TWI588782B - Security method, security gate and server - Google Patents
Security method, security gate and server Download PDFInfo
- Publication number
- TWI588782B TWI588782B TW103141478A TW103141478A TWI588782B TW I588782 B TWI588782 B TW I588782B TW 103141478 A TW103141478 A TW 103141478A TW 103141478 A TW103141478 A TW 103141478A TW I588782 B TWI588782 B TW I588782B
- Authority
- TW
- Taiwan
- Prior art keywords
- security gate
- mobile device
- security
- gate
- identification code
- Prior art date
Links
Description
本揭露是有關於一種保全方法及系統。 The disclosure relates to a preservation method and system.
為保障人身財產安全,各種保全機制因應而生,現今保全機制,以門禁系統來舉例,大多採用鑰匙、感應卡或密碼;而鑰匙或感應卡的攜帶麻煩與遺失問題,經常造成人們不便,鑰匙或感應卡甚至有被盜拷的風險;遺忘密碼或甚而被破解密碼更是讓人困擾。 In order to protect the safety of personal and property, various security mechanisms have been created. The current security mechanism, using the access control system, mostly uses keys, proximity cards or passwords. The key or proximity card is troublesome and lost, often causing inconvenience. Or the proximity card is even at risk of being stolen; forgetting the password or even cracking the password is even more troublesome.
提供方便又安全的保全機制,是目前急需解決的問題。 Providing a convenient and secure security mechanism is an urgent problem to be solved.
本揭露利用行動裝置來進行認證的一種保全系統與方法。 The present disclosure discloses a security system and method for authenticating using a mobile device.
根據本揭露之一示範性實施例,提出一種保全方法適用於一保全系統,所述方法包括:由保全閘接收自行動裝置傳送之認證請求,產生保全閘識別訊息,並回傳該保全閘識別訊息及第一保全閘識別碼至該行動裝置;由伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與行動裝置識別碼,對該保全閘識別訊息解密,比對該 行動裝置識別碼與權限資料,如成功則加密運算產生授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;以及由該保全閘接收自該行動裝置傳送之該授權碼及第一保全閘識別碼,對該授權碼進行解密運算,如果驗證正確則批准該認證請求。 According to an exemplary embodiment of the present disclosure, a security method is provided for a security system, the method comprising: receiving, by the security gate, an authentication request transmitted from the mobile device, generating a security gate identification message, and transmitting the security gate identification a message and a first security gate identification code to the mobile device; the server receives the security gate identification message, the first security gate identification code and the mobile device identification code transmitted from the mobile device, and decrypts the security gate identification message, Compared to Mobile device identification code and authority data, if successful, the encryption operation generates an authorization code, returns the authorization code and the first security gate identification code to the mobile device; and the authorization code transmitted by the mobile device from the mobile device And the first security gate identification code, the decryption operation is performed on the authorization code, and if the verification is correct, the authentication request is approved.
根據本揭露之一示範性實施例,提出一種保全方法,適用於保全閘,包括:接收自行動裝置傳送之認證請求,產生保全閘識別訊息,並回傳該保全閘識別訊息及第一保全閘識別碼至該行動裝置;以及接收自該行動裝置傳送之授權碼及第一保全閘識別碼,對該授權碼進行解密運算,進行驗證,如果正確則批准該認證請求;其中,該授權碼是由伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與行動裝置識別碼,由該伺服器對該保全閘識別訊息解密,比對該行動裝置識別碼與權限資料,如成功則該伺服器加密運算產生該授權碼,該伺服器回傳該授權碼及該第一保全閘識別碼到該行動裝置。 According to an exemplary embodiment of the present disclosure, a security method is provided, which is applicable to a security gate, comprising: receiving an authentication request transmitted from a mobile device, generating a security gate identification message, and returning the security gate identification message and the first security gate And the identifier is sent to the mobile device; and the authorization code and the first security gate identification code transmitted from the mobile device are received, and the authorization code is decrypted and verified, and if the authentication is correct, the authentication request is approved; wherein the authorization code is Receiving, by the server, the security gate identification message, the first security gate identification code and the mobile device identification code transmitted by the mobile device, the server decrypting the security gate identification message, comparing the mobile device identification code and the authority The data, if successful, the server encryption operation generates the authorization code, and the server returns the authorization code and the first security gate identification code to the mobile device.
根據本揭露之一示範性實施例,提出一種保全閘,包括:保全閘通訊單元,該保全閘通訊單元經配置以在該保全閘與行動裝置之間傳送接收訊息;以及保全閘控制單元,該保全閘控制單元經配置以:接收自該行動裝置傳送之認證請求,產生保全閘識別訊息,並回傳該保全閘識別訊息及第一保全閘識別碼至該行動裝置;及接收自該行動裝置傳 送之授權碼及第一保全閘識別碼,對該授權碼進行解密運算,進行驗證,如果正確則批准該認證請求;其中,該授權碼是由伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與行動裝置識別碼,由該伺服器對該保全閘識別訊息解密,比對該行動裝置識別碼與權限資料,如成功則該伺服器加密運算產生該授權碼,該伺服器回傳該授權碼及該第一保全閘識別碼到該行動裝置。 According to an exemplary embodiment of the present disclosure, a security gate is provided, including: a security gate communication unit configured to transmit a reception message between the security gate and a mobile device; and a security gate control unit, The security gate control unit is configured to: receive an authentication request transmitted from the mobile device, generate a security gate identification message, and return the security gate identification message and the first security gate identification code to the mobile device; and receive the mobile device pass Sending the authorization code and the first security gate identification code, decrypting the authorization code, performing verification, and if so, approving the authentication request; wherein the authorization code is received by the server from the mobile device Identifying the message, the first security gate identification code and the mobile device identification code, the server decrypting the security gate identification message, comparing the mobile device identification code and the authority data, if successful, the server encryption operation generates the authorization And the server returns the authorization code and the first security gate identification code to the mobile device.
根據本揭露之一示範性實施例,提出一種保全方法,適用於伺服器,包括:接收自該行動裝置傳送之保全閘識別訊息、第一保全閘識別碼與行動裝置識別碼;對該保全閘識別訊息解密;以及比對該行動裝置識別碼與權限資料,如成功則加密運算產生授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;其中,該保全閘識別訊息是由保全閘接收自該行動裝置傳送之認證請求所產生,由該保全閘所回傳該保全閘識別訊息及該第一保全閘識別碼至該行動裝置;以及當該保全閘接收自該行動裝置傳送之該授權碼及第一保全閘識別碼後,對該授權碼進行解密運算,進行驗證,如果正確則批准該認證請求。 According to an exemplary embodiment of the present disclosure, a security method is provided, which is applicable to a server, including: receiving a security gate identification message transmitted by the mobile device, a first security gate identification code, and a mobile device identification code; Decrypting the identification message; and comparing the mobile device identification code and the authority data, if successful, the encryption operation generates an authorization code, and returns the authorization code and the first security gate identification code to the mobile device; wherein the security gate identification message Is generated by the security gate receiving the authentication request transmitted from the mobile device, and the security gate is returned by the security gate to the mobile gate identification message and the first security gate identification code to the mobile device; and when the security gate is received from the action After the authorization code and the first security gate identification code transmitted by the device, the authorization code is decrypted and verified, and if it is correct, the authentication request is approved.
根據本揭露之一示範性實施例,提出一種伺服器,包括:伺服器通訊單元,該伺服器通訊單元經配置以在該伺服器與行動裝置之間傳送接收訊息;以及伺服器控制單元,該伺服器控制單元經配置以:接收自該行動裝置傳送之 保全閘識別訊息、第一保全閘識別碼與行動裝置識別碼;對該保全閘識別訊息解密;及比對該行動裝置識別碼與權限資料,如成功則加密運算產生授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;其中,該保全閘識別訊息是由保全閘接收自該行動裝置傳送之認證請求所產生,由該保全閘所回傳該保全閘識別訊息及該第一保全閘識別碼至該行動裝置;以及當該保全閘接收自該行動裝置傳送之該授權碼及第一保全閘識別碼後,對該授權碼進行解密運算,進行驗證,如果正確則批准該認證請求。 According to an exemplary embodiment of the present disclosure, a server is provided, including: a server communication unit configured to transmit a received message between the server and a mobile device; and a server control unit, the server The server control unit is configured to: receive from the mobile device Preserving the gate identification message, the first security gate identification code and the mobile device identification code; decrypting the security gate identification message; and comparing the mobile device identification code and the authority data, if successful, the encryption operation generates an authorization code, and the authorization is returned And the first security gate identification code is sent to the mobile device; wherein the security gate identification message is generated by the security gate receiving the authentication request transmitted by the mobile device, and the security gate is returned by the security gate and The first security gate identification code is sent to the mobile device; and when the security gate receives the authorization code and the first security gate identification code transmitted from the mobile device, decrypting the authorization code and performing verification, if correct Approve the certification request.
為了對本案之上述及其他內容有更佳的瞭解,下文特舉實施例,並配合所附圖式,作詳細說明如下。 In order to better understand the above and other aspects of the present invention, the following detailed description of the embodiments and the accompanying drawings are set forth below.
1、4‧‧‧保全系統 1, 4‧‧‧Security system
100‧‧‧伺服器 100‧‧‧Server
200‧‧‧行動裝置 200‧‧‧ mobile device
300‧‧‧保全閘 300‧‧‧Security gate
S201~S203、S301~S309、S501~S502、S601~S604‧‧‧步驟 S201~S203, S301~S309, S501~S502, S601~S604‧‧‧ steps
701‧‧‧保全閘通訊單元 701‧‧‧Security gate communication unit
702‧‧‧保全閘控制單元 702‧‧‧Security gate control unit
801‧‧‧伺服器通訊單元 801‧‧‧Server communication unit
802‧‧‧伺服器控制單元 802‧‧‧Server Control Unit
第1圖繪示本案一實施例之保全系統之方塊示意圖。 FIG. 1 is a block diagram showing a security system according to an embodiment of the present invention.
第2~3圖繪示本案一實施例之保全方法。 Figures 2 to 3 illustrate a method of preservation in an embodiment of the present invention.
第4圖繪示本案一實施例之保全系統中訊息傳遞簡圖。 FIG. 4 is a schematic diagram of message transmission in a security system according to an embodiment of the present invention.
第5~6圖繪示本案一實施例之同步流程。 Figures 5-6 show the synchronization process of an embodiment of the present invention.
第7圖繪示本案一實施例之保全閘之方塊圖。 FIG. 7 is a block diagram showing the security gate of an embodiment of the present invention.
第8圖繪示本案一實施例之伺服器之方塊圖。 FIG. 8 is a block diagram showing a server of an embodiment of the present invention.
本說明書的技術用語係參照本技術領域之習慣 用語,如本說明書對部分用語有加以說明或定義,該部分用語之解釋係以本說明書之說明或定義為準。另外,在可能實施的前提下,本說明書所描述之物件或事件間的相對關係,涵義可包含直接或間接的關係,所謂「間接」係指物件間尚有中間物或物理空間的存在,或指事件間尚有中間事件或時間間隔的存在。再者,以下內容係關於保全方法與及系統,對於該領域習見的技術或原理,若不涉及本案之技術特徵,將不予贅述。此外,圖示中元件之形狀、尺寸、比例以及流程之步驟順序等僅為示意,係供本技術領域具有通常知識者瞭解本案之用,非對本案之實施範圍加以限制。 The technical terms of this specification refer to the habits of the technical field. Terms, such as the specification, are used to describe or define some terms. The interpretation of the terms is based on the description or definition of this specification. In addition, the relative relationship between the objects or events described in this specification may include direct or indirect relationships, and the term "indirect" means that there is an intermediate or physical space between the objects, or Refers to the existence of intermediate events or time intervals between events. Furthermore, the following contents are related to the preservation method and system, and the technical or principle of the prior art will not be described if it does not involve the technical features of the present case. In addition, the shapes, dimensions, proportions, and sequence steps of the elements in the drawings are merely illustrative, and are intended to be used by those of ordinary skill in the art to understand the present invention, and are not intended to limit the scope of the present invention.
另外,以下說明內容之各個實施例分別具有一或多個技術特徵,然此並不意味著使用本案者必需同時實施任一實施例中的所有技術特徵,或僅能分開實施不同實施例中的一部或全部技術特徵。換句話說,在可能實施的前提下,本技術領域具有通常知識者可依據本案之揭露內容,並視自身的需求或設計理念,選擇性地實施任一實施例中部分或全部的技術特徵,或者選擇性地實施多個實施例中部分或全部的技術特徵之組合,藉此增加本案實施彈性。本案之揭露內容包含保全系統與方法,但本案實施例之技術特徵並非對本案之限制,僅供本案舉例說明暨本技術領域人士瞭解本案之用。此外,在可能實施的前提下,本技術領域具有通常知識者能夠依據本案揭露內容來選擇等效之元件或步驟來實現本 案,亦即本案之實施並不侷限於本案所揭露之實施例。 In addition, each embodiment of the following description has one or more technical features respectively, which does not mean that all technical features in any embodiment must be implemented at the same time, or only in different embodiments can be separately implemented. One or all technical features. In other words, those skilled in the art can selectively implement some or all of the technical features of any embodiment according to the needs of the present disclosure or the design concept. Alternatively, a combination of some or all of the technical features of the various embodiments may be selectively implemented, thereby increasing the flexibility of the present implementation. The disclosure of the present invention includes the security system and method, but the technical features of the embodiments of the present invention are not limited to the present case, and are only for the purpose of illustration and the person skilled in the art understand the use of the case. In addition, where possible, those skilled in the art can select equivalent elements or steps to implement the present invention based on the disclosure of the present disclosure. The case, that is, the implementation of this case is not limited to the embodiment disclosed in this case.
另外,如果本案之保全閘、伺服器及行動裝置所包含之個別元件為已知元件的話,在不影響充分揭露及可據以實現的情形下,以下說明對於實現之個別元件的細節將予以節略。 In addition, if the individual components included in the security gate, server and mobile device of the present case are known components, the following description will abbreviate the details of the individual components implemented without affecting the full disclosure and implementation. .
圖1說明,根據示範性實施例的保全系統1的功能方塊圖,至少包括:伺服器100、行動裝置200以及保全閘300。本揭露所提到之行動裝置200可以例如是無線電話、筆記型電腦等,而保全閘300可以例如是電子鎖(electronic lock)、或其他保全啟動裝置(security enable device);所述電子鎖可以例如住所之門禁、汽車門鎖等,所述其他保全啟動裝置,則例如資料讀取權限的啟動、類比或數位訊號的輸出等。 1 illustrates a functional block diagram of a security system 1 including at least a server 100, a mobile device 200, and a security gate 300, in accordance with an exemplary embodiment. The mobile device 200 mentioned in the present disclosure may be, for example, a wireless telephone, a notebook computer, etc., and the security gate 300 may be, for example, an electronic lock or another security enable device; the electronic lock may For example, the access control of the residence, the car door lock, etc., the other security activation device, for example, the activation of the data reading authority, the analogy or the output of the digital signal.
行動裝置200傳送認證請求到保全閘300,保全閘回傳識別相關訊息到行動裝置200,行動裝置200將相關訊息及行動裝置識別碼傳遞到伺服器100,由伺服器100確認權限後,回傳授權相關訊息到行動裝置200,並藉由行動裝置200傳遞到保全閘300;保全閘300在驗證後,決定是否批准行動裝置200的認證請求。保全閘300之批准,例如是啟動電子鎖之開鎖動作,或通過認證或一資料庫之讀取權限,等等。 The mobile device 200 transmits an authentication request to the security gate 300, and the security gate transmits the identification related information to the mobile device 200. The mobile device 200 transmits the related information and the mobile device identification code to the server 100, and the server 100 confirms the authority and then returns the message. The relevant information is authorized to the mobile device 200 and transmitted to the security gate 300 by the mobile device 200; after the verification, the security gate 300 determines whether to approve the authentication request of the mobile device 200. The approval of the security gate 300, for example, is to activate the unlocking action of the electronic lock, or to pass the authentication or the reading permission of a database, and the like.
請參考圖2,顯示根據本揭露一實施例之保全方 法;於步驟S201中,由保全閘300接收自行動裝置200傳送之認證請求,產生保全閘識別訊息,並回傳該保全閘識別訊息及第一保全閘識別碼至行動裝置200;於步驟S202中,由伺服器100接收自行動裝置200傳送之保全閘識別訊息、第一保全閘識別碼與行動裝置識別碼,對保全閘識別訊息進行解密,並比對行動裝置識別碼與權限資料,如果成功則進一步加密運算產生屬於此行動裝置的授權碼,伺服器傳送授權碼及該第一保全閘識別碼到該行動裝置;於步驟S230中,保全閘300接收自行動裝置200傳送之授權碼及第一保全閘識別碼,對該授權碼進行解密運算,如果驗證正確則批准該認證請求。 Please refer to FIG. 2, which shows a security party according to an embodiment of the present disclosure. In step S201, the security gate 300 receives the authentication request transmitted from the mobile device 200, generates a security gate identification message, and returns the security gate identification message and the first security gate identification code to the mobile device 200; in step S202 Receiving, by the server 100, the security gate identification message, the first security gate identification code and the mobile device identification code transmitted from the mobile device 200, decrypting the security gate identification message, and comparing the mobile device identification code and the authority data, if If successful, the further encryption operation generates an authorization code belonging to the mobile device, and the server transmits the authorization code and the first security gate identification code to the mobile device; in step S230, the security gate 300 receives the authorization code transmitted from the mobile device 200 and The first security gate identification code decrypts the authorization code and approves the authentication request if the verification is correct.
圖3顯示根據圖2的步驟更進一步之一實施例,步驟S301保全閘接收自行動裝置發出之認證請求;步驟S302保全閘300產生第一保全閘數碼、第二公開金鑰(PU2)與第二私密金鑰(PR2),並使用第一私密金鑰(PR1)加密第一保全閘數碼與第二公開金鑰(PU2)以產生保全閘識別訊息;步驟S303保全閘回傳保全閘識別訊息及第一保全閘識別碼至行動裝置,再由行動裝置傳送此些訊息及行動裝置識別碼至伺服器;步驟S304:伺服器300使用第一公開金鑰(PU1)對保全閘識別訊息解密,取出第一保全閘數碼與該第二公開金鑰(PU2),並比對行動裝置識別碼與權限資料,決定是否有開啟保全閘的權限。如果權限比對成功則執行步驟S305:伺服器 100使用第二公開金鑰(PU2)加密第一保全閘數碼產生授權碼,並將第一公開金鑰(PU1)更新為第二公開金鑰(PU2);步驟S306:伺服器100回傳授權碼及第一保全閘識別碼到行動裝置200,再由行動裝置200傳送至保全閘300;步驟S307:當保全閘300接收到行動裝置200傳送之授權碼及第一保全閘識別碼,使用第二私密金鑰(PR2)對該授權碼進行解密運算,以得到第一保全閘數碼;步驟S308:比對從行動裝置200接收到的第一保全閘識別碼與原存於保全閘300之第一保全閘識別碼,以及比對解密得到的第一保全閘數碼與原存於保全閘300之第一保全閘數碼;步驟S309:如正確則批准該認證請求並將該第一私密金鑰(PR1)更新為該第二私密金鑰(PR2)。 3 shows an embodiment according to the step of FIG. 2, in which the step S301 holds the authentication request sent from the mobile device; in step S302, the security gate 300 generates the first security gate digital, the second public key (PU2) and the first a private key (PR2), and encrypting the first security gate digital and the second public key (PU2) using the first private key (PR1) to generate a security gate identification message; and step S303 to secure the gateback security gate identification message And the first security gate identification code is sent to the mobile device, and the mobile device transmits the message and the mobile device identification code to the server; and step S304: the server 300 decrypts the security gate identification message by using the first public key (PU1). The first security gate digital and the second public key (PU2) are taken out, and the mobile device identification code and the authority data are compared to determine whether there is permission to open the security gate. If the permission comparison is successful, step S305 is performed: the server 100 encrypting the first security gate digital generation authorization code using the second public key (PU2), and updating the first public key (PU1) to the second public key (PU2); step S306: the server 100 returns the authorization The code and the first security gate identification code are transmitted to the mobile device 200, and then transmitted by the mobile device 200 to the security gate 300; step S307: when the security gate 300 receives the authorization code transmitted by the mobile device 200 and the first security gate identification code, the first use The second private key (PR2) decrypts the authorization code to obtain the first security gate number; step S308: compares the first security gate identification code received from the mobile device 200 with the original stored in the security gate 300 a security gate identification code, and a first security gate digitally obtained by comparing the decryption with a first security gate number originally stored in the security gate 300; step S309: if the authentication request is correct, the first private key is approved ( PR1) is updated to the second private key (PR2).
根據一實施例,如果伺服器100在步驟S304的權限比對不成功,則回覆無權限訊息給行動裝置200。 According to an embodiment, if the authority comparison of the server 100 in step S304 is unsuccessful, then the no-privileged message is replied to the mobile device 200.
根據一實施例,如果保全閘300在步驟S308比對不正確,則回覆認證不批准訊息給行動裝置200。 According to an embodiment, if the security gate 300 is incorrectly aligned in step S308, a reply authentication approval message is sent to the mobile device 200.
根據一實施例,在步驟302保全閘產生第一保全閘數碼、第二公開金鑰(PU2)與第二私密金鑰(PR2)是隨機產生的。 According to an embodiment, at step 302, the first gate is generated, the second public key (PU2) and the second private key (PR2) are randomly generated.
根據一實施例,在步驟302保全閘產生第一保全閘數碼是由亂數函數產生。 According to an embodiment, the step of generating a first hold gate at step 302 is generated by a random number function.
根據一實施例,在步驟S306伺服器回傳授權碼 及第一保全閘識別碼到該行動裝置,伺服器更包括回傳一授權時間至該行動裝置;在步驟S308保全閘比對的步驟,保全閘300更包括接收自行動裝置200傳送之授權時間,以及確認目前是否在該授權時間內。 According to an embodiment, the server returns the authorization code in step S306. And the first security gate identification code to the mobile device, the server further comprises: returning an authorization time to the mobile device; in step S308, the step of maintaining the gate comparison, the security gate 300 further comprises receiving the authorization time transmitted from the mobile device 200. And confirm whether it is currently within the authorization time.
根據一實施例,上述之行動裝置識別碼例如包括:電話號碼、國際行動用戶辨識碼(International Mobile Subscriber Identification Number;IMSI)、行動通訊國際識別碼(International Mobile Equipment Identification Number;IMEI)、近場通訊識別碼或身份證字號、等等。根據一實施例,上述之行動裝置識別碼是行動裝置之唯一識別碼。 According to an embodiment, the mobile device identification code includes, for example, a telephone number, an International Mobile Subscriber Identification Number (IMSI), an International Mobile Equipment Identification Number (IMEI), and a near field communication. Identification code or ID number, etc. According to an embodiment, the mobile device identification code is a unique identification code of the mobile device.
圖4顯示根據圖3之流程,保全系統中伺服器100、行動裝置200及保全閘300之間彼此間訊息傳遞簡圖。相關流程步驟已詳述於前,於此不再贅述。 4 shows a schematic diagram of message transfer between the server 100, the mobile device 200, and the security gate 300 in the security system according to the flow of FIG. The related process steps have been described in detail above and will not be described here.
為預防系統可能之金鑰不同步問題,提出同步流程,說明如下。 In order to prevent the possible key unsynchronization of the system, a synchronization process is proposed, as explained below.
圖5顯示同步流程之一實施例,步驟S501:保全閘300接受自行動裝置200傳送之第一同步請求,產生第三公開金鑰(PU3)與第三私密金鑰(PR3),並回傳第三公開金鑰(PU3)與第一保全閘識別碼至行動裝置200;步驟S502:伺服器100在接收到由行動裝置200傳送之第二同步請求,該第二同步請求包括上述第三公開金鑰(PU3)與第一保全閘識別碼,將第一公開金鑰(PU1)更新為該第三公開金鑰(PU3)。 5 shows an embodiment of the synchronization process. Step S501: The security gate 300 accepts the first synchronization request transmitted from the mobile device 200, generates a third public key (PU3) and a third private key (PR3), and returns a third public key (PU3) and a first security gate identification code to the mobile device 200; step S502: the server 100 receives a second synchronization request transmitted by the mobile device 200, the second synchronization request including the third disclosure The key (PU3) and the first security gate identification code update the first public key (PU1) to the third public key (PU3).
圖6是根據圖5之同步流程中,進一步之一實施例。步驟S601~S602與步驟S501~S502相同,在此不再贅述;如果伺服器100更新公開金鑰成功,則回傳同步成功訊息到該行動裝置(步驟S603);以及該保全閘300接受自該行動裝置傳送之同步成功訊息,並將該第一私密金鑰(PR1)更新為該第三私密金鑰(PR3)(步驟S604);其中一實施例,保全閘300更包括回覆電子鎖是否更新成功。 Figure 6 is a further embodiment of the synchronization process in accordance with Figure 5. Steps S601 to S602 are the same as steps S501 to S502, and are not described herein again; if the server 100 updates the public key successfully, the synchronization success message is returned to the mobile device (step S603); and the security gate 300 is accepted from the The synchronization success message transmitted by the mobile device, and updating the first private key (PR1) to the third private key (PR3) (step S604); in one embodiment, the security gate 300 further includes whether the reply electronic lock is updated. success.
根據一實施例,於保全系統初始、定期、或運作失敗時啟動上述之同步流程。 According to an embodiment, the synchronization process described above is initiated upon initial, periodic, or operational failure of the security system.
根據一實施例,本揭露所述之加密/解密,包括:非對稱式加密及解密演算法,如RSA加密演算法、ElGamal加密演算法、背包演算法(Knapsack algorithm)、Rabin(Rabin-Karp algorithm)、迪菲-赫爾曼金鑰交換協定中的公鑰加密演算法(Diffie-Hellman key exchange algorithm)、橢圓曲線加密演算法(Elliptic Curve Cryptography,ECC)。 According to an embodiment, the encryption/decryption described in the disclosure includes: an asymmetric encryption and decryption algorithm, such as an RSA encryption algorithm, an ElGamal encryption algorithm, a Knapsack algorithm, and a Rabin (Rabin-Karp algorithm). ), Diffie-Hellman key exchange algorithm, Elliptic Curve Cryptography (ECC) in the Diffie-Hellman key exchange agreement.
圖7顯示保全閘300之進一步方塊圖,保全閘300包括保全閘通訊單元701負責與行動裝置之傳收訊息;以及保全閘控制單元702,配置以完成上述實施例保全閘之執行步驟。根據一實施例,該保全閘控制單元702包括一處理單元704,用以自一或多個記憶模組讀取至少一份可讀取程式碼,以完成該保全閘控制單元所實現的功能。根據另一實施 例,該保全閘控制單元702係以至少一集成電路來實現。 Figure 7 shows a further block diagram of the security gate 300, which includes a security gate communication unit 701 responsible for transmitting information to the mobile device; and a security gate control unit 702 configured to perform the steps of performing the security gate of the above embodiment. According to an embodiment, the security gate control unit 702 includes a processing unit 704 for reading at least one readable code from one or more memory modules to perform the functions implemented by the security gate control unit. According to another implementation For example, the security gate control unit 702 is implemented by at least one integrated circuit.
根據一實施例,圖7保全閘300更包括一開關703,當該保全閘控制單元批准該認證請求時,啟動該開關703。 According to an embodiment, the maintenance gate 300 of FIG. 7 further includes a switch 703 that is activated when the security gate control unit approves the authentication request.
根據一實施例,當該保全閘控制單元702批准該認證請求時,啟動一保全權限。 According to an embodiment, when the security gate control unit 702 approves the authentication request, a security right is initiated.
根據一實施例,圖7保全閘通訊單元701包括近距離通訊單元,例如可以是符合近場通訊(Near Field Communication;NFC)、藍芽(Bluetooth)、ZigBee、WIFI或超寬頻(Ultra-wideband)等規範之通訊單元。 According to an embodiment, the security gate communication unit 701 of FIG. 7 includes a short-range communication unit, which may be, for example, Near Field Communication (NFC), Bluetooth, ZigBee, WIFI or Ultra-wideband. Such as the standard communication unit.
圖8顯示伺服器100之進一步方塊圖,伺服器100包括伺服器通訊單元801負責與行動裝置之傳收訊息;以及伺服器控制單元802,配置以完成上述實施例伺服器100之執行步驟。根據一實施例,該伺服器控制單元802包括一處理單元803,用以自一或多個記憶模組讀取至少一份可讀取程式碼,以完成該伺服器控制單元802所實現的功能。根據另一實施例,該伺服器控制單元802係以至少一集成電路來實現。 8 shows a further block diagram of the server 100. The server 100 includes a server communication unit 801 responsible for transmitting information to and from the mobile device, and a server control unit 802 configured to perform the execution steps of the server 100 of the above embodiment. According to an embodiment, the server control unit 802 includes a processing unit 803 for reading at least one readable code from one or more memory modules to complete the functions implemented by the server control unit 802. . According to another embodiment, the server control unit 802 is implemented in at least one integrated circuit.
根據一實施例,圖8伺服器通訊單元801包括遠距離通訊單元,例如可以是符合WIFI、第三代行動通訊技術(3rd Generation:3G)、3.5G、第四代行動通訊技術(4G)、長 期演進技術(Long Term Evolution:LTE)或全球互通微波存取(Worldwide Interoperability for Microwave Access:WIMAX),等規範之通訊單元。 According to an embodiment, the server communication unit 801 of FIG. 8 includes a remote communication unit, which may be, for example, a WIFI, a third generation mobile communication technology (3rd Generation: 3G), a 3.5G, a fourth generation mobile communication technology (4G), long Long Term Evolution (LTE) or Worldwide Interoperability for Microwave Access (WIMAX), and other communication units.
綜上所述,雖然本案技術已以實施例揭露如上,然其並非用以限定本揭露。本案所屬技術領域中具有通常知識者,在不脫離發明之精神和範圍內,當可作各種之更動與潤飾。因此,本案之保護範圍當視後附之申請專利範圍所界定者為準。 In summary, although the present technology has been disclosed above by way of example, it is not intended to limit the disclosure. Those of ordinary skill in the art to which the invention pertains may make various changes and modifications without departing from the spirit and scope of the invention. Therefore, the scope of protection of this case is subject to the definition of the scope of the patent application attached.
S201~S203‧‧‧步驟 S201~S203‧‧‧Steps
Claims (32)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW103141478A TWI588782B (en) | 2014-11-28 | 2014-11-28 | Security method, security gate and server |
CN201510001912.5A CN105827403B (en) | 2014-11-28 | 2015-01-05 | Security method, security gate and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW103141478A TWI588782B (en) | 2014-11-28 | 2014-11-28 | Security method, security gate and server |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201619916A TW201619916A (en) | 2016-06-01 |
TWI588782B true TWI588782B (en) | 2017-06-21 |
Family
ID=56755034
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW103141478A TWI588782B (en) | 2014-11-28 | 2014-11-28 | Security method, security gate and server |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105827403B (en) |
TW (1) | TWI588782B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI775090B (en) * | 2020-06-04 | 2022-08-21 | 曾惠瑜 | System of executing encryption, decryption and lock-open management and method thereof |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107295062B (en) * | 2017-05-05 | 2018-06-19 | 北京摩拜科技有限公司 | Article uses control method, equipment, system and article |
WO2022211722A1 (en) * | 2021-03-30 | 2022-10-06 | Hitachi, Ltd. | Method and system for facilitating authentication of a person for accessing a gated property, and method and system for controlling access of a person to a gated property |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201232417A (en) * | 2011-01-26 | 2012-08-01 | Ming-Ta Hsu | Multi-certification access control system |
CN103106714A (en) * | 2012-12-31 | 2013-05-15 | 闵浩 | Unlocking method and system based on handheld terminal equipment PDA (personal digital assistant) and fingerprint identification technology |
CN103903319A (en) * | 2014-02-10 | 2014-07-02 | 袁磊 | Electronic lock system based on internet dynamic authorization |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SE529849C2 (en) * | 2006-04-28 | 2007-12-11 | Sics Swedish Inst Of Comp Scie | Access control system and procedure for operating the system |
US20130342314A1 (en) * | 2012-06-22 | 2013-12-26 | Gun Chen | Smart lock structure and operating method thereof |
CN103546294B (en) * | 2013-10-10 | 2017-03-29 | 小米科技有限责任公司 | Entrance guard authorization method, device and equipment |
CN103617659A (en) * | 2013-11-01 | 2014-03-05 | 南京物联传感技术有限公司 | Wireless unlocking method |
CN104157029B (en) * | 2014-05-12 | 2017-08-08 | 惠州Tcl移动通信有限公司 | Gate control system control method, control system and mobile terminal based on mobile terminal |
-
2014
- 2014-11-28 TW TW103141478A patent/TWI588782B/en active
-
2015
- 2015-01-05 CN CN201510001912.5A patent/CN105827403B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201232417A (en) * | 2011-01-26 | 2012-08-01 | Ming-Ta Hsu | Multi-certification access control system |
CN103106714A (en) * | 2012-12-31 | 2013-05-15 | 闵浩 | Unlocking method and system based on handheld terminal equipment PDA (personal digital assistant) and fingerprint identification technology |
CN103903319A (en) * | 2014-02-10 | 2014-07-02 | 袁磊 | Electronic lock system based on internet dynamic authorization |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI775090B (en) * | 2020-06-04 | 2022-08-21 | 曾惠瑜 | System of executing encryption, decryption and lock-open management and method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN105827403A (en) | 2016-08-03 |
TW201619916A (en) | 2016-06-01 |
CN105827403B (en) | 2019-04-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2019201720B2 (en) | Method of using one device to unlock another device | |
US9853813B2 (en) | Method for securing a private key | |
CN102196375B (en) | Securing out-of-band messages | |
US20160140548A1 (en) | Method for performing non-repudiation, and payment managing server and user device therefor | |
CN103748831A (en) | Device and method for PUF-based inter-device security authentication in machine-to-machine communication | |
CN106912046B (en) | One-way key fob and vehicle pairing | |
CN109391468A (en) | A kind of authentication method and system | |
CN106789024B (en) | A kind of remote de-locking method, device and system | |
CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
CN104662941A (en) | Supporting the use of a secret key | |
KR102146748B1 (en) | Digital key based service system and method thereof in mobile trusted environment | |
US20150026783A1 (en) | Wireless authentication system and wireless authentication method | |
TWI588782B (en) | Security method, security gate and server | |
CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
KR101358375B1 (en) | Prevention security system and method for smishing | |
CN109088729B (en) | Key storage method and device | |
JP2018148463A (en) | Authentication system, authentication information generator, apparatus to be authenticated, and authentication apparatus | |
US20230299981A1 (en) | Method and System for Authentication of a Computing Device | |
JP6501701B2 (en) | SYSTEM, TERMINAL DEVICE, CONTROL METHOD, AND PROGRAM | |
CN108055124A (en) | Lock administration system and lock management method | |
US10275960B2 (en) | Security system, management apparatus, permission apparatus, terminal apparatus, security method and program | |
US11763309B2 (en) | System and method for maintaining a fraud risk profile in a fraud risk engine | |
US11463251B2 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
KR102053993B1 (en) | Method for Authenticating by using Certificate | |
CN113282945B (en) | Intelligent lock authority management method and device, electronic equipment and storage medium |