CN114724291A - Remote offline real-time authorization method and device for access control system and storage medium - Google Patents
Remote offline real-time authorization method and device for access control system and storage medium Download PDFInfo
- Publication number
- CN114724291A CN114724291A CN202210312133.7A CN202210312133A CN114724291A CN 114724291 A CN114724291 A CN 114724291A CN 202210312133 A CN202210312133 A CN 202210312133A CN 114724291 A CN114724291 A CN 114724291A
- Authority
- CN
- China
- Prior art keywords
- authorization
- key
- data
- lock
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 167
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000003860 storage Methods 0.000 title claims abstract description 12
- 238000004422 calculation algorithm Methods 0.000 claims description 36
- 230000006854 communication Effects 0.000 claims description 34
- 238000004891 communication Methods 0.000 claims description 32
- 238000004590 computer program Methods 0.000 claims description 12
- 238000010586 diagram Methods 0.000 description 9
- 230000015654 memory Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 230000010354 integration Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003111 delayed effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00571—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00857—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention discloses a remote off-line real-time authorization method, a device and a storage medium for an access control system, belonging to the field of remote authorization of the access control system, wherein the method comprises the following steps: s1: initializing a key and a lock, wherein the initialization process comprises setting a system secret key, setting a basic secret key and setting an initial value of an index value; s2: according to an authorization request remotely applied by a user, editing authorization data and corresponding hash abstract data to obtain an authorization code and returning the authorization code to the user, and inputting the authorization code into a key by the user; s3: calculating a hash value according to the initialized basic key and the initial value of the index value in the step S1 and the authorization code received in the step S2, and comparing the hash value with the hash digest data in the step S2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction, otherwise, not sending the unlocking instruction. The invention can carry out real-time authorization under the emergency condition or the condition that the local backup server fails to acquire the authorization data of the remote server.
Description
Technical Field
The present invention relates to the field of remote authorization of access control systems, and more particularly, to a remote offline real-time authorization method, device and storage medium for an access control system.
Background
The access control system is a system for controlling the access channel as the name implies, and is developed on the basis of the traditional door lock. The traditional mechanical door lock is only a pure mechanical device, and people can open the door lock by various means no matter how reasonable the structural design is and how firm the material is. The management of keys in a passage with a lot of people going in and out (such as office buildings and hotel rooms) is troublesome, and the lock and the key are replaced together when the keys are lost or the people are replaced. In order to solve the problems, an electronic magnetic card lock and an electronic coded lock are provided, and the two locks improve the management degree of people on the access channel to a certain extent, so that the channel management enters the electronic era.
The access control lock system has two main authorization methods, one is to obtain authorization from a remote management server in real time on line, the other is to edit authorization data on the management server in advance in an off-line manner, download the authorization data to a local key or download the authorization data to local authentication equipment, and then when a user uses the access control lock system, the user compares the user ID to confirm whether the authority is legal or not so as to execute unlocking action.
The current product is realized by pre-programmed authority, or the current authority is updated in real time through a local backup server, the unlocking authority cannot be effectively updated under the temporary emergency or the situation that the backup server cannot be used in field power failure, and the crisis processing time is delayed in the emergency.
In the two authorization methods, the network is smooth when the first authorization method requires authentication, otherwise, the user ID cannot be effectively compared after being input, and the unlocking action cannot be effectively executed; in the second method, because the preset authority file is used, in an emergency or when authorization is required in a non-set time period, the real-time authorization file cannot be effectively updated only by returning to the location of the management server to update the authorization file or requiring local installation of the backup equipment of the management server, if the backup equipment is powered off or has a fault in operation or has a network fault.
The information disclosed in this background section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
Disclosure of Invention
The invention aims to provide a remote offline real-time authorization method, a device and a storage medium for an access control system, which can carry out real-time authorization in an emergency situation or in a situation that a local backup server fails to acquire authorization data of a remote server.
