) * 2011-05-19 2012-11-28 나예룡 System for managing entrance of room using virtual key and method therefor
CN103108245B (en) * 2011-11-15 2016-09-28 中国银联股份有限公司 A kind of intelligent television pays cipher key system and method for payment based on intelligent television
AT513016B1 (en) * 2012-06-05 2014-09-15 Phactum Softwareentwicklung Gmbh Method and device for controlling a locking mechanism with a mobile terminal
CN103914901B (en) * 2014-03-27 2017-12-29 惠州Tcl移动通信有限公司 A kind of method for unlocking and unlocking system
CA2892113C (en) * 2014-05-20 2022-11-08 Tyco Safety Products Canada Ltd. Dual access level security system and method
CN104966336B (en) * 2015-05-29 2020-01-17 深圳光启智能光子技术有限公司 Intelligent lock and authorization management method and device of intelligent lock
CN105069876B (en) * 2015-08-04 2018-06-22 珠海格力电器股份有限公司 The method and system of intelligent entrance guard control
CN105389870A (en) * 2015-10-28 2016-03-09 广州畅联信息科技有限公司 Entrance guard management method and system
CN105488887A (en) * 2015-12-28 2016-04-13 慧锐通智能科技股份有限公司 Entrance guard access control method
CN105788047B (en) * 2016-03-30 2018-12-14 北京千丁互联科技有限公司 A kind of control of bluetooth access equipment, control of bluetooth access management system and method
CN105915344B (en) * 2016-04-15 2019-03-22 重庆金瓯科技发展有限责任公司 A kind of electron key shared service system for house lease

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201037941Y (en) * 2007-03-20 2008-03-19 上海鼎松信息技术有限公司 Electronic lock system by using public key system to verify digital signature
CN103946898A (en) * 2011-11-22 2014-07-23 三菱电机株式会社 Electronic key system, and lock-side terminal and portable terminal employed in the same
JP2016529841A (en) * 2013-08-27 2016-09-23 クアルコム,インコーポレイテッド Owner access point for controlling entrance unlocking
CN104574593A (en) * 2014-12-24 2015-04-29 浙江银江研究院有限公司 Virtual key based on Bluetooth communication as well as anti-theft lock system and application method thereof
CN104933793A (en) * 2015-06-11 2015-09-23 宁波飞拓电器有限公司 Two-dimension code electronic key implementation method based on digital signature
CN105871874A (en) * 2016-04-27 2016-08-17 武汉市国扬科技有限公司 Mobile Internet virtual key authorizing system and hardware door lock control method thereof
CN106603484A (en) * 2016-10-25 2017-04-26 雷飏 Virtual key method and apparatus using the same, background system, and user terminal

Also Published As

Publication number Publication date
CN111478917A (en) 2020-07-31
CN111464556A (en) 2020-07-28
CN106603484A (en) 2017-04-26
CN111478918A (en) 2020-07-31
CN111464556B (en) 2022-12-30
CN111478917B (en) 2022-04-15
CN106603484B (en) 2020-09-25

Similar Documents

Publication Publication Date Title
CN111478918B (en) Device with access control function
US11694498B2 (en) Access control system with virtual card data
US8689013B2 (en) Dual-interface key management
CN107004316B (en) Access control system with automatic mobile credential granting service handoff
CN107113175B (en) Multi-user strong authentication token
CN107004314B (en) Remote programming for access control systems using virtual card data
US20140365781A1 (en) Receiving a Delegated Token, Issuing a Delegated Token, Authenticating a Delegated User, and Issuing a User-Specific Token for a Resource
EP4081921B1 (en) Contactless card personal identification system
CN109448197A (en) A kind of cloud intelligent lock system and key management method based on multi-enciphering mode
US20070223685A1 (en) Secure system and method of providing same
EP1536306A1 (en) Proximity authentication system
KR20160048203A (en) System for accessing data from multiple devices
US20150169860A1 (en) Security key using multi-otp, security service apparatus, security system
CN106534080B (en) Object access right management method, corresponding background system, device and user terminal
US10372440B1 (en) Tokenized mobile device update systems and methods
CN110182171A (en) Digital car key system and vehicle based on block chain technology
WO2013102152A1 (en) Secure mechanisms to enable mobile device communication with a security panel
CN106572098B (en) Two-dimensional code type virtual key method
US11714627B2 (en) Tokenized mobile device update systems and methods
EP2356637A1 (en) Card credential method and system
CN107070663B (en) Mobile terminal-based field authentication method and field authentication system
WO2007092429A2 (en) Secure system and method for providing same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220323

Address after: 230601 12th floor, building e, intelligent equipment science and Technology Park, 3963 Susong Road, Hefei Economic and Technological Development Zone, Anhui Province

Applicant after: CHINA APPLIED TECHNOLOGY Co.,Ltd.

Address before: 2109, block B, world Olympic International Center, 101 Shaoyaoju Beili, Chaoyang District, Beijing 100029

Applicant before: Lei Yang

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A device with access control function

Effective date of registration: 20220701

Granted publication date: 20220412

Pledgee: Zheshang Bank Co.,Ltd. Hefei Branch

Pledgor: CHINA APPLIED TECHNOLOGY Co.,Ltd.

Registration number: Y2022340000017

PE01 Entry into force of the registration of the contract for pledge of patent right