CN114724291B - Remote offline real-time authorization method and device for access control system and storage medium - Google Patents
Remote offline real-time authorization method and device for access control system and storage medium Download PDFInfo
- Publication number
- CN114724291B CN114724291B CN202210312133.7A CN202210312133A CN114724291B CN 114724291 B CN114724291 B CN 114724291B CN 202210312133 A CN202210312133 A CN 202210312133A CN 114724291 B CN114724291 B CN 114724291B
- Authority
- CN
- China
- Prior art keywords
- authorization
- key
- lock
- data
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 166
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000003860 storage Methods 0.000 title claims abstract description 12
- 230000006854 communication Effects 0.000 claims description 40
- 238000004422 calculation algorithm Methods 0.000 claims description 38
- 238000004891 communication Methods 0.000 claims description 38
- 238000004590 computer program Methods 0.000 claims description 10
- 230000015654 memory Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 238000005336 cracking Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003111 delayed effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005764 inhibitory process Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00571—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00857—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Lock And Its Accessories (AREA)
Abstract
The application discloses a remote offline real-time authorization method, a device and a storage medium for an access control system, which belong to the field of remote authorization of the access control system, and the method comprises the following steps: s1: initializing a key and a lock, wherein the initialization process comprises the steps of setting a system secret key, setting a basic secret key and setting an initial value of an index value; s2: editing authorization data and corresponding hash abstract data according to an authorization request remotely applied by a user, obtaining an authorization code and returning the authorization code to the user, and inputting the authorization code into a key by the user; s3: calculating a hash value according to the initialized basic key and index value initial value in the step S1 and the authorization code received in the step S2, and comparing the hash value with the hash abstract data in the step S2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction, otherwise, not sending the unlocking instruction. The application can carry out real-time authorization under emergency situation or situation that the local backup server fails and can not acquire the authorization data of the remote server.
Description
Technical Field
The application relates to the field of remote authorization of an access control system, in particular to a remote offline real-time authorization method, device and storage medium of the access control system.
Background
The gate inhibition system is a system for controlling the gate passage as the name implies, and is developed based on the traditional door lock. The traditional mechanical door lock is only a simple mechanical device, and no matter how reasonable the structural design is, the material is firm, so that people can open the mechanical door lock through various means. In many access ways (such as office buildings and hotel rooms) the management of keys is cumbersome, and the locks and keys must be replaced together for key loss or personnel replacement. In order to solve the problems, an electronic magnetic card lock and an electronic coded lock are arranged, and the management degree of people on the passageway of the passageway is improved to a certain extent, so that the passageway management enters an electronic era.
The method for authorizing the access control lock system mainly comprises two methods, namely that authorization is obtained from a remote management server in real time on line, authorization data is edited on the management server in advance in an off-line mode, the authorization data is downloaded to a local key or downloaded to local authentication equipment, and then when a user uses the access control lock system, whether the authority is legal or not is confirmed by comparing the user ID, and unlocking action is further executed.
The current product realizes the preset authority, or the current authority is updated in real time through the local backup server, the unlocking authority cannot be effectively updated under the temporary emergency or the situation that the backup server cannot be used when the power is off in the field, and the crisis processing time is delayed under the emergency.
In the two authorization methods, the network is unblocked when authentication is required in the first type, otherwise, the user ID cannot be effectively compared after input, and the unlocking action cannot be effectively executed; the second method is to update the authorization file only when the management server is returned to the place where the management server is located or to request the local installation of the management server backup device because of the preset authorization file in emergency or when the non-set time period needs authorization, and if the backup device fails in power failure or operation or network failure, the real-time authorization file cannot be updated effectively.
The information disclosed in this background section is only for enhancement of understanding of the general background of the application and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person of ordinary skill in the art.
Disclosure of Invention
The application aims to provide a remote offline real-time authorization method, device and storage medium for an access control system, which can perform real-time authorization under emergency situations or situations that a local backup server fails and authorization data of a remote server cannot be acquired.
In order to achieve the above purpose, the present application provides a remote offline real-time authorization method for an access control system, which acts on a server side and a user side, and comprises the following steps:
s1: initializing a key and a lock, wherein the initialization process comprises the steps of setting a system secret key, setting a basic secret key and setting an initial value of an index value;
s2: editing authorization data and corresponding hash abstract data according to an authorization request remotely applied by a user, obtaining an authorization code and returning the authorization code to the user, and inputting the authorization code into a key by the user;
s3: calculating a hash value according to the initialized basic key and index value initial value in the step S1 and the authorization code received in the step S2, and comparing the hash value with the hash abstract data in the step S2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction, otherwise, not sending the unlocking instruction.
In one embodiment of the present application, in step S1, the initialization process includes the following steps:
s101: setting a common communication secret key as a system secret key to be used as a secret key for encrypting communication;
s102: setting a basic key required by initializing a hash algorithm;
s103: setting an index value initial value required by a hash algorithm;
s104: the remainder of the initialization process is filled with all 0x00 or all 0xff bytes.
In one embodiment of the present application, the authorization code is formed by mixing the authorization data and 32 bytes of data from the front of the 32 bytes of data of the hash digest data together in a manner agreed by the server, the key and the lock.
In an embodiment of the present application, in step S3, a hash value is calculated using a standard hash algorithm or a custom hash algorithm.
In one embodiment of the present application, further comprising: the lock receives an unlocking instruction and executes an unlocking action;
wherein the lock and the key are in separate device forms or in integrated device forms;
when the lock and the key are in the form of separate devices, after the authorization code is input into the key, the key confirms whether the authorization data is legal and valid through the same process as in the step S3, and if the authorization data is legal and valid, the authorization data is converted into the format data defined in the lock; after establishing communication between the key and the lock, transmitting key data to the lock, and executing unlocking action after the lock is authenticated again;
when the lock and the key are in the form of integrated equipment, the authorization code is directly input into the integrated equipment, and the unlocking action is executed after the legal validity is confirmed
The application also provides a remote offline real-time authorization device of the access control system, which comprises an initialization module and an authorization module which are arranged at a server side, and a comparison module which is arranged at a user side;
the initialization module is used for initializing the key and the lock, and the initialization process comprises the steps of setting a system secret key, setting a basic secret key and setting an initial value of an index value;
the authorization module is used for editing authorization data and corresponding hash abstract data according to an authorization request remotely applied by a user, obtaining an authorization code and returning the authorization code to the user, and the user inputs the authorization code into a key;
the comparison module is used for calculating a hash value according to the initialized basic secret key, the initialized index value initial value and the received authorization code, and comparing the hash value with the hash abstract data in the step S2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction, otherwise, not sending the unlocking instruction.
In one embodiment of the present application, the authorization code is formed by mixing the authorization data and 32 bytes of data from the front of the 32 bytes of data of the hash digest data together in a manner agreed by the server, the key and the lock.
In one embodiment of the present application, the comparison module calculates the hash value using a standard hash algorithm or a custom hash algorithm.
In an embodiment of the application, the lock further comprises an unlocking module arranged on the lock and used for receiving the unlocking instruction sent by the comparison module and indicating the lock to execute the unlocking action;
wherein the lock and the key are in separate device forms or in integrated device forms;
when the lock and the key are in the form of separate devices, after the authorization code is input into the key, the key confirms whether the authorization data is legal and valid through the same process as in the step S3, and if the authorization data is legal and valid, the authorization data is converted into the format data defined in the lock; after establishing communication between the key and the lock, transmitting key data to the lock, and executing unlocking action after the lock is authenticated again;
when the lock and the key are in an integrated device form, the authorization code is directly input into the integrated device, and the unlocking action is executed after the legal validity is confirmed.
The application also provides a storage medium, on which a computer program is stored, which when being executed by a processor realizes the steps of the remote offline real-time authorization method according to the access control system.
Compared with the prior art, the remote offline real-time authorization method, the remote offline real-time authorization device and the storage medium of the access control system can be used as an authorization standby method for obtaining real-time authorization under the emergency situation or under the situation that the local backup server fails and cannot acquire the authorization data of the remote server; the method can also be used as a common normal authorization method, and saves the installation and configuration of the backup server.
Drawings
FIG. 1 is a flow chart of a method for remote offline real-time authorization of an access control system according to an embodiment of the present application;
fig. 2 is a schematic diagram of a remote offline real-time authorization device of an access control system according to an embodiment of the application.
Detailed Description
The following detailed description of embodiments of the application is, therefore, to be taken in conjunction with the accompanying drawings, and it is to be understood that the scope of the application is not limited to the specific embodiments.
Throughout the specification and claims, unless explicitly stated otherwise, the term "comprise" or variations thereof such as "comprises" or "comprising", etc. will be understood to include the stated element or component without excluding other elements or components.
As shown in fig. 1, a remote offline real-time authorization method for an access control system according to a preferred embodiment of the present application acts on a server side and a user side, and includes the following steps:
s1: the key and lock are initialized on the server, the initialization process comprises the steps of setting a system secret key, setting a basic secret key and setting an initial value of an index value, the set data are ordered according to a bit byte small end mode (the high byte of the data is stored in a high address of a memory, and the low byte of the data is stored in a low address of the memory), and the set data can also be ordered according to other set modes.
The key data needed by the hash algorithm comprises the key and the index initial value, authorization data and filling data (0 x00 or 0 xff), wherein only the authorization data is variable, and the rest data is respectively transmitted to the key and the lock by the server through encrypted communication in the initialization process. The hash algorithm may require a key length of 32 bytes or a multiple of 32 bytes.
Specifically, the initialization process includes the steps of:
s101: the common communication key is set as a system key to be used as a key for encrypting communication. The common communication key consists of a fixed string, and the same string data and string sequence are used at the server side, key and lock.
In the process of initializing communication, firstly, the fixed character string is used as a secret key to establish communication connection, then, after handshake is successful, the random number character string is used to regenerate the communication secret key, the communication secret key is respectively stored in memories of a server, a key and a lock, and is used as an encryption secret key in the normal use process, the encryption communication is that after the handshake in the initialization process or in the normal use process, secret key data and an index value initial value required by a hash algorithm are transmitted between the server and the key end or the lock, and encryption algorithms such as 3DES or AES128 or a custom encryption algorithm are adopted.
In the method of the application, the initialization process is assumed to be operated by a system administrator in a relatively safe environment, so that the encryption strength of the encrypted communication is not required to be too high, and the communication efficiency is biased.
S102: the basic key required to initialize the hash algorithm is set. The base key is generated from a random number whose byte length is selected according to the required encryption strength requirements.
S103: and setting an initial value of an index value required by the hash algorithm. The initial value of the index value is generated by a random number, and the byte length of the initial value is selected according to the required encryption strength requirement.
When the key format of the hash algorithm is externally ascertained, the length of the index value determines the strength of the hash algorithm, for example, the probability of single byte being cracked is 1/256, the probability of double byte being cracked is 1/65536, and so on, the probability of cracking is 1/2 n (n is the bit length), the index bytes of the index value accumulate 1 after each use, starting from 0 if overflowed.
S104: the remainder of the initialization process is filled with all 0x00 or all 0xff bytes, as well as any bytes agreed upon for use by the server side, keys and locks.
S2: editing the authorization data and the corresponding hash abstract data according to the authorization request remotely applied by the user, obtaining the authorization code and returning the authorization code to the user, and inputting the authorization code into the key by the user. The authorization data is determined according to user-defined unlocking requirements, and comprises contents such as unlocking times, unlocking time range, allowable trial-and-error times and the like, but not limited.
Specifically, the user remotely applies for authorization at the client, namely, the user sends information such as a lock number, an unlocking requirement and the like to the server in a telephone or short message mode, the server edits authorization data and corresponding hash abstract data to acquire part or all of the data, an authorization code is obtained, the authorization code is transmitted to the user in a telephone or short message mode, and the user inputs the authorization code into a key.
The authorization code can be selected to have different lengths according to the encryption strength required by the user, and can be formed by mixing the authorization data and the data with the length of 32 bytes from the front among the 32 bytes of the hash digest data according to the agreed mode of the server, the key and the lock.
Wherein the encryption strength is equal to a binary exponent of the selected byte length.