In order to achieve the above object, the present invention provides a remote offline real-time authorization method for an access control system, which acts on a server side and a user side, and comprises the following steps:
s1: initializing a key and a lock, wherein the initialization process comprises setting a system secret key, setting a basic secret key and setting an initial value of an index value;
s2: according to an authorization request remotely applied by a user, editing authorization data and corresponding hash abstract data to obtain an authorization code and returning the authorization code to the user, and inputting the authorization code into a key by the user;
s3: calculating a hash value according to the initialized basic key and the initial value of the index value in the step S1 and the authorization code received in the step S2, and comparing the hash value with the hash digest data in the step S2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction, otherwise, not sending the unlocking instruction.
In an embodiment of the present invention, in step S1, the initialization process includes the following steps:
s101: setting a common communication secret key as a system secret key to serve as a secret key used for encrypting communication;
s102: setting a basic secret key required by an initialized hash algorithm;
s103: setting an index value initial value required by a Hash algorithm;
s104: the remainder of the initialization process is filled with all 0x00 bytes, or all 0xff bytes.
In an embodiment of the present invention, the authorization code is formed by mixing 32 bytes of data selected from the 32 bytes of data of the hash digest data from the front with authorization data in a manner agreed by a server, a key and a lock.
In an embodiment of the present invention, in step S3, a standard hash algorithm or a custom hash algorithm is used to calculate the hash value.
In an embodiment of the present invention, the method further includes: the lock receives an unlocking instruction and executes an unlocking action;
wherein the lock and the key are in a separate device form or an integrated device form;
when the lock and the key are in the form of separate devices, after the authorization code is input into the key, the key confirms whether the authorization data is legal and valid through the same process as in the step S3, and if the authorization data is legal and valid, the authorization data is converted into format data defined in the lock; after the key and the lock are associated and communicated, the key data are transmitted to the lock, and the lock performs unlocking action after authentication again;
when the lock and the key are in an integrated equipment form, the authorization code is directly input into the integrated equipment, and the unlocking action is executed after the validity is confirmed
The invention also provides a remote off-line real-time authorization device of the access control system, which comprises an initialization module and an authorization module which are arranged at the server end, and a comparison module which is arranged at the user end;
the initialization module is used for initializing the key and the lock, and the initialization process comprises setting a system secret key, setting a basic secret key and setting an initial value of an index value;
the authorization module is used for editing authorization data and corresponding hash abstract data according to an authorization request remotely applied by a user to obtain an authorization code and return the authorization code to the user, and the user inputs the authorization code into a key;
the comparison module is used for calculating a hash value according to the initialized basic secret key, the initial value of the index value and the received authorization code, and comparing the hash value with the hash abstract data in the step S2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction, otherwise, not sending the unlocking instruction.
In an embodiment of the present invention, the authorization code is formed by mixing 32 bytes of data selected from the 32 bytes of data of the hash digest data from the front with authorization data in a manner agreed by a server, a key and a lock.
In an embodiment of the present invention, the comparison module calculates the hash value using a standard hash algorithm or a custom hash algorithm.
In an embodiment of the present invention, the present invention further includes an unlocking module disposed on the lock, configured to receive the unlocking instruction sent by the comparison module, and instruct the lock to execute an unlocking action;
wherein the lock and the key are in a separate device form or an integrated device form;
when the lock and the key are in the form of separate devices, after the authorization code is input into the key, the key confirms whether the authorization data is legal and valid through the same process as in the step S3, and if the authorization data is legal and valid, the authorization data is converted into format data defined in the lock; after the key and the lock are associated and communicated, the key data are transmitted to the lock, and the lock performs unlocking action after authentication again;
when the lock and the key are in an integrated equipment form, the authorization code is directly input into the integrated equipment, and the unlocking action is executed after the validity is confirmed.
The invention also provides a storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the remote offline real-time authorization method according to the above-mentioned access control system.
Compared with the prior art, the remote off-line real-time authorization method, the device and the storage medium of the access control system can be used as an authorization standby method to obtain real-time authorization in an emergency or under the condition that the local backup server fails to acquire the authorization data of the remote server; the method can also be used as a common normal authorization method, and the installation and the configuration of the backup server are saved.
Drawings
Fig. 1 is a flowchart of a remote offline real-time authorization method for an access control system according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a remote offline real-time authorization apparatus of an access control system according to an embodiment of the present invention.
Detailed Description
The following detailed description of the present invention is provided in conjunction with the accompanying drawings, but it should be understood that the scope of the present invention is not limited to the specific embodiments.
Throughout the specification and claims, unless explicitly stated otherwise, the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated element or component but not the exclusion of any other element or component.
As shown in fig. 1, a remote offline real-time authorization method for an access control system according to a preferred embodiment of the present invention, which acts on a server side and a user side, includes the following steps:
s1: the key and the lock are initialized on the server, the initialization process comprises setting a system secret key, setting a basic secret key and setting an initial value of an index value, and the set data is sorted according to a bit byte little end mode (the high byte of the data is stored in a high address of the memory, and the low byte of the data is stored in a low address of the memory), and the data can be sorted according to other set modes.
The key data required by the hash algorithm comprises the key and an index initial value, authorization data and padding data (0x00 or 0xff), wherein only the authorization data is variable, and the rest data is transmitted to the key and the lock by the server through encrypted communication in the initialization process. The key length required by the hash algorithm can be 32 bytes, and can also be selected as a multiple of 32 bytes.
Specifically, the initialization process includes the steps of:
s101: and setting a common communication key as a system key to serve as a key for encrypting communication. The common communication key is composed of fixed character strings, and the same character string data and character string sequence are used at the server side, the key and the lock.
In the process of initializing communication, firstly, the fixed character string is used as a secret key to establish communication connection, then, after handshaking succeeds, the random number character string is used to regenerate the communication secret key, the communication secret key is respectively stored in memories of a server, a key and a lock and is used as an encryption secret key in the normal use process, encryption communication is secret key data and an index value initial value which are required by a hash algorithm transmitted between the server and the key end or the lock after the handshaking in the initialization process or in the normal use process, and an encryption algorithm such as 3DES or AES128 or the like or a self-defined encryption algorithm is adopted.
In the method, the initialization process is assumed to be operated by a system administrator in a relatively safe environment, so that the encryption intensity of encrypted communication does not need to be too high, and the communication efficiency is emphasized.
S102: setting a basic key required by the initialization hash algorithm. The basic key is generated by a random number, and the length of the byte is selected according to the requirement of the required encryption strength.
S103: and setting an initial value of an index value required by the hash algorithm. The initial value of the index value is generated by a random number, and the byte length of the index value is selected according to the requirement of the required encryption strength.
When the key format of the hash algorithm is externally detected, the length of the index value determines the strength of the hash algorithm, for example, the probability of cracking a single byte is 1/256, the probability of cracking a double byte is 1/65536, and so on, the probability of cracking is 1/2n(n is the bit length), after each use, the index byte of the index value accumulates 1, starting with 0 if it overflows.
S104: the rest of the initialization process is filled with all 0x00 bytes, or all 0xff bytes, and may be filled with any bytes agreed to by the server side, key and lock.
S2: and editing the authorization data and the corresponding hash abstract data according to an authorization request remotely applied by the user, obtaining an authorization code and returning the authorization code to the user, and inputting the authorization code into a key by the user. The authorization data is determined according to the unlocking requirement customized by the user, and includes but is not limited to the unlocking times, the unlocking time range, the number of trial and error allowed for unlocking and the like.
Specifically, a user remotely applies for authorization at a client, that is, the user sends information such as a lock number and an unlocking requirement to a server in a telephone or short message manner, the server edits authorization data and corresponding hash summary data to obtain part or all of the data, obtains an authorization code and transmits the authorization code to the user in the telephone or short message manner, and the user inputs the authorization code into a key.
The authorization code can be selected from different lengths according to the encryption strength required by the user, and the 32 bytes of data in the 32 bytes of hash digest data can be selected from the front and mixed with the authorization data to form the authorization code in a manner of being agreed by a server, a key and a lock.
Wherein the encryption strength is equal to a binary power exponent of the selected byte length.
S3: and calculating a hash value according to the initialized basic key and the initial value of the index value in the step S1 and the authorization code received in the step S2, performing byte comparison with the hash digest data in the step S2, and if the calculated hash value is the same as the hash digest data, sending an unlocking instruction, otherwise, not sending the unlocking instruction.
Specifically, after the key receives the authorization data or the lock device receives the user input, the hash value is calculated by using a standard hash algorithm and compared with the hash abstract data to confirm whether the authorization data is legal and valid.
When the authorization data is input at the user side, a limited number of trial and error protection algorithm is adopted, and the input is locked within a period of time after the trial and error times are exceeded, so that the authentication process is prevented from being broken by frequently inputting the authorization code.
Step S3 is followed by: the lock receives the unlocking instruction and executes the unlocking action.
The unlocking action may be an actual door lock, an unlocking instruction, a logic unlocking level, and the like.
The lock can be in the form of a device with a separate lock and key or in the form of a device with an integrated lock and key.
For the device combination form with the separated lock and key, after the remote authorization code is input into the key, the inside of the key confirms that the authorization code is valid and valid through the same calculation process as that in the step S3, and if the authorization code is valid and valid, the authorization code is converted into format data defined in the lock; and then, after the key and the lock are associated to establish communication, the communication can be in a contact or wireless mode, the key data is transmitted to the lock, namely, the communication process adopts a preset communication secret key to encrypt and then sends the converted authorization code to the lock, and the lock executes unlocking action after authentication again.
For the device form of the integration of the lock and the key, the authorization code is directly input into the device, and the unlocking action is executed after the validity is confirmed.
The method comprises the steps that authorized data are encrypted through a Hash algorithm, wherein the Hash secret key comprises four mixed parts, the first part is a basic secret key byte set by system initialization, the second part is an index byte which is increased after each use, the third part is an authorized data byte, the fourth part is a lock ID (lock number) byte, partial or all data are taken from summary data obtained after Hash calculation and transmitted to a user through a telephone or a short message, and the user inputs the authorized code into a lock device to execute unlocking action.
Compared with the prior art, the real-time authorization method provided by the invention can reduce the installation and configuration of a local server, can be used as an authorization supplement method in the original network authorization mode, provides a method for temporarily applying for emergency authorization, and can still authorize and execute unlocking action in real time under the condition of emergency or network failure.
As shown in fig. 2, a remote offline real-time authorization apparatus for an access control system according to a preferred embodiment of the present invention includes an initialization module 1 and an authorization module 2 disposed at a server side, and a comparison module 3 disposed at a user side.
The initialization module 1 is used to initialize the key and the lock, and the initialization process includes setting a system key, setting a basic key, and setting an initial value of an index value. The data set above is sorted in a bit byte little mode (meaning that the high byte of data is stored in the high address of the memory and the low byte of data is stored in the low address of the memory), and may also be sorted in other set modes.
The key data required by the hash algorithm comprises the set system key, the basic key, the set initial value of the index value, the authorization data and the filling data (0x00 or 0xff), wherein only the authorization data are variable, and the rest data are transmitted to the key and the lock by the server through encrypted communication in the initialization process. The key length required by the hash algorithm can be 32 bytes, and can also be selected as a multiple of 32 bytes.
Specifically, the initialization process includes the steps of:
s101: and setting a common communication key as a system key to serve as a key for encrypting communication. The common communication key is composed of fixed character strings, and the same character string data and character string sequence are used at the server side, the key and the lock.
In the process of initializing communication, firstly, the fixed character string is used as a secret key to establish communication connection, then, after handshaking succeeds, the random number character string is used to regenerate the communication secret key, the communication secret key is respectively stored in memories of a server, a key and a lock and is used as an encryption secret key in the normal use process, encryption communication is secret key data and an index value initial value which are required by a hash algorithm transmitted between the server and the key end or the lock after the handshaking in the initialization process or in the normal use process, and an encryption algorithm such as 3DES or AES128 or the like or a self-defined encryption algorithm is adopted.
In the device of the invention, the initialization process is assumed to be operated by a system administrator in a relatively safe environment, so that the encryption intensity of encrypted communication does not need to be too high, and the communication efficiency is emphasized.
