CN114155630A

CN114155630A - Security verification method, electronic device, and medium

Info

Publication number: CN114155630A
Application number: CN202010833896.7A
Authority: CN
Inventors: 陈浩南
Original assignee: Zhejiang Uniview Technologies Co Ltd
Current assignee: Zhejiang Uniview Technologies Co Ltd
Priority date: 2020-08-18
Filing date: 2020-08-18
Publication date: 2022-03-08
Anticipated expiration: 2040-08-18
Also published as: CN114155630B

Abstract

The application discloses a security verification method, an electronic device and a medium. When the method is executed by a door lock end, the concrete implementation scheme is as follows: responding to a communication connection request sent by a visitor terminal, and randomly generating a key factor; sending the key factor to the visitor terminal, and receiving a verification key generated by the visitor terminal according to the key factor and the identifier of the visitor terminal; matching the verification key with the authorized key, and performing security verification on the identity of the visitor terminal; wherein the authorized key is generated according to the identification of the authorized terminal within the authorization validity period and the key factor. According to the embodiment of the application, the security verification process can be deployed in the communication connection authentication stage, and compared with a scheme of password transmission after communication connection is established, the security problem caused by password transmission is avoided. And the key factors in the verification key and the authorized key are randomly generated, so that illegal molecules cannot be obtained and cracked, and the safety of verification is improved.

Description

Security verification method, electronic device, and medium

Technical Field

The present application relates to the field of internet, and in particular, to a security verification method, an electronic device, and a medium.

Background

With the development of the internet of things industry, intelligent door locks gradually emerge and are widely applied in various scenes such as individual residences, rental apartments, student dormitories, offices and the like, and various door opening modes such as digital passwords, fingerprints and access cards are supported. The digital authorization door opening mode is convenient, and the visitor can access the house even if the owner is not in the house through the temporary authentication according to the password input by the visitor.

At present, the security verification of the door lock is generally performed by establishing a bluetooth connection and then completing unlocking authentication in a signaling/file transmission manner. The visitor end and the door lock end encrypt and decrypt the transmission content so as to determine whether the encryption and decryption are correct or not or match the door lock decryption file with the information configured in the local to identify the identity. After the door lock is connected by Bluetooth, the scheme has the risk of password explosion and threatens the safety of access. In addition, the door lock security verification can also be completed by the cloud server. And if the cloud end successfully compares the visitor information with the door lock end information, the cloud server informs the door lock to directly open the door. The cloud server informs the door lock of the key behavior of opening the door to transmit the key behavior through the network, and the risk that the network is attacked by simulation to unlock the door exists.

Disclosure of Invention

The safety verification method, the electronic equipment and the medium provided by the embodiment of the application can be used for improving the safety of door lock identity verification.

The embodiment of the application discloses a security verification method, which is executed by a door lock end, and comprises the following steps:

responding to a communication connection request sent by a visitor terminal, and randomly generating a key factor;

sending the key factor to the visitor terminal, and receiving a verification key generated by the visitor terminal according to the key factor and the identifier of the visitor terminal;

matching the verification key with an authorized key, and performing security verification on the identity of the visitor terminal;

wherein the authorized key is generated according to the identification of the authorized terminal within the authorization validity period and the key factor.

The above embodiment has the following advantages or beneficial effects: compared with the scheme that the unlocking authentication is completed in a signaling/file transmission mode after the communication connection is established at present, the unlocking authentication method and the system avoid the problem that the connection password is cracked after the communication connection and the risk of being stolen in the unlocking password transmission process, and can improve the safety of identity authentication. And because the communication connection authentication process is completed, the safety verification process is simplified. In addition, the key factors in the verification key and the authorized key are randomly generated, and illegal molecules cannot be obtained and cracked, so that the safety of verification is improved.

The embodiment of the application also discloses a security verification method, which is executed by the visitor terminal and comprises the following steps:

sending a communication connection request to a door lock end;

receiving a key factor randomly generated by a door lock end in response to the communication connection request, and generating a verification key according to the key factor and the identification of the visitor terminal;

sending the verification key to the door lock end so that the door lock end matches the verification key with an authorized key and performs security verification on the identity of the visitor terminal;

and the authorized key is generated by the door lock end according to the identification of the authorized terminal within the authorization validity period and the key factor.

The above embodiment has the following advantages or beneficial effects: the visitor terminal is in the in-process of establishing communication connection to the lock terminal request, and the lock terminal accomplishes the safety verification to the visitor terminal promptly, with the transmission password of unblanking for the visitor terminal after establishing communication connection at present, compare with the scheme of accomplishing the authentication of unblanking through the mode of signaling/file transmission, the problem that the connection password was cracked after the communication connection has been avoided to and the risk of being stolen in the password transmission process of unblanking, can improve the security of authentication. And because the communication connection authentication process is completed, the safety verification process is simplified. The visitor terminal generates the verification key according to the key factor and the identification of the visitor terminal, and the key factor is generated randomly by the door lock end, so that illegal visitors cannot crack and obtain the verification key, and the verification safety is improved.

The embodiment of the application also discloses a security verification method, which is executed by the cloud, and the method comprises the following steps:

receiving authorization verification information sent by a owner terminal, and sending the authorization verification information to a visitor terminal;

receiving visitor terminal information returned by the visitor terminal in response to the authorization verification information, and performing authorization verification on the visitor terminal according to the visitor terminal information;

if the verification is passed, generating a random value as the identification of the visitor terminal, and sending the identification of the visitor terminal and the door lock end information to the visitor terminal, so that the visitor terminal sends a communication connection request to the door lock end according to the door lock end information, and generates a verification key according to the identification of the visitor terminal and a key factor generated by the door lock end;

and taking the visitor terminal as an authorized terminal, taking the identifier of the visitor terminal as the identifier of the authorized terminal, and sending the identifier of the authorized terminal and the authorization validity period to the door lock end, so that the door lock end generates an authorized key according to the generated key factor and the identifier of the authorized terminal within the authorization validity period.

The above embodiment has the following advantages or beneficial effects: the identification of the visitor terminal and the identification of the authorized terminal are randomly generated, so that illegal visitors are difficult to crack and obtain, and the safety of identity verification is guaranteed. And the identification of the visitor terminal is sent to the visitor terminal, and the identification of the authorized terminal and the authorization validity period are sent to the door lock terminal, so that the visitor terminal and the door lock terminal generate an authentication key and an authorized key for security authentication in a communication connection stage, and the security and reliability of the authentication are improved.

The embodiment of the application also discloses an electronic device, which comprises:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method performed by a door lock end as in any embodiment of the present application, or to perform a method performed by a guest terminal as in any embodiment of the present application, or to perform a method performed by a cloud end as in any embodiment of the present application.

