CN113487765A - CTID (computer telephony integration) access control method and system supporting dynamic encryption - Google Patents
CTID (computer telephony integration) access control method and system supporting dynamic encryption Download PDFInfo
- Publication number
- CN113487765A CN113487765A CN202110636926.XA CN202110636926A CN113487765A CN 113487765 A CN113487765 A CN 113487765A CN 202110636926 A CN202110636926 A CN 202110636926A CN 113487765 A CN113487765 A CN 113487765A
- Authority
- CN
- China
- Prior art keywords
- ctid
- bid value
- module
- code
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000010354 integration Effects 0.000 title claims abstract description 12
- 238000012795 verification Methods 0.000 claims abstract description 28
- 238000013475 authorization Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 230000005764 inhibitory process Effects 0.000 claims 4
- 230000000737 periodic effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00896—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00388—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00412—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
Abstract
The invention provides a CTID (computer telephony integration) access control method and a CTID access control system supporting dynamic encryption, belonging to the technical field of intelligent access control, wherein the method comprises the following steps: step S10, after the CTID entrance guard is powered on, initializing the code scanning module, the Bluetooth module and the NFC module, entering step S20 when a two-dimensional code is scanned, entering step S30 when a Bluetooth connection request sent by Bluetooth equipment is received, and entering step S40 when an IC card is identified; step S20, checking and analyzing the two-dimensional code to obtain a BID value and a validity period, and unlocking after dynamic verification is carried out on the basis of the BID value and the validity period; step S30, generating a random code, and unlocking after dynamically verifying the authority data returned by the Bluetooth equipment by using the random code; and step S40, after the IC card is verified, decrypting the BID value and the validity period carried by the IC card by using the dynamic key, and unlocking after dynamic verification is carried out based on the BID value and the validity period. The invention has the advantages that: on the premise of guaranteeing the use convenience of the CTID access control, the safety of the CTID access control is greatly improved.
Description
Technical Field
The invention relates to the technical field of intelligent access control, in particular to a CTID access control method and system supporting dynamic encryption.
Background
The access control system is a system for controlling an access channel and is developed on the basis of a traditional door lock. Along with the progress of science and technology, an access control system based on face recognition appears, the identity of a user is rapidly verified through the face recognition, and then whether the access control system has the authority to be opened or not is judged. However, through face recognition, there is a risk of face data leakage, so CTID access control comes along.
CTID (network certificate) refers to a network identity authentication certificate, and an electronic encrypted file issued by relying on the Internet and a trusted identity authentication platform; the identification card of citizen and portrait are authenticated by CTID center (credible identity authentication platform) to generate unique BID value (individual unique identification) for identifying user identity. Similar to a public rental house and a hotel, the CTID intelligent door lock can be installed, a user can unlock the CTID intelligent door lock after identity authentication is carried out on a two-dimensional code or a bar code of which the display content is a BID value through a mobile phone, namely, the CTID intelligent door lock tracks and manages tenants, and house and person verification is realized.
However, the traditional CTID access control adopts a static encryption method, that is, the decrypted BID value can be used as an authorization basis, and dynamic secondary verification is not performed on the BID value, so that the traditional CTID access control has great potential safety hazard. Therefore, how to provide a CTID (computer telephony integration) access control method and system supporting dynamic encryption to improve the safety of the CTID access control on the premise of ensuring the use convenience of the CTID access control becomes a problem to be solved urgently.
Disclosure of Invention
The invention aims to provide a CTID (computer telephony integration) access control method and system supporting dynamic encryption, so that the safety of the CTID access control is improved on the premise of ensuring the use convenience of the CTID access control.
In a first aspect, the present invention provides a CTID access control method supporting dynamic encryption, including the following steps:
step S10, after the CTID entrance guard is powered on, initializing the code scanning module, the Bluetooth module and the NFC module, entering step S20 when the code scanning module scans the two-dimensional code, entering step S30 when the Bluetooth module receives a Bluetooth connection request sent by Bluetooth equipment, and entering step S40 when the NFC module identifies an IC card;
step S20, after the CTID entrance guard checks the two-dimensional code, analyzing to obtain a BID value and an effective period, and unlocking after dynamic verification is carried out on the basis of the BID value and the effective period;
step S30, the CTID entrance guard generates a random code to the Bluetooth equipment, and unlocks after dynamically verifying the authority data returned by the Bluetooth equipment by using the random code;
and step S40, after the IC card is verified by the CTID entrance guard, decrypting the BID value and the validity period carried by the IC card by using a dynamic key, and unlocking after dynamic verification is carried out based on the BID value and the validity period.
Further, in step S10, the initializing the code scanning module, the bluetooth module, and the NFC module specifically includes:
setting a code scanning period of a code scanning module, carrying out timed code scanning by the code scanning module based on the code scanning period, and sending code scanning contents to a CTID (computer telephony integration) access control in real time through serial port communication to complete initialization of the code scanning module;
setting a working mode and a callback function of the Bluetooth module to complete initialization of the Bluetooth module;
and setting the working mode of the NFC module and the antenna receiving parameters to complete initialization of the NFC module.