S102: setting a basic key required by the initialized hash algorithm. The basic key is generated by a random number, and the length of the byte is selected according to the requirement of the required encryption strength.
S103: and setting an index value initial value required by the hash algorithm. The initial value of the index value is generated by a random number, and the byte length of the index value is selected according to the requirement of the required encryption strength.
When the key format of the hash algorithm is externally ascertained, the length of the index value determines the strength of the hash algorithm, e.g. a single byte is brokenThe probability is 1/256, the probability of breaking the double bytes is 1/65536, and so on, the probability of breaking is 1/2n(n is the bit length), after each use, the index byte of the index value is incremented by 1, starting with 0 if it overflows; .
S104: the rest of the initialization process is filled with all 0x00 bytes, or all 0xff bytes, and may be filled with any bytes agreed to by the server side, key and lock.
The authorization module 2 is used for editing the authorization data and the corresponding hash abstract data according to the authorization request remotely applied by the user and returning the authorization data and the corresponding hash abstract data to the user, and the user inputs the authorization data and the hash abstract data into the key. The authorization data is determined according to the unlocking requirement defined by the user, and includes but is not limited to the unlocking times, the unlocking time range, the number of trial and error allowed for unlocking and the like.
Specifically, a user remotely applies for authorization at a client, that is, the user sends information such as a lock number and an unlocking requirement to a server in a telephone or short message manner, the server edits authorization data and corresponding hash summary data to obtain part or all of the data, obtains an authorization code and transmits the authorization code to the user in the telephone or short message manner, and the user inputs the authorization code into a key.
The authorization code can be selected from different lengths according to the encryption strength required by the user, and the 32 bytes of data in the 32 bytes of hash digest data can be selected from the front and mixed with the authorization data to form the authorization code in a manner of being agreed by a server, a key and a lock.
Wherein the encryption strength is equal to a binary power exponent of the selected byte length.
The comparison module 3 is used for calculating a hash value according to the initialized basic secret key, the initial value of the index value and the received authorization code, and comparing the hash value with the hash abstract data in the authorization module 2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction to the unlocking module 4, otherwise, not sending the unlocking instruction.
Specifically, after the key receives the authorization data, or after the lock device receives the user input, the hash value is calculated by using a standard hash algorithm or a self-defined hash algorithm, and compared with the hash abstract data, whether the authorization data is legal or valid is confirmed.
When the authorization data is input at the user side, a limited number of trial and error protection algorithm is adopted, and the input is locked within a period of time after the trial and error times are exceeded, so that the authentication process is prevented from being broken by frequently inputting the authorization code.
The remote offline real-time authorization device for the access control system further comprises an unlocking module 4 arranged on the lock equipment and used for receiving an unlocking instruction sent by the comparison module 3 and indicating the lock to execute an unlocking action.
The unlocking action can be an actual door lock, an unlocking instruction, a logic unlocking level and the like.
The lock can be in the form of a device with a separate lock and key or in the form of a device with an integrated lock and key.
For the device form with the separated lock and key, after the remote authorization code is input into the key, the key confirms whether the authorization code is legal and effective through the same calculation process as that in the comparison module 3, and if the authorization code is legal and effective, the authorization code is converted into format data defined in the lock; and then, the key and the lock are associated to establish communication, the communication can be in a contact or wireless mode, the key data is transmitted to the lock, the communication process adopts a preset communication secret key to encrypt and then sends the converted authorization code to the lock equipment, and the lock performs unlocking action after authentication again.
For the device form of the integration of the lock and the key, the authorization code is directly input into the device, and the unlocking action is executed after the validity is confirmed.
Based on the same inventive concept, the present invention further provides a non-transitory computer readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the remote offline real-time authorization method for an access control system according to an embodiment of the present invention.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing descriptions of specific exemplary embodiments of the present invention have been presented for purposes of illustration and description. It is not intended to limit the invention to the precise form disclosed, and obviously many modifications and variations are possible in light of the above teaching. The exemplary embodiments were chosen and described in order to explain certain principles of the invention and its practical application to enable one skilled in the art to make and use various exemplary embodiments of the invention and various alternatives and modifications. It is intended that the scope of the invention be defined by the claims and their equivalents.
Claims (10)
1. A remote off-line real-time authorization method of an access control system acts on a server side and a user side, and is characterized by comprising the following steps:
s1: initializing a key and a lock, wherein the initialization process comprises setting a system secret key, setting a basic secret key and setting an initial value of an index value;
s2: according to an authorization request remotely applied by a user, editing authorization data and corresponding hash abstract data to obtain an authorization code and returning the authorization code to the user, and inputting the authorization code into a key by the user;
s3: calculating a hash value according to the initialized basic key and the initial value of the index value in the step S1 and the authorization code received in the step S2, and comparing the hash value with the hash digest data in the step S2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction, otherwise, not sending the unlocking instruction.
2. The remote offline real-time authorization method for an access control system according to claim 1, wherein in step S1, the initialization process comprises the following steps:
s101: setting a common communication secret key as a system secret key to serve as a secret key used for encrypting communication;
s102: setting a basic secret key required by an initialized hash algorithm;
s103: setting an initial value of an index value required by a Hash algorithm;
s104: the remainder of the initialization process is filled with all 0x00 bytes, or all 0xff bytes.
3. The remote offline real-time authorization method of the access control system according to claim 1, wherein the authorization code is formed by mixing 32 bytes of data selected from the 32 bytes of data of the hash digest data from the front with the authorization data in a manner agreed by a server, a key and a lock.
4. The remote offline real-time authorization method for an access control system according to claim 1, wherein in step S3, the hash value is calculated by using a standard hash algorithm or a custom hash algorithm.
5. The remote offline real-time authorization method for an access control system according to claim 1, further comprising: the lock receives an unlocking instruction and executes an unlocking action;
wherein the lock and the key are in a separate device form or an integrated device form;
when the lock and the key are in the form of separate devices, after the authorization code is input into the key, the key confirms whether the authorization data is legal and valid through the same process as in the step S3, and if the authorization data is legal and valid, the authorization data is converted into format data defined in the lock; after the key and the lock are associated and communicated, the key data are transmitted to the lock, and the lock performs unlocking action after authentication again;
when the lock and the key are in an integrated equipment form, the authorization code is directly input into the integrated equipment, and the unlocking action is executed after the validity is confirmed.
6. A remote off-line real-time authorization device of an access control system is characterized by comprising an initialization module and an authorization module which are arranged at a server end, and a comparison module which is arranged at a user end;
the initialization module is used for initializing the key and the lock, and the initialization process comprises setting a system secret key, setting a basic secret key and setting an initial value of an index value;
the authorization module is used for editing authorization data and corresponding hash abstract data according to an authorization request remotely applied by a user to obtain an authorization code and return the authorization code to the user, and the user inputs the authorization code into a key;
the comparison module is used for calculating a hash value according to the initialized basic secret key, the initial value of the index value and the received authorization code, and comparing the hash value with the hash abstract data in the step S2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction, otherwise, not sending the unlocking instruction.
7. The remote offline real-time authorization device of the access control system of claim 6, wherein the authorization code is formed by mixing 32 bytes of data selected from the 32 bytes of data of the hash digest data from the front with the authorization data in a manner agreed by the server, the key and the lock.
8. The remote offline real-time authorization device for entrance guard system according to claim 6, wherein said comparison module calculates the hash value using a standard hash algorithm or a custom hash algorithm.
9. The remote offline real-time authorization device of the access control system according to claim 6, further comprising an unlocking module arranged on the lock, for receiving the unlocking instruction sent by the comparison module and instructing the lock to execute an unlocking action;
wherein the lock and the key are in a separate device form or an integrated device form;
when the lock and the key are in the form of separate devices, after the authorization code is input into the key, the key confirms whether the authorization data is legal and valid through the same process as in the step S3, and if the authorization data is legal and valid, the authorization data is converted into format data defined in the lock; after the key and the lock are associated and communicated, the key data are transmitted to the lock, and the lock performs unlocking action after authentication again;
when the lock and the key are in an integrated equipment form, the authorization code is directly input into the integrated equipment, and the unlocking action is executed after the validity is confirmed.