Also disclosed in embodiments of the present application is a non-transitory computer-readable storage medium having stored thereon computer instructions for causing a computer to perform a method performed by a door lock end as in any of the embodiments of the present application, or a method performed by a guest terminal as in any of the embodiments of the present application, or a method performed by a cloud as in any of the embodiments of the present application.

Other effects of the above-described alternative will be described below with reference to specific embodiments.

Drawings

The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:

fig. 1 is a schematic flowchart of a security authentication method performed by a door lock end according to an embodiment of the present application;

FIG. 2 is a signaling diagram of security authentication provided in accordance with an embodiment of the present application;

fig. 3 is a schematic flowchart of another security verification method executed by a door lock end according to an embodiment of the present application;

fig. 4 is a flowchart illustrating a security authentication method performed by a guest terminal according to an embodiment of the present application;

fig. 5 is a flowchart illustrating a security verification method performed by a cloud according to an embodiment of the present disclosure;

FIG. 6 is a schematic structural diagram of a security verification device configured at a door lock end according to an embodiment of the present disclosure;

fig. 7 is a schematic structural diagram of a security authentication apparatus configured in a guest terminal according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a security verification apparatus configured at a cloud according to an embodiment of the present disclosure

Fig. 9 is a block diagram of an electronic device for implementing the security authentication method of the embodiment of the present application.

Detailed Description

The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

Fig. 1 is a schematic flowchart of a security authentication method performed by a door lock end according to an embodiment of the present application. The embodiment is suitable for the condition that the door lock end carries out safety verification on the door opening request of the visitor terminal. Typically, the present embodiment may be applied to a case where the door lock terminal performs security verification on the door opening request of the guest terminal at a stage when the guest terminal requests to establish the communication connection. The security verification method disclosed by the embodiment can be executed by a security verification device configured at the door lock end, and the device can be implemented by software and/or hardware and can be configured in electronic equipment. Referring to fig. 1, the security authentication method performed by the door lock end according to the present embodiment includes:

and S110, responding to the communication connection request sent by the visitor terminal, and randomly generating a key factor.

In the embodiment of the application, the visitor terminal can be a mobile phone, a tablet computer, a wearable device and the like. And the visitor terminal is provided with an applet or APP for interacting with the owner terminal and the door lock terminal. The owner terminal and the door lock terminal can also be configured with an applet or APP for interaction. The owner terminal can be a mobile phone, a tablet personal computer, wearable equipment and the like. The communication connection is a physical communication link, such as a bluetooth connection or the like. The physical communication link avoids the risk of being stolen in the data transmission process due to single-channel transmission, and has higher safety compared with internet transmission. In addition, to bluetooth connection, there is distance restriction, and then has improved the security of communication.

In this embodiment of the present application, before responding to a communication connection request sent by a guest terminal, the method further includes: receiving an identifier and an authorization validity period of an authorized terminal sent by a cloud terminal; and if the authorized terminal within the authorization validity period exists, receiving the communication connection request sent by the visitor terminal.

For example, by default, if the number of devices allowed to be connected and paired stored in the door lock end is less than or equal to the number of owner terminals, the bluetooth of the door lock end is in a state that it cannot be searched and paired by other devices. If the authorization verification of the cloud end to the visitor terminal is successful, the information of the visitor terminal is sent to the door lock end, the visitor terminal is added to the door lock end to serve as an authorized terminal, the number of devices allowing connection and pairing is updated, the number of the devices allowing connection and pairing is larger than the number of owner terminals, namely authorized terminals in the authorization validity period exist, the door lock end is allowed to be searched by other devices, and communication connection requests of the other devices are received. As shown in fig. 2, if the visitor terminal has a need to unlock the door lock of the door lock end, the visitor terminal searches for the bluetooth of the door lock end according to the locally stored information of the door lock end, and sends a communication connection request to the door lock end to perform bluetooth pairing connection with the door lock end. And the door lock end receives a communication connection request sent by the visitor terminal, responds to the communication connection request and generates a key factor. The key factor is a single generated random value, and a new key factor is regenerated for each communication connection request. Due to the characteristics of single generation and randomness, the key factor is difficult to be cracked or stolen for repeated use by illegal visitors, and the safety is improved.

In this embodiment of the present application, before responding to a communication connection request sent by a guest terminal, a process of authorization by the guest terminal is further included, as shown in fig. 2, specifically: the owner terminal obtains the WeChat friend list or the contact way list through the applet or the APP, selects an authorization object from the WeChat friend list or the contact way list, and sets an authorization validity period allowing access to the door lock end. The small program or the APP generates an invitation link and sends the invitation link to the visitor terminal through the cloud, the visitor terminal opens the invitation link through the small program or the APP and uses the micro-signal to log in or the mobile phone number to enable the cloud to acquire the login information of the visitor terminal, such as the micro-signal or the mobile phone number. The cloud end matches the login information of the visitor terminal with the information of the authorized object selected by the owner terminal, if the matching is successful, the authorization of the visitor terminal is completed, and the visitor terminal is the authorized terminal. And after the authorization is successful, the cloud generates a random value as the identifier of the authorized terminal, and sends the identifier of the authorized terminal to the visitor terminal as the identifier of the visitor terminal. Because the identification of the authorized terminal is a random value generated by the cloud end and is only sent to the visitor terminal, other illegal visitor terminals cannot acquire the random value, and therefore when verification is carried out according to the identification of the visitor terminal, the illegal visitor terminal cannot pass the verification because the illegal visitor terminal does not have the correct identification of the visitor terminal, and the safety of access of the door lock end is guaranteed. The cloud sends door lock end information, such as the MAC address of the door lock end, and also can be the MAC address of the door lock end, a product serial number and other identifications to the visitor terminal. And the cloud sends the identifier of the authorized terminal and the authorization validity period to the door lock end. The door lock end records the number of authorized terminals within the validity period of the authorization, records the number of the allowed connection pairing devices as AllowedNum, and if the authorized terminals are newly added, the AllowedNum + 1. And the door lock end judges the authorized terminal to be valid according to the authorization validity period of the authorized terminal, if the authorized terminal is not in the authorization validity period, the authorized terminal is determined as an invalid terminal, and the number of the devices allowed to be connected is updated. For example, the number of allowed connection counterpart devices AllowedNum-1 will be recorded.

S120, sending the key factor to the visitor terminal, and receiving a verification key generated by the visitor terminal according to the key factor and the identification of the visitor terminal.

Illustratively, after the door lock end generates the key factor, the key factor is sent to the visitor terminal, and the visitor terminal receives the key factor and generates the verification key according to the key factor and the identifier of the visitor terminal. The identification of the visitor terminal is stored in the visitor terminal, and if the visitor terminal is an authorized terminal authorized by the owner terminal, the identification of the visitor terminal is the identification of the authorized terminal issued by the cloud. If the visitor terminal is an illegal visitor terminal, the identification of the visitor terminal is not the identification of the authorized terminal sent by the cloud and is inconsistent with the identification of the authorized terminal. And the visitor terminal generates a verification key according to the key factor and the identifier of the visitor terminal and sends the verification key to the door lock end, so that the door lock end carries out safety verification on the identity of the visitor terminal according to the verification key.

In this embodiment of the present application, the generation process of the verification key may be: encrypting the key factor by adopting an encryption algorithm to obtain an encrypted key factor; generating the verification key according to the identification of the visitor terminal and the encryption key factor; or, encrypting the key factor, the door lock end identifier and the owner terminal identifier by adopting an encryption algorithm to obtain an encryption key factor; generating the verification key according to the identification of the visitor terminal and the encryption key factor; or, the key factor is used as an encryption factor of an encryption algorithm, and the encryption algorithm is adopted to encrypt the door lock end identifier and the owner terminal identifier to obtain an encryption key factor; generating the verification key according to the identification of the visitor terminal and the encryption key factor; the identification of the authorized terminal is a random value which is generated by the cloud and is associated with the authorized terminal.

Specifically, the guest terminal generates a verification KEY C-KEY, which may be "identification of the guest terminal + encryption processing (KEY factor)", may also be "identification of the guest terminal + encryption processing (KEY factor + door lock end identification + owner terminal identification)", and may also be "identification of the guest terminal + KEY factor algorithm (door lock end identification + owner terminal identification)". The door lock end identification and the owner terminal identification can be sent to the visitor terminal after authorization for the cloud end, and can also be obtained by requesting the cloud end before the visitor terminal sends a communication connection request to the door lock end.

S130, matching the verification key with an authorized key, and performing security verification on the identity of the visitor terminal; wherein the authorized key is generated according to the identification of the authorized terminal within the authorization validity period and the key factor.

The authorized key is generated by the door lock end according to the identification of the authorized terminal within the authorization validity period and the key factor. Each authorized terminal within the authorization validity period corresponds to an authorized key. Illustratively, if the authentication key is consistent with the authorized key, the guest terminal is determined to be the guest terminal within the authorization validity period, and the identity authentication of the guest terminal is determined to be passed. And if the authentication key is not consistent with the authorized key, determining that the identity authentication of the guest terminal is not passed.

In this embodiment of the present application, before matching the authentication key with an authorized key and performing security authentication on the identity of the guest terminal, the method further includes: encrypting the key factor by adopting an encryption algorithm to obtain an encrypted key factor; generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; or, encrypting the key factor, the door lock end identifier and the owner terminal identifier by adopting an encryption algorithm to obtain an encryption key factor; generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; or, the key factor is used as an encryption factor of an encryption algorithm, and the encryption algorithm is adopted to encrypt the door lock end identifier and the owner terminal identifier to obtain an encryption key factor; generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; the authorized terminal identification is a random value generated by the cloud and associated with the authorized terminal, and different authorized keys are generated according to different authorized terminal identifications.

For example, the door lock end generates an authorized KEY E-KEY according to the identifier of the authorized terminal and the KEY factor, where the E-KEY may be "identifier of the authorized terminal + encryption processing (KEY factor)", for example, E-KEY (1) ═ authorized terminal id (1) + encryption processing (KEY factor P-KEY) "; the "authorized terminal id (2) + encryption process (KEY factor P-KEY)" … … E-KEY (2) is E-KEY (2) (n) (authorized terminal id (n) + encryption process (KEY factor P-KEY) ". It may also be "identification of authorized terminal + encryption processing (KEY factor + door lock end identification + owner terminal identification)", for example, E-KEY (1) ═ authorized terminal id (1) + encryption processing (KEY factor P-KEY + door lock end identification + owner terminal identification) "; the "authorized terminal id (2) + encryption processing (KEY factor P-KEY + lock end identifier + owner terminal identifier)" … … E-KEY (n) ═ authorized terminal id (n) + encryption processing (KEY factor P-KEY + lock end identifier + owner terminal identifier) "is E-KEY (2). It can also be "identification of authorized terminal + key factor algorithm (door lock end identification + owner terminal identification)". For example, E-KEY (1) ═ authorized terminal id (1) + encryption algorithm (KEY factor P-KEY) (lock end id + owner terminal id) "; the "authorized terminal id (2) + encryption algorithm (KEY factor P-KEY) (KEY factor P-KEY + lock end id + owner terminal id)" … … E-KEY (2) ═ authorized terminal id (n) + encryption algorithm (KEY factor P-KEY) (KEY factor P-KEY + lock end id + owner terminal id) ". And generating different authorized keys according to different authorized terminal identifications. The number of authorized keys is the same as the number of authorized terminals within the authorization validity period, corresponding to authorized terminals. Since the key factor is randomly generated and valid once, the authorized key is valid once, and when a new communication connection request exists, the authorized key is regenerated according to the authorized terminal currently within the authorization validity period. Because the key factor is randomly generated and is effective once, other illegal guest terminals cannot crack and acquire the key, and the generated authorized key can be reliably used for security verification. If the verification key is not matched with the authorized key, the visitor terminal corresponding to the verification key is determined not to be the authorized terminal within the authorization validity period, and therefore the access security of the door lock end is improved.

In this embodiment of the present application, after the identity of the guest terminal is securely verified, the method further includes: and if the security verification result shows that the number of times of failure reaches a preset number threshold, sending an alarm message to the owner terminal.

Illustratively, if the number of times of failing to pass the security verification of a certain visitor terminal reaches a preset number threshold, or the cumulative number of times of failing to pass the security verification of two or more visitor terminals reaches the preset number threshold, there may be a case where an illegal visitor tries to illegally access for multiple times, or there is a case where multiple illegal visitors illegally access, and thus an alarm message is sent to the terminal, thereby reminding the owner of taking care of the visitor and improving the security alert.

According to the technical scheme, the safety verification process is deployed in the communication connection authentication stage, and compared with the scheme that the unlocking password is transmitted to the visitor terminal after the communication connection is established at present, and the unlocking authentication is completed in a signaling/file transmission mode, the problem that the connection password is cracked after the communication connection is completed is solved, the risk that the connection password is stolen in the unlocking password transmission process is avoided, and the safety of identity verification can be improved. And because the communication connection authentication process is completed, the safety verification process is simplified. In addition, the key factors in the verification key and the authorized key are randomly generated, and illegal molecules cannot be obtained and cracked, so that the safety of verification is improved.

Fig. 3 is a schematic flowchart of another security verification method executed by a door lock end according to an embodiment of the present application. The present embodiment is an alternative proposed on the basis of the above-described embodiments. Referring to fig. 3, the security verification method provided in this embodiment includes:

s210, responding to the communication connection request sent by the visitor terminal, and randomly generating a key factor.

S220, sending the key factor to the visitor terminal, and receiving a verification key generated by the visitor terminal according to the key factor and the identification of the visitor terminal.

S230, matching the identification of the visitor terminal in the verification key with the identification of the authorized terminal in the authorized key, and determining whether the matching is successful; if the failure is found, S240 is executed, and if the failure is found, S250 is executed.

Illustratively, the identity of the visitor terminal can be directly reflected by the visitor terminal identification, and the illegal visitor does not have the identification of the visitor terminal issued after cloud authorization, so that the illegal visitor can be directly and quickly screened out through identification matching. After the door lock end receives the verification key sent by the visitor terminal, the identification of the visitor terminal in the verification key is matched with the identification of the authorized terminal in the authorized key one by one, and if the visitor terminal is the authorized terminal stored in the door lock end, the identification of the visitor terminal can be matched with the identification of the authorized terminal in one of the authorized keys of the door lock end. In the embodiment of the application, in order to improve the security verification efficiency and quickly and efficiently screen out illegal visitors which do not belong to the authorized terminal, firstly, the identification of the visitor terminal in the verification key is matched with the identification of the authorized terminal in the authorized key, so that the screening of the illegal visitors is realized.

S240, determining that the visitor terminal is an unauthorized terminal or the visitor terminal is not in the authorized validity period, and determining that the security verification result is not passed.

For example, since the authorized key is generated according to the identifier of the authorized terminal and the key factor within the authorization validity period, if the identifier of the guest terminal in the authentication key does not match the identifier of the authorized terminal in the authorized key, it indicates that the guest terminal is not the authorized terminal, or although the guest terminal is the authorized terminal, the guest terminal is not within the authorization validity period, and therefore it is determined that the security authentication result of the guest terminal is not passed, the guest terminal is not allowed to establish a communication connection with the door lock terminal, and the door lock is not opened.

And S250, matching the encryption key factor in the verification key with the encryption key factor in the authorized key.

Illustratively, if the identifier of the guest terminal in the authentication key is the same as the identifier of the authorized terminal in the authorized key, the encryption key factor needs to be further authenticated to perform authentication more comprehensively and deeply, thereby improving the security of the authentication. If the encryption factor in the verification key is matched with the encryption key factor in the authorized key, determining that the key factor in the encryption key factor of the verification key is consistent with the key factor in the encryption key factor of the authorized key, wherein the key factor held by the visitor terminal is the key factor issued after cloud authorization, and the visitor terminal is the authorized terminal.

In this embodiment of the present application, the performing security verification on the identity of the guest terminal according to the encryption key factor in the verification key and the encryption key factor in the authorized key includes: matching an encryption key factor in the authentication key with an encryption key factor in the authorized key; if the matching is successful, determining that the security verification result is passed, establishing communication connection with the visitor terminal and unlocking a door lock; and if the matching fails, determining that the security verification result is not passed.

In this embodiment of the present application, after the identity of the guest terminal is securely verified, the method further includes: if the safety verification result of the visitor terminal is passed, updating the number of the visitor terminals with the safety verification result of passing; and if the security verification result is that the number of the passing visitor terminals is equal to or larger than the number of the authorized terminals within the authorization validity period, refusing to receive the communication connection request sent by the visitor terminal.

Illustratively, when the recorded security authentication result is that the number of the authorized terminal is equal to the number of the authorized terminals within the authorization period, it is indicated that all the authorized terminal are authenticated and recorded at the door lock terminal, and for the guest terminal greater than the authorized terminal within the authorization valid period, it is indicated that the authorized terminal is not within the authorization valid period. Therefore, when the number of the visitor terminals passing the security verification result is equal to or greater than the number of the authorized terminals within the authorization validity period, that is, the communication connection request sent by the visitor terminal is refused to be received, the door lock end is in a state that the door lock end cannot be searched by other equipment, so as to avoid the access of illegal visitors and unnecessary verification processes.

In this embodiment of the present application, after the identity of the guest terminal is securely verified, the method further includes: and if the security verification result of the visitor terminal is passed, determining the visitor terminal as a trusted terminal so as to establish communication connection with the trusted terminal when receiving the communication connection request of the trusted terminal.

Illustratively, if the security verification result of the guest terminal is passed, the guest terminal is determined to be a trusted terminal and added into the trusted list. When the credible terminal sends the communication connection request again, the communication connection can be directly established with the credible terminal, and the door lock is opened, so that unnecessary verification processes are reduced, and the unlocking efficiency is improved.

According to the method and the device, the identification of the visitor terminal in the verification key is matched with the identification of the authorized terminal in the authorized key, so that the unauthorized terminal or the authorized terminal which is not in the authorized valid period is rapidly screened out, and the verification is further carried out according to the encryption key factor, so that the identity of the visitor terminal is determined more comprehensively and accurately, the security of door lock access is ensured, and the illegal invasion of illegal visitors is avoided.

Fig. 4 is a flowchart illustrating a security authentication method performed by a guest terminal according to an embodiment of the present application. The embodiment can be applied to the situation that the visitor terminal requests the door lock end to open the door and the door lock end carries out safety verification. Typically, the embodiment may be applied to a case where the door lock terminal performs security verification on the guest terminal in a process where the guest terminal requests the door lock terminal to establish a communication connection. The security verification method disclosed by the embodiment can be executed by a security verification device configured in the guest terminal, and the security verification device can be realized by software and/or hardware and can be configured in the electronic equipment. Details such as noun explanations and the like which are not described in detail in the embodiments of the present application are described in detail in the above embodiments. Referring to fig. 4, the security authentication method performed by the guest terminal according to the present embodiment includes:

and S310, sending a communication connection request to a door lock end.

Illustratively, if the visitor terminal has a requirement for unlocking the door lock of the door lock end, the visitor terminal searches the bluetooth of the door lock end according to the locally stored information of the door lock end, and sends a communication connection request to the door lock end so as to perform bluetooth pairing connection with the door lock end.

In the embodiment of the application, by default, if the number of the devices allowed to be connected and paired stored in the door lock end is less than or equal to the number of the owner terminals, the bluetooth of the door lock end is in a state that the bluetooth cannot be searched and paired by other devices. If the authorization verification of the cloud end to the visitor terminal is successful, the information of the visitor terminal is sent to the door lock end, the visitor terminal is added to the door lock end to serve as an authorized terminal, the number of devices allowing connection and pairing is updated, the number of the devices allowing connection and pairing is larger than that of owner terminals, the door lock end is allowed to be searched by other devices, and communication connection requests of the other devices are received.

In this embodiment of the present application, before sending the communication connection request to the door lock end, the method further includes: responding authorization verification information sent by the owner terminal, and returning visitor terminal information to the cloud end so that the cloud end can carry out authorization verification on the visitor terminal according to the visitor terminal information; and receiving door lock end information sent by the cloud after the authorization verification is passed and the identification of the visitor terminal. Before sending the communication connection request to the door lock terminal, the method further includes: and searching for the door lock end within a preset range according to the door lock end information.

When the visitor terminal has a requirement for accessing the door lock end, the visitor terminal searches for the door lock end matched with the MAC address in a nearby range according to the MAC address of the door lock end issued by the cloud, and sends a communication connection request to the door lock end, so that the visitor terminal is selected to send the communication connection request in a targeted manner, and other devices are prevented from being connected by mistake.

Illustratively, before responding to the communication connection request sent by the guest terminal, the method further includes a process of authorization by the guest terminal, specifically: the owner terminal obtains the WeChat friend list or the contact way list through the applet or the APP, selects an authorization object from the WeChat friend list or the contact way list, and sets an authorization validity period allowing access to the door lock end. The small program or the APP generates an invitation link and sends the invitation link to the visitor terminal through the cloud, the visitor terminal opens the invitation link through the small program or the APP and uses the micro-signal to log in or the mobile phone number to enable the cloud to acquire the login information of the visitor terminal, such as the micro-signal or the mobile phone number. The cloud end matches the login information of the visitor terminal with the information of the authorized object selected by the owner terminal, if the matching is successful, the authorization of the visitor terminal is completed, and the visitor terminal is the authorized terminal. And after the authorization is successful, the cloud generates a random value as the identifier of the authorized terminal, and sends the identifier of the authorized terminal to the visitor terminal as the identifier of the visitor terminal. Because the identification of the authorized terminal is a random value generated by the cloud end and is only sent to the visitor terminal, other illegal visitor terminals cannot acquire the random value, and therefore when verification is carried out according to the identification of the visitor terminal, the illegal visitor terminal cannot pass the verification because the illegal visitor terminal does not have the correct identification of the visitor terminal, and the safety of door lock end access is guaranteed. The cloud sends door lock end information, such as the MAC address of the door lock end, and also can be the MAC address of the door lock end, a product serial number and other identifications to the visitor terminal. And the cloud sends the identifier of the authorized terminal and the authorization validity period to the door lock end. And the door lock end judges the authorized terminal to be valid according to the authorization validity period of the authorized terminal, if the authorized terminal is not in the authorization validity period, the authorized terminal is determined as an invalid terminal, and the number of the devices allowed to be connected is updated.

S320, receiving a key factor randomly generated by the door lock end in response to the communication connection request, and generating a verification key according to the key factor and the identification of the visitor terminal.

S330, sending the verification key to the door lock end so that the door lock end matches the verification key with an authorized key and performs security verification on the identity of the visitor terminal; and the authorized key is generated by the door lock end according to the identification of the authorized terminal within the authorization validity period and the key factor.

In this embodiment of the application, the door lock end matches the verification key with an authorized key, and before performing security verification on the identity of the visitor terminal, the method further includes: encrypting the key factor by adopting an encryption algorithm to obtain an encrypted key factor; generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; or, encrypting the key factor, the door lock end identifier and the owner terminal identifier by adopting an encryption algorithm to obtain an encryption key factor; generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; or, the key factor is used as an encryption factor of an encryption algorithm, and the encryption algorithm is adopted to encrypt the door lock end identifier and the owner terminal identifier to obtain an encryption key factor; generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; the identification of the authorized terminal is a random value which is generated by the cloud and is associated with the authorized terminal.

For example, the door lock end generates an authorized KEY E-KEY according to the identifier of the authorized terminal and the KEY factor, where the E-KEY may be "identifier of the authorized terminal + encryption processing (KEY factor)", for example, E-KEY (1) ═ authorized terminal id (1) + encryption processing (KEY factor P-KEY) "; the "authorized terminal id (2) + encryption process (KEY factor P-KEY)" … … E-KEY (2) is E-KEY (2) (n) (authorized terminal id (n) + encryption process (KEY factor P-KEY) ". It may also be "identification of authorized terminal + encryption processing (KEY factor + door lock end identification + owner terminal identification)", for example, E-KEY (1) ═ authorized terminal id (1) + encryption processing (KEY factor P-KEY + door lock end identification + owner terminal identification) "; the "authorized terminal id (2) + encryption processing (KEY factor P-KEY + lock end identifier + owner terminal identifier)" … … E-KEY (n) ═ authorized terminal id (n) + encryption processing (KEY factor P-KEY + lock end identifier + owner terminal identifier) "is E-KEY (2). It may also be "identification of authorized terminal + KEY factor algorithm (lock end identification + owner terminal identification)", for example, E-KEY (1) ═ authorized terminal id (1) + encryption algorithm (KEY factor P-KEY) (lock end identification + owner terminal identification) "; the "authorized terminal id (2) + encryption algorithm (KEY factor P-KEY) (KEY factor P-KEY + lock end id + owner terminal id)" … … E-KEY (2) ═ authorized terminal id (n) + encryption algorithm (KEY factor P-KEY) (KEY factor P-KEY + lock end id + owner terminal id) ". And generating different authorized keys according to different authorized terminal identifications. The number of authorized keys is the same as the number of authorized terminals within the authorization validity period, corresponding to authorized terminals. Since the key factor is randomly generated and valid once, the authorized key is valid once, and when a new communication connection request exists, the authorized key is regenerated according to the authorized terminal currently within the authorization validity period. Because the key factor is randomly generated and is valid for a single time, other illegal visitor terminals cannot crack and acquire the key, so that the generated authorized key can be reliably used for security verification, and if the verification key is not matched with the authorized key, the visitor terminal corresponding to the verification key can be determined not to be the authorized terminal within the authorization validity period, so that the access security of the door lock end is improved.

According to the method and the system, the visitor terminal requests the door lock terminal to establish the communication connection, the door lock terminal completes the safety verification of the visitor terminal, and compared with the scheme that the unlocking password is transmitted to the visitor terminal after the communication connection is established at present, and the unlocking authentication is completed in a signaling/file transmission mode, the method and the system avoid the problem that the connection password is cracked after the communication connection, and the risk of being stolen in the unlocking password transmission process, and can improve the safety of identity verification. And because the communication connection authentication process is completed, the safety verification process is simplified. The visitor terminal generates the verification key according to the key factor and the identification of the visitor terminal, and the key factor is generated randomly by the door lock end, so that illegal visitors cannot crack and obtain the verification key, and the verification safety is improved.

Fig. 5 is a flowchart illustrating a security verification method performed by a cloud according to an embodiment of the present disclosure. The embodiment is applicable to the condition that the cloud authorizes the visitor terminal before the door lock end carries out safety verification on the visitor terminal. Typically, this embodiment can be applicable to before door lock terminal carries out security verification to visitor's terminal, after the high in the clouds authorizes visitor's terminal, sends authorization information to door lock terminal and visitor's terminal to the condition that visitor's terminal was carried out security verification according to authorization information by the door lock terminal. The security verification method disclosed by the embodiment can be executed by a security verification device configured at the cloud, and the security verification device can be realized in a software and/or hardware manner and can be configured in an electronic device. Referring to fig. 5, the security verification method executed by the cloud according to the embodiment includes:

s410, receiving authorization verification information sent by the owner terminal, and sending the authorization verification information to the visitor terminal.

Illustratively, the owner terminal acquires the WeChat friend list or the contact list through an applet or an APP, selects an authorization object from the WeChat friend list or the contact list, and sets an authorization validity period for allowing access to the door lock end. The small program or the APP generates an invitation link and sends the invitation link to the visitor terminal through the cloud, the visitor terminal opens the invitation link through the small program or the APP and uses the micro-signal to log in or the mobile phone number to enable the cloud to acquire the login information of the visitor terminal, such as the micro-signal or the mobile phone number.

And S420, receiving visitor terminal information returned by the visitor terminal in response to the authorization verification information, and performing authorization verification on the visitor terminal according to the visitor terminal information.

In this application embodiment, the authorization verification of the guest terminal according to the guest terminal information includes: matching the visitor terminal information with visitor terminal information sent by the owner terminal; and if the matching is successful, determining that the authorization verification is passed. Illustratively, the cloud matches the login information of the visitor terminal with the information of the authorized object selected by the owner terminal, and if the matching is successful, the authorization of the visitor terminal is completed, and the visitor terminal is the authorized terminal.

And S430, if the verification is passed, generating a random value as the identification of the visitor terminal, and sending the identification of the visitor terminal and the door lock end information to the visitor terminal, so that the visitor terminal sends a communication connection request to the door lock end according to the door lock end information, and generates a verification key according to the identification of the visitor terminal and the key factor generated by the door lock end.

Illustratively, after the authorization is successful, the cloud generates a random value as the identifier of the authorized terminal, and sends the identifier of the authorized terminal to the guest terminal as the identifier of the guest terminal. Because the identification of the authorized terminal is a random value generated by the cloud end and is only sent to the visitor terminal, other illegal visitor terminals cannot acquire the random value, and therefore when verification is carried out according to the identification of the visitor terminal, the illegal visitor terminal cannot pass the verification because the illegal visitor terminal does not have the correct identification of the visitor terminal, and the safety of door lock end access is guaranteed. The cloud sends door lock end information, such as the MAC address of the door lock end, and also can be the MAC address of the door lock end, a product serial number and other identifications to the visitor terminal.

S440, the visitor terminal is used as an authorized terminal, the identification of the visitor terminal is used as the identification of the authorized terminal, and the identification of the authorized terminal and the authorization validity period are sent to the door lock end, so that the door lock end generates an authorized key according to the generated key factor and the identification of the authorized terminal within the authorization validity period.

Illustratively, the cloud sends the identifier of the authorized terminal and the authorization validity period to the door lock terminal. And the door lock end judges the authorized terminal to be valid according to the authorization validity period of the authorized terminal, if the authorized terminal is not authorized within the validity period, the authorized terminal is determined as an invalid terminal, and the number of the devices allowed to be connected is updated. If the visitor terminal has the requirement of opening the door lock of the door lock end, the visitor terminal searches the Bluetooth of the door lock end according to locally stored information of the door lock end, and sends a communication connection request to the door lock end so as to carry out Bluetooth pairing connection with the door lock end. And the door lock end receives a communication connection request sent by the visitor terminal, responds to the communication connection request and generates a key factor. The key factor is a single generated random value, and a new key factor is regenerated for each communication connection request. Due to the characteristics of single generation and randomness, the key factor is difficult to be cracked or stolen for repeated use by illegal visitors, and the safety is improved.

And the visitor terminal generates a verification key according to the key factor and the identifier of the visitor terminal and sends the verification key to the door lock end, so that the door lock end carries out safety verification on the identity of the visitor terminal according to the verification key. And the door lock end generates an authorized key according to the identifier of the authorized terminal within the authorization validity period and the key factor, matches the verification key with the authorized key, and performs security verification on the identity of the visitor terminal.

According to the method and the device, the identification of the visitor terminal and the identification of the authorized terminal are randomly generated, so that illegal visitors are difficult to crack and obtain, and the safety of identity verification is guaranteed. And the identification of the visitor terminal is sent to the visitor terminal, and the identification of the authorized terminal and the authorization validity period are sent to the door lock terminal, so that the visitor terminal and the door lock terminal generate an authentication key and an authorized key for security authentication in a communication connection stage, and the security and reliability of the authentication are improved.

Fig. 6 is a schematic structural diagram of a security verification device configured at a door lock end according to an embodiment of the present application. Referring to fig. 6, an embodiment of the present application discloses a security authentication device 500 configured at a door lock end, where the device 500 includes: a key factor generation module 501, an authentication key reception module 502, and a security authentication module 503.

The key factor generating module 501 is configured to respond to a communication connection request sent by a guest terminal, and randomly generate a key factor; a verification key receiving module 502, configured to send the key factor to the guest terminal, and receive a verification key generated by the guest terminal according to the key factor and an identifier of the guest terminal; a security verification module 503, configured to match the verification key with an authorized key, and perform security verification on the identity of the guest terminal;

In an embodiment of the present application, the apparatus further includes:

the first encryption key factor determining module is used for encrypting the key factor by adopting an encryption algorithm to obtain an encryption key factor;

the first authorized key generation module is used for generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; or,

the second encryption key factor determining module is used for encrypting the key factor, the door lock end identifier and the owner terminal identifier by adopting an encryption algorithm to obtain an encryption key factor;

the second authorized key generation module is used for generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; or,

the third encryption key factor determining module is used for taking the key factor as an encryption factor of an encryption algorithm, and encrypting the door lock end identifier and the owner terminal identifier by adopting the encryption algorithm to obtain an encryption key factor;

a third authorized key generation module, configured to generate an authorized key according to the identifier of the authorized terminal within the authorization validity period and the encryption key factor;

the identification of the authorized terminal is a random value which is generated by the cloud and is associated with the authorized terminal.

In this embodiment of the present application, the security verification module 503 includes:

an identifier matching unit, configured to match an identifier of the guest terminal in the verification key with an identifier of an authorized terminal in the authorized key;

the identification matching failure determining unit is used for determining that the visitor terminal is an unauthorized terminal or the visitor terminal is not in an authorized validity period if the matching fails, and the safety verification result is that the visitor terminal does not pass;

and the identification matching success determining unit is used for carrying out safety verification on the identity of the visitor terminal according to the encryption key factor in the verification key and the encryption key factor in the authorized key if the matching is successful.

In this embodiment of the present application, the identifier matching success determining unit includes:

a factor matching subunit, configured to match an encryption key factor in the verification key with an encryption key factor in the authorized key;

the verification passing determining subunit is used for determining that the safety verification result is passed if the matching is successful, establishing communication connection with the visitor terminal and unlocking the door lock;

and the verification fail determining subunit is used for determining that the security verification result is fail if the matching fails.

In an embodiment of the present application, the apparatus further includes:

and the alarm module is used for sending an alarm message to the owner terminal if the number of times of failing to pass reaches a preset number threshold value as a safety verification result.

In an embodiment of the present application, the apparatus further includes:

the authorization information receiving module is used for receiving the identification of the authorized terminal and the authorization validity period sent by the cloud end;

and the communication connection request receiving module is used for receiving the communication connection request sent by the visitor terminal if the authorized terminal in the authorization validity period exists.

In an embodiment of the present application, the apparatus further includes:

the quantity updating module is used for updating the quantity of the visitor terminals with the passing safety verification result if the safety verification result of the visitor terminals passes;

and the connection refusing module is used for refusing to receive the communication connection request sent by the visitor terminal if the security verification result shows that the number of the passing visitor terminals is equal to or more than the number of the authorized terminals within the authorization validity period.

In an embodiment of the present application, the apparatus further includes:

and the trusted terminal determining module is used for determining the visitor terminal as a trusted terminal if the security verification result of the visitor terminal passes, so that communication connection with the trusted terminal is established when the communication connection request of the trusted terminal is received.

In an embodiment of the present application, the communication connection is a physical communication link.

The security verification device configured at the door lock end provided by the embodiment of the application can execute the security verification method executed by the door lock end provided by any embodiment of the application, and has the corresponding functional modules and beneficial effects of the execution method.

Fig. 7 is a schematic structural diagram of a security authentication apparatus configured in a guest terminal according to an embodiment of the present application. Referring to fig. 7, an embodiment of the present application discloses a security authentication apparatus 600 configured at a guest terminal, where the apparatus 600 includes: a communication connection request transmission module 601, an authentication key generation module 602, and an authentication key transmission module 603.

The communication connection request sending module 601 is configured to send a communication connection request to a door lock end; the verification key generation module 602 is configured to receive a key factor randomly generated by the door lock end in response to the communication connection request, and generate a verification key according to the key factor and the identifier of the guest terminal; the verification key sending module 603 is configured to send the verification key to the door lock end, so that the door lock end matches the verification key with an authorized key to perform security verification on the identity of the visitor terminal;

In this embodiment of the application, the verification key generation module 602 includes:

the first encryption unit is used for encrypting the key factor by adopting an encryption algorithm to obtain an encrypted key factor;

a first verification key generation unit, configured to generate the verification key according to an identifier of the guest terminal and the encryption key factor; or,

the second encryption unit is used for encrypting the key factor, the door lock end identifier and the owner terminal identifier by adopting an encryption algorithm to obtain an encrypted key factor;

the second verification key generation unit is used for generating the verification key according to the identification of the visitor terminal and the encryption key factor; or,

the third encryption unit is used for taking the key factor as an encryption factor of an encryption algorithm, and encrypting the door lock end identifier and the owner terminal identifier by adopting the encryption algorithm to obtain an encryption key factor;

a third verification key generation unit, configured to generate the verification key according to an identifier of the guest terminal and the encryption key factor;

In an embodiment of the present application, the apparatus further includes:

the response module is used for responding the authorization verification information sent by the owner terminal and returning the visitor terminal information to the cloud terminal so that the cloud terminal can carry out authorization verification on the visitor terminal according to the visitor terminal information;

and the visitor information receiving module is used for receiving the door lock terminal information sent by the cloud after the authorization verification is passed and the identification of the visitor terminal.

In an embodiment of the present application, the apparatus further includes:

and the door lock end searching module is used for searching the door lock end within a preset range according to the door lock end information.

The security verification device configured in the guest terminal provided by the embodiment of the application can execute the security verification method executed by the guest terminal provided by any embodiment of the application, and has the corresponding functional modules and beneficial effects of the execution method.

Fig. 8 is a schematic structural diagram of a security verification apparatus configured at a cloud according to an embodiment of the present disclosure. Referring to fig. 8, an embodiment of the present application discloses a security verification apparatus 600 configured in a cloud, where the apparatus 700 includes: an authorization verification information sending module 701, an authorization verification module 702, a random value generating module 703 and an authorization information sending module 704.

The authorization verification information sending module 701 receives authorization verification information sent by a owner terminal and sends the authorization verification information to a visitor terminal; an authorization verification module 702, configured to receive visitor terminal information returned by the visitor terminal in response to the authorization verification information, and perform authorization verification on the visitor terminal according to the visitor terminal information; a random value generating module 703, configured to generate a random value as the identifier of the guest terminal if the verification passes, and send the identifier of the guest terminal and the door lock end information to the guest terminal, so that the guest terminal sends a communication connection request to the door lock end according to the door lock end information, and generates a verification key according to the identifier of the guest terminal and a key factor generated by the door lock end; and the authorization information sending module 704 is configured to use the visitor terminal as an authorized terminal, use the identifier of the visitor terminal as the identifier of the authorized terminal, and send the identifier of the authorized terminal and the authorization validity period to the door lock end, so that the door lock end generates an authorized key according to the generated key factor and the identifier of the authorized terminal within the authorization validity period.

In this embodiment, the authorization verification module 702 includes:

the information matching unit is used for matching the visitor terminal information with the visitor terminal information sent by the owner terminal;

and the pass determination unit is used for determining that the authorization verification passes if the matching is successful.

In the embodiment of the present application, the door lock end information includes a MAC address of the door lock end; or,

the door lock end information comprises the MAC address and the product serial number of the door lock end.

The cloud-side-configured security verification device provided by the embodiment of the application can execute the security verification method executed by the cloud side provided by any embodiment of the application, and has corresponding functional modules and beneficial effects of the execution method.

According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.

As shown in fig. 9, fig. 9 is a block diagram of an electronic device for implementing the security authentication method according to the embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, electronic devices, blade electronics, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable electronic devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.

As shown in fig. 9, the electronic apparatus includes: one or more processors 801, memory 802, and interfaces for connecting the various components, including a high speed interface and a low speed interface. The electronic device can implement the method executed by the door lock terminal, or execute the method executed by the visitor terminal, or execute the method executed by the cloud terminal. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output device (such as a display electronic device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each electronic device providing portions of the necessary operations (e.g., as an array of electronic devices, a set of blade-like electronic devices, or a multi-processor system). Fig. 9 illustrates an example of a processor 801.

The memory 802 is a non-transitory computer readable storage medium as provided herein. Wherein the memory stores instructions executable by at least one processor to cause the at least one processor to perform the security verification method provided herein. The non-transitory computer readable storage medium of the present application stores computer instructions for causing a computer to perform the security authentication method provided by the present application.

The memory 802, which is a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules (e.g., the key factor generation module 501, the verification key reception module 502, and the security verification module 503 shown in fig. 6, or the communication connection request transmission module 601, the verification key generation module 602, and the verification key transmission module 603 shown in fig. 7, or the authorization verification information transmission module 701, the authorization verification module 702, the random value generation module 703, and the authorization information transmission module 704 shown in fig. 8) corresponding to the method of security verification in the embodiments of the present application, the electronic device is a door lock terminal when the key factor generation module 501, the verification key reception module 502, and the security verification module 503 shown in fig. 6 are stored, the communication connection request transmission module 601 shown in fig. 7, The electronic device is a guest terminal when the verification key generation module 602 and the verification key transmission module 603 are used. When the authorization verification information sending module 701, the authorization verification module 702, the random value generation module 703, and the authorization information sending module 704 shown in fig. 8 are stored, the electronic device is a cloud). The processor 801 executes various functional applications and data processing of the electronic device by running non-transitory software programs, instructions and modules stored in the memory 802, that is, implements the security authentication method in the above-described method embodiments.

The memory 802 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created from use of the electronic device for security authentication, and the like. Further, the memory 802 may include high speed random access memory and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 802 optionally includes memory located remotely from the processor 801, which may be connected to the security verification electronics via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The electronic device of the security authentication method may further include: an input device 803 and an output device 804. The processor 801, the memory 802, the input device 803, and the output device 804 may be connected by a bus or other means, and are exemplified by a bus in fig. 9.

The input device 803 may receive input numeric or character information and generate key signal inputs related to user settings and function controls of the security-verified electronic device, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointer, one or more mouse buttons, a track ball, a joystick, or other input device. The output devices 804 may include display electronics, auxiliary lighting devices (e.g., LEDs), tactile feedback devices (e.g., vibrating motors), and the like. The display electronics may include, but are not limited to, Liquid Crystal Displays (LCDs), Light Emitting Diode (LED) displays, and plasma displays. In some implementations, the display electronics can be a touch screen.

Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input, and at least one output device.

These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, electronic device, and/or apparatus (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data electronic device), or that includes a middleware component (e.g., an application electronic device), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.

The computer system may include a client and an electronic device. The client and the electronic device are generally remote from each other and typically interact through a communication network. The relationship of client and electronic device arises by virtue of computer programs running on the respective computers and having a client-electronic device relationship to each other.

It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.

The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims

1. A security authentication method, performed by a door lock terminal, the method comprising:

2. The method of claim 1, wherein matching the authentication key with an authorized key further comprises, prior to securely authenticating the identity of the guest terminal:

encrypting the key factor by adopting an encryption algorithm to obtain an encrypted key factor;

generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor; or,

encrypting the key factor, the door lock end identifier and the owner terminal identifier by adopting an encryption algorithm to obtain an encrypted key factor;

taking the key factor as an encryption factor of an encryption algorithm, and encrypting the door lock end identification and the owner terminal identification by adopting the encryption algorithm to obtain an encryption key factor;

generating an authorized key according to the identification of the authorized terminal within the authorization validity period and the encryption key factor;

3. The method of claim 1 or 2, wherein matching the authentication key with an authorized key for secure authentication of the identity of the guest terminal comprises:

matching the identification of the visitor terminal in the verification key with the identification of the authorized terminal in the authorized key;

if the matching fails, determining that the visitor terminal is an unauthorized terminal or the visitor terminal is not within the authorized validity period, and determining that the security verification result is failed;

and if the matching is successful, performing security verification on the identity of the visitor terminal according to the encryption key factor in the verification key and the encryption key factor in the authorized key.

4. The method of claim 3, wherein securely verifying the identity of the guest terminal based on the ciphering key factor in the authentication key and the ciphering key factor in the authorized key comprises:

matching an encryption key factor in the authentication key with an encryption key factor in the authorized key;

if the matching is successful, determining that the security verification result is passed, establishing communication connection with the visitor terminal and unlocking a door lock;

and if the matching fails, determining that the security verification result is not passed.

5. The method of claim 1, wherein prior to responding to the communication connection request sent by the guest terminal, the method further comprises:

receiving an identifier and an authorization validity period of an authorized terminal sent by a cloud terminal;

and if the authorized terminal within the authorization validity period exists, receiving the communication connection request sent by the visitor terminal.

6. The method of claim 1, wherein after securely verifying the identity of the guest terminal, the method further comprises:

if the safety verification result of the visitor terminal is passed, updating the number of the visitor terminals with the safety verification result of passing;

if the security verification result is that the number of the passing visitor terminals is equal to or larger than the number of the authorized terminals within the authorization validity period, refusing to receive the communication connection request sent by the visitor terminal;

after the identity of the guest terminal is securely verified, the method further comprises:

and if the security verification result of the visitor terminal is passed, determining the visitor terminal as a trusted terminal so as to establish communication connection with the trusted terminal when receiving the communication connection request of the trusted terminal.

7. A security authentication method, performed by a guest terminal, the method comprising:

sending a communication connection request to a door lock end;

8. A security verification method, performed by a cloud, the method comprising:

9. A security verification electronic device, the electronic device comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method performed by the door lock end of any one of claims 1-6, or to perform the method performed by the guest terminal of claim 7, or to perform the method performed by the cloud end of claim 8.

10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method performed by a door lock end of any one of claims 1-6, or perform the method performed by a guest terminal of claim 7, or perform the method performed by a cloud end of claim 8.