CN115690962A - Intelligent entrance guard management method based on long and short rental ecological chain - Google Patents
Intelligent entrance guard management method based on long and short rental ecological chain Download PDFInfo
- Publication number
- CN115690962A CN115690962A CN202211312226.6A CN202211312226A CN115690962A CN 115690962 A CN115690962 A CN 115690962A CN 202211312226 A CN202211312226 A CN 202211312226A CN 115690962 A CN115690962 A CN 115690962A
- Authority
- CN
- China
- Prior art keywords
- mobile phone
- tenant
- new
- door
- background server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
An intelligent entrance guard management method based on long and short rental ecological chains belongs to the technical field of registration systems and comprises the following steps: step S1, in the current tenant mobile phone use stage: the background server verifies the current tenant of the transfer request of the rental house, and generates a temporary door secret key K temp Calculating and transmitting a search result including the first search value M 1 And a first authentication message V 1 The message is sent to the current tenant mobile phone; current tenant handset uses near field shared secret key KO i Carrying out XOR operation on the message and then sending the message to a door label; the door tag calculates the temporary access key and updates it to the near field shared key KO i (ii) a Step 2, a new tenant mobile phone access establishing stage: the new tenant mobile phone updates the received temporary access key into a near-field shared key KO i (ii) a Door labelNew its temporary access key KO i =KO i_new . The scheme is suitable for transferring the permission of the rental housing, meets the safety requirement on information transmission, and has better efficiency performance.
Description
Technical Field
The invention belongs to the technical field of registration systems, and particularly relates to an intelligent entrance guard management method based on a long and short rental ecological chain.
Background
In recent years, long and short rented apartments are favored by a family of rents due to the advantages of convenience and quickness. With the development of intellectualization, it is a trend to realize the management of the entrance guard of the long and short lease ecological chains by using a mobile phone. Traditional access control management of long and short rental ecological chains is realized by card issuing, before use, a card needs to be opened, data such as a rental house number, rental house time and a key are written in a RFID radio frequency mode, then the card is issued to a tenant, and meanwhile, data such as the card number, the rental house time and the key are stored in a cloud platform. In this mode, the following disadvantages exist:
the method needs the tenants and the house broker to be in face-to-face butt joint, so that the labor cost is improved, and the complexity of the tenants for acquiring the access control authority is increased.
2, the mobile entity card is easy to lose, and the labor cost for the additional work is high. And after losing, the personnel who pick up the card can open the door, lacks the security.
And 3, when the long tenant and the short tenant are replaced, the original card needs to be received from the original tenant, and a new card needs to be issued to the new tenant. If the process is done manually, the labor cost is high.
If the access control management is realized through the mobile phone of the tenant, even if the mobile phone of the tenant is lost, the access control authority can be prevented from being acquired by other people by means of unlocking and secrecy of the mobile phone. And after the tenant subsidizes the new mobile phone, the new mobile phone can bear the authority of the original mobile phone without card registration again. The management of the access control authority can be realized on the mobile phone.
Chinese patent publication No. CN106570967A discloses an access control system based on RFID, which requires an RFID card reader to be installed on a door, when a person approaches, an antenna of the RFID card reader installed on the door can actively send out a radio frequency signal to identify an RFID tag worn by the person, and a controller opens an electronic lock, so that the person enters.
If the RFID tag is arranged on the door of each rental house, compared with the arrangement of the RFID card reader on the door, a large amount of cost is saved. And the smart phone with the NFC function has high popularity among young tenants. The smart phone with the NFC function has 3 application scenes: the NFC mobile phone may be used in a card mode, a card reader mode, and a point-to-point mode, where the card reader mode is a mode in which the mobile phone is used as a contactless card reader, for example, related information is read from a poster or exhibition information electronic tag, and in this mode, the NFC mobile phone having a read-write function may collect data from an RFID tag.
If a set of access control system is constructed, the access control authority management is realized through the card reader type NFC mobile phone and the RFID label on the door, and then the material cost and the management cost are saved. Also, it is desirable that the RFID tags on the doors be passive tags, thereby further saving material costs.
The passive tag has no power supply, and the memory can be rewrited passively by means of power transmission data sent by the RFID reader. Passive tags can only implement lightweight functions including simple control commands and arithmetic operations such as XOR operations, random number generation, and the use of only shift and add operations.
The card-based NFC handset and the background communication are relatively secure and they may use complex computing and authentication methods, such as public key encryption. And the card type NFC mobile phone and the passive tag are relatively weak in security due to the limited computing power of the passive tag.
How to strengthen the communication security between the card type NFC mobile phone and the passive tag, especially, how to implement the change of the access right when the passive tag is installed on the door is replaced by the tenant, is a subject to be researched urgently.
Disclosure of Invention
In view of the defects of the prior art, the invention aims to provide an intelligent entrance guard management method based on a long and short rental ecological chain.
In order to achieve the above object, the present invention adopts the following technical solutions.
An intelligent entrance guard management method based on long and short rental ecological chains comprises a house gate label, tenant mobile phones and a background server;
the house door tag is installed on a house of a long and short rental apartment and is a passive RFID tag; the room door label sends an unlocking control command to a controller of an electronic lock on a room door;
the tenant mobile phone has an NFC function, is internally provided with an RFID reader and is in near field communication with the door tag;
the back-end server is in communication connection with the mobile phone of the tenant;
which comprises the following steps:
step S1, in the current tenant mobile phone use stage:
the background server verifies the current tenant of the transfer request of the rental house, and generates a temporary door secret key K temp Calculating and transmitting a search value M including the first search value 1 And a first authentication message V 1 The message is sent to the current mobile phone of the tenant; near-field shared key KO used by current tenant mobile phones i Carrying out XOR operation on the messages and then sending the messages to a door label; the door tag calculates the temporary access key and updates it to the near field shared key KO i When the guest mobile phone is suspended to access the door label, the guest mobile phone is suspended to access the door label;
step 2, a new tenant mobile phone access establishing stage:
the new tenant mobile phone receives a temporary access key K sent by the background server temp Identity TID of gate tag i (ii) a The new tenant mobile phone updates the received temporary access key into a near-field shared key KO i (ii) a Then, the new tenant handset generates a first new key KO i_new And sends a message to the door tag; finally, the door tag updates its temporary access key KO i =KO i_new 。
Further, step 1 comprises the steps of:
step 101: the current tenant mobile phone is in communication connection with a background server and stores an identity identification OID of the current tenant mobile phone C Current tenant handset voucher C C Near field shared key KO i And the identity TID of the door label i (ii) a Wherein i represents the serial number of the door tag, KO i Representing a shared key between the tenant's mobile phone and the door tag;
the current tenant mobile phone generates a first random number r 1 And sends the identity identification OID containing the current tenant mobile phone C Identity OID of new tenant mobile phone N ID TID of door label i A first random number r 1 And current tenant handset voucher C C To the backend server;
step 102: a background server storing an identity TTPID of the background server, a door tag and a shared key KT of the background server i And the identity TID of the door label i ;
The background server calculates the current tenant mobile phone secondary certificate C after receiving the message C ’=h (TTPID||OID C ) Where h () represents a one-way hash function, | | | represents a string connector; then verifying the current tenant's mobile phone voucher C C And the current tenant mobile phone side voucher C C ' whether or not equal: if not, the background server terminates the session; otherwise, the background server finds the shared key KT of the door tag and the background server i Then generates a temporary access key K temp Simultaneously calculating a first search value M 1 =KT i ⊕K temp ⊕r 1 And a first authentication message V 1 =Num(M 1 ,r 1 ) Wherein ≧ represents an exclusive-or operation symbol, num () represents a lightweight function that generates a message; finally, the background server sends a message containing the first retrieval value M 1 And a first authentication message V 1 The message is sent to the current tenant mobile phone;
step 103: the current tenant mobile phone obtains a first retrieval value M 1 Thereafter, using the near field shared key KO i Calculating a second search value M 2 =M 1 ⊕KO i (ii) a The current tenant mobile phone sends a first verification message V 1 The second search value M 2 And a first random number r 1 Forwarding to a door tag and starting a timeout mechanism;
step 104: room door tag utilizing near field shared key KO i Calculating a first search side value M 1 ’=M 2 ⊕KO i And calculates a first secondary verification message V 1 ’=Num(M 1 ’,r 1 ) (ii) a Then verifies the first verification message V 1 And a first secondary authentication message V 1 ' whether or not equal: if equal, the door tag calculates the temporary access key K temp =M 1 ⊕KT i ⊕r 1 Updating the near field shared key KO i =K temp Calculating a first acknowledgement character ACK 1 =Num(KT i ,r 1 )⊕KO i (ii) a Otherwise, the first acknowledgement character ACK is calculated 1 =r 2 Wherein r is 2 Is a second random number; finally, the door tag sends a first acknowledgement character ACK 1 Transmitting to the current tenant mobile phone;
step 105: the current tenant sends a first acknowledgement character ACK 1 Forwarding to a background server; if timeout occurs and no message is received, the current tenant handset uses the old near field shared key KO i Accessing a door tag; if the current tenant mobile phone cannot access the door label, a first acknowledgement character ACK is sent to a background server 1 =OID C (ii) a Otherwise, the current tenant mobile phone returns to step 103;
step 106: when the background server receives the first acknowledgement character ACK 1 Then, ACK is verified 1 =Num (KT i ,r 1 )⊕K temp Or ACK 1 =OID C Whether or not: if yes, the background server sends a second acknowledgement character ACK which indicates success 2 Transmitting to the current tenant mobile phone, and simultaneously, the background server will temporarily access the secret key K temp Identity TID of gate tag i Transferring to a new tenant mobile phone; otherwise, the background server sends a second acknowledgement character ACK indicating failure 2 Transmitting the information to the current tenant mobile phone; the current tenant handset restarts step 103 and then sets the temporary key in step 104.
Further, step 2 comprises the steps of:
step 201: the new tenant mobile phone is in communication connection with the background server and stores the identity identification OID of the new tenant mobile phone N New tenant handset voucher C C And obtaining a temporary access key K from the background server temp And the identity TID of the door label i ;
Renewing near field shared secret KO for new tenant handset i =K temp Then, the new tenant handset generates a first new key KO i_new A third random number r 3 And a fourth random number r 4 (ii) a The new tenant mobile phone calculates a third retrieval value M 3 =KO i_new ⊕r 3 ⊕KO i And a second authentication message V 2 =Num(KO i_new ⊕r 4 )⊕KO i (ii) a In addition, the new tenant mobile phone starts a timeout mechanism;
then, the new tenant mobile phone searches the third search value M 3 Second authentication message V 2 A third random number r 3 And a fourth random number r 4 Sending to a door tag;
step 202: the door tag calculates a second new key KO i_new ’=M 3 ⊕KO i ⊕r 3 And a second secondary authentication message V 2 ’=Num(KO i_new ’,r 4 )⊕KO i (ii) a Then verifying the second secondary verification message V 2 ' and a second authentication message V 2 Whether they are equal: if equal, the near field shared key KO is updated i =KO i_new And calculates a third acknowledgement character ACK 3 =Num(KT i ,r 4 )⊕KT i (ii) a Otherwise, a third acknowledgement character ACK is calculated 3 =r 5 Wherein r is 5 Is a fifth random number;
finally, the door tag transmits a third acknowledgement character ACK 3 To the new tenant handset;
step 203: the new tenant handset sends a third acknowledgement character ACK 3 And a fourth random number r 4 Forwarding to a background server; if timed out and no message is received, the new tenant handset uses the old near field shared key KO i Accessing a door tag; if the new tenant mobile phone cannot access the door label, a third confirmation character ACK is sent to the background server 3 =OID N And a fourth random number r 4 (ii) a If the new tenant handset successfully accesses the door tag using the old key, the new tenant handset restarts step 201;
step 204: when the background server receives the third acknowledgement character ACK 3 And a fourth random number r 4 When it is verified, ACK 3 =Num(KT i ,r 4 )⊕KT i Or ACK 3 =OID N Whether or not: if yes, the background server sends a fourth acknowledgement character ACK to the new tenant mobile phone, wherein the fourth acknowledgement character ACK represents success 4 (ii) a Otherwise, ACK 3 Is a random number r 5 (ii) a Finally, a fourth acknowledgement character ACK representing restarting is sent to the new tenant mobile phone 4 ;
Step 205: if the new tenant handset obtains a fourth acknowledgement character ACK indicating success 4 Then the near field shared key KO is updated i =KO i_new (ii) a Otherwise, the new tenant handset will be restarted to step 201.
The scheme is suitable for transferring the permission of the rental housing, meets the safety requirement on information transmission, and has better efficiency performance.
In the aspect of information transmission safety, the scheme can protect the privacy of the old tenant mobile phone for the old tenant mobile phone, prevent the new tenant mobile phone of the house gate label from tracking former transactions, and update the secret key KO of the house gate label for the new tenant mobile phone due to the house gate label i_new And the current tenant mobile phone does not know K temp And KO i_new ,. Therefore, only the new tenant's mobile phone can recognize the door tag.
In the performance, because the door label is passive RFID label, there is not energy consumption when not operating condition, need not to set up the power alone, and the calculated amount during operating condition is little, and hardware low cost realizes the change of entrance guard's permission when the tenant changes simultaneously.
Drawings
FIG. 1 is a flow chart of step S1 of the present invention;
FIG. 2 is a flowchart of step S2 according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
A long and short rental ecological chain-based intelligent entrance guard management method is characterized in that a physical framework of the method comprises a room door label, a tenant mobile phone and a background server.
And the house door tag is installed on the house of the long and short rental apartments and is a passive RFID tag. Passive RFID tags have no power source and rely on power from the RFID reader to transmit data. The door tag will only simply control commands and arithmetic operations such as XOR operations, random number generation, and lightweight functions using only shift and add operations. The room door label sends an unlocking control command to a controller of an electronic lock on a room door, which belongs to a conventional scheme, and is recorded in the Chinese invention with the publication number of CN106570967A and the like, and is not described in detail.
And the tenant mobile phone has an NFC function, is internally provided with an RFID reader, inquires the door tag and executes high-level calculation operations such as encryption calculation, hash operation and the like. The mobile phone is provided with an antenna for transmitting radio frequency, the antenna is in near field communication with the door tag, the door tag is inquired, and the door tag sends back data.
And the back-end server is in communication connection with the tenant mobile phone and records information associated with the door tag, such as key management, door tag ID management and the like. And the mobile phone sends the identification information acquired from the door label to the back-end server. After the back-end server authorizes, the mobile phone obtains object information containing the house door tag from the back-end server.
This scheme has utilized current cell-phone, has only installed low cost's room door label additional on the door, need not to carry out electric power maintenance to the room door label, so, repacking low cost easily promotes. However, since the room gate tag does not directly communicate with the background server, how to terminate the access right of the old tenant and how to open the access right of the new tenant when the tenant is replaced is a key point of the intelligent entrance guard management method. And after the tenant is replaced, only the new tenant can identify and control the door label, the old tenant does not identify and control the door label, and meanwhile, the new tenant cannot track the passing interaction information between the old tenant and the door label in any mode.
An intelligent entrance guard management method based on long and short lease ecological chains comprises the following steps:
step S1, in the current tenant mobile phone use stage:
the tenant's handset registers with the background server and the gate tag is initialized so that the relevant information will be storedAnd (4) storing. The tenant mobile phone, the background server and the door label have own identity identification. Secret key KT shared by background server and room door tag i Wherein KT i Preloaded in the gate tag and unknown to the shared key KT, neither the current nor the new tenant i . In addition, the backend server must authenticate the tenant at the time of the rental house transfer request.
At this stage, the background server verifies the current tenant of the rental house transfer request, and the background server generates a temporary door secret key K temp Calculating and transmitting a search value M including the first search value 1 And a first authentication message V 1 The message is sent to the current tenant mobile phone; near-field shared key KO used by current tenant mobile phones i Carrying out XOR operation on the message and then sending the message to a door label; the door tag calculates a temporary access key and updates it to the near field shared key KO i At this time, the current tenant mobile phone is suspended from accessing the door tag.
Step 101: current tenant handset → background server. Where "→" indicates the direction of transmission of the message, the same applies hereinafter.
The current tenant mobile phone is in communication connection with a background server and stores an identity identifier OID of the current tenant mobile phone C The current tenant's mobile phone voucher C C Near field shared secret KO i Identity TID of and door label i (ii) a Wherein i represents the serial number of the door tag, KO i Representing the shared key between the tenant's handset and the house gate tag.
