TWI588782B - Security method, security gate and server - Google Patents

Security method, security gate and server Download PDF

Info

Publication number
TWI588782B
TWI588782B TW103141478A TW103141478A TWI588782B TW I588782 B TWI588782 B TW I588782B TW 103141478 A TW103141478 A TW 103141478A TW 103141478 A TW103141478 A TW 103141478A TW I588782 B TWI588782 B TW I588782B
Authority
TW
Taiwan
Prior art keywords
security gate
mobile device
security
gate
identification code
Prior art date
Application number
TW103141478A
Other languages
Chinese (zh)
Other versions
TW201619916A (en
Inventor
吳博儒
曾宇弘
高嘉宏
Original Assignee
財團法人工業技術研究院
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 財團法人工業技術研究院 filed Critical 財團法人工業技術研究院
Priority to TW103141478A priority Critical patent/TWI588782B/en
Priority to CN201510001912.5A priority patent/CN105827403B/en
Publication of TW201619916A publication Critical patent/TW201619916A/en
Application granted granted Critical
Publication of TWI588782B publication Critical patent/TWI588782B/en

Links

Description

保全方法、保全閘與伺服器 Security method, security gate and server

本揭露是有關於一種保全方法及系統。 The disclosure relates to a preservation method and system.

為保障人身財產安全,各種保全機制因應而生,現今保全機制,以門禁系統來舉例,大多採用鑰匙、感應卡或密碼;而鑰匙或感應卡的攜帶麻煩與遺失問題,經常造成人們不便,鑰匙或感應卡甚至有被盜拷的風險;遺忘密碼或甚而被破解密碼更是讓人困擾。 In order to protect the safety of personal and property, various security mechanisms have been created. The current security mechanism, using the access control system, mostly uses keys, proximity cards or passwords. The key or proximity card is troublesome and lost, often causing inconvenience. Or the proximity card is even at risk of being stolen; forgetting the password or even cracking the password is even more troublesome.

提供方便又安全的保全機制,是目前急需解決的問題。 Providing a convenient and secure security mechanism is an urgent problem to be solved.

本揭露利用行動裝置來進行認證的一種保全系統與方法。 The present disclosure discloses a security system and method for authenticating using a mobile device.

根據本揭露之一示範性實施例,提出一種保全方法適用於一保全系統,所述方法包括:由保全閘接收自行動裝置傳送之認證請求,產生保全閘識別訊息,並回傳該保全閘識別訊息及第一保全閘識別碼至該行動裝置;由伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與行動裝置識別碼,對該保全閘識別訊息解密,比對該 行動裝置識別碼與權限資料,如成功則加密運算產生授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;以及由該保全閘接收自該行動裝置傳送之該授權碼及第一保全閘識別碼,對該授權碼進行解密運算,如果驗證正確則批准該認證請求。 According to an exemplary embodiment of the present disclosure, a security method is provided for a security system, the method comprising: receiving, by the security gate, an authentication request transmitted from the mobile device, generating a security gate identification message, and transmitting the security gate identification a message and a first security gate identification code to the mobile device; the server receives the security gate identification message, the first security gate identification code and the mobile device identification code transmitted from the mobile device, and decrypts the security gate identification message, Compared to Mobile device identification code and authority data, if successful, the encryption operation generates an authorization code, returns the authorization code and the first security gate identification code to the mobile device; and the authorization code transmitted by the mobile device from the mobile device And the first security gate identification code, the decryption operation is performed on the authorization code, and if the verification is correct, the authentication request is approved.

根據本揭露之一示範性實施例,提出一種保全方法,適用於保全閘,包括:接收自行動裝置傳送之認證請求,產生保全閘識別訊息,並回傳該保全閘識別訊息及第一保全閘識別碼至該行動裝置;以及接收自該行動裝置傳送之授權碼及第一保全閘識別碼,對該授權碼進行解密運算,進行驗證,如果正確則批准該認證請求;其中,該授權碼是由伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與行動裝置識別碼,由該伺服器對該保全閘識別訊息解密,比對該行動裝置識別碼與權限資料,如成功則該伺服器加密運算產生該授權碼,該伺服器回傳該授權碼及該第一保全閘識別碼到該行動裝置。 According to an exemplary embodiment of the present disclosure, a security method is provided, which is applicable to a security gate, comprising: receiving an authentication request transmitted from a mobile device, generating a security gate identification message, and returning the security gate identification message and the first security gate And the identifier is sent to the mobile device; and the authorization code and the first security gate identification code transmitted from the mobile device are received, and the authorization code is decrypted and verified, and if the authentication is correct, the authentication request is approved; wherein the authorization code is Receiving, by the server, the security gate identification message, the first security gate identification code and the mobile device identification code transmitted by the mobile device, the server decrypting the security gate identification message, comparing the mobile device identification code and the authority The data, if successful, the server encryption operation generates the authorization code, and the server returns the authorization code and the first security gate identification code to the mobile device.

根據本揭露之一示範性實施例,提出一種保全閘,包括:保全閘通訊單元,該保全閘通訊單元經配置以在該保全閘與行動裝置之間傳送接收訊息;以及保全閘控制單元,該保全閘控制單元經配置以:接收自該行動裝置傳送之認證請求,產生保全閘識別訊息,並回傳該保全閘識別訊息及第一保全閘識別碼至該行動裝置;及接收自該行動裝置傳 送之授權碼及第一保全閘識別碼,對該授權碼進行解密運算,進行驗證,如果正確則批准該認證請求;其中,該授權碼是由伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與行動裝置識別碼,由該伺服器對該保全閘識別訊息解密,比對該行動裝置識別碼與權限資料,如成功則該伺服器加密運算產生該授權碼,該伺服器回傳該授權碼及該第一保全閘識別碼到該行動裝置。 According to an exemplary embodiment of the present disclosure, a security gate is provided, including: a security gate communication unit configured to transmit a reception message between the security gate and a mobile device; and a security gate control unit, The security gate control unit is configured to: receive an authentication request transmitted from the mobile device, generate a security gate identification message, and return the security gate identification message and the first security gate identification code to the mobile device; and receive the mobile device pass Sending the authorization code and the first security gate identification code, decrypting the authorization code, performing verification, and if so, approving the authentication request; wherein the authorization code is received by the server from the mobile device Identifying the message, the first security gate identification code and the mobile device identification code, the server decrypting the security gate identification message, comparing the mobile device identification code and the authority data, if successful, the server encryption operation generates the authorization And the server returns the authorization code and the first security gate identification code to the mobile device.

根據本揭露之一示範性實施例,提出一種保全方法,適用於伺服器,包括:接收自該行動裝置傳送之保全閘識別訊息、第一保全閘識別碼與行動裝置識別碼;對該保全閘識別訊息解密;以及比對該行動裝置識別碼與權限資料,如成功則加密運算產生授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;其中,該保全閘識別訊息是由保全閘接收自該行動裝置傳送之認證請求所產生,由該保全閘所回傳該保全閘識別訊息及該第一保全閘識別碼至該行動裝置;以及當該保全閘接收自該行動裝置傳送之該授權碼及第一保全閘識別碼後,對該授權碼進行解密運算,進行驗證,如果正確則批准該認證請求。 According to an exemplary embodiment of the present disclosure, a security method is provided, which is applicable to a server, including: receiving a security gate identification message transmitted by the mobile device, a first security gate identification code, and a mobile device identification code; Decrypting the identification message; and comparing the mobile device identification code and the authority data, if successful, the encryption operation generates an authorization code, and returns the authorization code and the first security gate identification code to the mobile device; wherein the security gate identification message Is generated by the security gate receiving the authentication request transmitted from the mobile device, and the security gate is returned by the security gate to the mobile gate identification message and the first security gate identification code to the mobile device; and when the security gate is received from the action After the authorization code and the first security gate identification code transmitted by the device, the authorization code is decrypted and verified, and if it is correct, the authentication request is approved.

根據本揭露之一示範性實施例,提出一種伺服器,包括:伺服器通訊單元,該伺服器通訊單元經配置以在該伺服器與行動裝置之間傳送接收訊息;以及伺服器控制單元,該伺服器控制單元經配置以:接收自該行動裝置傳送之 保全閘識別訊息、第一保全閘識別碼與行動裝置識別碼;對該保全閘識別訊息解密;及比對該行動裝置識別碼與權限資料,如成功則加密運算產生授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;其中,該保全閘識別訊息是由保全閘接收自該行動裝置傳送之認證請求所產生,由該保全閘所回傳該保全閘識別訊息及該第一保全閘識別碼至該行動裝置;以及當該保全閘接收自該行動裝置傳送之該授權碼及第一保全閘識別碼後,對該授權碼進行解密運算,進行驗證,如果正確則批准該認證請求。 According to an exemplary embodiment of the present disclosure, a server is provided, including: a server communication unit configured to transmit a received message between the server and a mobile device; and a server control unit, the server The server control unit is configured to: receive from the mobile device Preserving the gate identification message, the first security gate identification code and the mobile device identification code; decrypting the security gate identification message; and comparing the mobile device identification code and the authority data, if successful, the encryption operation generates an authorization code, and the authorization is returned And the first security gate identification code is sent to the mobile device; wherein the security gate identification message is generated by the security gate receiving the authentication request transmitted by the mobile device, and the security gate is returned by the security gate and The first security gate identification code is sent to the mobile device; and when the security gate receives the authorization code and the first security gate identification code transmitted from the mobile device, decrypting the authorization code and performing verification, if correct Approve the certification request.

為了對本案之上述及其他內容有更佳的瞭解,下文特舉實施例,並配合所附圖式,作詳細說明如下。 In order to better understand the above and other aspects of the present invention, the following detailed description of the embodiments and the accompanying drawings are set forth below.

1、4‧‧‧保全系統 1, 4‧‧‧Security system

100‧‧‧伺服器 100‧‧‧Server

200‧‧‧行動裝置 200‧‧‧ mobile device

300‧‧‧保全閘 300‧‧‧Security gate

S201~S203、S301~S309、S501~S502、S601~S604‧‧‧步驟 S201~S203, S301~S309, S501~S502, S601~S604‧‧‧ steps

701‧‧‧保全閘通訊單元 701‧‧‧Security gate communication unit

702‧‧‧保全閘控制單元 702‧‧‧Security gate control unit

801‧‧‧伺服器通訊單元 801‧‧‧Server communication unit

802‧‧‧伺服器控制單元 802‧‧‧Server Control Unit

第1圖繪示本案一實施例之保全系統之方塊示意圖。 FIG. 1 is a block diagram showing a security system according to an embodiment of the present invention.

第2~3圖繪示本案一實施例之保全方法。 Figures 2 to 3 illustrate a method of preservation in an embodiment of the present invention.

第4圖繪示本案一實施例之保全系統中訊息傳遞簡圖。 FIG. 4 is a schematic diagram of message transmission in a security system according to an embodiment of the present invention.

第5~6圖繪示本案一實施例之同步流程。 Figures 5-6 show the synchronization process of an embodiment of the present invention.

第7圖繪示本案一實施例之保全閘之方塊圖。 FIG. 7 is a block diagram showing the security gate of an embodiment of the present invention.

第8圖繪示本案一實施例之伺服器之方塊圖。 FIG. 8 is a block diagram showing a server of an embodiment of the present invention.

本說明書的技術用語係參照本技術領域之習慣 用語,如本說明書對部分用語有加以說明或定義,該部分用語之解釋係以本說明書之說明或定義為準。另外,在可能實施的前提下,本說明書所描述之物件或事件間的相對關係,涵義可包含直接或間接的關係,所謂「間接」係指物件間尚有中間物或物理空間的存在,或指事件間尚有中間事件或時間間隔的存在。再者,以下內容係關於保全方法與及系統,對於該領域習見的技術或原理,若不涉及本案之技術特徵,將不予贅述。此外,圖示中元件之形狀、尺寸、比例以及流程之步驟順序等僅為示意,係供本技術領域具有通常知識者瞭解本案之用,非對本案之實施範圍加以限制。 The technical terms of this specification refer to the habits of the technical field. Terms, such as the specification, are used to describe or define some terms. The interpretation of the terms is based on the description or definition of this specification. In addition, the relative relationship between the objects or events described in this specification may include direct or indirect relationships, and the term "indirect" means that there is an intermediate or physical space between the objects, or Refers to the existence of intermediate events or time intervals between events. Furthermore, the following contents are related to the preservation method and system, and the technical or principle of the prior art will not be described if it does not involve the technical features of the present case. In addition, the shapes, dimensions, proportions, and sequence steps of the elements in the drawings are merely illustrative, and are intended to be used by those of ordinary skill in the art to understand the present invention, and are not intended to limit the scope of the present invention.

另外,以下說明內容之各個實施例分別具有一或多個技術特徵,然此並不意味著使用本案者必需同時實施任一實施例中的所有技術特徵,或僅能分開實施不同實施例中的一部或全部技術特徵。換句話說,在可能實施的前提下,本技術領域具有通常知識者可依據本案之揭露內容,並視自身的需求或設計理念,選擇性地實施任一實施例中部分或全部的技術特徵,或者選擇性地實施多個實施例中部分或全部的技術特徵之組合,藉此增加本案實施彈性。本案之揭露內容包含保全系統與方法,但本案實施例之技術特徵並非對本案之限制,僅供本案舉例說明暨本技術領域人士瞭解本案之用。此外,在可能實施的前提下,本技術領域具有通常知識者能夠依據本案揭露內容來選擇等效之元件或步驟來實現本 案,亦即本案之實施並不侷限於本案所揭露之實施例。 In addition, each embodiment of the following description has one or more technical features respectively, which does not mean that all technical features in any embodiment must be implemented at the same time, or only in different embodiments can be separately implemented. One or all technical features. In other words, those skilled in the art can selectively implement some or all of the technical features of any embodiment according to the needs of the present disclosure or the design concept. Alternatively, a combination of some or all of the technical features of the various embodiments may be selectively implemented, thereby increasing the flexibility of the present implementation. The disclosure of the present invention includes the security system and method, but the technical features of the embodiments of the present invention are not limited to the present case, and are only for the purpose of illustration and the person skilled in the art understand the use of the case. In addition, where possible, those skilled in the art can select equivalent elements or steps to implement the present invention based on the disclosure of the present disclosure. The case, that is, the implementation of this case is not limited to the embodiment disclosed in this case.

另外,如果本案之保全閘、伺服器及行動裝置所包含之個別元件為已知元件的話,在不影響充分揭露及可據以實現的情形下,以下說明對於實現之個別元件的細節將予以節略。 In addition, if the individual components included in the security gate, server and mobile device of the present case are known components, the following description will abbreviate the details of the individual components implemented without affecting the full disclosure and implementation. .

圖1說明,根據示範性實施例的保全系統1的功能方塊圖,至少包括:伺服器100、行動裝置200以及保全閘300。本揭露所提到之行動裝置200可以例如是無線電話、筆記型電腦等,而保全閘300可以例如是電子鎖(electronic lock)、或其他保全啟動裝置(security enable device);所述電子鎖可以例如住所之門禁、汽車門鎖等,所述其他保全啟動裝置,則例如資料讀取權限的啟動、類比或數位訊號的輸出等。 1 illustrates a functional block diagram of a security system 1 including at least a server 100, a mobile device 200, and a security gate 300, in accordance with an exemplary embodiment. The mobile device 200 mentioned in the present disclosure may be, for example, a wireless telephone, a notebook computer, etc., and the security gate 300 may be, for example, an electronic lock or another security enable device; the electronic lock may For example, the access control of the residence, the car door lock, etc., the other security activation device, for example, the activation of the data reading authority, the analogy or the output of the digital signal.

行動裝置200傳送認證請求到保全閘300,保全閘回傳識別相關訊息到行動裝置200,行動裝置200將相關訊息及行動裝置識別碼傳遞到伺服器100,由伺服器100確認權限後,回傳授權相關訊息到行動裝置200,並藉由行動裝置200傳遞到保全閘300;保全閘300在驗證後,決定是否批准行動裝置200的認證請求。保全閘300之批准,例如是啟動電子鎖之開鎖動作,或通過認證或一資料庫之讀取權限,等等。 The mobile device 200 transmits an authentication request to the security gate 300, and the security gate transmits the identification related information to the mobile device 200. The mobile device 200 transmits the related information and the mobile device identification code to the server 100, and the server 100 confirms the authority and then returns the message. The relevant information is authorized to the mobile device 200 and transmitted to the security gate 300 by the mobile device 200; after the verification, the security gate 300 determines whether to approve the authentication request of the mobile device 200. The approval of the security gate 300, for example, is to activate the unlocking action of the electronic lock, or to pass the authentication or the reading permission of a database, and the like.

請參考圖2,顯示根據本揭露一實施例之保全方 法;於步驟S201中,由保全閘300接收自行動裝置200傳送之認證請求,產生保全閘識別訊息,並回傳該保全閘識別訊息及第一保全閘識別碼至行動裝置200;於步驟S202中,由伺服器100接收自行動裝置200傳送之保全閘識別訊息、第一保全閘識別碼與行動裝置識別碼,對保全閘識別訊息進行解密,並比對行動裝置識別碼與權限資料,如果成功則進一步加密運算產生屬於此行動裝置的授權碼,伺服器傳送授權碼及該第一保全閘識別碼到該行動裝置;於步驟S230中,保全閘300接收自行動裝置200傳送之授權碼及第一保全閘識別碼,對該授權碼進行解密運算,如果驗證正確則批准該認證請求。 Please refer to FIG. 2, which shows a security party according to an embodiment of the present disclosure. In step S201, the security gate 300 receives the authentication request transmitted from the mobile device 200, generates a security gate identification message, and returns the security gate identification message and the first security gate identification code to the mobile device 200; in step S202 Receiving, by the server 100, the security gate identification message, the first security gate identification code and the mobile device identification code transmitted from the mobile device 200, decrypting the security gate identification message, and comparing the mobile device identification code and the authority data, if If successful, the further encryption operation generates an authorization code belonging to the mobile device, and the server transmits the authorization code and the first security gate identification code to the mobile device; in step S230, the security gate 300 receives the authorization code transmitted from the mobile device 200 and The first security gate identification code decrypts the authorization code and approves the authentication request if the verification is correct.

圖3顯示根據圖2的步驟更進一步之一實施例,步驟S301保全閘接收自行動裝置發出之認證請求;步驟S302保全閘300產生第一保全閘數碼、第二公開金鑰(PU2)與第二私密金鑰(PR2),並使用第一私密金鑰(PR1)加密第一保全閘數碼與第二公開金鑰(PU2)以產生保全閘識別訊息;步驟S303保全閘回傳保全閘識別訊息及第一保全閘識別碼至行動裝置,再由行動裝置傳送此些訊息及行動裝置識別碼至伺服器;步驟S304:伺服器300使用第一公開金鑰(PU1)對保全閘識別訊息解密,取出第一保全閘數碼與該第二公開金鑰(PU2),並比對行動裝置識別碼與權限資料,決定是否有開啟保全閘的權限。如果權限比對成功則執行步驟S305:伺服器 100使用第二公開金鑰(PU2)加密第一保全閘數碼產生授權碼,並將第一公開金鑰(PU1)更新為第二公開金鑰(PU2);步驟S306:伺服器100回傳授權碼及第一保全閘識別碼到行動裝置200,再由行動裝置200傳送至保全閘300;步驟S307:當保全閘300接收到行動裝置200傳送之授權碼及第一保全閘識別碼,使用第二私密金鑰(PR2)對該授權碼進行解密運算,以得到第一保全閘數碼;步驟S308:比對從行動裝置200接收到的第一保全閘識別碼與原存於保全閘300之第一保全閘識別碼,以及比對解密得到的第一保全閘數碼與原存於保全閘300之第一保全閘數碼;步驟S309:如正確則批准該認證請求並將該第一私密金鑰(PR1)更新為該第二私密金鑰(PR2)。 3 shows an embodiment according to the step of FIG. 2, in which the step S301 holds the authentication request sent from the mobile device; in step S302, the security gate 300 generates the first security gate digital, the second public key (PU2) and the first a private key (PR2), and encrypting the first security gate digital and the second public key (PU2) using the first private key (PR1) to generate a security gate identification message; and step S303 to secure the gateback security gate identification message And the first security gate identification code is sent to the mobile device, and the mobile device transmits the message and the mobile device identification code to the server; and step S304: the server 300 decrypts the security gate identification message by using the first public key (PU1). The first security gate digital and the second public key (PU2) are taken out, and the mobile device identification code and the authority data are compared to determine whether there is permission to open the security gate. If the permission comparison is successful, step S305 is performed: the server 100 encrypting the first security gate digital generation authorization code using the second public key (PU2), and updating the first public key (PU1) to the second public key (PU2); step S306: the server 100 returns the authorization The code and the first security gate identification code are transmitted to the mobile device 200, and then transmitted by the mobile device 200 to the security gate 300; step S307: when the security gate 300 receives the authorization code transmitted by the mobile device 200 and the first security gate identification code, the first use The second private key (PR2) decrypts the authorization code to obtain the first security gate number; step S308: compares the first security gate identification code received from the mobile device 200 with the original stored in the security gate 300 a security gate identification code, and a first security gate digitally obtained by comparing the decryption with a first security gate number originally stored in the security gate 300; step S309: if the authentication request is correct, the first private key is approved ( PR1) is updated to the second private key (PR2).

根據一實施例,如果伺服器100在步驟S304的權限比對不成功,則回覆無權限訊息給行動裝置200。 According to an embodiment, if the authority comparison of the server 100 in step S304 is unsuccessful, then the no-privileged message is replied to the mobile device 200.

根據一實施例,如果保全閘300在步驟S308比對不正確,則回覆認證不批准訊息給行動裝置200。 According to an embodiment, if the security gate 300 is incorrectly aligned in step S308, a reply authentication approval message is sent to the mobile device 200.

根據一實施例,在步驟302保全閘產生第一保全閘數碼、第二公開金鑰(PU2)與第二私密金鑰(PR2)是隨機產生的。 According to an embodiment, at step 302, the first gate is generated, the second public key (PU2) and the second private key (PR2) are randomly generated.

根據一實施例,在步驟302保全閘產生第一保全閘數碼是由亂數函數產生。 According to an embodiment, the step of generating a first hold gate at step 302 is generated by a random number function.

根據一實施例,在步驟S306伺服器回傳授權碼 及第一保全閘識別碼到該行動裝置,伺服器更包括回傳一授權時間至該行動裝置;在步驟S308保全閘比對的步驟,保全閘300更包括接收自行動裝置200傳送之授權時間,以及確認目前是否在該授權時間內。 According to an embodiment, the server returns the authorization code in step S306. And the first security gate identification code to the mobile device, the server further comprises: returning an authorization time to the mobile device; in step S308, the step of maintaining the gate comparison, the security gate 300 further comprises receiving the authorization time transmitted from the mobile device 200. And confirm whether it is currently within the authorization time.

根據一實施例,上述之行動裝置識別碼例如包括:電話號碼、國際行動用戶辨識碼(International Mobile Subscriber Identification Number;IMSI)、行動通訊國際識別碼(International Mobile Equipment Identification Number;IMEI)、近場通訊識別碼或身份證字號、等等。根據一實施例,上述之行動裝置識別碼是行動裝置之唯一識別碼。 According to an embodiment, the mobile device identification code includes, for example, a telephone number, an International Mobile Subscriber Identification Number (IMSI), an International Mobile Equipment Identification Number (IMEI), and a near field communication. Identification code or ID number, etc. According to an embodiment, the mobile device identification code is a unique identification code of the mobile device.

圖4顯示根據圖3之流程,保全系統中伺服器100、行動裝置200及保全閘300之間彼此間訊息傳遞簡圖。相關流程步驟已詳述於前,於此不再贅述。 4 shows a schematic diagram of message transfer between the server 100, the mobile device 200, and the security gate 300 in the security system according to the flow of FIG. The related process steps have been described in detail above and will not be described here.

為預防系統可能之金鑰不同步問題,提出同步流程,說明如下。 In order to prevent the possible key unsynchronization of the system, a synchronization process is proposed, as explained below.

圖5顯示同步流程之一實施例,步驟S501:保全閘300接受自行動裝置200傳送之第一同步請求,產生第三公開金鑰(PU3)與第三私密金鑰(PR3),並回傳第三公開金鑰(PU3)與第一保全閘識別碼至行動裝置200;步驟S502:伺服器100在接收到由行動裝置200傳送之第二同步請求,該第二同步請求包括上述第三公開金鑰(PU3)與第一保全閘識別碼,將第一公開金鑰(PU1)更新為該第三公開金鑰(PU3)。 5 shows an embodiment of the synchronization process. Step S501: The security gate 300 accepts the first synchronization request transmitted from the mobile device 200, generates a third public key (PU3) and a third private key (PR3), and returns a third public key (PU3) and a first security gate identification code to the mobile device 200; step S502: the server 100 receives a second synchronization request transmitted by the mobile device 200, the second synchronization request including the third disclosure The key (PU3) and the first security gate identification code update the first public key (PU1) to the third public key (PU3).

圖6是根據圖5之同步流程中,進一步之一實施例。步驟S601~S602與步驟S501~S502相同,在此不再贅述;如果伺服器100更新公開金鑰成功,則回傳同步成功訊息到該行動裝置(步驟S603);以及該保全閘300接受自該行動裝置傳送之同步成功訊息,並將該第一私密金鑰(PR1)更新為該第三私密金鑰(PR3)(步驟S604);其中一實施例,保全閘300更包括回覆電子鎖是否更新成功。 Figure 6 is a further embodiment of the synchronization process in accordance with Figure 5. Steps S601 to S602 are the same as steps S501 to S502, and are not described herein again; if the server 100 updates the public key successfully, the synchronization success message is returned to the mobile device (step S603); and the security gate 300 is accepted from the The synchronization success message transmitted by the mobile device, and updating the first private key (PR1) to the third private key (PR3) (step S604); in one embodiment, the security gate 300 further includes whether the reply electronic lock is updated. success.

根據一實施例,於保全系統初始、定期、或運作失敗時啟動上述之同步流程。 According to an embodiment, the synchronization process described above is initiated upon initial, periodic, or operational failure of the security system.

根據一實施例,本揭露所述之加密/解密,包括:非對稱式加密及解密演算法,如RSA加密演算法、ElGamal加密演算法、背包演算法(Knapsack algorithm)、Rabin(Rabin-Karp algorithm)、迪菲-赫爾曼金鑰交換協定中的公鑰加密演算法(Diffie-Hellman key exchange algorithm)、橢圓曲線加密演算法(Elliptic Curve Cryptography,ECC)。 According to an embodiment, the encryption/decryption described in the disclosure includes: an asymmetric encryption and decryption algorithm, such as an RSA encryption algorithm, an ElGamal encryption algorithm, a Knapsack algorithm, and a Rabin (Rabin-Karp algorithm). ), Diffie-Hellman key exchange algorithm, Elliptic Curve Cryptography (ECC) in the Diffie-Hellman key exchange agreement.

〔保全閘〕 [guarantee gate]

圖7顯示保全閘300之進一步方塊圖,保全閘300包括保全閘通訊單元701負責與行動裝置之傳收訊息;以及保全閘控制單元702,配置以完成上述實施例保全閘之執行步驟。根據一實施例,該保全閘控制單元702包括一處理單元704,用以自一或多個記憶模組讀取至少一份可讀取程式碼,以完成該保全閘控制單元所實現的功能。根據另一實施 例,該保全閘控制單元702係以至少一集成電路來實現。 Figure 7 shows a further block diagram of the security gate 300, which includes a security gate communication unit 701 responsible for transmitting information to the mobile device; and a security gate control unit 702 configured to perform the steps of performing the security gate of the above embodiment. According to an embodiment, the security gate control unit 702 includes a processing unit 704 for reading at least one readable code from one or more memory modules to perform the functions implemented by the security gate control unit. According to another implementation For example, the security gate control unit 702 is implemented by at least one integrated circuit.

根據一實施例,圖7保全閘300更包括一開關703,當該保全閘控制單元批准該認證請求時,啟動該開關703。 According to an embodiment, the maintenance gate 300 of FIG. 7 further includes a switch 703 that is activated when the security gate control unit approves the authentication request.

根據一實施例,當該保全閘控制單元702批准該認證請求時,啟動一保全權限。 According to an embodiment, when the security gate control unit 702 approves the authentication request, a security right is initiated.

根據一實施例,圖7保全閘通訊單元701包括近距離通訊單元,例如可以是符合近場通訊(Near Field Communication;NFC)、藍芽(Bluetooth)、ZigBee、WIFI或超寬頻(Ultra-wideband)等規範之通訊單元。 According to an embodiment, the security gate communication unit 701 of FIG. 7 includes a short-range communication unit, which may be, for example, Near Field Communication (NFC), Bluetooth, ZigBee, WIFI or Ultra-wideband. Such as the standard communication unit.

〔伺服器〕 〔server〕

圖8顯示伺服器100之進一步方塊圖,伺服器100包括伺服器通訊單元801負責與行動裝置之傳收訊息;以及伺服器控制單元802,配置以完成上述實施例伺服器100之執行步驟。根據一實施例,該伺服器控制單元802包括一處理單元803,用以自一或多個記憶模組讀取至少一份可讀取程式碼,以完成該伺服器控制單元802所實現的功能。根據另一實施例,該伺服器控制單元802係以至少一集成電路來實現。 8 shows a further block diagram of the server 100. The server 100 includes a server communication unit 801 responsible for transmitting information to and from the mobile device, and a server control unit 802 configured to perform the execution steps of the server 100 of the above embodiment. According to an embodiment, the server control unit 802 includes a processing unit 803 for reading at least one readable code from one or more memory modules to complete the functions implemented by the server control unit 802. . According to another embodiment, the server control unit 802 is implemented in at least one integrated circuit.

根據一實施例,圖8伺服器通訊單元801包括遠距離通訊單元,例如可以是符合WIFI、第三代行動通訊技術(3rd Generation:3G)、3.5G、第四代行動通訊技術(4G)、長 期演進技術(Long Term Evolution:LTE)或全球互通微波存取(Worldwide Interoperability for Microwave Access:WIMAX),等規範之通訊單元。 According to an embodiment, the server communication unit 801 of FIG. 8 includes a remote communication unit, which may be, for example, a WIFI, a third generation mobile communication technology (3rd Generation: 3G), a 3.5G, a fourth generation mobile communication technology (4G), long Long Term Evolution (LTE) or Worldwide Interoperability for Microwave Access (WIMAX), and other communication units.

綜上所述,雖然本案技術已以實施例揭露如上,然其並非用以限定本揭露。本案所屬技術領域中具有通常知識者,在不脫離發明之精神和範圍內,當可作各種之更動與潤飾。因此,本案之保護範圍當視後附之申請專利範圍所界定者為準。 In summary, although the present technology has been disclosed above by way of example, it is not intended to limit the disclosure. Those of ordinary skill in the art to which the invention pertains may make various changes and modifications without departing from the spirit and scope of the invention. Therefore, the scope of protection of this case is subject to the definition of the scope of the patent application attached.

S201~S203‧‧‧步驟 S201~S203‧‧‧Steps

Claims (32)

一種保全方法,適用於一保全系統,包括:由一保全閘接收自一行動裝置傳送之一認證請求,產生一第一保全閘數碼,並加密該第一保全閘數碼,以產生一保全閘識別訊息,並回傳該保全閘識別訊息及一第一保全閘識別碼至該行動裝置;由一伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與一行動裝置識別碼,對該保全閘識別訊息解密,比對該行動裝置識別碼與一權限資料,如成功則加密運算產生一授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;由該保全閘接收自該行動裝置傳送之該授權碼及該第一保全閘識別碼,對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼,如果驗證正確則批准該認證請求。 A security method, applicable to a security system, comprising: receiving, by a security gate, an authentication request transmitted from a mobile device, generating a first security gate digital number, and encrypting the first security gate digital to generate a security gate identification And returning the security gate identification message and a first security gate identification code to the mobile device; receiving, by the server, the security gate identification message, the first security gate identification code and an action transmitted by the mobile device The device identification code decrypts the security gate identification message, and generates an authorization code for the mobile device identification code and a permission data, if successful, and returns the authorization code and the first security gate identification code to the action Receiving, by the security gate, the authorization code transmitted by the mobile device and the first security gate identification code, decrypting the authorization code to obtain the first security gate number, and comparing the backhaul from the mobile device The first security gate identification code and the first security gate identification code originally stored in the security gate are compared and decrypted to obtain the first security gate digital number and the original security gate The first gate of digital preservation, to verify if the correct authentication request approval. 如申請專利範圍第1項所述的保全方法,更包括:該保全閘接收該行動裝置傳送之該認證請求,產生該第一保全閘數碼、一第二公開金鑰(PU2)與一第二私密金鑰(PR2),並使用一第一私密金鑰(PR1)加密該第一保全閘數碼與該第二公開金鑰(PU2),以產生該保全閘識別訊息; 該伺服器使用一第一公開金鑰(PU1)對該保全閘識別訊息解密,取出該第一保全閘數碼與該第二公開金鑰(PU2),比對該行動裝置識別碼與該權限資料,如成功則使用該第二公開金鑰(PU2)加密該第一保全閘數碼產生該授權碼,並將該第一公開金鑰(PU1)更新為該第二公開金鑰(PU2);以及該保全閘接收該行動裝置傳送之該授權碼及該第一保全閘識別碼,使用該第二私密金鑰(PR2)對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼,如正確則批准該認證請求並將該第一私密金鑰(PR1)更新為該第二私密金鑰(PR2)。 The security method of claim 1, further comprising: the security gate receiving the authentication request transmitted by the mobile device, generating the first security gate digital, a second public key (PU2) and a second a private key (PR2), and encrypting the first security gate number and the second public key (PU2) using a first private key (PR1) to generate the security gate identification message; The server decrypts the security gate identification message by using a first public key (PU1), and extracts the first security gate number and the second public key (PU2), and compares the mobile device identification code with the authority data. And if successful, encrypting the first security gate digitally using the second public key (PU2) to generate the authorization code, and updating the first public key (PU1) to the second public key (PU2); The security gate receives the authorization code transmitted by the mobile device and the first security gate identification code, and decrypts the authorization code by using the second private key (PR2) to obtain the first security gate number, and compares The first security gate identification code returned from the mobile device and the first security gate identification code originally stored in the security gate are compared with the decrypted first security gate digital number and the original storage gate The first security gate number, if correct, approves the authentication request and updates the first private key (PR1) to the second private key (PR2). 如申請專利範圍第2項所述的保全方法,更包括:該保全閘接受自該行動裝置傳送之一第一同步請求,產生一第三公開金鑰(PU3)與一第三私密金鑰(PR3),並回傳該第三公開金鑰(PU3)與該第一保全閘識別碼至該行動裝置;以及該伺服器接受自該行動裝置傳送之一第二同步請求,該第二同步請求包括該第三公開金鑰(PU3)與該第一保 全閘識別碼,將該第一公開金鑰(PU1)更新為該第三公開金鑰(PU3)。 The security method as claimed in claim 2, further comprising: the security gate receiving a first synchronization request transmitted from the mobile device, generating a third public key (PU3) and a third private key ( PR3), and returning the third public key (PU3) and the first security gate identification code to the mobile device; and the server accepts one of the second synchronization request transmitted from the mobile device, the second synchronization request Including the third public key (PU3) and the first insurance The full gate identification code updates the first public key (PU1) to the third public key (PU3). 如申請專利範圍第3項所述的保全方法,更包括:如果該伺服器更新公開金鑰成功,則回傳一第一同步成功訊息到該行動裝置;以及該保全閘接受自該行動裝置傳送之一第二同步成功訊息,並將該第一私密金鑰(PR1)更新為該第三私密金鑰(PR3)。 The method for preservation according to claim 3, further comprising: if the server updates the public key successfully, returning a first synchronization success message to the mobile device; and the security gate is received from the mobile device One of the second synchronization success messages updates the first private key (PR1) to the third private key (PR3). 如申請專利範圍第2項所述的保全方法,其中該第一保全閘數碼、該第二公開金鑰(PU2)與該第二私密金鑰(PR2)是由該保全閘隨機產生。 The security method of claim 2, wherein the first security gate number, the second public key (PU2), and the second private key (PR2) are randomly generated by the security gate. 如申請專利範圍第2項所述的保全方法,其中該第一保全閘數碼是由亂數函數產生。 The preservation method of claim 2, wherein the first security gate number is generated by a random number function. 如申請專利範圍第1項所述的保全方法,其中加密運算及解密運算,包括:非對稱式加密及解密演算法。 The security method as claimed in claim 1, wherein the encryption operation and the decryption operation comprise: an asymmetric encryption and decryption algorithm. 如申請專利範圍第1項所述的保全方法,更包括:該伺服器更回傳一授權時間至該行動裝置;以及該保全閘接收自該行動裝置傳送之該授權時間,以及確認目前是否在該授權時間內。 The security method of claim 1, further comprising: the server further transmitting an authorization time to the mobile device; and the security gate receiving the authorization time transmitted from the mobile device, and confirming whether the current time is The authorization time. 如申請專利範圍第1項所述的保全系統,其中該行動裝置識別碼包括電話號碼、國際行動用戶辨識碼、行動通訊國際識別碼、近場通訊識別碼或身份證字號。 The security system of claim 1, wherein the mobile device identification code comprises a telephone number, an international mobile subscriber identity, a mobile communication international identifier, a near field communication identifier or an identity card number. 一種保全方法,適用於一保全閘,包括:接收自一行動裝置傳送之一認證請求,產生一第一保全閘數碼,並加密該第一保全閘數碼以產生一保全閘識別訊息,並回傳該保全閘識別訊息及一第一保全閘識別碼至該行動裝置;以及接收自該行動裝置傳送之一授權碼及該第一保全閘識別碼,對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼以進行驗證,如果正確則批准該認證請求;其中,由一伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與一行動裝置識別碼,由該伺服器對該保全閘識別訊息解密,比對該行動裝置識別碼與一權限資料,如成功則該伺服器加密運算產生該授權碼,該伺服器回傳該授權碼及該第一保全閘識別碼到該行動裝置。 A security method, applicable to a security gate, comprising: receiving an authentication request transmitted from a mobile device, generating a first security gate digital number, and encrypting the first security gate digital to generate a security gate identification message and returning The security gate identification message and a first security gate identification code are sent to the mobile device; and an authorization code transmitted by the mobile device and the first security gate identification code are received, and the authorization code is decrypted to obtain the first a security gate digital, comparing the first security gate identification code returned from the mobile device with the first security gate identification code originally stored in the security gate and comparing the decrypted first digital security gate with the original The first security gate number stored in the security gate is verified for verification, and if it is correct, the authentication request is approved; wherein the server receives the security gate identification message transmitted from the mobile device, the first security gate identification code And a mobile device identification code, the server decrypts the security gate identification message, and compares the mobile device identification code with a permission data, and if successful, the server encrypts the operation The authorization code, the authorization code to the server and return the first identifiers to the preservation brake mobile device. 如申請專利範圍第10項所述的保全方法,更包括: 接收該行動裝置傳送之該認證請求,產生該第一保全閘數碼、一第二公開金鑰(PU2)與一第二私密金鑰(PR2),並使用一第一私密金鑰(PR1)加密該第一保全閘數碼與該第二公開金鑰(PU2)以產生該保全閘識別訊息;以及接收該行動裝置傳送之該授權碼及該第一保全閘識別碼,使用該第二私密金鑰(PR2)對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼,如正確則批准該認證請求並將該第一私密金鑰(PR1)更新為該第二私密金鑰(PR2);其中,該伺服器使用一第一公開金鑰(PU1)對該保全閘識別訊息解密,取出該第一保全閘數碼與該第二公開金鑰(PU2),比對該行動裝置識別碼與該權限資料,如成功則使用該第二公開金鑰(PU2)加密該第一保全閘數碼產生該授權碼,並將該第一公開金鑰(PU1)更新為該第二公開金鑰(PU2)。 The preservation method described in claim 10 of the patent scope further includes: Receiving the authentication request transmitted by the mobile device, generating the first security gate number, a second public key (PU2) and a second private key (PR2), and encrypting with a first private key (PR1) The first security gate digital and the second public key (PU2) to generate the security gate identification message; and receiving the authorization code and the first security gate identification code transmitted by the mobile device, using the second private key (PR2) decrypting the authorization code to obtain the first security gate number, comparing the first security gate identification code returned from the mobile device with the first security gate original stored in the security gate And correcting the first security gate digitally obtained by the decryption and the first security gate digitally stored in the security gate, and if yes, approving the authentication request and updating the first private key (PR1) to the first a private key (PR2); wherein the server decrypts the security gate identification message using a first public key (PU1), and extracts the first security gate number and the second public key (PU2) The mobile device identification code and the permission data, if successful, use the first Public Key (PU2) encrypting the first digital gate to preserve the generated authorization code and the first public key (PU1) for updating a second public key (PU2). 如申請專利範圍第11項所述的保全方法,更包括:接受自該行動裝置傳送之一第一同步請求;以及產生一第三公開金鑰(PU3)與一第三私密金鑰(PR3),並回傳該第三公開金鑰(PU3)與該第一保全閘識別碼至該行動裝置; 其中,該伺服器接受自該行動裝置傳送之一第二同步請求,該第二同步請求包括該第三公開金鑰(PU3)與該第一保全閘識別碼,將該第一公開金鑰(PU1)更新為該第三公開金鑰(PU3)。 The security method of claim 11, further comprising: accepting a first synchronization request transmitted from the mobile device; and generating a third public key (PU3) and a third private key (PR3) And returning the third public key (PU3) and the first security gate identification code to the mobile device; The server receives a second synchronization request transmitted from the mobile device, and the second synchronization request includes the third public key (PU3) and the first security gate identification code, and the first public key ( PU1) is updated to the third public key (PU3). 如申請專利範圍第12項所述的保全方法,更包括:接受自該行動裝置傳送之一第二同步成功訊息,並將該第一私密金鑰(PR1)更新為該第三私密金鑰(PR3)。 The method for preservation according to claim 12, further comprising: accepting a second synchronization success message transmitted from the mobile device, and updating the first private key (PR1) to the third private key ( PR3). 如申請專利範圍第11項所述的保全方法,更包括:隨機產生該第一保全閘數碼、該第二公開金鑰(PU2)與該第二私密金鑰(PR2)。 The security method of claim 11, further comprising: randomly generating the first security gate number, the second public key (PU2), and the second private key (PR2). 如申請專利範圍第11項所述的保全方法,更包括:由亂數函數產生該第一保全閘數碼。 The method for preservation according to claim 11 further includes: generating the first security gate number by a random number function. 如申請專利範圍第10項所述的保全方法,更包括:接收自該行動裝置傳送之一授權時間,以及確認目前是否在該授權時間內。 The security method as claimed in claim 10, further comprising: receiving an authorization time transmitted from the mobile device, and confirming whether the authorization time is currently in the authorization time. 一種保全閘,包括:一保全閘通訊單元,該保全閘通訊單元經配置以在該保全閘與一行動裝置之間傳送接收訊息;以及一保全閘控制單元,該保全閘控制單元經配置以:接收自該行動裝置傳送之一認證請求,產生一第一保全閘數碼,並加密該第一保全閘數碼以產生一保 全閘識別訊息,並回傳該保全閘識別訊息及一第一保全閘識別碼至該行動裝置;以及接收自該行動裝置傳送之一授權碼及該第一保全閘識別碼,對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼以進行驗證,如果正確則批准該認證請求;其中,由一伺服器接收自該行動裝置傳送之該保全閘識別訊息、該第一保全閘識別碼與一行動裝置識別碼,由該伺服器對該保全閘識別訊息解密,比對該行動裝置識別碼與一權限資料,如成功則該伺服器加密運算產生該授權碼,該伺服器回傳該授權碼及該第一保全閘識別碼到該行動裝置。 A security gate includes: a security gate communication unit configured to transmit a received message between the security gate and a mobile device; and a security gate control unit configured to: Receiving an authentication request transmitted from the mobile device, generating a first security gate digital number, and encrypting the first security gate digital to generate a guarantee The full gate identifies the message, and returns the security gate identification message and a first security gate identification code to the mobile device; and receives an authorization code transmitted from the mobile device and the first security gate identification code, the authorization code Performing a decryption operation to obtain the first security gate number, comparing the first security gate identification code returned from the mobile device with the first security gate identification code originally stored in the security gate and comparing and decrypting The first security gate number and the first security gate number originally stored in the security gate are verified for verification, and if the authentication request is correct, the authentication request is received by the server; wherein the security gate transmission information transmitted by the mobile device is received by the server The first security gate identification code and a mobile device identification code are decrypted by the server, compared to the mobile device identification code and a permission data. If successful, the server encrypts the operation to generate the authorization. And the server returns the authorization code and the first security gate identification code to the mobile device. 如申請專利範圍第17項所述的保全閘,該保全閘控制單元,更配置以:接收該行動裝置傳送之該認證請求,產生該第一保全閘數碼、一第二公開金鑰(PU2)與一第二私密金鑰(PR2),並使用一第一私密金鑰(PR1)加密該第一保全閘數碼與該第二公開金鑰(PU2)以產生該保全閘識別訊息;以及 接收該行動裝置傳送之該授權碼及該第一保全閘識別碼,使用該第二私密金鑰(PR2)對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼,如正確則批准該認證請求並將該第一私密金鑰(PR1)更新為該第二私密金鑰(PR2);其中,該伺服器使用一第一公開金鑰(PU1)對該保全閘識別訊息解密,取出該第一保全閘數碼與該第二公開金鑰(PU2),比對該行動裝置識別碼與該權限資料,如成功則使用該第二公開金鑰(PU2)加密該第一保全閘數碼產生該授權碼,並將該第一公開金鑰(PU1)更新為該第二公開金鑰(PU2)。 For example, in the security gate of claim 17, the security gate control unit is further configured to: receive the authentication request transmitted by the mobile device, and generate the first security gate digital and a second public key (PU2) And the second private key (PR2), and encrypting the first security key and the second public key (PU2) using a first private key (PR1) to generate the security gate identification message; Receiving the authorization code transmitted by the mobile device and the first security gate identification code, using the second private key (PR2) to decrypt the authorization code to obtain the first security gate number, and comparing the action The first security gate identification code returned by the device and the first security gate identification code originally stored in the security gate are compared with the decrypted first security gate digital number and the first security stored in the security gate The gate number, if correct, approves the authentication request and updates the first private key (PR1) to the second private key (PR2); wherein the server uses a first public key (PU1) to The security gate identification message is decrypted, and the first security gate number and the second public key (PU2) are retrieved, and the mobile device identification code and the authority data are compared, and if the success is used, the second public key (PU2) is used for encryption. The first security gate digitally generates the authorization code and updates the first public key (PU1) to the second public key (PU2). 如申請專利範圍第17項所述的保全閘,該保全閘更包括:一開關,當該保全閘控制單元批准該認證請求時,啟動該開關。 For example, the security gate described in claim 17 further includes: a switch that is activated when the security gate control unit approves the authentication request. 如申請專利範圍第17項所述的保全閘,其中,該保全閘通訊單元包括:符合NFC、Bluetooth、ZigBee、WIFI或Ultra-wideband,等規範之通訊單元。 The security gate according to claim 17, wherein the security gate communication unit comprises: a communication unit conforming to specifications such as NFC, Bluetooth, ZigBee, WIFI or Ultra-wideband. 如申請專利範圍第17項所述的保全閘,其中,該保全閘控制單元包括一處理單元,用以自一或多個記憶模組讀取 至少一份可讀取程式碼,以完成該保全閘控制單元所實現的功能。 The security gate of claim 17, wherein the security gate control unit comprises a processing unit for reading from one or more memory modules At least one readable code can be used to complete the functions implemented by the security gate control unit. 如申請專利範圍第17項所述的保全閘,其中,該保全閘控制單元係以至少一集成電路來實現。 The security gate of claim 17, wherein the security gate control unit is implemented by at least one integrated circuit. 一種保全方法,適用於一伺服器,包括:接收自一行動裝置傳送之一保全閘識別訊息、一第一保全閘識別碼與一行動裝置識別碼;對該保全閘識別訊息解密,取出一第一保全閘數碼;以及比對該行動裝置識別碼與一權限資料,如成功則加密運算產生一授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;其中,該保全閘識別訊息是由一保全閘接收自該行動裝置傳送之一認證請求所產生,並加密該第一保全閘數碼,以產生該保全閘識別訊息,由該保全閘所回傳該保全閘識別訊息及該第一保全閘識別碼至該行動裝置;以及當該保全閘接收自該行動裝置傳送之該授權碼及該第一保全閘識別碼後,對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該 第一保全閘數碼以進行驗證,如果正確則批准該認證請求。 A security method, applicable to a server, comprising: receiving a security gate identification message transmitted from a mobile device, a first security gate identification code and a mobile device identification code; decrypting the security gate identification message, taking out a first And maintaining an authorization code for the mobile device identification code and a permission data, if successful, the encryption operation generates an authorization code, and returns the authorization code and the first security gate identification code to the mobile device; wherein, the security device The gate identification message is generated by a security gate receiving an authentication request transmitted from the mobile device, and encrypting the first security gate digital to generate the security gate identification message, and the security gate identification message is returned by the security gate And the first security gate identification code to the mobile device; and after the security gate receives the authorization code and the first security gate identification code transmitted from the mobile device, decrypting the authorization code to obtain the first a full gate digital, comparing the first security gate identification code returned from the mobile device with the first security gate identification code originally stored in the security gate and decrypting The gate first digital preservation and preservation of the original deposit to the gate of the The first security gate is verified for verification and, if correct, the certification request is approved. 如申請專利範圍第23項所述的保全方法,其中,使用一第一公開金鑰(PU1)對該保全閘識別訊息解密,取出該第一保全閘數碼與一第二公開金鑰(PU2);以及比對該行動裝置識別碼與該權限資料,如成功則使用該第二公開金鑰(PU2)加密該第一保全閘數碼產生該授權碼,並將該第一公開金鑰(PU1)更新為該第二公開金鑰(PU2);其中,該第一保全閘數碼與該第二公開金鑰(PU2)是由該保全閘接收該行動裝置傳送之該認證請求所產生,並使用一第一私密金鑰(PR1)加密該第一保全閘數碼與該第二公開金鑰(PU2),以產生該保全閘識別訊息;以及該保全閘接收自該行動裝置傳送之該授權碼及該第一保全閘識別碼後,使用該第二私密金鑰(PR2)對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼,如正確則該保全閘批准該認證請求並將該第一私密金鑰(PR1)更新為該第二私密金鑰(PR2)。 The security method of claim 23, wherein the first public key (PU1) is used to decrypt the security gate identification message, and the first security gate digital and a second public key (PU2) are extracted. And generating the authorization code by encrypting the first security key using the second public key (PU2) if the mobile device identification code and the permission information are successful, and the first public key (PU1) Updating to the second public key (PU2); wherein the first security gate number and the second public key (PU2) are generated by the security gate receiving the authentication request transmitted by the mobile device, and using one The first private key (PR1) encrypts the first security gate digital and the second public key (PU2) to generate the security gate identification message; and the security gate receives the authorization code transmitted from the mobile device and the After the first security gate identification code, the second private key (PR2) is used to decrypt the authorization code to obtain the first security gate number, and the first security gate identification returned from the mobile device is compared. The code and the first security gate identified in the security gate And comparing the first secured gate digitally obtained by the decryption with the first security gate digitally stored in the security gate, if the correct gate approves the authentication request and updates the first private key (PR1) to The second private key (PR2). 如申請專利範圍第24項所述的保全方法,更包括:接受自該行動裝置傳送之一第二同步請求,該第二同步請求包括一第三公開金鑰(PU3)與該第一保全閘識別碼;以及將該第一公開金鑰(PU1)更新為該第三公開金鑰(PU3);其中,該第三公開金鑰(PU3)為該保全閘在接受到自該行動裝置傳送之一第一同步請求後所產生,該保全閘並產生一第三私密金鑰(PR3),該保全閘回傳該第三公開金鑰(PU3)與該第一保全閘識別碼至該行動裝置。 The security method of claim 24, further comprising: accepting a second synchronization request transmitted from the mobile device, the second synchronization request including a third public key (PU3) and the first security gate An identification code; and updating the first public key (PU1) to the third public key (PU3); wherein the third public key (PU3) is that the security gate is received from the mobile device After the first synchronization request is generated, the security gate generates a third private key (PR3), and the security gate returns the third public key (PU3) and the first security gate identification code to the mobile device. . 如申請專利範圍第25項所述的保全方法,更包括:如果更新公開金鑰成功,則回傳一第一同步成功訊息到該行動裝置;其中,該保全閘接受自該行動裝置傳送之一第二同步成功訊息,該保全閘並將該第一私密金鑰(PR1)更新為該第三私密金鑰(PR3)。 The method for preservation according to claim 25, further comprising: if the public key is updated successfully, returning a first synchronization success message to the mobile device; wherein the security gate is received from the mobile device The second synchronization success message, the security gate updates the first private key (PR1) to the third private key (PR3). 如申請專利範圍第23項所述的保全方法,更包括:回傳一授權時間至該行動裝置,以提供該保全閘確認目前是否在該授權時間內。 The method for preservation according to claim 23, further comprising: returning an authorization time to the mobile device to provide the security gate to confirm whether the authorization time is currently within the authorization time. 一種伺服器,包括:一伺服器通訊單元,該伺服器通訊單元經配置以在該伺服器與一行動裝置之間傳送接收訊息;以及 一伺服器控制單元,該伺服器控制單元經配置以:接收自該行動裝置傳送之一保全閘識別訊息、一第一保全閘識別碼與一行動裝置識別碼;對該保全閘識別訊息解密,取出一第一保全閘數碼;以及比對該行動裝置識別碼與一權限資料,如成功則加密運算產生一授權碼,回傳該授權碼及該第一保全閘識別碼到該行動裝置;其中,該第一保全閘數碼是由該保全閘接收自該行動裝置傳送之一認證請求所產生,並加密該第一保全閘數碼以產生該保全閘識別訊息,由該保全閘所回傳該保全閘識別訊息及該第一保全閘識別碼至該行動裝置;以及當該保全閘接收自該行動裝置傳送之該授權碼及該第一保全閘識別碼後,對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼以進行驗證,如果正確則批准該認證請求。 A server comprising: a server communication unit configured to transmit a received message between the server and a mobile device; a server control unit configured to: receive a security gate identification message, a first security gate identification code, and a mobile device identification code from the mobile device; decrypt the security gate identification message, Extracting a first security gate number; and comparing the mobile device identification code with a permission data, if successful, the encryption operation generates an authorization code, and returns the authorization code and the first security gate identification code to the mobile device; The first security gate digital number is generated by the security gate receiving an authentication request transmitted from the mobile device, and encrypting the first security gate digital to generate the security gate identification message, and the security gate returns the security a gate identification message and the first security gate identification code to the mobile device; and when the security gate receives the authorization code transmitted by the mobile device and the first security gate identification code, decrypting the authorization code to Obtaining the first security gate number, comparing the first security gate identification code returned from the mobile device with the first security gate identification code originally stored in the security gate Adhesion obtained with the first digital gate to preserve the original stored in the first digital gate to preserve the gate of preservation for verification, if the request is approved by the authentication correctly. 如申請專利範圍第28項所述的伺服器,其中,該伺服器控制單元,更配置以: 使用一第一公開金鑰(PU1)對該保全閘識別訊息解密,取出該第一保全閘數碼與一第二公開金鑰(PU2);以及比對該行動裝置識別碼與該權限資料,如成功則使用該第二公開金鑰(PU2)加密該第一保全閘數碼產生該授權碼,並將該第一公開金鑰(PU1)更新為該第二公開金鑰(PU2);其中,該第一保全閘數碼與該第二公開金鑰(PU2)是由該保全閘接收該行動裝置傳送之該認證請求所產生,並使用一第一私密金鑰(PR1)加密該第一保全閘數碼與該第二公開金鑰(PU2)以產生該保全閘識別訊息;該保全閘接收自該行動裝置傳送之該授權碼及該第一保全閘識別碼後,使用該第二私密金鑰(PR2)對該授權碼進行解密運算,以得到該第一保全閘數碼,比對自該行動裝置回傳之該第一保全閘識別碼與原存於該保全閘之該第一保全閘識別碼並比對解密得到的該第一保全閘數碼與原存於該保全閘之該第一保全閘數碼,如正確則該保全閘批准該認證請求並將該第一私密金鑰(PR1)更新為該第二私密金鑰(PR2)。 The server according to claim 28, wherein the server control unit is further configured to: Decrypting the security gate identification message using a first public key (PU1), taking out the first security gate number and a second public key (PU2); and comparing the mobile device identification code with the rights information, such as Successfully encrypting the first security key using the second public key (PU2) to generate the authorization code, and updating the first public key (PU1) to the second public key (PU2); wherein The first security gate digital and the second public key (PU2) are generated by the security gate receiving the authentication request transmitted by the mobile device, and encrypting the first security gate digital number using a first private key (PR1) And the second public key (PU2) to generate the security gate identification message; the security gate receives the authorization code transmitted by the mobile device and the first security gate identification code, and uses the second private key (PR2) Decrypting the authorization code to obtain the first security gate number, comparing the first security gate identification code returned from the mobile device with the first security gate identification code originally stored in the security gate Comparing the first secured gate digital obtained by decryption and the original preservation in the security The first gate of digital preservation, such as the preservation of the right brake approve the authentication request and the first private key (PR1) update is the second private key (PR2). 如申請專利範圍第28項所述的伺服器,該伺服器通訊單元包括:符合WIFI、3G、3.5G、4G、LTE或WIMAX,等規範之通訊單元。 For example, in the server described in claim 28, the server communication unit includes: a communication unit conforming to specifications such as WIFI, 3G, 3.5G, 4G, LTE or WIMAX. 如申請專利範圍第28項所述的伺服器,其中該伺服器控制單元包括一處理單元,用以自一或多個記憶模組讀取至少 一份可讀取程式碼,以完成該伺服器控制單元所實現的功能。 The server of claim 28, wherein the server control unit comprises a processing unit for reading at least one or more memory modules A readable code to complete the functions implemented by the server control unit. 如申請專利範圍第28項所述的伺服器,其中該伺服器控器控制單元係以至少一集成電路來實現。 The server of claim 28, wherein the server controller control unit is implemented by at least one integrated circuit.
TW103141478A 2014-11-28 2014-11-28 Security method, security gate and server TWI588782B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW103141478A TWI588782B (en) 2014-11-28 2014-11-28 Security method, security gate and server
CN201510001912.5A CN105827403B (en) 2014-11-28 2015-01-05 Security method, security gate and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103141478A TWI588782B (en) 2014-11-28 2014-11-28 Security method, security gate and server

Publications (2)

Publication Number Publication Date
TW201619916A TW201619916A (en) 2016-06-01
TWI588782B true TWI588782B (en) 2017-06-21

Family

ID=56755034

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103141478A TWI588782B (en) 2014-11-28 2014-11-28 Security method, security gate and server

Country Status (2)

Country Link
CN (1) CN105827403B (en)
TW (1) TWI588782B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI775090B (en) * 2020-06-04 2022-08-21 曾惠瑜 System of executing encryption, decryption and lock-open management and method thereof

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107295062B (en) * 2017-05-05 2018-06-19 北京摩拜科技有限公司 Article uses control method, equipment, system and article
WO2022211722A1 (en) * 2021-03-30 2022-10-06 Hitachi, Ltd. Method and system for facilitating authentication of a person for accessing a gated property, and method and system for controlling access of a person to a gated property

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201232417A (en) * 2011-01-26 2012-08-01 Ming-Ta Hsu Multi-certification access control system
CN103106714A (en) * 2012-12-31 2013-05-15 闵浩 Unlocking method and system based on handheld terminal equipment PDA (personal digital assistant) and fingerprint identification technology
CN103903319A (en) * 2014-02-10 2014-07-02 袁磊 Electronic lock system based on internet dynamic authorization

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE529849C2 (en) * 2006-04-28 2007-12-11 Sics Swedish Inst Of Comp Scie Access control system and procedure for operating the system
US20130342314A1 (en) * 2012-06-22 2013-12-26 Gun Chen Smart lock structure and operating method thereof
CN103546294B (en) * 2013-10-10 2017-03-29 小米科技有限责任公司 Entrance guard authorization method, device and equipment
CN103617659A (en) * 2013-11-01 2014-03-05 南京物联传感技术有限公司 Wireless unlocking method
CN104157029B (en) * 2014-05-12 2017-08-08 惠州Tcl移动通信有限公司 Gate control system control method, control system and mobile terminal based on mobile terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201232417A (en) * 2011-01-26 2012-08-01 Ming-Ta Hsu Multi-certification access control system
CN103106714A (en) * 2012-12-31 2013-05-15 闵浩 Unlocking method and system based on handheld terminal equipment PDA (personal digital assistant) and fingerprint identification technology
CN103903319A (en) * 2014-02-10 2014-07-02 袁磊 Electronic lock system based on internet dynamic authorization

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI775090B (en) * 2020-06-04 2022-08-21 曾惠瑜 System of executing encryption, decryption and lock-open management and method thereof

Also Published As

Publication number Publication date
CN105827403A (en) 2016-08-03
TW201619916A (en) 2016-06-01
CN105827403B (en) 2019-04-23

Similar Documents

Publication Publication Date Title
AU2019201720B2 (en) Method of using one device to unlock another device
US9853813B2 (en) Method for securing a private key
CN102196375B (en) Securing out-of-band messages
US20160140548A1 (en) Method for performing non-repudiation, and payment managing server and user device therefor
CN103748831A (en) Device and method for PUF-based inter-device security authentication in machine-to-machine communication
CN106912046B (en) One-way key fob and vehicle pairing
CN109391468A (en) A kind of authentication method and system
CN106789024B (en) A kind of remote de-locking method, device and system
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
CN104662941A (en) Supporting the use of a secret key
KR102146748B1 (en) Digital key based service system and method thereof in mobile trusted environment
US20150026783A1 (en) Wireless authentication system and wireless authentication method
TWI588782B (en) Security method, security gate and server
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
KR101358375B1 (en) Prevention security system and method for smishing
CN109088729B (en) Key storage method and device
JP2018148463A (en) Authentication system, authentication information generator, apparatus to be authenticated, and authentication apparatus
US20230299981A1 (en) Method and System for Authentication of a Computing Device
JP6501701B2 (en) SYSTEM, TERMINAL DEVICE, CONTROL METHOD, AND PROGRAM
CN108055124A (en) Lock administration system and lock management method
US10275960B2 (en) Security system, management apparatus, permission apparatus, terminal apparatus, security method and program
US11763309B2 (en) System and method for maintaining a fraud risk profile in a fraud risk engine
US11463251B2 (en) Method for secure management of secrets in a hierarchical multi-tenant environment
KR102053993B1 (en) Method for Authenticating by using Certificate
CN113282945B (en) Intelligent lock authority management method and device, electronic equipment and storage medium