CN111489461B - Bluetooth key system for group - Google Patents

Bluetooth key system for group Download PDF

Info

Publication number
CN111489461B
CN111489461B CN201910076591.3A CN201910076591A CN111489461B CN 111489461 B CN111489461 B CN 111489461B CN 201910076591 A CN201910076591 A CN 201910076591A CN 111489461 B CN111489461 B CN 111489461B
Authority
CN
China
Prior art keywords
user
key
app
factory
bluetooth lock
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910076591.3A
Other languages
Chinese (zh)
Other versions
CN111489461A (en
Inventor
杨刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei Zhihui Space Technology Co ltd
Original Assignee
Hefei Zhihui Space Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei Zhihui Space Technology Co ltd filed Critical Hefei Zhihui Space Technology Co ltd
Priority to CN201910076591.3A priority Critical patent/CN111489461B/en
Publication of CN111489461A publication Critical patent/CN111489461A/en
Application granted granted Critical
Publication of CN111489461B publication Critical patent/CN111489461B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Abstract

The invention discloses a group Bluetooth key system, wherein the root key of a Bluetooth lock comprises a factory root key, a user root key and a key root key; each type of root key can generate a corresponding type of key, namely a factory key, a user key and a key; the authentication of the Bluetooth lock and the key is carried out through the APP, and the factory root key is adopted for verification and encryption in the process of updating the user root key. In the authentication process, the key data is not exposed, and the communication key is renegotiated for each connection, so that the possibility of replay attack is prevented, and the security of the key is ensured.

Description

Bluetooth key system for group
Technical Field
The invention relates to the technical field of Bluetooth locks, in particular to a Bluetooth key system for a group.
Background
Since the door lock relates to personal and property safety, the demand for safety is high. Because the bluetooth system of unblanking involves high in the clouds database and code security, APP data and code security, firmware data and code security, these three-terminal as long as have one end to produce the leak, will exert an influence to whole security.
The firmware is the most important relation of the security of the bluetooth lock, and if the design is not proper, the bluetooth lock is easy to be attacked by hackers, for example, under the condition that the most basic communication protocol is plaintext, or the door opening instruction is the same each time, or the door opening logic is cracked, and the like, the hackers can copy the digital key without contacting. Encryption is required in the communication process in order to prevent plaintext transmission of the communication protocol. Because the low-power consumption Bluetooth has limited data transmission amount each time and small calculation power, only a symmetrical algorithm with low calculation power requirement can be selected. However, if the encryption key of the symmetric algorithm is not changed, the instruction for opening the door every time is the same, so that the encryption is meaningless, and a key needs to be negotiated in each communication process. Only a certain logic algorithm is used for negotiating the key, and once the logic is leaked, the negotiated key is also unsafe; if a root key is built in the Bluetooth lock, the key exists in the APP or the cloud. If in APP, there may be some problems, such as the APP is unloaded carelessly, or the mobile phone is formatted, and the user does not have a card or a key, and can only find the locksmith to unlock, or violently disassemble. Meanwhile, the APP installation package can be decompiled, and even if codes are confused or technical means such as sandbox are used, cracking is only a time problem. If the root key is parsed, the lock has no security. In addition, the root key is stored in the APP, so that the B-end application scene is not convenient, namely, the requirement of multiple administrators for managing keys in batch is met, and from the point of view, the root key is stored in the cloud end to be the best choice, and the APP only plays the role of a 'middle man' in unlocking.
But when there is not the network, APP can't connect the server, can't realize unblanking.
The root key is stored in the cloud, and the 'business server' containing the key generation algorithm and the 'secret management center' storing the root key are separately deployed, so that the safety of the root key is ensured to a certain extent. Although the probability of the server being broken is extremely low, the world has no absolute security, and once the 'crypto-center' and the 'business server' are broken, the security of all Bluetooth locks can be threatened, and a large-scale security event is caused.
If only one kind of root key exists inside the bluetooth lock, and the distributed key is required to be recovered (the root key is regenerated), the problem of data asynchronization is easy to occur. For example, when the root key is regenerated, an irreparable interruption occurs in a certain step, so that a new root key is not uploaded to the server, and then the root key of the lock is lost (equivalent to that the bluetooth function is not available) and no remedial measures are taken.
In order to solve the above problems, it is an urgent need to design a secure bluetooth lock system.
Disclosure of Invention
The invention aims to provide a method for generating a user root key by a group Bluetooth lock.
The above object of the present invention is achieved by the following technical solutions:
a Bluetooth key system for a group is provided, wherein a Bluetooth lock root key comprises a factory root key, a user root key and a key root key, and the factory root key is adopted for verification and encryption in the process of updating the user root key.
The invention is further configured to: the process of generating the user root key by the Bluetooth lock, and the server comprises the following steps:
s1, after receiving an account password login request sent by a user APP, the server verifies the account, and if the account password is consistent, the server sends login success information to the user APP, wherein the account password is sent in an HTTPS encryption mode;
s2, the server receives the password ID broadcast and sent by the user APP, verifies the account authority, generates a factory key and sends the factory key to the user APP;
and S3, the server receives the user root key ciphertext sent by the user APP, decrypts and stores the user root key ciphertext.
The invention is further configured to: the process of generating a user root key by a Bluetooth lock, wherein the user APP work comprises the following steps:
a1, sending an account password login request to a server by a user APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS mode;
a2, the user APP receives the broadcast password ID of the Bluetooth lock and reports the broadcast password ID to the server;
a3, receiving the factory key sent by the server by the user APP;
a4, connecting the user APP with the Bluetooth lock; and the Bluetooth lock performs factory key authentication, and sends a user root key generation instruction to the Bluetooth lock;
a5, the user APP receives a user root key ciphertext sent by the Bluetooth lock and reports the user root key ciphertext to the server;
a6, the user APP disconnects from the Bluetooth lock.
The invention is further configured to: the process of generating a user root key by the Bluetooth lock comprises the following steps:
b1, the Bluetooth lock sends the broadcast password ID to the user APP;
b2, the Bluetooth lock establishes connection with the APP of the user; and performing factory key authentication with the user APP;
b3, the Bluetooth lock receives a user root key generating instruction sent by a user APP;
b4, the Bluetooth lock randomly generates a new user root key, stores and updates the user root key, encrypts the user root key by adopting a factory root key to form a user root key ciphertext, and reports the user root key ciphertext to the user APP;
b5, the Bluetooth lock disconnects from the user APP.
The invention is further configured to: the Bluetooth lock initialization process, the server work includes the following steps:
c1, after receiving an account password login request sent by the factory APP, the server verifies account authority and production quantity, if the account password is consistent, login success information is sent to the factory APP, wherein the account password is sent in an HTTPS encryption mode;
c2, the server receives the MAC address reported by the factory APP, MAC duplicate checking is carried out, a Bluetooth lock ID and a password ID are generated, and relevant data are recorded;
c3, the server sends the Bluetooth lock ID and the password ID to give a factory APP;
and C4, the server receives the factory root key ciphertext sent by the factory APP, decrypts and stores the factory root key ciphertext.
The invention is further configured to: bluetooth lock initialization process, the APP work of leaving the factory includes the following steps:
d1, sending an account password login request to the server by the factory APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS mode;
d2, receiving the broadcast MAC address of the Bluetooth lock by the factory APP, and reporting to the server;
d3, receiving the Bluetooth lock ID and the password ID sent by the server by the factory APP;
d4, realizing the connection with the Bluetooth lock by the factory APP; and the Bluetooth lock is subjected to factory key authentication, and the Bluetooth lock ID, the password ID and the B/C terminal identification are written into the Bluetooth lock;
d5, receiving write-in success information sent by the Bluetooth lock by the factory APP, and sending an initialization factory root key instruction to the Bluetooth lock;
d6, the factory APP receives the factory root key ciphertext sent by the Bluetooth lock, and reports the factory root key ciphertext to the server;
d7, leave factory APP disconnection and bluetooth lock's connection.
The invention is further configured to: the bluetooth lock initialization process, the bluetooth lock work includes the following steps:
e1, the Bluetooth lock sends a broadcast and MAC address to the factory APP;
e2, establishing connection with a factory APP by the Bluetooth lock; performing factory key authentication with a factory APP;
e3, writing a Bluetooth lock ID, a password ID and a B/C terminal identification into the Bluetooth lock; after the writing operation is successful, sending operation success information to a factory APP;
e4, the Bluetooth lock receives a factory root key initialization instruction sent by a factory APP, a new factory root key is generated randomly and stored, and a factory root key ciphertext is sent to the factory APP after the factory root key is encrypted by randomly selecting a key;
e5, the connection of bluetooth lock disconnection and factory APP.
The invention is further configured to: after the bluetooth lock has the user root key, the key is calculated, and the process that the server issues the user key to the user APP specifically comprises the following steps:
f1, after receiving account password login information sent by the user APP, the server performs account verification, and if the verification is successful, the server sends login success information to the user APP, wherein the account password is sent in an HTTPS encryption mode;
f2, the server sends the user key to the user APP.
The invention is further configured to: bluetooth lock authentication is unblanked, and only user key that has the authority can authenticate and unblank, need judge user information of unblanking when unblanking, and Bluetooth lock work includes following step:
g1, broadcasting the password ID to the user APP by the Bluetooth lock;
g2, the Bluetooth lock establishes connection with the user APP;
g3, carrying out user key and user key verification on the Bluetooth lock and the user APP;
g4, the Bluetooth lock receives operation information sent by a user APP, wherein the operation information comprises a door opening command and a user self-defined password;
g5, reporting unlocking success information to a user APP after the Bluetooth lock is successfully unlocked;
g6, the connection with user APP is disconnected through the Bluetooth lock.
The invention is further configured to: during bluetooth lock authentication unblanked, user APP work includes the following step:
h1, receiving the broadcast password ID of the Bluetooth lock by the user APP;
h2, establishing connection between the user APP and the Bluetooth lock;
h3, carrying out user key verification on the user APP and the Bluetooth lock;
h4, sending operation information to the Bluetooth lock by the user APP, wherein the operation information comprises a door opening command and a user self-defined password;
h5, receiving unlocking success information sent by the Bluetooth lock by the user APP;
h6, disconnecting the user APP from the Bluetooth lock;
h7, the user APP reports the user root key ciphertext to the server for storage.
Compared with the prior art, the invention has the beneficial technical effects that:
1. by adopting three root keys, the method and the device prevent the loss caused by the loss of the root key when one root key is used.
2. Furthermore, the factory root key is adopted for verification and encryption in the process of generating the updated user root key, so that security holes caused by cracking of the user root key are prevented, and the security of the Bluetooth lock is improved.
3. Furthermore, in the passing process of the Bluetooth lock and the cloud, the secret key data is not leaked, and the possibility of attack on replay is prevented.
Drawings
FIG. 1 is a schematic initialization flow diagram of an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a process of generating a user root key by a B-lock according to an embodiment of the present invention.
Fig. 3 is a flowchart illustrating a process of generating a user root key by a C-lock according to an embodiment of the present invention. Fig. 4 is a schematic diagram illustrating a key issuing process performed by a server according to an embodiment of the present invention.
Fig. 5 is a schematic flowchart of bluetooth authentication unlocking according to an embodiment of the present invention.
Fig. 6 is a flow chart illustrating key authentication according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The invention provides a Bluetooth lock system, which comprises a factory root key, a user root key and a key root key, wherein the factory root key is used for verification and encryption in the process of updating the user root key, so that if data is lost when the user root key is updated, the user root key only needs to be updated again, and the problem of root key loss can not be caused.
The "factory root key" and the "user root key" are generated randomly by the lock, and the "key press root key" is fixed. Each type of root Key may generate a corresponding type of Key, and thus the keys are also classified into a Factory Key (Factory Key), a User Key (User Key), and a Press Key (Press Key).
In the production process of the bluetooth lock, a Key generated when the bluetooth lock is initialized is a 'Factory root Key', and a Factory Key (Factory Key) is a Key generated by the 'Factory root Key'. Factory APPs used at the factory can be guaranteed to be safe, and thus the "factory root key" can be considered to be safe as well.
The 'user root key' is mostly generated in a normal use environment, the 'factory root key' is adopted to encrypt the 'user root key' so as to ensure the safety, and the problem that the safety of the 'user root key' cannot be ensured by using a 'fixed key' for encryption is solved.
When the Bluetooth lock is added with a user root key, the user is required to fill in a self-defined door opening password. The password is only stored in the Bluetooth lock and the APP and is not uploaded to the cloud. At this time, the mobile phone only has a password and a key, and the server only has a root key. When opening the door at every turn, the key that password and high in the clouds were sent in the APP all corresponds with the lock in information and could open the bluetooth lock, has solved if "close management center" and "business server" are attacked the back, the problem that bluetooth lock safety can not be guaranteed.
A key is a set of data that is processed to represent a certain meaning and encrypted with a root key. The Key obtained by the APP is divided into two parts, wherein one part is an Auth Key for verification, and the other part is a parameter Key Param Key for verifying information such as authority. At the moment, the APP is not only purely used as a 'middle man', and a root key of the lock is not obtained, so that the situation of opening the door offline is solved, and the problem of exposing the root key is also solved.
When the bluetooth lock is initialized, a lock identifier of a B end or a C end can be written in, wherein the B end represents a lock for collective unified management, such as hotel and community entrance guard, and the C end represents a lock for a personal user, such as a door lock in a home.
The B-end Bluetooth lock can only use a Factory Key (Factory Key) to authenticate and add a user root Key, the B-end Bluetooth lock is bound to a certain group or a certain cell, and an individual user cannot add the user root Key. The non-group account of the APP cannot obtain a corresponding Factory Key (Factory Key), so that the situation that a user root Key is maliciously added by a non-group user is prevented.
Set up a button in C end bluetooth lock's inside, only can open the people of this bluetooth lock (the owner of lock promptly) can press, solved because C end bluetooth lock does not have a one-to-one with the APP account number, can't judge whether some account number has the problem of adding this bluetooth lock User Key (User Key) permission. After a Key is pressed, a fixed Key (Press Key) can be used for authentication within 30 seconds and a "user root Key" is generated.
After the burning of the firmware of the Bluetooth lock is finished, the internal data are default values, and the Bluetooth unlocking function can be realized only after four steps of initialization, user key generation, key issuing by a server and Bluetooth authentication unlocking are required. The initialization is completed in the factory, and the rest steps are carried out according to the actual application scene.
The bluetooth lock initialization operation is to write necessary information into the lock device which just burns the firmware, generate a 'factory root key' and record the 'factory root key' into the server correspondingly. The 'factory root key' is not changeable after being generated, and can be generated again only after the program is rewritten and internal data is emptied.
In a specific embodiment of the present invention, as shown in fig. 1, the server, the bluetooth lock, and the factory APP cooperate to complete an initialization process.
A server workflow, comprising the steps of:
c1, after receiving an account password login request sent by a factory APP, a server verifies account authority and production quantity, if the account password is consistent, login success information is sent to the factory APP, wherein the account password is sent in an HTTPS encryption mode;
c2, the server receives the MAC address reported by the factory APP, MAC duplicate checking is carried out, a Bluetooth lock ID and a password ID are generated, and relevant data are recorded;
c3, the server sends ID and password ID to give factory APP;
and C4, the server receives the factory root key ciphertext sent by the factory APP, decrypts and stores the factory root key ciphertext.
The factory APP workflow comprises the following steps:
d1, sending an account password login request to the server by the factory APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS mode;
d2, the factory APP receives the broadcast MAC address of the Bluetooth lock and reports the broadcast MAC address to the server;
d3, receiving the Bluetooth lock ID and the password ID sent by the server by the factory APP;
d4, realizing connection with a Bluetooth lock by a factory APP; performing factory key authentication with the Bluetooth lock, and writing the Bluetooth lock ID, the password ID and the B/C terminal identification into the Bluetooth lock;
d5, the factory APP receives the write-in success information sent by the Bluetooth lock and sends an initialization factory root key instruction to the Bluetooth lock;
d6, the factory APP receives the factory root key ciphertext sent by the Bluetooth lock, and reports the factory root key ciphertext to the server;
d7, leave factory APP disconnection and bluetooth lock's connection.
The working process of the Bluetooth lock comprises the following steps:
e1, broadcasting and sending the MAC address to a factory APP by the Bluetooth lock;
e2, establishing connection with a factory APP through the Bluetooth lock; performing factory key authentication with a factory APP;
e3, writing an ID, a password ID and a B/C terminal identification into the Bluetooth lock; after the writing operation is successful, sending operation success information to a factory APP;
e4, the Bluetooth lock receives an instruction of initializing a factory root key, randomly generates and stores a new factory root key, randomly selects a key to encrypt the factory root key, and then sends a factory root key ciphertext to a factory APP;
e5, the connection of bluetooth lock disconnection and factory APP.
In a specific embodiment of the present invention, the server, the bluetooth lock, and the user APP cooperate to generate the user root key.
The User root Key is used for generating a User Key (User Key) used by the User door opening operation, and the User root Key is stored in the server. For keys that have the authority to generate "user root keys," the "user root keys" may be regenerated.
In an embodiment of the present invention, as shown in fig. 2, the B-side bluetooth lock generates a user root key, and the server working process includes the following steps:
s11, after receiving an account password login request sent by a user APP, the server verifies the account, and if the account password is consistent, the server sends login success information to the user APP, wherein the account password is sent in an HTTPS encryption mode;
s12, the server receives the broadcast password ID sent by the user APP, verifies the account authority, generates a Factory Key (Factory Key) and sends the Factory Key (Factory Key) to the user APP;
and S13, the server receives the user root key ciphertext sent by the user APP, decrypts and stores the user root key ciphertext.
The working process of the user APP comprises the following steps:
a11, sending an account password login request to a server by a user APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS encryption mode;
a12, the user APP receives the broadcast password ID of the Bluetooth lock and reports the broadcast password ID to the server;
a13, receiving the factory key sent by the server by the user APP;
a14, connecting the user APP with the Bluetooth lock; and the Bluetooth lock is subjected to factory key authentication, and a user root key generating instruction is sent to the Bluetooth lock;
a15, the user APP receives a user root key ciphertext sent by the Bluetooth lock and reports the user root key ciphertext to the server;
a16, the user APP disconnects from the Bluetooth lock.
The working process of the Bluetooth lock comprises the following steps:
b11, the Bluetooth lock sends the broadcast password ID to the user APP;
b12, the Bluetooth lock establishes connection with the APP of the user; and carrying out factory key authentication with the user APP;
b13, the Bluetooth lock receives a user root key generating instruction sent by a user APP;
b14, the Bluetooth lock randomly generates a new user root key, stores and updates the user root key, encrypts the user root key by adopting a factory root key to form a user root key ciphertext, and reports the user root key ciphertext to a user APP;
b15, the Bluetooth lock disconnects from the user APP.
In an embodiment of the present invention, as shown in fig. 3, the process of generating the user root key by the C-side bluetooth lock and the server includes the following steps:
s21, after receiving an account password login request sent by a user APP, the server carries out account authentication, if the account password is consistent, login success information is sent to the user APP, wherein the account password is sent in an HTTPS encryption mode;
and S22, the server receives the user root key ciphertext sent by the user APP, decrypts and stores the user root key ciphertext.
The working process of the user APP comprises the following steps:
a21, sending an account password login request to a server by a user APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS mode;
a22, receiving the code ID and the C terminal identification information broadcasted by the Bluetooth lock by a user APP;
a23, connecting a user APP with a Bluetooth lock; key authentication is carried out on the Bluetooth lock and a user root key generating instruction is sent to the Bluetooth lock;
a25, the user APP receives a user root key ciphertext sent by the Bluetooth lock and reports the user root key ciphertext to the server;
a26, the user APP disconnects from the Bluetooth lock.
The working process of the Bluetooth lock, the Bluetooth lock uses the key to authenticate and generate a user root key within the set time after the key is pressed down, and the method comprises the following steps:
b21, pressing the button of the Bluetooth lock;
b22, broadcasting the password ID and the C-terminal identification information to the user APP by the Bluetooth lock;
b23, the Bluetooth lock establishes connection with the APP of the user; and key-press key authentication is carried out with the user APP;
b24, the Bluetooth lock receives a user root key generating instruction sent by a user APP;
b25, the Bluetooth lock randomly generates a new user root key, the user root key is updated and stored, the user root key is encrypted by adopting a factory root key to form a user root key ciphertext, and the user root key ciphertext is reported to a user APP;
b25, the Bluetooth lock disconnects from the user APP.
Preferably, the set time is 30 seconds.
In one embodiment of the present invention, after the bluetooth lock has a "user root key", the key may be calculated. As shown in fig. 4, in the process of issuing the user key to the user APP by the server, the server workflow includes the following steps:
f1, after receiving account password login information sent by the user APP, the server performs account verification, and if the verification is successful, the server sends login success information to the user APP, wherein the account password is sent in an HTTPS encryption mode;
f2, the server sends the user key to the user APP.
In the process of issuing the user key by the server, the user APP workflow comprises the following steps:
f11, sending account password information to the server by the user APP in an HTTPS encryption mode, and requesting login;
f12, the user APP receives the login success signal returned by the server and the issued user key.
In a specific embodiment of the present invention, as shown in fig. 5, the bluetooth lock authenticates unlocking, only a user key with authority can authenticate unlocking, and the user unlocking information needs to be determined during unlocking, and the working process of the bluetooth lock includes the following steps:
g1, broadcasting a password ID (cipher ID) to a user APP by the Bluetooth lock;
g2, the Bluetooth lock establishes connection with the user APP;
g3, carrying out user key verification on the Bluetooth lock and the user APP;
g4, the Bluetooth lock receives operation information sent by a user APP, wherein the operation information comprises a door opening command and a user self-defined password;
g5, after the Bluetooth lock is successfully unlocked, reporting unlocking success information to a user APP;
g6, the connection of bluetooth lock disconnection and user APP.
Bluetooth lock authentication is unblanked, and user APP working process includes following step:
h1, receiving the broadcast password ID of the Bluetooth lock by the user APP;
h2, establishing connection with the Bluetooth lock by the user APP;
h3, carrying out user key verification on the user APP and the Bluetooth lock;
h4, sending operation information to the Bluetooth lock by the user APP, wherein the operation information comprises a door opening command and a user self-defined password;
h5, receiving unlocking success information sent by the Bluetooth lock by the user APP;
h6, disconnecting the user APP from the Bluetooth lock;
h7, the user APP reports the user root key ciphertext to the server for storage.
In one embodiment of the present invention, different types of keys are generated in the same way, and are encrypted by AES or other symmetric algorithm, except that the original Data (Data) (12 bytes) carried by the different types of keys have different meanings and different root keys are used in the key generation process.
Specifically, the generation of the factory key includes the steps of:
s31, splitting the factory root key into two sections of a factory root key A and a factory root key B; the factory root key A comprises 12 bytes, and the factory root key B comprises 4 bytes;
s32, splicing factory original Data (Data) and a factory root Key B together, encrypting by using the factory root Key, and obtaining Data as a factory parameter Key (Param Key) which comprises 16 bytes;
s33, splitting a factory parameter Key (Param Key) into two sections, namely a factory parameter Key A (Param Key A) and a factory parameter Key B (Param Key B), wherein the factory parameter Key A comprises 4 bytes, and the factory parameter Key B comprises 12 bytes;
s34, after the factory parameter key A and the factory root key A are spliced together, the factory root key is used for encryption, and the obtained data is a factory authentication key and comprises 16 bytes;
and S35, splicing the factory parameter key and the factory authentication key together to obtain data, namely the factory key, which comprises 32 bytes.
Likewise, the generation of the key-press includes the steps of:
s41, splitting the key root key into two sections of key root key A and key root key B, wherein the key root key A comprises 12 bytes, and the key root key B comprises 4 bytes;
s42, after the key original data and the key root key B are spliced together and encrypted by the key root key, the obtained data is a key parameter key and comprises 16 bytes;
s43, splitting the key parameter key into two sections of key parameter key A and key parameter key B, wherein the key parameter key A comprises 4 bytes, and the key parameter key B comprises 12 bytes;
s44, after the key parameter key A and the key root key A are spliced together, the key root key is used for encryption, and the obtained data is a key authentication key and comprises 16 bytes;
and S45, the key parameter key and the key authentication key are spliced together, and the obtained data is the key.
Likewise, a user root key generates the user key, comprising the steps of:
s51, splitting the user root key into two segments, namely a user root key A and a user root key B, wherein the user root key A comprises 12 bytes, and the user root key B comprises 4 bytes;
s52, after the original data of the user and the user root key B are spliced together, the original data of the user and the user root key B are encrypted by the user root key, and the obtained data is the user parameter key;
s53, splitting the user parameter key into two sections, namely a user parameter key A and a user parameter key B, wherein the user parameter key A comprises 4 bytes, and the user parameter key B comprises 12 bytes;
s54, after the user parameter key A and the user root key A are spliced together, encrypting the data by using the user root key, and obtaining the data as a user authentication key;
and S55, the user parameter key and the user authentication key are spliced together, and the obtained data is the user key.
In one embodiment of the present invention, the bluetooth lock is the same as the key authentication method regardless of the type of key, but differs in the subsequent operation authority of the key. For example, a Factory Key (Factory Key) may not open a door, a User Key (User Key) may not add a "User root Key", and the like.
As shown in fig. 6, in the process of authenticating the bluetooth lock and the user key, the working process of the user APP includes the following steps:
r1, connecting the user APP with the Bluetooth lock;
r2, the user APP adopts the user key to send a request authentication (Auth) to the Bluetooth lock;
r3, the user APP receives the Challenge initiated by the Bluetooth lock, the Challenge (Challenge) data is decrypted and analyzed by using the authentication Key (Auth Key), and the Challenge (Challenge) data is used for updating the encryption Key, which is equivalent to negotiating out the communication Key for communication encryption;
r4, the user APP replies the challenge to the Bluetooth lock and sends the operation to be performed to the Bluetooth lock;
r5, the user key authentication process ends.
In the process of authenticating the Bluetooth lock and the user key, the working process of the Bluetooth lock comprises the following steps:
after receiving the request authentication, the R11 Bluetooth lock firstly generates an authentication Key (Auth Key), decrypts part of the request authentication data packet and verifies the decrypted request authentication data packet, then decrypts the part of the request authentication data packet and obtains and verifies the decrypted request authentication data packet, if the verification is successful, the Challenge is initiated, namely, after a Challenge (Challenge) random number is generated, a Challenge data packet is generated and encrypted by the authentication Key (Auth Key) and sent to the user APP.
As can be seen from the Key generation process, the authentication Key (authkey) can be calculated using the unencrypted parameter Key (Param Key) and the root Key stored inside the lock.
In step R2, an authentication packet structure is requested, as shown in table 1:
table 1:
Figure GDA0003296402620000181
a request authentication packet comprising: the key comprises a parameter key, a key type, a random number and a check bit, wherein the parameter key comprises 16 bytes, the key type comprises 1 byte, the random number comprises 2 bytes, the check bit comprises 1 byte, the first 4 bytes of the parameter key are not encrypted, and the last 12 bytes of the parameter key, the key type, the random number and the check bit are encrypted by an authentication key.
In step R11, the data packet structure is challenged, as shown in table 2:
table 2:
Figure GDA0003296402620000191
a challenge packet comprising: authentication reply (Auth reply), Challenge Data (Challenge Data)1, Challenge Data (Challenge Data)2, random number and check bit, wherein the authentication reply comprises 2 bytes, the Challenge Data 1 comprises 4 bytes, the Challenge Data 2 comprises 8 bytes, the random number comprises 5 bytes, the check bit comprises 1 byte, the first 2 bytes of the authentication reply, the Challenge Data 1, the Challenge Data 2 and the random number are encrypted by an authentication key, and the last 3 bytes and the check bit of the random number are not processed.
In step R3, the communication key structure is shown in table 3:
table 3:
Figure GDA0003296402620000192
the communication Key comprises Challenge Data (Challenge Data)2 and a second half part of an authentication Key (Auth Key); the challenge data 2 includes 8 bytes, and the second half of the authentication key includes the last 8 bytes.
In step R4, the challenge and operation packet structure is recovered, as shown in table 4:
table 4:
Figure GDA0003296402620000201
the reply challenge and operation data packet comprises challenge data 1, a Command (Command) section and check bits, wherein the challenge data 1 comprises 4 bytes, the Command section comprises 15 bytes, the check bits comprise 1 byte, and the Command section and the check bits of the reply challenge and operation data packet are encrypted by a communication key and are not processed by the challenge data 1.
So far, the bluetooth authentication process is finished.
In the communication process, the original text of the key data is not exposed in the communication process, and the key cannot be acquired in a wireless packet capturing mode. Meanwhile, the used communication key is renegotiated for each connection, so that the possibility of replay attack is prevented. When the man-in-the-middle attacks are used, the man-in-the-middle cannot acquire the communication key and cannot tamper data.
The embodiments of the present invention are preferred embodiments of the present invention, and the scope of the present invention is not limited by these embodiments, so: equivalent changes made according to the structure, shape and principle of the invention shall be covered by the protection scope of the invention.

Claims (10)

1. A group uses bluetooth key system which characterized in that: the Bluetooth lock root key comprises a factory root key, a user root key and a key root key, and is verified and encrypted by adopting the factory root key in the process of updating the user root key; the root key is stored in the server, the user root key is used for generating a user key used for the door opening operation of a user, the factory root key is used for generating a factory key, and the key root key is used for generating a key; the factory root key and the user root key are generated randomly by the Bluetooth lock, and the key root key is fixed; the group binds a certain group or a cell by using a Bluetooth lock, only a factory key is used for authentication and user root key addition, and an individual user cannot add the user root key; the key in the user APP is divided into two parts, namely an authentication key for authentication and a parameter key for authentication authority information.
2. The bluetooth key system of claim 1, wherein: the process of generating the user root key by the Bluetooth lock, and the operation of the server comprises the following steps:
s1, after receiving an account password login request sent by a user APP, the server carries out account authentication, if the account password is consistent, login success information is sent to the user APP, wherein the account password is sent in an HTTPS encryption mode;
s2, the server receives the password ID broadcast and sent by the user APP, verifies the account authority, generates a factory key and sends the factory key to the user APP;
and S3, the server receives the user root key ciphertext sent by the user APP, decrypts and stores the user root key ciphertext.
3. The bluetooth key system of claim 1, wherein: the process that the bluetooth lock generates a user root key, user APP work includes the following steps:
a1, sending an account password login request to a server by a user APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS mode;
a2, the user APP receives the broadcast password ID of the Bluetooth lock and reports the broadcast password ID to the server; a3, receiving the factory key sent by the server by the user APP;
a4, connecting a user APP with a Bluetooth lock; and the Bluetooth lock performs factory key authentication, and sends a user root key generation instruction to the Bluetooth lock;
a5, the user APP receives a user root key ciphertext sent by the Bluetooth lock and reports the user root key ciphertext to the server;
a6, the user APP disconnects from the Bluetooth lock.
4. The bluetooth key system of claim 1, wherein: the process of generating the user root key by the Bluetooth lock comprises the following steps:
b1, the Bluetooth lock sends the broadcast password ID to the user APP;
b2, the Bluetooth lock establishes connection with the APP of the user; and carrying out factory key authentication with the user APP;
b3, the Bluetooth lock receives a user root key generating instruction sent by a user APP;
b4, the Bluetooth lock randomly generates a new user root key, stores and updates the user root key, encrypts the user root key by adopting a factory root key to form a user root key ciphertext, and reports the user root key ciphertext to a user APP;
b5, the connection of the Bluetooth lock and the APP of the user is disconnected.
5. The bluetooth key system of claim 1, wherein: the Bluetooth lock initialization process, the server work includes the following steps:
c1, after receiving an account password login request sent by the factory APP, the server verifies account authority and production quantity, if the account password is consistent, login success information is sent to the factory APP, wherein the account password is sent in an HTTPS encryption mode;
c2, the server receives the MAC address reported by the factory APP, MAC duplication checking is carried out, a Bluetooth lock ID and a password ID are generated, and related data are recorded;
c3, the server sends the Bluetooth lock ID and the password ID to give a factory APP;
and C4, the server receives the factory root key ciphertext sent by the factory APP, decrypts and stores the factory root key ciphertext.
6. The bluetooth key system of claim 1, wherein: bluetooth lock initialization process, the APP work of leaving the factory includes the following steps:
d1, sending an account password login request to the server by the factory APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS mode;
d2, the factory APP receives the broadcast MAC address of the Bluetooth lock and reports the broadcast MAC address to the server;
d3, receiving the Bluetooth lock ID and the password ID sent by the server by the factory APP;
d4, realizing the connection with the Bluetooth lock by the factory APP; and carries out factory key identification with the Bluetooth lock
The ID of the Bluetooth lock, the ID of the password and the identification of the B/C terminal are written into the Bluetooth lock;
d5, receiving write-in success information sent by the Bluetooth lock by the factory APP, and sending an initialization factory root key instruction to the Bluetooth lock;
d6, the factory APP receives the factory root key ciphertext sent by the Bluetooth lock, and reports the factory root key ciphertext to the server;
d7, leave factory APP disconnection and bluetooth lock's connection.
7. The bluetooth key system of claim 1, wherein: the bluetooth lock initialization process, the bluetooth lock work includes the following steps:
e1, the Bluetooth lock sends a broadcast and MAC address to the factory APP;
e2, establishing connection with a factory APP by the Bluetooth lock; performing factory key authentication with a factory APP;
e3, writing a Bluetooth lock ID, a password ID and a B/C terminal identification into the Bluetooth lock; after the write-in operation is successful, sending operation success information to a factory APP;
e4, the Bluetooth lock receives a factory root key initialization instruction sent by a factory APP, a new factory root key is generated randomly and stored, and a factory root key ciphertext is sent to the factory APP after the factory root key is encrypted by randomly selecting a key;
e5, the connection of bluetooth lock disconnection and factory APP.
8. The bluetooth key system of claim 1, wherein: after the bluetooth lock has the user root key, the key is calculated, and the process that the server issues the user key to the user APP specifically comprises the following steps:
f1, after receiving account password login information sent by the user APP, the server carries out account authentication, if the authentication is successful, login success information is sent to the user APP, wherein the account password is sent in an HTTPS encryption mode;
f2, the server sends the user key to the user APP.
9. The bluetooth key system of claim 1, wherein: bluetooth lock authentication
Unblank, only have the user key of authority user key can authenticate and unblank, need judge user's information of unblanking when unblanking, bluetooth lock work includes following step:
g1, broadcasting the password ID to the user APP by the Bluetooth lock; g2, the Bluetooth lock establishes connection with the user APP;
g3, carrying out user key and user key verification on the Bluetooth lock and the user APP;
g4, the Bluetooth lock receives operation information sent by a user APP, wherein the operation information comprises a door opening command and a user self-defined password;
g5, reporting unlocking success information to a user APP after the Bluetooth lock is successfully unlocked; g6, the connection of bluetooth lock disconnection and user APP.
10. The bluetooth key system of claim 1, wherein: during bluetooth lock authentication unblanked, user APP work included the following step:
h1, receiving the broadcast password ID of the Bluetooth lock by the user APP; h2, establishing connection with the Bluetooth lock by the user APP;
h3, carrying out user key verification on the user APP and the Bluetooth lock;
h4, sending operation information to the Bluetooth lock by the user APP, wherein the operation information comprises a door opening command and a user self-defined password;
h5, receiving unlocking success information sent by the Bluetooth lock by the user APP;
h6, disconnecting the user APP from the Bluetooth lock;
h7, the user APP reports the user root key ciphertext to the server for storage.
CN201910076591.3A 2019-01-26 2019-01-26 Bluetooth key system for group Active CN111489461B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910076591.3A CN111489461B (en) 2019-01-26 2019-01-26 Bluetooth key system for group

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910076591.3A CN111489461B (en) 2019-01-26 2019-01-26 Bluetooth key system for group

Publications (2)

Publication Number Publication Date
CN111489461A CN111489461A (en) 2020-08-04
CN111489461B true CN111489461B (en) 2022-07-15

Family

ID=71793851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910076591.3A Active CN111489461B (en) 2019-01-26 2019-01-26 Bluetooth key system for group

Country Status (1)

Country Link
CN (1) CN111489461B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112396738B (en) * 2020-12-01 2022-11-04 深圳市汇顶科技股份有限公司 Unlocking method of shared device and related device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105389500A (en) * 2014-09-02 2016-03-09 苹果公司 Method of using one device to unlock another device
CN106846589A (en) * 2017-03-06 2017-06-13 南京邮电大学 A kind of mobile phone A PP and single-chip computer control system based on bluetooth
CN107948961A (en) * 2017-12-23 2018-04-20 北京智辉空间科技有限责任公司 Bluetooth alignment system and method
EP3361451A1 (en) * 2017-02-10 2018-08-15 Vestel Elektronik Sanayi ve Ticaret A.S. Safety lock for restricting access to technical devices

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105405189A (en) * 2015-10-29 2016-03-16 詹卓衡 Door lock and control method thereof
CN205259674U (en) * 2015-11-24 2016-05-25 厦门中卡科技开发有限公司 Parking stall lock system that many cars used
CN108116367B (en) * 2016-11-29 2020-08-25 比亚迪股份有限公司 Keyless system matching method and keyless matching system
US10580242B2 (en) * 2017-01-20 2020-03-03 Macron International, Inc. Asset management system utilizing a mobile application
CN106934886B (en) * 2017-02-28 2019-02-26 南京东屋电气有限公司 A kind of setting of dynamic puzzle-lock OTC key and update method
CN108510626B (en) * 2018-02-23 2021-08-31 深圳同心科技有限公司 Dynamic password access control management method and management system thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105389500A (en) * 2014-09-02 2016-03-09 苹果公司 Method of using one device to unlock another device
EP3361451A1 (en) * 2017-02-10 2018-08-15 Vestel Elektronik Sanayi ve Ticaret A.S. Safety lock for restricting access to technical devices
CN106846589A (en) * 2017-03-06 2017-06-13 南京邮电大学 A kind of mobile phone A PP and single-chip computer control system based on bluetooth
CN107948961A (en) * 2017-12-23 2018-04-20 北京智辉空间科技有限责任公司 Bluetooth alignment system and method

Also Published As

Publication number Publication date
CN111489461A (en) 2020-08-04

Similar Documents

Publication Publication Date Title
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
CN106130982B (en) Intelligent household appliance remote control method based on PKI system
CN107612889B (en) Method for preventing user information leakage
CN111080845B (en) Temporary unlocking method, system, door lock, administrator terminal and readable storage medium
CN113572740B (en) Cloud management platform authentication encryption method based on state password
CN102685739B (en) Authentication method and system for Android enterprise applications
CN107154847A (en) Towards the method for generating cipher code, verification method and its smart machine of offline environment
CN108650261B (en) Mobile terminal system software burning method based on remote encryption interaction
CN1977559B (en) Method and system for protecting information exchanged during communication between users
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN112672342B (en) Data transmission method, device, equipment, system and storage medium
CN104767766A (en) Web Service interface verification method, Web Service server and client side
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
CN111181723A (en) Method and device for offline security authentication between Internet of things devices
CN105141629A (en) Method for improving network security of public Wi-Fi based on WPA/WPA2 PSK multiple passwords
CN114697082B (en) Production and application method of encryption and decryption device in server-free environment
CN111489462B (en) Personal Bluetooth key system
CN111563980B (en) Bluetooth lock key generation and authentication method
CN102546240B (en) Network communication method, network communicating system and network communication device
KR101358375B1 (en) Prevention security system and method for smishing
CN106789845A (en) A kind of method of network data security transmission
CN103856938B (en) A kind of method of encrypting and decrypting, system and equipment
CN107104792B (en) Portable mobile password management system and management method thereof
CN111489461B (en) Bluetooth key system for group
KR101996317B1 (en) Block chain based user authentication system using authentication variable and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 230001 China (Anhui) pilot Free Trade Zone, Hefei, Anhui Province a3-14, floor 14, block a, building J1, phase II, innovation industrial park, No. 2800, innovation Avenue, high tech Zone, Hefei

Applicant after: Hefei Zhihui Space Technology Co.,Ltd.

Address before: 100020 room 801, 8th floor, building 2, courtyard 16, Guangshun North Street, Chaoyang District, Beijing

Applicant before: BEIJING ZHIHUI SPACE TECHNOLOGY CO.,LTD.

GR01 Patent grant
GR01 Patent grant