WO2021174264A1 - Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method - Google Patents
Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method Download PDFInfo
- Publication number
- WO2021174264A1 WO2021174264A1 PCT/VN2021/000004 VN2021000004W WO2021174264A1 WO 2021174264 A1 WO2021174264 A1 WO 2021174264A1 VN 2021000004 W VN2021000004 W VN 2021000004W WO 2021174264 A1 WO2021174264 A1 WO 2021174264A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- lock
- key
- command
- pin
- encryption
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2125—Just-in-time application of countermeasures, e.g., on-the-fly decryption, just-in-time obfuscation or de-obfuscation
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/08—With time considerations, e.g. temporary activation, valid time window or time limitations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Definitions
- the present invention generally relates to a method of remotely activating a lock using a cyptographic with two-way verification mechanism between the key and the lock, and a system for implementing the method.
- the method and system are applied in technical fields: radio frequency remote locks for various types of doors such as: doors, rolling doors, skylights, gates, windows, sliding doors, etc.; radio frequency remote locks for transportation: cars, electric cars, motorcycles, electric motorcycles, electric bicycles, etc.; remote radio-triggered controllers for electrical equipments in a unfavorable location or in an unallowable environment for controlling directly, for example: a radioactive environment, a biologically contaminated environment; remote radio-triggered controller for: activation devices of which the safety is guaranteed and errors are avoided, for example: mining detonators, etc.; application of theft alarm equipment; application for identification card used to replace the fixed code types; used to replace rolling codes (Microchip KeeLoq).
- the orders can be: close, open, start, stop, cancel, timer, etc.
- the method for activating a lock using a cryptographic has been applied for a long time.
- One of the popular coding systems of this method is rolling code. Published in 1993, it is a highly secure coding system, in which each activation, the algorithm will generate a different and unique code.
- the rolling code has a security hole that allows bad guys to exploit it, which was announced and demoed by Samy Kamkar - a security expert at the DefCon23 conference in Paris in 2015.
- a "keying of the car” service is publicly posted on the Internet, but is not checked by the genuine or authorized by state agency. It is shown that the equipment used by the "key maker” uses a type of Keygen to crack the automaker's encryption system, of which the code information can be saved and used for other purposes after that.
- Fix Code - the code is fixed securely by hard circuit (switch circuit, welding etc.) using specialized ICs such as PT226x/PT227x, etc. or Learning Code - a code system that allows the lock learning the model of the key with a larger number of encryption bits, so the security is also higher.
- it can be easily copied, or it can be easily attacked to drain the full range of code, due to the fixed nature of the code.
- SmartKey Some new types of smart keys (SmartKey) encounter a situation: if the lock receives multiple and consecutive commands that activate the wrong password or spam packets, they can result in the halt of the lock, i.e. it is not operating normally, such as the vehicle engine cannot be started. This is known as distributed denial-of-service (DDoS) attack.
- DDoS distributed denial-of-service
- the previous key generations all share the same one-way communication mechanism. That is, only a key transmits a cryptography, and a lock receives the cryptography and checks, if the correct code is recorded, the cryptography can be generated from simple to complex various encrypting functions.
- the method works based on the assumption that only the key paired with the lock can transmit the correct code, without a re-verification mechanism, which is a big security weakness that makes it copyable.
- commonly used encrypting functions have some unique mathematical properties, such as pseudo-randomness, that are intended to resist statistical attacks, and require functions that are simple enough to integrate into hardware. However, the number of such functions is not much and that is why the used encrypting functions can be traced and reversed.
- An object of the present invention is directed to prevent behaviour of copying, cracking, and reverting encrypting functions - the basis for uncovering cryptographic, attacking and hacking, and also to prevent time-based cryptographic attacks.
- the invention provides a method for activating a remote lock system using cryptography including the following steps: Step 1: At the user's command, the key sends a packet containing two parameters: a control command code and a key identifier to the lock to activate the lock .
- the control command can be any instruction assigned to the conventional keyword with the corresponding value so that its set of values and its set of bit inverse values do not intersect, and the key identifier is defined by the manufacturer using the key.
- Step 2 Being received the activation packet of the key, if the key identifier in the activation packet sent to the lock does not match the lock identifier stored on the lock or the predeterminded time for receiveing the user’s command has not ended, the lock has no response.
- a software on chip embedded on the lock outputs any random number unduplicated with that of the previous activations at a preset time.
- the random number is sent over the wireless protocol to the key.
- This random number having a minimum length of 24 bits is generated randomly based on epoch-time parameters and a constant denotes the random number space size for a random generator.
- Step 3 Concurrently with the generation of random number in step 2, the chip integrated on the lock performs encrypting according to the hash function consisting of four parameters: the random number obtained from Step 2; the control command code; the key identifier; and an cryptographic parameter.
- the cryptographic parameter is calculated according to the hash function constituted by three components: the key identifier defined by the product manufacturer using the key, the parameter defined by the key manufacturer, and a PIN is a series of random numbers automatically generated by the system each time a user requests to set it up.
- Step 3 the lock generates a lock encryption result which is a lock encryption number.
- Step 4 If the key receives the random number that the lock generated in step 2 via a wireless protocol, the key will load it into a key processing chip integrated on the key and perform encrypting it according to the hash function formula as mentioned in Step 3, and generate a key encryption result which is a key encryption number. Then the key sends the key encryption result via the wireless protocol to the lock for the predetermined time period.
- Step 5 In case the lock receives the key encryption result sent by the key, and compares it with the lock encryption result calculated by the lock in step 3. If the two values match with each other, the processing chip on the lock asks the actuator to execute the control command issued by the key, and at the same time adjusts the command receipt time from the key for the next activation of the lock to a minimum predetermined time period.
- the processing chip on the lock will not execute the control command, simultaneously record it as a fault opening time, and increase the command receipt time from the key for each failure opening time until the predetermined maximum command receipt time of the lock has been reached to prevent exhaust attacks.
- the lock processing chip on the lock will not execute the control command, simultaneously record it as a fault opening time, and increase the command receipt time from the key for each failure opening time until the predetermined maximum command receipt time of the lock has been reached to prevent exhaust attacks.
- the system implementing the method of remotely activating a lock using cryptography according to the invention includes:
- the key includes buttons, each corresponds to a command such as open, close, up, down, etc., one button to set a PIN, a radio transmitter, a radio receiver and a chip containing an embedded software to perform encryption according to the preset formula; electric power.
- the key can also include a light display, a flashing light(s), MCU.
- the lock there are a radio transmitter; a radio receiver and a processing chip containing an embedded software to perform encryption and encryption according to pre-set formulas; the instruction execution mechanism from the processing chip; electric power.
- the lock may include an auxiliary port for connecting a manual open/close button that can be enabled via PIN; a small light display, flashing light(s) or LCD screen for displaying information; loudspeaker or siren; Wifi module connection port to connect with smartphone, auxiliary module.
- the formula preset in the encryption software embedded in the key coincides with the formula preset in the encryption software embedded in the lock.
- the key and the lock are synchronized with each other by the cryptographic parameter calculated by a hash function constituted by three components including: the key identifier defined by the product manufacturer using the key, the parameter defined by the key manufacturer, and a PIN which is a series of random numbers automatically generated by the system each time a user requests to set it up.
- a hash function constituted by three components including: the key identifier defined by the product manufacturer using the key, the parameter defined by the key manufacturer, and a PIN which is a series of random numbers automatically generated by the system each time a user requests to set it up.
- Figure 1 is a flowchart of a method for activating a remote lock system using cryptography according to an embodiment of the present invention.
- the cryptographic method of activating the remote lock in a two-way protocol between the key and the lock is implemented in the form of radio frequency signals (RF).
- RF radio frequency signals
- the method of activating the remote lock using cryptographic of the invention is implemented through two main components, including the key and the lock.
- buttons on the key each button corresponds to an command such as open, close, up, down, etc.; one button to set a PIN, a radio transmitter, a radio receiver and a key processing chip containing an embedded software to perform encryption according to the preset formula.
- the pre-installed formula in the embedded software to encrypt the key is identical to the pre-installed formula in the embedded software to encrypt in the lock;
- the key and the lock are paired and synchronized with each other by the cryptographic parameter (CypherKey) which is calculated by a hash function constituted by three components including : a key identifier defined by the product manufacturer using the key, a parameter defined by the key manufacturer, and a PIN which is a series of random numbers automatically generated by the system each time a user requests to set it up (PIN).
- the encrypting function used is the SHA function, also known as one-way encryption, so collecting the ciphertexts is not helpful in reversing the parameters used to generate the cyptographic.
- the cryptographic parameter CypherKey is built from the SHA1 hash function with the above three parameters, with the following formula:
- - Masterkey is a parameter defined by the key manufacturer
- - KeylD or SerialNumber is an key identifiers defined by the product manufacturer using the key, such as car manufacturers, rolling door manufacturers, etc. or any other third party manufacturera for management purposes, and is not limited to the length of the number string;
- the PIN personal id number
- PIN personal id number
- the user can optionally reset the PIN by pressing a corresponding button on the key. Meanwhile, the processor on the key will output a random number and send it to the lock for storage and common use. According to the embodiment of the invention, the user indicated an order to set up a PIN without being informed of the PIN.
- pin_lengh pin_lengh the length of the PIN, can be very long, In a preferred embodiment, the PIN is 112 bytes long, and the user does not need to remember the PIN, so there is no need to store the PIN;
- the user can archive and save the PIN for other control purposes:
- the 256-character PIN consists of numbers and letters distinguish upper and lower case; recording of this PIN for archives requires a separate security method for such storage for maximum security, and is not covered by the invention.
- CypherKey SHA1 (MasterKey, SerialNumber, PIN)
- the invention is not limited to the hash function formular. Any new functions can be used for a higher degree of security, such as the SHA3 function or the Keccak function with a larger number of bits.
- the invention is emboded by the following steps:
- Step 1 According to the user’s command, the key sends a packet to the lock to activate the lock, the command contains two parameters: a command code to be activated (close, open, stop, etc.), also known as the Keyword, and a key identifier, also known as a KeylD or SerialNumber.
- a command code to be activated close, open, stop, etc.
- a key identifier also known as a KeylD or SerialNumber.
- KeylD or SerialNumber is a key identifier, defined by the product manufacturer using the key.
- the activation packet is represented by the function as follows:
- the Keyword can be any command assigned to the conventional keyword and its corresponding value, as long as the Keyword is designed so that its set of values ⁇ Keyword ⁇ and the set of bit reversed values does not intersect each other to optimize information processing in Step 2.
- Table 2 A keyword example as shown in Table 2:
- Table 2 A keyword example
- the command code to be transferred may be: ‘ ⁇ 000000G’
- Step 2 When receiving the activation packet of the key, if the key identifier in the activation packet sent to the lock does not match the lock identifier on the lock or the predeterminded time for receiveing the user’s command has not ended, the lock has no response.
- a software on chip embedded on the lock If the key identifier in the packet sent to the lock matches the identifier pre-set on the lock, a software on chip embedded on the lock outputs any random number random_token unduplicated with that of the previous activations at a preset time. Random token is sent over the wireless protocol to the key within a predetermined commend receiving time Tprotect.
- the random number random_token having a minimum length of 24 bits is generated randomly based on epoch-time parameters and a constant denotes the random number space size for a random number generator.
- parameter epoch id is the reference sign of the epoch time
- Parameter epoch_size is a constant, denoting the random number space for the random function. Specifically, the remaining size of the number space for tokens after being divided into epochs.
- an example 0X07FCC157341A7556
- HEX 575547432677045590
- 256 number of button presses can be stored per day when epochs are divided by date without impairing the encryption security.
- the algorithm in the above formula does not limit the maximum number of random token bits, but the length of random token should be chosen dependent on the processing capacity of the system; usage frequency by epoch which specifies the required memory size to store tokens used in the epoch to prevent dictionary crawling attacks.
- Step 3 The random number in step 2 is sent via wifi protocol to the key.
- the random parameter is input into the chip integrated on the lock to be encrypted by the hash function, which is built from the asymmetric encryption base hash function.
- the functions can be any one of the followings including: MD5, SHA1, SHA2, SHA3 (also known as Keccak-512) and other Keccak codes.
- the hash function consists of four components: the random_token parameter resulted from Step 2; the control command code (Keyword); the key identifier (Key ID or SerialNumber); and the cryptographic parameter (CypherKey) discussed above.
- hash function is represented as the following formula: hash(random_token, Keyword, KeylD, CypherKey)
- CypherKey “c677474d4adf3bcc2d7f2d41566462ae3dd47d72”
- hash Jock SHA1(“07FCC157341A7556”, “E0”, “000001”,
- step 3 the lock obtains a encryption number as a lock encryption result.
- Step 4 If the key receives the random number that the lock generated in step 2 via a wireless protocol, the key will load it into a key processing chip integrated on the key and perform encrypting it according to the hash function formula as mentioned in Step 3, and generate a key encryption result which is a key encryption number. In case of a transmission error, for example, due to interference from outside, and the key may receive the wrong random number, the key also generates a encryption result that will not match with the lock encryption result of the lock in comparison at step 5 below). Then the key sends the key encryption result via the wireless protocol to the lock for the predetermined time period Tanswer.
- random_token 0X07FCC157341A7556
- CypherKey “c677474d4adObcc2d7f2d41566462ae3dd47d72”
- CypherKey “c677474d4adf3bcc2d7f2d41566462ae3dd47d72”
- the received random token is hue, open command “E0”, but the key has KeylD 000002
- CypherKey “c677474d4adf3bcc2d7f2d41566462ae3dd47d72” That is, the received random_token is true, the key has Key ID “000001”, but the command code is Close “DO”.
- CypherKey “c677474d4adf3bcc2d7f2d41566462ae3dd47d72”
- CypherKey “c677474d4adf3bcc2d7f2d41566462ae3dd47d73”, that is just a little bit different.
- CypherKey “c677474d4adf3bcc2d7f2d41566462ae3dd47d72” is a character string, represented by 40 characters, stored in a computer with a 160- bit number, i.e. 20 cells of 8-bit memory .
- Step 5 In case the lock receives the encryption result sent by the key, and compares it with the encryption result calculated by the lock in step 3. If the two values match with each other, the processing chip on the lock asks the actuator to execute the control command issued by the key.
- the processing chip adjusts the command receipt time Tprotect from the key for the next activation of the lock to the predetermined minimum command receipt time Tprotect min, i.e.
- Tprotect 500ms
- T P rotect_min 500ms
- the processing chip on the lock will not execute the control command and simultaneously record it as a fault opening time.
- the lock processing chip on the lock will not execute the control command, simultaneously record it as a fault opening time.
- the processing chip increases the command receipt time Tprotect from the key to prevent exhaust attacks.
- Tprotect 500ms
- T pr otect_max 10s
- the key includes buttons, each corresponds to an command such as open, close, up, down, etc., one button to set a PIN, a radio transmitter, a radio receiver and a chip containing an embedded software to perform encryption according to the preset formula; electric power.
- the key can also include a light display, a flashing light(s), MCU.
- the lock there are a radio transmitter; a radio receiver and a processing chip containing an embedded software to perform encryption and encryption according to the pre set formula; the instruction execution mechanism from the processing chip; electric power.
- the lock may include an auxiliary port for connecting a manual open/close button that can be enabled via PIN; a small light display, flashing light(s) or LCD screen for displaying information; loudspeaker or siren; wifi module connection port to connect with smartphone, auxiliary module.
- the formula preset in the encryption software embedded in the key coincides with the formula preset in the encryption software embedded in the lock.
- the key and the lock are paired and synchronized with each other by the cryptographic parameter calculated by a hash function constituted by three components including: the key identifier defined by the product manufacturer using the key, the parameter defined by the key manufacturer, and PIN which is a series of random numbers automatically generated by the system each time a user requests to set it up.
- a hash function constituted by three components including: the key identifier defined by the product manufacturer using the key, the parameter defined by the key manufacturer, and PIN which is a series of random numbers automatically generated by the system each time a user requests to set it up.
- the present invention helps to completely disable security hole of the Rolling Code security method. Therefore, wiretapping and then replaying the code has no effect. Because every time the key transmits an activation packet, the lock generates a random and nonrepeating token, forming a hash function puzzle that requires the key to be answered for authentication. If the lock is blocked and not receive the activation packet, or has received the activation packet and transmit a question but not receive an answer within a preset time, then immediately protocol between the key and the lock is canceled. That is, listening and storing information exchanged between the lock and the key does not help the listener to interfere or break in later.
- the method proposed by the invention makes fakes of the key impossible.
- Each key is synchronized with the lock by the cryptographic parameter so-called CypherKey in this description.
- the encrypting function used with the CypherKey parameter is the SHA function, invented in early 1993.
- the function is also known as one-dimensional encryption. That is, collecting the ciphertexts is not helpful in reversing the parameters used to generate the cyptographic. That is, it is possible to publicly send out the ciphertext without worrying that it will reveal the CypherKey cryptographic parameter.
- the three-component structure of the CypherKey guarantees the user ownership. Because the PIN is a very long number which was generated randomly and the user not know the PIN, so that it cannot be revealed; the key manufacturer and the product manufacturer using the key cannot forcedly interfere with the products distributed to the customer. Even if for some reason CypherKey parameters are used by the product manufacturer using this method are exposed, tampering is unlikely. Furthermore, as the PIN component is randomly generated by the system, the CypherKey cannot be duplicated between the two products.
- the BruteForce exhaustive attack method does not work because with the Tprotect parameter, restricting the time of consecutive access to the lock with the time Tprotect from Tprotect min to Tprotect_max acts as a firewall. This blocks testing codes continuously, and exhaustive attacks of code space become difficult because it takes too much time.
- the distributed denial-of-service (DDoS) attack method is not effective due to control of activation packet, bytes in a packet must be consecutive over time, allowing the lock to filter out unprocessed noise.
- the invention allows the key’s hardware to be designd that is able to operate in energy saving mode.
- An activation command is always initiated from the key, allowing the key to be in sleep state, a maximum energy-saving state, and only wakes up to be active when activated by the user.
- the proposed method of the present invention does not impair the encryption security over time.
- the token synchronization of the present invention uses a direct transmission method.
- a chronograph with quartz oscillation technology for the suitable civil equipment cost is used, this technology accumulates errors over time can reach Is after 1 year, i.e. quickly reaches the level of out of synchronization.
- the proposed method of the present invention can work on many different devices with different properties to command remote control for authentication. Thanks to the use of error correction codes and the retransmission protocol, the proposed method of the invention allows the system operating in environments with a lot of electromagnetic interference. This method has advantages over the "repeating multiple codes" method currently used on many types of keys in that in a normal environment, it only needs to transmit exactly once to the destination instead of multiple times cause the key to consume more energy, and in noisy environments, the communication is more effective or better than the repetitive transmission method.
- the two-way key-lock protocol of the present invention is public, and formula for building a hash function with publicly available parameters can copy the implementation in a legal or illegal way, but they cannot be used to compromise the lock system using the method of remotely activating a lock using a cyptographic. This is a huge difference from Microchip's KeeLoq algorithm.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
VN1-2020-01076 | 2020-02-27 | ||
VN202001076 | 2020-02-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021174264A1 true WO2021174264A1 (en) | 2021-09-02 |
Family
ID=77492137
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/VN2021/000004 WO2021174264A1 (en) | 2020-02-27 | 2021-02-24 | Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method |
Country Status (2)
Country | Link |
---|---|
TW (1) | TW202133010A (en) |
WO (1) | WO2021174264A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI795148B (en) * | 2021-12-28 | 2023-03-01 | 四零四科技股份有限公司 | Device, method and system of handling access control |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5363448A (en) * | 1993-06-30 | 1994-11-08 | United Technologies Automotive, Inc. | Pseudorandom number generation and cryptographic authentication |
KR20110111661A (en) * | 2010-04-05 | 2011-10-12 | 부산대학교 산학협력단 | Rfid tag for protecting duplication, system and method for protecting duplication using the same on epc network |
US20140223198A1 (en) * | 2011-12-20 | 2014-08-07 | Nitin V. Saranghar | Secure replay protected storage |
US20190075089A1 (en) * | 2017-09-05 | 2019-03-07 | Comodo Security Solutions, Inc. | Device and Methods For Safe Control of Vehicle Equipment Secured By Encrypted Channel |
US20200005570A1 (en) * | 2018-06-29 | 2020-01-02 | Micron Technology, Inc. | Secure wireless lock-actuation exchange |
-
2021
- 2021-02-24 WO PCT/VN2021/000004 patent/WO2021174264A1/en active Application Filing
- 2021-03-02 TW TW110107405A patent/TW202133010A/en unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5363448A (en) * | 1993-06-30 | 1994-11-08 | United Technologies Automotive, Inc. | Pseudorandom number generation and cryptographic authentication |
KR20110111661A (en) * | 2010-04-05 | 2011-10-12 | 부산대학교 산학협력단 | Rfid tag for protecting duplication, system and method for protecting duplication using the same on epc network |
US20140223198A1 (en) * | 2011-12-20 | 2014-08-07 | Nitin V. Saranghar | Secure replay protected storage |
US20190075089A1 (en) * | 2017-09-05 | 2019-03-07 | Comodo Security Solutions, Inc. | Device and Methods For Safe Control of Vehicle Equipment Secured By Encrypted Channel |
US20200005570A1 (en) * | 2018-06-29 | 2020-01-02 | Micron Technology, Inc. | Secure wireless lock-actuation exchange |
Also Published As
Publication number | Publication date |
---|---|
TW202133010A (en) | 2021-09-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11070364B2 (en) | Secure communication method and smart lock system based thereof | |
US10542002B2 (en) | Systems and methods for device authentication | |
US11947649B2 (en) | Locking device biometric access | |
CN100387798C (en) | Electric key and electric lock device and realization method thereof | |
US6108785A (en) | Method and apparatus for preventing unauthorized usage of a computer system | |
CN105257145B (en) | Remote safe deposit box | |
US20060101047A1 (en) | Method and system for fortifying software | |
US20180131526A1 (en) | Systems and methods for device authentication | |
WO2008014326A2 (en) | Systems and methods for root certificate update | |
US10263782B2 (en) | Soft-token authentication system | |
CN108460862A (en) | The method and electric lockset, lock system having with palmprint authentication and Mobile phone control lock | |
CN107958513A (en) | A kind of offline authorization method and system of electronic lock | |
WO2021174264A1 (en) | Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method | |
CN110113153B (en) | NFC secret key updating method, terminal and system | |
CN106447835A (en) | Door lock sound wave control system and method | |
CN112102524A (en) | Unlocking method and unlocking system | |
US20230275768A1 (en) | Synchronisation of a device for authentication | |
US20080046741A1 (en) | Protecting signatures using collision-resistant hash functions | |
JP2004206258A (en) | Multiple authentication system, computer program, and multiple authentication method | |
KR100880512B1 (en) | An entrance terminal with a built-in sam | |
KR100631629B1 (en) | How to handle illegal copy of mobile terminal | |
CN101461176A (en) | Communication node authentication system and method, and communication node authentication program | |
Husain et al. | Novel Technique for Secure Keyless Car Authentication using Block-Chain System | |
CN114724291B (en) | Remote offline real-time authorization method and device for access control system and storage medium | |
US11616655B2 (en) | Asymmetric cryptography assisted authentication and access protocols |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21760882 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021760882 Country of ref document: EP Effective date: 20220927 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 2005A DATED 09/12/2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21760882 Country of ref document: EP Kind code of ref document: A1 |