S3: and (3) calculating a hash value according to the initialized basic key and index value initial value in the step (S1) and the authorization code received in the step (S2), comparing the hash value with the hash abstract data in the step (S2), and sending an unlocking instruction if the calculated hash value is the same as the hash abstract data, otherwise, not sending the unlocking instruction.
Specifically, after the key receives the authorization data or the lock device equipment receives the user input, a standard hash algorithm is used for calculating a hash value, and the hash value is compared with hash abstract data to confirm whether the authorization data is legal and effective.
When the user inputs the authorization data, adopting a limited number of trial-and-error protection algorithms, and locking the input within a period of time after exceeding the trial-and-error number so as to prevent the frequent input of the authorization code from cracking the authentication process.
The step S3 further comprises the following steps: the lock receives an unlocking instruction and performs an unlocking action.
The unlocking operation may be an actual door lock, an unlocking instruction, a logical unlocking level, or the like.
The lock may be in the form of a separate device from the lock and key, or may be in the form of a device in which the lock and key are integrated.
For the equipment combination form of the lock and the key, after the remote authorization code is input into the key, the legal validity of the authorization code is confirmed in the key through the same calculation process as in the step S3, and if the authorization code is legal validity, the authorization code is converted into the format data defined in the lock; and then after the communication is established between the key and the lock, the communication can be in a contact or wireless mode, key data is transmitted to the lock, namely, the communication process adopts a preset communication key to encrypt and then transmits the converted authorization code to the lock, and the lock performs unlocking action after authentication.
For the mode of equipment integrating lock and key, the authorization code is directly input into the equipment, and the unlocking action is executed after the legal validity is confirmed.
The application encrypts the authorization data through a hash algorithm, wherein the hash key comprises four parts, the first part is a basic key byte set by system initialization, the second part is an index byte increased after each use, the third part is an authorization data byte, the fourth part is a lock ID (lock number) byte, part or all of the obtained abstract data after hash calculation is transmitted to a user through telephone or short message, and the user inputs the authorization code into a lock device to execute unlocking action.
Compared with the prior art, the real-time authorization method provided by the application can reduce the installation and configuration of the local server, can be used as an authorization supplementing method in the original network authorization mode, and can still authorize and execute unlocking actions in real time under the condition of emergency or network failure.
As shown in fig. 2, a remote offline real-time authorization device for an access control system according to a preferred embodiment of the present application includes an initialization module 1 and an authorization module 2 disposed at a server side, and a comparison module 3 disposed at a user side.
The initialization module 1 is used for initializing keys and locks, and the initialization process comprises the steps of setting a system key, setting a basic key and setting an initial value of an index value. The data set above may be sorted by bit byte small end mode (high byte of data is stored in high address of memory, and low byte of data is stored in low address of memory), or may be sorted by other set modes.
The key data required by the hash algorithm comprises the set system key, the basic key, the set index value initial value, the authorization data and the filling data (0 x00 or 0 xff), wherein only the authorization data is variable, and the rest data are respectively transmitted to the key and the lock by the server through encryption communication in the initialization process. The hash algorithm may require a key length of 32 bytes or a multiple of 32 bytes.
Specifically, the initialization process includes the steps of:
s101: the common communication key is set as a system key to be used as a key for encrypting communication. The common communication key consists of a fixed string, and the same string data and string sequence are used at the server side, key and lock.
In the process of initializing communication, firstly, the fixed character string is used as a secret key to establish communication connection, then, after handshake is successful, the random number character string is used to regenerate the communication secret key, the communication secret key is respectively stored in memories of a server, a key and a lock, and is used as an encryption secret key in the normal use process, the encryption communication is that after the handshake in the initialization process or in the normal use process, secret key data and an index value initial value required by a hash algorithm are transmitted between the server and the key end or the lock, and encryption algorithms such as 3DES or AES128 or a custom encryption algorithm are adopted.
The device of the application assumes that the initialization process is operated by a system administrator in a relatively safe environment, so that the encryption strength of the encrypted communication is not required to be too high, and the communication efficiency is biased.
S102: the basic key required to initialize the hash algorithm is set. The base key is generated from a random number whose byte length is selected according to the required encryption strength requirements.
S103: and setting an initial value of an index value required by the hash algorithm. The initial value of the index value is generated by a random number, and the byte length of the initial value is selected according to the required encryption strength requirement.
When the key format of the hash algorithm is externally ascertained, the length of the index value determines the strength of the hash algorithm, for example, the probability of single byte being cracked is 1/256, the probability of double byte being cracked is 1/65536, and so on, the probability of cracking is 1/2 n (n is the bit length), the index bytes of the index value accumulate 1 after each use, starting from 0 if overflowed.
S104: the remainder of the initialization process is filled with all 0x00 or all 0xff bytes, as well as any bytes agreed upon for use by the server side, keys and locks.
The authorization module 2 is configured to edit authorization data and corresponding hash digest data according to an authorization request remotely applied by a user, and send the authorization data and the hash digest data back to the user, where the user inputs the authorization data and the hash digest data into the key. The authorization data is determined according to user-defined unlocking requirements, and comprises contents such as unlocking times, unlocking time range, allowable trial-and-error times and the like, but not limited.
Specifically, the user remotely applies for authorization at the client, namely, the user sends information such as a lock number, an unlocking requirement and the like to the server in a telephone or short message mode, the server edits authorization data and corresponding hash abstract data to acquire part or all of the data, an authorization code is obtained, the authorization code is transmitted to the user in a telephone or short message mode, and the user inputs the authorization code into a key.
The authorization code can be selected to have different lengths according to the encryption strength required by the user, and can be formed by mixing the authorization data and the data with the length of 32 bytes from the front among the 32 bytes of the hash digest data according to the agreed mode of the server, the key and the lock.
Wherein the encryption strength is equal to a binary exponent of the selected byte length.
The comparison module 3 is used for calculating a hash value according to the initialized basic secret key, the initialized index value initial value and the received authorization code, and comparing the hash value with hash abstract data in the authorization module 2; and if the calculated hash value is the same as the hash abstract data, sending an unlocking instruction to the unlocking module 4, otherwise, not sending the unlocking instruction.
Specifically, after the key receives the authorization data or the lock device receives the user input, a standard hash algorithm or a custom hash algorithm is used for calculating a hash value, and the hash value is compared with hash abstract data to confirm whether the authorization data is legal and effective.
When the user inputs the authorization data, adopting a limited number of trial-and-error protection algorithms, and locking the input within a period of time after exceeding the trial-and-error number so as to prevent the frequent input of the authorization code from cracking the authentication process.
The remote offline real-time authorization device of the access control system further comprises an unlocking module 4 arranged on the lock equipment and used for receiving the unlocking instruction sent by the comparison module 3 and indicating the lock to execute unlocking action.
The unlocking operation may be an actual door lock, an unlocking instruction, a logical unlocking level, or the like.
The lock may be in the form of a separate device from the lock and key, or may be in the form of a device in which the lock and key are integrated.
For the separated equipment form of the lock and the key, after the remote authorization code is input into the key, the key confirms whether the authorization code is legal and valid through the same calculation process as that in the comparison module 3, and if the authorization code is legal and valid, the authorization code is converted into the format data defined in the lock; and then, establishing communication between the key and the lock, wherein the communication can be in a contact or wireless mode, transmitting key data to the lock, encrypting the key data by adopting a preset communication secret key in the communication process, transmitting the converted authorization code to lock equipment, and executing unlocking action after the lock is authenticated again.
For the mode of equipment integrating lock and key, the authorization code is directly input into the equipment, and the unlocking action is executed after the legal validity is confirmed.
Based on the same inventive concept, the application also provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the remote offline real-time authorization method of the access control system according to the above embodiment.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing descriptions of specific exemplary embodiments of the present application are presented for purposes of illustration and description. It is not intended to limit the application to the precise form disclosed, and obviously many modifications and variations are possible in light of the above teaching. The exemplary embodiments were chosen and described in order to explain the specific principles of the application and its practical application to thereby enable one skilled in the art to make and utilize the application in various exemplary embodiments and with various modifications as are suited to the particular use contemplated. It is intended that the scope of the application be defined by the claims and their equivalents.
Claims (7)
1. A remote offline real-time authorization method of an access control system acts on a server side and a user side and is characterized by comprising the following steps:
s1: initializing a key and a lock, wherein the initialization process comprises the steps of setting a system secret key, setting a basic secret key and setting an initial value of an index value;
s2: editing authorization data and corresponding hash abstract data according to an authorization request remotely applied by a user, obtaining an authorization code and returning the authorization code to the user, and inputting the authorization code into a key by the user;
s3: calculating a hash value according to the initialized basic key and index value initial value in the step S1 and the authorization code received in the step S2, and comparing the hash value with the hash abstract data in the step S2; if the calculated hash value is the same as the hash abstract data, an unlocking instruction is sent, otherwise, the unlocking instruction is not sent;
in step S1, the initialization process includes the following steps:
s101: setting a common communication secret key as a system secret key to be used as a secret key for encrypting communication;
s102: setting a basic key required by initializing a hash algorithm;
s103: setting an index value initial value required by a hash algorithm;
s104: the remainder of the initialization process is filled with all 0x00, or all 0xff bytes;
the authorization code is formed by mixing data with less than or equal to 32 bytes from the front in the 32 bytes of hash digest data and authorization data together in a server, key and lock negotiation mode.
2. The remote offline real-time authorization method of the access control system according to claim 1, wherein in step S3, a hash value is calculated using a standard hash algorithm or a custom hash algorithm.
3. The access control system remote offline real-time authorization method as claimed in claim 1, further comprising: the lock receives an unlocking instruction and executes an unlocking action;
wherein the lock and the key are in separate device forms or in integrated device forms;
when the lock and the key are in the form of separate devices, after the authorization code is input into the key, the key confirms whether the authorization data is legal and valid through the same process as in the step S3, and if the authorization data is legal and valid, the authorization data is converted into the format data defined in the lock; after establishing communication between the key and the lock, transmitting key data to the lock, and executing unlocking action after the lock is authenticated again;
when the lock and the key are in an integrated device form, the authorization code is directly input into the integrated device, and the unlocking action is executed after the legal validity is confirmed.
4. An access control system remote offline real-time authorization device using the access control system remote offline real-time authorization method according to any one of claims 1-3, which is characterized by comprising an initialization module and an authorization module arranged at a server side and a comparison module arranged at a user side;
the initialization module is used for initializing the key and the lock, and the initialization process comprises the steps of setting a system secret key, setting a basic secret key and setting an initial value of an index value;
the authorization module is used for editing authorization data and corresponding hash abstract data according to an authorization request remotely applied by a user, obtaining an authorization code and returning the authorization code to the user, and the user inputs the authorization code into a key;
the comparison module is used for calculating a hash value according to the initialized basic secret key, the initialized index value initial value and the received authorization code, and comparing the hash value with hash abstract data in the authorization module; if the calculated hash value is the same as the hash abstract data, an unlocking instruction is sent, otherwise, the unlocking instruction is not sent;
the initialization process in the authorization module comprises the following steps:
s101: setting a common communication secret key as a system secret key to be used as a secret key for encrypting communication;
s102: setting a basic key required by initializing a hash algorithm;
s103: setting an index value initial value required by a hash algorithm;
s104: the remainder of the initialization process is filled with all 0x00, or all 0xff bytes;
the authorization code is formed by mixing data with less than or equal to 32 bytes from the front in the 32 bytes of hash digest data and authorization data together in a server, key and lock negotiation mode.
5. The access control system remote offline real-time authorization device according to claim 4, wherein the comparison module calculates the hash value using a standard hash algorithm or a custom hash algorithm.
6. The remote offline real-time authorization device of the access control system according to claim 4, further comprising an unlocking module arranged on the lock and used for receiving the unlocking instruction sent by the comparison module and indicating the lock to execute the unlocking action;
wherein the lock and the key are in separate device forms or in integrated device forms;
when the lock and the key are in the form of separate devices, after the authorization code is input into the key, the key confirms whether the authorization data is legal and valid through the same process as that in the comparison module, and if the authorization data is legal and valid, the authorization data is converted into the format data defined in the lock; after establishing communication between the key and the lock, transmitting key data to the lock, and executing unlocking action after the lock is authenticated again;
when the lock and the key are in an integrated device form, the authorization code is directly input into the integrated device, and the unlocking action is executed after the legal validity is confirmed.