10. A storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the method for remote offline real-time authorization of an access control system according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210312133.7A CN114724291B (en) | 2022-03-28 | 2022-03-28 | Remote offline real-time authorization method and device for access control system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210312133.7A CN114724291B (en) | 2022-03-28 | 2022-03-28 | Remote offline real-time authorization method and device for access control system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114724291A true CN114724291A (en) | 2022-07-08 |
| CN114724291B CN114724291B (en) | 2023-12-12 |
Family
ID=82240552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210312133.7A Active CN114724291B (en) | 2022-03-28 | 2022-03-28 | Remote offline real-time authorization method and device for access control system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114724291B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100992802B1 (en) * | 2010-03-26 | 2010-11-08 | 주식회사 솔라시아 | System for temporary opening/closing door lock and method thereof |
| CN110930551A (en) * | 2019-11-27 | 2020-03-27 | 惠州拓邦电气技术有限公司 | Unlocking method and device, password authorization method and device, and door lock system |
| CN111815817A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Access control safety control method and system |
| CN111815812A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Third-party unlocking control method and system for electronic lock |
| CN112564894A (en) * | 2020-11-11 | 2021-03-26 | 杭州浙程科技有限公司 | Method for unlocking passive lock by intelligent key dynamic secret key |
-
2022
- 2022-03-28 CN CN202210312133.7A patent/CN114724291B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100992802B1 (en) * | 2010-03-26 | 2010-11-08 | 주식회사 솔라시아 | System for temporary opening/closing door lock and method thereof |
| CN110930551A (en) * | 2019-11-27 | 2020-03-27 | 惠州拓邦电气技术有限公司 | Unlocking method and device, password authorization method and device, and door lock system |
| CN111815817A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Access control safety control method and system |
| CN111815812A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Third-party unlocking control method and system for electronic lock |
| CN112564894A (en) * | 2020-11-11 | 2021-03-26 | 杭州浙程科技有限公司 | Method for unlocking passive lock by intelligent key dynamic secret key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114724291B (en) | 2023-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2018127199A1 (en) | Method for generating offline verification code based on smart door lock system, and system thereof | |
| CN109741500B (en) | Temporary password setting and verification method for intelligent lock | |
| CN102546155B (en) | On-demand safe key generates method and system | |
| CN107274532A (en) | The temporary password gate control system that encryption parameter dynamically updates | |
| CN105187431A (en) | Log-in method, server, client and communication system for third party application | |
| WO2011147204A1 (en) | Entrance guard control method and system thereof | |
| CN107180464A (en) | A kind of smart lock method for unlocking and the system using this method | |
| CN104125226A (en) | Locking and unlocking application method, device and system | |
| CN107958513A (en) | A kind of offline authorization method and system of electronic lock | |
| US11743053B2 (en) | Electronic signature system and tamper-resistant device | |
| CN111526007B (en) | Random number generation method and system | |
| CN104052817A (en) | Intelligent door and intelligent door control method and system | |
| CN112182551B (en) | PLC equipment identity authentication system and PLC equipment identity authentication method | |
| JP4570894B2 (en) | Mobile device control system and method using electronic signature | |
| CN111540093A (en) | Access control system and control method thereof | |
| CN113766450B (en) | Vehicle virtual key sharing method, mobile terminal, server and vehicle | |
| CN111277405A (en) | Method for accessing intelligent equipment by using timeliness password in semi-offline environment | |
| CN115100762A (en) | Safe unlocking method for generating 12-bit true random dynamic password | |
| CN116318675A (en) | Dynamic password generation method, system, device, computer equipment and medium | |
| CN114724291A (en) | Remote offline real-time authorization method and device for access control system and storage medium | |
| CN108657117A (en) | A kind of door lock for vehicle switching system based on electronic authorization | |
| CN110120866B (en) | User management method of field device | |
| CN114255533B (en) | Intelligent lock system and implementation method thereof | |
| CN113468565B (en) | Intelligent door lock control method and system | |
| CN107249111A (en) | Remote control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |