TW202133010A - Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method - Google Patents
Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method Download PDFInfo
- Publication number
- TW202133010A TW202133010A TW110107405A TW110107405A TW202133010A TW 202133010 A TW202133010 A TW 202133010A TW 110107405 A TW110107405 A TW 110107405A TW 110107405 A TW110107405 A TW 110107405A TW 202133010 A TW202133010 A TW 202133010A
- Authority
- TW
- Taiwan
- Prior art keywords
- key
- lock
- identification code
- encryption
- lock device
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2125—Just-in-time application of countermeasures, e.g., on-the-fly decryption, just-in-time obfuscation or de-obfuscation
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/08—With time considerations, e.g. temporary activation, valid time window or time limitations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
本發明提到使用密碼遠程啟動遠端鑰匙鎖系統以及驗證鑰裝置與鎖裝置之間雙向之機制的方法,以及執行該方法之系統。上述之方法與系統採用在技術領域:用於拉門、捲簾門、天空井、閘門、窗口、滑門等各種門之無線遠端鎖裝置,無線如射頻(radio frequency);用於汽車、電動汽車、機車、電動機車、電動腳踏車等各種交通工具之無線遠端鎖裝置;用於電氣設備之無線遙控器(remote radio-triggered controller),其中電氣設備安裝在不利於直接開關的位置或環境,前述位置或環例如輻射環境、生物汙染環境;用於需保證安全以及避免錯誤的啟動設備之無線遙控器,例如開礦引爆設備等;用於防盜警報設備應用;用於識別卡設備應用,識別卡設備為用來代替各種固定密碼;用來代替各種微晶片遙控(MicroChip KeeLoq)。各種指令可以為:關、開、開始、停止、取消、計時等。The present invention relates to a method for remotely starting a remote key lock system using a password and a two-way mechanism between the verification key device and the lock device, and a system for executing the method. The above-mentioned method and system are used in the technical field: wireless remote lock devices for various doors such as sliding doors, rolling doors, sky wells, gates, windows, sliding doors, etc., wireless such as radio frequency; used in automobiles and electric vehicles , Locomotives, electric locomotives, electric bicycles and other wireless remote lock devices; wireless remote control for electrical equipment (remote radio-triggered controller), where the electrical equipment is installed in a location or environment that is not conducive to direct switching, the aforementioned Location or ring, such as radiation environment, biological pollution environment; used for wireless remote control of equipment that needs to ensure safety and avoid wrong start, such as mining detonation equipment, etc.; used for anti-theft alarm device application; used for identification card device application, identification card device To replace various fixed passwords; to replace various microchip remote control (MicroChip KeeLoq). Various commands can be: off, on, start, stop, cancel, timing, etc.
使用密碼以啟動鎖裝置之方法已使用很久。該方法之普遍編碼系統之一為滾動碼(Rolling Code),於1993年被發表,其是具有高安全性之編碼系統,其中每次啟動時演算法即產生一個不一樣且不重複之碼(code)。然而,滾動碼存在安全漏洞讓壞人可利用,此已獲一位安全性專家「Samy Kamkar」在2015年於巴黎的「DefCon23」會議公布及演示。The method of using a password to activate the lock device has been used for a long time. One of the common coding systems of this method is the rolling code (Rolling Code), which was published in 1993. It is a coding system with high security, in which the algorithm generates a different and non-repetitive code every time it is started ( code). However, there are security loopholes in rolling codes that can be exploited by bad guys. This has been announced and demonstrated by a security expert "Samy Kamkar" at the "DefCon23" conference in Paris in 2015.
目前,「汽車鑰裝置製造(keying of the car)」服務在網路上公開刊登,但並未受源製造商的檢查或是國家權責機關的授權。根據該公開刊登之介紹,「鑰裝置製作者(key maker)」使用某種序號產生器(Keygen)來作為破解汽車製造商的加密系統之設備,並保留碼資訊以供之後的其他用途。Currently, the "keying of the car" service is publicly published on the Internet, but it has not been inspected by the source manufacturer or authorized by the national authority. According to the introduction of the public publication, the "key maker" uses a certain serial number generator (Keygen) as a device to crack the encryption system of the car manufacturer, and retain the code information for other purposes in the future.
在滾動碼編碼系統被發表之前,某些編碼系統被使用者作為相對較廉價之選項而廣泛被使用。例如,「Fix Code」,其碼被硬體電路(切換電路、焊接等)使用特定的集成電路(如型號PT226x、PT227x等之集成電路)安全地固定;或是「Learning Code」,其為允許鎖裝置學習具有較多加密位元(bit)的鑰裝置之模型,以使安全性能力提高。然而,由於碼的固定性,致使其容易被複製,或是容易被窮舉攻擊。Before the rolling code encoding system was published, some encoding systems were widely used by users as relatively inexpensive options. For example, "Fix Code", whose code is securely fixed by hardware circuits (switching circuits, welding, etc.) using specific integrated circuits (such as integrated circuits of model PT226x, PT227x, etc.); or "Learning Code", which is allowed The lock device learns the model of the key device with more encryption bits to improve the security capability. However, due to the fixed nature of the code, it is easy to be copied or easily attacked by exhaustive attacks.
另外,某些新的智慧鑰裝置(Smart Key)會遭遇到下述情形:若鎖裝置收到多個連續指令(此些指令為啟動錯誤的密碼或是啟動垃圾封包)時,可能導致鎖裝置停止,即無法正常工作,例如,汽車引擎無法啟動。此種情形被稱為分散式阻斷服務(Distributed Denial-of-service,DDoS)攻擊。In addition, some new smart key devices (Smart Key) will encounter the following situation: if the lock device receives multiple consecutive commands (such commands are to activate the wrong password or activate the junk packet), it may cause the lock device Stop, that is, it cannot work normally, for example, a car engine cannot start. This situation is called a distributed denial-of-service (DDoS) attack.
前幾代鑰裝置皆具有單向通訊機制,即只有鑰裝置發出密碼,而鎖裝置接收密碼並檢查。若正確碼(correct code)被記錄,則密碼可由簡單至複雜之各種加密函數來產生。此方法的運作原理是基於假設只有與鎖裝置配對的鑰裝置才可傳輸正確碼,而無需再驗證機制,此會造成重大的安全性弱點並使該方法容易被複製。另外,一般的加密函數具有一些獨特的數學屬性,例如偽隨機數(pseudo-randomness),以對抗統計攻擊(statistical attack),並且需要足夠簡單之函數以與硬體結合。然而,此函數的數量並不多,致使已使用的加密函數能被追蹤及逆轉。The previous generations of key devices all have a one-way communication mechanism, that is, only the key device sends a password, and the lock device receives the password and checks it. If the correct code is recorded, the password can be generated by various encryption functions ranging from simple to complex. The operating principle of this method is based on the assumption that only the key device paired with the lock device can transmit the correct code, without the need for re-authentication mechanism, which will cause major security weaknesses and make the method easy to be copied. In addition, general encryption functions have some unique mathematical properties, such as pseudo-randomness, to counter statistical attacks, and require simple enough functions to integrate with hardware. However, the number of this function is not large, so that the used encryption function can be tracked and reversed.
因此,為了解決上述問題,本案提出使用密碼遠端啟動鎖裝置之方法,其具有改良的編碼驗證機制,以防止複製、破解及追蹤加密函數之行為,此些行為是密碼洩漏、攻擊及被駭入(hacking)之基礎,且該方法具有基於時間的密碼攻擊防止模式(time-based cryptographic-attacked prevention mode)。Therefore, in order to solve the above-mentioned problems, this case proposes a method of using a password to remotely activate the lock device, which has an improved encoding verification mechanism to prevent copying, cracking, and tracking of encrypted functions. These behaviors are password leaks, attacks, and hacks. The method has a time-based cryptographic-attacked prevention mode (time-based cryptographic-attacked prevention mode).
本發明之目的為防止複製、破解及還原加密函數之行為,此些行為是密碼洩漏、攻擊及被駭入之基礎,以及防止基於時間的密碼攻擊(time-based cryptographic attack)。The purpose of the present invention is to prevent the behaviors of copying, cracking, and restoring encryption functions, which are the basis for password leakage, attack and hacking, and to prevent time-based cryptographic attacks.
為了達到上述之目的,本發明提出使用密碼遠程啟動遠端鑰匙鎖系統之方法,該方法包括以下之步驟:In order to achieve the above-mentioned purpose, the present invention proposes a method for remotely starting a remote key lock system using a password. The method includes the following steps:
步驟1:在一使用者之指令下,該鑰裝置發出一啟動封包給該鎖裝置以啟動該鎖裝置,該啟動封包具有該鑰裝置的一控制指令碼及一鑰識別碼。Step 1: Under a user's instruction, the key device sends an activation packet to the lock device to activate the lock device, and the activation packet has a control command code and a key identification code of the key device.
其中,該控制指令碼可以是分配給一常規關鍵字(conventional keyword)的任何指令,且該指令具有對應的設計值,使其值集合及位元反轉(bit reversed)值集合不相交,其中該鑰識別碼係由產品生產商使用該鑰裝置而定義。Wherein, the control instruction code can be any instruction assigned to a conventional keyword, and the instruction has a corresponding design value, so that its value set and bit reversed value set are disjoint, where The key identification code is defined by the product manufacturer using the key device.
步驟2:收到該鑰裝置之該啟動封包後,當發送至該鎖裝置的該啟動封包中的該鑰識別碼不匹配該鎖裝置儲存的一鎖識別碼,或是在接收該使用者的指令之一預定時間未結束時,該鎖裝置不回應。Step 2: After receiving the activation packet of the key device, when the key identification code in the activation packet sent to the lock device does not match a lock identification code stored by the lock device, or is receiving the user's When one of the commands is not over for a predetermined time, the lock device does not respond.
當發送至該鎖裝置的該啟動封包中的該鑰識別碼匹配該鎖裝置的該鎖識別碼時,該鎖裝置的一鎖處理晶片在一預設時間,發出與先前的啟動不重複之任一隨機數值,該鎖處理晶片內嵌一軟體。When the key identification code in the activation packet sent to the lock device matches the lock identification code of the lock device, a lock processing chip of the lock device sends out any task that is not repeated with the previous activation at a preset time. A random value, the lock processing chip is embedded with a software.
該隨機數值係透過無線通訊發送給該鑰裝置。The random value is sent to the key device through wireless communication.
該隨機數值具有至少24位元(bit)之長度,該隨機數值為基於時間紀元(epoch-time)參數以及表示隨機函數的隨機函數空間尺寸之一常數而隨機產生。The random value has a length of at least 24 bits, and the random value is randomly generated based on a time epoch (epoch-time) parameter and a constant of the random function space size representing the random function.
步驟3:在產生該隨機數值(步驟2)的同時,該鎖裝置的該鎖處理晶片根據由在步驟2中取得的該隨機數值、該控制指令碼、該鑰識別碼及一密碼參數組成的雜湊函數(hash function)進行加密。Step 3: While generating the random value (step 2), the lock processing chip of the lock device is based on a combination of the random value obtained in
其中,該密碼參數根據由三成份組成的雜湊函數計算得,該三成分為產品生產商使用該鑰裝置所定義的該鑰識別碼、萬能鑰匙生產商所定義之一參數、以及一個人身分識別碼(PIN),其中,該個人身分識別碼為每當該使用者請求設置該個人身分識別碼時,該遠端鑰匙鎖系統所自動產生的一串隨機值。Wherein, the cryptographic parameter is calculated according to a hash function composed of three components, the three components are the key identification code defined by the product manufacturer using the key device, one of the parameters defined by the master key manufacturer, and a person identification code (PIN), where the personal identification code is a string of random values automatically generated by the remote key lock system whenever the user requests to set the personal identification code.
在加密後(步驟3之後),該鎖裝置產生一鎖加密結果,該鎖加密結果為一鎖加密數值。After encryption (after step 3), the lock device generates a lock encryption result, and the lock encryption result is a lock encryption value.
步驟4:當該鑰裝置透過該無線通訊收到該鎖裝置在步驟2中所產生的該隨機數值時,該鑰裝置的一鑰處理晶片載入該隨機數值,且該鑰裝置根據前述步驟3的雜湊函數對該隨機數值進行加密,並產生一鑰加密結果,其中該鑰加密結果為一鑰加密數值。Step 4: When the key device receives the random value generated by the lock device in
之後,該鑰裝置在一預定期間內透過該無線通訊發出該鑰加密結果給該鎖裝置。Afterwards, the key device sends the key encryption result to the lock device through the wireless communication within a predetermined period.
步驟5:在該鎖裝置收到來自該鑰裝置的該鑰加密結果的情形下,將該鑰加密結果與該鎖裝置於步驟3中所產生的該鎖加密結果進行比較。Step 5: When the lock device receives the key encryption result from the key device, compare the key encryption result with the lock encryption result generated by the lock device in
當該鑰加密結果與該鎖加密結果匹配時,該鎖裝置的該鎖處理晶片要求執行器執行該鑰裝置所發出的一控制指令。同時,該鎖處理晶片將下一次啟動該鎖裝置時之該鑰裝置的指令接收時間調整至最小指令接收預設期間。When the key encryption result matches the lock encryption result, the lock processing chip of the lock device requires the actuator to execute a control command issued by the key device. At the same time, the lock processing chip adjusts the command receiving time of the key device when the lock device is activated next time to the minimum command receiving preset period.
當該鑰加密結果與該鎖加密結果不匹配時,該鎖裝置的該鎖處理晶片將不執行該控制指令。同時,該鎖裝置將此記錄為一錯誤啟動,且該鎖處理晶片在每次該錯誤啟動時,增加該鑰裝置的指令接收時間,直至達到最大指令接收預設期間,以避免窮舉攻擊(exhaust attack)。When the key encryption result does not match the lock encryption result, the lock processing chip of the lock device will not execute the control command. At the same time, the lock device records this as an error activation, and the lock processing chip increases the command receiving time of the key device every time the error is activated until the maximum command reception preset period is reached, so as to avoid exhaustive attacks ( exhaust attack).
當在該預定期間內未收到該鑰裝置的回應時,該鎖裝置的該鎖處理晶片將不執行該控制指令。同時,該鎖裝置將此記錄為一錯誤啟動,且該鎖處理晶片在每次該錯誤啟動時,增加該鑰裝置的指令接收時間,直至達到最大指令接收預設期間,以避免窮舉攻擊。When no response from the key device is received within the predetermined period, the lock processing chip of the lock device will not execute the control command. At the same time, the lock device records this as an error activation, and the lock processing chip increases the command receiving time of the key device every time the error is activated until the maximum command receiving preset period is reached to avoid exhaustive attacks.
本發明之執行使用密碼遠程啟動鎖裝置之方法的系統,其包括:The system of the present invention for executing the method for remotely starting a lock device using a password includes:
鑰裝置,其包括複數個按鈕,每一該第一按鈕對應一指令,該指令例如為開、關、上或下等;另一按鈕以設定該個人身分識別碼;一無線發射器;一無線接收器;一鑰處理晶片,其內嵌有軟體以根據預設步驟進行加密;以及一電源。另外,鑰裝置還可包含光顯示螢幕、閃光燈、微控制器(Micro control unit,MCU)。The key device includes a plurality of buttons, and each of the first buttons corresponds to an instruction, for example, the instruction is on, off, up or down; the other button is used to set the personal identification code; a wireless transmitter; a wireless Receiver; a key processing chip with embedded software for encryption according to preset steps; and a power supply. In addition, the key device may also include a light display screen, a flashlight, and a microcontroller (Micro control unit, MCU).
鎖裝置,其包含一無線發射器、一無線接收器、一鎖處理晶片及一電源,其中該鎖處理晶片內嵌有軟體以根據預設步驟進行加密,且該鎖處理晶片具有一指令執行機構。另外,該鎖裝置可以包含輔助埠,其連接可透過該個人身分識別碼啟動的一手動開/關按鈕;小型光顯示螢幕;閃光燈或液晶顯示器(liquid-crystal display,LCD),其用以顯示資訊;喇叭或警報器;及無線網路模組連接埠以與智慧手機(smart phone)、輔助模組連接。The lock device includes a wireless transmitter, a wireless receiver, a lock processing chip and a power supply, wherein the lock processing chip is embedded with software to perform encryption according to preset steps, and the lock processing chip has a command execution mechanism . In addition, the lock device may include an auxiliary port connected to a manual on/off button that can be activated through the personal identification code; a small light display screen; a flashlight or a liquid-crystal display (LCD) for displaying Information; speakers or alarms; and wireless network module ports to connect with smart phones and auxiliary modules.
其中,該鑰裝置的加密軟體中的預設步驟相符該鎖裝置的加密軟體中的預設步驟。Wherein, the preset steps in the encryption software of the key device match the preset steps in the encryption software of the lock device.
該鑰裝置及該鎖裝置透過該密碼參數彼此同步,其中該密碼參數由該三成分組成的雜湊函數計算得,該三成分為產品生產商使用該鑰裝置所定義的該鑰識別碼、萬能鑰匙生產商所定義之該參數、以及該個人身分識別碼,其中,該個人身分識別碼為每當該使用者請求設置該個人身分識別碼時,該遠端鑰匙鎖系統所自動產生的該串隨機值。The key device and the lock device are synchronized with each other through the cryptographic parameter, wherein the cryptographic parameter is calculated by the hash function composed of the three components, and the three components are the key identification code and the master key defined by the product manufacturer using the key device The parameter and the personal identification code defined by the manufacturer, where the personal identification code is the random string automatically generated by the remote key lock system whenever the user requests to set the personal identification code value.
以下,本發明會以具體實施例詳細描述。本發明之具體實施例是以多個例子來表示以完整揭示本發明給所屬領域具有通常知識者。然而,本發明並不限於此些例子。在不脫離本發明的範疇及精神的前提下,本發明包括所有修改、相當的以及替代的方案。Hereinafter, the present invention will be described in detail with specific embodiments. The specific embodiments of the present invention are presented with multiple examples to fully disclose the present invention to those with ordinary knowledge in the field. However, the present invention is not limited to these examples. Without departing from the scope and spirit of the present invention, the present invention includes all modifications, equivalents and alternatives.
需理解的是,除非另有說明,本案所使用的用語應被解釋為所屬領域具有通常知識者普遍理解及廣泛使用的用語。本案於實施例中所使用之用語是為了說明具體實施例,而並非限定此用語。用語例如「Random_token」、「Keyword」、「KeyID」、「SerialNumber」、「CypherKey」、「MasterKey」、及「PIN」為用以區別不同之密碼參數,但本發明並不限制於此。It should be understood that, unless otherwise stated, the terms used in this case should be interpreted as terms commonly understood and widely used by persons with ordinary knowledge in the field. The terms used in the embodiments of this case are for describing specific embodiments, but not for limiting the terms. Terms such as "Random_token", "Keyword", "KeyID", "SerialNumber", "CypherKey", "MasterKey", and "PIN" are used to distinguish different password parameters, but the present invention is not limited thereto.
根據本發明之一實施例,在鑰裝置及鎖裝置之間的雙向通訊中啟動遠端鎖裝置的密碼方法是以射頻(radio frequency,RF)訊號來實現。According to an embodiment of the present invention, the password method for activating the remote lock device in the two-way communication between the key device and the lock device is implemented by a radio frequency (RF) signal.
本發明之使用密碼遠程啟動遠端鑰裝置之方法是透過兩個主要元件實現,該二主要元件包括鑰裝置與鎖裝置。The method of using a password to remotely activate a remote key device of the present invention is realized through two main components, the two main components including a key device and a lock device.
鑰裝置上具有多個按鈕,每個按鈕對應於一個指令,指令例如開、關、上、下等;一另一按鈕用以設定個人身分識別碼;無線發射器;無線接收器;以及鑰處理晶片,其內嵌有軟體以根據預設步驟進行加密。該鑰裝置的加密軟體中的預設步驟相同於該鎖裝置的加密軟體中的預設步驟。There are multiple buttons on the key device, and each button corresponds to a command, such as on, off, up, down, etc.; one button is used to set the personal identification code; wireless transmitter; wireless receiver; and key processing The chip has embedded software to perform encryption according to preset steps. The default steps in the encryption software of the key device are the same as the default steps in the encryption software of the lock device.
鎖裝置具有無線發射器;無線接收器;以及鎖處理晶片,其內嵌有軟體以根據預設步驟進行加密,且該鎖處理晶片具有一指令執行機構。該鎖裝置的加密軟體中的預設步驟相同於該鑰裝置的加密軟體中的預設步驟。The lock device has a wireless transmitter; a wireless receiver; and a lock processing chip, in which software is embedded to perform encryption according to preset steps, and the lock processing chip has a command execution mechanism. The default steps in the encryption software of the lock device are the same as the default steps in the encryption software of the key device.
鑰裝置及鎖裝置透過密碼參數(CypherKey)彼此同步及配對。密碼參數由該三成分組成的雜湊函數計算得,該三成分為產品生產商(product manufacturer)使用鑰裝置所定義的鑰識別碼、萬能鑰匙生產商(key maker)所定義之一參數、以及個人身分識別碼,其中個人身分識別碼為每當使用者請求設置個人身分識別碼時,遠端鑰匙鎖系統所自動產生的一串隨機值。所使用之加密函數為SHA函數,也就是單向加密,因此蒐集密文(ciphertext)無助於反轉用於產生密碼的參數。The key device and the lock device are synchronized and paired with each other through a password parameter (CypherKey). The cryptographic parameters are calculated by the hash function composed of the three components, which are the key identification code defined by the product manufacturer using the key device, one of the parameters defined by the key maker, and the individual The personal identification code, where the personal identification code is a string of random values automatically generated by the remote key lock system whenever the user requests to set the personal identification code. The encryption function used is the SHA function, which is one-way encryption, so collecting ciphertext does not help reverse the parameters used to generate the password.
在一較佳之實施例中,密碼參數CypherKey是由上述三個參數的SHA1雜湊函數建立,公式式1如下:In a preferred embodiment, the cryptographic parameter CypherKey is established by the SHA1 hash function of the above three parameters, and the
SHA1 (MasterKey, SerialNumber, PIN)……………(式1)SHA1 (MasterKey, SerialNumber, PIN)………………(Formula 1)
其中:in:
SHA1(...)為SHA1雜湊函數,Masterkey為萬能鑰匙生產商所定義之一參數。SHA1(...) is the SHA1 hash function, and Masterkey is a parameter defined by the master key manufacturer.
KeyID或SerialNumber為產品生產商使用鑰裝置所定義的鑰識別碼,例如汽車生產商、捲簾門生產商等或是任何其他第三方製造商為了管理之目的而定義的鑰識別碼,且鑰識別碼並不限於數字串的長度。KeyID or SerialNumber is the key identification code defined by the product manufacturer using the key device, such as the key identification code defined by the car manufacturer, rolling door manufacturer, etc. or any other third-party manufacturer for management purposes, and the key identification code is not It is not limited to the length of the number string.
PIN是個人身分識別碼,且其為每當使用者請求設置個人身分識別碼時,系統自動產生的一串隨機值,且個人身分識別碼在鎖裝置與鑰裝置之間是一致的。使用者可以透過按壓於鑰裝置上對應的按鈕來選擇性地重新設定個人身分識別碼。同時,鑰裝置的處理器將發出一隨機值至鎖裝置,以供其儲存及作為一般用途使用。根據本發明之實施例,使用者是在沒有被告知個人身分識別碼的情形下,指示一命令以設置個人身分識別碼。PIN is a personal identification code, and it is a string of random values automatically generated by the system whenever a user requests to set a personal identification code, and the personal identification code is consistent between the lock device and the key device. The user can selectively reset the personal identification code by pressing the corresponding button on the key device. At the same time, the processor of the key device will send a random value to the lock device for storage and general use. According to the embodiment of the present invention, the user instructs a command to set the personal identification code without being notified of the personal identification code.
其中,產生個人身分識別碼之公式如下:Among them, the formula for generating a personal identification code is as follows:
若設計系統,使用者不需記得個人身分識別碼,例如如式2~式3所示:If the system is designed, the user does not need to remember the personal identification code, for example, as shown in
PIN=[P0 .. Ppin_length ]……………(式2),亦即PIN等於P0 至Ppin_length 的矩陣,其中PIN是個人身分識別碼。PIN=[P 0 .. P pin_length ]…………(Equation 2), that is, PIN is equal to the matrix of P 0 to P pin_length , where PIN is the personal identification code.
Pi =random(0~255)……………(式3),其中i為0至pin_length,其中random(...)為隨機函數。P i =random(0~255)…………(Equation 3), where i is 0 to pin_length, where random(...) is a random function.
pin_length是個人身分識別碼之長度,其可以很長。pin_length is the length of the personal identification code, which can be very long.
在一較佳之實施例中,個人身分識別碼之長度為112位元組(byte),且使用者無需記得個人身分識別碼,因而不需儲存個人身分識別碼;In a preferred embodiment, the length of the personal identification code is 112 bytes, and the user does not need to remember the personal identification code, so there is no need to store the personal identification code;
若設計系統是為了其他控制目的時,使用者可以儲存個人身分識別碼,例如如式4~式5所示:If the system is designed for other control purposes, the user can store the personal identification code, for example, as shown in
PIN=[P0 .. Ppin_length ]……………(式4),亦即PIN等於P0 至Ppin_length 的矩陣,其中PIN是個人身分識別碼。PIN=[P 0 .. P pin_length ]…………(Equation 4), that is , the matrix of PIN equal to P 0 to P pin_length , where PIN is the personal identification code.
Pi =random(‘a’~‘z’, ‘A’~‘Z’, ‘0’~‘9’)……………(式5),其中i為0至pin_length,其中random(...)為隨機函數。P i =random('a'~'z','A'~'Z', '0'~'9')………………(Equation 5), where i is 0 to pin_length, where random(. ..) is a random function.
pin_length是個人身分識別碼之長度,其可以很長。pin_length is the length of the personal identification code, which can be very long.
在另一較佳實施例中,256個字元的個人身分識別碼包含數字及區分為大寫與小寫之字母。其中,記錄此種個人身分識別碼以供存檔需要使用獨立的安全方法,以使此種儲存達到最大的安全性,而此方法不屬於本發明之範圍。In another preferred embodiment, the 256-character personal identification code includes numbers and letters distinguished between uppercase and lowercase. Among them, recording such personal identification codes for archiving requires the use of independent security methods to maximize the security of such storage, and this method does not belong to the scope of the present invention.
以具體的參數產生密碼參數CypherKey之一示例公式式6如下:An example formula 6 for generating a password parameter CypherKey with specific parameters is as follows:
MasterKey=「56464e4c48105feedd10b652520b6bdcd0ad66b0」,其中MasterKey為萬能鑰匙生產商所定義之一參數。MasterKey = "56464e4c48105feedd10b652520b6bdcd0ad66b0", where MasterKey is a parameter defined by the master key manufacturer.
SerialNumber=「0123456789ABCDEF」,其中SerialNumber為產品生產商使用鑰裝置所定義的鑰識別碼。SerialNumber="0123456789ABCDEF", where SerialNumber is the key identification code defined by the product manufacturer using the key device.
PIN=「42efda2d63c5b28d827b5173722185568e076522」,其中PIN是個人身分識別碼。PIN="42efda2d63c5b28d827b5173722185568e076522", where PIN is a personal identification code.
其中:in:
CypherKey=SHA1(MasterKey, SerialNumber, PIN)CypherKey=SHA1(MasterKey, SerialNumber, PIN)
=SHA1(“56464e4c48105feedd10b652520b6bdcd0ad66b00123456789ABCDEF42efda2d63c5b28d827b5173722185568e076522”)=SHA1("56464e4c48105feedd10b652520b6bdcd0ad66b00123456789ABCDEF42efda2d63c5b28d827b5173722185568e076522")
=「c677474d4adf3bcc2d7f2d41566462ae3dd47d72」………(式6),其中SHA1(...)為函數,CypherKey是密碼參數。= "C677474d4adf3bcc2d7f2d41566462ae3dd47d72"...(Equation 6), where SHA1(...) is a function and CypherKey is a password parameter.
然而,本發明不限制在此。為了達到更高之安全性可以使用任何新的函數,例如具有較多位元數量的SHA3函數或Keccak函數。However, the present invention is not limited to this. In order to achieve higher security, any new function can be used, such as the SHA3 function or the Keccak function with a larger number of bits.
本發明透過以下之步驟實施:The present invention is implemented through the following steps:
步驟1:在一使用者之指令下,該鑰裝置發出一啟動封包給該鎖裝置以啟動該鎖裝置,該啟動封包具有該鑰裝置的待啟動(關、開、停等)之一控制指令碼及一鑰識別碼。其中,控制指令碼亦稱為「Keyword」,鑰識別碼亦稱為「KeyID」或「SerialNumber」。具體而言:Step 1: Under a user's instruction, the key device sends an activation packet to the lock device to activate the lock device, and the activation packet has a control command of the key device to be activated (close, open, stop, etc.) Code and a key identification code. Among them, the control command code is also called "Keyword", and the key identification code is also called "KeyID" or "SerialNumber". in particular:
Keyword(控制指令碼),其為待啟動之指令碼,以區分待執行之指令。本發明並不限制指令碼之最大數量。Keyword (control command code), which is the command code to be activated to distinguish the commands to be executed. The present invention does not limit the maximum number of instruction codes.
KeyID或SerialNumber為鑰識別碼,由產品生產商使用鑰裝置而定義。KeyID or SerialNumber is the key identification code, which is defined by the product manufacturer using the key device.
根據一較佳之實施例,啟動封包以下述之函數表示,如式7所示:According to a preferred embodiment, the startup packet is represented by the following function, as shown in Equation 7:
[Keyword][KeyID]……………(式7)[Keyword][KeyID]………………(Equation 7)
其中,Keyword為控制指令碼,其可為分配給一常規關鍵字的任何指令,只要控制指令碼Keyword已被設計過,而使得其值集合{Keyword}與其位元反轉值集合{~ Keyword}不相交,則得以最佳化步驟2中的資訊處理。如表2所示,表2為控制指令碼Keyword的示例。Among them, Keyword is a control command code, which can be any command assigned to a regular keyword, as long as the control command code Keyword has been designed so that its value set {Keyword} and its bit-reversed value set {~ Keyword} If they do not intersect, the information processing in
表2
需注意的是,上表並不限制於指令的數量、控制指令碼Keyword之文字及指令所對應的值。It should be noted that the above table is not limited to the number of commands, the text of the control command code Keyword, and the value corresponding to the command.
根據本發明之一實施例,當使用者選擇開(「OPEN」)指令時,則待發送之指令碼可以為「E0000001」。According to an embodiment of the present invention, when the user selects the “OPEN” command, the command code to be sent may be “E0000001”.
其中,「OPEN」等於「E0」, 鑰識別碼KeyID等於「000001」。Among them, "OPEN" is equal to "E0", and the key identification code KeyID is equal to "000001".
步驟2:當收到鑰裝置之啟動封包時,若發送至鎖裝置的啟動封包中的鑰識別碼不匹配鎖裝置的一鎖識別碼,或是在接收使用者的指令之一預定時間未結束時,鎖裝置不回應。Step 2: When the activation packet of the key device is received, if the key identification code in the activation packet sent to the lock device does not match a lock identification code of the lock device, or the predetermined time has not expired after receiving the user's command When the lock device does not respond.
當發送至鎖裝置的啟動封包中的鑰識別碼匹配鎖裝置的鎖識別碼時,鎖裝置的一鎖處理晶片(鎖處理晶片內嵌一軟體)在一預設時間,發出與先前的啟動不重複之任一隨機數值random_token。隨機數值random_token係在預設指令接收時間Tprotect 內透過無線通訊發送給該鑰裝置。When the key identification code in the activation packet sent to the lock device matches the lock identification code of the lock device, a lock processing chip of the lock device (a software embedded in the lock processing chip) is issued for a preset time and is different from the previous activation. Repeat any random value random_token. The random value random_token is sent to the key device via wireless communication within the preset command receiving time T protect.
例如,若指令接收時間Tprotect 等於500ms(毫秒)時,則從發出指令的500ms後,當封包中之鑰識別碼符合鎖裝置之鎖識別碼時,鎖裝置將會回應。For example, if the command receiving time T protect is equal to 500ms (milliseconds), the lock device will respond when the key identification code in the packet matches the lock identification code of the lock device 500ms after the command is issued.
隨機數值random_token之長度至少為24位元,且其為基於時間紀元參數epoch_id及表示隨機函數的隨機函數空間尺寸之一常數epoch_size而隨機產生。The length of the random value random_token is at least 24 bits, and it is randomly generated based on the time epoch parameter epoch_id and a constant epoch_size representing the random function space size.
根據本發明之一實施例,每個被產生的隨機數值random_token不重複,因為每個紀元(epoch)是以一使用日期來區分。 時間紀元參數epoch_id是由「0」~「4095」所對應使用的12位元進行編號,以對從開始日期起至超過11年之間的日期進行編碼,例如符記長度token_length為64位元,隨機函數空間尺寸之常數epoch_size剩下52位元(64減12),即值「0」至「253 -1(亦即,253 減1)」為隨機函數之隨機函數空間尺寸。According to an embodiment of the present invention, each generated random value random_token is not repeated, because each epoch is distinguished by a use date. The time epoch parameter epoch_id is numbered from the 12 bits corresponding to "0" ~ "4095" to encode dates from the start date to more than 11 years. For example, the token length token_length is 64 bits. The constant epoch_size of the random function space size is left with 52 bits (64 minus 12), that is, the value "0" to "2 53 -1 (that is, 2 53 minus 1)" is the random function space size of the random function.
計算隨機數值random_token之公式式8如下:The formula 8 for calculating the random value random_token is as follows:
random_token=epoch_id*epoch_size+random(epoch_size)…(式8)random_token=epoch_id*epoch_size+random(epoch_size)... (Equation 8)
其中,時間紀元參數epoch_id為時間紀元的參考編號,random(…)為隨機函數。Among them, the time epoch parameter epoch_id is the reference number of the time epoch, and random(...) is a random function.
epoch_size為一常數,用以表示隨機函數之隨機函數空間。具體來說,即將符記(token)區分到為紀元後,數字空間所剩餘的尺寸。epoch_size is a constant used to represent the random function space of the random function. Specifically, the remaining size of the digital space after dividing tokens into epochs.
例如如式9~式10所示:For example, as shown in formula 9~10:
符記長度token_length等於64位元,區分成4096個紀元(即212 個紀元),且每一紀元為一天(日)。The token length token_length is equal to 64 bits, divided into 4096 epochs (that is, 2 12 epochs), and each epoch is one day (day).
時間紀元參數epoch_id等於127,即從系統運行之日起的第127天。The time epoch parameter epoch_id is equal to 127, that is, the 127th day from the date of system operation.
epoch_size=2(64-12) =252 ……………(式9)epoch_size=2 (64-12) =2 52 ……………… (Equation 9)
random_token=127 * 252 + random(0 ~ (252 - 1))……………(式10) random_token = 127 * 2 52 + random (0 ~ (2 52 - 1)) ............... ( Formula 10)
承上例,隨機數值random_token例如為「0x07FCC157341A7556|HEX 」或是「575547432677045590|DEC 」。Following the example above, the random value random_token is, for example, "0x07FCC157341A7556| HEX " or "575547432677045590| DEC ".
根據前述實施例,僅需要一個很小的儲存器,例如,當依照日期區分紀元時,每一日期可以儲存256次按鈕的按壓,而不會影響加密的安全性。According to the foregoing embodiment, only a small storage is needed. For example, when the epoch is distinguished according to the date, 256 button presses can be stored for each date without affecting the security of encryption.
在上述公式之演算法並不限制隨機數值random_token的最大位元數量,但是應依照系統的處理能力來選擇隨機數值random_token之長度。根據紀元之使用頻率,規定紀元中所使用的符記所需的記憶體容量以避免字典爬蟲攻擊(dictionary crawling attack)。The algorithm in the above formula does not limit the maximum number of bits of the random value random_token, but the length of the random value random_token should be selected according to the processing capacity of the system. According to the usage frequency of the epoch, the memory capacity required for the tokens used in the epoch is specified to avoid dictionary crawling attacks.
步驟3:步驟2中的隨機數值係透過無線通訊發送給鑰裝置。Step 3: The random value in
在鎖裝置中,隨機數值被輸入至鎖裝置的晶片以依照非對稱加密基礎的雜湊函數進行加密。此雜湊函數可為以下任何編碼:MD5、SHA1、SHA2、SHA3(亦稱為Keccak512)及其他種Keccak編碼類型。In the lock device, the random value is input to the chip of the lock device to be encrypted according to the hash function based on the asymmetric encryption. This hash function can be any of the following encodings: MD5, SHA1, SHA2, SHA3 (also known as Keccak512) and other types of Keccak encoding.
雜湊函數包括四個成份:從步驟2取得之隨機數值random_token;控制指令碼Keyword;鑰識別碼(Key ID或SerialNumber);以及上述說明之密碼參數(CypherKey)。The hash function includes four components: the random value random_token obtained from
在一較佳的實施例中,上述雜湊函數以下述之公式式11表示:In a preferred embodiment, the above-mentioned hash function is expressed by the following formula 11:
hash(random_token, Keyword, KeyID, CypherKey)………(式11)hash(random_token, Keyword, KeyID, CypherKey)………(Equation 11)
具有具體參數之雜湊函數謎題(hash function puzzle)以及「開」(「OPEN」)指令之控制指令碼Keyword(其等於「E0」)之示例如下:Examples of the hash function puzzle with specific parameters and the control script Keyword (which is equal to "E0") of the "OPEN" command are as follows:
random_token=「0x07FCC157341A7556|HEX 」,其中random_token為隨機數值。random_token="0x07FCC157341A7556| HEX ", where random_token is a random value.
Keyword=「OPEN」=「E0」,KeyID=「000001」,其中KeyID為鑰識別碼。Keyword="OPEN"="E0", KeyID="000001", where KeyID is the key identification code.
CypherKey=「c677474d4adf3bcc2d7f2d41566462ae3dd47d72」,其中CypherKey為密碼參數。CypherKey="c677474d4adf3bcc2d7f2d41566462ae3dd47d72", where CypherKey is the password parameter.
同時,鎖裝置之雜湊函數hash_lock之計算方式如下式12:At the same time, the calculation method of the hash function hash_lock of the lock device is as follows:
hash_lock=SHA1(“07FCC157341A7556”, “E0”, “000001”,“c677474d4adf3bcc2d7f2d41566462ae3dd47d72”)hash_lock=SHA1("07FCC157341A7556", "E0", "000001", "c677474d4adf3bcc2d7f2d41566462ae3dd47d72")
=「d0fba6adc7b6f7f8e7c1eb6275287ae26f90d064」………(式12),其中SHA1(…)為函數。= "D0fba6adc7b6f7f8e7c1eb6275287ae26f90d064"...(Equation 12), where SHA1(...) is a function.
在加密後(步驟3之後),鎖裝置獲得一鎖加密結果,鎖加密結果為一加密數值(鎖加密數值)。After encryption (after step 3), the lock device obtains a lock encryption result, which is an encryption value (lock encryption value).
步驟4:當該鑰裝置透過該無線通訊收到該鎖裝置在步驟2中所產生的該隨機數值時,該鑰裝置的一鑰處理晶片載入該隨機數值,且該鑰裝置根據前述步驟3的雜湊函數對該隨機數值進行加密,並產生一鑰加密結果,其中該鑰加密結果為一鑰加密數值。若傳送發生錯誤時(例如由於外部的干擾而造成傳輸錯誤),鑰裝置可能收到不正確之隨機數值,而鑰裝置則亦會產生一不符合鎖加密結果的編碼結果(如下述之步驟5之比較)。Step 4: When the key device receives the random value generated by the lock device in
然後,鑰裝置透過無線通訊而在預定期間Tanswer 內將鑰加密結果傳送給鎖裝置。Then, the key device transmits the key encryption result to the lock device within a predetermined period T answer through wireless communication.
當「開」指令被啟動時,對於鑰裝置計算的雜湊函數hash_key之回應,如下:When the "on" command is activated, the response to the hash function hash_key calculated by the key device is as follows:
例子A如下:Example A is as follows:
所有參數互相相符(鑰裝置所使用的參數與鎖裝置所使用的參數相符):All parameters are consistent with each other (the parameters used by the key device are consistent with those used by the lock device):
random_token=「0x07FCC157341A7556|HEX 」,其中random_token為隨機數值。random_token="0x07FCC157341A7556| HEX ", where random_token is a random value.
Keyword=「OPEN」=「E0」,KeyID=「000001」,其中KeyID為鑰識別碼,Keyword為控制指令碼。Keyword="OPEN"="E0", KeyID="000001", where KeyID is the key identification code, and Keyword is the control command code.
CypherKey=「c677474d4adf3bcc2d7f2d41566462ae3dd47d72」,其中CypherKey為密碼參數。CypherKey="c677474d4adf3bcc2d7f2d41566462ae3dd47d72", where CypherKey is the password parameter.
即,當鑰裝置收到的隨機數值random_token為「真(true)」,「開」指令為「E0」,鑰裝置具有鑰識別碼KeyID為「000001」。That is, when the random value random_token received by the key device is "true", the "on" command is "E0", and the key device has a key identification code KeyID of "000001".
此時,由鑰裝置計算之雜湊函數hash_key,如下式13所示:At this time, the hash function hash_key calculated by the key device is shown in the following equation 13:
hash_key=SHA1(“07FCC157341A7556”, “E0”, “000001”, “c677474d4adf3bcc2d7f2d41566462ae3dd47d72”)hash_key=SHA1("07FCC157341A7556", "E0", "000001", "c677474d4adf3bcc2d7f2d41566462ae3dd47d72")
=「d0fba6adc7b6f7f8e7c1eb6275287ae26f90d064」………(式13),其中SHA1(…)為函數。= "D0fba6adc7b6f7f8e7c1eb6275287ae26f90d064"...(Equation 13), where SHA1(...) is a function.
此即為一正確的結果(鑰加密結果與鎖加密結果相符)。This is a correct result (the key encryption result matches the lock encryption result).
例子B如下:Example B is as follows:
鑰裝置之鑰識別碼(KeyID/SerialNumber)與鎖裝置之鑰識別碼(KeyID/SerialNumber)不相符:The key identification code (KeyID/SerialNumber) of the key device does not match the key identification code (KeyID/SerialNumber) of the lock device:
random_token=「0x07FCC157341A7556|HEX 」,其中random_token為隨機數值。random_token="0x07FCC157341A7556| HEX ", where random_token is a random value.
控制指令碼Keyword=「OPEN」=「E0」,鑰裝置之正確的鑰識別碼KeyID應為「000001」,鎖裝置之鑰識別碼KeyID為「000001」。Control command code Keyword="OPEN"="E0", the correct key identification code KeyID of the key device should be "000001", and the key identification code KeyID of the lock device is "000001".
CypherKey=「c677474d4adf3bcc2d7f2d41566462ae3dd47d72」,其中CypherKey為密碼參數。CypherKey="c677474d4adf3bcc2d7f2d41566462ae3dd47d72", where CypherKey is the password parameter.
當鑰裝置收到的隨機數值random_token為「真」,「開」指令為「E0」,然而鑰裝置的鑰識別碼KeyID被篡改為「000002」,則此時,由鑰裝置計算之雜湊函數hash_key,如下式14所示:When the random value random_token received by the key device is "true" and the "open" command is "E0", but the key identification code KeyID of the key device is tampered with "000002", at this time, the hash_key function calculated by the key device , As shown in the following equation 14:
hash_key=SHA1(“07FCC157341A7556”, “E0”, “000002”, “c677474d4adf3bcc2d7f2d41566462ae3dd47d72”)hash_key=SHA1(“07FCC157341A7556”, “E0”, “000002”, “c677474d4adf3bcc2d7f2d41566462ae3dd47d72”)
=「1f515d2cdd44d27bcdb9485a3a03b8b9835541f0」……(式14),其中SHA1(…)為函數。= "1f515d2cdd44d27bcdb9485a3a03b8b9835541f0"...(Equation 14), where SHA1(...) is a function.
此即為一錯誤的結果(鑰加密結果與鎖加密結果不相符)。This is an incorrect result (the key encryption result does not match the lock encryption result).
當有人假冒鑰裝置的鑰識別碼KeyID為「000002」時,即可能發生前述情形。The aforementioned situation may occur when someone counterfeiting the key device's key identification code KeyID is "000002".
例子C如下:Example C is as follows:
鑰裝置之指令碼與鎖裝置之指令碼不相符:The instruction code of the key device does not match the instruction code of the lock device:
random_token=「0x07FCC157341A7556|HEX 」,其中random_token為隨機數值。random_token="0x07FCC157341A7556| HEX ", where random_token is a random value.
鑰裝置之控制指令碼Keyword=「CLOSE」=「D0」,KeyID=「000001」,鎖裝置之控制指令碼Keyword=「OPEN」=「E0」,其中KeyID為鑰識別碼。The control command code of the key device Keyword=“CLOSE”=“D0”, KeyID=“000001”, the control command code of the lock device Keyword=“OPEN”=“E0”, where KeyID is the key identification code.
CypherKey=「c677474d4adf3bcc2d7f2d41566462ae3dd47d72」,其中CypherKey為密碼參數。CypherKey="c677474d4adf3bcc2d7f2d41566462ae3dd47d72", where CypherKey is the password parameter.
即,當鑰裝置收到的隨機數值random_token為「真」,鑰裝置具有鑰識別碼KeyID為「000001」,然而指令碼被篡改為「關」(「CLOSE」及「D0」)(換言之,將鑰裝置之控制指令碼Keyword從「OPEN」及「E0」篡改成「CLOSE」及「D0」)。That is, when the random value random_token received by the key device is "true", the key device has the key identification code KeyID "000001", but the command code is tampered with "close" ("CLOSE" and "D0") (in other words, change The control script Keyword of the key device is changed from "OPEN" and "E0" to "CLOSE" and "D0").
此時,由鑰裝置計算之雜湊函數hash_key函數如下式15所示:At this time, the hash_key function calculated by the key device is shown in Equation 15 below:
hash_key=SHA1(“07FCC157341A7556”, “D0”, “000001”, “c677474d4adf3bcc2d7f2d41566462ae3dd47d72”)hash_key=SHA1(“07FCC157341A7556”, “D0”, “000001”, “c677474d4adf3bcc2d7f2d41566462ae3dd47d72”)
=「c17977e5696f3f91286111ee3403077dd8186467」……(式15),其中SHA1(…)為函數。= "C17977e5696f3f91286111ee3403077dd8186467"...(Equation 15), where SHA1(...) is a function.
此即為一錯誤的結果(鑰加密結果與鎖加密結果不相符)。This is an incorrect result (the key encryption result does not match the lock encryption result).
當有人試圖透過將「開」指令替換為「關」指令以假冒指令碼時,則可能發生上述情形。This can happen when someone tries to fake the script code by replacing the "on" command with the "off" command.
例子D如下:Example D is as follows:
鑰裝置之密碼參數CypherKey與鎖裝置之密碼參數CypherKey不相符:The password parameter CypherKey of the key device does not match the password parameter CypherKey of the lock device:
random_token=「0x07FCC157341A7556|HEX 」,其中random_token為隨機數值。random_token="0x07FCC157341A7556| HEX ", where random_token is a random value.
控制指令碼Keyword=「OPEN」=「E0」,KeyID=「000001」,其中KeyID為鑰識別碼。Control command code Keyword="OPEN"="E0", KeyID="000001", where KeyID is the key identification code.
鑰裝置之CypherKey=「c677474d4adf3bcc2d7f2d41566462ae3dd47d73」,鎖裝置之CypherKey=「c677474d4adf3bcc2d7f2d41566462ae3dd47d72」,其中CypherKey為密碼參數。The CypherKey of the key device = "c677474d4adf3bcc2d7f2d41566462ae3dd47d73", the CypherKey of the lock device = "c677474d4adf3bcc2d7f2d41566462ae3dd47d72", where CypherKey is the password parameter.
即,當鑰裝置收到的隨機數值random_token為「真」,「開」指令為「E0」,鑰裝置具有鑰識別碼KeyID為「000001」,然而鑰裝置之密碼參數CypherKey被篡改為另一個數字,例如:That is, when the random value random_token received by the key device is "true" and the "on" command is "E0", the key device has a key identification code KeyID of "000001", but the cryptographic parameter CypherKey of the key device is tampered with another number ,E.g:
CypherKey=「c677474d4adf3bcc2d7f2d41566462ae3dd47d73」,即具有些微的不同(換言之,將鑰裝置之密碼參數CypherKey從「c677474d4adf3bcc2d7f2d41566462ae3dd47d72」篡改成「c677474d4adf3bcc2d7f2d41566462ae3dd47d73」)。CypherKey="c677474d4adf3bcc2d7f2d41566462ae3dd47d73", that is, it is slightly different (in other words, the cryptographic parameter CypherKey of the key device is tampered with from "c677474d4adf3bcc2d7f2d41566462ae3dd47d4627adf3dd4173dae.566.")
此時,由鑰裝置計算之雜湊函數hash_key如下式16所示:At this time, the hash function hash_key calculated by the key device is shown in Equation 16:
hash_key=SHA1(“07FCC157341A7556”, “E0”, “000001”, “c677474d4adf3bcc2d7f2d41566462ae3dd47d73”)hash_key=SHA1("07FCC157341A7556", "E0", "000001", "c677474d4adf3bcc2d7f2d41566462ae3dd47d73")
=「f166b36c5f6545cf5cd164b25adc28115e8ce862」………(式16),其中SHA1(…)為函數。= "F166b36c5f6545cf5cd164b25adc28115e8ce862"...(Equation 16), where SHA1(...) is a function.
此即為一錯誤的結果(鑰加密結果與鎖加密結果不相符)。This is an incorrect result (the key encryption result does not match the lock encryption result).
需注意的是,以上例子為以文本格式在字元區中的十六進制(Hexa)系統中表示的數值。在電腦以及晶片中,這些數值以更節省儲存單元之形式儲存於儲存單元中。然而,本發明不限制在此。It should be noted that the above example is the value expressed in the Hexa system in the character area in text format. In computers and chips, these values are stored in storage units in a form that saves more storage units. However, the present invention is not limited to this.
例如:CypherKey=「c677474d4adf3bcc2d7f2d41566462ae3dd47d72」,其為一字元串,以40個字元表示,在電腦以一160位元數值儲存,即20個8位元之儲存單元。For example: CypherKey="c677474d4adf3bcc2d7f2d41566462ae3dd47d72", which is a character string represented by 40 characters, which is stored in the computer as a 160-bit value, that is, 20 8-bit storage units.
步驟5:在該鎖裝置收到來自該鑰裝置的該鑰加密結果的情形下,將該鑰加密結果與該鎖裝置於步驟3中所產生的該鎖加密結果進行比較。Step 5: When the lock device receives the key encryption result from the key device, compare the key encryption result with the lock encryption result generated by the lock device in
當鑰加密結果與鎖加密結果匹配時,鎖裝置的鎖處理晶片要求執行器執行鑰裝置所發出的一控制指令。When the key encryption result matches the lock encryption result, the lock processing chip of the lock device requires the actuator to execute a control command issued by the key device.
根據本發明之一實施例,當鑰加密結果與鎖加密結果匹配時,鎖處理晶片將下一次啟動鎖裝置時之鑰裝置的指令接收時間Tprotect 調整至最小指令接收預設期間Tprotect_min ,即指令接收時間Tprotect 等於最小指令接收預設期間Tprotect_min 。According to an embodiment of the present invention, when the key encryption result matches the lock encryption result, the lock processing chip adjusts the command receiving time T protect of the key device when the lock device is activated next time to the minimum command receiving preset period T protect_min , that is The command receiving time T protect is equal to the minimum command receiving preset period T protect_min .
例如,若接收時間Tprotect 為500ms,最小指令接收預設期間Tprotect_min 為500ms,則當鑰裝置為「真」時(鑰加密結果與鎖加密結果相同時),指令接收時間Tprotect 等於500ms。For example, if the receiving time T protect is 500ms and the minimum command receiving preset period T protect_min is 500ms, when the key device is "true" (the key encryption result is the same as the lock encryption result), the command receiving time T protect is equal to 500ms.
當鑰加密結果與鎖加密結果不匹配(不相同)時,鎖裝置的鎖處理晶片將不執行控制指令,同時將此記錄為一錯誤啟動(fault opening time)。When the key encryption result and the lock encryption result do not match (different), the lock processing chip of the lock device will not execute the control command, and this will be recorded as a fault opening time at the same time.
當在預定期間Tanswer 內未收到鑰裝置的回應時,鎖裝置的鎖處理晶片將不執行控制指令,同時,將此記錄為一錯誤啟動。When no response from the key device is received within the predetermined period T answer , the lock processing chip of the lock device will not execute the control command, and at the same time, this will be recorded as an error activation.
鎖處理晶片在每次錯誤啟動時,增加鑰裝置的指令接收時間Tprotect ,以避免窮舉攻擊。根據較佳的一實施例,在每次錯誤啟動時,增加1s(秒)鑰裝置的指令接收時間Tprotect ,直至達到最大指令接收預設期間Tprotect_max ,即指令接收時間Tprotect 等於最大指令接收預設期間Tprotect_max 。The lock processing chip increases the command receiving time T protect of the key device every time it is incorrectly activated to avoid exhaustive attacks. According to a preferred embodiment, the command receiving time T protect of the key device is increased by 1 s (seconds) every time an error is started, until the maximum command receiving preset period T protect_max is reached , that is, the command receiving time T protect is equal to the maximum command receiving The preset period T protect_max .
例如,若指令接收時間Tprotect 為500ms,最大指令接收預設期間Tprotect_max 為10s,在每次錯誤啟動時,指令接收時間Tprotect 會增加1s直至達到指令接收時間Tprotect 等於10s為止。For example, if the command receiving time T protect is 500ms and the maximum command receiving preset period T protect_max is 10s, the command receiving time T protect will increase by 1s until the command receiving time T protect is equal to 10s every time an error is started.
例如,若錯誤地答覆密碼謎題(cryptographic puzzle)10次會導致之後的每次輸入要在10s後才能被接受,而且蠻力攻擊(BruteForce)及窮舉攻擊SHA256編碼是非常困難且幾乎不可能的,當指令接收時間Tprotect 為10s時,此攻擊會更加困難。For example, if you answer a cryptographic puzzle 10 times incorrectly, each subsequent input will not be accepted after 10s, and brute force attacks (BruteForce) and brute force attacks on SHA256 encoding are very difficult and almost impossible. Yes , when the command receiving time T protect is 10s, this attack will be more difficult.
根據本發明之實施例,執行使用密碼遠程啟動遠端鑰匙鎖系統之方法的遠端鑰匙鎖系統包括:According to an embodiment of the present invention, the remote key lock system for executing the method of remotely starting the remote key lock system using a password includes:
鑰裝置,其包括複數個按鈕,每一該第一按鈕對應一指令,該指令例如為開、關、上或下等;另一按鈕以設定該個人身分識別碼;一無線發射器;一無線接收器;一鑰處理晶片,其內嵌有軟體以根據預設步驟進行加密;以及一電源。另外,鑰裝置還可包含光顯示螢幕、閃光燈、微控制器。The key device includes a plurality of buttons, and each of the first buttons corresponds to an instruction, for example, the instruction is on, off, up or down; the other button is used to set the personal identification code; a wireless transmitter; a wireless Receiver; a key processing chip with embedded software for encryption according to preset steps; and a power supply. In addition, the key device can also include a light display screen, a flashlight, and a microcontroller.
鎖裝置,其包含一無線發射器、一無線接收器、一鎖處理晶片及一電源,其中該鎖處理晶片內嵌有軟體以根據預設步驟進行加密,且該鎖處理晶片具有一指令執行機構。另外,該鎖裝置可以包含輔助埠,其連接可透過該個人身分識別碼啟動的一手動開/關按鈕;小型光顯示螢幕;閃光燈或液晶顯示器,其用以顯示資訊;喇叭或警報器;及無線網路模組連接埠以與智慧手機、輔助模組連接。The lock device includes a wireless transmitter, a wireless receiver, a lock processing chip and a power supply, wherein the lock processing chip is embedded with software to perform encryption according to preset steps, and the lock processing chip has a command execution mechanism . In addition, the lock device may include an auxiliary port connected to a manual on/off button that can be activated through the personal identification code; a small light display screen; a flashlight or liquid crystal display for displaying information; a horn or alarm; and The wireless network module port is used to connect with smart phones and auxiliary modules.
鑰裝置的加密軟體中的預設步驟相符鎖裝置的加密軟體中的預設步驟。The default steps in the encryption software of the key device match the default steps in the encryption software of the lock device.
鑰裝置及鎖裝置透過密碼參數CypherKey彼此同步,其中該密碼參數CypherKey由該三成分組成的雜湊函數計算得,該三成分為產品生產商使用該鑰裝置所定義的該鑰識別碼KeyID/SerialNumber、萬能鑰匙生產商所定義之該參數Masterkey、以及該個人身分識別碼PIN,其中,該個人身分識別碼PIN為每當該使用者請求設置該個人身分識別碼PIN時,該遠端鑰匙鎖系統所自動產生的該串隨機值。The key device and the lock device are synchronized with each other through the cryptographic parameter CypherKey, where the cryptographic parameter CypherKey is calculated by the hash function composed of the three components, and the three components are the key identification code KeyID/SerialNumber, The parameter Masterkey and the personal identification code PIN defined by the master key manufacturer, where the personal identification code PIN is set by the remote key lock system whenever the user requests to set the personal identification code PIN This string of random values is automatically generated.
本發明之有利功效:Advantageous effects of the present invention:
本發明有助於徹底消除滾動碼之安全性方法的安全性漏洞。因此竊聽(wiretapping)後再重播碼之方式是沒有作用的。因為,每次鑰裝置發出啟動封包時,鎖裝置皆會產生一個隨機且不重複的符記,以形成一雜湊函數謎題,且此雜湊函數謎題需要鑰裝置應答以進行驗證。若鎖裝置被阻擋而未收到啟動封包,或是已收到啟動封包且發出一問題,但在預定期間內未收到回覆,則立即取消鑰裝置與鎖裝置之間的通訊傳輸。即,監聽及儲存鑰裝置與鎖裝置之間交換的資訊,並不助於監聽者以後進行干擾或侵入。The invention helps to completely eliminate the security loopholes in the security method of rolling codes. Therefore, the method of replaying the code after wiretapping is useless. Because, every time the key device sends out an activation packet, the lock device will generate a random and non-repeated symbol to form a hash function puzzle, and this hash function puzzle requires the key device to answer for verification. If the lock device is blocked without receiving the activation packet, or the activation packet has been received and a problem is issued, but no reply is received within the predetermined period, the communication transmission between the key device and the lock device will be cancelled immediately. That is, monitoring and storing the information exchanged between the key device and the lock device does not help the monitor to interfere or invade in the future.
本發明提出之方法使得不可能假冒鑰裝置。每個鑰裝置皆透過密碼參數CypherKey與鎖裝置同步。使用密碼參數CypherKey的加密函數為於1993年初發明的SHA函數。此些函數亦稱為一維加密(one-dimensional encryption)。即,蒐集密文無助於反轉用於產生密碼的參數。亦即,可以公開發出密文而不需擔心會洩漏密碼參數CypherKey。The method proposed by the present invention makes it impossible to counterfeit the key device. Each key device is synchronized with the lock device through the password parameter CypherKey. The encryption function using the password parameter CypherKey is the SHA function invented in early 1993. These functions are also called one-dimensional encryption. That is, collecting the ciphertext does not help reverse the parameters used to generate the password. That is, the cipher text can be publicly sent without worrying about leaking the password parameter CypherKey.
密碼參數CypherKey的三個成份之構成保證了使用者之所有權。因為個人身分識別碼PIN為一個很長的數值,其為隨機產生的且使用者並不知道個人身分識別碼PIN,因此個人身分識別碼PIN並不會被洩漏,且鑰裝置生產商(key manufacturer)與使用鑰裝置的產品生產商不可強行干涉已供給客戶之產品。即使由於某些原因導致密碼參數CypherKey被使用此方法的產品生產商洩漏,也不太可能進行篡改。進一步的,由於個人身分識別碼PIN之成份為系統隨機生成,因而密碼參數CypherKey無法在兩個產品之間重複。The composition of the three components of the password parameter CypherKey guarantees the ownership of the user. Because the personal identification code PIN is a very long value, it is randomly generated and the user does not know the personal identification code PIN, so the personal identification code PIN will not be leaked, and the key device manufacturer (key manufacturer) ) The manufacturer of the product using the key device must not forcibly interfere with the product that has been supplied to the customer. Even if the password parameter CypherKey is leaked by the product manufacturer using this method due to some reasons, it is unlikely to be tampered with. Furthermore, since the component of the personal identification code PIN is randomly generated by the system, the password parameter CypherKey cannot be repeated between the two products.
當未獲使用鑰裝置的產品生產商之授權時,鑰裝置被複製之事情亦不可能發生。因為,鑰裝置所建立的結構包括三個成份,可以允許分別開發專用的軟體,而若未獲授權則不可隨意被複製。此還可允許國家(政府)設立一個權責機關來控制提供鑰鎖服務之單位、代理商。It is impossible for the key device to be copied without the authorization of the product manufacturer that uses the key device. Because the structure established by the key device includes three components, which allow the development of dedicated software separately, but cannot be copied at will if it is not authorized. This also allows the state (government) to establish a power and responsibility agency to control units and agents that provide key lock services.
蠻力窮舉攻擊(BruteForce exhaustive attack)方式沒有作用之原因為指令接收時間Tprotect ,使用指令接收時間Tprotect 從最小指令接收預設期間Tprotect_min 至最大指令接收預設期間Tprotect_max ,以限制連續訪問鎖裝置之時間,而起到了防火牆的作用。這樣一來,即會防止連續試用有可能之密碼(編碼),並使對編碼空間(code space)之窮舉攻擊因花太多時間而變得更加困難。The reason why the BruteForce exhaustive attack method does not work is the command receiving time T protect , using the command receiving time T protect from the minimum command receiving preset period T protect_min to the maximum command receiving preset period T protect_max to limit the continuity The time of access to the lock device, which acts as a firewall. In this way, it will prevent continuous trials of possible passwords (encodings), and make exhaustive attacks on the code space more difficult because it takes too much time.
每次對接傳輸之資訊只使用一次且無法被假冒,因此,當使用指令接收時間Tprotect 的反攻機制以防止及無效窮舉攻擊(如蠻力攻擊)時,對於對接模仿封包的連續攻擊只能收到錯誤的結果。The information transmitted in each docking is only used once and cannot be counterfeited. Therefore, when the counterattack mechanism of the command receiving time T protect is used to prevent and invalidate exhaustive attacks (such as brute force attacks), the continuous attack on docking imitating packets can only be used Wrong result received.
阻斷服務攻擊之方式沒有作用因為:對於啟動封包的控制,封包中的位元組必須隨著時間的推移而連續,使得鎖裝置可以濾除未處理的雜訊。The denial-of-service attack method has no effect because: for the control of the start packet, the bytes in the packet must be continuous over time, so that the lock device can filter out the unprocessed noise.
本發明允許鑰裝置的硬體被設計成可以在節能模式下運行。啟動指令總是由鑰裝置發出,以允許鑰裝置可設定為休眠狀態,即最大節省能量狀態,且在使用者啟動其時,才喚醒而動作。The present invention allows the hardware of the key device to be designed to operate in an energy-saving mode. The activation command is always issued by the key device to allow the key device to be set to the dormant state, that is, the maximum energy saving state, and only wake up and act when the user activates it.
本發明提出之方法不會隨著時間的推移而損害加密之安全性。與使用計時器的某些符記種類之同步方式不同,本發明之符記同步使用直接傳輸方法。當使用適於民用設備成本的石英振盪技術之計時器時,該技術隨著時間的推移會累積誤差,在1年之後可達到1s,即迅速達到不同步的水平。The method proposed by the present invention will not damage the security of encryption over time. Unlike the synchronization method of certain types of tokens using timers, the token synchronization of the present invention uses the direct transmission method. When using a timer with quartz oscillation technology that is suitable for the cost of civilian equipment, the technology will accumulate errors over time, which can reach 1s after 1 year, that is, quickly reach the level of non-synchronization.
本發明提出之方法可在許多具有不同性能之不同設備運行,以命令遠程控制進行驗證。The method proposed by the present invention can be run on many different devices with different performances, and can be verified by commanding remote control.
由於使用更正碼(矯正碼(error correction code))以及收到錯誤時再發訊息之協議(重傳協議(retransmission protocol)),本發明提出之方法允許系統可在較大的電磁干擾環境中運行。相較於多種類型之鑰裝置目前於正常環境下所使用的「重複傳送多段碼(repeating multiple codes)方法」,本發明之方法的優點在於,在干擾環境中,只需要精確地傳送一次至目的地,而不是傳送多次導致鑰裝置消耗更多能量。此方法之通訊傳輸較重複傳送多段碼方法有更佳及具有更高的效率。Due to the use of a correction code (error correction code) and a protocol for re-sending messages when an error is received (retransmission protocol), the method proposed in the present invention allows the system to operate in a larger electromagnetic interference environment . Compared with the "repeating multiple codes method" currently used by various types of key devices in normal environments, the method of the present invention has the advantage that in an interference environment, it only needs to be accurately transmitted once to the destination. Instead of transmitting multiple times, the key device consumes more energy. The communication transmission of this method is better and more efficient than the repeated transmission of multi-segment codes.
本發明的鑰裝置與鎖裝置之間的雙向通訊對接協議是公開的。用公開的參數所建立的雜湊函數之公式可以用合法或不合法的方式複製實現,但此些公開的協議及雜湊函數無法危及本發明的使用密碼遠程啟動遠端鑰匙鎖裝置的方法之鎖系統。這與「Microchip」廠商使用的「KeeLoq」算法具有很大的差別。The two-way communication docking protocol between the key device and the lock device of the present invention is disclosed. The formula of the hash function established by the public parameters can be copied and implemented in legal or illegal ways, but these public protocols and hash functions cannot compromise the lock system of the method for remotely starting a remote key lock device using a password of the present invention . This is very different from the "KeeLoq" algorithm used by the "Microchip" manufacturer.
1~5:步驟1~5: steps
[圖1]係為依據本發明一實施例之使用密碼遠程啟動鑰匙鎖系統之流程圖。[Fig. 1] is a flow chart of using a password to remotely start the key lock system according to an embodiment of the present invention.
1~5:步驟 1~5: steps
Claims (13)
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| VN202001076 | 2020-02-27 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TW202133010A true TW202133010A (en) | 2021-09-01 |
Family
ID=77492137
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW110107405A TW202133010A (en) | 2020-02-27 | 2021-03-02 | Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method |
Country Status (2)
| Country | Link |
|---|---|
| TW (1) | TW202133010A (en) |
| WO (1) | WO2021174264A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI795148B (en) * | 2021-12-28 | 2023-03-01 | 四零四科技股份有限公司 | Device, method and system of handling access control |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5363448A (en) * | 1993-06-30 | 1994-11-08 | United Technologies Automotive, Inc. | Pseudorandom number generation and cryptographic authentication |
| KR20110111661A (en) * | 2010-04-05 | 2011-10-12 | 부산대학교 산학협력단 | Rfid tag for protecting duplication, system and method for protecting duplication using the same on epc network |
| WO2013095387A1 (en) * | 2011-12-20 | 2013-06-27 | Intel Corporation | Secure replay protected storage |
| US10805276B2 (en) * | 2017-09-05 | 2020-10-13 | Comodo Security Solutions, Inc. | Device and methods for safe control of vehicle equipment secured by encrypted channel |
| US10553058B2 (en) * | 2018-06-29 | 2020-02-04 | Micron Technology, Inc. | Secure wireless lock-actuation exchange |
-
2021
- 2021-02-24 WO PCT/VN2021/000004 patent/WO2021174264A1/en active Application Filing
- 2021-03-02 TW TW110107405A patent/TW202133010A/en unknown
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI795148B (en) * | 2021-12-28 | 2023-03-01 | 四零四科技股份有限公司 | Device, method and system of handling access control |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021174264A1 (en) | 2021-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11070364B2 (en) | Secure communication method and smart lock system based thereof | |
| US10542002B2 (en) | Systems and methods for device authentication | |
| US9921978B1 (en) | System and method for enhanced security of storage devices | |
| US10419226B2 (en) | Systems and methods for device authentication | |
| US5144667A (en) | Method of secure remote access | |
| US6108785A (en) | Method and apparatus for preventing unauthorized usage of a computer system | |
| US20080025514A1 (en) | Systems And Methods For Root Certificate Update | |
| US20090158033A1 (en) | Method and apparatus for performing secure communication using one time password | |
| US10263782B2 (en) | Soft-token authentication system | |
| Studer et al. | Mobile user location-specific encryption (MULE) using your office as your password | |
| US20030063742A1 (en) | Method and apparatus for generating a strong random number for use in a security subsystem for a processor-based device | |
| EP1295261A2 (en) | Biometric-based authentication in a non-volatile memory device | |
| US8566579B2 (en) | Obfuscated authentication systems, devices, and methods | |
| WO2007103298A2 (en) | Security, storage and communication system | |
| KR20000057584A (en) | Process for securing the privacy of data transmission | |
| CN117313114A (en) | Method and system for securely transferring data | |
| JP2019057167A (en) | Computer program, device and determining method | |
| CN107958513A (en) | A kind of offline authorization method and system of electronic lock | |
| KR102160656B1 (en) | Login Method Using Palm Vein | |
| TW202133010A (en) | Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method | |
| WO2007001237A2 (en) | Encryption system for confidential data transmission | |
| CN107231380B (en) | Anti-attack identity authentication method and system and anti-attack automobile system | |
| US11741214B2 (en) | Passcode authentication based data storage device | |
| US10979226B1 (en) | Soft-token authentication system with token blocking after entering the wrong PIN | |
| KR20230050464A (en) | Secure communication between known users |