7. A storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the access control system remote offline real-time authorization method according to any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210312133.7A CN114724291B (en) | 2022-03-28 | 2022-03-28 | Remote offline real-time authorization method and device for access control system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210312133.7A CN114724291B (en) | 2022-03-28 | 2022-03-28 | Remote offline real-time authorization method and device for access control system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114724291A CN114724291A (en) | 2022-07-08 |
| CN114724291B true CN114724291B (en) | 2023-12-12 |
Family
ID=82240552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210312133.7A Active CN114724291B (en) | 2022-03-28 | 2022-03-28 | Remote offline real-time authorization method and device for access control system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114724291B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100992802B1 (en) * | 2010-03-26 | 2010-11-08 | 주식회사 솔라시아 | System for temporary opening/closing door lock and method thereof |
| CN110930551A (en) * | 2019-11-27 | 2020-03-27 | 惠州拓邦电气技术有限公司 | Unlocking method and device, password authorization method and device, and door lock system |
| CN111815812A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Third-party unlocking control method and system for electronic lock |
| CN111815817A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Access control safety control method and system |
| CN112564894A (en) * | 2020-11-11 | 2021-03-26 | 杭州浙程科技有限公司 | Method for unlocking passive lock by intelligent key dynamic secret key |
-
2022
- 2022-03-28 CN CN202210312133.7A patent/CN114724291B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100992802B1 (en) * | 2010-03-26 | 2010-11-08 | 주식회사 솔라시아 | System for temporary opening/closing door lock and method thereof |
| CN110930551A (en) * | 2019-11-27 | 2020-03-27 | 惠州拓邦电气技术有限公司 | Unlocking method and device, password authorization method and device, and door lock system |
| CN111815812A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Third-party unlocking control method and system for electronic lock |
| CN111815817A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Access control safety control method and system |
| CN112564894A (en) * | 2020-11-11 | 2021-03-26 | 杭州浙程科技有限公司 | Method for unlocking passive lock by intelligent key dynamic secret key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114724291A (en) | 2022-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102472231B1 (en) | Blockchain implementation method and system | |
| CN113489585B (en) | Identity authentication method and system of terminal equipment, storage medium and electronic equipment | |
| US5440633A (en) | Communication network access method and system | |
| CN109272606B (en) | Intelligent lock supervision equipment and method based on block chain and storage medium | |
| CN102546155B (en) | On-demand safe key generates method and system | |
| US5892828A (en) | User presence verification with single password across applications | |
| CN111080845B (en) | Temporary unlocking method, system, door lock, administrator terminal and readable storage medium | |
| AU2018304716B2 (en) | Secure real-time clock update in an access control system | |
| CN107274532A (en) | The temporary password gate control system that encryption parameter dynamically updates | |
| WO2002033884A3 (en) | Method and apparatus for providing a key distribution center | |
| EP2579221A1 (en) | Template delivery type cancelable biometric authentication system and method therefor | |
| US9773129B2 (en) | Anti-replay protected flash | |
| CN107958513A (en) | A kind of offline authorization method and system of electronic lock | |
| US20050033963A1 (en) | Method and system for authentication, data communication, storage and retrieval in a distributed key cryptography system | |
| KR100506528B1 (en) | Mobile terminals control system using digital signature and control method thereof | |
| US20230038949A1 (en) | Electronic signature system and tamper-resistant device | |
| CN103795539B (en) | ID number generation method, allocation method, control method, device and system | |
| CN114724291B (en) | Remote offline real-time authorization method and device for access control system and storage medium | |
| CN110120866B (en) | User management method of field device | |
| US10275960B2 (en) | Security system, management apparatus, permission apparatus, terminal apparatus, security method and program | |
| Yang et al. | Research on data security sharing mechanism of power internet of things based on blockchain | |
| CN116318675A (en) | Dynamic password generation method, system, device, computer equipment and medium | |
| JP3671188B2 (en) | Authentication system and authentication method | |
| CN114170709A (en) | Money box management method and system based on Internet of things | |
| CN116318637A (en) | Method and system for secure network access communication of equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |