CN116580489B - Access control equipment, access control card and card sender control method, equipment and medium - Google Patents

Access control equipment, access control card and card sender control method, equipment and medium Download PDF

Info

Publication number
CN116580489B
CN116580489B CN202310857583.9A CN202310857583A CN116580489B CN 116580489 B CN116580489 B CN 116580489B CN 202310857583 A CN202310857583 A CN 202310857583A CN 116580489 B CN116580489 B CN 116580489B
Authority
CN
China
Prior art keywords
card
access
access control
key
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310857583.9A
Other languages
Chinese (zh)
Other versions
CN116580489A (en
Inventor
连新蔚
赵晨晨
桑波
吴谨妙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dinghyun Commercial Code Evaluation Technology Shenzhen Co ltd
Original Assignee
Dinghyun Commercial Code Evaluation Technology Shenzhen Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dinghyun Commercial Code Evaluation Technology Shenzhen Co ltd filed Critical Dinghyun Commercial Code Evaluation Technology Shenzhen Co ltd
Priority to CN202310857583.9A priority Critical patent/CN116580489B/en
Publication of CN116580489A publication Critical patent/CN116580489A/en
Application granted granted Critical
Publication of CN116580489B publication Critical patent/CN116580489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a control method, equipment and medium of access control equipment, access control card and card sender, which are applied to the field of user authentication by using biological data, and the method comprises the following steps: when the access card is detected, a random number is sent to the access card; receiving a first encryption value returned by the access card; performing algorithm decentralized processing on the application key and the received palmprint information to determine an access card key; the access control card key and the random number are subjected to algorithm encryption to obtain a second encryption value; and when the first encryption value is matched with the second encryption value, executing a release action. The technical problem that the security coefficient of the access control card swiping is low because any person can hold the access control card to finish unlocking in the related technology is solved, and the technical effect of improving the security of the access control card swiping is achieved.

Description

Access control equipment, access control card and card sender control method, equipment and medium
Technical Field
The present application relates to the field of user authentication using biological data, and more particularly, to a control method, apparatus, and medium for an access control device, access control card, and card issuer.
Background
At present, because intelligent entrance guard is far superior to traditional entrance guard in the aspect of security, convenience and interactivity, intelligent entrance guard includes fingerprint entrance guard, password entrance guard, face identification entrance guard, card swiping entrance guard etc. is replacing the entrance guard mode of traditional key lock.
The access control card is used for replacing a traditional key, an access control key is written into the access control card in advance, key matching is completed through touch interaction between the access control card and a card reader during use, and unlocking is further achieved. However, the access card is in risk of losing, any person can hold the access card to unlock, and the safety factor of the access card swiping access card is low.
Disclosure of Invention
The embodiment of the application solves the technical problem that the security coefficient of the card swiping access control is low because anyone can hold the access card to finish unlocking in the related technology by providing the access control equipment, the access control card and the card sender control method, the equipment and the medium, and realizes the technical effects of checking the identity information of the access control card user and improving the security of the card swiping access control.
The embodiment of the application provides a control method of access control equipment, which comprises the following steps:
when the access card is detected, a random number is sent to the access card;
receiving a first encryption value returned by the access card;
performing algorithm decentralized processing on the application key and the received palmprint information to determine an access card key;
the access control card key and the random number are subjected to algorithm encryption to obtain a second encryption value;
and when the first encryption value is matched with the second encryption value, executing a release action.
Optionally, the step of determining the access card key includes:
determining a dispersion factor according to the hash value of the palmprint information;
determining the application key associated with the identification information of the access card in a security module;
and determining the access control card key through a symmetric encryption algorithm according to the application key and the dispersion factor.
Optionally, the step of encrypting the access card key and the random number through an algorithm to obtain a second encrypted value includes:
determining an encryption algorithm according to the identification information of the access card;
and carrying out encryption operation on the access card key and the random number through the encryption algorithm to obtain the second encryption value.
Optionally, the step of performing the pass action when the first encrypted value matches the second encrypted value includes:
determining whether the character string length and the character string content of the first encryption value and the second encryption value are the same;
when the length of the character string is the same as the content of the character string, a blacklist identifier is obtained, and whether the identifier information of the access card is matched with the blacklist identifier or not is judged;
and when the identification information is not matched with the blacklist identification, controlling the passing module to execute the passing action.
The embodiment of the application provides a control method of an access card, which comprises the following steps:
receiving a random number sent by access control equipment;
encrypting the random number based on a pre-stored authentication key to generate a first encryption value;
and sending the first encryption value to the access control equipment.
The embodiment of the application provides a control method of a card sender, which comprises the following steps:
when receiving the card issuing instruction, generating a root key through a random bit generator;
determining a primary dispersion factor associated with the card issuing instruction, and generating an application key according to the primary dispersion factor and the root key;
generating an authentication key according to the application key and the received palmprint information;
writing the authentication key into an access control card corresponding to the card issuing instruction, and updating the authority information of the access control card according to the card issuing instruction.
Optionally, the step of generating the authentication key according to the application key and the received palmprint information includes:
carrying out hash operation on the palm print information, and generating a secondary separation factor according to a hash value corresponding to the palm print information;
and encrypting by a symmetric encryption algorithm based on the secondary separation factor and the application key to obtain the authentication key.
Optionally, the step of writing the authentication key into the access card corresponding to the card issuing instruction and updating the authority information of the access card according to the card issuing instruction includes:
loading the authentication key to the access card;
determining an application information file, an effective period and the authority information according to the card issuing instruction;
and updating the access control card according to the application information file, the validity period and the authority information.
In addition, the application also provides an access control data processing device, which comprises a memory, a processor and an access control identification program stored on the memory and capable of running on the processor, wherein the access control data processing device realizes the steps of the access control device control method, the access control card control method or the card sender control method when the processor executes the access control identification program.
In addition, the application also provides a computer readable storage medium, wherein the computer readable storage medium is stored with an access control identification program, and the access control identification program realizes the steps of the access control equipment control method, the access control card control method or the card sender control method when being executed by a processor.
One or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:
1. when the access card is detected, a random number is sent to the access card; receiving a first encryption value returned by the access card; performing algorithm decentralized processing on the application key and the received palmprint information to determine an access card key; the access control card key and the random number are subjected to algorithm encryption to obtain a second encryption value; and when the first encryption value is matched with the second encryption value, executing a release action. Therefore, the technical problem that the security coefficient of the access control card swiping access control card is low because any person can hold the access control card to finish unlocking in the related technology is effectively solved, the technical effect of checking the identity information of the access control card user and improving the access control card swiping security is achieved.
