WO2021238380A1 - A multi-lock unlocking authorization control method, system and lock based on dynamic password - Google Patents

A multi-lock unlocking authorization control method, system and lock based on dynamic password Download PDF

Info

Publication number
WO2021238380A1
WO2021238380A1 PCT/CN2021/083506 CN2021083506W WO2021238380A1 WO 2021238380 A1 WO2021238380 A1 WO 2021238380A1 CN 2021083506 W CN2021083506 W CN 2021083506W WO 2021238380 A1 WO2021238380 A1 WO 2021238380A1
Authority
WO
WIPO (PCT)
Prior art keywords
lock
dynamic password
main control
unlocking
additional
Prior art date
Application number
PCT/CN2021/083506
Other languages
French (fr)
Inventor
Hao MIN
Yi Zhang
Original Assignee
Nanjing Easthouse Electric Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Easthouse Electric Co., Ltd. filed Critical Nanjing Easthouse Electric Co., Ltd.
Publication of WO2021238380A1 publication Critical patent/WO2021238380A1/en

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/38Individual registration on entry or exit not involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/21Individual registration on entry or exit involving the use of a pass having a variable access code
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/0042Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed
    • G07C2009/00476Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed dynamically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/08With time considerations, e.g. temporary activation, valid time window or time limitations

Definitions

  • the present invention relates to a dynamic password lock.
  • the dynamic password lock is a lock that is generally unlocked by a dynamic password issued by a background server.
  • the dynamic password issued by the background server is also called an OTC code, which is a password that can only be used once. That is, the dynamic password required for unlocking the next time is different from the dynamic password required for unlocking the last time.
  • the dynamic password locks are commonly used in banking self-service devices, such as automatic teller machines, deposit and withdrawal recycle machines, or smart teller machines.
  • the dynamic password is generally a one-time unlocking password calculated froma data source by means of a hash algorithm.
  • the data source for calculating the dynamic password usually includes but not limited to a lock random number, a last locking code, and a lock identification code. Due to a binding relationship between the dynamic password and the lock identification code, the dynamic password is bound to the lock, that is, one dynamic password can only authorize the unlocking of one lock.
  • the problem to be solved by the present invention is thatmultiple dynamic password locks of the same device are independent of each other, which results in inconsistent identity verification methods of unlocking personnel, different unlocking auxiliary devices required, and the need to build multiple sets of servers in the background, andthe complexity of the background unlocking authorization managementalso increases.
  • a multi-lock unlocking authorization control method based on dynamic password involves a server, a main control lock and an additional lock; the additional lock is connected to the main control lock; and the main control lock is connected to the server, and the method comprises the following steps:
  • the server calculates a first dynamic password according to its unlocking authorizationschedule and sends it to the main control lock, and the first dynamic password implicitly contains the unlocking authorization of one or more locks of the main control lock and the additional lock;
  • the main control lock verifies the first dynamic password after receiving the first dynamic password, and determines the locks that can be unlocked by a current authorizationby means of verifying the first dynamic password.
  • the main control lock verifiesthe first dynamic password by means of a collision traversal test, and thereby determines the locks that can be unlocked by the current authorization.
  • the multi-lock unlocking authorization control method based on dynamic password when calculating the first dynamic password, the calculation is performed based on amain and additional lockserial number.
  • the multi-lock unlocking authorization control method based on dynamic password after determining the locks that can be unlocked by the current authorization, the main control lock temporarily stores a lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked bythecurrent authorization; if the additional lock is a dynamic password lock, it sends an unlocking request to the main control lock when unlocking; and when receiving the unlocking request sent by the additional lock, the main control lock determines whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculates a second dynamic passwordand sendsit to the additional lock corresponding to the unlocking request if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked.
  • a multi-lock unlocking authorization control system based on dynamic password comprises a server, a main control lock and an additional lock; the additional lock is connected to the main control lock; and the main control lock is connected to the server, and the server comprises the following modules:
  • MS2 used to calculate a first dynamic password according to the received unlocking authorization schedule
  • the unlocking authorization schedule contains the unlocking authorization of one or more locks of the main control lock and the additional lock;
  • the first dynamic password implicitly contains the unlocking authorization of one or more locks of the main control lock and the additional lock;
  • main control lock comprises the following modules:
  • the multi-lock unlocking authorization control system based on dynamic password in the module MM2, the first dynamic passwordis verified by means of a collision traversal test to determine the locks that can be unlocked by thecurrent authorization.
  • the multi-lock unlocking authorization control system based on dynamic password according to the present invention, in the module MS2, when calculating the first dynamic password, the calculation is performed based on amain and additional lockserial number.
  • the main control lock further comprises the following modules:
  • MM3 used to temporarily store a lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked by thecurrent authorization;
  • MM4 used to receive an unlocking request sent by the additional lock
  • MM5 used to determine whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculate a second dynamic password if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked;
  • a multi-lock unlocking authorization control lock based on dynamic password is applied to a multi-lock unlocking authorization control system based on a dynamic password;
  • the system comprises a server, a main control lock and an additional lock;
  • the additional lock is connected to the main control lock;
  • the main control lock is connected to the server, and the lock is the main control lock in the system, comprising the following modules:
  • MM1 used to receive a first dynamic password, and the first dynamic password implicitly contains the unlocking authorization of one or more locks of the main control lock and the additional lock in an unlocking authorizationschedule;
  • MM2 used to verify the first dynamic passwordby means of a collision traversal test to determine the locks that can be unlocked by a current authorization
  • MM3 used to temporarily store a lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked bythecurrent authorization;
  • the lock further comprises the following modules:
  • MM4 used to receive an unlocking request sent by the additional lock
  • MM5 used to determine whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculate a second dynamic password if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked;
  • one dynamic password controls the unlocking authorization of multiple integrated locks, that is, one dynamic password can control whether any one or more of the locks can be unlocked. Therefore, by means of the present invention, the dynamic password locks on the same device are logically integrated. For example, a safe lock is the main control lock, the other upper box locks are additional locks, and the background server adopts a new dynamic password method to control the unlocking authorization of the main control lock and the additional lock. Therefore, when modifyingthe dynamic password lock of the device, background processes, a front-end unlocking personnel authentication method, and a manual auxiliary unlocking, etc., do not require major changes.
  • Figure 1 is a schematic diagram of an overall structure of the system of the present invention.
  • a multi-lock linkage unlocking and locking system of the present invention includes a main control lock 100, a number of additional locks 200 and a server 300.
  • a lock is a locking component that performs unlocking and locking actions.
  • the main control lock 100 is a component which comprises control function and input function.
  • the main control lock 100 can be referred to as a main lock, which is a control unit of a dynamic password lock or a non-dynamic lock.
  • the additional lock 200 may also be called a lock body, an attached lock, a secondary lock or a slave lock, and it is anactuatorof a dynamicpassword lock or a non-dynamic password lock.
  • the main control lock 100 and the additional lock 200 are usually dynamic password locks installed on different box doors or cabinet doors on the same device, and the device has one unique main control lock 100 corresponding to multiple additional locks 200. Therefore, the number of additional locks 200 corresponding to each main control lock 100 is usually determined by the number of boxes or cabinets of the device itself. That is, one main control lock 100 corresponds to several additional locks 200, and each additional lock 200 corresponding to the main control lock 100 is connected to the main control lock 100.
  • the connection mode between the additional lock 200 and the main control lock 100 may be wired or wireless.
  • the wired connection mode may be, for example, a serial port, preferably USB, and the wireless connection mode is such as Bluetooth.
  • the present invention preferentially adopts the USB connection mode.
  • the main control lock 100 is connected to a remote server 300 via a network.
  • the ways of connecting the main control lock 100 to the server 300 may be wired, wireless, or even by means of an intermediary medium.
  • the main control lock 100 is connected to the server 300 in a wireless manner, such as mobile network GPRS/3G/4G/5G, etc., or can be connected to a wireless routerviaWifi, and then connectedto the remote server 300 via the wireless router.
  • the wired way for the main control lock 100 tobe connected to the server 300 is usually Ethernet.
  • the way of the intermediary medium may be, for example, transferring via a mobile terminal or transferring via an industrial control host.
  • the main control lock 100 can be connected to the mobile terminal via Bluetooth, and then the mobile terminal can be connected to the remote server 300 via a mobile network.
  • the main control lock 100 can be connected to the industrial control host via USB, and then the industrial control host can be connected to the remote server 300 via Ethernet.
  • the specific connection modes between the additional lock 200 and the main control lock100, and between the main control lock 100 and the remote server 300 are not in the scope of the present invention, and will not be repeated in this specification.
  • the additional lock 200 needs to be connected to the remote server 300 via the main control lock 100.
  • the interaction between the additional lock 200 and the server 300 needs to be performed by the main control lock 100 and is controlled by the main control lock 100.
  • the interaction between the main control lock 100, the additional lock 200 and the server 300 involves alock configuration, an unlocking process and a locking process.
  • the lock configuration comprises a lock setting on the server 300 and an additional lock binding on the main control lock 100.
  • the lock setting on the server is similar to the setting of a traditional dynamic password lock on the server, which is initiated by the user's manual operation, and after the operation is completed, the server stores lock information.
  • the specific operation process can refer to the setting ofthe dynamic password lock on the server, which will not be repeated in this manual.
  • the additional lock 200 only stores a lock name and amain and additional lockserial numbermatching it on the server 300.
  • the lock mane usually corresponds to the cabinet of the device, so that users can understand it, such asan upper box lock, a lower box lock, an industrial computer lock, etc..
  • the lock is marked with numbers such as 0, 1, 2, 3, etc. of the main and additional lockserial number, which is used to identify the serial number of the additional lock, and the main and additional lockserial number of the main control lock is set to 0.
  • the additional lock binding is used to bind the additional lock 200 to the main control lock 100, so that the additional lock 200 and the main control lock 100 are logically integrated, and the main control lock 100 can act as part of the server function when the additional lock 200 is unlocked.
  • the main control lock 100 generates a dynamic passwordinstead of the server 300. That is to say, in the present invention, when the additional lock 200 is unlocked, the dynamic password that the additional lock 200 needs to perform unlocking verification is generated by the main control lock 100 instead of the server.
  • the additional lock binding process is usually initiated by astaff member manually, and after the additional lock 200 is bound to the main control lock 100, the main control lock 100 stores additional lock information corresponding to the additional lock 200.
  • the additional lock information usually contains the main and additional lockserial number and information used to generate a dynamic password.
  • the information used to generate the dynamic password includes but is not limited to the lock identification code and the locking code.
  • the locking code In an initial state after binding, the locking code is empty.
  • the additional lock 200 is locked for the first time and interacts with the main control lock 100 to generate the locking code and store it in the additional lock information of the main control lock 100, and then, each time the additional lock 200 is locked, the locking code is generated and stored by means ofa locking interaction between the additional lock 200 and the main control lock 100.
  • the specific interaction process between the additional lock 200 and the main control lock 100 can refer to the settings of the traditional dynamic password lock on the server, which will not be repeated in this specification.
  • main and additional lockserial numberof the additional lockin the main control lock 100 is the same as the corresponding main and additional lockserial number of the corresponding lock on the server 300, and there is an one-to-one correspondence between the additional locks in the main control lock 100 and the additional locks on the server 300.
  • the dynamic password lock needs to develop a corresponding unlocking authorization schedule before being unlocked.
  • a corresponding unlocking authorization schedule For example, when an automatic teller machine performs equipment maintenance and is unlocked, it is necessary to develop an equipment maintenance schedule, or when the automatic teller machine adds money and is unlocked, it is necessary to develop a banknote adding task schedule.
  • Both the equipment maintenance schedule and the banknote adding task schedule are stored on the server.
  • the equipment maintenance schedule or the banknote adding task schedule both comprise the unlocking authorization of the lock, and therefore, the equipment maintenance schedule and the banknote adding task schedule can be collectively referred to as the unlocking authorization schedule.
  • the unlocking of the dynamic password lock requires the authorization of a background staff member, so the server stores the corresponding unlocking authorization schedule, and the server needs to calculate the dynamic password according to the corresponding unlocking authorization schedule, otherwise the corresponding dynamic password cannot be generated. Failure to generate the dynamic password means that a front staff membercannot unlock the lock withoutthe unlocking authorization schedule of the background.
  • the unlocking of the main control lock and the additional lock in the present invention is the same as the traditional dynamic password lock in terms of being necessary to develop an unlocking authorization schedule before unlocking.
  • the background staff members when the background staff members define the unlocking authorization schedule in the system of the present invention, they can specify the locks to be unlocked, specify the upper box lock, the lower box lock, the industrial computer lock, etc., and when the background staff membersset the unlocking authorization schedule, the specified locks to be unlocked are one or more of the main control lock 100 and the additional lock 200.
  • the unlocking authorization schedule contains a list of locks to be unlocked.
  • the list of locks to be unlocked is defined by means of the main and additional lock serial number. That is, the unlocking authorization schedule includes the unlocking authorization of one or more locks in the main control lock and the additional lock.
  • the unlocking process involves the unlocking of the main control lock 100 and the unlocking of the additional lock 200.
  • both the unlocking of the main control lock 100 and the unlocking of the additional lock 200 require to request useridentity verification from the server 300, and need to send the corresponding unlocking request to the server 300.
  • Sending the unlocking request to the server 300 and requesting the user identity verification from the server 300 may be the same request, or may be two independent requests.
  • there are many ways for dynamic password locks to perform user identity verification such as identity verification by means of password, or identity verification by means of biometric fingerprint, or identity verification by means of mobile phone short message.
  • the server 300 after the server 300 receives the unlocking request and passes the user identity verification, it calculates the dynamic password according to the corresponding unlocking authorization schedule and sends it to the main control lock 100. That is, the method of the present invention is not limited to a specific user identity verification method, and the specific user identity verification process is not to a certain extent discussed in the present invention.
  • the above-mentioned dynamic password calculated according to the unlocking authorization schedule is called the first dynamic password in the present invention. Since the unlocking authorization schedule includes the unlocking authorization for one or more locks in the main control lock and additional locks, the calculated first dynamic password also implies the unlocking authorization for one or more locks in the main lock and additional locks.
  • the main control lock 100 After receiving the first dynamic password, the main control lock 100 verifies the first dynamic password, and determines the locks that can be unlocked by the current authorizationby means of verifying the first dynamic password. Specifically, the main control lock performs the verification of the first dynamic password by means ofa collision traversal test, and thereby determines the locks that can be unlocked by the current authorization.
  • the hash function also known as the hash function or the hash function, is well known to those skilled in the art, and there is no need to go into details in this specification.
  • the hash function algorithm used when calculating the first dynamic password and verifying the first dynamic password remains unchanged from the traditional algorithm, but the data source is different from the traditional algorithm.
  • One of the embodiments is to add a byte used to indicate the list of locks to be unlocked in the data source for calculating the first dynamic password, and the byte is referred to as the lock list byte for short.
  • Each bit of the lock list byte corresponds to the main and additional lock serial number, and if a certain lock is to be unlocked this time, the bit corresponding to the corresponding main and additional lock serial number is set to1, otherwise it is set to 0.
  • the lock list byte is also addedin the data source for the first dynamic password verification and calculation, and then various combinations of whether each bit of the lock list byte is set to 1 are traversed to calculate verification codes respectively, and if one of the verification codes is the same as the first dynamic password, its corresponding lock list byte implies the locks that can be unlocked by the current authorization. Traversing various combinations of whether each bit of the lock list byte is set to 1 is equivalent to traversing various combinations of whether each lock has the unlocking authorization.
  • the lock list byte 10110000 can correspond to each lock to be unlocked, and according to the corresponding bit of the lock list byte, the main and additional lock serial numbers of the locks to be unlocked are 0#lock, 2#lock and 3#lockrespectively. That is, the locks that can be unlockedby the current authorization are the main control lock, No. 2 additional lock and No. 3 additional lock.
  • the total number of collision calculations required is 2 n -1.
  • Another embodiment of the data source for calculating the first dynamic password and verifying the first dynamic password is to add a lock sequence listto the data source for calculating the first dynamic password.
  • the lock sequence list is a list of locks to be unlocked sorted according to the main and additional lock serial number, and is a list of the main and additional lock serial numbers after sorting.
  • a lock sequence list is also addedin the data source for the first dynamic password verification and calculation, and then the corresponding lock sequence list is generated in terms of permutation and combination of whether the lockshave the unlocking authorization, and the verification code corresponding to the lock sequence list corresponding to various combinations is calculated.
  • the locks corresponding to eachmain and additional lock serial number in the lock sequence list corresponding to the verification code are the locks to be unlocked by the current authorization.
  • this embodiment like the previous embodiment, also requires no more than 2 n -1 collision calculations.
  • the number of additional locks 200 corresponding to the main control lock 100 is not limited to 7, but can be 8 or 9.
  • the main control lock 100 needs to traverse various combinations of whether each lock has the unlocking authorization to perform the collision test to verify the first dynamic password, and at the same time, to determinethe locks that can be unlocked by thecurrent authorization. This method of traversing various combinations of whether each lock has the unlocking authorization to perform a collision test is referred to as the collision traversal test in the present invention.
  • the data source preferably adopts the first embodiment.
  • a lock list to be unlocked is temporarily stored.
  • the lock list to be unlocked is alist of the locks that can be unlocked bythecurrent authorization. Therefore, in a subsequent processing, the main control lock 100 determines whether the main control lock and the additional lockshave obtained the unlocking authorization according to the lock list to be unlocked. If an additional lock connected to the main control lock 100 is a dynamic password lock, an unlocking request is sent to the main control lock when the dynamic password lock is unlocked.
  • the current main control lock 100 determines whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, the second dynamic password is calculated and sent to the additional lock corresponding to the unlocking request. If the current main control lock 100 does not store the lock list to be unlocked, the main control lock 100 sends a newly generated unlocking request to the server 300 and requests user identity verification.
  • the more specific process of the above unlocking process is as follows:
  • the staffmember If the staffmemberfirst operates the main control lock 100, that is, when the staffmember first tries to unlock the main control lock 100, the staffmember initiates the unlocking request to the server 300 by means ofan operation panel of the main control lock 100.
  • the server 300 calculates the first dynamic password according to its unlocking authorization schedule after the useridentity verification is passed, and sends it to the main control lock 100.
  • the main control lock 100 receives the first dynamic password and determines the locks that can be unlocked by the current authorizationbymeans of the verification of the first dynamic password, and then temporarily stores the lock list to be unlocked. Then the main control lock 100 determines whether the temporarily storedlock list to be unlocked contains the main control lock 100.
  • the temporarily storedlock list to be unlocked contains the main control lock 100
  • an unlocking instruction is executed and the unlocking operation of the additional lock 100 in the storedlock list to be unlocked is processed; otherwise, the unlocking operation of the additional lock 100 in the lock list to be unlocked is directly processed.
  • the additional lock 200 interacts with the main control lock 100.
  • the main control lock 100 determines whether the corresponding additional lock 200 can obtain the unlocking authorizationaccording to the temporarily storedlock list to be unlocked.
  • the staffmember If the staffmemberfirst operates the additional lock 200, that is, when the staffmemberfirst attempts to unlock a certain additional lock 200, the staffmember initiates an unlocking request to the main control lock 100 by means of the operation panel of the additional lock 200.
  • the main control lock 100 does not store a temporarily storedlock list to be unlocked, and thus, the main control lock 100 regenerates the unlocking request and sends it to the server 300, and at this time, when the server 300 interacts with the additional lock 200 for user identity verification interaction, the main control lock 100 provides a relay of information interaction for it.
  • the server 300 calculates the first dynamic password according to its unlocking authorization schedule after the user's identity verification is passed, and sends it to the main control lock 100.
  • the main control lock 100 receives the first dynamic password and determines the locks that can be unlocked by the current authorizationby means of the verification of the first dynamic password, and then temporarily storesthelock list to be unlocked. Then, the main controllock 100 determines whether the temporarily storedlock list to be unlocked contains the additional lock operated by the current staff member. If the temporarily storedlock list to be unlocked contains the additional lock and the additional lock is a dynamic password lock, the second dynamic password is calculated and sent to the corresponding additional lock 200, and the corresponding additional lock 200 verifies the second dynamic password after receiving the second dynamic password, and executes the unlocking instruction after passing the verification.
  • main control lock 100 determines whether the corresponding additional lock 200 can obtain the unlocking authorization according to the temporarily storedlock list to be unlocked; and when the main control lock 100 is unlocked, it determines whether the main control lock 100 can obtain the unlocking authorization according to the temporarily storedlock list to be unlocked to determine whether to execute the unlocking instruction.
  • the additional lock 200 is not required to be a dynamic password lock. If the additional lock 200 is a non-dynamic password lock, it interacts with the main control lock 100 according to its corresponding unlocking logic, and the main control lock 100 determines whether the corresponding additional lock 200 can obtain the unlocking authorization according to the temporarily storedlock list to be unlocked.
  • some additional locks 200 do not comprise an operation panel and therefore cannot initiate an unlocking request, or cannot perform user identity verification interaction. At this time, the unlocking request and the user identity verification interaction can be initiated by means of the operation panel of the main control lock 100.
  • the operation panel here is not necessarily the operation panel on the lock body, but can also be an unlocking auxiliary device connected to the lock, such as a mobile terminal.
  • the data source for calculating dynamic passwords usually includes random numbers, lock identification codes and locking codes.
  • the random number is generated by the main control lock 100 when sending the unlocking request to the server 300
  • the lock identification code is the lock identification code of the main control lock 100
  • the locking code is the locking code stored in the main control lock 100 and the server 300.
  • the random number is generated by the additional lock 200 when it sends the unlocking request to the main control lock 100
  • the lock identification code is the lock identification code of the corresponding additional lock 200
  • the locking code is the locking code stored in the additional lock 200 and the main control lock 100.
  • the locking process involves the locking of the main control lock 100 and thelocking of the additional lock 200.
  • the additional lock 200 is a dynamic password lock
  • the additional lock 200 interacts with the main control lock 100 to generate a locking code and stores it in the additional lock 200 and the main control lock 100 when the additional lock 200 is locked.
  • the process of the additional lock 200 interacting with the main control lock 100 to generate the locking code when the additional lock 200 is locked can refer to the ordinary dynamic password locking process.
  • the locking of the main control lock 100 refers to the logical locking of the main control lock 100, that is, when all the locks in the lock list to be unlocked temporarily stored in the main control lock 100 have completed the locking after being unlocked, the main control lock 100 interacts with the server 300 to generate the locking code and stores it in the main control lock 100 and the server 300.
  • the logical locking of the main control lock 100 means that all the locks in the temporarily storedlock list to be unlockedhave completed the locking after being unlocked, and the main control lock 100 itself may not necessarily perform the unlocking operation and the locking operation.
  • the temporary storage of the temporarily stored lock list to be unlocked means that the lock list to be unlocked has a storage time limit, and the lock list to be unlocked is deleted or discarded if the time limit expires. After the lock list to be unlocked is deleted or discarded, when the locks in the lock list to be unlocked are unlocked again, the unlocking cannot be performed because there is no corresponding unlocking authorization basis. At this time, when the locks in the lock list to be unlocked are unlocked again, it is impossible to apply for a dynamic password from the server 300 for unlocking, because the dynamic password is one-time.
  • the storage time limit of the temporarily storedlock list to be unlocked is usually related to its corresponding business. Generally speaking, for safety reasons, the temporary storage time of the lock list to be unlocked should not exceed 5 minutes. Of course, in some occasions, the temporary storage time of the lock list to be unlocked may be 10 minutes or 15 minutes.
  • the temporary storage time of the lock list to be unlocked can be regarded as an authorized unlocking time. Therefore, in another embodiment, the unlocking authorization schedule may compriseauthorization unlocking time, and the user can specify the authorization unlocking time.
  • the server 300 sends the first dynamic password to the main control lock 100
  • the authorization unlocking time in the unlocking authorization schedule is sent to the main control lock 100 as accompanying information of the first dynamic password.
  • the authorization unlocking time is used as the temporary storage time of the lock list to be unlocked.
  • the main control lock 100 composes the unlocked locks into an unlocked locklist, the main control lock 100 tracks whether the currently unlocked lockshave completed the locking according to the unlocked locklist, andif all the locks in the unlocked lock listhave completed the locking, a locking interaction is initiated with the server 300.
  • a corresponding locking code is generated and stored in the main control lock 100 and the server 300 in synchronization, and the locking code will be used as one of the data sources for the next calculation of the first dynamic password.

Abstract

A multi-lock unlocking authorization control method, system and lock based on dynamic password are disclosed. The system involves a server (300), a main control lock (100) and an additional lock (200). The additional lock (200) is connected to the main control lock (100), and the main control lock (100) is connected to the server (300). The additional lock (200) is bound to the main control lock (100) so that the main control lock (100) and the additional lock (200) are integrated as a whole. When unlocking, the server (300) calculates the first dynamic password according to its unlocking authorization schedule, so that the first dynamic password implicitly contains the unlocking authorization of one or more of the main control lock (100) and the additional lock (200). The main control lock (100) verifies the first dynamic password by means of a method of collision traversal test and determines the locks that can be unlocked by the current authorization. When the additional lock (200) is unlocked, the main control lock (100) determines whether the additional lock (200) belongs to the locks that can be unlocked by the current authorization, and accordingly calculates a second dynamic password and sends it to the additional lock (200). As a result, the locks on the same device are logically integrated. When the device locks are modified, the background process and the front-end unlocking personnel authentication method do not need to be changed significantly.

Description

A multi-lock unlocking authorization control method, system and lock based on dynamic password Technical Field
The present invention relates to a dynamic password lock.
Background
The dynamic password lock is a lock that is generally unlocked by a dynamic password issued by a background server. The dynamic password issued by the background server is also called an OTC code, which is a password that can only be used once. That is, the dynamic password required for unlocking the next time is different from the dynamic password required for unlocking the last time. The dynamic password locks are commonly used in banking self-service devices, such as automatic teller machines, deposit and withdrawal recycle machines, or smart teller machines. The dynamic password is generally a one-time unlocking password calculated froma data source by means of a hash algorithm. The data source for calculating the dynamic password usually includes but not limited to a lock random number, a last locking code, and a lock identification code. Due to a binding relationship between the dynamic password and the lock identification code, the dynamic password is bound to the lock, that is, one dynamic password can only authorize the unlocking of one lock.
Currently, the demand for dynamic password locks for self-service devices in the banking industry is not limited to the dynamic password locks on safes, and doors  that control upper box industrial computers, and card boxes that store important credentials and the like all require the dynamic password locks for security management. In other words, there are multiple dynamic password locks on the same device. In the prior art, the multiple dynamic password locks on the same device have their own independent systems, and controls thereof are separated from each other. Since the dynamic password locks are independent of each other, especially if specifications of the dynamic password locks are different, there will be problems such as inconsistent authentication methods for unlocking personnel, different unlocking auxiliary devices required, and the need to build multiple sets of servers in the background, and the complexity of the background unlocking authorization managementalso increases.
Summary
The problem to be solved by the present invention is thatmultiple dynamic password locks of the same device are independent of each other, which results in inconsistent identity verification methods of unlocking personnel, different unlocking auxiliary devices required, and the need to build multiple sets of servers in the background, andthe complexity of the background unlocking authorization managementalso increases.
To solve the above-mentioned problem, the solutions adopted by the present invention are as follows:
A multi-lock unlocking authorization control method based on dynamic password according to the present invention, the method involves a server, a main control lock and an additional lock; the additional lock is connected to the main  control lock; and the main control lock is connected to the server, and the method comprises the following steps:
after the server receives an unlocking request and passes an user identity verification, the server calculates a first dynamic password according to its unlocking authorizationschedule and sends it to the main control lock, and the first dynamic password implicitly contains the unlocking authorization of one or more locks of the main control lock and the additional lock;
the main control lock verifies the first dynamic password after receiving the first dynamic password, and determines the locks that can be unlocked by a current authorizationby means of verifying the first dynamic password.
Further, the multi-lock unlocking authorization control method based on dynamic password according to the present invention, the main control lock verifiesthe first dynamic password by means ofa collision traversal test, and thereby determines the locks that can be unlocked by the current authorization.
Further, the multi-lock unlocking authorization control method based on dynamic password according to the present invention, when calculating the first dynamic password, the calculation is performed based on amain and additional lockserial number.
Further, the multi-lock unlocking authorization control method based on dynamic password according to the present invention, after determining the locks that can be unlocked by the current authorization, the main control lock temporarily storesa lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked bythecurrent authorization; if the additional lock is a dynamic  password lock, it sends an unlocking request to the main control lock when unlocking; and when receiving the unlocking request sent by the additional lock, the main control lock determines whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculates a second dynamic passwordand sendsit to the additional lock corresponding to the unlocking request if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked.
A multi-lock unlocking authorization control system based on dynamic password according to the present invention, the system comprises a server, a main control lock and an additional lock; the additional lock is connected to the main control lock; and the main control lock is connected to the server, and the server comprises the following modules:
MS1, used to receive an unlocking authorizationschedule;
MS2, used to calculate a first dynamic password according to the received unlocking authorization schedule;
and MS3, used tosend the first dynamic password to the main control lock;
the unlocking authorization schedule contains the unlocking authorization of one or more locks of the main control lock and the additional lock;
the first dynamic password implicitly contains the unlocking authorization of one or more locks of the main control lock and the additional lock;
and the main control lock comprises the following modules:
MM1, used to receive the first dynamic password;
and MM2, used to verify the first dynamic password, and determine the locks  that can be unlocked by a current authorizationby means of verifying the first dynamic password.
Further, the multi-lock unlocking authorization control system based on dynamic password according to the present invention, in the module MM2, the first dynamic passwordis verified by means ofa collision traversal test to determine the locks that can be unlocked by thecurrent authorization.
Further, the multi-lock unlocking authorization control system based on dynamic password according to the present invention, in the module MS2, when calculating the first dynamic password, the calculation is performed based on amain and additional lockserial number.
Further, the multi-lock unlocking authorization control system based on dynamic password according to the present invention, the main control lock further comprises the following modules:
MM3, used to temporarily storea lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked by thecurrent authorization;
MM4, used to receive an unlocking request sent by the additional lock;
MM5, used to determine whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculate a second dynamic password if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked;
and MM6, used to sendthe second dynamic passwordto the additional lock corresponding to the unlocking request.
A multi-lock unlocking authorization control lock based on dynamic password  according to the present invention, the lock is applied to a multi-lock unlocking authorization control system based on a dynamic password; the system comprises a server, a main control lock and an additional lock; the additional lock is connected to the main control lock; and the main control lock is connected to the server, and the lock is the main control lock in the system, comprising the following modules:
MM1, used to receive a first dynamic password, and the first dynamic password implicitly contains the unlocking authorization of one or more locks of the main control lock and the additional lock in an unlocking authorizationschedule;
MM2, used to verify the first dynamic passwordby means ofa collision traversal test to determine the locks that can be unlocked by a current authorization;
MM3, used to temporarily storea lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked bythecurrent authorization;
and a module for determining whether the main control lock and the additional lock obtains the unlocking authorization according to the lock list to be unlocked.
Further, the multi-lock unlocking authorization control lock based on dynamic password according to the present invention, the lock further comprises the following modules:
MM4, used to receive an unlocking request sent by the additional lock;
MM5, used to determine whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculate a second dynamic password if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked;
and MM6, used to sendthe second dynamic passwordto the additional lock  corresponding to the unlocking request.
The technical effects of the present invention are as follows: under the method of the present invention, one dynamic password controls the unlocking authorization of multiple integrated locks, that is, one dynamic password can control whether any one or more of the locks can be unlocked. Therefore, by means of the present invention, the dynamic password locks on the same device are logically integrated. For example, a safe lock is the main control lock, the other upper box locks are additional locks, and the background server adopts a new dynamic password method to control the unlocking authorization of the main control lock and the additional lock. Therefore, when modifyingthe dynamic password lock of the device, background processes, a front-end unlocking personnel authentication method, and a manual auxiliary unlocking, etc., do not require major changes.
Brief description of the drawings
Figure 1 is a schematic diagram of an overall structure of the system of the present invention.
Description
The present invention will be further described in details below in conjunction with the accompanying drawings.
As shown in Figure 1, a multi-lock linkage unlocking and locking system of the present invention includes a main control lock 100, a number of additional locks 200 and a server 300. In general, a lock is a locking component that performs unlocking and locking actions. In the present invention, the main control lock 100 is a  component which comprises control function and input function. The main control lock 100 can be referred to as a main lock, which is a control unit of a dynamic password lock or a non-dynamic lock. The additional lock 200 may also be called a lock body, an attached lock, a secondary lock or a slave lock, and it is anactuatorof a dynamicpassword lock or a non-dynamic password lock. The main control lock 100 and the additional lock 200 are usually dynamic password locks installed on different box doors or cabinet doors on the same device, and the device has one unique main control lock 100 corresponding to multiple additional locks 200. Therefore, the number of additional locks 200 corresponding to each main control lock 100 is usually determined by the number of boxes or cabinets of the device itself. That is, one main control lock 100 corresponds to several additional locks 200, and each additional lock 200 corresponding to the main control lock 100 is connected to the main control lock 100. The connection mode between the additional lock 200 and the main control lock 100 may be wired or wireless. The wired connection mode may be, for example, a serial port, preferably USB, and the wireless connection mode is such as Bluetooth. The present invention preferentially adopts the USB connection mode. The main control lock 100 is connected to a remote server 300 via a network. The ways of connecting the main control lock 100 to the server 300 may be wired, wireless, or even by means of an intermediary medium. The main control lock 100 is connected to the server 300 in a wireless manner, such as mobile network GPRS/3G/4G/5G, etc., or can be connected to a wireless routerviaWifi, and then connectedto the remote server 300 via the wireless router. The wired way for the main control lock 100 tobe connected to the server 300 is usually Ethernet. The way of the  intermediary medium may be, for example, transferring via a mobile terminal or transferring via an industrial control host. In the case of transferring via the mobile terminal, the main control lock 100 can be connected to the mobile terminal via Bluetooth, and then the mobile terminal can be connected to the remote server 300 via a mobile network. In the case of transferring viathe industrial control host, the main control lock 100 can be connected to the industrial control host via USB, and then the industrial control host can be connected to the remote server 300 via Ethernet. The specific connection modes between the additional lock 200 and the main control lock100, and between the main control lock 100 and the remote server 300 are not in the scope of the present invention, and will not be repeated in this specification. It should be pointed out that in the present invention, regardless of the connection modes between the additional lock 200 and the main control lock 100, and between the main control lock 100 and the remote server 300, the additional lock 200 needs to be connected to the remote server 300 via the main control lock 100. The interaction between the additional lock 200 and the server 300 needs to be performed by the main control lock 100 and is controlled by the main control lock 100. The interaction between the main control lock 100, the additional lock 200 and the server 300 involves alock configuration, an unlocking process and a locking process.
The lock configuration comprisesa lock setting on the server 300 and an additional lock binding on the main control lock 100. The lock setting on the server is similar to the setting of a traditional dynamic password lock on the server, which is initiated by the user's manual operation, and after the operation is completed, the server stores lock information. The specific operation process can refer to the setting  ofthe dynamic password lock on the server, which will not be repeated in this manual. Different from the setting of the traditional dynamic password lock on the server, in the present invention, the additional lock 200 only stores a lock name and amain and additional lockserial numbermatching it on the server 300. The lock mane usually corresponds to the cabinet of the device, so that users can understand it, such asan upper box lock, a lower box lock, an industrial computer lock, etc.. The lock is marked with numbers such as 0, 1, 2, 3, etc. of the main and additional lockserial number, which is used to identify the serial number of the additional lock, and the main and additional lockserial number of the main control lock is set to 0.
The additional lock binding is used to bind the additional lock 200 to the main control lock 100, so that the additional lock 200 and the main control lock 100 are logically integrated, and the main control lock 100 can act as part of the server function when the additional lock 200 is unlocked. For example, the main control lock 100 generates a dynamic passwordinstead of the server 300. That is to say, in the present invention, when the additional lock 200 is unlocked, the dynamic password that the additional lock 200 needs to perform unlocking verification is generated by the main control lock 100 instead of the server. The additional lock binding process is usually initiated by astaff member manually, and after the additional lock 200 is bound to the main control lock 100, the main control lock 100 stores additional lock information corresponding to the additional lock 200. The additional lock information usually contains the main and additional lockserial number and information used to generate a dynamic password. The information used to generate the dynamic password includes but is not limited to the lock identification code and the locking  code. In an initial state after binding, the locking code is empty. After binding, the additional lock 200 is locked for the first time and interacts with the main control lock 100 to generate the locking code and store it in the additional lock information of the main control lock 100, and then, each time the additional lock 200 is locked, the locking code is generated and stored by means ofa locking interaction between the additional lock 200 and the main control lock 100. During the additional lock binding process, the specific interaction process between the additional lock 200 and the main control lock 100 can refer to the settings of the traditional dynamic password lock on the server, which will not be repeated in this specification. It should be pointed out thatthe main and additional lockserial numberof the additional lockin the main control lock 100 is the same as the corresponding main and additional lockserial number of the corresponding lock on the server 300, and there is an one-to-one correspondence between the additional locks in the main control lock 100 and the additional locks on the server 300.
It is well known that the dynamic password lock needs to develop a corresponding unlocking authorization schedule before being unlocked. For example, when an automatic teller machine performs equipment maintenance and is unlocked, it is necessary to develop an equipment maintenance schedule, or when the automatic teller machine adds money and is unlocked, it is necessary to develop a banknote adding task schedule. Both the equipment maintenance schedule and the banknote adding task schedule are stored on the server. The equipment maintenance schedule or the banknote adding task schedule both comprise the unlocking authorization of the lock, and therefore, the equipment maintenance schedule and the banknote adding  task schedule can be collectively referred to as the unlocking authorization schedule. In simple terms, the unlocking of the dynamic password lock requires the authorization of a background staff member, so the server stores the corresponding unlocking authorization schedule, and the server needs to calculate the dynamic password according to the corresponding unlocking authorization schedule, otherwise the corresponding dynamic password cannot be generated. Failure to generate the dynamic password means that a front staff membercannot unlock the lock withoutthe unlocking authorization schedule of the background. The unlocking of the main control lock and the additional lock in the present invention is the same as the traditional dynamic password lock in terms of being necessary to develop an unlocking authorization schedule before unlocking. The difference is that when the background staff members define the unlocking authorization schedule in the system of the present invention, they can specify the locks to be unlocked, specify the upper box lock, the lower box lock, the industrial computer lock, etc., and when the background staff membersset the unlocking authorization schedule, the specified locks to be unlocked are one or more of the main control lock 100 and the additional lock 200. Thus, the unlocking authorization schedule contains a list of locks to be unlocked. The list of locks to be unlocked is defined by means of the main and additional lock serial number. That is, the unlocking authorization schedule includes the unlocking authorization of one or more locks in the main control lock and the additional lock.
The unlocking process involves the unlocking of the main control lock 100 and the unlocking of the additional lock 200. However, both the unlocking of the main  control lock 100 and the unlocking of the additional lock 200 require to request useridentity verification from the server 300, and need to send the corresponding unlocking request to the server 300. Sending the unlocking request to the server 300 and requesting the user identity verification from the server 300 may be the same request, or may be two independent requests. In the prior art, there are many ways for dynamic password locks to perform user identity verification, such as identity verification by means of password, or identity verification by means of biometric fingerprint, or identity verification by means of mobile phone short message. However, no matter what kind of user identity verification method is used, in the present invention, after the server 300 receives the unlocking request and passes the user identity verification, it calculates the dynamic password according to the corresponding unlocking authorization schedule and sends it to the main control lock 100. That is, the method of the present invention is not limited to a specific user identity verification method, and the specific user identity verification process is not to a certain extent discussed in the present invention. The above-mentioned dynamic password calculated according to the unlocking authorization schedule is called the first dynamic password in the present invention. Since the unlocking authorization schedule includes the unlocking authorization for one or more locks in the main control lock and additional locks, the calculated first dynamic password also implies the unlocking authorization for one or more locks in the main lock and additional locks.
After receiving the first dynamic password, the main control lock 100 verifies the first dynamic password, and determines the locks that can be unlocked by the  current authorizationby means of verifying the first dynamic password. Specifically, the main control lock performs the verification of the first dynamic password by means ofa collision traversal test, and thereby determines the locks that can be unlocked by the current authorization.
Those skilled in the art wouldunderstand that whether calculating the dynamic passwordor verifying the dynamic password, it is necessary to calculate data sourcesby means of a hash function. The hash function, also known as the hash function or the hash function, is well known to those skilled in the art, and there is no need to go into details in this specification. In this embodiment, the hash function algorithm used when calculating the first dynamic password and verifying the first dynamic password remains unchanged from the traditional algorithm, but the data source is different from the traditional algorithm. One of the embodiments is to add a byte used to indicate the list of locks to be unlocked in the data source for calculating the first dynamic password, and the byte is referred to as the lock list byte for short. Each bit of the lock list byte corresponds to the main and additional lock serial number, and if a certain lock is to be unlocked this time, the bit corresponding to the corresponding main and additional lock serial number is set to1, otherwise it is set to 0.Correspondingly, the lock list byte is also addedin the data source for the first dynamic password verification and calculation, and then various combinations of whether each bit of the lock list byte is set to 1 are traversed to calculate verification codes respectively, and if one of the verification codes is the same as the first dynamic password, its corresponding lock list byte implies the locks that can be unlocked by the current authorization. Traversing various combinations of whether  each bit of the lock list byte is set to 1 is equivalent to traversing various combinations of whether each lock has the unlocking authorization. For example, if the lock list byte in the data source fora certain first dynamic password verification and calculation is 10110000, and the verification code calculated by means of the hash function is the same as the first dynamic password, the lock list byte 10110000 can correspond to each lock to be unlocked, and according to the corresponding bit of the lock list byte, the main and additional lock serial numbers of the locks to be unlocked are 0#lock, 2#lock and 3#lockrespectively. That is, the locks that can be unlockedby the current authorization are the main control lock, No. 2 additional lock and No. 3 additional lock. Obviously, in the above embodiment, there are at most seven additional locks 200 corresponding to each main control lock 100. If the total number of locks of the main control locks plus the additional locks is n during the collision traversal test, the total number of collision calculations required is 2 n-1. For example, there are 2 additional locks, namely 1#lock and 2#lock, and the corresponding main and additional lock serial numbers are 1 and 2, respectively, and thereby there are 7 lock list bytes that need to be verified, and the corresponding number of collision calculations is 7 times, and the 7 lock list bytes are: 11100000, 11000000, 10100000, 01100000, 00100000, 01000000, 10000000.
Another embodiment of the data source for calculating the first dynamic password and verifying the first dynamic password is to add a lock sequence listto the data source for calculating the first dynamic password. The lock sequence list is a list of locks to be unlocked sorted according to the main and additional lock serial number, and is a list of the main and additional lock serial numbers after  sorting. Correspondingly, a lock sequence list is also addedin the data source for the first dynamic password verification and calculation, and then the corresponding lock sequence list is generated in terms of permutation and combination of whether the lockshave the unlocking authorization, and the verification code corresponding to the lock sequence list corresponding to various combinations is calculated. If one of the verification codes is the same as the first dynamic password, the locks corresponding to eachmain and additional lock serial number in the lock sequence list corresponding to the verification code are the locks to be unlocked by the current authorization. Obviously, this embodiment, like the previous embodiment, also requires no more than 2 n-1 collision calculations. The difference is that in this embodiment, the number of additional locks 200 corresponding to the main control lock 100 is not limited to 7, but can be 8 or 9. Regardless of the above-mentioned first embodiment or the second embodiment, the main control lock 100 needs to traverse various combinations of whether each lock has the unlocking authorization to perform the collision test to verify the first dynamic password, and at the same time, to determinethe locks that can be unlocked by thecurrent authorization. This method of traversing various combinations of whether each lock has the unlocking authorization to perform a collision test is referred to as the collision traversal test in the present invention.
It should be pointed out that in the above collision traversal test, the number of collision tests changes exponentially with the number of main control lock and additional locks. Therefore, the main control lock and additional locks cannot be toomany, otherwise the collision traversal test will take too long. Fortunately, in  banking applications, the number of locks required by the device generally does not exceed 8, and usually 3 to 4 locks. Therefore, the calculation time of the above collision traversal test method can be within an acceptable range of users. Therefore, when calculating the first dynamic password and verifying the first dynamic password in the present invention, the data source preferably adopts the first embodiment.
After the main control lock 100 passes the first dynamic password verification and determines the locks that can be unlocked by the current authorization, a lock list to be unlocked is temporarily stored. The lock list to be unlocked is alist of the locks that can be unlocked bythecurrent authorization. Therefore, in a subsequent processing, the main control lock 100 determines whether the main control lock and the additional lockshave obtained the unlocking authorization according to the lock list to be unlocked. If an additional lock connected to the main control lock 100 is a dynamic password lock, an unlocking request is sent to the main control lock when the dynamic password lock is unlocked. If the current main control lock 100 srores thelock list to be unlocked, it determines whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, the second dynamic password is calculated and sent to the additional lock corresponding to the unlocking request. If the current main control lock 100 does not store the lock list to be unlocked, the main control lock 100 sends a newly generated unlocking request to the server 300 and requests user identity verification. The more specific process of the above unlocking process is as follows:
If the staffmemberfirst operates the main control lock 100, that is, when the staffmember first tries to unlock the main control lock 100, the staffmember initiates the unlocking request to the server 300 by means ofan operation panel of the main control lock 100. The server 300 calculates the first dynamic password according to its unlocking authorization schedule after the useridentity verification is passed, and sends it to the main control lock 100. The main control lock 100 receives the first dynamic password and determines the locks that can be unlocked by the current authorizationbymeans of the verification of the first dynamic password, and then temporarily stores the lock list to be unlocked. Then the main control lock 100 determines whether the temporarily storedlock list to be unlocked contains the main control lock 100. If the temporarily storedlock list to be unlocked contains the main control lock 100, an unlocking instruction is executed and the unlocking operation of the additional lock 100 in the storedlock list to be unlocked is processed; otherwise, the unlocking operation of the additional lock 100 in the lock list to be unlocked is directly processed. After that, when the additional lock 200 is unlocked, it interacts with the main control lock 100. When the additional lock 200 is unlocked, the main control lock 100 determines whether the corresponding additional lock 200 can obtain the unlocking authorizationaccording to the temporarily storedlock list to be unlocked.
If the staffmemberfirst operates the additional lock 200, that is, when the staffmemberfirst attempts to unlock a certain additional lock 200, the staffmember initiates an unlocking request to the main control lock 100 by means of the operation panel of the additional lock 200. At this time, the main control lock 100 does not store  a temporarily storedlock list to be unlocked, and thus, the main control lock 100 regenerates the unlocking request and sends it to the server 300, and at this time, when the server 300 interacts with the additional lock 200 for user identity verification interaction, the main control lock 100 provides a relay of information interaction for it. The server 300 calculates the first dynamic password according to its unlocking authorization schedule after the user's identity verification is passed, and sends it to the main control lock 100. The main control lock 100 receives the first dynamic password and determines the locks that can be unlocked by the current authorizationby means of the verification of the first dynamic password, and then temporarily storesthelock list to be unlocked. Then, the main controllock 100 determines whether the temporarily storedlock list to be unlocked contains the additional lock operated by the current staff member. If the temporarily storedlock list to be unlocked contains the additional lock and the additional lock is a dynamic password lock, the second dynamic password is calculated and sent to the corresponding additional lock 200, and the corresponding additional lock 200 verifies the second dynamic password after receiving the second dynamic password, and executes the unlocking instruction after passing the verification. Later, when other additional locks 200 are unlocked, they interact with the main control lock 100, and the main control 100 determines whether the corresponding additional lock 200 can obtain the unlocking authorization according to the temporarily storedlock list to be unlocked; and when the main control lock 100 is unlocked, it determines whether the main control lock 100 can obtain the unlocking authorization according to the temporarily storedlock list to be unlocked to determine whether to execute the  unlocking instruction.
It should be pointed out that during the above unlockingprocess, the additional lock 200 is not required to be a dynamic password lock. If the additional lock 200 is a non-dynamic password lock, it interacts with the main control lock 100 according to its corresponding unlocking logic, and the main control lock 100 determines whether the corresponding additional lock 200 can obtain the unlocking authorization according to the temporarily storedlock list to be unlocked. In particular, some additional locks 200 do not comprise an operation panel and therefore cannot initiate an unlocking request, or cannot perform user identity verification interaction. At this time, the unlocking request and the user identity verification interaction can be initiated by means of the operation panel of the main control lock 100.
It should be pointed out that the operation panel here is not necessarily the operation panel on the lock body, but can also be an unlocking auxiliary device connected to the lock, such as a mobile terminal.
It should be pointed out that the data source for calculating dynamic passwords usually includes random numbers, lock identification codes and locking codes. In the present invention, in the data source for calculating the first dynamic password, the random number is generated by the main control lock 100 when sending the unlocking request to the server 300, the lock identification code is the lock identification code of the main control lock 100, and the locking code is the locking code stored in the main control lock 100 and the server 300. In the data source for calculating the second dynamic password, the random number is generated by the additional lock 200 when it sends the unlocking request to the main control lock 100,  the lock identification code is the lock identification code of the corresponding additional lock 200, and the locking code is the locking code stored in the additional lock 200 and the main control lock 100.
The locking process involves the locking of the main control lock 100 and thelocking of the additional lock 200. For the case where the additional lock 200 is a dynamic password lock, the additional lock 200 interacts with the main control lock 100 to generate a locking code and stores it in the additional lock 200 and the main control lock 100 when the additional lock 200 is locked. The process of the additional lock 200 interacting with the main control lock 100 to generate the locking code when the additional lock 200 is locked can refer to the ordinary dynamic password locking process.
The locking of the main control lock 100 refers to the logical locking of the main control lock 100, that is, when all the locks in the lock list to be unlocked temporarily stored in the main control lock 100 have completed the locking after being unlocked, the main control lock 100 interacts with the server 300 to generate the locking code and stores it in the main control lock 100 and the server 300. The logical locking of the main control lock 100 means that all the locks in the temporarily storedlock list to be unlockedhave completed the locking after being unlocked, and the main control lock 100 itself may not necessarily perform the unlocking operation and the locking operation.
It should be pointed out that the temporary storage of the temporarily stored lock list to be unlocked means that the lock list to be unlocked has a storage time limit, and the lock list to be unlocked is deleted or discarded if the time limit  expires. After the lock list to be unlocked is deleted or discarded, when the locks in the lock list to be unlocked are unlocked again, the unlocking cannot be performed because there is no corresponding unlocking authorization basis. At this time, when the locks in the lock list to be unlocked are unlocked again, it is impossible to apply for a dynamic password from the server 300 for unlocking, because the dynamic password is one-time. The storage time limit of the temporarily storedlock list to be unlocked is usually related to its corresponding business. Generally speaking, for safety reasons, the temporary storage time of the lock list to be unlocked should not exceed 5 minutes. Of course, in some occasions, the temporary storage time of the lock list to be unlocked may be 10 minutes or 15 minutes.
On the other hand, the temporary storage time of the lock list to be unlocked can be regarded as an authorized unlocking time. Therefore, in another embodiment, the unlocking authorization schedule may compriseauthorization unlocking time, and the user can specify the authorization unlocking time. When the server 300 sends the first dynamic password to the main control lock 100, the authorization unlocking time in the unlocking authorization schedule is sent to the main control lock 100 as accompanying information of the first dynamic password. After the main control lock 100 receives the authorization unlocking time, the authorization unlocking time is used as the temporary storage time of the lock list to be unlocked.
Due to the short storage time of the lock list to be unlocked, when the lock list to be unlocked is deleted or discarded, not all the locks in the lock list to be unlocked may be unlocked, and the locks unlocked according to the lock list to be unlocked usually have not completed the locking. For this reason, the following method is  adopted for the determination of “the locks in the temporarily stored lock list to be unlockedhave all completed the locking after being unlocked” in this embodiment: after the main control lock or additional locksare unlocked according to the lock list to be unlocked, the main control lock 100 composes the unlocked locks into an unlocked locklist, the main control lock 100 tracks whether the currently unlocked lockshave completed the locking according to the unlocked locklist, andif all the locks in the unlocked lock listhave completed the locking, a locking interaction is initiated with the server 300. Finally, by means of the interaction between the main control lock 100 and the server 300, a corresponding locking code is generated and stored in the main control lock 100 and the server 300 in synchronization, and the locking code will be used as one of the data sources for the next calculation of the first dynamic password.

Claims (10)

  1. A multi-lock unlocking authorization control method based on dynamic password, characterized in that: the method involves a server, a main control lock and an additional lock; the additional lock is connected to the main control lock; and the main control lock is connected to the server, and the method comprises the following steps:
    after the server receives an unlocking request and passes an user identity verification, the server calculates a first dynamic password according to its unlocking authorization schedule and sends it to the main control lock, and the first dynamic password implicitly contains anunlocking authorization of one or more locks of themain control lock and the additional lock;
    themain control lock verifies the first dynamic password after receiving the first dynamic password, and determines the locks that can be unlocked by acurrent authorizationby means of verifying the first dynamic password.
  2. The multi-lock unlocking authorization control method based on dynamic password of claim 1, characterized in that: the main control lock verifiesthe first dynamic password by means ofa collision traversal test, and thereby determines the locks that can be unlocked by the current authorization.
  3. The multi-lock unlocking authorization control method based on dynamic password of claim 1, characterized in that: when calculating the first dynamic password, the calculation is performed based on amain and additional lockserial number.
  4. The multi-lock unlocking authorization control method based on dynamic password of claim 1, characterized in that: after determining the locks that can be  unlocked by the current authorization, the main control lock temporarily storesa lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked by thecurrent authorization; if the additional lock is a dynamic password lock, it sends an unlocking request to the main control lock when unlocking; and when receiving the unlocking request sent by the additional lock, the main control lockdetermines whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculatesa second dynamic passwordand sendsit to the additional lock corresponding to the unlocking request if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked.
  5. A multi-lock unlocking authorization control system based on dynamic password, characterized in that: the system comprises a server, a main control lock and an additional lock; the additional lock is connected to the main control lock; and the main control lock is connected to the server, and the server comprises the following modules:
    MS1, used to receive an unlocking authorizationschedule;
    MS2, used to calculate a first dynamic password according to the received unlocking authorization schedule;
    and MS3, used tosend the first dynamic password to the main control lock;
    the unlocking authorization schedule contains the unlocking authorization of one or more locks of the main control lock and the additional lock;
    the first dynamic password implicitly contains the unlocking authorization of one or more locks of the main control lock and the additional lock;
    and the main control lock comprises the following modules:
    MM1, used to receive the first dynamic password;
    and MM2, used to verify the first dynamic password, and determine the locks that can be unlokced by a current authorizationby means of verifying the first dynamic password.
  6. The multi-lock unlocking authorization control system based on dynamic password of claim 5, characterized in that: in the module MM2, the first dynamic passwordis verified by means ofa collision traversal test to determine the locks that can be unlocked by thecurrent authorization.
  7. The multi-lock unlocking authorization control system based on dynamic password of claim 5, characterized in that: in the module MS2, when calculating the first dynamic password, the calculation is performed based on amain and additional lockserial number.
  8. The multi-lock unlocking authorization control system based on dynamic password of claim 5, characterized in that: the main control lock further comprises the following modules:
    MM3, used to temporarily storea lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked by thecurrent authorization;
    MM4, used to receive an unlocking request sent by the additional lock;
    MM5, used to determine whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculate a second dynamic password if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked;
    and MM6, used to sendthe second dynamic passwordto the additional lock  corresponding to the unlocking request.
  9. A multi-lock unlocking authorization control lock based on dynamic password, characterized in that: the lock is applied to a multi-lock unlocking authorization control system based on a dynamic password; the system comprises a server, a main control lock and an additional lock; the additional lock is connected to the main control lock; and the main control lock is connected to the server, and the lock is the main control lock in the system, comprising the following modules:
    MM1, used to receive a first dynamic password, and the first dynamic password implicitly contains the unlocking authorization of one or more locks of the main control lock and the additional lock in an unlocking authorizationschedule;
    MM2, used to verify the first dynamic passwordby means ofa collision traversal test to determine the locks that can be unlockedby a current authorization;
    MM3, used to temporarily storea lock list to be unlocked, and the lock list to be unlocked is a listof the locks that can be unlocked by thecurrent authorization;
    and a module for determining whether the main control lock and the additional lock obtains the unlocking authorization according to the lock list to be unlocked.
  10. The multi-lock unlocking authorization control lock based on dynamic password of claim 9, characterized in that: the lock further comprises the following modules:
    MM4, used to receive an unlocking request sent by the additional lock;
    MM5, used to determine whether there is an additional lock corresponding to the unlocking request in the lock list to be unlocked, and calculate a second dynamic password if there is an additional lock corresponding to the unlocking request in the lock list to be unlocked;
    and MM6, used to sendthe second dynamic passwordto the additional lock corresponding to the unlocking request.
PCT/CN2021/083506 2020-05-27 2021-03-29 A multi-lock unlocking authorization control method, system and lock based on dynamic password WO2021238380A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010457884.9A CN111563983B (en) 2020-05-27 2020-05-27 Multi-lock unlocking authorization control method and system based on dynamic password and lockset
CN202010457884.9 2020-05-27

Publications (1)

Publication Number Publication Date
WO2021238380A1 true WO2021238380A1 (en) 2021-12-02

Family

ID=72073619

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/083506 WO2021238380A1 (en) 2020-05-27 2021-03-29 A multi-lock unlocking authorization control method, system and lock based on dynamic password

Country Status (2)

Country Link
CN (1) CN111563983B (en)
WO (1) WO2021238380A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065554A (en) * 2022-07-27 2022-09-16 中关村芯海择优科技有限公司 Security chip, identity authentication method and device thereof, and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111563983B (en) * 2020-05-27 2020-10-13 南京东屋电气有限公司 Multi-lock unlocking authorization control method and system based on dynamic password and lockset

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN203835143U (en) * 2013-12-30 2014-09-17 北京瑞福临科技有限公司 Vertical type fingerprint confidential cabinet
EP3147872A1 (en) * 2015-09-28 2017-03-29 Panasonic Intellectual Property Management Co., Ltd. Intercom system, intercom master device, and communication method
US20180068508A1 (en) * 2013-09-10 2018-03-08 Gregory Paul Kirkjan Contactless electronic access control system
CN207513361U (en) * 2017-11-10 2018-06-19 江苏国密生物电子科技有限公司 A kind of safe cabinet fingerprint lock control system for unlocking
CN210348612U (en) * 2019-08-16 2020-04-17 深圳市租电智能科技有限公司 Retail cabinet with combined structure
CN111563983A (en) * 2020-05-27 2020-08-21 南京东屋电气有限公司 Multi-lock unlocking authorization control method and system based on dynamic password and lockset

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030152231A1 (en) * 2002-02-07 2003-08-14 Minolta Co., Ltd. Verification system, server, and electronic instrument
CN103726742B (en) * 2013-12-30 2015-11-18 北京瑞福临科技有限公司 A kind of vertical type fingerprint confidential cabinet and control system thereof
CN103745536B (en) * 2014-01-24 2016-03-16 温州超动科技有限公司 A kind of thing cabinet management system based on dynamic password
CN206071277U (en) * 2016-09-27 2017-04-05 厦门捷晟数字科技有限公司 A kind of smart lock for being capable of achieving many lock controls
CN108510626B (en) * 2018-02-23 2021-08-31 深圳同心科技有限公司 Dynamic password access control management method and management system thereof
CN109035499A (en) * 2018-06-30 2018-12-18 恒宝股份有限公司 A kind of electronic password lock authentication method based on dynamic password
CN110838197A (en) * 2019-11-18 2020-02-25 四川研宝科技有限公司 Password verification method and device for unmanned hotel system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180068508A1 (en) * 2013-09-10 2018-03-08 Gregory Paul Kirkjan Contactless electronic access control system
CN203835143U (en) * 2013-12-30 2014-09-17 北京瑞福临科技有限公司 Vertical type fingerprint confidential cabinet
EP3147872A1 (en) * 2015-09-28 2017-03-29 Panasonic Intellectual Property Management Co., Ltd. Intercom system, intercom master device, and communication method
CN207513361U (en) * 2017-11-10 2018-06-19 江苏国密生物电子科技有限公司 A kind of safe cabinet fingerprint lock control system for unlocking
CN210348612U (en) * 2019-08-16 2020-04-17 深圳市租电智能科技有限公司 Retail cabinet with combined structure
CN111563983A (en) * 2020-05-27 2020-08-21 南京东屋电气有限公司 Multi-lock unlocking authorization control method and system based on dynamic password and lockset

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065554A (en) * 2022-07-27 2022-09-16 中关村芯海择优科技有限公司 Security chip, identity authentication method and device thereof, and storage medium
CN115065554B (en) * 2022-07-27 2022-11-22 中关村芯海择优科技有限公司 Security chip, identity authentication method and device thereof, and storage medium

Also Published As

Publication number Publication date
CN111563983B (en) 2020-10-13
CN111563983A (en) 2020-08-21

Similar Documents

Publication Publication Date Title
WO2021238380A1 (en) A multi-lock unlocking authorization control method, system and lock based on dynamic password
EP3567556A1 (en) Method for generating offline verification code based on smart door lock system, and system thereof
US10158626B1 (en) Token-based access control
WO2017016064A1 (en) Operation system switching method, operation system switching apparatus and terminal
US10930101B2 (en) Self-service terminal (SST) safe and methods of operating a lock for the SST safe
CN110601820B (en) Method and apparatus for safe operation of a field device
CN109840975A (en) Remote authorization unlocking system and method without networking
CN110895839A (en) Intelligent door lock unlocking method and device in network-free state
CN101298817B (en) Lock body control device and method thereof
CN111159656A (en) Method, device, equipment and storage medium for preventing software from being used without authorization
CN110401613A (en) A kind of authentication management method and relevant device
CN111340987A (en) Internet of things door lock communication method, device and system and computer storage medium
CN111813078B (en) Safety diagnosis method, device, equipment and medium for vehicle
CN114758433A (en) Cloud-based dynamic password generation method and system and intelligent lock
CN107769926A (en) A kind of method of controlling security and system based on CPK Intellectualized Switchgears
CN107808433A (en) Control method, system and the lockset of lockset
CN112347440A (en) User access authority separate-setting system of industrial control equipment and use method thereof
CN113487766B (en) Unlocking method and system
CN101465011B (en) Lock control system
WO2018218297A1 (en) Physical access control systems and methods
CN107370761A (en) A kind of safe and secret management method of LCA systems
US10395226B2 (en) Maintaining secure access to a self-service terminal (SST)
CN113411311A (en) ECU (electronic control Unit) diagnosis authorization verification method, storage medium and system
KR101226645B1 (en) Method for Managing Digital Locking Apparatus By Using Bionic Information, System And Managing Apparatus
CN114033261B (en) Anti-theft method, device and equipment for rectifier and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21814388

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21814388

Country of ref document: EP

Kind code of ref document: A1