Further, the step S20 specifically includes:
step S21, the CTID entrance guard verifies the two-dimensional code based on a preset authorization key, judges whether the two-dimensional code is a network certificate two-dimensional code, and if so, enters step S22; if not, ending the flow;
step S22, the CTID entrance guard analyzes the two-dimensional code to obtain a BID value and an effective period, whether the BID value obtained by analysis is matched with a locally stored BID value is judged, and if yes, the step S23 is executed; if not, ending the flow;
step S23, the CTID entrance guard judges whether the current time is in the validity period, if so, the identity verification is passed, and the unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
Further, the step S30 specifically includes:
step S31, the CTID entrance guard generates a random code to be sent to the Bluetooth equipment;
step S32, the Bluetooth equipment receives the random code, encrypts the random code, the BID value and the unlocking instruction by using an encryption key agreed with the CTID access control in advance to obtain authority data, and sends the authority data to the CTID access control;
step S33, the CTID entrance guard decrypts the received authority data by using the encryption key to obtain a random code, a BID value and an unlocking instruction, judges whether the random code obtained by decryption is consistent with the generated random code, and if so, enters step S34; if not, ending the flow;
step S34, the CTID entrance guard judges whether the BID value obtained by decryption is matched with a locally stored BID value, if so, the unlocking instruction is executed; if not, the flow is ended.
Further, the step S40 specifically includes:
step S41, the CTID entrance guard reads the ACK value of the IC card, judges whether the type of the IC card is a CPU card or not based on the ACK value, if so, the step S42 is executed; if not, ending the flow;
step S42, the CTID entrance guard utilizes the dynamic key to decrypt the encrypted storage area of the IC card to obtain a BID value and an effective period; the dynamic key is generated based on the card number of the IC card and the initial key, and each IC card corresponds to a unique dynamic key;
step S43, the CTID entrance guard judges whether the BID value obtained by decryption is matched with the BID value stored locally, if yes, the step S44 is carried out; if not, ending the flow;
step S44, the CTID entrance guard judges whether the current time is in the validity period, if so, the identity verification is passed, and the unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
In a second aspect, the present invention provides a CTID access control system supporting dynamic encryption, including the following modules:
the initialization module is used for initializing the code scanning module, the Bluetooth module and the NFC module after the CTID entrance guard is powered on, entering the two-dimension code unlocking module when the code scanning module scans the two-dimension code, entering the Bluetooth unlocking module when the Bluetooth module receives a Bluetooth connection request sent by Bluetooth equipment, and entering the NFC unlocking module when the NFC module identifies an IC card;
the two-dimension code unlocking module is used for analyzing the two-dimension code after the CTID entrance guard verifies the two-dimension code to obtain a BID value and an effective period, and unlocking after dynamic verification is carried out on the basis of the BID value and the effective period;
the Bluetooth unlocking module is used for the CTID access control to generate a random code to be sent to the Bluetooth equipment, and unlocking after dynamically verifying authority data returned by the Bluetooth equipment by using the random code;
and the NFC unlocking module is used for CTID entrance guard to verify the IC card, decrypting the BID value and the validity period carried by the IC card by using the dynamic key, and unlocking after dynamic verification is carried out on the BID value and the validity period.
Further, in the initialization module, the initializing the code scanning module, the bluetooth module, and the NFC module specifically includes:
setting a code scanning period of a code scanning module, carrying out timed code scanning by the code scanning module based on the code scanning period, and sending code scanning contents to a CTID (computer telephony integration) access control in real time through serial port communication to complete initialization of the code scanning module;
setting a working mode and a callback function of the Bluetooth module to complete initialization of the Bluetooth module;
and setting the working mode of the NFC module and the antenna receiving parameters to complete initialization of the NFC module.
Further, the two-dimensional code unlocking module specifically includes:
the two-dimensional code checking unit is used for the CTID entrance guard to check the two-dimensional code based on a preset authorization key, judge whether the two-dimensional code is a network authentication two-dimensional code or not, and enter the first BID value matching unit if the two-dimensional code is the network authentication two-dimensional code; if not, ending the flow;
the first BID value matching unit is used for the CTID entrance guard to analyze the two-dimensional code to obtain a BID value and an effective period, judging whether the BID value obtained by analysis is matched with a locally stored BID value or not, and if yes, entering the first effective period checking unit; if not, ending the flow;
the first validity period checking unit is used for the CTID entrance guard to judge whether the current time is within the validity period or not, if so, the identity verification is passed, and unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
Further, the bluetooth unlocking module specifically includes:
the random code generation unit is used for generating a random code for the Bluetooth equipment by the CTID access control;
the permission data sending unit is used for receiving the random code by the Bluetooth equipment, encrypting the random code, the BID value and the unlocking instruction by using an encryption key agreed with the CTID access control in advance to obtain permission data and sending the permission data to the CTID access control;
the random code checking unit is used for the CTID entrance guard to decrypt the received authority data by using the encryption key to obtain a random code, a BID value and an unlocking instruction, judge whether the decrypted random code is consistent with the generated random code or not, and enter the second BID value matching unit if the decrypted random code is consistent with the generated random code; if not, ending the flow;
the second BID value matching unit is used for the CTID entrance guard to judge whether the BID value obtained by decryption is matched with a locally stored BID value or not, and if yes, the unlocking instruction is executed; if not, the flow is ended.
Further, the NFC unlocking module specifically includes:
the IC card type checking unit is used for CTID entrance guard to read the ACK value of the IC card, judging whether the type of the IC card is a CPU card or not based on the ACK value, and entering the IC card decryption unit if the type of the IC card is the CPU card; if not, ending the flow;
the IC card decryption unit is used for the CTID entrance guard to decrypt the encrypted storage area of the IC card by using the dynamic key to obtain a BID value and an effective period; the dynamic key is generated based on the card number of the IC card and the initial key, and each IC card corresponds to a unique dynamic key;
the third BID value matching unit is used for the CTID entrance guard to judge whether the BID value obtained by decryption is matched with the locally stored BID value or not, and if yes, the CTID entrance guard enters the second validity period checking unit; if not, ending the flow;
the second validity period checking unit is used for the CTID entrance guard to judge whether the current time is within the validity period or not, if so, the identity verification is passed, and unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
The invention has the advantages that:
through adding the validity period in the network card two-dimensional code, random generation random code is used for verifying the authority data that bluetooth equipment sent, utilize the dynamic key to encrypt the storage area of IC-card storage BID value and validity period, promptly to the two-dimensional code, bluetooth and NFC's the mode of unblanking has all carried out the dynamic encryption, carry out security check many times, and the user can be as required at the two-dimensional code, the most convenient mode of selection is unblanked in bluetooth and NFC, and three kinds of modes all regard as unique authorization with the BID value, be convenient for identification, finally realize under the prerequisite of guaranteeing CTID entrance guard and use the convenience, very big promotion CTID entrance guard's security.
Drawings
The invention will be further described with reference to the following examples with reference to the accompanying drawings.
Fig. 1 is a flowchart of a CTID access control method supporting dynamic encryption according to the present invention.
Fig. 2 is a schematic structural diagram of a CTID access control system supporting dynamic encryption according to the present invention.
Detailed Description
The technical scheme in the embodiment of the application has the following general idea: add validity period, random code and dynamic key in these three kinds of modes of unblanking of two-dimensional code, bluetooth and NFC respectively for carry out secondary dynamic authentication to user's identity, with the security that promotes CTID entrance guard, and the user can select the most convenient mode to unblank in two-dimensional code, bluetooth and NFC as required, with the convenience that the guarantee CTID entrance guard used.
Referring to fig. 1 to 2, a preferred embodiment of a CTID access control method supporting dynamic encryption according to the present invention includes the following steps:
step S10, after the CTID entrance guard is powered on, initializing the code scanning module, the Bluetooth module and the NFC module, entering step S20 when the code scanning module scans the two-dimensional code, entering step S30 when the Bluetooth module receives a Bluetooth connection request sent by Bluetooth equipment, and entering step S40 when the NFC module identifies an IC card; namely, the user can select the most convenient mode from the two-dimensional code, the Bluetooth and the NFC to unlock the lock according to the requirement;
step S20, after the CTID entrance guard checks the two-dimensional code, analyzing to obtain a BID value and an effective period, and unlocking after dynamic verification is carried out on the basis of the BID value and the effective period;
step S30, the CTID entrance guard generates a random code to the Bluetooth equipment, and unlocks after dynamically verifying the authority data returned by the Bluetooth equipment by using the random code;
and step S40, after the IC card is verified by the CTID entrance guard, decrypting the BID value and the validity period carried by the IC card by using a dynamic key, and unlocking after dynamic verification is carried out based on the BID value and the validity period.
In step S10, initializing the code scanning module, the bluetooth module, and the NFC module specifically includes:
setting a code scanning period of a code scanning module, carrying out timed code scanning by the code scanning module based on the code scanning period, and sending code scanning contents to a CTID (computer telephony integration) access control in real time through serial port communication to complete initialization of the code scanning module;
setting a working mode and a callback function of the Bluetooth module to complete initialization of the Bluetooth module;
and setting the working mode of the NFC module and the antenna receiving parameters, entering a periodic scanning state, and finishing the initialization of the NFC module.
The step S20 specifically includes:
step S21, the CTID entrance guard verifies the two-dimensional code based on a preset authorization key, judges whether the two-dimensional code is a network certificate two-dimensional code, and if so, enters step S22; if not, ending the flow;
step S22, the CTID entrance guard analyzes the two-dimensional code to obtain a BID value and an effective period, whether the BID value obtained by analysis is matched with a locally stored BID value is judged, and if yes, the step S23 is executed; if not, ending the flow;
step S23, the CTID entrance guard judges whether the current time is in the validity period, if so, the identity verification is passed, and the unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
The step S30 specifically includes:
step S31, the CTID entrance guard generates a random code to be sent to the Bluetooth equipment; the CTID entrance guard and the Bluetooth equipment are in binding connection based on the mac address;
step S32, the Bluetooth equipment receives the random code, encrypts the random code, the BID value and the unlocking instruction by using an encryption key agreed with the CTID access control in advance to obtain authority data, and sends the authority data to the CTID access control; data communicated between the CTID access control and the Bluetooth equipment are encrypted for the second time by using an ECB mode of an AES encryption algorithm so as to improve the communication safety;
step S33, the CTID entrance guard decrypts the received authority data by using the encryption key to obtain a random code, a BID value and an unlocking instruction, judges whether the random code obtained by decryption is consistent with the generated random code, and if so, enters step S34; if not, ending the flow;
step S34, the CTID entrance guard judges whether the BID value obtained by decryption is matched with a locally stored BID value, if so, the unlocking instruction is executed; if not, the flow is ended. In specific implementation, the BID value can be set with an expiration date in a Bluetooth unlocking mode.
The step S40 specifically includes:
step S41, the CTID entrance guard reads the ACK value of the IC card, judges whether the type of the IC card is a CPU card or not based on the ACK value, if so, the step S42 is executed; if not, ending the flow; for example, whether the ACK value is 0x20 or 0x28 is judged, if yes, the ACK value is a CPU card, and if no, the ACK value is not a CPU card;
step S42, the CTID entrance guard utilizes the dynamic key to decrypt the encrypted storage area (the appointed file directory) of the IC card to obtain a BID value and an effective period; the dynamic key is generated based on the card number of the IC card and the initial key, and each IC card corresponds to a unique dynamic key to prevent the IC card from being copied and cracked;
step S43, the CTID entrance guard judges whether the BID value obtained by decryption is matched with the BID value stored locally, if yes, the step S44 is carried out; if not, ending the flow;
step S44, the CTID entrance guard judges whether the current time is in the validity period, if so, the identity verification is passed, and the unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
The invention relates to a preferred embodiment of a CTID (computer telephony integration) access control system supporting dynamic encryption, which comprises the following modules:
the initialization module is used for initializing the code scanning module, the Bluetooth module and the NFC module after the CTID entrance guard is powered on, entering the two-dimension code unlocking module when the code scanning module scans the two-dimension code, entering the Bluetooth unlocking module when the Bluetooth module receives a Bluetooth connection request sent by Bluetooth equipment, and entering the NFC unlocking module when the NFC module identifies an IC card; namely, the user can select the most convenient mode from the two-dimensional code, the Bluetooth and the NFC to unlock the lock according to the requirement;
the two-dimension code unlocking module is used for analyzing the two-dimension code after the CTID entrance guard verifies the two-dimension code to obtain a BID value and an effective period, and unlocking after dynamic verification is carried out on the basis of the BID value and the effective period;
the Bluetooth unlocking module is used for the CTID access control to generate a random code to be sent to the Bluetooth equipment, and unlocking after dynamically verifying authority data returned by the Bluetooth equipment by using the random code;
and the NFC unlocking module is used for CTID entrance guard to verify the IC card, decrypting the BID value and the validity period carried by the IC card by using the dynamic key, and unlocking after dynamic verification is carried out on the BID value and the validity period.
In the initialization module, initializing the code scanning module, the bluetooth module and the NFC module specifically includes:
setting a code scanning period of a code scanning module, carrying out timed code scanning by the code scanning module based on the code scanning period, and sending code scanning contents to a CTID (computer telephony integration) access control in real time through serial port communication to complete initialization of the code scanning module;
setting a working mode and a callback function of the Bluetooth module to complete initialization of the Bluetooth module;
and setting the working mode of the NFC module and the antenna receiving parameters, entering a periodic scanning state, and finishing the initialization of the NFC module.
The two-dimensional code unlocking module specifically comprises:
the two-dimensional code checking unit is used for the CTID entrance guard to check the two-dimensional code based on a preset authorization key, judge whether the two-dimensional code is a network authentication two-dimensional code or not, and enter the first BID value matching unit if the two-dimensional code is the network authentication two-dimensional code; if not, ending the flow;
the first BID value matching unit is used for the CTID entrance guard to analyze the two-dimensional code to obtain a BID value and an effective period, judging whether the BID value obtained by analysis is matched with a locally stored BID value or not, and if yes, entering the first effective period checking unit; if not, ending the flow;
the first validity period checking unit is used for the CTID entrance guard to judge whether the current time is within the validity period or not, if so, the identity verification is passed, and unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
Bluetooth unlocking module specifically includes:
the random code generation unit is used for generating a random code for the Bluetooth equipment by the CTID access control; the CTID entrance guard and the Bluetooth equipment are in binding connection based on the mac address;
the permission data sending unit is used for receiving the random code by the Bluetooth equipment, encrypting the random code, the BID value and the unlocking instruction by using an encryption key agreed with the CTID access control in advance to obtain permission data and sending the permission data to the CTID access control; data communicated between the CTID access control and the Bluetooth equipment are encrypted for the second time by using an ECB mode of an AES encryption algorithm so as to improve the communication safety;
the random code checking unit is used for the CTID entrance guard to decrypt the received authority data by using the encryption key to obtain a random code, a BID value and an unlocking instruction, judge whether the decrypted random code is consistent with the generated random code or not, and enter the second BID value matching unit if the decrypted random code is consistent with the generated random code; if not, ending the flow;
the second BID value matching unit is used for the CTID entrance guard to judge whether the BID value obtained by decryption is matched with a locally stored BID value or not, and if yes, the unlocking instruction is executed; if not, the flow is ended. In specific implementation, the BID value can be set with an expiration date in a Bluetooth unlocking mode.
NFC unlocking module specifically includes:
the IC card type checking unit is used for CTID entrance guard to read the ACK value of the IC card, judging whether the type of the IC card is a CPU card or not based on the ACK value, and entering the IC card decryption unit if the type of the IC card is the CPU card; if not, ending the flow; for example, whether the ACK value is 0x20 or 0x28 is judged, if yes, the ACK value is a CPU card, and if no, the ACK value is not a CPU card;
the IC card decryption unit is used for the CTID entrance guard to decrypt an encrypted storage area (an appointed file directory) of the IC card by using a dynamic key to obtain a BID value and a validity period; the dynamic key is generated based on the card number of the IC card and the initial key, and each IC card corresponds to a unique dynamic key to prevent the IC card from being copied and cracked;
the third BID value matching unit is used for the CTID entrance guard to judge whether the BID value obtained by decryption is matched with the locally stored BID value or not, and if yes, the CTID entrance guard enters the second validity period checking unit; if not, ending the flow;
the second validity period checking unit is used for the CTID entrance guard to judge whether the current time is within the validity period or not, if so, the identity verification is passed, and unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
In summary, the invention has the advantages that:
through adding the validity period in the network card two-dimensional code, random generation random code is used for verifying the authority data that bluetooth equipment sent, utilize the dynamic key to encrypt the storage area of IC-card storage BID value and validity period, promptly to the two-dimensional code, bluetooth and NFC's the mode of unblanking has all carried out the dynamic encryption, carry out security check many times, and the user can be as required at the two-dimensional code, the most convenient mode of selection is unblanked in bluetooth and NFC, and three kinds of modes all regard as unique authorization with the BID value, be convenient for identification, finally realize under the prerequisite of guaranteeing CTID entrance guard and use the convenience, very big promotion CTID entrance guard's security.
Although specific embodiments of the invention have been described above, it will be understood by those skilled in the art that the specific embodiments described are illustrative only and are not limiting upon the scope of the invention, and that equivalent modifications and variations can be made by those skilled in the art without departing from the spirit of the invention, which is to be limited only by the appended claims.
Claims (10)
1. A CTID access control method supporting dynamic encryption is characterized in that: the method comprises the following steps:
step S10, after the CTID entrance guard is powered on, initializing the code scanning module, the Bluetooth module and the NFC module, entering step S20 when the code scanning module scans the two-dimensional code, entering step S30 when the Bluetooth module receives a Bluetooth connection request sent by Bluetooth equipment, and entering step S40 when the NFC module identifies an IC card;
step S20, after the CTID entrance guard checks the two-dimensional code, analyzing to obtain a BID value and an effective period, and unlocking after dynamic verification is carried out on the basis of the BID value and the effective period;
step S30, the CTID entrance guard generates a random code to the Bluetooth equipment, and unlocks after dynamically verifying the authority data returned by the Bluetooth equipment by using the random code;
and step S40, after the IC card is verified by the CTID entrance guard, decrypting the BID value and the validity period carried by the IC card by using a dynamic key, and unlocking after dynamic verification is carried out based on the BID value and the validity period.
2. The CTID gate control method supporting dynamic encryption of claim 1, wherein: in step S10, initializing the code scanning module, the bluetooth module, and the NFC module specifically includes:
setting a code scanning period of a code scanning module, carrying out timed code scanning by the code scanning module based on the code scanning period, and sending code scanning contents to a CTID (computer telephony integration) access control in real time through serial port communication to complete initialization of the code scanning module;
setting a working mode and a callback function of the Bluetooth module to complete initialization of the Bluetooth module;
and setting the working mode of the NFC module and the antenna receiving parameters to complete initialization of the NFC module.
3. The CTID gate control method supporting dynamic encryption of claim 1, wherein: the step S20 specifically includes:
step S21, the CTID entrance guard verifies the two-dimensional code based on a preset authorization key, judges whether the two-dimensional code is a network certificate two-dimensional code, and if so, enters step S22; if not, ending the flow;
step S22, the CTID entrance guard analyzes the two-dimensional code to obtain a BID value and an effective period, whether the BID value obtained by analysis is matched with a locally stored BID value is judged, and if yes, the step S23 is executed; if not, ending the flow;
step S23, the CTID entrance guard judges whether the current time is in the validity period, if so, the identity verification is passed, and the unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
4. The CTID gate control method supporting dynamic encryption of claim 1, wherein: the step S30 specifically includes:
step S31, the CTID entrance guard generates a random code to be sent to the Bluetooth equipment;
step S32, the Bluetooth equipment receives the random code, encrypts the random code, the BID value and the unlocking instruction by using an encryption key agreed with the CTID access control in advance to obtain authority data, and sends the authority data to the CTID access control;
step S33, the CTID entrance guard decrypts the received authority data by using the encryption key to obtain a random code, a BID value and an unlocking instruction, judges whether the random code obtained by decryption is consistent with the generated random code, and if so, enters step S34; if not, ending the flow;
step S34, the CTID entrance guard judges whether the BID value obtained by decryption is matched with a locally stored BID value, if so, the unlocking instruction is executed; if not, the flow is ended.
5. The CTID gate control method supporting dynamic encryption of claim 1, wherein: the step S40 specifically includes:
step S41, the CTID entrance guard reads the ACK value of the IC card, judges whether the type of the IC card is a CPU card or not based on the ACK value, if so, the step S42 is executed; if not, ending the flow;
step S42, the CTID entrance guard utilizes the dynamic key to decrypt the encrypted storage area of the IC card to obtain a BID value and an effective period; the dynamic key is generated based on the card number of the IC card and the initial key, and each IC card corresponds to a unique dynamic key;
step S43, the CTID entrance guard judges whether the BID value obtained by decryption is matched with the BID value stored locally, if yes, the step S44 is carried out; if not, ending the flow;
step S44, the CTID entrance guard judges whether the current time is in the validity period, if so, the identity verification is passed, and the unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
6. A CTID access control system supporting dynamic encryption is characterized in that: the system comprises the following modules:
the initialization module is used for initializing the code scanning module, the Bluetooth module and the NFC module after the CTID entrance guard is powered on, entering the two-dimension code unlocking module when the code scanning module scans the two-dimension code, entering the Bluetooth unlocking module when the Bluetooth module receives a Bluetooth connection request sent by Bluetooth equipment, and entering the NFC unlocking module when the NFC module identifies an IC card;
the two-dimension code unlocking module is used for analyzing the two-dimension code after the CTID entrance guard verifies the two-dimension code to obtain a BID value and an effective period, and unlocking after dynamic verification is carried out on the basis of the BID value and the effective period;
the Bluetooth unlocking module is used for the CTID access control to generate a random code to be sent to the Bluetooth equipment, and unlocking after dynamically verifying authority data returned by the Bluetooth equipment by using the random code;
and the NFC unlocking module is used for CTID entrance guard to verify the IC card, decrypting the BID value and the validity period carried by the IC card by using the dynamic key, and unlocking after dynamic verification is carried out on the BID value and the validity period.
7. The CTID gate inhibition control system supporting dynamic encryption as claimed in claim 6, wherein: in the initialization module, initializing the code scanning module, the bluetooth module and the NFC module specifically includes:
setting a code scanning period of a code scanning module, carrying out timed code scanning by the code scanning module based on the code scanning period, and sending code scanning contents to a CTID (computer telephony integration) access control in real time through serial port communication to complete initialization of the code scanning module;
setting a working mode and a callback function of the Bluetooth module to complete initialization of the Bluetooth module;
and setting the working mode of the NFC module and the antenna receiving parameters to complete initialization of the NFC module.
8. The CTID gate inhibition control system supporting dynamic encryption as claimed in claim 6, wherein: the two-dimensional code unlocking module specifically comprises:
the two-dimensional code checking unit is used for the CTID entrance guard to check the two-dimensional code based on a preset authorization key, judge whether the two-dimensional code is a network authentication two-dimensional code or not, and enter the first BID value matching unit if the two-dimensional code is the network authentication two-dimensional code; if not, ending the flow;
the first BID value matching unit is used for the CTID entrance guard to analyze the two-dimensional code to obtain a BID value and an effective period, judging whether the BID value obtained by analysis is matched with a locally stored BID value or not, and if yes, entering the first effective period checking unit; if not, ending the flow;
the first validity period checking unit is used for the CTID entrance guard to judge whether the current time is within the validity period or not, if so, the identity verification is passed, and unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
9. The CTID gate inhibition control system supporting dynamic encryption as claimed in claim 6, wherein: bluetooth unlocking module specifically includes:
the random code generation unit is used for generating a random code for the Bluetooth equipment by the CTID access control;
the permission data sending unit is used for receiving the random code by the Bluetooth equipment, encrypting the random code, the BID value and the unlocking instruction by using an encryption key agreed with the CTID access control in advance to obtain permission data and sending the permission data to the CTID access control;
the random code checking unit is used for the CTID entrance guard to decrypt the received authority data by using the encryption key to obtain a random code, a BID value and an unlocking instruction, judge whether the decrypted random code is consistent with the generated random code or not, and enter the second BID value matching unit if the decrypted random code is consistent with the generated random code; if not, ending the flow;
the second BID value matching unit is used for the CTID entrance guard to judge whether the BID value obtained by decryption is matched with a locally stored BID value or not, and if yes, the unlocking instruction is executed; if not, the flow is ended.
10. The CTID gate inhibition control system supporting dynamic encryption as claimed in claim 6, wherein: NFC unlocking module specifically includes:
the IC card type checking unit is used for CTID entrance guard to read the ACK value of the IC card, judging whether the type of the IC card is a CPU card or not based on the ACK value, and entering the IC card decryption unit if the type of the IC card is the CPU card; if not, ending the flow;
the IC card decryption unit is used for the CTID entrance guard to decrypt the encrypted storage area of the IC card by using the dynamic key to obtain a BID value and an effective period; the dynamic key is generated based on the card number of the IC card and the initial key, and each IC card corresponds to a unique dynamic key;
the third BID value matching unit is used for the CTID entrance guard to judge whether the BID value obtained by decryption is matched with the locally stored BID value or not, and if yes, the CTID entrance guard enters the second validity period checking unit; if not, ending the flow;
the second validity period checking unit is used for the CTID entrance guard to judge whether the current time is within the validity period or not, if so, the identity verification is passed, and unlocking operation is executed; if not, the identity authentication is not passed, and the process is ended.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110636926.XA CN113487765A (en) | 2021-06-08 | 2021-06-08 | CTID (computer telephony integration) access control method and system supporting dynamic encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110636926.XA CN113487765A (en) | 2021-06-08 | 2021-06-08 | CTID (computer telephony integration) access control method and system supporting dynamic encryption |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113487765A true CN113487765A (en) | 2021-10-08 |
Family
ID=77934779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110636926.XA Pending CN113487765A (en) | 2021-06-08 | 2021-06-08 | CTID (computer telephony integration) access control method and system supporting dynamic encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113487765A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115240308A (en) * | 2022-09-26 | 2022-10-25 | 深圳市极致科技股份有限公司 | Access control machine authorization method, device and system, access control machine and computer storage medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130290326A1 (en) * | 2012-04-25 | 2013-10-31 | Yevgeniy Lebedev | System for dynamically linking tags with a virtual repository of a registered user |
| CN203338361U (en) * | 2013-04-28 | 2013-12-11 | 山西刚正信息自动化工程有限公司 | Dynamic encryption type card reader |
| CN103607706A (en) * | 2013-11-20 | 2014-02-26 | 中国联合网络通信集团有限公司 | NFC-technology based conversation method, NFC terminal and far-end server |
| CN104113417A (en) * | 2014-07-14 | 2014-10-22 | 上海众人科技有限公司 | Dynamic password identity authentication method and system based on near field communication (NFC) |
| CN105788047A (en) * | 2016-03-30 | 2016-07-20 | 北京千丁互联科技有限公司 | Bluetooth access control device, Bluetooth access control management system and Bluetooth access control management method |
| CN107833317A (en) * | 2017-10-20 | 2018-03-23 | 珠海华发新科技投资控股有限公司 | Control of bluetooth access control system and method |
| CN108049720A (en) * | 2017-12-08 | 2018-05-18 | 中国银行股份有限公司 | A kind of access control system |
| CN108932776A (en) * | 2018-07-11 | 2018-12-04 | 石数字技术成都有限公司 | A kind of two dimensional code access control system and operation method based on face characteristic value |
| CN109145635A (en) * | 2018-07-17 | 2019-01-04 | 广州师盛展览有限公司 | The method and device that two dimensional code chest card is encapsulated with rights encryption |
| CN109636955A (en) * | 2018-10-26 | 2019-04-16 | 杭州云时智创科技有限公司 | The intelligent lock system and method for unlocking unlocked using CTID electronic ID card |
| CN110097674A (en) * | 2019-05-28 | 2019-08-06 | 蜂鸟智能科技有限公司 | A kind of access control method and system based on two dimensional code |
| CN110298942A (en) * | 2019-05-28 | 2019-10-01 | 广西科技大学 | A kind of access control system and method |
| CN110557366A (en) * | 2019-07-15 | 2019-12-10 | 安徽继远软件有限公司 | Identity authentication system and method based on cross-network transmission and CTID (computer telephony integration) network card authentication |
| CN110853186A (en) * | 2018-07-24 | 2020-02-28 | 北京思源通科技有限公司 | Bluetooth access control system and unlocking method thereof |
| CN111768522A (en) * | 2020-06-10 | 2020-10-13 | 福建新大陆通信科技股份有限公司 | CTID-based intelligent door lock unlocking method and system |
| CN111768523A (en) * | 2020-06-10 | 2020-10-13 | 福建新大陆通信科技股份有限公司 | CTID-based NFC intelligent door lock unlocking method, system, equipment and medium |
| CN112381970A (en) * | 2020-11-06 | 2021-02-19 | 新大陆(福建)公共服务有限公司 | Intelligent door lock control method and system based on Bluetooth and CTID |
| CN112907800A (en) * | 2021-01-20 | 2021-06-04 | 福建新大陆通信科技股份有限公司 | CTID intelligent access control unlocking method and system |
-
2021
- 2021-06-08 CN CN202110636926.XA patent/CN113487765A/en active Pending
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130290326A1 (en) * | 2012-04-25 | 2013-10-31 | Yevgeniy Lebedev | System for dynamically linking tags with a virtual repository of a registered user |
| CN203338361U (en) * | 2013-04-28 | 2013-12-11 | 山西刚正信息自动化工程有限公司 | Dynamic encryption type card reader |
| CN103607706A (en) * | 2013-11-20 | 2014-02-26 | 中国联合网络通信集团有限公司 | NFC-technology based conversation method, NFC terminal and far-end server |
| CN104113417A (en) * | 2014-07-14 | 2014-10-22 | 上海众人科技有限公司 | Dynamic password identity authentication method and system based on near field communication (NFC) |
| CN105788047A (en) * | 2016-03-30 | 2016-07-20 | 北京千丁互联科技有限公司 | Bluetooth access control device, Bluetooth access control management system and Bluetooth access control management method |
| CN107833317A (en) * | 2017-10-20 | 2018-03-23 | 珠海华发新科技投资控股有限公司 | Control of bluetooth access control system and method |
| CN108049720A (en) * | 2017-12-08 | 2018-05-18 | 中国银行股份有限公司 | A kind of access control system |
| CN108932776A (en) * | 2018-07-11 | 2018-12-04 | 石数字技术成都有限公司 | A kind of two dimensional code access control system and operation method based on face characteristic value |
| CN109145635A (en) * | 2018-07-17 | 2019-01-04 | 广州师盛展览有限公司 | The method and device that two dimensional code chest card is encapsulated with rights encryption |
| CN110853186A (en) * | 2018-07-24 | 2020-02-28 | 北京思源通科技有限公司 | Bluetooth access control system and unlocking method thereof |
| CN109636955A (en) * | 2018-10-26 | 2019-04-16 | 杭州云时智创科技有限公司 | The intelligent lock system and method for unlocking unlocked using CTID electronic ID card |
| CN110097674A (en) * | 2019-05-28 | 2019-08-06 | 蜂鸟智能科技有限公司 | A kind of access control method and system based on two dimensional code |
| CN110298942A (en) * | 2019-05-28 | 2019-10-01 | 广西科技大学 | A kind of access control system and method |
| CN110557366A (en) * | 2019-07-15 | 2019-12-10 | 安徽继远软件有限公司 | Identity authentication system and method based on cross-network transmission and CTID (computer telephony integration) network card authentication |
| CN111768522A (en) * | 2020-06-10 | 2020-10-13 | 福建新大陆通信科技股份有限公司 | CTID-based intelligent door lock unlocking method and system |
| CN111768523A (en) * | 2020-06-10 | 2020-10-13 | 福建新大陆通信科技股份有限公司 | CTID-based NFC intelligent door lock unlocking method, system, equipment and medium |
| CN112381970A (en) * | 2020-11-06 | 2021-02-19 | 新大陆(福建)公共服务有限公司 | Intelligent door lock control method and system based on Bluetooth and CTID |
| CN112907800A (en) * | 2021-01-20 | 2021-06-04 | 福建新大陆通信科技股份有限公司 | CTID intelligent access control unlocking method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115240308A (en) * | 2022-09-26 | 2022-10-25 | 深圳市极致科技股份有限公司 | Access control machine authorization method, device and system, access control machine and computer storage medium |
| CN115240308B (en) * | 2022-09-26 | 2022-12-06 | 深圳市极致科技股份有限公司 | Access control machine authorization method, device and system, access control machine and computer storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102217277B (en) | Method and system for token-based authentication | |
| KR100876003B1 (en) | User Authentication Method Using Biological Information | |
| CN111768522B (en) | CTID-based intelligent door lock unlocking method and system | |
| US8070061B2 (en) | Card credential method and system | |
| CN111194028B (en) | Safety control method based on vehicle | |
| TW201741922A (en) | Biological feature based safety certification method and device | |
| CN101334884B (en) | Improve the method and system of account transfer safety | |
| JP2000242750A (en) | Personal authentication system, and portable device and storage medium used for the same | |
| CN107864124B (en) | Terminal information security protection method, terminal and Bluetooth lock | |
| KR100939725B1 (en) | Certification method for a mobile phone | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
| KR20160139885A (en) | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method | |
| US20120124378A1 (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
| CN108768941B (en) | Method and device for remotely unlocking safety equipment | |
| KR101907170B1 (en) | Biometric card for encrypting card information using biometric crptosystem and biometric data and user authentication method thereof | |
| CN111583482A (en) | Access control system based on two-dimensional code and control method thereof | |
| CN112039665A (en) | Key management method and device | |
| WO2022042745A1 (en) | Key management method and apparatus | |
| CN104702566B (en) | Authorized use method and device of virtual equipment | |
| CN110738764A (en) | Security control system and method based on intelligent lock | |
| CN111768523B (en) | CTID-based NFC intelligent door lock unlocking method, system, equipment and medium | |
| CN113487765A (en) | CTID (computer telephony integration) access control method and system supporting dynamic encryption | |
| WO2010048350A1 (en) | Card credential method and system | |
| JP2016515778A (en) | Application encryption processing method, apparatus and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211008 |
|
| RJ01 | Rejection of invention patent application after publication |