TWI775090B - System of executing encryption, decryption and lock-open management and method thereof - Google Patents

Abstract

The system for executing encryption and decryption and lock-open management, consisting of a mobile phone, a cloud and an electronic lock, is used to execute the process of the encryption, decryption and lock-open management. The process comprises that the mobile phone uploads the first key to the electric lock and the electric lock start a limit time for lock open; the electric lock check if the first key correct; the electric key generates a second key with a plurality of dynamic parameters and uploads the second key to the mobile phone; the mobile phone uses the second key to cover the first key and the mobile phone send out a lock-open instructor to the electric lock; the electric lock start to unlock.

Description

System and method for performing encryption, decryption and unlocking management

The present invention relates to a platform management system, in particular to a system for performing encryption, decryption and unlocking management via a terminal device, wherein the terminal device of the present invention may be an "electronic lock" device with a short-range communication function.

With the rapid development of mobile communication network bandwidth and network speed, the industries that use the Internet have become more prosperous. For example, the rise of the Internet of Things (IOT) can bring the development of human technology into the next a generation.

In the architecture of the Internet of Things, the cloud platform plays an indispensable role. The cloud platform allows various mobile devices to use this platform for remote monitoring, remote control, or payment modes for new transactions.

However, under the premise that the Internet of Things has various functions and conveniences, there are hidden information security loopholes in the sharing process in the cloud. For example: In the famous American movie: Fast & Furious 8, a master hacker hacked into and controlled more than a thousand cars in a two-mile radius through satellites, and then made the cars self-driving obey the command. Therefore, if in In the continuous development of communication transmission, when there is no management system for confidentiality or anti-hacking mechanism, such exaggerated movie scenes may be staged in the real world.

Similarly, in the unlocking management process of smart electronic locks, if information security is not kept secret, just like the above-mentioned car, there is a risk of being invaded at any time. Obviously, in the current management system and management method of "electronic locks" using the cloud as the management platform, that is, various "electronic locks" in the cloud platform can be opened through the cloud platform. High management risk.

In order to solve the above-mentioned technical problems, one main purpose of the present invention is to provide a system and method for performing encryption, decryption and unlocking management by a terminal device, especially when the terminal device performs encryption, decryption, unlocking and locking without The intervention of the cloud is required, and the offline status between the cloud and the terminal device can effectively isolate the intrusion of hackers through the cloud or the network, and improve the information security level of the management system.

In order to solve the above-mentioned technical problems, another main purpose of the present invention is to provide a system and method for performing encryption, decryption and unlocking management by a terminal device. Afterwards, the terminal device performs the unlocking, which can effectively isolate the intrusion of hackers through the cloud or the network, and improve the information security level of the management system.

The above-mentioned technical problem, the present invention also has a main purpose, is to provide a kind of system and method for performing encryption and unlocking management by the terminal device, in the encryption process of the terminal device, there are a plurality of dynamic parameters that will change the number of times to form A dynamic digital key can effectively avoid the intrusion of skimming and improve the information security of the management system.

According to the above purpose, the present invention provides a system for performing encryption, decryption and unlocking management, which is composed of a mobile phone, a cloud and an electronic lock, and is characterized in that the mobile phone receives the first key from the cloud and uploads the first key to the electronic lock. ; After the electronic lock receives the first key lock, after identifying the correct first key, the unlocking time is started; the electronic lock generates a second key with multiple dynamic parameters, and transmits the second key to the mobile phone; the mobile phone receives the second key Then, cover the first key with the second key to form the unlocking instruction; the mobile phone sends the unlocking instruction to the electronic lock; and the electronic lock executes the unlocking according to the unlocking instruction.

According to the above object, the present invention provides a system for performing encryption and unlocking management, which is composed of a portable communication device, a cloud and a terminal device, wherein the portable communication device has a portable communication device ID, The terminal device has a terminal device ID, and it is characterized in that the system management steps of encryption and unlocking management include: receiving a first key, which is to receive a first key corresponding to a terminal device transmitted by the cloud by a portable communication device; To transmit the first key, the portable communication device transmits the first key to the terminal device; to perform the first judgment, the processing unit of the terminal device decrypts the first key to determine whether the first key is correct; form the second key The key is that after the terminal device decrypts the first key and determines that the first key is correct, the terminal device then re-calculates the decrypted content in the first key, and then encrypts the re-calculated content to form a key. The second key, wherein the second key has one or more dynamic parameters; the transmission of the second key is that the terminal device transmits the second key to the portable communication device; Executing the second judgment is that the portable communication device judges whether the second key received from the terminal device is correct; and executing an overlay procedure is that after the portable communication device judges that the second key is correct, the portable communication device Cover the first key with the second key, so that the second key can form an unlocking command; transmit the unlocking command, and the portable communication device transmits the unlocking command to the terminal device; and execute the unlocking action, the terminal device receives the portable communication device. After the unlocking command sent by the type communication device, the terminal device performs the unlocking action.

According to the above object, the present invention further provides a system for performing encryption and unlocking management, which is composed of a portable communication device, a cloud and a terminal device, wherein the portable communication device has a portable communication device ID, the terminal device has a terminal device ID, and it is characterized in that, performing the management steps of the encryption and unlocking management system includes: receiving the first key, which is a portable communication device to receive the corresponding first key of a terminal device transmitted by the cloud. a key; transmitting the first key, the portable communication device transmits the first key to the terminal device; executing the first judgment, after decrypting the first key by the processing unit of the terminal device, judging whether the first key is correct; The second key is formed after the terminal device decrypts the first key and determines that the first key is correct, and then the terminal device re-calculates the decrypted content in the first key, and then encrypts the re-calculated content. , to form a second key, in which there are one or more dynamic parameters in the second key; the transmission of the second key is that the terminal device transmits the second key to the portable communication device; the execution of the second judgment is performed by The portable communication device determines whether the second key received from the terminal device is correct; Execute a covering procedure, after the portable communication device determines that the second key is correct, the portable communication device covers the first key with the second key, so that the second key can form an unlock command; transmit the unlock command, The portable communication device transmits the unlocking instruction to the terminal device; and executes the unlocking action. After the terminal device receives the unlocking command sent by the portable communication device, the terminal device executes the unlocking action.

According to the above purpose, the terminal device of the present invention will not be connected to the cloud during the encryption and unlocking process, but can only use the Bluetooth system and the portable communication device at close range. Therefore, the encryption and unlocking management system and the The method can effectively isolate the intrusion of hackers through the cloud or the network, and improve the information security level of the management system.

First,

10: Cloud

12: Factory

14: Electronic lock

16: Cell Phone

CID: Cloud ID

LID: Electronic lock ID

MID: Mobile ID

Due: the expiration date of the voucher

CA+: certificate public key

CA-: Credential Private Key

L+: Electronic lock public key

L-: Electronic lock private key

M+: mobile phone public key

M-: mobile phone private key

R#: random numbers

R#+1: random numbers

Key1: The first key

Key2: The second key

Figure 1 shows the flow chart of the electronic lock registration of the present invention; Figure 2 shows the mobile phone and cloud registration flow chart of the present invention; Figure 3 shows the mobile phone and electronic lock registration flow chart of the present invention; Figure 4 shows the embodiment of the present invention, the key Figure 5 shows a flow chart of a method for performing encryption and unlocking management according to the present invention; Figure 6 shows a method for performing encryption and unlocking management according to an embodiment of the present invention; Figure 7 shows another embodiment of the present invention. A method for performing encryption and unlocking management; and FIG. 8 shows a system for unlocking management through a cloud platform of the present invention.

The following provides a detailed description of the specific embodiments of the present invention, but the present invention is not limited to the following embodiments, and the drawings in the present invention are schematic diagrams, mainly intended to represent the connection relationship between the modules, This embodiment is described in detail with the drawings as follows.

In the following embodiments of the present invention, the terminal device is a device with a "lock" function. Since the "lock" has independent computing and memory functions, an "electronic lock" is used to represent the terminal device. Therefore, the "electronic lock" of the present invention is broadly defined as a specific device that can keep a locked state. After the calculation and identification of the "electronic lock", the actual opening (including the encryption and decryption performed by the electronic lock and the After the action of unlocking management), the user can be allowed to enter or use a specific device, wherein the terminal device of the present invention can be an electronic lock in the door of a rental room (including: large hotels or chains are rental rooms, etc.) , it can also be a switch on recreational equipment (including: various recreational facilities in large hotels or sports centers, such as treadmills, gambling luxury facilities in casinos, etc.), or a lock on various vehicles, or It is other equipment or access control system that has been locked before use, and needs to be opened by the "electronic lock" before the user can use various applications or equipment or systems. electronic locks) are not subject to restrictions. In the present invention, in order to facilitate the user to understand the system for performing encryption, decryption and unlocking management of the terminal device (ie, the electronic lock) of the present invention, the electronic lock of the rental room is used as an example to illustrate, and is not intended to limit the application field of the present invention. At the same time, the encryption and decryption process of the electronic lock is not limited to the unlocking process of the electronic lock, but can also be applied to the locking process. Furthermore, the cloud is a currently known concept, so in the cloud, there must be a server unit, a processing or computing unit, a memory unit, and some communication protocols that can receive and send information. The above announcement is to explain that the system architecture of the present invention is basically the technical means at the time of application, and the technical means of the present invention will be described in detail in the following content. At the same time, in the following description, the servo unit, The traditional hardware parts, such as the processing unit and the memory unit, are not shown in the figure, and will be described here first.

First, please refer to FIG. 1 , which is a flow chart of the electronic lock registration of the present invention. As shown in step S110 of FIG. 1 , after the factory 12 completes the manufacture of the electronic lock 14, the lock end certificate can be written into the memory unit of the electronic lock 14, for example, the lock end certificate “CA+, CA-{LID, L+ ,L-,due}' is written into the memory unit of the electronic lock 14, wherein CA+ in the lock end certificate represents the certificate certification authority (Certificate Authority, CA) certification public key, CA- is the certificate certification authority private key, CA- {LID,L+,L-,due} represents the information signed by the private key of the certificate certification authority, LID is the semicolon of the electronic lock, L+ is the public key of the electronic lock, L- is the private key of the electronic lock, and due is the arrival of the certificate date. In the embodiment of the present invention, the electronic lock 14 has the functions of setting the number of times, the user's identity, and the unlocking time limit. For example, when the electronic lock 14 confirms the user's identity and confirms sending the unlocking key, the processing unit of the electronic lock 14 automatically adds the lock certificate to the sending unlocking key. This detailed process will be described in the subsequent FIG. 5 . Next, in step S120 , the factory 12 transmits the lock certificate (CA+, CA-{LID, L+, L-, due}) to the cloud 10 to complete the registration of the electronic lock 14 and the cloud 10 . For example, when the electronic lock 14 has been configured on the door of a rental room, the cloud 10 can know from the background management, the lock certificate (CA+, CA-{) of the corresponding electronic lock 14 on the door of each rental room. LID,L+,L-,due}).

Next, please refer to FIG. 2 , which is a flow chart of the mobile phone and cloud registration according to the present invention. As shown in step S210 in Figure 2, the user downloads an application (APP) connected to the cloud 10, and agrees to the terms of use of the APP. For example, the cloud 10 can be a room rental platform similar to Airbnb, and the user downloads an application that can reserve a room for rent on the cloud 10. Application (APP). Next, in step S220, the user fills in the basic information of each user's identity, such as name, mobile phone, communication email, etc. This information is logged into the cloud 10. Next, step S230 is performed by the cloud 10, and the certificate public key CA+ and the verification message are sent to the mobile phone 16, so that the mobile phone 16 obtains the public key CA+ and the verification message. Next, in step S240, after the user inputs the obtained verification message through the mobile phone 16 and sends it back to the cloud 10, the cloud 10 checks the verification message in the judgment step of step S250, for example: a verification code, if the verification code is correct, it can be processed Step S260, the mobile terminal certificate CA-{MID, M+, M-, due} is sent from the cloud 10 to the mobile phone 16, wherein CA-{MID, M+, M-, due} is the information signed by the private key of the certificate certification authority , and MID is the mobile phone ID number, M+ is the mobile phone public key, M- is the mobile phone private key, and due is the expiration date of the certificate. In addition, sending the CA-encrypted content in this step is to prove that the encrypted content is sent from the correct cloud and there is no possibility of tampering, which is the meaning of the digital signature. At this time, the mobile phone 16 has become a client of the cloud 10, and the credentials of the mobile phone 16 are recorded in the background of the cloud 10 as CA-{MID,M+,M-,due}.

Obviously, after the process of FIG. 1 and FIG. 2 is completed, the steps of registering the cloud 10 and the electronic lock 14 and registering the mobile phone and the cloud have been completed respectively. At this time, the cloud 10 has the CID of the cloud ID, the CA+ of the authentication public key, the CA- of the authentication private key, and the certificate of the mobile phone 16 is CA-{MID, M+, M-, due}. Meanwhile, the mobile phone 16 has the MID of the mobile phone ID, the M+ of the mobile phone public key, the M- of the mobile phone private key, and the CA+ of the authentication public key. And, the electronic lock 14 has LID of the electronic lock ID, L+ of the electronic lock public key, M- of the electronic lock private key, and CA+ of the authentication public key.

The next scenario is when the customer completes the rental procedure of a specific room to the cloud 10 by using the mobile phone 16 . Therefore, the cloud 10 has transmitted the address or room number of the specific room to be rented to the mobile phone 16 . Next, the customer takes the mobile phone 16 to the address or room number of the specific room to be rented, so that the mobile phone 16 can communicate with the electronic lock 14 in a short distance through a wireless communication protocol, wherein the wireless communication protocol can be a Bluetooth wireless communication, wireless internet Wi-Fi or Near Field Communication (NFC). Obviously, at this stage, the procedure of two-way communication between the mobile phone 16 and the electronic lock 14 is performed, and the electronic lock 14 and the cloud 10 are performed in an offline state. The mobile phone 16 communicates with the electronic lock 14 in a short distance, so that the mobile phone 16 can obtain the electronic lock public key L+. The detailed registration process is described in FIG. 3 below.

Next, please refer to FIG. 3 , which is a flow chart of the mobile phone and electronic lock registration of the present invention. First, in step S310: the mobile phone 16 sends the MID of the mobile phone ID, the M+ of the mobile phone public key, and the M-{MID} signed by the mobile phone private key to the electronic lock 14; in step S320: enter the first A judgment step: the MID of the received M-{MID} signature is checked by the processing unit of the electronic lock 14. More precisely, the electronic lock 14 uses M+ to unlock the signature M-{MID} to obtain MID, and compare the obtained MID with the unencrypted MID sent by the mobile phone 16, if correct, proceed to step S330, otherwise, if the judgment result is incorrect, proceed to step S350, the electronic lock 14 issues an alarm, at this time , the pairing of the electronic lock 14 and the mobile phone 16 fails. Next, in step S330, the random number R# is generated by the processing unit of the electronic lock 14; then, in step S350; the random number R#, LID, L+ is encrypted with the public key M+ by the processing unit of the electronic lock 14, Send the encrypted verification code M+{R#, LID, L+} to the mobile phone 16; in step S360: the mobile phone 16 sends the verification code L+{MID, R#+1} to the electronic lock 14; in step S370 : Judging by the electronic lock 14, the random number R#+1 is checked by the processing unit of the electronic lock 14, if correct, then proceed to step S380, on the contrary, if the result of the judgment is incorrect, then the electronic lock 14 locks out Alarm, the registration of the electronic lock 14 fails; in step S380: the mobile phone 16 and the electronic lock 14 are registered, and the mobile phone 16 obtains the registration certificate CA+{MID, LID}; In step S390: the mobile phone 16 transmits the registration certificate CA+{MID, LID} to the cloud 10; in step S391: after the cloud 10 receives the registration certificate in step S390, the cloud 10 sends the MID and LID to the background for comparison. Yes (the establishment of the MID and LID in the background of the cloud has been described in FIG. 1 and FIG. 2 ), if it is correct, the cloud 10 will send the first key key1 to the mobile phone 16 . In this step, the cloud 10 performs the background management of the room rental process. For example, after the mobile phone 16 confirms the room to be rented through the cloud 10, the background of the cloud 10 will form a management database to know that at a certain time, a certain room will be rented. The mobile terminal certificate of a mobile phone 16 is the lock terminal certificate on the door of the room to be rented. Therefore, when the cloud 10 receives the registration certificate CA+{MID, LID} of the mobile phone 16, the cloud 10 will compare whether the mobile phone certificate and the lock certificate are consistent with the database. key1 is sent to mobile phone 16. Obviously, after completing the process of FIG. 3 , the first key key1 obtained by the mobile phone 16 is the same as the room card obtained by the customer after the customer normally handles the hotel check-in.

Next, please refer to FIG. 4, which is the code composition of the first key (key1) in the embodiment of the present invention. In the embodiment of the present invention, the code of the first key (key1) may be composed of two parts, the first part is plain text: {LID, ~expiration date, times, rank}, and the second part is the use of the terminal device ( For example, the ciphertext encrypted by the public key of the door lock): L+{CID, expiration date, times, rank, CA-{LID, MID}}; the ciphertext is called token in the following embodiments.

Next, please refer to FIG. 5 , which is a flow chart of the method for performing encryption and unlocking management by the terminal device of the present invention. The following diagram is arranged: In step S5100, the mobile phone 16 converts the mobile phone public key M+ and the first key of the first key (key1). The ciphertext token 1 is sent to the electronic lock 14; in step S5120, the processing unit of the electronic lock 14 checks the content of the received first key (key1), including: the electronic lock 14 is decrypted by the processing unit through the private key L- Open the first ciphertext token1; The electronic lock 14 uses the processing unit to check the signature CA-{LID, MID} through the certificate public key CA+; check the electronic lock ID LID; and the electronic lock 14 check the date and number of times; if the check result meets the requirements of the above items, go to step S5150 , otherwise, go to step S5130 to transmit L-{Fail#} to the mobile phone 16 . Afterwards, the mobile phone 16 may choose to send the unlocking failure record to the cloud 10 in step S5140. Next, in step S5150, after the electronic lock 14 confirms that the first ciphertext token1, signature, LID, date and number of times in the first key (key1) transmitted by the mobile phone 16 are all correct, the electronic lock The processing unit of 14 generates an encrypted second key key2({LID, ~expiration date, times-1, rank}, D+{CID, expiration date, times-1, rank, CA-{LID, MID}} ), this encrypted second key key2 is also called an unlock command, wherein, the second key key2 can also choose to generate one or more dynamic parameters, the dynamic parameters include: setting a number of times that can be described; using L- signature; setting time limit; generating random number R#; then, in step S5160, the electronic lock 14 transmits the encrypted unlocking instruction L-{Key2, R#} to the mobile phone 16, wherein in this step , the electronic lock 14 will start the "countdown time for unlocking", for example: 30 seconds; in step S5170, the mobile phone 16 checks the signature (ie, unlocking instruction) and random number R of the second ciphertext token2 sent by the electronic lock 14 #Check, if the check is successful, a new random number will be generated R#+1, and the mobile phone 16 must enter step S5180 within 30 seconds, otherwise, go to step S5140, and the mobile phone 16 sends the unlocking failure record to the cloud 10; in step S5180, the mobile phone 16 uses the first unlock instruction as the first The second key key2 replaces or covers the first key key1, and the dynamic parameters can be changed by addition or subtraction; in step S5190, the mobile phone 16 transmits the M-{LID, MID, R#+1} digital signature Chapter 14 for electronic locks. It should be noted that in the two steps of step S5180 and step S5190, the mobile phone 16 must transmit the unlock instruction to the electronic lock 14 within the set "countdown time for unlocking", otherwise, if the "countdown time for unlocking" exceeds the "countdown time for unlocking" , the electronic lock 14 will transmit the information of L-{Fail#} to the mobile phone 16; in step S5200, the electronic lock 14 performs the following steps: confirming the random number R#+1; confirming whether it is within the "countdown time for unlocking" Receive the unlock instruction; confirm whether the digital signature M-{LID, MID} belongs to the mobile phone private key M-encryption; and confirm whether the unlocked LID and MID are correct, if the confirmation is correct, the processing unit will unlock it to complete the unlocking procedure , allowing the user to enter the room.

Finally, the mobile phone 16 can selectively send the unlocked records to the cloud 10, including the failed unlocking records of step S5210 and the successful unlocking records of step S5220. 1 to 5 are descriptions of embodiments of the present invention, wherein FIG. 1 is a flow chart of registering an electronic lock, and FIG. 2 is a flow chart of registering a mobile phone with the cloud. The procedures in FIG. 1 and FIG. 2 belong to the process of registering between the cloud and the mobile phone (or the user). For example: take an Airbnb-like network platform as an illustration. Figure 1 shows the registration of all rooms that can be rented out by the platform. The most important information is the door lock information corresponding to each room, these rooms and the corresponding door locks. The information in Figure 1 has been built in the background in the cloud. Next, Figure 2 is a "rental search app" provided by the platform on the Internet. This app allows users to register as members, making The backend of the cloud can identify each customer who has registered as a member, and can manage the registered member, for example, manage which specific rental room the registered member has rented through the App.

Next, after entering FIG. 3, it belongs to the technical means provided by the present invention. Before entering FIG. 3, the registered member may have already downloaded the App through the mobile phone 16 to complete a specific room in a certain place. A rental program for a specific time. Therefore, at this time, the cloud backend has already paired the information of the specific mobile phone 16 with its corresponding rented door lock, and stored it in the backend server in the cloud. Next, when entering the scene in FIG. 3 , the registered member holds the mobile phone 16 and has come to the specific room to be accommodated at the agreed rental time. For example, when the mobile phone 16 has arrived at the door of the house, this At the time of registration, the registered member must register with the mobile phone 16 and the door lock 14 of the door after registering with the cloud at a close distance, so as to obtain the information of the door lock 14 on the door. After that, the registered door lock information, as shown in step 390 , is transmitted to the cloud 10 . Next, the cloud 10 can perform operation management on the platform according to the information established in the background in FIG. 1 and FIG. 2 . For example, the background of the cloud 10 can compare the door lock information returned in FIG. 3 , for example: check Whether the information of the mobile phone 16 is paired or consistent with the door lock 14 for rent corresponding to the backend of the cloud 10 . If the verification result is correct, at the end of FIG. 3 , the cloud 10 transmits the first key key1 to the mobile phone 16 . Obviously, after the cloud 10 confirms that the information of the mobile phone 16 is paired or correct with the rented door lock 14 , the cloud 10 cannot request or drive the door lock 14 to open through the network. This is the main method of the present invention in the management of the terminal device. The main difference is that the user (or the mobile phone 16 ) must reach the vicinity of the terminal device (the door lock 14 ) and communicate with the door lock 14 through the near field communication protocol. After that, the mobile phone 16 first transmits the registered door lock information to the cloud 10. After the background management and confirmation of the cloud 10 are correct, the cloud 10 can only send the mobile phone 16 Issue the first key key1. Therefore, the management system and method disclosed in the present invention can effectively prevent hackers from directly controlling the opening of the door lock 14 through the cloud 10 or the network.

Continuing from the above, the actual opening procedure of the terminal device (the door lock 14 ) of the present invention is shown in FIG. 5 , which has been described in detail in steps S5100 to S5200 , so it will not be repeated here. Next, please refer to FIG. 6 , which is a method for performing encryption and unlocking management on a terminal device according to the embodiment of FIG. 5 of the present invention, which is further organized as follows: Step S610 : receiving data from a portable communication device (eg, mobile phone 16 ) from the cloud 10, wherein the portable communication device can be a mobile phone 16; Step S620: the portable communication device (eg, the mobile phone 16) uploads the received first key to the terminal device ( For example: electronic lock 14), the details are as described in the aforementioned step S5100; step S630: the terminal device (eg: electronic lock 14) judges whether the first key received from the portable communication device (eg: mobile phone 16) is correct, details As described in the aforementioned step S5120; step S640: after the terminal device (eg: the electronic lock 14) determines that the first key is correct, the terminal device (eg: the electronic lock 14) encrypts the first key to generate the second key The unlock instruction is as described in the aforementioned step S5150 in detail; in step S650 : the terminal device (eg, the electronic lock 14 ) transmits the second key unlock instruction generated by it to the portable communication device (eg: the mobile phone 16 ), and the details are as described in the aforementioned steps Described in S5160; Step S660: The portable communication device (for example, the mobile phone 16) determines whether the unlocking instruction received from the terminal device (for example: the electronic lock 14) is correct, the details are as described in the aforementioned step S5170; After the portable communication device (eg, the mobile phone 16 ) determines that the unlock command is correct, the portable communication device (eg, the mobile phone 16 ) covers the first key with the correct unlock command, and starts A dynamic parameter, for example: the dynamic parameter can choose to use addition or subtraction to replace or overwrite the previous version, as described in the aforementioned step S5180; step S680: the portable communication device (eg: mobile phone 16) sends the unlock command to the The terminal device (eg, the electronic lock 14 ) is described in detail in the aforementioned step S5190 ; in step S690 : the terminal device (eg, the electronic lock 14 ) receives the unlocking instruction transmitted from the portable communication device (eg, the mobile phone 16 ) , perform the unlocking action, as described in the foregoing step S5200 in detail; at this time, the portable communication device (eg, the mobile phone 16 ) can selectively transmit the unlocking success information to the cloud 10 .

In the aforementioned step S640, if the terminal device (eg, the electronic lock 14) determines that the first key of the portable communication device (eg, the mobile phone 16) is incorrect, or in the aforementioned step S670, the terminal device (eg, the mobile phone 16) determines that the first key is incorrect. : the electronic lock 14) determines that the unlocking fails when the unlocking instruction of the portable communication device (eg, the mobile phone 16) is determined to be incorrect.

Next, please refer to FIG. 7 , which is a method for performing encryption and unlocking management by a terminal device according to another embodiment of the present invention, which is further organized as follows: Step S710 : the portable communication device (eg, the mobile phone 16 ) receives The first key transmitted by the cloud 10; Step S720: The portable communication device (eg, the mobile phone 16) transmits the first key to the terminal device (eg, the electronic lock 14), as detailed in the aforementioned step S5100; Step S730: The terminal device (eg, the electronic lock 14 ) determines whether the first key received from the portable communication device (eg, the mobile phone 16 ) is correct, as detailed in the aforementioned step S5120 ; Step S740 : after the terminal device (eg, the electronic lock 14 ) determines that the first key is correct, the terminal device (eg, the electronic lock 14 ) encrypts the first key to form an unlock command for the second key, and the unlock command Step S750: The terminal device (eg, the electronic lock 14) transmits the unlocking instruction to the portable communication device (eg, the mobile phone 16), and the details are as described in the aforementioned steps. Step S5160; Step S760: The portable communication device (eg, the mobile phone 16) determines whether the unlock command received from the terminal device (eg: the electronic lock 14) is correct, as detailed in the aforementioned Step S5170; Step S770: Portable After the communication device (eg: mobile phone 16 ) determines that the unlocking command is correct, the portable communication device (eg: mobile phone 16 ) covers the first key with the correct unlocking command, and activates a dynamic parameter, for example, the dynamic parameter can be selected by adding Or subtraction to replace or overwrite the previous version, the details are as described in the aforementioned step S5180; Step S780: The portable communication device transmits the terminal device ID and the portable communication device ID encrypted by the private key of the portable communication device. Step S790: The terminal device (eg: electronic lock 14) confirms whether the unlocking instruction is received within the countdown time of unlocking; Step S800: the terminal device (eg: electronic lock 14) confirms the terminal device ID and Whether the digital signature of the portable communication device ID is encrypted by the private key of the portable communication device; Step S810: The terminal device (eg, the electronic lock 14) confirms the unlocked terminal device ID and the unlocked portable communication device ID ; Step S820: The portable communication device (eg, the mobile phone 16) transmits the unlocking instruction to the terminal device (eg, the electronic lock 14), as detailed in the aforementioned step S5190; In step S830: the terminal device (eg, the electronic lock 14) performs the unlocking action after receiving the unlocking instruction sent by the portable communication device (eg, the mobile phone 16). The details are as described in the aforementioned step S5200. The communication device (eg, the mobile phone 16 ) can selectively transmit the unlocking success information to the cloud 10 .

In addition, in the determination formulas S730 , S760 , S790 to S810 , if the determination is incorrect, it is determined that the unlocking fails, and the unlocking failure record is selectively transmitted to the cloud 10 .

In the embodiments of FIG. 6 and FIG. 7 of the present invention, the terminal device (eg, the electronic lock 14 ) in steps S630 to S650 or steps S730 to S750 determines whether the portable communication device (eg, the mobile phone 16 ) Whether the first key is correct, or the terminal device (eg: electronic lock 14 ) in step S640 or S740 generates the second key, or the terminal device (eg: electronic lock 14 ) in step S650 or S750 transmits the unlock command to The steps of the portable communication device (eg, the mobile phone 16 ) can be selected to be completed in an offline state.

According to the above, the encryption, decryption and unlock management system of the present invention can prevent hackers or prevent skimming. Another feature is that the "unlock command" has a dynamic parameter. For example, the dynamic parameter can be replaced by addition or subtraction. Or overwrite the difference between the version before and after the unlock command. Therefore, in steps S670 and S770, when the portable communication device (for example, the mobile phone 16) is unlocked for the first time and "has covered the first key with the unlocked second key", at this time, the terminal device (for example: The version of the unlocking instruction in the electronic lock 14) is the version after the addition or subtraction of the dynamic parameters. Therefore, in the next unlocking after the current unlocking step is completed, the portable communication device (for example, the mobile phone 16) will The second key (that is, the version after the addition or subtraction of the dynamic parameters) is sent back to the terminal device (for example, the electronic lock 14 ). The version of n+1 is used as the new first key, for example: when the portable communication device (e.g. For example, when the mobile phone 16) receives the first key of the terminal device (for example: the electronic lock 14) and unlocks it for the nth time, the portable communication device (for example, the mobile phone 16) simultaneously sets the dynamic parameter n+1 as the first key. The dynamic parameter of the second key (ie the unlocking command), so the dynamic parameter of the terminal device (eg: electronic lock 14 ) after unlocking is the n+1th, when the same portable communication device (eg: mobile phone 16 ) requests to unlock the door , the terminal device (for example: the electronic lock 14 ) will use the version with the dynamic parameter n+1 as the first key, and transmit it to the portable communication device (for example: the mobile phone 16 ). Obviously, in the portable communication device The version of the unlock command that is unlocked by the communication device (eg: mobile phone 16 ) and transmitted to the terminal device (eg: electronic lock 14 ) is n+2, so it only needs to be overwritten once and stored in the terminal device (eg: electronic lock 14 ) The dynamic parameters of the unlock command will be the same, with the characteristics of a dynamic key.

It should be noted that the terminal device (eg, the electronic lock 14 ) of the present invention will not be connected to the cloud during the encryption and unlocking process, but can only use the Bluetooth system and the portable communication device at close range. Therefore, the system and method for encryption and unlocking management can effectively isolate the intrusion of hackers through the cloud or the network, and improve the information security level of the management system.

As mentioned above, the terminal device of the present invention can be an electronic lock on the door of a rental room (including: a large hotel or chain is a rental room, etc.), or it can be an electronic lock on various recreational equipment (including: large Various recreational facilities in hotels or sports centers, such as treadmills in sports centers, gambling machines in casinos-Casino, etc.), or electronic locks on various vehicles, or other devices that have been locked before use various applications or devices or systems that can be used by the user only after the "electronic lock" is opened, the present invention does not limit the terminal device (ie, the electronic lock) . Therefore, as long as the user can complete the registration with the cloud 10 and obtain the App using the portable communication device (for example, the mobile phone 16 ) according to the process shown in FIG. And after the process of Figure 4, check in During the stay at the hotel, use the various facilities in the hotel. Through the system and method for unlocking management provided by the present invention, for large hotels, in addition to providing safe accommodation services, limited facilities can be managed by the system and method for unlocking management of the present invention to achieve diversion management, Reduce user complaints from waiting. However, through the system and method for unlocking management of the present invention, for large hotels, various consumption situations or habits of each user during the stay in the hotel can be analyzed, so that large hotels can provide customers with more information based on the information. Appropriate marketing plan.

Next, please refer to FIG. 8 , which is a system and method for unlocking management through a cloud platform. Obviously, the customer has completed the registration of the accommodation and has entered the rented room safely. Next, the customer can reserve various facilities that he wants to use through the structure of FIG. 8 and the flow of FIG. 6 or FIG. 7 . As shown in FIG. 8 , the cloud 10 may be a web page or a platform of a large hotel, and may display various facilities that can provide reservation management services in the large hotel. In this embodiment, the first terminal device 141 may be a gambling machine in a casino, the second terminal device 142 may be various equipment in a sports center, such as treadmills, bicycles, weight training, etc., and the third terminal device 143 It can be a rental car, such as a car, a locomotive, a bicycle, etc. Obviously, the above-mentioned first terminal device 141 , second terminal device 142 and third terminal device 143 must first complete the registration with the hotel cloud 10 through the process of FIG. 1 and FIG. 2 . Therefore, after the user's portable communication device (for example, the mobile phone 16 ) has completed the registration with the cloud 10 and obtained the App, the user can see through the portable communication device (for example, the mobile phone 16 ) what is still in the hotel. Which facilities are available, when the user confirms which facility to choose and obtains the first key of the facility from the cloud, the reservation process has been completed. Afterwards, the user can unlock and use the facility after performing the process of FIG. 6 or FIG. 7 with the first key.

Next, the present invention describes the system and method of unlocking management of the present invention by using the equipment of the user to reserve the sports center. Taking a treadmill as an example, the description is as follows: Step 1: The user has received the reserved treadmill and its first key transmitted by the cloud 10 through a portable communication device (eg, the mobile phone 16 ); Step 2: When the user agrees Before and after the time, for example: 5:00 pm, come to the reserved treadmill, after that, the user takes out the portable communication device (eg: mobile phone 16) and transmits the first key to the treadmill, as detailed in the aforementioned step S5100 Step 3: The processing unit in the treadmill determines whether the first key received from the portable communication device (for example, the mobile phone 16) is correct, as detailed in the aforementioned step S5120; Step 4: The treadmill determines whether the first key is correct. After a key is correct, the treadmill encrypts the first key to form an unlock command for the second key, and starts the "unlock time countdown" in the unlock command, as detailed in the aforementioned step S5150; Step 5: treadmill Send the unlocking instruction to the portable communication device (eg: mobile phone 16 ), as detailed in the aforementioned step S5160; Step 6: The portable communication device (eg: mobile phone 16 ) judges whether the unlocking instruction received from the treadmill is correct, The details are as described in the aforementioned step S5170; Step 7: After the portable communication device (eg, the mobile phone 16 ) determines that the unlock command is correct, the portable communication device (eg, the mobile phone 16 ) covers the first key with the correct unlock command, And start a dynamic parameter, as described in the aforementioned step S5180 in detail; Step 8: The portable communication device (for example, the mobile phone 16) transmits the unlocking instruction to the treadmill, as described in the aforementioned step S5190 in detail; In step 9: the treadmill executes the unlocking action after receiving the unlocking instruction sent by the portable communication device (eg, the mobile phone 16 ), and the details are as described in the aforementioned step S5200; wherein, in step 4, if the terminal device (eg, : electronic lock 14) when it is determined that the first key of the portable communication device (eg: mobile phone 16 ) is incorrect, or in step 6, the treadmill determines that the portable communication device (eg: mobile phone 16 ) is unlocked When the instruction is judged to be incorrect, it will be judged that the unlocking fails. At this time, the portable communication device (eg, the mobile phone 16 ) can selectively transmit the unlocking failure information to the cloud 10 . Obviously, after the system and method for unlocking management of the present invention, only the portable communication device (eg, mobile phone 16 ) that has completed the reservation can unlock and use the treadmill. In other words, the cloud cannot unlock the treadmill with the first key it generates.

If the user has made an appointment to rent a car at 9:00 pm, at this time, the user's portable communication device (for example, the mobile phone 16 ) has obtained the first key of the car from the cloud 10 . Around 9:00, come to the side of the car, take out the portable communication device (for example: mobile phone 16) and transfer the first key to the car. Let the car unlock and use.

Obviously, the terminal device in the present invention, such as: electronic locks on various recreational equipment, electronic locks on gambling machines in casinos, or locks on taxis, etc., will not be encrypted and unlocked during the process of encryption and unlocking. It is connected to the cloud and can only use the bluetooth system and portable communication device at close range. Therefore, the encryption and unlocking management system and method can effectively isolate hackers from intrusion through the cloud or the network and improve management. The security level of the system.

The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the scope of the rights of the present invention; at the same time, the above descriptions should be familiar to those with ordinary knowledge in the relevant technical field. Therefore, other equivalent changes or modifications made without departing from the concepts disclosed in the present invention should be included in the scope of the patent application.

S610~S670: Steps

Claims (10)

A method for performing encryption and unlocking management is composed of a portable communication device, a cloud and a terminal device, wherein the method for performing encryption and unlocking management includes: receiving a first key, which is performed by The portable communication device receives the first key corresponding to a terminal device transmitted by the cloud; the first key is transmitted by the portable communication device transmitting the first key to the terminal device; executing a The first judgment is to determine whether the first key is correct after decrypting the first key by the processing unit of the terminal device; to form a second key, the terminal device decrypts the first key and judges the first key. After the key is correct, the terminal device re-calculates the decrypted content of the first key, and then encrypts the re-calculated content to form a second key; the second key is transmitted by the terminal device The second key is transmitted to the portable communication device; the second judgment is performed by the portable communication device to determine whether the second key received from the terminal device is correct; an overwrite procedure is executed, the portable communication device is used to determine whether the received second key is correct; After judging that the second key is correct, the portable communication device covers the first key with the second key, so that the second key can form an unlock command; the unlock command is transmitted, and the available the portable communication device transmits the unlock instruction to the terminal device; and An unlocking action is performed. After the terminal device receives the unlocking instruction sent by the portable communication device, the terminal device performs the unlocking action. The method for performing encryption and unlocking management according to claim 1, wherein when the second key is formed, a time countdown for unlocking is further started. The method for performing encryption and unlocking management according to claim 1, wherein the second key has dynamic parameters. The method for performing encryption and unlocking management according to claim 1, wherein the terminal device and the cloud are kept offline. The method for performing encryption and unlocking management according to claim 3, wherein the dynamic parameter is dynamically changed by means of addition or subtraction. A system for performing encryption and unlocking management is composed of a portable communication device, a cloud and a terminal device. It is characterized in that the management steps of the encryption and unlocking management system include: receiving a first key; receiving, by the portable communication device, the first key corresponding to a terminal device transmitted by the cloud; transmitting the first key by the portable communication device transmitting the first key to the terminal device; executing A first judgment is to determine whether the first key is correct after decrypting the first key by the processing unit of the terminal device; forming a second key is to determine whether the first key is correct after the terminal device decrypts the first key After the first key is correct, the terminal device re-calculates the content decrypted in the first key, and then encrypts the re-calculated content to form the second key; To transmit the second key, the terminal device transmits the second key to the portable communication device; to perform a second judgment, the portable communication device determines whether the second key received from the terminal device is not. Correct; a covering procedure is performed, after the portable communication device determines that the second key is correct, the portable communication device covers the first key with the second key, so that the second key is formed an unlocking command; transmitting the unlocking command, the portable communication device transmits the unlocking command to the terminal device; and performing the unlocking action, after the terminal device receives the unlocking command sent by the portable communication device, The unlocking operation is performed by the terminal device. The system for performing encryption and unlocking management according to claim 6, wherein the second key has dynamic parameters. The system for performing encryption and unlocking management according to claim 6, wherein the terminal device and the cloud are kept offline. A system for performing encryption, decryption and unlocking management is composed of a mobile phone, a cloud and an electronic lock, characterized in that: the mobile phone receives a first key from the cloud, and uploads the first key to the electronic lock lock; after the electronic lock receives the first key lock, after recognizing that the first key is correct, the unlocking time is started; the electronic lock generates a second key with a plurality of dynamic parameters, and transmits the second key to the mobile phone; After receiving the second key, the mobile phone covers the first key with the second key to form an unlock instruction; The mobile phone sends the unlocking command to the electronic lock; and the electronic lock performs unlocking according to the unlocking command. The system for performing encryption, decryption and unlock management according to claim 9, wherein the electronic lock is kept offline from the cloud.

Images