The current tenant mobile phone generates a first random number r 1 And sends the identity identification OID containing the current tenant mobile phone C Identity OID of new tenant mobile phone N ID TID of door label i A first random number r 1 And current tenant handset voucher C C To the backend server.
A first random number r in each message 1 All different to avoid replay attacks.
Step 102: background server → current tenant handset.
A background server storing background servicesIdentity TTPID of device, door label and shared key KT of background server i Identity TID of gate tag i ;
The background server calculates the current tenant mobile phone secondary certificate C after receiving the message C ’=h (TTPID||OID C ) Where h () represents a one-way hash function, | | | represents a string connector; then verifying the current tenant's mobile phone voucher C C And the current tenant handset secondary certificate C C ' is equal to or not: if not, the background server terminates the session; otherwise, the background server finds the shared key KT of the door tag and the background server i Then generates a temporary access key K temp While calculating the first search value M 1 =KT i ⊕K temp ⊕r 1 And a first authentication message V 1 =Num(M 1 ,r 1 ) Wherein ≧ represents an exclusive-or operation symbol, num () represents a lightweight function that generates a message; finally, the background server sends a message containing the first retrieval value M 1 And a first authentication message V 1 To the current tenant handset.
Temporary access key K temp The setting of (3) is used for avoiding the current tenant mobile phone from accessing the room door label after ownership transfer, because only the background server and the new tenant know the temporary access key K temp . First authentication message V 1 For ensuring the first retrieval value M 1 The correctness of the operation.
Step 103: current tenant phone → house door tag.
The current tenant mobile phone obtains a first retrieval value M 1 Thereafter, using the near field shared key KO i Calculating a second search value M 2 =M 1 ⊕KO i Where ≧ denotes an exclusive or operation sign. The current tenant mobile phone sends a first verification message V 1 The second search value M 2 And a first random number r 1 And forwarding to the door tag, and starting a timeout mechanism to ensure that the door tag responds within the effective time.
In the timeout mechanism, if the response is not yet performed after the effective time is exceeded, an exception is thrown, and the result is not waited for any more, which is a conventional means and is not described any more.
Near field shared secret KO i The door tag is convenient for identity verification of the tenant mobile phone and only has correct KO i The door tag can be made to perform the operation.
Step 104: door label → current tenant handset.
Room door tag utilizing near field shared key KO i Calculating a first search side value M 1 ’=M 2 ⊕KO i And calculates a first secondary verification message V 1 ’=Num(M 1 ’,r 1 ) (ii) a Then verifies the first verification message V 1 And a first secondary authentication message V 1 ' whether or not equal: if equal, it represents the first search value M 1 Has not been tampered by hackers and current tenant handsets have a near field shared key KO i Since only the near field shares the secret key KO i The correct first search side value M can be calculated 1 ', otherwise the door tag will be validating the first validation message V 1 Time-finding near-field shared key KO i An error; door tag, calculating temporary access key K temp =M 1 ⊕KT i ⊕r 1 Updating the near field shared key KO i =K temp If the updating of the near field shared key is successful, a first acknowledgement character ACK is calculated 1 =Num(KT i ,r 1 )⊕KO i (ii) a Otherwise, the first acknowledgement character ACK is calculated 1 =r 2 Which indicates ownership transfer failure, where r 2 Is a second random number; finally, the door tag sends the first acknowledgement character ACK 1 And transmitting to the current tenant mobile phone.
Step 105: current tenant handset → background server.
The current tenant sends a first acknowledgement character ACK 1 Forwarding to a background server; if timeout occurs and no message is received, the current tenant handset uses the old near field shared key KO i The door tag is accessed. If the current tenant mobile phone cannot access the door label, a first acknowledgement character ACK is sent to a background server 1 =OID C This means that the door tag has been updated, but not the firstAn acknowledgement character ACK 1 Is prevented; otherwise, the current tenant's handset returns to step 103.
In this step, the current tenant's handset can use the old near field shared key KO i Access to the door tag, step 103 the message has been blocked by a hacker. Thus, the current tenant handset restarts step 103, and then sets the temporary access key in step 104.
Step 106: background server → current tenant handset and new tenant handset.
When the background server receives the first acknowledgement character ACK 1 Then, ACK is verified 1 =Num(KT i ,r 1 ) ⊕K temp Or ACK 1 =OID C Whether or not: if so, the background server will indicate a successful second acknowledgement character ACK 2 Delivered to the current tenant handset, wherein ACK 2 = success, while the background server will temporarily access the key K temp Identity TID of gate tag i And transferring to the new tenant mobile phone. If not, the background server sends a second acknowledgement character ACK indicating failure 2 Delivered to the current tenant handset, where ACK 2 = "go to step 103"; the current tenant handset restarts step 103 and then sets the temporary key in step 104.
And 2, establishing the access of the mobile phone of the new tenant.
At this stage, the door tag has shared the near field shared key KO i Updated to the temporary access key K temp . The new tenant mobile phone receives a temporary access key K sent by a background server temp Identity TID of gate tag i (ii) a The new tenant mobile phone updates the received temporary access key into a near field shared key KO i (ii) a The new tenant handset then generates a first new key KO i_new To protect its privacy and send messages to the door tags; finally, the door tag updates its temporary access key KO i =KO i_new 。
Step 201: new tenant handset → house door label.
The new tenant mobile phone is connected with the post-communicationA server storing identity OID of new tenant mobile phone N New tenant handset voucher C C And acquiring a temporary access key K from a background server temp Identity TID of gate tag i 。
Renewing near field shared secret KO for new tenant handset i =K temp Then, the new tenant handset generates a first new key KO i_new A third random number r 3 And a fourth random number r 4 . The new tenant mobile phone calculates a third retrieval value M 3 =KO i_new ⊕r 3 ⊕KO i And a second authentication message V 2 =Num(KO i_new ⊕r 4 )⊕KO i . In addition, the new tenant handset initiates a timeout mechanism.
Then, the new tenant mobile phone searches the third search value M 3 Second verification message V 2 A third random number r 3 And a fourth random number r 4 To the door tag.
Third search value M 3 First secret key KO for screening new tenants i_new Second authentication message V 2 For verifying M 3 Whether the value is changed.
Step 202: door label → new tenant handset.
Door tag, calculating a second new key KO i_new ’=M 3 ⊕KO i ⊕r 3 And a second secondary authentication message V 2 ’ =Num(KO i_new ’,r 4 )⊕KO i (ii) a Then verifying the second secondary verification message V 2 ' and a second authentication message V 2 Whether they are equal: if equal, the second new key KO is represented i_new ' and a first new key KO i_new Equally, updating the near field shared key KO i =KO i_new And calculates a third acknowledgement character ACK 3 =Num(KT i ,r 4 ) ⊕KT i (ii) a Otherwise, a third acknowledgement character ACK is calculated 3 =r 5 Wherein r is 5 Is a fifth random number;
finally, the door tag transmits a third acknowledgement character ACK 3 To the new tenant's mobile phone。
Step 203: new tenant handset → back office server.
The new tenant handset sends a third acknowledgement character ACK 3 And a fourth random number r 4 Forwarding to a background server; if timed out and no message is received, the new tenant handset uses the old near field shared key KO i (i.e. K) temp ) The door tag is accessed. If the new tenant mobile phone cannot access the door label, a third confirmation character ACK is sent to the background server 3 =OID N And a fourth random number r 4 This means that the door tag has updated the first new key KO i_new But the third acknowledgement character ACK 3 Is blocked by a hacker. If the new tenant handset successfully accesses the gate ticket using the old key, it indicates that the message sent in step 201 will be blocked by a hacker, and therefore, the new tenant handset restarts step 201 to facilitate subsequent setting of a new key.
Step 204: background server → new tenant handset.
When the background server receives the third acknowledgement character ACK 3 And a fourth random number r 4 When it is verified, ACK 3 = Num(KT i ,r 4 )⊕KT i Or ACK 3 =OID N Whether or not: if yes, the background server sends a fourth acknowledgement character ACK to the new tenant mobile phone, wherein the fourth acknowledgement character ACK represents success 4 I.e. ACK 4 = success "; otherwise, ACK 3 Is a random number r 5 Sending a fourth acknowledgement character ACK to the new tenant handset to indicate restart 4 I.e. ACK 4 = restart.
Step 205: if the new tenant handset receives a fourth acknowledgement character ACK indicating success 4 Then the near field shared key KO is updated i =KO i_new (ii) a Otherwise, the new tenant handset will be restarted to step 201 to set the first new key KO i_new 。
In this solution, the new tenant generates another first new key KO i_new . New tenant uses temporary access key K temp Authorize messages and associate them with KO i_new Are transmitted to the door togetherAnd (4) a label. Door tag updating its key KO i_new . The current tenant mobile phone does not know K temp And KO i_new ,. Therefore, the door tag is no longer recognized by the current tenant handset.
And (4) safety analysis:
old tenant privacy: the scheme can protect the privacy of the old tenant mobile phone and prevent the new tenant mobile phone of the house gate label from tracking former transactions. New tenant only obtains temporary access key K temp Identity identification TID of and door label i The information cannot be used to obtain the near field shared key KO in step 1 i (since the new tenant does not know the first retrieval value M 1 )。
And (3) authorization recovery: if the current tenant mobile phone needs to transfer the opening authority of the door label to the previous tenant mobile phone temporarily, the same scheme can be adopted for realization.
Preventing replay attacks: the communication message between the tenant's handset and the gate tag always contains a random number, which is different in each session. If a hacker eavesdrops on the message and rebroadcasts it to the door badge, the door tag will not perform any action. Since the random number is different for each session, the hacker cannot use the replay message to let the gate tag do anything.
Prevention of denial of service: at the current tenant mobile phone use stage, the current tenant mobile phone updates KO i =K temp . If the hacker prevents the sending of the containing "V" of step 103 to the door tag 1 、M 2 、r 1 "the door tag does not update the key. Thus, current tenant handsets may use the old key KO i The door tag is accessed and step 103 is repeated. If the hacker prevents the door tag from sending the "ACK" of step 104 to the current tenant's handset 1 "message, and door tag has updated KO i =K temp The current tenant handset will not receive any message and will not be able to use the old key KO on timeout i The door tag is accessed. There is only one possibility that the door tag has updated its key so the process can continue to step 105. Establishing access to mobile phone of new tenantIf a hacker blocks the message, the new tenant may use the same approach to solve the problem.
Preventing man-in-the-middle attacks: any hacker can eavesdrop and modify the message between the tenant's handset and the door tag. In this scheme, a lightweight Num function is used to ensure that the message is not altered. If a hacker modifies the message, they cannot fool the door tag and the tenant's handset because the hacker cannot correctly compute the Num function. The Num function represents the number of bits of the subsequent value.
Prevent multiple tenants from accessing the room gate tag at the same time: according to the scheme, the background server is fully utilized to generate the temporary secret key K temp Currently, only background servers know. The background server uses the current tenant mobile phone to send K temp Set as the key of the door tag. Background server sends K temp After transmitting to the new tenant's mobile phone, only the new tenant's mobile phone can access the door tag. Therefore, the scheme can prevent a plurality of tenant mobile phones from accessing the door label at the same time.
The parameters of the scheme are explained as follows:
OID C : the identity of the current tenant mobile phone;
OID N : identity of the new tenant's mobile phone;
C C : a current tenant handset credential;
C C ': current tenant handset secondary vouchers;
C C : a new tenant handset voucher;
KO i : a near-field shared key, namely a shared key between the ith door tag and the tenant mobile phone;
K temp : a temporary access key;
KO i_new : a first new key;
KO i_new ': a second new key;
TID i : the identity of the ith door label;
r 1 : a first random number;
r 2 : a second random number;
r 3 : a third random number;
r 4 : a fourth random number;
r 5 : is a fifth random number;
OID N : identity of the new tenant's mobile phone;
TTDID: identity identification of the background server;
KT i : a door tag and a shared key of a background server;
TID i : the identity of the ith door label;
M 1 : a first search value;
M 1 ': a first search sub-value;
V 1 : a first authentication message;
V 1 ': a first secondary verification message;
V 2 : a second authentication message;
V 2 ': a second secondary verification message;
M 2 : a second search value;
M 3 : a third search value;
K temp : a temporary access key;
ACK 1 : a first confirmation character;
ACK 2 : a second confirmation character;
ACK 3 : a third confirmation character.
It should be understood that equivalents and modifications to the invention as described herein may occur to those skilled in the art, and all such modifications and alterations are intended to fall within the scope of the appended claims.
Claims (3)
1. An intelligent entrance guard management method based on a long and short lease ecological chain is characterized by comprising a door label, a tenant mobile phone and a background server;
the house door tag is installed on the house of the long and short rental apartments and is a passive RFID tag; the room door label sends an unlocking control command to a controller of an electronic lock on a room door;
the tenant mobile phone has an NFC function, is internally provided with an RFID reader and is in near field communication with the door tag;
the back-end server is in communication connection with the tenant mobile phone;
which comprises the following steps:
step S1, in the current tenant mobile phone use stage:
the background server verifies the current lessee of the lessor transfer request, and generates a temporary door secret key K temp Calculating and transmitting a search value M including the first search value 1 And a first authentication message V 1 The message is sent to the current tenant mobile phone; near-field shared key KO used by current tenant mobile phones i Carrying out XOR operation on the message and then sending the message to a door label; the door tag calculates the temporary access key and updates it to the near field shared key KO i At the moment, the current tenant mobile phone is suspended from accessing the door label;
step 2, a new tenant mobile phone access establishing stage:
the new tenant mobile phone receives a temporary access key K sent by a background server temp Identity TID of gate tag i (ii) a The new tenant mobile phone updates the received temporary access key into a near-field shared key KO i (ii) a The new tenant handset then generates a first new key KO i_new And sends a message to the door tag; finally, the door tag updates its temporary access key KO i =KO i_new 。
2. The intelligent entrance guard management method based on the long and short lease ecological chains as claimed in claim 1, wherein step 1 comprises the following steps:
step 101: the current tenant mobile phone is in communication connection with a background server and stores an identity identification OID of the current tenant mobile phone C The current tenant's mobile phone voucher C C Near field shared secret KO i And the identity TID of the door label i (ii) a Wherein i represents the serial number of the door tag, KO i Representing a tenant's handShared secret keys between the machine and the door tags;
the current tenant mobile phone generates a first random number r 1 And sends the OID containing the identity of the current tenant mobile phone C Identity OID of new tenant mobile phone N ID TID of door label i A first random number r 1 And the current tenant handset voucher C C To the background server;
step 102: a background server storing an identity TTPID of the background server, a room gate label and a shared key KT of the background server i Identity TID of gate tag i ;
The background server calculates the current secondary certificate C of the tenant mobile phone after receiving the message C ’=h(TTPID||OID C ) Where h () represents a one-way hash function, | | | represents a string connector; then verifying the current tenant's mobile phone voucher C C And the current tenant mobile phone side voucher C C ' is equal to or not: if not, the background server terminates the session; otherwise, the background server finds the shared key KT of the door tag and the background server i Then generates a temporary access key K temp Simultaneously calculating a first search value M 1 =KT i ⊕K temp ⊕r 1 And a first authentication message V 1 =Num(M 1 ,r 1 ) Wherein ≧ represents an exclusive-or operation symbol, num () represents a lightweight function that generates a message; finally, the background server sends a message containing the first retrieval value M 1 And a first authentication message V 1 The message is sent to the current tenant mobile phone;
step 103: the current tenant mobile phone obtains a first retrieval value M 1 Thereafter, using the near field shared key KO i Calculating a second search value M 2 =M 1 ⊕KO i (ii) a The current tenant mobile phone sends a first verification message V 1 The second search value M 2 And a first random number r 1 Forwarding to a door tag and starting a timeout mechanism;
step 104: room door tag utilizing near field shared key KO i Calculating a first search side value M 1 ’=M 2 ⊕KO i And calculates a first secondary verification message V 1 ’=Num(M 1 ’,r 1 ) (ii) a Then verifies the first verification message V 1 And a first secondary authentication message V 1 ' whether or not equal: if equal, the door label calculates the temporary access key K temp =M 1 ⊕KT i ⊕r 1 Updating the near field shared key KO i =K temp Calculating a first acknowledgement character ACK 1 =Num(KT i ,r 1 )⊕KO i (ii) a Otherwise, the first acknowledgement character ACK is calculated 1 =r 2 Wherein r is 2 Is a second random number; finally, the door tag sends the first acknowledgement character ACK 1 Transmitting to the current tenant mobile phone;
step 105: the current tenant sends a first acknowledgement character ACK 1 Forwarding to a background server; if timeout occurs and no message is received, the current tenant handset uses the old near field shared key KO i Accessing a door tag; if the current tenant mobile phone cannot access the door label, a first acknowledgement character ACK is sent to a background server 1 =OID C (ii) a Otherwise, the current tenant mobile phone returns to step 103;
step 106: when the background server receives the first acknowledgement character ACK 1 When it is verified, ACK 1 =Num(KT i ,r 1 )⊕K temp Or ACK 1 =OID C Whether or not: if so, the background server will indicate a successful second acknowledgement character ACK 2 The temporary access key K is transmitted to the current tenant mobile phone, and meanwhile, the background server temporarily accesses the key K temp And the identity TID of the door label i Transferring to a new tenant mobile phone; otherwise, the background server sends a second acknowledgement character ACK indicating failure 2 Transmitting the information to the current tenant mobile phone; the current tenant handset restarts step 103 and then sets the temporary key in step 104.
3. The intelligent entrance guard management method based on the long and short rental ecochains as claimed in claim 2, wherein the step 2 comprises the following steps:
step 201: new tenantThe mobile phone is in communication connection with the background server and stores the identity identification OID of the new tenant mobile phone N New tenant handset voucher C C And obtaining a temporary access key K from the background server temp Identity TID of gate tag i ;
Renewing near field shared secret KO for new tenant handset i =K temp Then, the new tenant handset generates a first new key KO i_new A third random number r 3 And a fourth random number r 4 (ii) a The new tenant mobile phone calculates a third retrieval value M 3 =KO i_new ⊕r 3 ⊕KO i And a second authentication message V 2 =Num(KO i_new ⊕r 4 )⊕KO i (ii) a In addition, the new tenant mobile phone starts a timeout mechanism;
then, the new tenant mobile phone searches the third search value M 3 Second authentication message V 2 A third random number r 3 And a fourth random number r 4 Send to the door tag;
step 202: door tag, calculating a second new key KO i_new ’=M 3 ⊕KO i ⊕r 3 And a second secondary authentication message V 2 ’=Num(KO i_new ’,r 4 )⊕KO i (ii) a Then verifying the second secondary verification message V 2 ' and a second authentication message V 2 Whether equal: if equal, the near field shared key KO is updated i =KO i_new And calculates a third acknowledgement character ACK 3 =Num(KT i ,r 4 )⊕KT i (ii) a Otherwise, a third acknowledgement character ACK is calculated 3 =r 5 Wherein r is 5 Is a fifth random number;
finally, the door tag transmits a third acknowledgement character ACK 3 To the new tenant handset;
step 203: the new tenant handset sends a third acknowledgement character ACK 3 And a fourth random number r 4 Forwarding to a background server; if timeout occurs and no message is received, the new tenant handset uses the old near field shared key KO i Accessing a door tag; if the new tenant mobile phone cannot access the door label, the new tenant mobile phone provides service to the backgroundThe device sends a third acknowledgement character ACK 3 =OID N And a fourth random number r 4 (ii) a If the new tenant handset successfully accesses the door tag using the old key, the new tenant handset restarts step 201;
step 204: when the background server receives the third acknowledgement character ACK 3 And a fourth random number r 4 Then, ACK is verified 3 =Num(KT i ,r 4 )⊕KT i Or ACK 3 =OID N Whether or not: if yes, the background server sends a fourth acknowledgement character ACK to the new tenant mobile phone, wherein the fourth acknowledgement character ACK represents success 4 (ii) a Otherwise, ACK 3 Is a random number r 5 (ii) a Finally, a fourth acknowledgement character ACK representing restarting is sent to the new tenant mobile phone 4 ;
Step 205: if the new tenant handset receives a fourth acknowledgement character ACK indicating success 4 Updating the near field shared key KO i =KO i_new (ii) a Otherwise, the new tenant handset will be restarted to step 201.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211312226.6A CN115690962B (en) | 2022-10-25 | 2022-10-25 | Intelligent entrance guard management method based on long-short renting ecological chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211312226.6A CN115690962B (en) | 2022-10-25 | 2022-10-25 | Intelligent entrance guard management method based on long-short renting ecological chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115690962A true CN115690962A (en) | 2023-02-03 |
| CN115690962B CN115690962B (en) | 2023-10-13 |
Family
ID=85098707
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211312226.6A Active CN115690962B (en) | 2022-10-25 | 2022-10-25 | Intelligent entrance guard management method based on long-short renting ecological chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115690962B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050114270A1 (en) * | 2003-11-21 | 2005-05-26 | International Business Machines Corporation | Merchandise-integral transaction receipt and auditable product ownership trail |
| CN1797500A (en) * | 2004-12-28 | 2006-07-05 | 国际商业机器公司 | Apparatus and method for verifying the ownership of an owner's authority in terms of product and service |
| CN102855504A (en) * | 2011-08-02 | 2013-01-02 | 深联致远(北京)科技有限公司 | Method and device for ownership transfer of radio frequency identification (RFID) tag |
| CN105023365A (en) * | 2015-07-31 | 2015-11-04 | 华南理工大学 | NFC-based public bike management system and method |
| CN105100112A (en) * | 2015-08-25 | 2015-11-25 | 西安电子科技大学 | Cloud-storing based radio frequency identification (RFID) group tag ownership transferring method |
| CN105160279A (en) * | 2015-08-07 | 2015-12-16 | 郑州轻工业学院 | Multi-owner label ownership transferring method characterized in that RFID system needs trusted third party |
| CN106330451A (en) * | 2016-08-11 | 2017-01-11 | 广东工业大学 | Radio frequency identification (RFID) tag ownership transfer method |
| CN106710035A (en) * | 2016-10-26 | 2017-05-24 | 乐视控股(北京)有限公司 | Unlocking and locking methods and equipment |
| CN107067058A (en) * | 2017-03-20 | 2017-08-18 | 广东工业大学 | A kind of radio frequency identification system label ownership transfer method |
| CN110111501A (en) * | 2019-05-15 | 2019-08-09 | 北京亿实筑业技术开发有限公司 | Mobile house manages platform |
| CN110190966A (en) * | 2019-05-17 | 2019-08-30 | 西安电子科技大学 | A kind of wireless radio frequency identification mark ownership transfer method based on cloud storage |
| CN113689598A (en) * | 2021-09-02 | 2021-11-23 | 全民认证科技(杭州)有限公司 | Rental house remote management method based on intelligent door lock |
-
2022
- 2022-10-25 CN CN202211312226.6A patent/CN115690962B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050114270A1 (en) * | 2003-11-21 | 2005-05-26 | International Business Machines Corporation | Merchandise-integral transaction receipt and auditable product ownership trail |
| CN1797500A (en) * | 2004-12-28 | 2006-07-05 | 国际商业机器公司 | Apparatus and method for verifying the ownership of an owner's authority in terms of product and service |
| CN102855504A (en) * | 2011-08-02 | 2013-01-02 | 深联致远(北京)科技有限公司 | Method and device for ownership transfer of radio frequency identification (RFID) tag |
| CN105023365A (en) * | 2015-07-31 | 2015-11-04 | 华南理工大学 | NFC-based public bike management system and method |
| CN105160279A (en) * | 2015-08-07 | 2015-12-16 | 郑州轻工业学院 | Multi-owner label ownership transferring method characterized in that RFID system needs trusted third party |
| CN105100112A (en) * | 2015-08-25 | 2015-11-25 | 西安电子科技大学 | Cloud-storing based radio frequency identification (RFID) group tag ownership transferring method |
| CN106330451A (en) * | 2016-08-11 | 2017-01-11 | 广东工业大学 | Radio frequency identification (RFID) tag ownership transfer method |
| CN106710035A (en) * | 2016-10-26 | 2017-05-24 | 乐视控股(北京)有限公司 | Unlocking and locking methods and equipment |
| CN107067058A (en) * | 2017-03-20 | 2017-08-18 | 广东工业大学 | A kind of radio frequency identification system label ownership transfer method |
| CN110111501A (en) * | 2019-05-15 | 2019-08-09 | 北京亿实筑业技术开发有限公司 | Mobile house manages platform |
| CN110190966A (en) * | 2019-05-17 | 2019-08-30 | 西安电子科技大学 | A kind of wireless radio frequency identification mark ownership transfer method based on cloud storage |
| CN113689598A (en) * | 2021-09-02 | 2021-11-23 | 全民认证科技(杭州)有限公司 | Rental house remote management method based on intelligent door lock |
Non-Patent Citations (1)
| Title |
|---|
| 马艺函: "RFID安全认证和所有权转移协议的设计与分析" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115690962B (en) | 2023-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8482378B2 (en) | Access control system and method for operating said system | |
| CN109272606B (en) | Intelligent lock supervision equipment and method based on block chain and storage medium | |
| CN111478917B (en) | Background system for providing network service for access control device and user terminal | |
| CN103535090B (en) | For the system and method for the Identity Management of mobile device | |
| US7409552B2 (en) | Method for securing communications between a terminal and an additional user equipment | |
| US20190172287A1 (en) | Rolling Code Based Proximity Verification for Entry Access | |
| CN1323538C (en) | A dynamic identity certification method and system | |
| US20180359635A1 (en) | Securitization of Temporal Digital Communications Via Authentication and Validation for Wireless User and Access Devices | |
| JP2018074205A (en) | Program, information processing device, information processing system, and information processing method | |
| CN105871874A (en) | Mobile Internet virtual key authorizing system and hardware door lock control method thereof | |
| US20040044625A1 (en) | Digital contents issuing system and digital contents issuing method | |
| JP2011511350A (en) | Access control management method and apparatus | |
| CN106156677B (en) | Identity card card reading method and system | |
| JP2018010449A (en) | Smart lock authentication system and method in smart lock | |
| CN113689607A (en) | Intelligent door lock code scanning unlocking method and system based on application program | |
| CN106027457A (en) | Identity card information transmission method and system | |
| CN106027249B (en) | Identity card card reading method and system | |
| WO2011152729A1 (en) | A method of authorizing a person, an authorizing architecture and a computer program product | |
| EP2356637A1 (en) | Card credential method and system | |
| CN110113153A (en) | NFC secret key updating method, terminal and system | |
| CN115690962B (en) | Intelligent entrance guard management method based on long-short renting ecological chain | |
| JPWO2003077173A1 (en) | Service execution module | |
| CN115866586A (en) | Intelligent security authentication and identification system based on big data | |
| CN104683108B (en) | Cancel the safety certifying method of one card for multiple uses RFID tag application | |
| CN1862556B (en) | Method and apparatus for controlling computer 10g-in by contactless smart card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |