TW201107577A - Intelligent gate security system with one-time password function - Google Patents

Intelligent gate security system with one-time password function Download PDF

Info

Publication number
TW201107577A
TW201107577A TW99138952A TW99138952A TW201107577A TW 201107577 A TW201107577 A TW 201107577A TW 99138952 A TW99138952 A TW 99138952A TW 99138952 A TW99138952 A TW 99138952A TW 201107577 A TW201107577 A TW 201107577A
Authority
TW
Taiwan
Prior art keywords
image
time password
code
rsa
authentication
Prior art date
Application number
TW99138952A
Other languages
Chinese (zh)
Other versions
TWI410555B (en
Inventor
Yu-Kai Huang
xian-tang Lin
yong-wei Gao
Xian-Ming Yuan
Original Assignee
xian-tang Lin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by xian-tang Lin filed Critical xian-tang Lin
Priority to TW99138952A priority Critical patent/TW201107577A/en
Publication of TW201107577A publication Critical patent/TW201107577A/en
Application granted granted Critical
Publication of TWI410555B publication Critical patent/TWI410555B/zh

Links

Landscapes

  • Lock And Its Accessories (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An intelligent gate security system with a one-time password (OTP) function is provided, in which a one-time password RSA verification server (ORS) uses multimedia message service (MMS) to transmit a verification image to a mobile phone. After the message is opened, the original image sent from the MMS can be seen as well as a button for regenerating a new 2D barcode (QR code) for verification. The regenerated OR code requires to be recognized by a video camera of a gate machine of the one-time password RSA verification client end (ORC) to preview the OR code image and check whether it is the legal OR code. Then the RSA encrypted image is transmitted to the ORS for verification. If it is verified, the door lock can be unlocked by a control circuit.

Description

201107577 六、發明說明: 【發明所屬之技術領域】 本發明係提供一種一次性密碼門禁系統之技術領域,尤 指其技術上提供一種具一次性密碼功能的智慧型門禁系統 者0 【先前技術】201107577 VI. Description of the Invention: [Technical Field] The present invention provides a technical field of a one-time password access control system, and more particularly, it provides a smart access control system with a one-time password function. [Prior Art]

按’鬥禁是居家安全的第一道關口’門禁的目的是要 讓合法者可以進入,而將非法者阻擋於門外。 傳統的門鎖是最多人使用也是最方便的門禁建構方式 ’它具有簡單、容易安裝、以及不需額外電力的優點,而 且萬一鑰匙遺失時也可以方便找到可以開鎖的人員。它最Pressing 'the ban is the first pass for home security'. The purpose of the access control is to allow legitimate people to enter and to block illegal people. The traditional door lock is the most convenient and convenient access control construction method. It has the advantages of being simple, easy to install, and requiring no extra power, and it is also convenient to find people who can unlock if the key is lost. It is the most

顯而易見的缺點是容易被入侵 輕易地打開幾乎所有的門鎖。 是遺失的物品之一,萬一遺失 為了怕忘記或是遺失錄匙,所 一副備用鑰匙,而通常小偷也 供小偷一個更方便進入的方式 ,一個具有經驗的小偷可以 其次’鑰匙也是容易忘記或 時需要請別人幫忙。有些人 以會在門口附近適當位置藏 知道這回事,所以無形中提 在微電腦特別是微控制器開始 3及時,為了避免鑰匙 遺失的麻煩,增加小偷開鎖的困難 雖虔’以及讓其他人在沒 有鑰匙之下也可以進入,就有密 ’頻的出現。密碼鎖通常 是以單晶片(例如8051 )為核心, 辩 般會有一個具有數 σ簡早的I/O控制及驅 動電路,以構成門鎖機構。這種門禁 201107577 字鍵的小鍵盤’讓使用者可以輪入數字,有些也會有一個 簡易的顯示盗,例如七4又顯示器或是小型的[CD,用來告訴 操作者相關的訊息。若是使用者輸入了正確的密碼則系統 會驅動電路而讓門鎖開啟。這種密碼鎖的優點是增加了小 偷打開門鎖的困難度,尤其是所設的密碼位數愈高時,困 難度也愈高。其次住戶再也不需要攜帶鑰匙,可以避免忘 記攜帶而無法進入的窘境。另外,若是他人想要進入屋内 ,但是不知道密碼時’住戶也可以透過告知該訪客密碼的 方式’讓他可以先行進入室内。這種門禁的缺點是密碼的 組合通常比較簡[而且不會經常變換密石馬,使得被不法 人士得知的機會增加〇 是以,針對上述習知結構所存在之問題點,如何開發 -種更具理想實用性之創新結構,實消f者所殷切企盼, 亦係相關業者須努力研發突破之目標及方向。 有鑑於此,發明人本於多年從事相關產品之製造開發 與設計經驗’針對上述之目帛,詳加設計與錢評估後, 終得一確具實用性之本發明。 【發明内容】 欲解決之技術問題點:傳統的門鎖是最多人使用也是 最方便的門禁建構方式,农且士雜 再万式匕具有簡早、容易安裝、以及不 南額外電力的優點’而且萬_鑰匙遺失時也可以方便找到 可以開鎖的人員。它最顯而易,的缺卧旦办& u. 201107577 個具有經驗的小偷可以輕易地打開幾乎所有的門鎖。另有 習用密碼鎖’密碼鎖的優點是增加了小偷打開門鎖的困難 度’尤其是所設的密碼位數愈高時,困難度也愈高。其次 住戶再也不需要攜帶錄匙,可以避免忘記攜帶.而無法進入 的箸境。另外’若是他人想要進入屋内,但是不知道密碼 時’住戶也可以透過告知該訪客密碼的方式,讓他可以先 行進入室内。這種門禁的缺點是密碼的組合通常比較簡單 ,而且不會經常變換密碼,使得被不法人士得知的機會增 加。 解決問題之技術特點:提供一種具—次性密碼功能的 s慧里門禁系統,其主要该一次性密碼認證伺服器 (〇RS)可以透過多媒體訊息服務(MMS)傳送認證影像到手機 上。開啟簡訊之後,可以看到由MMS所送來的原始影像, 以及-個用來重新產生認證用之新的:維條碼(qr c〇de)的 独。重新產生之後的QRcQde需要藉由該—次性密碼RSA 認證客戶端(0RC)的門口機的攝影機 %以對廷個QR code 影像進行預先檢視,來檢查這個是否為合 σ在的QR code,然 後將經由RSA加密的影像傳送到〇RS w w y ‘ υκί5以進行認證,若是認 證無誤,就可以經由控制電路開啟門鎖。 w 對照先前技術之功效:本創作採用—·α ^ -人性畨碼’因此 ,下次要以同一組密碼進入即不可能, 作為門禁管制相合 方便安全者。 田 5 201107577 有關本發明所採用之技術、手段及其功效兹舉一較 佳實施例並配合圖式詳細說明於后,相信本發明上述之目 的、構造及特徵’當可由之得一深入而具體的瞭解。 【實施方式】 參閱第-至第六圖所示,本發明係提供—種具一次性 密碼功能的智慧型門禁系統,包括: 數手機20,每-該手機20内部均有一次性密碼二維條 碼產生器(0QG)應用程式; -門口機21 ’該門口機21具有一攝影機2ιι,門口機 21為室内機22的延伸; 一室内機22,該室内機22包括一次性密碼RSA認證客 戶端(0RC),該ORC子系統控制用來擷取影像的門口機21 以及攝影機211,並且偵測是否有發現該手機2〇的二維條 碼(QR code),若有偵測到qR c〇de,則該〇RC的子系統會 啟動預先檢視的程序,這個程序首先會解碼QR影像,決定 儲存在影像内的訊息,然後檢驗内容,只有符合需求的内 容會被送到該一次性密碼RSA認證伺服器(〇RS) 24以做進— 步的處理; 該一次性密碼RSA認證伺服器(0RS) 24驗證由門口機21 的攝影機211所擷取之該手機20的QR c〇de影像的資料; 只有合法的認證資訊可以合法地視為登入的請求,驗證的 合法性必須由内容來判斷,其包含資料可以成功地解碼, 201107577 而且有一個合法且未使用的一次性密碼(〇ρτ),在成功地登 入後,將會成功地產生一個新的包含合法一次性密碼(〇τρ) 的QR code影像,這個影像會以MMS訊息送到客戶端該手 機2 0 ’而且視為下一次的認證用影像;及 一大門電鎖23,該大門電鎖23通常由該室内機22控 制,通過驗證後,該室内機22控制開啟該大門電鎖23,讓 訪客進入室内。 上述該室内機22與該一次性密碼RSA認證伺服器 (0RS) 24可分開設置(如第二圖所示),或可整合一體在該 一次性密碼RSA認證伺服器(0RS) 24内設室内機22的功能 (如第,一 A圖所示)。 该一次性密碼RSA認證伺服器(0RS) 24,其流程有( 參閱第三圖所示):(la)登錄新的使用者。(lb)由CCD擷取 景·/像(2b) °主冊鍵值訊息。(3b)儲存鍵值到對應客戶。(5C) 建立新的一次性密碼(〇TP)。(lc)等待一次性密碼rsa認證 客戶端(0RC)訊息。(2c)RSA解密。(3c)認證。失敗則㈣ 傳送認證錯誤訊息給對應的客戶。成功則(4c)傳送登入成 力Λ息到對應客戶。(5c)建立新的一次性密碼(〇τρ)。(6c) 建立新的一維條碼(QR code)影像。(7c)以MMS傳送QR c〇de 給對應的客戶。 〇亥人性设碼RSA認證飼服器(〇rs) 24,它的主要功 能為驗證由攝影機211所擷取之二維條碼(QR code)影像的 201107577 :貝料有s法的認證資訊可以合法地視為登入的請求。 驗證的合法性必須由内容來判斷,其包含資料可以成功地 解碼,而且有一個合法且未使用的一次性密碼(〇τρ)。在成 功地登入後1會成功地產生一個新的包含合法的一次性 密碼(0ΤΡ)的一維條碼⑽c〇de)影像這個影像會以丽s 。凡心送到客戶鳊,而且視為下一次的認證用影像。 該一次性密碼RSA認證客戶端(0RC),其流程為(參閱 第四圖所示):(ld)由攝影機取得影像。(2d)建立處理影像 的新執行緒。(3d)二維條碼(QR c〇de)偵測。(4d) QR c〇de 解碼。(5d)文數字型訊息。(6d)訊息長度檢查侃。(7d)3d_6d 為預先檢視。(8d)連接到飼服器。(9d)依據飼服器的回應 ,送控制信號到門禁驅動電路。(1〇d)終止執行緒。 該一次性密碼RSA認證客戶端(0RC),為一次性密碼RSA 認證伺服器(0RS) 24及一次性密碼二維條碼產生器(〇QG) 之間的橋樑,它的工作為控制用來擷取影像的攝影機2丄丄 ,並且偵測是否有發現QR c〇de。若有偵測到QR仁〇仏,則 0RC會啟動預先檢視的程序。這個程序首先會解碼QR⑶北 影像,決定儲存在影像内的訊息,然後檢驗内容是否為長 度疋616或617的文數字字串(具有2〇48位元的RSA金鑰 ’會將欲編碼之明文編碼為長度為6丨6或6丨7的文數字字 串)。只有符合需求的内容會被送到〇rS以做進一步的處理 。因為伺服器或許會同時處理多重的〇RC請求,所以預先 201107577 檢視可以減緩〇RS的負擔。 該-次性密碼二維條碼產生器⑽G),其流程為(參閱 第五圖所示):是否為㈤第—次執行。是則㈤產生與儲 存RSA金鑰。(3e)將公開金鑰編碼到QR⑺化中^ 在 攝影機前展示QR code。(5e)MMS内有qr code影像。 否則(13e)等待包含QRcode的mms。是則(6e)顯示QRcode 影像。(7e)解碼QR c〇de。(8e)RSA解密。(9e)轉換内容。 ()RSA 加毪。(lle) QR code 編碼。(i2e)在 〇Rc 攝影 機前展示QR code影像。 忒一次性密碼二維條碼產生器(〇QG)應用程式必須安 裝在手機20上面。首先它必須先產生自己的m金鑰,然 後藉由QR編碼機制會將公開金鑰包裝到QR c〇de之内,這 個QR code影像會經由攝影機21丨送到〇RS。〇Rs在更新了 公開金鑰後,會透過MMS將第一個認證的影像傳送到手機 〇内每個透過⑽影像的認證程序都要有下列的處理步 驟.⑽解碼、RSA解密、t料轉換、RSA加密、QR編碼, 這些處理步驟的主要目的為: 1 .收到MMS的應用程式必須有相對應的解碼金鑰, 才可以解碼MMS内的影像,因此只有原先產生金鑰的應用 程式可以正確解碼。 2由MMS接收到的原始qr code並不能直接用來作 為認證之用,所以不用擔心影像被截取。 201107577 3 .應用程式必須能夠取得相對應手機2 〇的國際移動 - 裝備辨識碼(International Mobile EqUipment identity number , ιΜΕΙ )0 前述一次性密碼(OTP)門禁系統的操作流程如下: 1 ·使用者使用本發明門禁系統服務時,需要先註冊 ’註冊的資訊可包含有名字、社會身份ID、地址、電話、 移動設備號碼、國際移動裝備辨識碼、服務丨D。 2 .手機20開機時,使用者安裝〇Tp QR c〇de產生器 鲁 (0QG)後’這個程式會為這個手機2〇產生包含e,μ與D的 RSA金鑰。 3將么開金錄(Ε,Μ)儲存到QRc〇de影像内,手機2〇 上的這個QR code必須要利用攝影機211進行擷取,然後 將這個機密的訊息傳送到0RS,使得〇RS可以透過MMS傳送 認證影像到手機20上。 4 ·開啟簡訊之後,可以看到由MMS所送來的原始影 鲁 像,以及一個用來重新產生認證用之新的QR c〇de的按鈕 。重新產生之後的QR code需要藉由〇RC的攝影機211讀 取,以對這個QR影像進行預先檢視,來檢查這個是否為合 法的QR code,然後將經由RSA加密的影像傳送到〇RS以進 行認證。 5 .若是認證無誤,就可以經由控制電路開啟門鎖。 前文係針對本發明之較佳實施例為本發明之技術特徵 10 201107577 進行具體之說明;惟, 限热悉此項技術之人士當可在不 本發明之精神盘原則 改’而該等 利範圍所界定之範 .....下對本發明進行變更與修 變更與修改,皆靡^ , 白馬/函盘於如下申請專 中。 【圖式簡單說明】 第一圖:係門禁管制之示意圖。 第二圖:係本發明門禁系統架構圖。 第一 Α圖.係本發明另一門禁系統架構圖。 第二圖:係本發明〇RS流程圖。 第四圖:係本發明0RC流程圖。 第五圖:係本發明0QG流程圖。 【主要元件符號說明】 20手機 21門口機 211攝影機 22室内機 23大門電鎖 24 一次性密碼RSA認證伺服器(〇RS) (1 a)登錄新的使用者 db)由CCD擷取影像 (2b)註冊鍵值訊息 (3b)儲存鍵值到對應客戶 201107577 〇c)等待一次性密鳴RSA認證客戶端(〇rc)訊息 (2c)RSA 解密 (3c)認證 (4c)傳送登入成功訊息到對應客戶 (5c)建立新的一次性密碼(〇τρ) (6c)建立新的二維條碼(QR c〇de)影像 (70以MMS傳送QRc〇de給對應的客戶 (8c)傳送認證錯誤訊息給對應的客戶 鲁 (1 d)由攝影機取得影像 (2d)建立處理影像的新執行緒 (3d)二維條碼(QR code)偵測 (4d)QR code 解碼 (5d)文數字型訊息 (6 d)訊息長度檢查〇 κ (7d)3d-6d為預先檢視 籲 (8 d)連接到飼服器 (9d)依據伺服器的回應’送控制信號到門禁驅動電路 (10d)終止執行緒 (le)第一次執行 (2e)產生與儲存RSA金鍮 (3e)將公開金鑰編碼到qR⑶心中 (4e)在〇Rc攝影機前展示qr⑶心 12 201107577 (5e)MMS 内有 QR code 影像 (6e)顯示QR code影像 (7e)解碼 QRcode (8e)RSA 解密 (9e)轉換内容 (lOe)RSA 加密 (11. e)QR code 編碼 ® (12e)在ORC攝影機前展示QR code影像The obvious drawback is that it is easy to be invaded and easily open almost all the door locks. It is one of the lost items. In case it is lost for fear of forgetting or losing the key, it is a spare key. Usually the thief is also a convenient way for the thief to enter. An experienced thief can be second easy to forget. Or ask someone to help. Some people know this by hiding at the appropriate position near the door, so it is invisible to mention that the microcomputer, especially the microcontroller, starts 3 in time. In order to avoid the trouble of losing the key, the difficulty of unlocking the thief is increased, and the others are There is no key to enter, there is a secret 'frequency. The combination lock is usually based on a single chip (such as the 8051). It is logical to have an I/O control and drive circuit with a small number of σ to form the door lock mechanism. This access control 201107577 key pad keypad allows the user to wheel in numbers, and some also have a simple display thief, such as a 7 4 display or a small [CD, to tell the operator about the message. If the user enters the correct password, the system will drive the circuit and let the door lock open. The advantage of this type of combination lock is that it increases the difficulty of the thief to open the door lock, especially when the number of passwords is higher, the difficulty is higher. Secondly, the household no longer needs to carry the key, and can avoid the dilemma of carrying and not being able to enter. In addition, if someone wants to enter the house but does not know the password, the resident can also let him enter the room first by telling the visitor's password. The disadvantage of this kind of access control is that the combination of passwords is usually relatively simple [and does not change the stone horse often, so that the chances of being learned by the unlawful person increase, so how to develop the problem with the above-mentioned conventional structure The innovative structure with more ideal and practicality is expected to be pursued by the industry, and it is also the goal and direction of the relevant industry. In view of this, the inventor has been engaged in the manufacturing development and design experience of related products for many years. In view of the above objectives, after detailed design and money evaluation, the invention has finally become practical. SUMMARY OF THE INVENTION The technical problem to be solved is that the traditional door lock is the most convenient and the most convenient access control construction method, and the advantages of the farmer and the miscellaneous type are simple, easy to install, and not extra power. And when the _ key is lost, it is also convenient to find people who can unlock. It's the most obvious, the lack of work and the u. 201107577 experienced thieves can easily open almost all the door locks. In addition, the advantage of the conventional password lock 'password lock is that it increases the difficulty for the thief to open the door lock', especially the higher the number of passwords set, the higher the difficulty. Secondly, households no longer need to carry a key to avoid the embarrassment of forgetting to carry. In addition, if someone wants to enter the house but does not know the password, the resident can also let him enter the room first by telling the visitor's password. The disadvantage of this type of access control is that the combination of passwords is usually relatively simple and does not change the password frequently, increasing the chances of being informed by the wrongdoer. The technical feature of solving the problem: providing a siliary access control system with a secondary password function, mainly the one-time password authentication server (〇RS) can transmit the authentication image to the mobile phone through the multimedia message service (MMS). After opening the newsletter, you can see the original image sent by the MMS, and the new one used to regenerate the new one: the bar code (qr c〇de). After the re-creation, QRcQde needs to check the QR code image of the door-to-door machine of the RSA-authenticated client (0RC) to check whether this is the QR code of the σ, and then The image encrypted via RSA is transmitted to 〇RS wwy ' υκί5 for authentication. If the authentication is correct, the door lock can be opened via the control circuit. w Compared with the efficacy of the prior art: this creation uses -·α ^ - humanity weights. Therefore, it is impossible to enter the same group of passwords next time, and it is convenient and safe for the access control. FIELD 5 201107577 The technology, the means and the functions of the present invention will be described in detail with reference to the drawings, and it is believed that the above-mentioned objects, structures and features of the present invention can be Understanding. [Embodiment] Referring to the first to sixth figures, the present invention provides a smart access control system with a one-time password function, including: a number of mobile phones 20, each of which has a one-time password two-dimensional inside Bar code generator (0QG) application; - Door machine 21 'The door machine 21 has a camera 2 ι, the door machine 21 is an extension of the indoor unit 22; an indoor unit 22, the indoor unit 22 includes a one-time password RSA authentication client (0RC), the ORC subsystem controls the door machine 21 and the camera 211 for capturing images, and detects whether there is a QR code of the mobile phone 2, if it is detected qR c〇de The RC subsystem will start the pre-viewing process. This program will first decode the QR image, determine the message stored in the image, and then verify the content. Only the content that meets the requirements will be sent to the one-time password RSA authentication. The server (〇RS) 24 performs the processing of the step-by-step; the one-time password RSA authentication server (0RS) 24 verifies the data of the QR c〇de image of the mobile phone 20 captured by the camera 211 of the door machine 21 Only The authentication information can be legally regarded as the login request. The legality of the verification must be judged by the content, and the data contained therein can be successfully decoded, 201107577 and there is a legal and unused one-time password (〇ρτ), successfully After logging in, a new QR code image containing the legal one-time password (〇τρ) will be successfully generated. This image will be sent to the client via the MMS message 2 0 ' and will be regarded as the next authentication image; And a large door electric lock 23, which is normally controlled by the indoor unit 22, and after verification, the indoor unit 22 controls to open the door electric lock 23 to allow the visitor to enter the room. The indoor unit 22 can be separately configured from the one-time password RSA authentication server (0RS) 24 (as shown in the second figure), or can be integrated into the indoor password RSA authentication server (0RS) 24 The function of the machine 22 (as shown in Figure 1, Figure A). The one-time password RSA authentication server (0RS) 24 has a flow (see the third figure): (la) login to a new user. (lb) Capture the scene/image (2b) ° master key value message from the CCD. (3b) Store the key value to the corresponding customer. (5C) Create a new one-time password (〇TP). (lc) Wait for the one-time password rsa authentication client (0RC) message. (2c) RSA decryption. (3c) Certification. Failure (4) Send an authentication error message to the corresponding customer. If successful, (4c) transfer the login to the corresponding customer. (5c) Create a new one-time password (〇τρ). (6c) Create a new one-dimensional QR code image. (7c) Send QR c〇de to the corresponding customer by MMS. 〇海人性码 RSA certified feeding device (〇rs) 24, its main function is to verify the QR code image captured by the camera 211 201107577: the information of the s method can be legal The ground is considered a request for login. The legitimacy of the verification must be judged by the content, which contains the data that can be successfully decoded, and has a legal and unused one-time password (〇τρ). After successfully logging in, 1 will successfully generate a new one-dimensional barcode (10) c〇de) image containing the legal one-time password (0ΤΡ). This image will be s. The heart is sent to the customer and is considered the next image for certification. The one-time password RSA authentication client (0RC) has a flow (see the fourth figure): (ld) the image is taken by the camera. (2d) Establish a new thread for processing images. (3d) QR code detection (QR c〇de) detection. (4d) QR c〇de decoding. (5d) Digital message. (6d) Message length check 侃. (7d) 3d_6d is a pre-view. (8d) Connect to the feeding device. (9d) According to the response of the feeding device, send a control signal to the access control circuit. (1〇d) Terminate the thread. The one-time password RSA authentication client (0RC) is a bridge between the one-time password RSA authentication server (0RS) 24 and the one-time password two-dimensional barcode generator (〇QG), and its work is used for control. Take the video camera 2丄丄 and detect if QR c〇de is found. If a QR kernel is detected, the 0RC will start the pre-view procedure. This program first decodes the QR(3) North image, determines the message stored in the image, and then checks if the content is a string of characters 疋 616 or 617 (the RSA key with 2 〇 48 bits will be the plaintext to be encoded) Encoded as an alphanumeric string of length 6丨6 or 6丨7). Only content that meets the requirements will be sent to 〇rS for further processing. Because the server may handle multiple RC requests at the same time, the 201107577 view can slow down the burden of 〇RS. The second-order two-dimensional barcode generator (10)G) has a flow (see the fifth figure): whether it is (f) the first execution. Yes (5) Generate and store the RSA key. (3e) Encode the public key into QR(7). ^ Display the QR code in front of the camera. (5e) There is a qr code image in the MMS. Otherwise (13e) wait for the mms containing the QRcode. Yes (6e) shows the QRcode image. (7e) Decode QR c〇de. (8e) RSA decryption. (9e) Convert content. () RSA plus. (lle) QR code encoding. (i2e) Display QR code images in front of the 〇Rc camera.忒 One-time password 2D barcode generator (〇QG) application must be installed on the phone 20. First, it must first generate its own m-key, and then wrap the public key into the QR c〇de by the QR encoding mechanism. This QR code image will be sent to the 〇RS via the camera 21. After updating the public key, 〇Rs will transmit the first authenticated image to the mobile phone through MMS. Each of the 10 (10) image authentication procedures must have the following processing steps. (10) Decoding, RSA decryption, and t-material conversion RSA encryption, QR encoding, the main purpose of these processing steps are: 1. The application that receives the MMS must have a corresponding decoding key to decode the image in the MMS, so only the application that originally generated the key can Correct decoding. 2 The original qr code received by the MMS cannot be used directly for authentication, so there is no need to worry about the image being intercepted. 201107577 3 . The application must be able to obtain the International Mobile EqUipment identity number ( ιΜΕΙ ) of the corresponding mobile phone 2 The operation procedure of the aforementioned one-time password (OTP) access control system is as follows: 1 · The user uses this When inventing the access control system service, you need to register first. 'Registered information can include name, social identity ID, address, phone number, mobile device number, international mobile equipment identification code, service 丨D. 2. When the mobile phone 20 is turned on, the user installs the 〇Tp QR c〇de generator Lu (0QG). This program will generate an RSA key containing e, μ and D for this mobile phone. 3 Save the open record (Ε, Μ) to the QRc〇de image. The QR code on the phone 2 must be captured by the camera 211, and then the confidential message is transmitted to the 0RS so that the 〇RS can The authentication image is transmitted to the mobile phone 20 through the MMS. 4 • After opening the newsletter, you can see the original image of the image sent by the MMS and a button to regenerate the new QR c〇de for authentication. The QR code after re-generation needs to be read by the camera 211 of the RC to pre-view the QR image to check whether this is a valid QR code, and then transmit the image encrypted via RSA to the 〇RS for authentication. . 5. If the authentication is correct, the door lock can be opened via the control circuit. The foregoing description of the preferred embodiment of the present invention is specifically described as the technical feature 10 201107577 of the present invention; however, those skilled in the art can change the principle of the invention without the invention. The definitions of the invention are subject to change and modification and modification of the present invention, and the white horse/letter is in the following application. [Simple description of the diagram] The first picture: a schematic diagram of the access control. Second figure: The architecture diagram of the access control system of the present invention. The first diagram is a diagram of another access control system architecture of the present invention. The second figure is a flow chart of the present invention. Fourth Figure: The 0RC flow chart of the present invention. Fig. 5 is a flow chart of the 0QG of the present invention. [Main component symbol description] 20 mobile phone 21 door machine 211 camera 22 indoor unit 23 door electric lock 24 One-time password RSA authentication server (〇RS) (1 a) Login new user db) Capture image by CCD (2b ) Register key value message (3b) Save key value to corresponding customer 201107577 〇 c) Wait for one-time secret RSA authentication client (〇rc) message (2c) RSA decryption (3c) authentication (4c) Transfer login success message to corresponding The customer (5c) creates a new one-time password (〇τρ) (6c) to create a new QR code (QR c〇de) image (70 sends the QRc〇 to the corresponding client (8c) to send an authentication error message to the MMS. The corresponding customer Lu (1 d) captures the image from the camera (2d) creates a new thread for processing the image (3d) QR code detection (4d) QR code decoding (5d) text type message (6 d) ) Message length check 〇 κ (7d) 3d-6d is pre-viewed (8 d) connected to the feeder (9d) according to the server's response 'send control signal to the access control circuit (10d) termination thread (le) The first execution (2e) generates and stores the RSA gold (3e) and encodes the public key into the qR(3) heart (4e) in front of the Rc camera. Qr(3)心12 201107577 (5e) QR code in MMS image (6e) QR code image (7e) decoding QRcode (8e) RSA decryption (9e) conversion content (lOe) RSA encryption (11. e) QR code encoding ® ( 12e) Display QR code image in front of ORC camera

(13e)等待包含QR code的MMS(13e) Waiting for MMS with QR code

1313

Claims (1)

201107577 七、申請專利範圍: 1 . 一種具一次性密碼功能的智慧型門禁系統,係包 含有: 數手機,每一該手機内部均有一次性密碼二維條碼產 生器(0QG)應用程式; 一門口機,該門口機具有一次性密碼RSA認證客戶端 (0RC)子系統及一攝影機,該〇RC子系統控制用來擷取影像 的該攝影機,並且偵測是否有發現該手機的QR c〇de,若有 偵測到QR code,則該0RC子系統會啟動預先檢視的程序, 這個程序首先會解碼QR影像,決定儲存在影像内的訊息, 然後檢驗内容,只有符合需求的内容會被送到〇rs認證伺 服器以做進一步的處理; 一室内機,該室内機包括一 〇RS認證伺服器,該〇rs 認證伺服器驗證由該攝影機所擷取之該手機的⑽⑶心影 像的資料…合法的認證資訊可以合法地視為登入的: 求,驗證的合法性必須由内容來判斷,其包含資料可以成 力也解馬而且冑冑合法且未使用的一次性密碼(ο”), 在成功地登人後1會成功地產生―個新的包含合法一次 性密碼(GPT)的⑽CGde影像,這個影像會以_訊息送到 客戶端該手機,而且視為下_次的認證用影像;及 室内機控制,通過 ’讓訪客進入室内 一大門電鎖,該大門電鎖通常由該 驗證後,該室内機控制開啟該大門電鎖 14 201107577 2 .如申請專利範圍第1項所述之具一次性密碼功能 的智慧型n禁系統,其中該一次性密碼RSA認證伺服器 (0RS),係為驗證儲存在由該攝影機所擷取之二維條碼 code)影像的資料,只有合法的認證資訊可以合法地視為登 入的請求,驗證的合法性必須由内容來判斷,其包含資料 可以成功地解碼,而且有一個合法且未使用的一次性密碼 (0ΤΡ),在成功地登入後,將會成功地產生一個新的包含合 法的一次性密碼(0TP)的二維條碼(QR c〇de)影像,這個影 像會以MMS訊息送到客戶端,而且視為下一次的認證用影 像。 3如申吻專利範圍第2項所述之具一次性密碼功能 的智慧型門禁系統,其中該—次性密碼RSA認證伺服器 (0RS)使用前需要先註冊,註冊的資訊可包含有名字、社會 身伤ID、地址、電話、移動設備號碼、國際移動裝備辨識 碼、服務ID。 4 ·如中請專利範圍第丄項所述之具一次性密碼功能 的智慧型門禁系統,其中該一次性密碼RSA認證客戶端 (0RC),為一次性密碼RSA認證伺服器(〇RS)及一次性密碼 二維條碼產生器(0QG)之間的橋梁,它的工作為控制用來擷 取影像的該攝影機,並且偵測是否有發現QR c〇de,若有偵 J到QR code,則〇rc會啟動預先驗證的程序,這個程序首 15 201107577 先會解碼QR code影像,決定儲存在影像内的訊息,然後 檢驗内容是否為長度是616或617的文數字字串,只有符 合需求的内容會被送到0RS以做進一步的處理,因為伺服 益或許會同時處理多重的0RC請求,所以預先驗證可以減 緩0RS的負擔。 5 .如申請專利範圍第1項所述之具一次性密碼功能 的智慧型門禁系統,其中一次性密碼二維條碼產生器(〇qG ) 應用程式’必須安裝在諒手機上面,首先它必須先產生自 隹 己的RSA金鑰,然後藉由qr編碼機制會將公開金鑰包裝到 QR code之内,這個qr c〇de影像會經由該攝影機送到〇RS ,0RS在更新了公開金鑰後,會透過MMS將第一個認證的影 像傳送到該手機内,每一個透過QR影像的認證程序都要有 下列的處理步驟:QR解碼、RSA解密、資料轉換、RSA加密 、QR編碼,這些處理目的為收到MMS的應用程式必須有相 對應的解碼金鑰,才可以解碼MMS内的影像,由MMS接收 鲁 到的原始QR code並不能直接用來作為認證之用,所以不 用擔心影像被截取’應用程式必須能夠取得相對應手機的 國際移動裝備辨識媽(Internati〇nal M〇bile Equip_t⑽如 number ’ IMEI)。 八、圖式: 如次頁 16201107577 VII. Patent application scope: 1. A smart access control system with one-time password function, which includes: a number of mobile phones, each of which has a one-time password two-dimensional barcode generator (0QG) application; a door machine having a one-time password RSA authentication client (0RC) subsystem and a camera, the 〇RC subsystem controlling the camera for capturing images, and detecting whether a QR c〇 of the phone is found De, if a QR code is detected, the 0RC subsystem will start the pre-viewing process. This program will first decode the QR image, determine the message stored in the image, and then verify the content. Only the content that meets the requirements will be sent. Go to the 〇rs authentication server for further processing; an indoor unit, the indoor unit includes an RS authentication server, and the 〇rs authentication server verifies the data of the (10)(3) heart image of the mobile phone captured by the camera... Legal authentication information can be legally regarded as logged in: Seeking, the legality of verification must be judged by the content, and the information can be used to solve the problem.胄 A legal and unused one-time password (ο”), after successful login, will successfully generate a new (10) CGde image containing a legal one-time password (GPT), which will be sent to the customer with _ message The mobile phone is regarded as the next-time authentication image; and the indoor unit control, by letting the visitor enter the indoor one-door electric lock, the door electric lock is usually controlled by the indoor unit, and the indoor unit controls to open the door electric lock 14 201107577 2. The smart n-ban system with one-time password function as described in item 1 of the patent application scope, wherein the one-time password RSA authentication server (0RS) is stored for verification by the camera The data of the 2D barcode code image, only the legal authentication information can be legally regarded as the login request, the legality of the verification must be judged by the content, the included data can be successfully decoded, and there is a legal and unused A one-time password (0ΤΡ), after successful login, will successfully generate a new QR code that contains a valid one-time password (0TP). The image will be sent to the client with the MMS message and will be regarded as the next authentication image. 3 The smart access control system with one-time password function as described in item 2 of the patent application scope, wherein the password is The RSA authentication server (0RS) needs to be registered before use. The registered information may include the name, social injury ID, address, telephone number, mobile device number, international mobile equipment identification code, and service ID. The smart access control system with the one-time password function described in the above item, wherein the one-time password RSA authentication client (0RC) is a one-time password RSA authentication server (〇RS) and a one-time password two-dimensional barcode generation The bridge between the devices (0QG), which works to control the camera used to capture images, and detects whether a QR c〇de is found. If there is a detect QR to QR code, then 〇rc will initiate pre-verification. The program, the first 15 201107577 of this program will first decode the QR code image, determine the message stored in the image, and then check whether the content is a string of characters of length 616 or 617, only meet the requirements. 0RS content will be sent for further processing, since the servo gain may be processed simultaneously 0RC multiple requests, pre-verification can 0RS mitigation of the burden. 5. A smart access control system with one-time password function as described in item 1 of the patent application, wherein the one-time password two-dimensional barcode generator (〇qG) application must be installed on the mobile phone, first it must first Generate the self-sufficient RSA key, and then wrap the public key into the QR code by the qr encoding mechanism. The qr c〇de image will be sent to the 〇RS via the camera. The 0RS is updated after the public key is updated. The first certified image will be transmitted to the mobile phone through MMS. Each of the QR image authentication procedures must have the following processing steps: QR decoding, RSA decryption, data conversion, RSA encryption, QR encoding, and so on. The purpose is that the application receiving the MMS must have a corresponding decoding key to decode the image in the MMS. The original QR code received by the MMS cannot be directly used for authentication, so there is no need to worry about the image being intercepted. 'The application must be able to obtain the international mobile equipment identification mom (Internati〇nal M〇bile Equip_t(10) such as number 'IMEI) corresponding to the mobile phone. Eight, the pattern: as the next page 16
TW99138952A 2010-11-12 2010-11-12 Intelligent gate security system with one-time password function TW201107577A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW99138952A TW201107577A (en) 2010-11-12 2010-11-12 Intelligent gate security system with one-time password function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW99138952A TW201107577A (en) 2010-11-12 2010-11-12 Intelligent gate security system with one-time password function

Publications (2)

Publication Number Publication Date
TW201107577A true TW201107577A (en) 2011-03-01
TWI410555B TWI410555B (en) 2013-10-01

Family

ID=44835280

Family Applications (1)

Application Number Title Priority Date Filing Date
TW99138952A TW201107577A (en) 2010-11-12 2010-11-12 Intelligent gate security system with one-time password function

Country Status (1)

Country Link
TW (1) TW201107577A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2495494A (en) * 2011-10-10 2013-04-17 Intercede Ltd Identity verification
CN103095645A (en) * 2011-10-31 2013-05-08 鈊象电子股份有限公司 Confidentiality verification system and method thereof
EP2674901A1 (en) * 2012-05-17 2013-12-18 Yankey Information Co., Ltd. Active barcode authentication system and authentication method thereof
CN103475623A (en) * 2012-06-06 2013-12-25 朱俊宇 Dynamic barcode certification system and its certification method
WO2014003684A1 (en) * 2012-06-26 2014-01-03 Wong Kee Chee Terminal and method of authentication
CN105225304A (en) * 2014-05-30 2016-01-06 由田新技股份有限公司 Access control device and registration system and method thereof
TWI553595B (en) * 2015-05-22 2016-10-11 Access control system and its method
TWI564845B (en) * 2015-06-02 2017-01-01 中興保全股份有限公司 Cloud Security Authentication System
TWI569230B (en) * 2015-06-03 2017-02-01 I-Tek Metal Manufacturing Co Ltd Control system with mobile devices
TWI610273B (en) * 2014-03-28 2018-01-01 中興保全股份有限公司 Automatic visitor system and host thereof

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI573921B (en) * 2015-07-06 2017-03-11 陳啟揚 Method And System Of Unlocking Digital Lock

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW513512B (en) * 2002-03-08 2002-12-11 Li-Chiau Wu Security lock system and the administration way thereof
TW567446B (en) * 2002-04-22 2003-12-21 Chunghwa Telecom Co Ltd Screen image reading system of PDA/mobile phone
TW200623824A (en) * 2004-12-23 2006-07-01 Chunghwa Telecom Co Ltd Mobile image execution system

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2495494A (en) * 2011-10-10 2013-04-17 Intercede Ltd Identity verification
CN103095645A (en) * 2011-10-31 2013-05-08 鈊象电子股份有限公司 Confidentiality verification system and method thereof
EP2674901A1 (en) * 2012-05-17 2013-12-18 Yankey Information Co., Ltd. Active barcode authentication system and authentication method thereof
TWI478075B (en) * 2012-05-17 2015-03-21
CN103475623A (en) * 2012-06-06 2013-12-25 朱俊宇 Dynamic barcode certification system and its certification method
CN103475623B (en) * 2012-06-06 2018-03-20 旸碁资讯股份有限公司 Dynamic bar codes Verification System and its authentication method
WO2014003684A1 (en) * 2012-06-26 2014-01-03 Wong Kee Chee Terminal and method of authentication
TWI610273B (en) * 2014-03-28 2018-01-01 中興保全股份有限公司 Automatic visitor system and host thereof
CN105225304A (en) * 2014-05-30 2016-01-06 由田新技股份有限公司 Access control device and registration system and method thereof
TWI553595B (en) * 2015-05-22 2016-10-11 Access control system and its method
TWI564845B (en) * 2015-06-02 2017-01-01 中興保全股份有限公司 Cloud Security Authentication System
TWI569230B (en) * 2015-06-03 2017-02-01 I-Tek Metal Manufacturing Co Ltd Control system with mobile devices

Also Published As

Publication number Publication date
TWI410555B (en) 2013-10-01

Similar Documents

Publication Publication Date Title
TW201107577A (en) Intelligent gate security system with one-time password function
CN111884806B (en) System and hardware authentication token for authenticating a user or securing interactions
US10491587B2 (en) Method and device for information system access authentication
US8261089B2 (en) Method and system for authenticating a user by means of a mobile device
US20070223685A1 (en) Secure system and method of providing same
US11057372B1 (en) System and method for authenticating a user to provide a web service
EP1338940A1 (en) Universal password generator
KR20110081103A (en) Secure transaction systems and methods
CN103955975A (en) Cellphone-based dynamic two-dimension code access control system
WO2005074227A2 (en) Guest dongle and method of connecting guest apparatuses to wireless home networks
CN1992590A (en) Identity authentication system of network user and method
US20220138306A1 (en) Offline multi-factor one-time password authentication
CN103250160A (en) Authenticate a fingerprint image
CN105787319B (en) Portable terminal based on iris recognition and method thereof
JP2005293490A (en) Biometrics system
JP2009218942A (en) Key authentication system
KR101635278B1 (en) Multi-factor authentication with dynamic handshake quick-response code
JP2005036394A (en) User authentication system
JP2013209821A (en) Electric lock system
JP4760124B2 (en) Authentication device, registration device, registration method, and authentication method
CN109067880B (en) Remote unlocking method of shared equipment, device, equipment and storage medium thereof
TW200805138A (en) Powerless electronic storage lock
US20230418924A1 (en) Execution device, instruction device, method executed by same, and computer program
JP6934441B2 (en) Management server, authentication method, computer program and service cooperation system
US20090240937A1 (en) Separated storage of data and key necessary to access the data

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees