CN112132998A - Intelligent access control equipment and safety control method and device thereof - Google Patents
Intelligent access control equipment and safety control method and device thereof Download PDFInfo
- Publication number
- CN112132998A CN112132998A CN201910574845.4A CN201910574845A CN112132998A CN 112132998 A CN112132998 A CN 112132998A CN 201910574845 A CN201910574845 A CN 201910574845A CN 112132998 A CN112132998 A CN 112132998A
- Authority
- CN
- China
- Prior art keywords
- access control
- intelligent access
- signal
- voltage
- control equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012360 testing method Methods 0.000 claims description 147
- 238000012544 monitoring process Methods 0.000 claims description 27
- 230000009471 action Effects 0.000 claims description 23
- 230000001681 protective effect Effects 0.000 claims description 8
- 230000008569 process Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 7
- 230000007274 generation of a signal involved in cell-cell signaling Effects 0.000 description 7
- 238000002347 injection Methods 0.000 description 5
- 239000007924 injection Substances 0.000 description 5
- 230000015572 biosynthetic process Effects 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000009781 safety test method Methods 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 238000007619 statistical method Methods 0.000 description 2
- WHXSMMKQMYFTQS-UHFFFAOYSA-N Lithium Chemical compound [Li] WHXSMMKQMYFTQS-UHFFFAOYSA-N 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005865 ionizing radiation Effects 0.000 description 1
- 229910052744 lithium Inorganic materials 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000011076 safety test Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01R—MEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
- G01R19/00—Arrangements for measuring currents or voltages or for indicating presence or sign thereof
- G01R19/0084—Arrangements for measuring currents or voltages or for indicating presence or sign thereof measuring voltage only
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00563—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/33—Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
Abstract
The invention relates to an intelligent access control device and a safety control method and a safety control device thereof, wherein a voltage signal input by an emergency power supply interface of the intelligent access control device is monitored; when the voltage signal is monitored to be an attack voltage signal, the intelligent access control equipment is safely controlled, so that various potential safety hazards caused by the fact that an emergency power supply interface which is open to the outside of the intelligent access control equipment is injected with the attack voltage signal are avoided to the greatest extent, the safety and the resistance of the intelligent access control equipment are improved, and the satisfaction degree of user experience is further improved.
Description
Technical Field
The invention relates to the field of Internet of things safety, in particular to intelligent access control equipment and a safety control method and device thereof.
Background
The civil intelligent door lock industry in China really enters the market for nearly two decades till now, the intelligent door lock industry starts to increase for a long time in 2015, the industry scale, the enterprise scale and the number of famous star enterprises start to be greatly increased, the total industry value starts to advance towards the order of billions of yuan, especially in 2017, the intelligent door lock is gradually accepted by mass consumers, the total demand of the intelligent door lock in China will exceed 3000 tens of thousands of packages in the 5-10 years in the future, and the total industry value will break through 1000 billions of yuan. The intelligent door lock is used as the last barrier of the door entry, and the safety of the intelligent door lock is self-evident.
In the cryptoanalysis, three attack modes are used for a security chip: non-invasive attack, semi-invasive attack and invasive attack can be effectively attacked and cracked. The attack principle is to try to introduce some error behaviors into the program logic of the chip by changing environmental parameters (the electrical performance of the chip will change with different voltages, temperatures, light, ionizing radiation and surrounding magnetic fields), bring the chip into an uncertain operation state, such as disturbing the program flow or making the algorithm result go wrong, and attack the chip in the state. The implementation cost of the error injection attack is not high, but the attack success rate is high, and the chip is seriously threatened. There are many commonly used error injection means, including abnormal voltage, frequency, temperature, radiation, light, eddy current and other environmental factors, and also including voltage spike attack, local light attack, electromagnetic manipulation attack and the like.
More and more intelligent door locks provide an emergency power supply interface at the door entrance end, the design of the emergency power supply interface is designed for solving the defect that the door cannot be opened when the battery power of the intelligent door lock is insufficient, and meanwhile, part of the emergency power supply interfaces of the intelligent door locks have the function of upgrading firmware, but a hidden danger is buried for the safety of the intelligent door locks, and the emergency power supply interface is set as an implementation condition for fault injection of voltage burrs; therefore, for the intelligent door lock with the emergency power supply interface, how to improve the safety and the resistance of the intelligent door lock is a technical problem which needs to be solved urgently at present.
Disclosure of Invention
The embodiment of the invention provides intelligent access control equipment and a safety control method and device thereof, and solves the technical problem of how to improve the safety and the resistance of the intelligent access control equipment with an emergency power supply interface.
In order to solve the technical problem, the embodiment of the invention adopts the following technical scheme:
an embodiment of the present invention provides a security control method for an intelligent access control device, including:
monitoring a voltage signal input by an emergency power supply interface of the intelligent access control equipment;
and when the voltage signal is monitored to be an attack voltage signal, carrying out safety control on the intelligent access control equipment.
Optionally, the performing security control on the intelligent access control device includes at least one of:
controlling the intelligent access control equipment to alarm;
controlling the intelligent access control equipment to be locked;
controlling an emergency power supply interface of the intelligent access control equipment to enter a non-enabled state;
and controlling a protective cover of an emergency power supply interface arranged on the intelligent access control equipment to be in a closed state so as to seal the emergency power supply interface.
Optionally, monitoring whether the voltage signal is an attack-type voltage signal comprises:
extracting signal characteristic parameters of the voltage signals;
matching the signal characteristic parameters with target signal characteristic parameters of preset attack type voltage signals;
and when the matching is successful, determining the voltage signal as an attack type voltage signal.
Optionally, the target signal characteristic parameter of the attack-type voltage signal includes: carry out the target signal characteristic parameter that security analysis obtained through intelligent entrance guard's equipment, carry out security analysis to intelligent entrance guard's equipment and include:
generating a voltage burr test signal, and inputting the currently generated voltage burr test signal into the intelligent access control equipment through an emergency power supply interface of the intelligent access control equipment;
acquiring a current working state of the intelligent access control equipment under the action of a current input voltage burr test signal, and carrying out correlation statistics on the current working state and signal characteristic parameters of the current voltage burr test signal;
and analyzing and obtaining target signal characteristic parameters of a target voltage burr test signal which can effectively attack the intelligent access control equipment based on the statistical result.
Optionally, the effective attack comprises: and controlling the working state of the intelligent access control equipment to be mistakenly opened and controlled, wherein the working state of the intelligent access control equipment is at least one of unknown working states.
Optionally, after the intelligent access control device performs security control, the method further includes:
and after monitoring a safety control releasing signal, releasing the safety control of the intelligent access control equipment.
An embodiment of the invention provides a safety control device of intelligent access control equipment, which comprises a safety monitoring module and a control module;
the safety monitoring module is used for monitoring a voltage signal input by an emergency power supply interface of the intelligent access control equipment and informing the control module when the voltage signal is monitored to be an attack voltage signal;
and the control module is used for carrying out safety control on the intelligent access control equipment according to the notification.
Optionally, the control module performing security control on the intelligent access control device includes at least one of:
controlling the intelligent access control equipment to alarm;
controlling the intelligent access control equipment to be locked;
controlling an emergency power supply interface of the intelligent access control equipment to enter a non-enabled state;
and controlling a protective cover of an emergency power supply interface arranged on the intelligent access control equipment to be in a closed state so as to seal the emergency power supply interface.
Optionally, the control module is configured to extract a signal characteristic parameter of the voltage signal, and match the signal characteristic parameter with a target signal characteristic parameter of a preset attack-type voltage signal; and when the matching is successful, determining the voltage signal as an attack type voltage signal.
An embodiment of the present invention further provides an intelligent access control device, including the above-mentioned security control apparatus.
Advantageous effects
According to the intelligent access control equipment and the safety control method and device thereof, voltage signals input by an emergency power supply interface of the intelligent access control equipment are monitored; when the voltage signal is monitored to be an attack voltage signal, the intelligent access control equipment is safely controlled, so that various potential safety hazards caused by the fact that an emergency power supply interface which is open to the outside of the intelligent access control equipment is injected with the attack voltage signal are avoided to the greatest extent, the safety and the resistance of the intelligent access control equipment are improved, and the satisfaction degree of user experience is further improved.
Drawings
Fig. 1 is a schematic flow chart of a security control method for an intelligent access control device according to an embodiment of the present invention;
fig. 2 is a schematic view of a process of determining an attack-type voltage signal according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of a security testing method for an intelligent access control device according to an embodiment of the present invention;
FIG. 4 is a schematic view of a process for obtaining action parameters according to a first embodiment of the present invention;
fig. 5 is a schematic view of a security control device of an intelligent access control device according to a second embodiment of the present invention;
fig. 6 is a schematic structural diagram of a security testing system of an intelligent access control device according to a second embodiment of the present invention;
FIG. 7 is a front view of a fingerprint lock according to a third embodiment of the present invention;
FIG. 8 is a bottom view of a fingerprint lock according to a third embodiment of the present invention;
fig. 9 is a schematic diagram illustrating a connection between a fingerprint lock and a security testing system according to a third embodiment of the present invention;
fig. 10 is a schematic view of a security testing process provided in the third embodiment of the present invention;
fig. 11 is a schematic diagram of a power consumption curve of a fingerprint lock in a normal starting process according to a third embodiment of the present invention;
fig. 12 is a schematic diagram of a power consumption curve of a fingerprint lock testing process according to a third embodiment of the present invention;
fig. 13 is a schematic structural diagram of a fingerprint lock according to a third embodiment of the present invention;
fig. 14 is a schematic diagram of safety control provided by the third embodiment of the present invention.
Detailed Description
It should be understood that the invention is applicable to various intelligent access control devices with emergency power interfaces in the internet of things, including but not limited to various radio frequency intelligent access control devices, fingerprint access control devices, face recognition access control devices, voice recognition access control devices, iris recognition access control devices, digital password recognition access control devices, and the like. In order that the invention may be better understood, it will now be further illustrated by reference to specific embodiments.
The first embodiment is as follows:
the embodiment provides a safety control method of intelligent access control equipment aiming at the intelligent access control equipment with an emergency power supply interface so as to improve the safety and the resistance of the intelligent access control equipment. Referring to fig. 1, the safety control method includes:
s101: and monitoring a voltage signal input by an emergency power supply interface of the intelligent access control equipment.
In this embodiment, the purpose of monitoring the voltage signal input by the emergency power interface of the intelligent access control device is to find an attack type voltage signal such as a voltage glitch signal which may be input for attack, so as to find possible illegal attacks, so that corresponding safety measures can be taken in time and subsequently, and the threat to the personal and property safety of the user can be avoided.
S102: and when the voltage signal is monitored to be an attack voltage signal, carrying out safety control on the intelligent access control equipment.
The security control of the intelligent access control device in this embodiment may include, but is not limited to, at least one of the following modes:
the first method is as follows: controlling intelligent access control equipment to give an alarm; the alarm mode of the intelligent access control equipment in the embodiment can comprise at least one of remote alarm and local alarm; wherein the local alarm includes, but is not limited to, a local sounding alarm or warning tone; remote alerts include, but are not limited to, sending a message to a user or making a phone call or alerting an alert mechanism, etc.;
the second method comprises the following steps: the intelligent access control equipment is controlled to be locked, so that the intelligent access control equipment is prevented from being illegally opened;
the third method comprises the following steps: controlling an emergency power supply interface of the intelligent access control equipment to enter a non-enabled state; therefore, the emergency power supply interface can not input voltage signals subsequently, and the subsequent continuous input of attack type telephone signals through the emergency power supply interface is avoided;
the method is as follows: controlling a protective cover of an emergency power supply interface arranged on the intelligent access control equipment to be in a closed state so as to seal the emergency power supply interface; in the method, the controllable mechanical structure of the protective cover can be arranged for the emergency power interface, and when safety control is required, the protective cover is controlled to correspondingly move or rotate to seal the emergency power interface, so that the attack type telephone signal can be prevented from being continuously input through the emergency power interface subsequently.
It should be understood that the manner of performing security control on the smart entry control device in this embodiment is not limited to the above-described exemplary manners, as long as the security of the smart entry control device can be improved. When the safety control modes of the above several examples are adopted, one or a combination of two or more of the above several example modes can be adopted.
In this embodiment, after carrying out security control on the intelligent access control device, the method may further include: and after the safety control releasing signal is monitored, releasing the safety control on the intelligent access control equipment. That is, after the warning is allowed to end, the security control performed by the intelligent access control device is released, so that the intelligent access control device enters a normal working state.
In the present embodiment, one way of monitoring whether the voltage signal is an attack-type voltage signal is shown in fig. 2, which includes:
s201: and extracting the signal characteristic parameters of the voltage signal input by the emergency power supply interface.
The signal characteristic parameters may include, but are not limited to, amplitude (e.g., voltage value), voltage signal duration (i.e., signal width).
S202: and matching the signal characteristic parameters with preset target signal characteristic parameters of the attack type voltage signals.
For example, in an example, the target signal characteristic parameter includes an amplitude of-2V or more and a signal width of 10ns, and when it is determined that the amplitude of the voltage signal input to the emergency power supply interface is-2V or more and lasts for 10ns according to the extracted signal characteristic parameter, it is determined that the extracted signal characteristic parameter is successfully matched with the target signal characteristic parameter of the preset attack type voltage signal.
Of course, it should be understood that the specific content and specific values of the signal characteristic parameters can be flexibly set according to a specific application scenario.
S203: and when the matching is successful, determining the voltage signal as an attack type voltage signal.
In this embodiment, the target signal characteristic parameter of the attack-type voltage signal may be set by a user, may also be set by an intelligent access control device manufacturer or a service provider, and may optionally be updated. In one example of the present embodiment, the target signal characteristic parameters of the attack-type voltage signal include: and carrying out safety analysis on the obtained target signal characteristic parameters through intelligent access control equipment.
Alternatively, a valid attack in one example may include, but is not limited to: and controlling the working state of the intelligent access control equipment to be at least one of mistakenly opened and unknown working state.
For convenience of understanding, in the present embodiment, the following description will take an example of testing the security of the intelligent access control device and acquiring the target signal characteristic parameter as an example. The embodiment provides a description of a process of security analysis performed by an intelligent access control device, please refer to fig. 3, which includes:
s301: and generating a voltage burr test signal, and inputting the currently generated voltage burr test signal into the intelligent access control equipment through an emergency power supply interface of the intelligent access control equipment.
In the present embodiment, the voltage glitch test signal required by the present embodiment can be generated by various test signal generating devices capable of generating preset requirements. In this embodiment, can be connected the voltage burr test signal output of test signal generation equipment and intelligent entrance guard's emergency power source interface to the voltage burr test signal who will generate pours into intelligent entrance guard's equipment into.
In the test process in this embodiment, the intelligent access control device can be flexibly tested for multiple times according to specific application scenarios. In different test times, different voltage glitch test signals can be adopted completely, or different voltage glitch test signals can be adopted only in partial test. And it should be understood that the generation manner of the voltage glitch test signal in the present embodiment can be flexibly set according to a specific test scenario. For example, in one mode, the generation may be based on various characteristics corresponding to the normal opening of the intelligent access control device. In another mode, the voltage glitch test signal can be generated blindly according to experience or established rules to perform the corresponding test.
For ease of understanding, the following description will be made with an example in which the voltage glitch test signal is generated based on various characteristics corresponding to when the intelligent access control device is normally turned on. In this example, before generating the voltage glitch test signal, please refer to fig. 4, which may further include:
s401: and controlling the intelligent access control equipment to be normally opened, and acquiring a power consumption curve in the normal opening process of the intelligent access control equipment.
S402: and determining action parameters of the voltage glitch test signal according to the obtained power consumption curve. For example, the action parameters may include, but are not limited to: and at least one of the time point of the attack action of the voltage glitch test signal and the duration of the attack action.
In this example, generating the voltage glitch test signal includes generating the voltage glitch test signal according to current test signal configuration parameters. The test signal configuration parameters may include, but are not limited to, at least one of the following:
the voltage glitch signal precision parameter, the voltage glitch signal amplitude parameter, the number of glitches in the voltage glitch signal, the width of the glitches in the voltage glitch signal, the offset parameter of the voltage glitch signal and the above action parameters.
The currently adopted test signal configuration parameters specifically include what contents, and the specific values of the included parameters can be flexibly set according to specific application scenarios, the current test times and the like. For example, in different test times or stages, at least one of a voltage glitch signal amplitude parameter, the number of glitches in the voltage glitch signal, a width of a glitch in the voltage glitch signal, an offset parameter of the voltage glitch signal, a time point of an attack action of the voltage glitch test signal, and a time length of the attack action may be changed to generate correspondingly different generated voltage glitch test signals.
Optionally, in this embodiment, in order to accurately evaluate the intelligent access control device and simulate a possibly existing attacked scene, when the emergency power supply interface of the intelligent access control device inputs the currently generated voltage glitch test signal into the intelligent access control device, the method further includes: and inputting wrong entrance guard opening control signals to the intelligent entrance guard equipment. And then detecting the current working state of the intelligent access control equipment under the action of the currently input voltage burr test signal after the wrong access control opening control signal is input.
In this embodiment, the specific signal type of the entrance guard opening control signal input to the intelligent entrance guard device in error can be flexibly set according to specific requirements. For example, any one or more of a wrong digital password, a fingerprint, a face image, voice information, an iris, and the like may be input.
Optionally, in order to improve the accuracy and controllability of the test, the test signal generation device may be controlled by the trigger control signal to generate the voltage glitch test signal required by the embodiment at a suitable time. At this time, in this example, before generating the voltage glitch test signal, the method may further include: detecting whether a trigger control signal for triggering the generation of the voltage glitch test signal is received, if so, generating the voltage glitch test signal; otherwise, continuing to monitor until the trigger control signal is monitored or the test is finished.
S302: the method comprises the steps of obtaining the current working state of the intelligent access control equipment under the action of a current input voltage spike test signal, and carrying out correlation statistics on the current working state and the signal characteristic parameters of the current voltage spike test signal.
In this embodiment, the operating states of the smart entry device may include an error open state, an unknown operating state, and a maintenance normal close state. When testing intelligent entrance guard's equipment, can be in normal closed state with this intelligent entrance guard's equipment setting, then generate voltage burr test signal to through intelligent entrance guard's equipment emergency power source interface with the voltage burr test signal input intelligent entrance guard's equipment of current formation, whether produce effective attack to intelligent entrance guard's equipment with the voltage burr test signal that detects the input. For example, whether the intelligent access control device is opened by mistake under the action of the voltage spike test signal and/or enters an unknown working state can be detected.
The signal characteristic parameter in this embodiment may include, but is not limited to, at least one of various parameters that may correspond to a characteristic of the pre-voltage glitch test signal. For example, the parameter may include, but is not limited to, at least one of a voltage glitch signal accuracy parameter, a voltage glitch signal amplitude parameter, a number of glitches in the voltage glitch signal, a width of a glitch in the voltage glitch signal, an offset parameter of the voltage glitch signal, and a time point of attack and a duration of attack of the voltage glitch test signal. In this embodiment, signal characteristic extraction may be performed on the currently input voltage spike test signal, or the power consumption curve of the intelligent access control device is collected and corresponding signal characteristic parameters are extracted as the signal characteristic parameters corresponding to the current voltage spike test signal after the voltage spike test signal is injected into the intelligent access control device.
S303: and analyzing and obtaining target signal characteristic parameters of a target voltage burr test signal which can effectively attack the intelligent access control equipment based on the statistical result.
Optionally, in this embodiment, the effective attack may include, but is not limited to, at least one of controlling the operating state of the smart access control device to be an incorrect operation state and controlling the operating state of the smart access control device to be an unknown operating state.
For example, in some application scenarios, the effective attack may include controlling the operating state of the smart access control device to be an incorrect opening and controlling the operating state of the smart access control device to be an unknown operating state. At this time, a similar correspondence table as shown in table 1 below may be statistically generated.
TABLE 1
Therefore, by the safety test method of the intelligent access control equipment provided by the embodiment, the emergency power supply interface of the intelligent door diameter equipment can be evaluated in advance by being attacked by the voltage spike signal, reasonable statistical analysis is carried out on the voltage spike signal which is likely to generate effective attack to obtain the corresponding target signal characteristic parameter, so that an accurate and powerful basis is provided for subsequent monitoring and judgment of the attack voltage signal, the safety and the reliability of the intelligent access control equipment are improved, and the satisfaction degree of user experience is further improved.
Example two:
the embodiment provides a safety control device of intelligent entrance guard equipment, which can be arranged in various intelligent entrance guard equipment. Please refer to fig. 5, which includes a safety monitoring module 51 and a control module 52;
the safety monitoring module 51 is used for monitoring a voltage signal input by an emergency power supply interface of the intelligent access control device, and informing the control module when the voltage signal is monitored to be an attack voltage signal;
the control module 52 is configured to perform security control on the intelligent access control device according to the notification of the security monitoring module 51.
The security control of the intelligent access control device by the control module 52 may include, but is not limited to, at least one of the following:
controlling intelligent access control equipment to give an alarm;
controlling the intelligent access control equipment to be locked;
controlling an emergency power supply interface of the intelligent access control equipment to enter a non-enabled state;
and controlling a protective cover of an emergency power supply interface arranged on the intelligent access control equipment to be in a closed state so as to seal the emergency power supply interface.
Optionally, in an example, the control module 52 is configured to extract a signal characteristic parameter of the voltage signal, and match the signal characteristic parameter with a preset target signal characteristic parameter of the attack-type voltage signal; and when the matching is successful, determining the voltage signal as an attack type voltage signal.
In this embodiment, the target signal characteristic parameter of the attack-type voltage signal may be set by a user, may also be set by an intelligent access control device manufacturer or a service provider, and may optionally be updated. In one example of the present embodiment, the target signal characteristic parameters of the attack-type voltage signal include: and carrying out safety analysis on the obtained target signal characteristic parameters through intelligent access control equipment. For convenience of understanding, the security testing system for performing security analysis on the intelligent access control device is described as an example in the following. Please refer to fig. 6, which includes a test signal generating device 61 and a test statistic device 62;
the test signal generating device 61 is configured to generate a voltage glitch test signal, and input the currently generated voltage glitch test signal into the intelligent access control device through an emergency power supply interface of the intelligent access control device. The test signal generating device 61 in the present embodiment may be various signal generating devices capable of generating the voltage glitch test signal required in the present embodiment. In this embodiment, can be connected the voltage burr test signal output of test signal generation equipment 61 with intelligent entrance guard's equipment's emergency power source interface to the voltage burr test signal who will generate pours into intelligent entrance guard's equipment into. In the test process in this embodiment, different voltage glitch test signals may be used for all tests or only for part of tests in different test times or different test stages. And it should be understood that the generation manner of the test signal generation device 61 generating the voltage glitch test signal in the present embodiment can be flexibly set according to a specific test scenario. For example, in one mode, the test signal generating device 61 may generate the test signal based on various characteristics corresponding to the smart door access device when the smart door access device is normally turned on. In another mode, the test signal generating device 61 may blindly generate the voltage glitch test signal according to experience or established rules to perform the corresponding test.
When the test signal generation device 61 may generate the voltage glitch test signal based on various characteristics corresponding to the normal opening of the intelligent access control device, the test signal generation device 61 may first acquire various characteristic parameters corresponding to the normal opening of the intelligent access control device. For example, the intelligent access control device can be controlled to be normally opened in advance, and a power consumption curve of the intelligent access control device in the normal opening process can be obtained; and determining action parameters of the voltage glitch test signal according to the obtained power consumption curve. For example, the action parameters may include, but are not limited to: and at least one of the time point of the attack action of the voltage glitch test signal and the duration of the attack action.
In this example, the test signal generation device 61 generating the voltage glitch test signal includes generating the voltage glitch test signal according to the current test signal configuration parameters; referring to fig. 6, the security test system may include a configuration device 63 configured to issue the test signal configuration parameters to the test signal generating device 61. The test signal configuration parameters may include, but are not limited to, at least one of the following: the voltage glitch signal precision parameter, the voltage glitch signal amplitude parameter, the number of glitches in the voltage glitch signal, the width of the glitches in the voltage glitch signal, the offset parameter of the voltage glitch signal and the above action parameters. In different test times or stages, the test signal generating device 61 may generate correspondingly different generated voltage glitch test signals by changing at least one of a voltage glitch signal amplitude parameter, the number of glitches in the voltage glitch signal, a width of a glitch in the voltage glitch signal, an offset parameter of the voltage glitch signal, a time point of an attack action of the voltage glitch test signal, and a time length of the attack action.
Optionally, in this embodiment, in order to accurately evaluate the intelligent access control device and simulate a possibly existing attacked scene, when the emergency power supply interface of the intelligent access control device inputs the currently generated voltage glitch test signal into the intelligent access control device, the method further includes: and inputting wrong entrance guard opening control signals to the intelligent entrance guard equipment. And then detecting the current working state of the intelligent access control equipment under the action of the currently input voltage burr test signal after the wrong access control opening control signal is input. In this embodiment, the specific signal type of the entrance guard opening control signal input to the intelligent entrance guard device in error can be flexibly set according to specific requirements. For example, any one or more of a wrong digital password, a fingerprint, a face image, voice information, an iris, and the like may be input.
Optionally, in order to improve the accuracy and controllability of the test, please refer to fig. 6, the safety test system may further include a trigger control device 64, and the trigger control device 64 may control the test signal generating device 61 to generate the voltage glitch test signal required by the present embodiment at a suitable time by generating the trigger control signal at a suitable time.
The test statistic device 62 is configured to obtain a current working state of the intelligent access control device under the action of a current input voltage glitch test signal, perform correlation statistics on the current working state and signal characteristic parameters of the current voltage glitch test signal, and obtain target signal characteristic parameters of a target voltage glitch test signal, which can effectively attack the intelligent access control device, based on analysis of statistical results.
In this embodiment, the operating states of the smart entry device may include an error open state, an unknown operating state, and a maintenance normal close state. When testing intelligent entrance guard's equipment, can be in normal closed state with this intelligent entrance guard's equipment setting, then generate voltage burr test signal to through intelligent entrance guard's equipment emergency power source interface with the voltage burr test signal input intelligent entrance guard's equipment of current formation, whether produce effective attack to intelligent entrance guard's equipment with the voltage burr test signal that detects the input. For example, whether the intelligent access control device is opened by mistake under the action of the voltage spike test signal and/or enters an unknown working state can be detected.
The signal characteristic parameter in this embodiment may include, but is not limited to, at least one of various parameters that may correspond to a characteristic of the pre-voltage glitch test signal. For example, the parameter may include, but is not limited to, at least one of a voltage glitch signal accuracy parameter, a voltage glitch signal amplitude parameter, a number of glitches in the voltage glitch signal, a width of a glitch in the voltage glitch signal, an offset parameter of the voltage glitch signal, and a time point of attack and a duration of attack of the voltage glitch test signal. In this embodiment, signal characteristic extraction may be performed on the currently input voltage spike test signal, or the power consumption curve of the intelligent access control device is collected and corresponding signal characteristic parameters are extracted as the signal characteristic parameters corresponding to the current voltage spike test signal after the voltage spike test signal is injected into the intelligent access control device.
Optionally, in this embodiment, the effective attack may include, but is not limited to, at least one of controlling the operating state of the smart access control device to be an incorrect operation state and controlling the operating state of the smart access control device to be an unknown operating state. The test statistic device 62 can extract and count the signal characteristic parameters corresponding to the error opening and unknown working state of the intelligent access control device; therefore, the emergency power supply interface of the intelligent door diameter equipment can be evaluated in advance by being attacked by the voltage burr signal, and reasonable statistical analysis is carried out on the voltage burr signal which can generate effective attack, so that an accurate and powerful basis is provided for the follow-up monitoring and judgment of the attack voltage signal, and the safety and the reliability of the intelligent door access equipment are improved.
Example three:
in order to better understand the present invention, on the basis of the above embodiments, the present embodiment takes an intelligent access control device as an example of a fingerprint lock.
Referring to fig. 7 and 8, a front view of the fingerprint lock exemplified in the present embodiment is shown, wherein the emergency power interface 71 of the fingerprint lock 7 is arranged at the bottom of the fingerprint lock 7. Of course, it should be understood that the location of the emergency power interface 71 and the specific type of interface used can be flexibly set.
The test signal generating device 61 in this embodiment may be a test signal generating device 61 using a lithium battery pack (for example, outputting 12V, 2A) power supply, and may have a voltage glitch test signal output terminal and a sampling output terminal, where the voltage glitch test signal output terminal is connected to the emergency power interface 71, and the sampling output terminal may be connected to the test statistic device 62. Where test statistics device 62 may comprise an oscilloscope or other device of the type capable of making wave form curve statistics.
In this embodiment, the configuration device 63 may be various configuration devices 63 that can be used for generating configuration information, and may be a configuration device that inputs information by using touch, voice, physical keyboard, and the like.
In this embodiment, the trigger control device 64 may be, but is not limited to, a touch screen pen capable of generating information trigger control signals alone or after being in touch contact with the fingerprint lock 7. For example, the pen point of the touch screen pen can be used for carrying out button pretreatment, and the # key on the fingerprint lock 7 can be correspondingly pretreated, so that when the pen point of the touch screen pen presses the # key, a corresponding trigger control signal can be generated. And finishing one unlocking operation after the # key is pressed.
In this embodiment, the precision of the voltage glitch test signal generated by the test signal generating device 61 is set to be 2ns, the glitch amplitude is-9.8 to 4.2V, the glitch offset is (1 to 500) × 2ns, the number of the glitches is 1 to 100, and the width of the glitch is (1 to 500) × 2 ns.
In this embodiment, please refer to fig. 9 for the security test connection of the fingerprint lock 7, and please refer to fig. 10 for the security test process of the fingerprint lock 7, which includes:
s1001: the test signal generating device 61 is activated to supply power normally but does not generate a voltage glitch test signal.
S1002: and inputting a correct fingerprint or digital password to obtain a power consumption curve of the fingerprint lock under normal unlocking.
S1003: and analyzing the power consumption curve to determine the time period range and/or attack moment of the voltage spike signal attack.
For example, referring to fig. 11, the time period range (160ms) and/or the corresponding attack time (e.g., the unlock time) can be obtained.
S1004: inputting an incorrect opening control signal (for example, inputting an incorrect password or fingerprint, etc.), pressing the # key by the pen point of the touch screen pen to output a trigger control signal, and generating a voltage glitch test signal by the test signal generating device 61 to input the emergency power interface of the fingerprint lock.
And S1005, monitoring the working state of the fingerprint lock and recording the corresponding signal characteristic parameters. For example to monitor whether it is turned on erroneously or enters an unknown state.
S1006: and adjusting configuration parameters (for example, adjusting at least one of time, number, length, amplitude, offset parameters and the like) of the voltage glitch test signal, and then going to S1004 to perform the next test until the test is completed. For example, as shown by the voltage glitch signal in the box in fig. 12, the configuration parameters may be configured accordingly such that the voltage glitch test signal attacks at a corresponding time and within a time range.
Therefore, in the embodiment, for the emergency power source interface exposed to the attacker, the spike injection analysis of the power source is performed to discover the potential safety hazard so as to obtain the characteristic parameters of the corresponding attack signal as the identification basis of the subsequent attack type voltage signal.
The present embodiment further provides a schematic structural diagram of a fingerprint lock, please refer to fig. 13, which includes: the main control chip 131 can implement the functions of the control module 52. Also included are an emergency power interface 132, a security monitoring module 133, and a door lock mechanism unit. The security monitoring module 133 may include a detection hardware circuit for monitoring an attack voltage signal such as a voltage glitch signal, and a processing program for implementing security control is added to the processing program of the main control chip 131. One of the safety control processes is shown in fig. 14, which includes:
s1401: and supplying power to the fingerprint lock through the emergency power supply interface.
S1402: the security monitoring module 133 of the fingerprint lock starts monitoring the voltage signal input through the emergency power interface.
S1403: judging whether the voltage signal is an attack voltage signal, if so, turning to S1404; otherwise, go to S1405.
S1404: the main control chip 131 performs security control, such as alarm or locking.
S1405: the main control chip 131 performs normal control, such as unlocking.
It should be understood that the safety testing method provided by the embodiment is not only suitable for intelligent access control equipment, but also suitable for emergency power interfaces of all intelligent equipment or internet of things equipment. By utilizing the safety protection scheme provided by the embodiment, the power supply ends of various intelligent devices can be prevented from being subjected to burr injection, and the defense capability of the intelligent devices is improved. Meanwhile, for all intelligent devices like intelligent door locks, protection of the emergency power supply interface must be considered to prevent immeasurable consequences.
The foregoing is a detailed description of the invention in conjunction with specific embodiments thereof, and it is not intended that the invention be limited to these specific embodiments. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (10)
1. The safety control method of the intelligent access control equipment is characterized by comprising the following steps:
monitoring a voltage signal input by an emergency power supply interface of the intelligent access control equipment;
and when the voltage signal is monitored to be an attack voltage signal, carrying out safety control on the intelligent access control equipment.
2. The security control method of an intelligent access control device according to claim 1, wherein the security control of the intelligent access control device comprises at least one of:
controlling the intelligent access control equipment to alarm;
controlling the intelligent access control equipment to be locked;
controlling an emergency power supply interface of the intelligent access control equipment to enter a non-enabled state;
and controlling a protective cover of an emergency power supply interface arranged on the intelligent access control equipment to be in a closed state so as to seal the emergency power supply interface.
3. The security control method of an intelligent access control device according to claim 1 or 2, wherein monitoring whether the voltage signal is an attack type voltage signal comprises:
extracting signal characteristic parameters of the voltage signals;
matching the signal characteristic parameters with target signal characteristic parameters of preset attack type voltage signals;
and when the matching is successful, determining the voltage signal as an attack type voltage signal.
4. The security control method of intelligent entrance guard equipment according to claim 3, wherein the target signal characteristic parameters of the attack type voltage signal comprise: carry out the target signal characteristic parameter that security analysis obtained through intelligent entrance guard's equipment, carry out security analysis to intelligent entrance guard's equipment and include:
generating a voltage burr test signal, and inputting the currently generated voltage burr test signal into the intelligent access control equipment through an emergency power supply interface of the intelligent access control equipment;
acquiring a current working state of the intelligent access control equipment under the action of a current input voltage burr test signal, and carrying out correlation statistics on the current working state and signal characteristic parameters of the current voltage burr test signal;
and analyzing and obtaining target signal characteristic parameters of a target voltage burr test signal which can effectively attack the intelligent access control equipment based on the statistical result.
5. The security control method of an intelligent access control device according to claim 4, wherein the effective attack comprises: and controlling the working state of the intelligent access control equipment to be mistakenly opened and controlled, wherein the working state of the intelligent access control equipment is at least one of unknown working states.
6. The security control method of an intelligent access control device according to claim 1 or 2, wherein after performing security control on the intelligent access control device, the method further comprises:
and after monitoring a safety control releasing signal, releasing the safety control of the intelligent access control equipment.
7. The safety control device of the intelligent access control equipment is characterized by comprising a safety monitoring module and a control module;
the safety monitoring module is used for monitoring a voltage signal input by an emergency power supply interface of the intelligent access control equipment and informing the control module when the voltage signal is monitored to be an attack voltage signal;
and the control module is used for carrying out safety control on the intelligent access control equipment according to the notification.
8. The security control apparatus of claim 7, wherein the control module performs security control on the smart entry device by at least one of:
controlling the intelligent access control equipment to alarm;
controlling the intelligent access control equipment to be locked;
controlling an emergency power supply interface of the intelligent access control equipment to enter a non-enabled state;
and controlling a protective cover of an emergency power supply interface arranged on the intelligent access control equipment to be in a closed state so as to seal the emergency power supply interface.
9. The safety control device according to claim 7 or 8, wherein the control module is configured to extract a signal characteristic parameter of the voltage signal, and match the signal characteristic parameter with a target signal characteristic parameter of a preset attack type voltage signal; and when the matching is successful, determining the voltage signal as an attack type voltage signal.
10. An intelligent access control device, comprising the security control apparatus of any one of claims 7 to 9.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910556610 | 2019-06-25 | ||
| CN2019105566102 | 2019-06-25 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112132998A true CN112132998A (en) | 2020-12-25 |
Family
ID=73850053
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910574845.4A Pending CN112132998A (en) | 2019-06-25 | 2019-06-28 | Intelligent access control equipment and safety control method and device thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112132998A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230061037A1 (en) * | 2021-09-01 | 2023-03-02 | Micron Technology, Inc. | Apparatus with power-based data protection mechanism and methods for operating the same |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN200955299Y (en) * | 2006-10-20 | 2007-10-03 | 吴敬一 | Electronic safe puzzle lock |
| CN103034804A (en) * | 2012-12-11 | 2013-04-10 | 深圳国微技术有限公司 | Security chip and attack detection circuit thereof |
| CN203465768U (en) * | 2013-09-23 | 2014-03-05 | 河北远东通信系统工程有限公司 | Access control system capable of intelligently monitoring door lock |
| CN103712642A (en) * | 2013-12-20 | 2014-04-09 | 大唐微电子技术有限公司 | Method and apparatus for realizing self-detection of safety detector |
| CN106371989A (en) * | 2016-05-06 | 2017-02-01 | 北京中电华大电子设计有限责任公司 | Efficient and secure attack fault injection method adopting batch processing mode |
| CN107747457A (en) * | 2017-10-12 | 2018-03-02 | 山东建筑大学 | The intelligent anti-theft door for needing identifying code with fingerprint and iris recognition |
-
2019
- 2019-06-28 CN CN201910574845.4A patent/CN112132998A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN200955299Y (en) * | 2006-10-20 | 2007-10-03 | 吴敬一 | Electronic safe puzzle lock |
| CN103034804A (en) * | 2012-12-11 | 2013-04-10 | 深圳国微技术有限公司 | Security chip and attack detection circuit thereof |
| CN203465768U (en) * | 2013-09-23 | 2014-03-05 | 河北远东通信系统工程有限公司 | Access control system capable of intelligently monitoring door lock |
| CN103712642A (en) * | 2013-12-20 | 2014-04-09 | 大唐微电子技术有限公司 | Method and apparatus for realizing self-detection of safety detector |
| CN106371989A (en) * | 2016-05-06 | 2017-02-01 | 北京中电华大电子设计有限责任公司 | Efficient and secure attack fault injection method adopting batch processing mode |
| CN107747457A (en) * | 2017-10-12 | 2018-03-02 | 山东建筑大学 | The intelligent anti-theft door for needing identifying code with fingerprint and iris recognition |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230061037A1 (en) * | 2021-09-01 | 2023-03-02 | Micron Technology, Inc. | Apparatus with power-based data protection mechanism and methods for operating the same |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2827279B1 (en) | Electro-mechanic USB locking device | |
| CN104780043B (en) | Access control method and system based on two dimensional code | |
| CN107689936B (en) | Security verification system, method and device for login account | |
| CN105573614B (en) | A kind of unlocking screen method and user terminal | |
| WO2018009510A1 (en) | Methods and apparatuses for integrity validation of remote devices using side-channel information in a power signature analysis | |
| Rongrong et al. | Framework for risk assessment in cyber situational awareness | |
| CN105869249A (en) | Electronic key-based intelligent lock | |
| CN112132998A (en) | Intelligent access control equipment and safety control method and device thereof | |
| CN116707965A (en) | Threat detection method and device, storage medium and electronic equipment | |
| CN105653918B (en) | Method for safely carrying out, safe operating device and terminal | |
| CN106548082A (en) | Message treatment method and device | |
| CN105812127A (en) | NFC dynamic token and working method thereof | |
| CN113553599A (en) | Industrial control host software reinforcement method and system | |
| CN106093833B (en) | Take the function of initializing test method and system of control electric energy meter | |
| CN112132999A (en) | Safety testing method and system for intelligent access control equipment | |
| CN110223420A (en) | A kind of fingerprint unlocking system | |
| US9898909B2 (en) | Method and apparatus for tamper detection | |
| TWI500844B (en) | Door lock detecting system and method thereof | |
| CN112861124A (en) | Terminal anti-intrusion detection method and device | |
| CN114021201A (en) | Intelligent detection method and system for cipher machine key | |
| Gerdes et al. | Physical-layer detection of hardware keyloggers | |
| CN106022174A (en) | Safety equipment and damage detection method | |
| CN111240539A (en) | Interface management method and terminal equipment | |
| CN107846391B (en) | Login authentication method, device and system for application | |
| CN116305130B (en) | Dual-system intelligent switching method, system and medium based on system environment recognition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |