TWI775090B - System of executing encryption, decryption and lock-open management and method thereof - Google Patents
System of executing encryption, decryption and lock-open management and method thereof Download PDFInfo
- Publication number
- TWI775090B TWI775090B TW109118768A TW109118768A TWI775090B TW I775090 B TWI775090 B TW I775090B TW 109118768 A TW109118768 A TW 109118768A TW 109118768 A TW109118768 A TW 109118768A TW I775090 B TWI775090 B TW I775090B
- Authority
- TW
- Taiwan
- Prior art keywords
- key
- terminal device
- unlocking
- portable communication
- communication device
- Prior art date
Links
Images
Abstract
Description
本發明是有關於一種平台管理系統,特別是一種經由一種終端裝置執行加解密及開鎖管理的系統,其中,本發明的終端裝置可以為一種具有近距離通信功能的「電子鎖」裝置。 The present invention relates to a platform management system, in particular to a system for performing encryption, decryption and unlocking management via a terminal device, wherein the terminal device of the present invention may be an "electronic lock" device with a short-range communication function.
隨著行動通訊網路頻寬及網路速度的快速發展,利用網路而興起的產業也更加蓬勃興盛,例如,物聯網(Internet of Things,IOT)的興起,可以將人類科技發展帶入了下一個世代。 With the rapid development of mobile communication network bandwidth and network speed, the industries that use the Internet have become more prosperous. For example, the rise of the Internet of Things (IOT) can bring the development of human technology into the next a generation.
在物聯網的架構中,雲端平台扮演著不可或缺的角色,雲端平台可以讓各種行動裝置得以透過這個平台做遠端監控、遠端遙控或者進行新型交易的支付模式。 In the architecture of the Internet of Things, the cloud platform plays an indispensable role. The cloud platform allows various mobile devices to use this platform for remote monitoring, remote control, or payment modes for new transactions.
然而,就在物聯網具有各種功能且便利等優點的前提下,但在雲端的共享過程中,卻暗藏著資安漏洞。例如:在美國著名電影:玩命關頭8(Fast & Furious 8)中,黑客高手透過衛星黑入並可以控制方圓兩英哩中的一千多輛車子,進而使車子自動駕駛服系統從指令。因此,如果在 通訊傳輸持續發展過程中,沒有保密或是防黑客機制的管理系統時,這樣誇張的電影場景或許即將在真實世界上演。 However, under the premise that the Internet of Things has various functions and conveniences, there are hidden information security loopholes in the sharing process in the cloud. For example: In the famous American movie: Fast & Furious 8, a master hacker hacked into and controlled more than a thousand cars in a two-mile radius through satellites, and then made the cars self-driving obey the command. Therefore, if in In the continuous development of communication transmission, when there is no management system for confidentiality or anti-hacking mechanism, such exaggerated movie scenes may be staged in the real world.
同樣地,在智慧電子鎖的開鎖管理流程中,若資安沒有加以保密,就如同上述的車子,隨時都有被入侵的風險。很明顯的,在目前以雲端作為管理平台來管理「電子鎖」的管理系統及其管理方法,也就是,能夠通過雲端平台就能開啟在雲端平台中的各種的「電子鎖」,是存在很高的管理風險。 Similarly, in the unlocking management process of smart electronic locks, if information security is not kept secret, just like the above-mentioned car, there is a risk of being invaded at any time. Obviously, in the current management system and management method of "electronic locks" using the cloud as the management platform, that is, various "electronic locks" in the cloud platform can be opened through the cloud platform. High management risk.
為了解決上述的技術問題,本發明的一個主要目的,是提供一種由終端裝置執行加解密及開鎖管理的系統及其方法,特別是當終端裝置執行加密、解密、開鎖及上鎖的過程當中不需要雲端的介入,通過雲端與終端裝置之間的離線狀況,可以有效的隔離黑客通過雲端或是網路的入侵,提高管理系統的資安層級。 In order to solve the above-mentioned technical problems, one main purpose of the present invention is to provide a system and method for performing encryption, decryption and unlocking management by a terminal device, especially when the terminal device performs encryption, decryption, unlocking and locking without The intervention of the cloud is required, and the offline status between the cloud and the terminal device can effectively isolate the intrusion of hackers through the cloud or the network, and improve the information security level of the management system.
為了解決上述的技術問題,本發明的另一個主要目的,是提供一種由終端裝置執行加解密及開鎖管理的系統及其方法,是由使用者通過可攜式通信裝置近距離的與終端裝置通信後,由終端裝置執行開鎖,可以有效的隔離黑客通過雲端或是網路的入侵,提高管理系統的資安層級。 In order to solve the above-mentioned technical problems, another main purpose of the present invention is to provide a system and method for performing encryption, decryption and unlocking management by a terminal device. Afterwards, the terminal device performs the unlocking, which can effectively isolate the intrusion of hackers through the cloud or the network, and improve the information security level of the management system.
上述的技術問題,本發明還有一個主要目的,是提供一種由終端裝置執行加密及開鎖管理的系統及其方法,於終端裝置的加密過程中,具有多個會改變次數的動態參數,以形成一種動態的數位鑰匙,可以有效的避免側錄的入侵,提高管理系統的資安。 The above-mentioned technical problem, the present invention also has a main purpose, is to provide a kind of system and method for performing encryption and unlocking management by the terminal device, in the encryption process of the terminal device, there are a plurality of dynamic parameters that will change the number of times to form A dynamic digital key can effectively avoid the intrusion of skimming and improve the information security of the management system.
根據上述目的,本發明提供一種執行加解密及開鎖管理的系統,是由手機、雲端及電子鎖所組成,其特徵在於,手機接收來自雲端的第一鑰匙,並將第一鑰匙上傳至電子鎖;電子鎖接收第一鑰匙鎖後,識別第一鑰匙正確後,啟動開鎖時間;電子鎖產生具有多個動態參數的第二鑰匙,並將第二鑰匙傳送至手機;手機於收到第二鑰匙後,將第二鑰匙覆蓋第一鑰匙,以形成開鎖指令;手機發出該開鎖指令給電子鎖;及電子鎖根據開鎖指令執行開鎖。 According to the above purpose, the present invention provides a system for performing encryption, decryption and unlocking management, which is composed of a mobile phone, a cloud and an electronic lock, and is characterized in that the mobile phone receives the first key from the cloud and uploads the first key to the electronic lock. ; After the electronic lock receives the first key lock, after identifying the correct first key, the unlocking time is started; the electronic lock generates a second key with multiple dynamic parameters, and transmits the second key to the mobile phone; the mobile phone receives the second key Then, cover the first key with the second key to form the unlocking instruction; the mobile phone sends the unlocking instruction to the electronic lock; and the electronic lock executes the unlocking according to the unlocking instruction.
根據上述目的,本發明提供一種執行加密及開鎖管理的系統,是由一可攜式通信裝置、一雲端及一終端裝置所組成,其中,可攜式通信裝置具有一可攜式通信裝置ID,終端裝置具有一終端裝置ID,其特徵在於,加密及開鎖管理的系統管理步驟,包括:接收第一鑰匙,是由可攜式通信裝置來接收由雲端傳送的一個終端裝置相應的第一鑰匙;傳送第一鑰匙,是由可攜式通信裝置將第一鑰匙傳送至終端裝置;執行第一判斷,是由終端裝置的處理單元將第一鑰匙解密後,判斷第一鑰匙是否正確;形成第二鑰匙,是於終端裝置將第一鑰匙解密後,判斷第一鑰匙正確後,並接著由終端裝置對第一鑰匙中解密的內容,進行重新運算,再對重新運算後的內容進行加密,以形成第二鑰匙,其中,於第二鑰匙中具有一個或多個動態參數;傳送第二鑰匙,是由終端裝置將第二鑰匙傳送至可攜式通信裝置; 執行第二判斷,是由可攜式通信裝置判斷接收來自終端裝置的第二鑰匙是否正確;執行一覆蓋程序,是於可攜式通信裝置於判斷第二鑰匙正確後,由可攜式通信裝置以第二鑰匙覆蓋第一鑰匙,以使第二鑰匙以形成一個開鎖指令;傳送開鎖指令,由可攜式通信裝置將開鎖指令傳送給終端裝置;及執行開鎖動作,終端裝置於收到可攜式通信裝置傳送的開鎖指令後,由終端裝置執行開鎖動作。 According to the above object, the present invention provides a system for performing encryption and unlocking management, which is composed of a portable communication device, a cloud and a terminal device, wherein the portable communication device has a portable communication device ID, The terminal device has a terminal device ID, and it is characterized in that the system management steps of encryption and unlocking management include: receiving a first key, which is to receive a first key corresponding to a terminal device transmitted by the cloud by a portable communication device; To transmit the first key, the portable communication device transmits the first key to the terminal device; to perform the first judgment, the processing unit of the terminal device decrypts the first key to determine whether the first key is correct; form the second key The key is that after the terminal device decrypts the first key and determines that the first key is correct, the terminal device then re-calculates the decrypted content in the first key, and then encrypts the re-calculated content to form a key. The second key, wherein the second key has one or more dynamic parameters; the transmission of the second key is that the terminal device transmits the second key to the portable communication device; Executing the second judgment is that the portable communication device judges whether the second key received from the terminal device is correct; and executing an overlay procedure is that after the portable communication device judges that the second key is correct, the portable communication device Cover the first key with the second key, so that the second key can form an unlocking command; transmit the unlocking command, and the portable communication device transmits the unlocking command to the terminal device; and execute the unlocking action, the terminal device receives the portable communication device. After the unlocking command sent by the type communication device, the terminal device performs the unlocking action.
根據上述目的,本發明接著再提供一種執行加密及開鎖管理的系統,是由一可攜式通信裝置、一雲端及一終端裝置所組成,其中,可攜式通信裝置具有一可攜式通信裝置ID,終端裝置具有一終端裝置ID,其特徵在於,執行加密及開鎖管理系統的管理步驟,包括:接收第一鑰匙,是由可攜式通信裝置來接收由雲端傳送的一個終端裝置相應的第一鑰匙;傳送第一鑰匙,是由可攜式通信裝置將第一鑰匙傳送至終端裝置;執行第一判斷,是由終端裝置的處理單元將第一鑰匙解密後,判斷第一鑰匙是否正確;形成第二鑰匙,是於終端裝置將第一鑰匙解密後,判斷第一鑰匙正確後,並接著由終端裝置對第一鑰匙中解密的內容,進行重新運算,再對重新運算後的內容進行加密,以形成第二鑰匙,其中,於第二鑰匙中具有一個或多個動態參數;傳送第二鑰匙,是由終端裝置將第二鑰匙傳送至可攜式通信裝置;執行第二判斷,是由可攜式通信裝置判斷接收來自終端裝置的第二鑰匙是否正確; 執行一覆蓋程序,是於可攜式通信裝置於判斷第二鑰匙正確後,由可攜式通信裝置以第二鑰匙覆蓋第一鑰匙,以使第二鑰匙以形成一個開鎖指令;傳送開鎖指令,由可攜式通信裝置將開鎖指令傳送給終端裝置;及執行開鎖動作,終端裝置於收到可攜式通信裝置傳送的開鎖指令後,由終端裝置執行開鎖動作。 According to the above object, the present invention further provides a system for performing encryption and unlocking management, which is composed of a portable communication device, a cloud and a terminal device, wherein the portable communication device has a portable communication device ID, the terminal device has a terminal device ID, and it is characterized in that, performing the management steps of the encryption and unlocking management system includes: receiving the first key, which is a portable communication device to receive the corresponding first key of a terminal device transmitted by the cloud. a key; transmitting the first key, the portable communication device transmits the first key to the terminal device; executing the first judgment, after decrypting the first key by the processing unit of the terminal device, judging whether the first key is correct; The second key is formed after the terminal device decrypts the first key and determines that the first key is correct, and then the terminal device re-calculates the decrypted content in the first key, and then encrypts the re-calculated content. , to form a second key, in which there are one or more dynamic parameters in the second key; the transmission of the second key is that the terminal device transmits the second key to the portable communication device; the execution of the second judgment is performed by The portable communication device determines whether the second key received from the terminal device is correct; Execute a covering procedure, after the portable communication device determines that the second key is correct, the portable communication device covers the first key with the second key, so that the second key can form an unlock command; transmit the unlock command, The portable communication device transmits the unlocking instruction to the terminal device; and executes the unlocking action. After the terminal device receives the unlocking command sent by the portable communication device, the terminal device executes the unlocking action.
根據上述目的,本發明的終端裝置在加密及開鎖過程中,不會與雲端產生連線,而只能近距離的使用藍芽系統與可攜式通信裝置,因此,加密及開鎖管理的系統與方法,可以有效的隔離黑客通過雲端或是網路的入侵,提高管理系統的資安層級。 According to the above purpose, the terminal device of the present invention will not be connected to the cloud during the encryption and unlocking process, but can only use the Bluetooth system and the portable communication device at close range. Therefore, the encryption and unlocking management system and the The method can effectively isolate the intrusion of hackers through the cloud or the network, and improve the information security level of the management system.
甲、 First,
10:雲端 10: Cloud
12:工廠 12: Factory
14:電子鎖 14: Electronic lock
16:手機 16: Cell Phone
CID:雲端ID CID: Cloud ID
LID:電子鎖ID LID: Electronic lock ID
MID:手機ID MID: Mobile ID
Due:憑證的到期日 Due: the expiration date of the voucher
CA+:憑證公鑰 CA+: certificate public key
CA-:憑證私鑰 CA-: Credential Private Key
L+:電子鎖公鑰 L+: Electronic lock public key
L-:電子鎖私鑰 L-: Electronic lock private key
M+:手機公鑰 M+: mobile phone public key
M-:手機私鑰 M-: mobile phone private key
R#:亂數 R#: random numbers
R#+1:亂數 R#+1: random numbers
Key1:第一鑰匙 Key1: The first key
Key2:第二鑰匙 Key2: The second key
圖1 表示本發明的電子鎖註冊流程圖;圖2 表示本發明的手機與雲端註冊流程圖;圖3 表示本發明的手機與電子鎖註冊流程圖;圖4 表示本發明的實施例中,鑰匙的明文及密文示意圖;圖5 表示本發明的執行加密及開鎖管理的方法流程圖;圖6 表示本發明一實施例的執行加密及開鎖管理的方法;圖7 表示本發明另一實施例的執行加密及開鎖管理的方法;以及圖8 表示本發明的一種透過雲端平台來進行開鎖管理的系統。 Figure 1 shows the flow chart of the electronic lock registration of the present invention; Figure 2 shows the mobile phone and cloud registration flow chart of the present invention; Figure 3 shows the mobile phone and electronic lock registration flow chart of the present invention; Figure 4 shows the embodiment of the present invention, the key Figure 5 shows a flow chart of a method for performing encryption and unlocking management according to the present invention; Figure 6 shows a method for performing encryption and unlocking management according to an embodiment of the present invention; Figure 7 shows another embodiment of the present invention. A method for performing encryption and unlocking management; and FIG. 8 shows a system for unlocking management through a cloud platform of the present invention.
以下提供本發明具體實施例的詳細內容說明,然而本發明並不受限於下述實施例,且本發明中的圖式均屬於示意圖式,主要意在表示各模組之間的連接關係,於此實施方式搭配各圖式作詳細說明如下。 The following provides a detailed description of the specific embodiments of the present invention, but the present invention is not limited to the following embodiments, and the drawings in the present invention are schematic diagrams, mainly intended to represent the connection relationship between the modules, This embodiment is described in detail with the drawings as follows.
本發明在以下的實施例中,終端裝置為一種具有「鎖具」功能的裝置,由於「鎖具」具有獨立的運算及記憶功能,故以「電子鎖」來代表此一終端裝置。因此,本發明的「電子鎖」其廣義的定義為能讓一個保持鎖定狀態的特定裝置,通過「電子鎖」的運算及辨識後,才能執行實際的開啟(包括由電子鎖來執行加解密及開鎖管理的動作)動作後,可以讓使用者進入或是使用特定裝置,其中,本發明的終端裝置可以是出租房間的門中的電子鎖(包括:大型酒店或連鎖是出租房間等),也可以是育樂設備上的開關(包括:大型酒店或是運動中心中的各種育樂設施,例如:跑步機、赌場中的賭博奢施等),也可以是各種車輛上的鎖,或是其他使用前已經被鎖固的設備或是門禁系統,需要通過「電子鎖」的開啟後,才能讓使用者使用的各種應用或是設備或是系統,對此,本發明對於終端裝置(即電子鎖)並不加以限制。而本發明為了便於讓使用者瞭解本發明的終端裝置(即電子鎖)執行加解密及開鎖管理的系統,是以出租房間的電子鎖為例來說明,並非用以限制本發明的應用領域,同時,電子鎖加密及解密過程,並不限於電子鎖的開鎖過程,亦可以是應用於上鎖的過程中。再者,雲端為目前習知的概念,故在雲端中,必定配置有伺服單元、處理或運算單元、記憶單元及一些可以接收及發送信息的通信協定等。以上的宣告,是在說明本發明的系統架構基本上是使用申請時的技術手段,而本發明的技術手段將在之後的內容中,詳細說明。同時,在如下的說明中,伺服單元、處 理單元及記憶單元等,傳統的硬體部分,都不會在圖示中出現,在此先予以述明。 In the following embodiments of the present invention, the terminal device is a device with a "lock" function. Since the "lock" has independent computing and memory functions, an "electronic lock" is used to represent the terminal device. Therefore, the "electronic lock" of the present invention is broadly defined as a specific device that can keep a locked state. After the calculation and identification of the "electronic lock", the actual opening (including the encryption and decryption performed by the electronic lock and the After the action of unlocking management), the user can be allowed to enter or use a specific device, wherein the terminal device of the present invention can be an electronic lock in the door of a rental room (including: large hotels or chains are rental rooms, etc.) , it can also be a switch on recreational equipment (including: various recreational facilities in large hotels or sports centers, such as treadmills, gambling luxury facilities in casinos, etc.), or a lock on various vehicles, or It is other equipment or access control system that has been locked before use, and needs to be opened by the "electronic lock" before the user can use various applications or equipment or systems. electronic locks) are not subject to restrictions. In the present invention, in order to facilitate the user to understand the system for performing encryption, decryption and unlocking management of the terminal device (ie, the electronic lock) of the present invention, the electronic lock of the rental room is used as an example to illustrate, and is not intended to limit the application field of the present invention. At the same time, the encryption and decryption process of the electronic lock is not limited to the unlocking process of the electronic lock, but can also be applied to the locking process. Furthermore, the cloud is a currently known concept, so in the cloud, there must be a server unit, a processing or computing unit, a memory unit, and some communication protocols that can receive and send information. The above announcement is to explain that the system architecture of the present invention is basically the technical means at the time of application, and the technical means of the present invention will be described in detail in the following content. At the same time, in the following description, the servo unit, The traditional hardware parts, such as the processing unit and the memory unit, are not shown in the figure, and will be described here first.
首先,請參考圖1,是本發明電子鎖註冊流程圖。如圖1的步驟S110所示,工廠12在完成電子鎖14的製造後,可以將鎖端憑證寫入電子鎖14的記憶單元中,例如,將鎖端憑證『CA+,CA-{LID,L+,L-,due}』寫入電子鎖14的記憶單元中,其中,鎖端憑證中的CA+表示憑證認證機構(Certificate Authority,CA)認證公鑰,CA-為憑證認證機構私鑰,CA-{LID,L+,L-,due}代表由憑證認證機構私鑰簽章過的資訊,LID為電子鎖身分號,L+為電子鎖公鑰,L-為電子鎖私鑰,due為憑證的到期日。在本發明的實施例中,電子鎖14是具有設定次數限制、使用者身份限制以及開鎖限時時間限制的功能。例如:當電子鎖14確認使用者身分並確認送出開鎖鑰匙時,電子鎖14的處理單元自動的將鎖端憑證加在送出開鎖鑰匙中,此一詳細過程,在後續的圖5中說明。接著,步驟S120,是由工廠12將鎖端憑證(CA+,CA-{LID,L+,L-,due})傳至雲端10,以完成電子鎖14與雲端10註冊。例如,當電子鎖14已經配置在一個出租房間的門上時,雲端10可以由後台的管理知道,每一個出租房間的門上相應的電子鎖14的鎖端憑證(CA+,CA-{LID,L+,L-,due})。
First, please refer to FIG. 1 , which is a flow chart of the electronic lock registration of the present invention. As shown in step S110 of FIG. 1 , after the
接著,請參考圖2,是本發明手機與雲端註冊流程圖。如圖2的步驟S210,用戶下載連接雲端10的應用程式(APP),並同意APP使用條款,例如:雲端10可以是一個類似Airbnb的房間出租平台,用戶下載一種可以預約雲端10出租房間的應用程式(APP)。接著,步驟S220,用戶填寫各用戶身份基本資料,例如:姓名、行動電話、通訊電郵等,並將這些基
本資料登錄至雲端10。再接著,由雲端10進行步驟S230,發送憑證公鑰CA+及驗證訊息給手機16,使得手機16取得公鑰CA+及驗證訊息。再接著,步驟S240,用戶透過手機16輸入取得的驗證訊息並回傳給雲端10後,雲端10在步驟S250的判斷步驟中核對驗證訊息,例如:一種驗證碼,如果驗證碼正確,就可以進行步驟S260,由雲端10發送手機端憑證CA-{MID,M+,M-,due}至手機16,其中CA-{MID,M+,M-,due}為憑證認證機構私鑰簽章過的資訊,而MID為手機身分號、M+為手機公鑰、M-為手機私鑰以及due為憑證的到期日。此外,於本步驟發送CA-加密的內容,是為證明加密內容由正確的雲端發送出來,並且其間並沒有經過任何竄改的可能,此即為數位簽章的意義。此時,手機16已經成為雲端10的客戶,並在雲端10的後台中記錄了手機16端的憑證為CA-{MID,M+,M-,due}。
Next, please refer to FIG. 2 , which is a flow chart of the mobile phone and cloud registration according to the present invention. As shown in step S210 in Figure 2, the user downloads an application (APP) connected to the
很明顯的,在執行完圖1及圖2的過程後,已經分別完成了雲端10與電子鎖14註冊及手機與雲端註冊的步驟。此時,雲端10具有雲端ID的CID、認證公鑰的CA+、認證私鑰的CA-及手機16的憑證為CA-{MID,M+,M-,due}。同時,手機16具有手機ID的MID、手機公鑰的M+、手機私鑰的M-以及認證公鑰的CA+。以及,電子鎖14具有電子鎖ID的LID、電子鎖公鑰的L+、電子鎖私鑰的M-以及認證公鑰的CA+。
Obviously, after the process of FIG. 1 and FIG. 2 is completed, the steps of registering the
接下來的情境,是當客戶使用手機16向雲端10完成了一個特定房間的出租程序後,因此,雲端10已經將其所要租的特定房間的地址或是房號傳送至手機16中。接著,客戶帶著手機16到達所要租的特定房間的地址或是房號處,使得手機16可以近距離的與電子鎖14通過無線通信協定進行通信,其中,無線通信協定可以是一種藍芽無線通信、無線網際網
路(Wi-Fi)或者近場無線通訊(Near Field Communication,NFC)。很明顯的,在此一階段,是進行手機16與電子鎖14進行雙向通訊的程序,並且,電子鎖14與雲端10是在離線的狀態下進行。經由手機16與電子鎖14近距離的進行通信,讓手機16可以取得電子鎖公鑰L+,其詳細註冊過程如下圖3所述。
The next scenario is when the customer completes the rental procedure of a specific room to the
接著,請參考圖3,是本發明的手機與電子鎖註冊流程圖。首先,於步驟S310中:由手機16發送手機ID的MID、手機公鑰的M+、手機私鑰簽章過的M-{MID}給電子鎖14;於步驟S320中:進入電子鎖14的第一判斷步驟:由電子鎖14的處理單元來檢驗已收到的M-{MID}簽章的MID,更精確地來說,電子鎖14用M+解開簽章M-{MID},以得到MID,並將得到的MID與手機16發送未加密的MID進行比較,若正確,則進到步驟S330,反之,若判斷式結果為不正確,則進入步驟S350,電子鎖14發出警報,此時,電子鎖14與手機16配對失敗。接著,於步驟S330中,由電子鎖14的處理單元產生亂數R#;之後,於步驟S350中;由電子鎖14的處理單元將亂數R#、LID、L+以公鑰M+進行加密,將加密過後的驗證碼M+{R#,LID,L+}傳送至手機16;於步驟S360中:由手機16將驗證碼L+{MID,R#+1}傳送至電子鎖14;於步驟S370中:由電子鎖14進行判斷,是由電子鎖14的處理單元來核對亂數R#+1,若正確,則進到步驟S380,反之,若判斷的結果為不正確,則電子鎖14鎖發出警報,電子鎖14註冊失敗;於步驟S380中:手機16與電子鎖14完成註冊,手機16取得註冊憑證CA+{MID,LID};
於步驟S390中:由手機16將註冊憑證CA+{MID,LID}傳送至雲端10;於步驟S391中:雲端10接收到步驟S390的註冊憑證後,雲端10會將MID與LID送到後台進行比對(在雲端的後台建立MID與LID已經在圖1及圖2中說明),若正確,則由雲端10將第一鑰匙key1發給手機16。於此步驟中,是由雲端10執行房間出租過程的後台管理,例如,在手機16通過雲端10確認所要承租的房間後,雲端10的後台會形成一個管理資料庫,知道在某一個時間,某一支手機16的手機端憑證是要租哪一個房間門上的鎖端憑證。故當雲端10收到手機16的註冊憑證CA+{MID,LID}後,雲端10會比對此手機端憑證與鎖端憑證與資料庫是否一致,若一致時,則由雲端10將第一鑰匙key1發給手機16。很明顯的,完成圖3的過程後,手機16所取得的第一鑰匙key1,就像客戶正常辦理酒店臨櫃後,所取得的房卡一樣。
Next, please refer to FIG. 3 , which is a flow chart of the mobile phone and electronic lock registration of the present invention. First, in step S310: the
接著,請參考圖4,是本發明實施例中的第一鑰匙(key1)的代碼組成。本發明實施例中第一鑰匙(key1)的代碼可以是由兩部份組成,第一部份為明文:{LID,~到期日,次數,位階},第二部份為利用終端裝置(例如:門鎖)的公鑰所加密過的密文:L+{CID,到期日,次數,位階,CA-{LID,MID}};其中密文在以下的實施例中稱之為token。 Next, please refer to FIG. 4, which is the code composition of the first key (key1) in the embodiment of the present invention. In the embodiment of the present invention, the code of the first key (key1) may be composed of two parts, the first part is plain text: {LID, ~expiration date, times, rank}, and the second part is the use of the terminal device ( For example, the ciphertext encrypted by the public key of the door lock): L+{CID, expiration date, times, rank, CA-{LID, MID}}; the ciphertext is called token in the following embodiments.
接著,請參考圖5,是本發明終端裝置執行加密及開鎖管理的方法流程圖,整理圖下:於步驟S5100中,由手機16將手機公鑰M+及第一鑰匙(key1)中的第一密文token 1傳送給電子鎖14;於步驟S5120中,由電子鎖14的處理單元進行核對所收到的第一鑰匙(key1)內容,包括:電子鎖14用處理單元通過私鑰L-解開第一密文token1;
電子鎖14用處理單元通過憑證公鑰CA+核對簽章CA-{LID,MID};核對電子鎖ID LID;及電子鎖14核對日期與次數;若核對結果符合上述項次要求,進到步驟S5150,反之,則到步驟S5130,傳送L-{Fail#}至手機16。之後,手機16可以選擇於步驟S5140發送開鎖失敗紀錄給雲端10。接著,於步驟S5150中,於電子鎖14確認收到手機16所傳送的第一鑰匙(key1)中的第一密文token1、簽章、LID、日期與次數等都為正確後,由電子鎖14的處理單元產生一個加密的第二鑰匙key2({LID,~到期日,次數-1,位階},D+{CID,到期日,次數-1,位階,CA-{LID,MID}}),此一加密的第二鑰匙key2也稱為開鎖指令,其中,第二鑰匙key2還可以選擇產生一個或多個的動態參數,此動態參數,包括:設定一個可以記述的次數;使用L-簽章;設定限制時間;產生亂數R#;再接著,於步驟S5160中,由電子鎖14將加密後的開鎖指令L-{Key2,R#}傳送至手機16,其中,在本步驟中,電子鎖14會啟動“開鎖的倒數時間”,例如:30秒;於步驟S5170中,手機16核對收到電子鎖14傳送的第二密文token2的簽章(即開鎖指令)及亂數R#進行核對,若核對成功,將產生新的亂數
R#+1,且手機16必須在30秒內進入到步驟S5180,反之,則到步驟S5140,由手機16發送開鎖失敗紀錄給雲端10;於步驟S5180中,由手機16以作為開鎖指令的第二鑰匙key2取代或是覆蓋第一鑰匙key1,動態參數可以選擇用加法或是減法進行參數的改變;於步驟S5190中,再由手機16傳送M-{LID,MID,R#+1}數位簽章給電子鎖14。特別要說明的是,步驟S5180及步驟S5190這兩個步驟,手機16必須在所設定的“開鎖的倒數時間”內將開鎖指令傳給電子鎖14,否則,若超過“開鎖的倒數時間”後,電子鎖14會傳送L-{Fail#}的信息至手機16;於步驟S5200中,由電子鎖14進行以下步驟:確認亂數R#+1;確認是否有在“開鎖的倒數時間”內收到開鎖指令;確認數位簽章M-{LID,MID}是否屬於手機私鑰M-加密;以及確認解鎖後的LID及MID是否正確,如確認無誤,由處理單元進行解鎖,以完成開鎖程序,讓使用者能夠進入房間中。
Next, please refer to FIG. 5 , which is a flow chart of the method for performing encryption and unlocking management by the terminal device of the present invention. The following diagram is arranged: In step S5100, the
最後,手機16可以選擇性地向雲端10發送已經解鎖紀錄,包括步驟S5210的失敗解鎖紀錄以及步驟S5220的成功解鎖紀錄。如前述圖1至圖5所述的過程,是本發明對於實施例的說明,其中,圖1是表示電子鎖註冊流程圖,而圖2表示手機與雲端註冊流程圖。在圖1及圖2中的程序,是屬於雲端與手機(或是用戶)之間進行註冊的過程。例如:以一個類似Airbnb的網路平台來說明,圖1是平台建立對所有可以出租房間的註冊,最重要的信息是每一個房間所對應的門鎖信息,這些房間以及所對應的門鎖信息在圖1中,已經建立在雲端的後台中。接著,圖2是由平台提供一個公開於網路上的『租房搜尋的App』,此App可以讓使用者註冊成會員,使得
雲端的後台可以辨識出每一個註冊成會員的客戶,可以進行註冊成會員的管理,例如:管理註冊成會員通過App已經租了哪個特定的出租房間。
Finally, the
接著,進入圖3後,就是屬於本發明所提供的技術手段,其中,本發明在進入圖3之前,註冊成會員可能已經先通過手機16下載的App,完成某一地方的特定房間在某一特定時間的出租程序。因此,此時的雲端後台已經將特定手機16的信息與其所對應出租的門鎖形成配對,並儲存在雲端的後台伺服器中。接著,在進入圖3的場景(scenario)時,註冊成會員拿著手機16已經在約定的出租時間,來到所要住宿的特定房間附近,例如:手機16已經來到房門的門口時,此時,註冊成會員必須近距離地以已經與雲端註冊後手機16與房門的門鎖14進行註冊,以取得此一房門上的門鎖14的信息。之後,將註冊後的門鎖信息,如步驟390所示的內容,傳送至雲端10。接著,雲端10可以根據圖1及圖2在後台所建立的信息,進行平台上的運營管理,例如:雲端10的後台可以根據圖3所傳回的門鎖信息,進行比對,例如:核對手機16的信息是否與雲端10的後台中所對應出租的門鎖14形成配對或是一致。如過核對結果是正確時,在圖3的最後,是由雲端10傳送第一鑰匙key1至手機16。很明顯的,在雲端10確認手機16的信息與出租的門鎖14形成配對或是正確後,雲端10是無法通過網路來要求或是驅動門鎖14開啟。這是本發明在終端裝置管理時的主要手段,其主要的差異在於,使用者(或是手機16)必須到達終端裝置(門鎖14)的附近,通過近場通信協議與門鎖14進行通信後,先由手機16將註冊後的門鎖信息傳送至雲端10,通過雲端10的後台管理及確認無誤後,雲端10只能向手機16
發出第一鑰匙key1。因此,本發明所揭露的管理系統及方法,是可以有效的避免黑客通過雲端10或是網路就直接控制門鎖14的開啟。
Next, after entering FIG. 3, it belongs to the technical means provided by the present invention. Before entering FIG. 3, the registered member may have already downloaded the App through the
接續上述,本發明的終端裝置(門鎖14)實際的開啟程序是在圖5,已於於步驟S5100~步驟S5200中詳細說明,故不再贅述之。接著,請參考圖6,是本發明根據圖5實施例的終端裝置執行加密及開鎖管理的方法,進一步的整理如下:步驟S610:由一種可攜式通信裝置(例如:手機16)接收由雲端10傳送的第一鑰匙,其中,所述的可攜式通信裝置可以是一種手機16;步驟S620:可攜式通信裝置(例如:手機16)將所收到的第一鑰匙上傳至終端裝置(例如:電子鎖14),詳細如前述步驟S5100所述;步驟S630:由終端裝置(例如:電子鎖14)判斷接收來自可攜式通信裝置(例如:手機16)的第一鑰匙是否正確,詳細如前述步驟S5120所述;步驟S640:於終端裝置(例如:電子鎖14)判斷第一鑰匙正確後,由終端裝置(例如:電子鎖14)對第一鑰匙進行加密,以產生第二鑰匙的開鎖指令,詳細如前述步驟S5150所述;步驟S650:終端裝置(例如:電子鎖14)將其產生的第二鑰匙開鎖指令傳送至可攜式通信裝置(例如:手機16),詳細如前述步驟S5160所述;步驟S660:由可攜式通信裝置(例如:手機16)判斷接收來自終端裝置(例如:電子鎖14)的開鎖指令是否正確,詳細如前述步驟S5170所述;步驟S670:於可攜式通信裝置(例如:手機16)判斷開鎖指令正確後,可攜式通信裝置(例如:手機16)將正確的開鎖指令覆蓋第一鑰匙,並且啟動 一種動態參數,例如:動態參數可以選擇用加法或是減法來達到取代或是覆蓋前版本,如前述步驟S5180所述;步驟S680:可攜式通信裝置(例如:手機16)將開鎖指令傳送至終端裝置(例如:電子鎖14),詳細如前述步驟S5190所述;於步驟S690:終端裝置(例如:電子鎖14)於接收來自可攜式通信裝置(例如:手機16)傳送的開鎖指令後,執行開鎖動作,詳細如前述步驟S5200所述;此時,可攜式通信裝置(例如:手機16)可以選擇性地將解鎖成功的信息傳送至雲端10。 Continuing from the above, the actual opening procedure of the terminal device (the door lock 14 ) of the present invention is shown in FIG. 5 , which has been described in detail in steps S5100 to S5200 , so it will not be repeated here. Next, please refer to FIG. 6 , which is a method for performing encryption and unlocking management on a terminal device according to the embodiment of FIG. 5 of the present invention, which is further organized as follows: Step S610 : receiving data from a portable communication device (eg, mobile phone 16 ) from the cloud 10, wherein the portable communication device can be a mobile phone 16; Step S620: the portable communication device (eg, the mobile phone 16) uploads the received first key to the terminal device ( For example: electronic lock 14), the details are as described in the aforementioned step S5100; step S630: the terminal device (eg: electronic lock 14) judges whether the first key received from the portable communication device (eg: mobile phone 16) is correct, details As described in the aforementioned step S5120; step S640: after the terminal device (eg: the electronic lock 14) determines that the first key is correct, the terminal device (eg: the electronic lock 14) encrypts the first key to generate the second key The unlock instruction is as described in the aforementioned step S5150 in detail; in step S650 : the terminal device (eg, the electronic lock 14 ) transmits the second key unlock instruction generated by it to the portable communication device (eg: the mobile phone 16 ), and the details are as described in the aforementioned steps Described in S5160; Step S660: The portable communication device (for example, the mobile phone 16) determines whether the unlocking instruction received from the terminal device (for example: the electronic lock 14) is correct, the details are as described in the aforementioned step S5170; After the portable communication device (eg, the mobile phone 16 ) determines that the unlock command is correct, the portable communication device (eg, the mobile phone 16 ) covers the first key with the correct unlock command, and starts A dynamic parameter, for example: the dynamic parameter can choose to use addition or subtraction to replace or overwrite the previous version, as described in the aforementioned step S5180; step S680: the portable communication device (eg: mobile phone 16) sends the unlock command to the The terminal device (eg, the electronic lock 14 ) is described in detail in the aforementioned step S5190 ; in step S690 : the terminal device (eg, the electronic lock 14 ) receives the unlocking instruction transmitted from the portable communication device (eg, the mobile phone 16 ) , perform the unlocking action, as described in the foregoing step S5200 in detail; at this time, the portable communication device (eg, the mobile phone 16 ) can selectively transmit the unlocking success information to the cloud 10 .
於前述步驟S640中,若終端裝置(例如:電子鎖14)判斷可攜式通信裝置(例如:手機16)的第一鑰匙判定為不正確時,或是於前述步驟S670中,終端裝置(例如:電子鎖14)判斷可攜式通信裝置(例如:手機16)的開鎖指令判定為不正確時,則會判定解鎖失敗。 In the aforementioned step S640, if the terminal device (eg, the electronic lock 14) determines that the first key of the portable communication device (eg, the mobile phone 16) is incorrect, or in the aforementioned step S670, the terminal device (eg, the mobile phone 16) determines that the first key is incorrect. : the electronic lock 14) determines that the unlocking fails when the unlocking instruction of the portable communication device (eg, the mobile phone 16) is determined to be incorrect.
再接著,請參考圖7,是本發明根據圖5的另一實施例的終端裝置執行加密及開鎖管理的方法,進一步的整理如下:步驟S710:可攜式通信裝置(例如:手機16)接收由雲端10傳送的第一鑰匙;步驟S720:可攜式通信裝置(例如:手機16)將第一鑰匙傳送至終端裝置(例如:電子鎖14),詳細如前述步驟S5100所述;步驟S730:由終端裝置(例如:電子鎖14)判斷接收來自可攜式通信裝置(例如:手機16)的第一鑰匙是否正確,詳細如前述步驟S5120所述;
步驟S740:於終端裝置(例如:電子鎖14)判斷第一鑰匙正確後,由終端裝置(例如:電子鎖14)對第一鑰匙進行加密,以形成第二鑰匙的開鎖指令,並且於開鎖指令中啟動『開鎖的時間倒數』,詳細如前述步驟S5150所述;步驟S750:終端裝置(例如:電子鎖14)將開鎖指令傳送至可攜式通信裝置(例如:手機16),詳細如前述步驟S5160所述;步驟S760:可攜式通信裝置(例如:手機16)判斷接收來自終端裝置(例如:電子鎖14)的開鎖指令是否正確,詳細如前述步驟S5170所述;步驟S770:可攜式通信裝置(例如:手機16)於判斷開鎖指令正確後,可攜式通信裝置(例如:手機16)將正確的開鎖指令覆蓋第一鑰匙,並且啟動一種動態參數,例如:動態參數可以選擇用加法或是減法來達到取代或是覆蓋前版本,詳細如前述步驟S5180所述;步驟S780:可攜式通信裝置傳送由可攜式通信裝置的私鑰加密的終端裝置ID及可攜式通信裝置ID的數位簽章給終端裝置;步驟S790:終端裝置(例如:電子鎖14)確認是否在開鎖的倒數時間內收到開鎖指令;步驟S800:終端裝置(例如:電子鎖14)確認終端裝置ID及可攜式通信裝置ID的數位簽章是否屬於可攜式通信裝置私鑰加密;步驟S810:終端裝置(例如:電子鎖14)確認解鎖後的終端裝置ID及解鎖後的可攜式通信裝置ID;步驟S820:可攜式通信裝置(例如:手機16)將開鎖指令傳送給終端裝置(例如:電子鎖14),詳細如前述步驟S5190所述;
於步驟S830:終端裝置(例如:電子鎖14)於收到可攜式通信裝置(例如:手機16)傳送的開鎖指令後,執行開鎖動作,詳細如前述步驟S5200所述此時,可攜式通信裝置(例如:手機16)可以選擇性地將解鎖成功信息傳送至雲端10。
Next, please refer to FIG. 7 , which is a method for performing encryption and unlocking management by a terminal device according to another embodiment of the present invention, which is further organized as follows: Step S710 : the portable communication device (eg, the mobile phone 16 ) receives The first key transmitted by the
此外,於判斷式S730、S760、S790~S810中,判定為不正確時,則會判定解鎖失敗,並且選擇性地向雲端10傳送解鎖失敗記錄。
In addition, in the determination formulas S730 , S760 , S790 to S810 , if the determination is incorrect, it is determined that the unlocking fails, and the unlocking failure record is selectively transmitted to the
在本發明圖6及圖7的實施例中,其中,步驟S630至步驟S650或步驟S730至步驟S750中的終端裝置(例如:電子鎖14)判斷可攜式通信裝置(例如:手機16)的第一鑰匙是否正確、或是步驟S640或S740中的終端裝置(例如:電子鎖14)產生第二鑰匙、或是步驟S650或S750中的終端裝置(例如:電子鎖14)將開鎖指令傳送至可攜式通信裝置(例如:手機16)等步驟,均可以選擇在離線狀態下完成。 In the embodiments of FIG. 6 and FIG. 7 of the present invention, the terminal device (eg, the electronic lock 14 ) in steps S630 to S650 or steps S730 to S750 determines whether the portable communication device (eg, the mobile phone 16 ) Whether the first key is correct, or the terminal device (eg: electronic lock 14 ) in step S640 or S740 generates the second key, or the terminal device (eg: electronic lock 14 ) in step S650 or S750 transmits the unlock command to The steps of the portable communication device (eg, the mobile phone 16 ) can be selected to be completed in an offline state.
根據上述,本發明的加解密及開鎖管理的系統可以防黑客或是防止側錄的另一特徵在於“開鎖指令”中具有一個動態參數,例如:動態參數可以選擇用加法或是減法來達到取代或是覆蓋開鎖指令前後版本的差異。因此,在步驟S670以及S770中,當可攜式通信裝置(例如:手機16)在第1次解鎖並”已經將解鎖的第二鑰匙覆蓋第一鑰匙”後,此時,終端裝置(例如:電子鎖14)中的開鎖指令的版本為通過動態參數加法或減法後的版本,因此,在本次的解鎖步驟完成後的下一次的解鎖時,可攜式通信裝置(例如:手機16)將以此第二鑰匙(即動態參數加法或減法後的版本)傳回至終端裝置(例如:電子鎖14),此時,終端裝置(例如:電子鎖14)的開鎖指令是以動態參數為第n+1的版本作為新第一鑰匙,例如:當可攜式通信裝置(例 如:手機16)收到終端裝置(例如:電子鎖14)的第一鑰匙並在進行第n次解鎖時,可攜式通信裝置(例如:手機16)同時將動態參數以n+1作為第二鑰匙(即開鎖指令)的動態參數,故終端裝置(例如:電子鎖14)開鎖後的動態參數為第n+1,當同樣的可攜式通信裝置(例如:手機16)要求開啟門鎖時,終端裝置(例如:電子鎖14)即會以動態參數為n+1的版本作為第一鑰匙,傳送至可攜式通信裝置(例如:手機16)中,很明顯的,在可攜式通信裝置(例如:手機16)解鎖並傳送至終端裝置(例如:電子鎖14)中的開鎖指令的版本為n+2,故只要通過一次覆蓋後,存在終端裝置(例如:電子鎖14)中的開鎖指令的動態參數都會步相同,具有一種動態鑰匙的特性。 According to the above, the encryption, decryption and unlock management system of the present invention can prevent hackers or prevent skimming. Another feature is that the "unlock command" has a dynamic parameter. For example, the dynamic parameter can be replaced by addition or subtraction. Or overwrite the difference between the version before and after the unlock command. Therefore, in steps S670 and S770, when the portable communication device (for example, the mobile phone 16) is unlocked for the first time and "has covered the first key with the unlocked second key", at this time, the terminal device (for example: The version of the unlocking instruction in the electronic lock 14) is the version after the addition or subtraction of the dynamic parameters. Therefore, in the next unlocking after the current unlocking step is completed, the portable communication device (for example, the mobile phone 16) will The second key (that is, the version after the addition or subtraction of the dynamic parameters) is sent back to the terminal device (for example, the electronic lock 14 ). The version of n+1 is used as the new first key, for example: when the portable communication device (e.g. For example, when the mobile phone 16) receives the first key of the terminal device (for example: the electronic lock 14) and unlocks it for the nth time, the portable communication device (for example, the mobile phone 16) simultaneously sets the dynamic parameter n+1 as the first key. The dynamic parameter of the second key (ie the unlocking command), so the dynamic parameter of the terminal device (eg: electronic lock 14 ) after unlocking is the n+1th, when the same portable communication device (eg: mobile phone 16 ) requests to unlock the door , the terminal device (for example: the electronic lock 14 ) will use the version with the dynamic parameter n+1 as the first key, and transmit it to the portable communication device (for example: the mobile phone 16 ). Obviously, in the portable communication device The version of the unlock command that is unlocked by the communication device (eg: mobile phone 16 ) and transmitted to the terminal device (eg: electronic lock 14 ) is n+2, so it only needs to be overwritten once and stored in the terminal device (eg: electronic lock 14 ) The dynamic parameters of the unlock command will be the same, with the characteristics of a dynamic key.
要特別說明的,本發明的終端裝置(例如:電子鎖14)在加密及開鎖過程中,都不會與雲端產生連線,而只能近距離的使用藍芽系統與可攜式通信裝置,因此,加密及開鎖管理的系統與方法,可以有效的隔離黑客通過雲端或是網路的入侵,提高管理系統的資安層級。 It should be noted that the terminal device (eg, the electronic lock 14 ) of the present invention will not be connected to the cloud during the encryption and unlocking process, but can only use the Bluetooth system and the portable communication device at close range. Therefore, the system and method for encryption and unlocking management can effectively isolate the intrusion of hackers through the cloud or the network, and improve the information security level of the management system.
如前所述,本發明的終端裝置可以是出租房間的門上的電子鎖(包括:大型酒店或連鎖是出租房間等),也可以是各種育樂設備上的電子鎖(包括:大型酒店或是運動中心中的各種育樂設施,例如:運動中心的跑步機、赌場-Casino中的賭博機台等),也可以是各種車輛上的電子鎖,或是其他使用前已經被鎖固的設備或是系統,需要通過「電子鎖」的開啟後,才能讓使用者使用的各種應用或是設備或是系統,對此,本發明對於該的終端裝置(即電子鎖)並不加以限制。因此,只要使用者能夠根據圖2流程,使用可攜式通信裝置(例如:手機16)與雲端10完成註冊並取得App後,就可以向雲端上所提供的各種設施,通過圖2、圖3及圖4的流程後,在入住
的酒店期間,使用酒店中的各種設施。通過本發明所提供的開鎖管理的系統及方法,對於大型酒店而言,除了提供安全的住宿服務外,還可以讓有限的各種設施通過本發明的開鎖管理的系統及方法來達到分流的管理,降低使用者等待所產生的抱怨。然而,通過本發明的開鎖管理的系統及方法,對於大型酒店而言,可以分析每一位使用者在入住的酒店期間的各種消費情形或式習慣,以使大型酒店能夠根據這些信息提供客戶更適當行銷計畫。
As mentioned above, the terminal device of the present invention can be an electronic lock on the door of a rental room (including: a large hotel or chain is a rental room, etc.), or it can be an electronic lock on various recreational equipment (including: large Various recreational facilities in hotels or sports centers, such as treadmills in sports centers, gambling machines in casinos-Casino, etc.), or electronic locks on various vehicles, or other devices that have been locked before use various applications or devices or systems that can be used by the user only after the "electronic lock" is opened, the present invention does not limit the terminal device (ie, the electronic lock) . Therefore, as long as the user can complete the registration with the
接著,請參考圖8,為一種透過雲端平台來進行開鎖管理的系統及方法。很明顯的,客戶已經完成住宿的登錄,並且已經安全的進入所租的房間中。接著,此客戶可以通過圖8的架構並配合圖6或圖7的流程,預約想要使用的各種設施。如圖8所示,雲端10可以是大型酒店的網頁或是平台,可以顯示在大型酒店中可以提供預約管理服務各種設施。在本實施例中,第一終端裝置141可以是赌場中的賭博機台,第二終端裝置142可以是運動中心中的各種設備,例如:跑步機、腳踏車、重量訓練等,第三終端裝置143可以是出租的車,例如:轎車、機車、腳踏車等。很明顯的,上述這些第一終端裝置141、第二終端裝置142及第三終端裝置143都必須先通過圖1及圖2的過程,與酒店的雲端10完成註冊。因此,當使用者的可攜式通信裝置(例如:手機16)已經與雲端10完成註冊並取得App後,使用者就可以通過可攜式通信裝置(例如:手機16)看到此酒店中還有哪些設施可以使用,當使用者確認選擇哪一項設施並自雲端取得該項設施的第一鑰匙後,就已完成預約程序。之後,使用者以第一鑰匙進行圖6或圖7的流程後,就可以讓設施開鎖及使用。
Next, please refer to FIG. 8 , which is a system and method for unlocking management through a cloud platform. Obviously, the customer has completed the registration of the accommodation and has entered the rented room safely. Next, the customer can reserve various facilities that he wants to use through the structure of FIG. 8 and the flow of FIG. 6 or FIG. 7 . As shown in FIG. 8 , the
再接著,本發明以使用者預約運動中心的設備來說明本發明的開鎖管理的系統及方法。以跑步機為例說明如下:步驟一:使用者通過可攜式通信裝置(例如:手機16)已經接收由雲端10傳送所預約的跑步機及其第一鑰匙;步驟二:當使用者在約定的時間前後,例如:下午5點,來到所預約的跑步機,之後,使用者拿出可攜式通信裝置(例如:手機16)並將第一鑰匙傳送至跑步機,詳細如前述步驟S5100所述;步驟三:由跑步機中的處理單元判斷接收來自可攜式通信裝置(例如:手機16)的第一鑰匙是否正確,詳細如前述步驟S5120所述;步驟四:於跑步機判斷第一鑰匙正確後,由跑步機對第一鑰匙進行加密,以形成第二鑰匙的開鎖指令,並且於開鎖指令中啟動『開鎖的時間倒數』,詳細如前述步驟S5150所述;步驟五:跑步機將開鎖指令傳送至可攜式通信裝置(例如:手機16),詳細如前述步驟S5160所述;步驟六:可攜式通信裝置(例如:手機16)判斷接收來自跑步機的開鎖指令是否正確,詳細如前述步驟S5170所述;步驟七:可攜式通信裝置(例如:手機16)於判斷開鎖指令正確後,可攜式通信裝置(例如:手機16)將正確的開鎖指令覆蓋第一鑰匙,並且啟動一種動態參數,詳細如前述步驟S5180所述;步驟八:可攜式通信裝置(例如:手機16)將開鎖指令傳送給跑步機,詳細如前述步驟S5190所述;
於步驟九:跑步機於收到可攜式通信裝置(例如:手機16)傳送的開鎖指令後,執行開鎖動作,詳細如前述步驟S5200所述;其中,於步驟四中,若終端裝置(例如:電子鎖14)判斷可攜式通信裝置(例如:手機16)的第一鑰匙判定為不正確時,或是於步驟六中,跑步機判斷可攜式通信裝置(例如:手機16)的開鎖指令判定為不正確時,則會判定解鎖失敗。
此時,可攜式通信裝置(例如:手機16)可以選擇性地將解鎖失敗的信息傳送至雲端10。很明顯的,通過本發明的開鎖管理的系統及方法後,只有完成預約的可攜式通信裝置(例如:手機16)才能使跑步機開鎖及使用。換句話說,雲端是無法以其所產生的第一鑰匙來使跑步機開鎖。
Next, the present invention describes the system and method of unlocking management of the present invention by using the equipment of the user to reserve the sports center. Taking a treadmill as an example, the description is as follows: Step 1: The user has received the reserved treadmill and its first key transmitted by the
如果使用者已經預約在下午9點要租一輛轎車時,此時,使用者的可攜式通信裝置(例如:手機16)已經自雲端10取得轎車的第一鑰匙,因此,使用者在下午9點前後,來到轎車旁邊,拿出可攜式通信裝置(例如:手機16)並將第一鑰匙傳送至轎車後,使用者以第一鑰匙進行圖6或圖7的流程後,就可以讓轎車開鎖及使用。
If the user has made an appointment to rent a car at 9:00 pm, at this time, the user's portable communication device (for example, the mobile phone 16 ) has obtained the first key of the car from the
很明顯的,本發明中的終端裝置,例如:各種育樂設備上的電子鎖、赌場中的賭博機台的電子鎖或是出租車上的鎖等,在加密及開鎖過程中,都不會與雲端產生連線,而只能近距離的使用藍芽系統與可攜式通信裝置,因此,加密及開鎖管理的系統與方法,可以有效的隔離黑客通過雲端或是網路的入侵,提高管理系統的資安層級。 Obviously, the terminal device in the present invention, such as: electronic locks on various recreational equipment, electronic locks on gambling machines in casinos, or locks on taxis, etc., will not be encrypted and unlocked during the process of encryption and unlocking. It is connected to the cloud and can only use the bluetooth system and portable communication device at close range. Therefore, the encryption and unlocking management system and method can effectively isolate hackers from intrusion through the cloud or the network and improve management. The security level of the system.
以上所述僅為本發明較佳的實施方式,並非用以限定本發明權利的範圍;同時以上的描述,對於相關技術領域中具有通常知識者應可 明瞭並據以實施,因此其他未脫離本發明所揭露概念下所完成之等效改變或修飾,應均包含於申請專利範圍中。 The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the scope of the rights of the present invention; at the same time, the above descriptions should be familiar to those with ordinary knowledge in the relevant technical field. Therefore, other equivalent changes or modifications made without departing from the concepts disclosed in the present invention should be included in the scope of the patent application.
S610~S670:步驟 S610~S670: Steps
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109118768A TWI775090B (en) | 2020-06-04 | 2020-06-04 | System of executing encryption, decryption and lock-open management and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109118768A TWI775090B (en) | 2020-06-04 | 2020-06-04 | System of executing encryption, decryption and lock-open management and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202147260A TW202147260A (en) | 2021-12-16 |
TWI775090B true TWI775090B (en) | 2022-08-21 |
Family
ID=80783775
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW109118768A TWI775090B (en) | 2020-06-04 | 2020-06-04 | System of executing encryption, decryption and lock-open management and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI775090B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114550352B (en) * | 2022-02-23 | 2024-04-19 | 广东电网有限责任公司 | Lock management system, method, device and storage medium for power equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017093597A1 (en) * | 2015-12-03 | 2017-06-08 | Nokia Technologies Oy | Access management |
TWI588782B (en) * | 2014-11-28 | 2017-06-21 | 財團法人工業技術研究院 | Security method, security gate and server |
US20190371096A1 (en) * | 2018-06-01 | 2019-12-05 | Sentrilock, Llc | Electronic lockbox with interface to other electronic locks |
CN110599627A (en) * | 2018-06-12 | 2019-12-20 | 袁丽萍 | Security door system that no lockhole cell-phone was unblanked |
-
2020
- 2020-06-04 TW TW109118768A patent/TWI775090B/en active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI588782B (en) * | 2014-11-28 | 2017-06-21 | 財團法人工業技術研究院 | Security method, security gate and server |
WO2017093597A1 (en) * | 2015-12-03 | 2017-06-08 | Nokia Technologies Oy | Access management |
US20190371096A1 (en) * | 2018-06-01 | 2019-12-05 | Sentrilock, Llc | Electronic lockbox with interface to other electronic locks |
CN110599627A (en) * | 2018-06-12 | 2019-12-20 | 袁丽萍 | Security door system that no lockhole cell-phone was unblanked |
Also Published As
Publication number | Publication date |
---|---|
TW202147260A (en) | 2021-12-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10829088B2 (en) | Identity management for implementing vehicle access and operation management | |
US10808427B1 (en) | Smart lock box | |
CN106233796B (en) | Calculate the automatic subscriber registration and unlock of equipment | |
KR100848314B1 (en) | Device and Method of e-voting using mobile terminal | |
US7996888B2 (en) | Virtual identity apparatus and method for using same | |
EP3997606B1 (en) | Cryptoasset custodial system with custom logic | |
CN110766524B (en) | Online booking self-service check-in method and storage device | |
CN106537403A (en) | System for accessing data from multiple devices | |
JP5940671B2 (en) | VPN connection authentication system, user terminal, authentication server, biometric authentication result evidence information verification server, VPN connection server, and program | |
CN111478918A (en) | Device with access control function | |
US20210014064A1 (en) | Method and apparatus for managing user authentication in a blockchain network | |
JP2001265694A (en) | Supporting method for communication channel setting and computer readable recording medium for realizing the same | |
US11277396B2 (en) | Method for authorization management in a community of connected objects | |
JP7172716B2 (en) | Authorization system, management server and authorization method | |
US20120311331A1 (en) | Logon verification apparatus, system and method for performing logon verification | |
JP2011012511A (en) | Electric lock control system | |
JPH05333775A (en) | User authentication system | |
CN109767530A (en) | Smart lock control method, apparatus and system based on block chain | |
TWI775090B (en) | System of executing encryption, decryption and lock-open management and method thereof | |
JP5078675B2 (en) | Member authentication system and portable terminal device | |
WO2018207174A1 (en) | Method and system for sharing a network enabled entity | |
CN114499899B (en) | Identity verification system | |
US20210319116A1 (en) | Systems and methods of access validation using distributed ledger identity management | |
JP2003224554A (en) | Communication connection system, method and program and electronic voting system | |
CN113763599A (en) | System and method for executing encryption, decryption and unlocking management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GD4A | Issue of patent certificate for granted invention patent |