2. Because the method adopts the method that when the card issuing instruction is received, a root key is generated through a random bit generator; determining a primary dispersion factor associated with the card issuing instruction, and generating an application key according to the primary dispersion factor and the root key; generating an authentication key according to the application key and the received palmprint information; writing the authentication key into an access control card corresponding to the card issuing instruction, and updating the authority information of the access control card according to the card issuing instruction. Therefore, the technical effect that the user palm print image can be acquired when the palm print access control is used in the related technology, so that the privacy of the user is not guaranteed, the human body characteristic information is not stored, and the privacy of the access control is improved is effectively achieved.
Drawings
FIG. 1 is a schematic flow chart of a first embodiment of a control method of an access control device of the present application;
FIG. 2 is a schematic flow chart of a second embodiment of a method for controlling an access card according to the present application;
FIG. 3 is a schematic flow chart of a third embodiment of a control method of the card sender of the present application;
fig. 4 is a schematic diagram of a hardware structure related to an embodiment of the access control data processing device of the present application.
Detailed Description
In the related art, the password access control does not need a hardware medium, and unlocking operation is performed through passwords, but a used object is not identified, so that the security is not strong. Fingerprint access control has the condition that correct fingerprints are used for identification, but the identification is not passed, and people with unclear fingerprint characteristics exist globally. The face recognition access control is easy to be broken, the collected face information is easy to be abused, and the personal privacy of a user is revealed. The access control card is used for replacing a traditional key, access control passwords are written into the access control card in advance, key matching is completed through touch interaction between the access control card and a card reader during use, and unlocking is further achieved. However, the access card is in risk of losing, any person can hold the access card to unlock, and the safety factor of the access card swiping access card is low. The embodiment of the application adopts the main technical scheme that: when the access control card and the palmprint information are read, a random number is sent to the access control card, and a first encryption value returned by the access control card is received; and generating a second encryption value according to the pre-stored application key, the random number and the palm print information, and executing a release action when the first encryption value is matched with the second encryption value. Therefore, the technical effects of checking the identity information of the user of the access card and improving the security of the access card swiping are achieved.
In order to better understand the above technical solution, exemplary embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present application are shown in the drawings, it should be understood that the present application can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the application to those skilled in the art.
Example 1
The embodiment of the application discloses a control method of access control equipment, and referring to fig. 1, the control method of the access control equipment comprises the following steps:
step S110, when an access card is detected, a random number is sent to the access card;
in this embodiment, when the access control device reads the access control card information, a random number is sent to the access control card.
As an alternative implementation manner, when the access control device detects the access control card, the random number is generated through the password module, and the random number is sent to the access control card.
When the access control device reads the related information of the access control card, a random number generation instruction is sent to a password module on the access control device, the password module generates a random number related to the parameter value according to the parameter value associated with the received random number generation instruction, and the random number is sent to the access control card through a near field communication technology.
Step S120, receiving a first encryption value returned by the access card;
in this embodiment, the first encryption value is a character string returned by the access card in response to the random number.
As an alternative embodiment, the first encryption value returned by the access card is accepted through the near field communication technology.
The access control card is placed at a working position where a card reader can read by a user, and when the access control device detects the information of the access control card, a random number is sent to the access control card, and a first encryption value returned by the access control card is received. The near field communication technology and the returned character string are used for processing, so that information interaction can be completed under the touch card swiping scene even if the touch time is short, and the access control use efficiency is improved.
Step S130, carrying out algorithm dispersion processing on the application key and the received palmprint information to determine an access card key;
in this embodiment, the application key is a key associated with the access card in the access device.
As an optional implementation manner, determining an application key associated with the access card, acquiring palm print information acquired by the palm print identification module, taking a hash value of the palm print information as a dispersion factor, and dispersing the palm print information into the access card key based on a preset algorithm according to the dispersion factor and the application key.
Optionally, step S130 includes:
step S131, determining a dispersion factor according to the hash value of the palm print information;
step S132, determining the application key associated with the identification information of the access card in a security module;
and step S133, determining the access card key through a symmetric encryption algorithm according to the application key and the dispersion factor.
As an alternative implementation manner, hash operation is performed on palm print information, the obtained hash value is used as a dispersion factor, an application key corresponding to the access card is determined in a security module of the access device according to identification information of the access card, and algorithm dispersion processing is performed on the application key and the dispersion factor according to a preset symmetric encryption algorithm, so that an access card key is obtained.
Illustratively, the access card key of the access card is obtained by dispersing an SM1 or SM4 algorithm, that is, the access card key=enc (application key, hash value), where Enc refers to encryption processing, and the SM1 or SM4 algorithm is a cryptographic algorithm.
Step S140, the access control card key and the random number are subjected to algorithm encryption to obtain a second encryption value;
as an alternative implementation manner, the second encryption value is obtained by encrypting by using the random number and the access card key as encryption elements through a symmetric encryption algorithm.
Optionally, step S140 includes:
step S141, determining an encryption algorithm according to the identification information of the access card;
and step S142, carrying out encryption operation on the access card key and the random number through the encryption algorithm to obtain the second encryption value.
As an optional implementation manner, an encryption algorithm corresponding to the identification information of the access card is determined, the random number generated by the password module is obtained, the access card key and the random number are encrypted according to the encryption algorithm, and a second encryption value corresponding to the random number and the identification information is obtained. I.e. the second encryption value = Enc (access card key, random number).
Illustratively, a random number acquisition instruction is sent to a cryptographic module, which determines a corresponding random number according to identification information associated with the instruction, and returns the random number.
And step S150, when the first encryption value is matched with the second encryption value, a release action is executed.
As an alternative implementation manner, the first encryption value and the second encryption value are compared, and when the first encryption value is the same as the second encryption value, the access control device is controlled to execute the release action.
Optionally, step S150 includes:
step S151, determining whether the string length and the string content of the first encrypted value and the second encrypted value are the same;
step S152, when the character string length is the same as the character string content, obtaining a blacklist identifier, and judging whether the identifier information of the access card is matched with the blacklist identifier;
and step 153, when the identification information is not matched with the blacklist identification, controlling the passing module to execute the releasing action.
In this embodiment, the length of the character string is the number of characters in the character string corresponding to the first encrypted value and the second encrypted value.
As an optional implementation manner, whether the lengths of the character strings corresponding to the first encryption value and the second encryption value are the same is judged, when the lengths of the character strings corresponding to the first encryption value and the second encryption value are the same, whether the characters at the same character position are the same in the first encryption value and the second encryption value is determined, when the characters at each character position are the same, a blacklist identifier is obtained, whether the blacklist identifier matched with the identifier information of the access card exists is judged, and if the blacklist identifier matched with the identifier information of the access card does not exist, the pass module is controlled to execute the pass action.
In this embodiment, when the first encryption value is different from the second encryption value, the access control device is controlled not to execute the release action, and the prompt information of the authentication failure is output.
The technical scheme provided by the embodiment of the application at least has the following technical effects or advantages:
when the access card is detected, a random number is sent to the access card; receiving a first encryption value returned by the access card; performing algorithm decentralized processing on the application key and the received palmprint information to determine an access card key; the access control card key and the random number are subjected to algorithm encryption to obtain a second encryption value; and when the first encryption value is matched with the second encryption value, executing a release action. Therefore, the technical problem that the security coefficient of the access control card swiping access control card is low because any person can hold the access control card to finish unlocking in the related technology is effectively solved, the technical effect of checking the identity information of the access control card user and improving the access control card swiping security is achieved.
Based on the first embodiment, a second embodiment of the present application provides a method for controlling an access card, referring to fig. 2, before step S120, the method for controlling an access card includes:
step S210, receiving a random number sent by access control equipment;
in the embodiment, an information transmission channel exists between the access control equipment and the access control card, and information interaction between the access control card and the access control equipment is realized through the information transmission channel.
As an optional implementation manner, the random number sent by the access control device is received according to the information transmission channel through a near field communication technology.
When a user uses an access control card to perform card swiping action at a card reader of the access control device, the card reader reads information prestored in the access control card, and the access control card receives a random number sent by the access control device.
Step S220, encrypting the random number based on a pre-stored authentication key to generate a first encryption value;
in this embodiment, the authentication key is pre-stored in the access card.
As an alternative embodiment, the first encryption value is obtained by performing an encryption operation on the authentication key and the random number according to a pre-stored encryption algorithm.
Illustratively, an encryption operation is performed on the authentication key and the random number using an SM4/SM1 symmetric encryption algorithm, with the encryption result being the first encryption value. I.e. first encryption value = Enc (authentication key, random number).
Step S230, sending the first encryption value to the access control device.
As an alternative embodiment, the target access device is determined, and the first encrypted value is sent to the access device.
The first encryption value is transmitted to the access device, for example, by a near field communication technique.
The access card is adopted to receive the random number sent by the access equipment, and a first encryption value is generated according to the random number and a prestored authentication key; and the first encryption value is returned to the access control equipment, so that the technical scheme related to the first embodiment is combined, the technical problem that the biological characteristics of the user are required to be stored in the related technology, privacy leakage is easy to cause is effectively solved, under the condition that the biological characteristics of the user are not stored, identity verification when the user uses the access control card is realized, the safety of the access control card swiping is improved, and the privacy safety of the user is also ensured.
Based on the first embodiment, a third embodiment of the present application provides a method for controlling a card sender, referring to fig. 3, where the method for controlling a card sender includes:
step S310, when a card issuing instruction is received, generating a root key through a random bit generator;
in this embodiment, a random bit generator is used to generate bit data of a fixed length as a root key.
As an alternative implementation manner, when the card sender receives a card sending instruction sent by the card sending system, a root key with a preset length is generated through a random bit generator.
Illustratively, a 16 byte root key is generated by a random bit generator.
Illustratively, an encryption algorithm associated with the hairpin instruction is obtained, a preset length matched with the encryption algorithm is determined, and a root key with the preset length is generated through a random bit generator.
Step S320, determining a primary dispersion factor associated with the card issuing instruction, and generating an application key according to the primary dispersion factor and the root key;
in this embodiment, two elements are encrypted by an encryption algorithm to obtain a key, and an encryption operation is performed by a primary dispersion factor and the encrypted element to obtain a primary key, that is, an application key.
As an alternative implementation manner, the primary dispersion factor contained in the hairpin instruction is acquired, the root key is encrypted by using the primary dispersion factor based on the encryption algorithm associated with the hairpin instruction, and the encrypted key is used as the application key.
The method includes the steps of obtaining an enterprise identifier associated with a card issuing instruction, encrypting a root key by using the enterprise identifier according to an SM1 or SM4 encryption algorithm associated with the card issuing instruction, generating an application key, and transmitting the application key to a card reader of the access control equipment.
Step S330, generating an authentication key according to the application key and the received palmprint information;
in this embodiment, the palm print information is a palm print feature or palm print pattern entered by the user.
As an alternative embodiment, the authentication key is obtained by performing an encryption operation based on the palm print information and the application key according to a symmetric encryption algorithm.
Optionally, step S330 includes:
step S331, carrying out hash operation on the palm print information, and generating a secondary separation factor according to a hash value corresponding to the palm print information;
step S332, based on the secondary distribution factor and the application key, encrypting by a symmetric encryption algorithm to obtain the authentication key.
As an alternative implementation manner, generating palm print characteristics according to the collected palm print information, carrying out hash operation on the palm print characteristics, and taking the obtained hash value as a secondary separation factor; and carrying out encryption operation on the secondary separation factor and the application key through a symmetric encryption algorithm to obtain an authentication key.
And step 340, writing the authentication key into the access control card corresponding to the card issuing instruction, and updating the authority information of the access control card according to the card issuing instruction.
In this embodiment, the card issuer writes the authentication key to the access card.
As an alternative implementation manner, after the authentication key is generated, the authentication key is written into the access card to be written, and the authority information, the validity period, the application information file and the like of the access card are updated based on the card issuing instruction.
Optionally, step S340 includes:
step S341, loading the authentication key to the access card;
step S342, determining an application information file, an effective period and the authority information according to the card issuing instruction;
and step S343, updating the access control card according to the application information file, the validity period and the authority information.
As an optional implementation manner, the authentication key is written into the access card corresponding to the card issuing instruction, the access card is updated with the application information file of the access card according to the card issuing information, the effective starting time and the effective ending time of the access card are rewritten, and the authority information of the access card is updated. The permission information stores the equipment identification of the executable access control equipment.
Because the method adopts the method that when the card issuing instruction is received, a root key is generated through a random bit generator; determining a primary dispersion factor associated with the card issuing instruction, and generating an application key according to the primary dispersion factor and the root key; generating an authentication key according to the application key and the received palmprint information; writing the authentication key into an access control card corresponding to the card issuing instruction, and updating the authority information of the access control card according to the card issuing instruction. Therefore, the technical effect that the user palm print image can be acquired when the palm print access control is used in the related technology, so that the privacy of the user is not guaranteed, the human body characteristic information is not stored, and the privacy of the access control is improved is effectively achieved.
The application further provides an access control data processing device, and referring to fig. 4, fig. 4 is a schematic structural diagram of the access control data processing device of the hardware operation environment according to the embodiment of the application.
As shown in fig. 4, the access control data processing apparatus may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) Memory or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the aforementioned processor 1001.
It will be appreciated by those skilled in the art that the structure shown in fig. 4 is not limiting of the access data processing apparatus and may include more or fewer components than shown, or certain components may be combined, or a different arrangement of components.
Optionally, the memory 1005 is electrically connected to the processor 1001, and the processor 1001 may be configured to control operation of the memory 1005, and may also read data in the memory 1005 to implement palm print-based access control identification.
Alternatively, as shown in fig. 4, an operating system, a data storage module, a network communication module, a user interface module, and an entrance guard identification program may be included in the memory 1005 as one storage medium.
Optionally, in the access control data processing device shown in fig. 4, the network interface 1004 is mainly used for data communication with other devices; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the access control data processing apparatus of the present application may be provided in the access control data processing apparatus.
As shown in fig. 4, the access control data processing device invokes, through the processor 1001, an access control identification program stored in the memory 1005, and executes related steps of the control method of the access control device, the access control card and the card sender provided by the embodiment of the present application:
when the access card is detected, a random number is sent to the access card;
receiving a first encryption value returned by the access card;
performing algorithm decentralized processing on the application key and the received palmprint information to determine an access card key;
the access control card key and the random number are subjected to algorithm encryption to obtain a second encryption value;
and when the first encryption value is matched with the second encryption value, executing a release action.
Optionally, the processor 1001 may call the entrance guard identification program stored in the memory 1005, and further perform the following operations:
determining a dispersion factor according to the hash value of the palmprint information;
determining the application key associated with the identification information of the access card in a security module;
and determining the access control card key through a symmetric encryption algorithm according to the application key and the dispersion factor.
Optionally, the processor 1001 may call the entrance guard identification program stored in the memory 1005, and further perform the following operations:
determining an encryption algorithm according to the identification information of the access card;
and carrying out encryption operation on the access card key and the random number through the encryption algorithm to obtain the second encryption value.
Optionally, the processor 1001 may call the entrance guard identification program stored in the memory 1005, and further perform the following operations:
determining whether the character string length and the character string content of the first encryption value and the second encryption value are the same;
when the length of the character string is the same as the content of the character string, a blacklist identifier is obtained, and whether the identifier information of the access card is matched with the blacklist identifier or not is judged;
and when the identification information is not matched with the blacklist identification, controlling the passing module to execute the passing action.
Optionally, the processor 1001 may call the entrance guard identification program stored in the memory 1005, and further perform the following operations:
receiving a random number sent by access control equipment;
encrypting the random number based on a pre-stored authentication key to generate a first encryption value;
and sending the first encryption value to the access control equipment.
Optionally, the processor 1001 may call the entrance guard identification program stored in the memory 1005, and further perform the following operations:
when receiving the card issuing instruction, generating a root key through a random bit generator;
determining a primary dispersion factor associated with the card issuing instruction, and generating an application key according to the primary dispersion factor and the root key;
generating an authentication key according to the application key and the received palmprint information;
writing the authentication key into an access control card corresponding to the card issuing instruction, and updating the authority information of the access control card according to the card issuing instruction.
Optionally, the processor 1001 may call the entrance guard identification program stored in the memory 1005, and further perform the following operations:
carrying out hash operation on the palm print information, and generating a secondary separation factor according to a hash value corresponding to the palm print information;
and encrypting by a symmetric encryption algorithm based on the secondary separation factor and the application key to obtain the authentication key.
Optionally, the processor 1001 may call the entrance guard identification program stored in the memory 1005, and further perform the following operations:
loading the authentication key to the access card;
determining an application information file, an effective period and the authority information according to the card issuing instruction;
and updating the access control card according to the application information file, the validity period and the authority information.
In addition, the embodiment of the application also provides a computer readable storage medium, wherein an access control identification program is stored on the computer readable storage medium, and the access control identification program realizes the related steps of any embodiment of the access control equipment control method, the access control card control method or the card sender control method when being executed by a processor.
In addition, the embodiment of the application also provides an access control system, which comprises access control equipment, an access control card and a card sender, wherein the access control equipment sends a random number to the access control card when detecting the access control card; receiving a first encryption value returned by the access card; performing algorithm decentralized processing on the application key and the received palmprint information to determine an access card key; the access control card key and the random number are subjected to algorithm encryption to obtain a second encryption value; and when the first encryption value is matched with the second encryption value, executing a release action. After receiving the random number sent by the access control equipment, the access control card encrypts the random number based on a pre-stored authentication key to generate a first encryption value, and then sends the first encryption value to the access control equipment. When receiving the card issuing instruction, the card sender generates a root key through a random bit generator; determining a primary dispersion factor associated with the card issuing instruction, generating an application key according to the primary dispersion factor and the root key, transmitting the application key to a card reader of access control equipment and storing the application key, and generating an authentication key according to the application key and the received palmprint information; writing the authentication key into an access control card corresponding to the card issuing instruction, and updating the authority information of the access control card according to the card issuing instruction.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that in the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The application may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (6)

1. The control method of the access control equipment is characterized by comprising the following steps of:
when an access card is detected, a random number acquisition instruction is sent to a password module, the password module determines a corresponding random number according to identification information of the access card associated with the random number acquisition instruction, and the random number is sent to the access card;
receiving a first encryption value returned by the access card, wherein the first encryption value is generated by encrypting the random number based on a pre-stored authentication key;
determining a dispersion factor according to the hash value of the received palmprint information;
determining an application key associated with the identification information of the access card in a security module;
carrying out hash operation on the palm print information, and generating a secondary separation factor according to a hash value corresponding to the palm print information;
encrypting by a symmetric encryption algorithm based on the secondary separation factor and the application key to obtain the authentication key;
determining the access card key through a symmetric encryption algorithm according to the application key and the dispersion factor;
determining an encryption algorithm according to the identification information of the access card;
performing encryption operation on the access card key and the random number through the encryption algorithm to obtain a second encryption value;
judging whether the lengths of the character strings corresponding to the first encryption value and the second encryption value are the same, and when the lengths of the character strings are the same, determining whether the characters at the same character position in the first encryption value and the second encryption value are the same;
when the characters at the positions of all the characters are the same, acquiring a blacklist identifier, and judging whether the blacklist identifier matched with the identification information exists or not;
and if the matched blacklist identification does not exist, controlling the passing module to execute a passing action.
2. The control method of the access card is characterized by comprising the following steps of:
when an access card is detected, a random number acquisition instruction is sent to a password module, the password module determines a corresponding random number according to identification information of the access card associated with the random number acquisition instruction, and the random number is sent to the access card;
receiving a random number sent by access control equipment;
encrypting the random number based on a pre-stored authentication key to generate a first encryption value;
transmitting the first encryption value to the access control equipment;
determining a dispersion factor according to the hash value of the received palmprint information;
determining an application key associated with the identification information of the access card in a security module;
carrying out hash operation on the palm print information, and generating a secondary separation factor according to a hash value corresponding to the palm print information;
encrypting by a symmetric encryption algorithm based on the secondary separation factor and the application key to obtain the authentication key;
determining the access card key through a symmetric encryption algorithm according to the application key and the dispersion factor;
determining an encryption algorithm according to the identification information of the access card;
performing encryption operation on the access card key and the random number through the encryption algorithm to obtain a second encryption value;
judging whether the lengths of the character strings corresponding to the first encryption value and the second encryption value are the same, and when the lengths of the character strings are the same, determining whether the characters at the same character position in the first encryption value and the second encryption value are the same;
when the characters at the positions of all the characters are the same, acquiring a blacklist identifier, and judging whether the blacklist identifier matched with the identification information exists or not;
and if the matched blacklist identification does not exist, controlling the passing module to execute a passing action.
3. The control method of the card sender is characterized by comprising the following steps:
when receiving the card issuing instruction, generating a root key through a random bit generator;
determining a primary dispersion factor associated with the card issuing instruction, and generating an application key according to the primary dispersion factor and the root key;
carrying out hash operation on the received palm print information, and generating a secondary separation factor according to a hash value corresponding to the palm print information;
based on the secondary separation factor and the application key, encrypting by a symmetric encryption algorithm to obtain an authentication key;
writing the authentication key into an access control card corresponding to the card issuing instruction, and updating authority information of the access control card according to the card issuing instruction;
when an access card is detected, a random number acquisition instruction is sent to a password module, the password module determines a corresponding random number according to identification information of the access card associated with the random number acquisition instruction, and the random number is sent to the access card;
receiving a first encryption value returned by the access card, wherein the first encryption value is generated by encrypting the random number based on a pre-stored authentication key;
determining a dispersion factor according to the hash value of the received palmprint information;
determining an application key associated with the identification information of the access card in a security module;
determining the access card key through a symmetric encryption algorithm according to the application key and the dispersion factor;
determining an encryption algorithm according to the identification information of the access card;
performing encryption operation on the access card key and the random number through the encryption algorithm to obtain a second encryption value;
judging whether the lengths of the character strings corresponding to the first encryption value and the second encryption value are the same, and when the lengths of the character strings are the same, determining whether the characters at the same character position in the first encryption value and the second encryption value are the same;
when the characters at the positions of all the characters are the same, acquiring a blacklist identifier, and judging whether the blacklist identifier matched with the identification information exists or not;
and if the matched blacklist identification does not exist, controlling the passing module to execute a passing action.
4. The card sender control method according to claim 3, wherein the step of writing the authentication key to the access card corresponding to the card sending instruction and updating the authority information of the access card according to the card sending instruction comprises:
loading the authentication key to the access card;
determining an application information file, an effective period and the authority information according to the card issuing instruction;
and updating the access control card according to the application information file, the validity period and the authority information.
5. An access control data processing device, comprising a memory, a processor and an access control identification program stored in the memory and executable on the processor, wherein the processor implements the steps of the control method of the access control device according to claim 1, the control method of the access control card according to claim 2, or the control method of the card sender according to any one of claims 3 to 4 when executing the access control identification program.
6. A computer-readable storage medium, wherein an access control identification program is stored on the computer-readable storage medium, and the access control identification program, when executed by a processor, implements the steps of the control method of the access control device according to claim 1, the control method of the access control card according to claim 2, or the control method of the card sender according to any one of claims 3 to 4.
CN202310857583.9A 2023-07-13 2023-07-13 Access control equipment, access control card and card sender control method, equipment and medium Active CN116580489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310857583.9A CN116580489B (en) 2023-07-13 2023-07-13 Access control equipment, access control card and card sender control method, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310857583.9A CN116580489B (en) 2023-07-13 2023-07-13 Access control equipment, access control card and card sender control method, equipment and medium

Publications (2)

Publication Number Publication Date
CN116580489A CN116580489A (en) 2023-08-11
CN116580489B true CN116580489B (en) 2023-09-29

Family

ID=87538249

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310857583.9A Active CN116580489B (en) 2023-07-13 2023-07-13 Access control equipment, access control card and card sender control method, equipment and medium

Country Status (1)

Country Link
CN (1) CN116580489B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116844266B (en) * 2023-09-01 2023-11-24 鼎铉商用密码测评技术(深圳)有限公司 Access control method, access control system and storage medium
CN118172853A (en) * 2024-03-11 2024-06-11 深圳市博西尼电子有限公司 Entrance guard data encryption method and system based on commercial cryptographic algorithm

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103108327A (en) * 2011-11-15 2013-05-15 中国移动通信集团公司 Method, device and system of verification of safety association between terminal equipment and user card
CN109272609A (en) * 2018-08-19 2019-01-25 天津新泰基业电子股份有限公司 A kind of CPU safety door inhibition control method and system
CN109495885A (en) * 2017-09-13 2019-03-19 中国移动通信有限公司研究院 Authentication method, mobile terminal, management system and Bluetooth IC
CN113436376A (en) * 2021-06-02 2021-09-24 杭州海康威视数字技术股份有限公司 Access control system, method and device and biological key card
CN115758398A (en) * 2022-10-31 2023-03-07 鼎铉商用密码测评技术(深圳)有限公司 Access control data processing method and device, access control system and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103108327A (en) * 2011-11-15 2013-05-15 中国移动通信集团公司 Method, device and system of verification of safety association between terminal equipment and user card
CN109495885A (en) * 2017-09-13 2019-03-19 中国移动通信有限公司研究院 Authentication method, mobile terminal, management system and Bluetooth IC
CN109272609A (en) * 2018-08-19 2019-01-25 天津新泰基业电子股份有限公司 A kind of CPU safety door inhibition control method and system
CN113436376A (en) * 2021-06-02 2021-09-24 杭州海康威视数字技术股份有限公司 Access control system, method and device and biological key card
CN115758398A (en) * 2022-10-31 2023-03-07 鼎铉商用密码测评技术(深圳)有限公司 Access control data processing method and device, access control system and storage medium

Also Published As

Publication number Publication date
CN116580489A (en) 2023-08-11

Similar Documents

Publication Publication Date Title
CN116580489B (en) Access control equipment, access control card and card sender control method, equipment and medium
EP3435591B1 (en) 1:n biometric authentication, encryption, signature system
US6845453B2 (en) Multiple factor-based user identification and authentication
CN114553439B (en) Encryption key management based on identity information
DE60029390T2 (en) Method and apparatus for encryption / decryption and identification systems
US9218473B2 (en) Creation and authentication of biometric information
US20070118758A1 (en) Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system
CN101765996A (en) Remote Authentication And Transaction Signatures
US9984220B2 (en) Method of authenticating a user holding a biometric certificate
JP2008526078A (en) Method and apparatus for key generation and authentication approval
KR20010052105A (en) Cryptographic key generation using biometric data
JPH11306088A (en) Ic card and ic card system
JP2009151528A (en) Ic card storing biological information and access control method thereof
CN105550626B (en) A kind of iris identification method and device
JP2010165323A (en) Biometric authentication method and system
CN104820814A (en) Second-generation ID card anti-counterfeiting verification system
JP2006099724A (en) Network printing system, printer, facsimile communication system, and facsimile apparatus
US20070106903A1 (en) Multiple Factor-Based User Identification and Authentication
CN117424709B (en) Login method and device of terminal device and readable storage medium
GB2457491A (en) Identifying a remote network user having a password
CN110826038B (en) Data encryption and decryption method and device
US20090241184A1 (en) Method for generating access data for a medical device
JP6841781B2 (en) Authentication server device, authentication system and authentication method
KR101500947B1 (en) Creation and authentication of biometric information
KR20150142333A (en) Creation and authentication of biometric information by using watermark

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant