TWI573921B - Method And System Of Unlocking Digital Lock - Google Patents
Method And System Of Unlocking Digital Lock Download PDFInfo
- Publication number
- TWI573921B TWI573921B TW104121806A TW104121806A TWI573921B TW I573921 B TWI573921 B TW I573921B TW 104121806 A TW104121806 A TW 104121806A TW 104121806 A TW104121806 A TW 104121806A TW I573921 B TWI573921 B TW I573921B
- Authority
- TW
- Taiwan
- Prior art keywords
- unlocking
- data
- lock
- electronic lock
- key
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 70
- 238000004891 communication Methods 0.000 claims description 87
- 230000001186 cumulative effect Effects 0.000 claims description 37
- 238000012795 verification Methods 0.000 claims description 33
- 238000012545 processing Methods 0.000 claims description 28
- 238000012550 audit Methods 0.000 claims description 8
- 238000013475 authorization Methods 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 4
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 claims description 4
- 239000010931 gold Substances 0.000 claims description 4
- 229910052737 gold Inorganic materials 0.000 claims description 4
- 230000002457 bidirectional effect Effects 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 claims description 2
- 230000006870 function Effects 0.000 claims 4
- 238000004806 packaging method and process Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 230000000739 chaotic effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000005070 sampling Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Landscapes
- Lock And Its Accessories (AREA)
Description
本發明係關於一種電子鎖的解鎖技術,尤指一種電子鎖的解鎖方法及其系統。The invention relates to an unlocking technology of an electronic lock, in particular to an unlocking method of an electronic lock and a system thereof.
目前電子鎖已逐漸普及至門禁鎖、汽車鎖…等,電子鎖也因應使用的解鎖技術不同而發展出密碼鎖、感應鎖、生物特徵取樣鎖,或綜合前揭不同解鎖技術的電子鎖;其中密碼鎖和生物特徵取樣鎖不必攜帶任何形式的鑰匙即可解鎖,使用上相對使用感應卡方便,但仍有遺忘密碼或生物特徵取樣穩度度不佳、製作成本高等缺點;而使用感應卡雖不必記憶密碼,不但易遺失,且有感應傳輸安全性低密碼容易遭盜取的問題。At present, electronic locks have gradually spread to access control locks, car locks, etc. Electronic locks have also developed password locks, sensor locks, biometric sampling locks, or electronic locks that incorporate different unlocking technologies, depending on the unlocking technology used; The combination lock and biometric sampling lock can be unlocked without carrying any kind of key. It is convenient to use the proximity card, but there are still some shortcomings such as forgetting password or biometric sampling stability, high production cost, etc. It is not necessary to memorize the password, it is not only easy to lose, but also has the problem that the transmission transmission security is low and the password is easy to be stolen.
因此,如本國公告第M471649號「整合手機與渾沌動態密碼之居家安全系統」新型專利即提出一種使用目前普及的手機作為門禁電子鎖的解鎖裝置,如圖9所示,該新型專利解鎖方式係使用手機60解除設置於門50上的該電子鎖51之上鎖狀態時,先執行一預設動作以產生一解鎖訊號,再由一渾沌雜湊演算法配合一預設的第一金鑰參數及時間參數進行運算,從而得到一次性第一密碼訊號,由於驅動訊號係相關於時間參數,故當時間改變時,該手機60會產生不同的驗證訊號以降低驗證訊號被盜取之危險性。當手機60產生該解鎖訊號及驗證訊號後,會再同時或分別將該解鎖訊號及驅證訊號輸出至該電子鎖51。Therefore, the new patent of National Homepage No. M471649 "Home Security System for Integrating Mobile Phones and Chaotic Dynamic Passwords" proposes an unlocking device using the currently popular mobile phone as an access electronic lock. As shown in Figure 9, the new patent unlocking method is When the mobile phone 60 is used to release the lock state of the electronic lock 51 disposed on the door 50, a preset action is performed to generate an unlock signal, and a cryptic hash algorithm is combined with a preset first key parameter and The time parameter is calculated to obtain a one-time first cipher signal. Since the driving signal is related to the time parameter, when the time changes, the mobile phone 60 generates different verification signals to reduce the risk of the authentication signal being stolen. When the unlocking signal and the verification signal are generated by the mobile phone 60, the unlocking signal and the driving signal are output to the electronic lock 51 at the same time or separately.
當電子鎖51於接收到解鎖訊號及驗證訊號後,會產生一參考訊號,該參考訊號是由一預設的第二金鑰參數、渾沌雜湊演算法及同步後獲得的時間參數所運算而得。因為第一金鑰參數係對應第二金鑰參數,所以電子鎖51會先比對參考訊號及驗證訊號已對應或一致後,再判斷電子鎖51儲存的「預設資料」與「解鎖訊號」是否對應或一致,再決定是否解鎖。After receiving the unlock signal and the verification signal, the electronic lock 51 generates a reference signal, which is calculated by a preset second key parameter, a chaotic hash algorithm, and a time parameter obtained after synchronization. . Because the first key parameter corresponds to the second key parameter, the electronic lock 51 first compares the reference signal and the verification signal to the corresponding or the same, and then determines the "preset data" and the "unlocked signal" stored by the electronic lock 51. Whether it is corresponding or consistent, then decide whether to unlock.
藉此,即可實現以手機作為方便解鎖裝置,惟該新型專利所提出的解鎖安全性仍有以下疑慮: 1. 由於第一及第二金鑰參數是分別預設於手機60與電子鎖51中,且該渾沌雜湊演算法是固定的,僅有時間參數是變動參數,且為能順利解鎖,該電子鎖51必須與該手機60進行時間的同步,惟時間參數雖可配合該渾沌雜湊演算法產生一次性第一密碼訊號(驗證訊號),但時間同步技術難度不高,如遭破解即可產生有效的一次性第一密碼訊號,故該電子鎖仍有安全漏洞。 2. 該新型專利除了以手機60產生驗證訊號,尚有另一道解鎖訊號,惟該解鎖訊號是與該電子鎖51預設資料一致,非一次性第一訊號,雖然該新型專利提供二道訊號驗證,其解鎖的安全性並非單純增加多道驗證即可有效提高,安全性仍有疑慮。Thereby, the mobile phone can be realized as a convenient unlocking device, but the unlocking security proposed by the new patent still has the following doubts: 1. Since the first and second key parameters are preset to the mobile phone 60 and the electronic lock 51, respectively. In the middle, and the chaotic hash algorithm is fixed, only the time parameter is a variable parameter, and in order to be successfully unlocked, the electronic lock 51 must be synchronized with the mobile phone 60, but the time parameter can be matched with the chaotic hash calculation. The method generates a one-time first cipher signal (verification signal), but the time synchronization technology is not difficult, and if it is cracked, an effective one-time first cipher signal is generated, so the electronic lock still has a security hole. 2. In addition to the verification signal generated by the mobile phone 60, the new patent has another unlocking signal, but the unlocking signal is consistent with the preset data of the electronic lock 51, and is not a one-time first signal, although the new patent provides two signals. Verification, the security of unlocking can not be effectively increased by simply adding multiple verifications, and there are still concerns about security.
綜前所述,使用手機作為電子鎖的解鎖裝置的方便性佳,惟解鎖安全性仍有待進一步提高,才能真正保障使用者的生命及財產安全。As mentioned above, the convenience of using the mobile phone as the unlocking device of the electronic lock is good, but the security of the unlocking still needs to be further improved, so as to truly protect the life and property of the user.
有鑑於上述既有電子鎖的缺陷,本發明主要目的係提供一種兼具使用方便性及高安全性的電子鎖的解鎖方法。In view of the above drawbacks of existing electronic locks, the main object of the present invention is to provide an unlocking method for an electronic lock that has both ease of use and high security.
欲達上述目的所使用的主要技術手段係令該電子鎖的解鎖方法包含有: 於一解鎖裝置內建一解鎖應用元件,該解鎖應用元件係通過使用者身份認證後執行一解鎖程序;於執行該解鎖程序前該解鎖裝置儲存一非對稱金鑰對的一私鑰,而該電子鎖儲存該非對稱金鑰對的一公鑰;並於執行該解鎖程序時,該解鎖裝置與該電子鎖先建立雙向通訊,並由該電子鎖提供一次性資料後,由該解鎖裝置以該私鑰將該一次性資料為輸入資料予以非對稱加密後,產生一數位簽章並回傳至該電子鎖,由該電子鎖以該公鑰予以解密並驗證該數位簽章的正確性,若正確則解除其鎖定狀態。The main technical means for achieving the above purpose is to enable the unlocking method of the electronic lock to include: unlocking an application component in an unlocking device, the unlocking application component performing an unlocking process after being authenticated by the user; Before the unlocking process, the unlocking device stores a private key of an asymmetric key pair, and the electronic lock stores a public key of the asymmetric key pair; and when the unlocking process is executed, the unlocking device and the electronic lock first After the two-way communication is established, and the one-time data is provided by the electronic lock, the unlocking device asymmetrically encrypts the one-time data as the input data with the private key, and generates a digital signature and returns the electronic signature to the electronic lock. The electronic key is decrypted by the electronic key and the correctness of the digital signature is verified, and if it is correct, the locked state is released.
欲達上述目的所使用的主要技術手段係令該電子鎖的解鎖系統包含有: 一電子鎖,係包含有一處理單元、一第一記憶單元及一第一近端無線通訊模組;其中該處理單元係連接至該第一記憶單元及該第一近端無線通訊模組,並進一步連接有一非對稱解密單元; 一解鎖裝置,係包含有一第一控制單元、一輸入裝置、一顯示模組、一第二記憶單元及一第二近端無線通訊模組;其中該第一控制單元係連接至該第二記憶單元及該第二近端無線通訊模組,並進一步連接有一非對稱金鑰產生器及一非對稱加密單元;該第一控制單元係內建一解鎖應用元件,該解鎖應用元件係通過使用者身份認證後執行一解鎖程序,並於選擇執行該解鎖程序時,控制該第二近端通訊模組與該電子鎖的第一近端通訊模組建立一雙向通道,並由該電子鎖的處理單元產生並提供一次性資料後,由該第一控制單元以一個由該非對稱金鑰產生器產生的一非對稱金鑰對的一私鑰將該一次性資料輸入至該非對稱加密單元進行非對稱加密後,產生一數位簽章並回傳至該電子鎖,由該電子鎖的處理單元自該第一記憶單元中讀出一公鑰,並控制該非對稱解密單元對該數位簽章予以解密及驗證該數位簽章的正確性,若正確則解除其鎖定狀態。The main technical means for achieving the above purpose is that the unlocking system of the electronic lock comprises: an electronic lock comprising a processing unit, a first memory unit and a first near-end wireless communication module; wherein the processing The unit is connected to the first memory unit and the first near-end wireless communication module, and further connected to an asymmetric decryption unit; an unlocking device includes a first control unit, an input device, a display module, a second memory unit and a second near-end wireless communication module; wherein the first control unit is connected to the second memory unit and the second near-end wireless communication module, and further connected to an asymmetric key generation And an asymmetric encryption unit; the first control unit has an unlocking application component built in, the unlocking application component performs an unlocking process after the user identity authentication, and controls the second when the unlocking program is selected to be executed. The near-end communication module establishes a bidirectional channel with the first near-end communication module of the electronic lock, and is generated by the processing unit of the electronic lock and provides a one-time payment Then, the first control unit inputs the one-time data to the asymmetric encryption unit for asymmetric encryption by a private key of an asymmetric key pair generated by the asymmetric key generator, and generates a digital sign. And returning to the electronic lock, the processing unit of the electronic lock reads a public key from the first memory unit, and controls the asymmetric decryption unit to decrypt the digital signature and verify the correctness of the digital signature Sex, if it is correct, unlock it.
上述本發明的解鎖方法及系統提供使用者欲對該電子鎖解鎖時,先將該解鎖裝置通過開啟該解鎖應用元件的身份認證程序,即可選擇解鎖程序,解鎖裝置再將電子鎖產生的一次性資料作為輸入資料,並予以非對稱加密產生數位簽章後,傳輸給電子鎖以完成解鎖認證;如此一來,即可利用一次性資料可確保數位簽章的不可複製性,數位簽章則確保訊息的完整性(Integrity)、隱密性、不可否認性(Non-repudiation)與使用者鑑別等特性;因此,本發明的解鎖方法及系統使用方便且安全性更佳。The unlocking method and system of the present invention provides that when the user wants to unlock the electronic lock, the unlocking device can first select an unlocking program by opening the identity authentication program of the unlocking application component, and the unlocking device generates the electronic lock again. Sexual data is used as input data, and is asymmetrically encrypted to generate a digital signature, which is transmitted to the electronic lock to complete the unlocking authentication; thus, one-time data can be used to ensure the non-reproducibility of the digital signature, and the digital signature is The characteristics of the integrity of the message (Integrity), privacy, non-repudiation and user authentication are ensured; therefore, the unlocking method and system of the present invention are convenient to use and safer.
首先請參閱圖1A及圖1B所示,本發明電子鎖的解鎖系統可應用於各種如門10、車門10a或車輛引擎啟動等等不同應用的電子鎖具,再如圖2所示,本發明電子鎖的解鎖系統係包含有一電子鎖20及一解鎖裝置30;再如圖1C所示,該電子鎖20可進一步透過有線或無線網路連結到至少一外部主機40。請參閱圖2所示,該電子鎖20係包含有一處理單元21、一第一記憶單元22、一第一近端無線通訊模組23(如:NFC通訊模組)、一第一網路模組24、一電源模組25;此外,該電子鎖20進一步包含有一次性鎖具資料產生器26(如:亂數產生器)、一第一對稱金鑰產生器27、一第一對稱加解密單元271、一非對稱解密單元28;其中該一次性鎖具資料產生器26、該第一對稱金鑰產生器27、該第一對稱加解密單元271及該非對稱解密單元28係可分別以硬體電路實現,或進一步以韌體(Firmware; FW)形式實現而內建於該處理單元21中。Referring first to FIG. 1A and FIG. 1B, the unlocking system of the electronic lock of the present invention can be applied to various electronic locks for different applications such as the door 10, the door 10a or the vehicle engine, and the electronic device of the present invention is shown in FIG. The unlocking system of the lock includes an electronic lock 20 and an unlocking device 30; as shown in FIG. 1C, the electronic lock 20 can be further connected to at least one external host 40 through a wired or wireless network. Referring to FIG. 2, the electronic lock 20 includes a processing unit 21, a first memory unit 22, a first near-end wireless communication module 23 (eg, an NFC communication module), and a first network module. Group 24, a power module 25; in addition, the electronic lock 20 further includes a disposable lock data generator 26 (such as: random number generator), a first symmetric key generator 27, a first symmetric encryption and decryption The unit 271, an asymmetric decryption unit 28; wherein the disposable lock data generator 26, the first symmetric key generator 27, the first symmetric encryption and decryption unit 271, and the asymmetric decryption unit 28 are respectively hardware The circuit is implemented, or further implemented in the form of a firmware (FW) and built into the processing unit 21.
請參閱圖2所示,上述解鎖裝置30較佳的可為一種電子行動裝置,如智慧型手機,其包含有一第一控制單元31、一第二記憶單元32、一第二近端無線通訊模組33、一輸入裝置34(如:觸控面板、指紋感應器等)、一顯示模組35(如:LCD顯示面板)及一電源模組36;此外,該解鎖裝置30係進一步包含有一次性裝置資料產生器37(如:亂數產生器)、一計數器371、一第二對稱金鑰產生器38、一主鑰產生器38a、一第二對稱加解密單元381、一非對稱金鑰對產生器39、一非對稱加密單元391;其中該一次性裝置資料產生器37、該計數器371、該第二對稱金鑰產生器38、該主鑰產生器38a、該第二對稱加解密單元381、該非對稱金鑰對產生器39、該非對稱加密單元391係可分別以硬體電路實現,或進一步以應用軟體(APP)形式實現而由該第一控制單元31執行之。上述該非對稱金鑰對產生器39所產生的一非對稱金鑰對係為RSA金鑰對或ECC金鑰對,包含有一公鑰及一私鑰,其中公鑰儲存於電子鎖20,私鑰儲存於解鎖裝置30。As shown in FIG. 2, the unlocking device 30 is preferably an electronic mobile device, such as a smart phone, which includes a first control unit 31, a second memory unit 32, and a second near-end wireless communication module. a group 33, an input device 34 (such as a touch panel, a fingerprint sensor, etc.), a display module 35 (such as an LCD display panel), and a power module 36; further, the unlocking device 30 further includes a device data generator 37 (e.g., a random number generator), a counter 371, a second symmetric key generator 38, a master key generator 38a, a second symmetric encryption and decryption unit 381, and an asymmetric key. a pair of generators 39, an asymmetric encryption unit 391; wherein the one-time device data generator 37, the counter 371, the second symmetric key generator 38, the master key generator 38a, the second symmetric encryption and decryption unit 381. The asymmetric key pair generator 39 and the asymmetric cryptographic unit 391 can be implemented by a hardware circuit, or implemented by an application software (APP) and executed by the first control unit 31. The asymmetric key pair generated by the asymmetric key pair generator 39 is an RSA key pair or an ECC key pair, and includes a public key and a private key, wherein the public key is stored in the electronic lock 20, and the private key Stored in the unlocking device 30.
請閱圖1C及圖2所示,上述主機40可為另一電子行動裝置40a、一雲端伺服器40b或一遠端電腦主機40c;該主機40包含有一第二控制單元41、一第三記憶單元42、一第二網路模組43、一輸入裝置44(如:觸控面板、指紋感應器等)、一顯示模組45(如:LCD顯示面板)及一電源模組46;此外,亦進一步包含有一次性裝置資料產生器47、一計數器471、一第二對稱金鑰產生器48、主鑰產生器48a、一第二對稱加解密單元481、該非對稱金鑰對產生器49;即該主機40的大多結構與該解鎖裝置30相同,惟不必設置有近端無線通訊模組,但另具有一第二網路模組43,以與該電子鎖20的第一網路模組24透過網路連線。As shown in FIG. 1C and FIG. 2, the host 40 may be another electronic mobile device 40a, a cloud server 40b, or a remote computer host 40c. The host 40 includes a second control unit 41 and a third memory. a unit 42, a second network module 43, an input device 44 (such as a touch panel, a fingerprint sensor, etc.), a display module 45 (such as an LCD display panel), and a power module 46; Further includes a one-time device data generator 47, a counter 471, a second symmetric key generator 48, a master key generator 48a, a second symmetric encryption and decryption unit 481, the asymmetric key pair generator 49; That is, the main structure of the host 40 is the same as that of the unlocking device 30, but it is not necessary to provide a near-end wireless communication module, but another second network module 43 is used to connect with the first network module of the electronic lock 20. 24 Connected via the Internet.
請再配合參閱圖3A所示,係為配合上述解鎖系統的解鎖方法。首先以一電子行動裝置為該解鎖裝置30為例,其內建有一解鎖應用元件301,即上述整合有一次性裝置資料產生器37、計數器371、第二對稱金鑰產生器38、主鑰產生器38a、第二對稱加密單元381、非對稱金鑰對產生器39、非對稱加密單元391的應用程式(APP),可由該第一控制單元31執行之,並於該顯示模組35上顯示該解鎖應用元件301,該解鎖應用元件301為一可設定使用上鎖的應用程式。當使用者欲啟動該電子行動裝置時,即使用輸入裝置34輸入使用解鎖的資料,如圖3B所示,包括密碼、生物識別資料(如指紋)等,如正確者,如圖3C所示,即可啟動並提供一解鎖操作介面302於該顯示模組35上,該解鎖應用元件301係提供一初始化程序及一解鎖程序,並顯示於該解鎖操作介面302。Please refer to FIG. 3A again to cooperate with the unlocking method of the above unlocking system. First, an electronic mobile device is taken as an example of the unlocking device 30, which has an unlocking application component 301 built therein, that is, the integrated disposable device data generator 37, the counter 371, the second symmetric key generator 38, and the master key generation. The application 38 (APP) of the second symmetric cryptographic unit 381, the asymmetric key pair generator 39, and the asymmetric cryptographic unit 391 can be executed by the first control unit 31 and displayed on the display module 35. The unlocking application component 301 is an application that can be set to use a lock. When the user wants to activate the electronic mobile device, the input device 34 is used to input and use the unlocked data, as shown in FIG. 3B, including a password, biometric data (such as a fingerprint), and the like, as shown in FIG. 3C. An unlocking operation interface 302 is provided on the display module 35. The unlocking application component 301 provides an initialization program and an unlocking program, and is displayed on the unlocking operation interface 302.
請參閱圖1A、圖2、圖3D及圖4所示,當使用者選擇初始化程序時,首先該解鎖操作介面302會於該顯示模組35上提供一手動設定或自動設定選項,如圖3D所示,令使用者透過該輸入裝置34的使用完成一組解鎖用資料的設定,該解鎖用資料內容可因應客戶端需求而調整,可包含有一有效使用日/時、一使用期滿日/時、一開鎖次數、一使用控制參數、一解鎖裝置序號、一解鎖裝置識別碼或其它使限制條件。於設定完成後,該解鎖裝置30會設定為準備狀態S10,以接受該電子鎖20發出的輪詢指令,且該解鎖裝置30的一主鑰及該計數器371的累計解鎖次數一併設定為初始值。此時該電子鎖20會設定為初始狀態S11,並由該處理單元21控制該第一近端無線通訊模組23開始輪詢(polling)並感應該解鎖裝置30的存在,當該解鎖裝置30靠近該電子鎖20一定距離,以NFC通訊模組來說靠近約5cm以內,如圖1A,該處理單元21即可感應到該解鎖裝置30存在,並透過該解鎖裝置30的第二近端無線通訊模組33,與該解鎖裝置30開始建立通訊S12、S13。Referring to FIG. 1A, FIG. 2, FIG. 3D and FIG. 4, when the user selects an initialization program, the unlocking operation interface 302 first provides a manual setting or an automatic setting option on the display module 35, as shown in FIG. 3D. As shown, the user can complete the setting of a set of unlocking materials through the use of the input device 34. The unlocking data content can be adjusted according to the needs of the client, and can include a valid use date/time, a usage expiration date/ The time limit, the number of unlocks, the use of a control parameter, an unlocking device number, an unlocking device identification code, or the like. After the setting is completed, the unlocking device 30 is set to the standby state S10 to accept the polling command issued by the electronic lock 20, and a master key of the unlocking device 30 and the cumulative unlocking number of the counter 371 are set together as Initial value. At this time, the electronic lock 20 is set to the initial state S11, and the processing unit 21 controls the first near-end wireless communication module 23 to start polling and sense the presence of the unlocking device 30, when the unlocking device 30 A certain distance from the electronic lock 20 is within about 5 cm of the NFC communication module. As shown in FIG. 1A, the processing unit 21 can sense the presence of the unlocking device 30 and pass through the second proximal end of the unlocking device 30. The communication module 33 starts to establish communication S12, S13 with the unlocking device 30.
當通訊建立完成,該電子鎖20產生一次性第一鎖具資料S14,可由該處理單元21控制其一次性鎖具資料產生器26產生一亂數,以作為該一次性第一鎖具資料,接著下指令予該解鎖裝置30的第一控制單元31要求產生第一裝置密碼(cryptogram_device),該第一控制單元31於接收到指令與該一次性第一鎖具資料後,首先把累計解鎖次數遞增1,接著控制其一次性裝置資料產生器37產生一亂數作為一次性第一裝置資料,再連同該一次性第一鎖具資料、累計解鎖次數及該主鑰輸入至該第二對稱金鑰產生器38,以運算產生一對稱金鑰(session key);接著,控制該第二對稱加密單元381使用該對稱金鑰,將該一次性第一鎖具資料、該一次性第一裝置資料、累計解鎖次數先經過特殊格式包裝後,再利用裝置密碼產生演算法產生一第一裝置密碼(cryptogram_device),再連同該一次性第一裝置資料、主鑰資料及該計數器371目前的累計解鎖次數傳送至該電子鎖20(S15),由該電子鎖20的處理單元21依據主鑰資料搜尋出對應主鑰,故該主鑰不必由該解鎖裝置30提供;其中該主鑰資料係包含有一主鑰編號(Key Index)及一主鑰版本序號(Key Version)。When the communication establishment is completed, the electronic lock 20 generates a disposable first lock data S14, and the processing unit 21 controls the disposable lock data generator 26 to generate a random number as the disposable first lock data, and then the next instruction. The first control unit 31 of the unlocking device 30 is required to generate a first device password (cryptogram_device). After receiving the command and the disposable first lock data, the first control unit 31 first increments the accumulated unlocking number by one, and then increments the cumulative unlocking number by one. Controlling the one-time device data generator 37 to generate a random number as the one-time first device data, and inputting the first-time first lock data, the cumulative unlocking number, and the master key to the second symmetric key generator 38, The operation generates a symmetric key (session key); then, the second symmetric encryption unit 381 is controlled to use the symmetric key to pass the disposable first lock data, the disposable first device data, and the cumulative unlocking number. After the special format is packaged, the device password generation algorithm is used to generate a first device password (cryptogram_device), together with the one-time first device resource. The master key data and the current accumulated unlocking number of the counter 371 are transmitted to the electronic lock 20 (S15). The processing unit 21 of the electronic lock 20 searches for the corresponding master key according to the master key data, so the master key does not have to be unlocked. The device 30 provides; wherein the master key data includes a key index and a key version.
接著,該電子鎖20同樣控制該第一對稱金鑰產生器27使用該一次性第一鎖具資料,並連同已接收的該一次性第一裝置資料、累計解鎖次數及運算出的該主鑰來產生一對稱金鑰,如此即可控制該第一對稱加解密單元271驗證該第一裝置密碼S16;待驗證通過後,再使用該對稱金鑰將該一次性第一鎖具資料、該一次性第一裝置資料、累計解鎖次數經過特殊格式包裝後,再利用鎖具密碼產生演算法產生第一鎖具密碼(cryptogram_lock)S161,且下指令要求該解鎖裝置30的第一控制單元31驗證該第一鎖具密碼同時將該第一鎖具密碼傳送至該解鎖裝置30,即由該第一控制單元31控制該第二對稱加解密單元381,依據該對稱金鑰驗證該第一鎖具密碼,當驗證通過,則安全通道建立完成S17。Then, the electronic lock 20 also controls the first symmetric key generator 27 to use the disposable first lock data, and together with the received first-time first device data, the cumulative number of unlocks, and the calculated master key. Generating a symmetric key, so that the first symmetric encryption/decryption unit 271 can be controlled to verify the first device password S16; after the verification is passed, the one-time first lock data and the one-time number can be used again by using the symmetric key. After the device data and the accumulated unlocking number are packaged in a special format, the first password cryptogram (lockogram) S161 is generated by using the lock password generating algorithm, and the lower command requires the first control unit 31 of the unlocking device 30 to verify the first lock password. At the same time, the first lock code is transmitted to the unlocking device 30, that is, the second symmetric encryption and decryption unit 381 is controlled by the first control unit 31, and the first lock password is verified according to the symmetric key. When the verification is passed, the security is safe. The channel establishment is completed S17.
電子鎖30接著下指令要求解鎖裝置30產生一新主鑰並產生一新非對稱金鑰對S162,並由第一控制單元31控制該主鑰產生器38a產生該新主鑰,並控制該非對稱金鑰對產生器39產生該新非對稱金鑰對,並將其一私鑰一併儲存至第一記憶單元32;之後,再使用該對稱金鑰將該新非對稱金鑰對中的一公鑰、該新主鑰及該解鎖裝置20的持有人識別碼予以對稱加密後,傳送至該電子鎖20(S18),由該處理單元21儲存至該第一記憶單元22,以更新該金鑰對的公鑰及主鑰S19。因此,該新主鑰及該新金鑰對的公鑰可於安全通道中完成傳送,避免被竊。The electronic lock 30 then instructs the unlocking device 30 to generate a new master key and generate a new asymmetric key pair S162, and the first control unit 31 controls the master key generator 38a to generate the new master key and controls the asymmetry. The key pair generator 39 generates the new asymmetric key pair and stores one of its private keys together with the first memory unit 32; then, using the symmetric key, the new asymmetric key pair is used. The public key, the new master key, and the holder identification code of the unlocking device 20 are symmetrically encrypted, and then transmitted to the electronic lock 20 (S18), and the processing unit 21 stores the same to the first memory unit 22 to update the The public key of the key pair and the master key S19. Therefore, the new master key and the public key of the new key pair can be transmitted in a secure channel to avoid theft.
以上為解鎖裝置30完成初始化程序的流程,而於完成初始化程序後,該解鎖裝置30即為通過該電子鎖20認證的解鎖裝置30,認證過的解鎖裝置30可與該電子鎖20直接進行解鎖程序。再請配合參閱圖5及圖6A所示,係為本發明執行該解鎖程序的第一較佳實施例,配合圖3A至圖3C所示,當解除該解鎖應用元件301的使用鎖定狀態並由使用者選擇該解鎖程序後S20,該解鎖裝置30會與電子鎖20進入解鎖程序。意即,該解鎖裝置30的第一控制單元31控制該第二近端通訊模組33與該電子鎖20的第一近端通訊模組23建立通訊S21、S22,並於建立好雙向通訊後,電子鎖20提供一次性第二鎖具資料給解鎖裝置30(S23),並下指令要求該解鎖裝置30產生第二裝置密碼與數位簽章。The above is the flow of the initialization process of the unlocking device 30. After the initialization process is completed, the unlocking device 30 is the unlocking device 30 authenticated by the electronic lock 20, and the authenticated unlocking device 30 can be directly unlocked with the electronic lock 20. program. Referring to FIG. 5 and FIG. 6A again, the first preferred embodiment of the unlocking procedure is performed according to the present invention. When the unlocking application component 301 is unlocked, the unlocking application component 301 is unlocked by the use of FIG. 3A to FIG. 3C. After the user selects the unlocking program S20, the unlocking device 30 enters the unlocking program with the electronic lock 20. That is, the first control unit 31 of the unlocking device 30 controls the second near-end communication module 33 to establish communication S21, S22 with the first near-end communication module 23 of the electronic lock 20, and after establishing two-way communication The electronic lock 20 provides the disposable second lock information to the unlocking device 30 (S23), and the lower command requests the unlocking device 30 to generate the second device password and the digital signature.
當該解鎖裝置30獲得該一次性第二鎖具資料後S24,首先把計數器累積開鎖次數遞增1,接著其第一控制單元31控制該一次性裝置資料產生器37再產生一亂碼作為一次性第二裝置資料,並連同該一次性第二鎖具資料、計數器累積開鎖次數值及該主鑰輸入至該第二對稱金鑰產生器38以產生一對稱金鑰;該第一控制單元31使用該對稱金鑰,將該一次性第二鎖具資料、該一次性第二裝置資料、主鑰資料、累計解鎖次數、解鎖裝置序號與解鎖裝置識別碼先經過特殊格式包裝後,再控制該第二對稱加解密單元381對特殊格式包裝後的資料利用裝置密碼產生演算法產生一第二裝置密碼;之後,再控制該非對稱加密單元391使用該非對稱金鑰對的私鑰,將該第二裝置密碼、該一次性第二鎖具資料、該一次性第二裝置資料、主鑰資料、累計解鎖次數、解鎖裝置序號與解鎖裝置識別碼經過特殊演算法包裝後加密產生一數位簽章,並將該數位簽章直接回傳至該電子鎖20(S25);該電子鎖20於接收該數位簽章後,其處理單元21控制該非對稱解密單元28順利地以該公鑰,對該數位簽章解密並驗證,驗證完後順利取出該第二裝置密碼、該主鑰資料、累計解鎖次數、解鎖裝置序號、解鎖裝置識別碼與該一次性第二裝置資料S26;接著,如圖6A所示,同樣將該一次性第二鎖具資料、該一次性第二裝置資料、計數器累積開鎖次數值及該主鑰輸入至該第一對稱金鑰產生器27以產生一對稱金鑰S27,再控制該第一對稱加解密單元271使用該對稱金鑰來驗證該第二裝置密碼是否正確S28,如驗證通過即解除該電子鎖20的鎖定狀態S29。After the unlocking device 30 obtains the disposable second lock data S24, the counter cumulative unlocking number is first incremented by 1, and then the first control unit 31 controls the disposable device data generator 37 to generate a garbled code as a one-time second. The device data, together with the one-time second lock data, the counter cumulative unlocking number value, and the master key are input to the second symmetric key generator 38 to generate a symmetric key; the first control unit 31 uses the symmetric gold Key, the disposable second lock data, the disposable second device data, the master key data, the cumulative unlocking number, the unlocking device serial number and the unlocking device identification code are first packaged in a special format, and then the second symmetric encryption and decryption is controlled. The unit 381 generates a second device password by using the device password generation algorithm for the specially formatted data; and then controlling the asymmetric encryption unit 391 to use the private key of the asymmetric key pair, the second device password, the time Second lock data, the second-time device data, master key data, cumulative unlock times, unlocking device serial number and unlocking device After the special code is packaged, the code is encrypted to generate a digital signature, and the digital signature is directly transmitted back to the electronic lock 20 (S25); after receiving the digital signature, the electronic lock 20 controls the processing unit 21 The asymmetric decryption unit 28 successfully decrypts and verifies the digital signature with the public key. After the verification, the second device password, the master key data, the cumulative unlocking number, the unlocking device serial number, and the unlocking device identification code are successfully extracted. The disposable second device data S26; then, as shown in FIG. 6A, the disposable second lock data, the disposable second device data, the counter cumulative unlocking value, and the master key are also input to the first symmetry The key generator 27 generates a symmetric key S27, and then controls the first symmetric encryption/decryption unit 271 to use the symmetric key to verify whether the second device password is correct S28. If the verification is passed, the lock of the electronic lock 20 is released. State S29.
因此,使用者只要將欲開啟本發明電子鎖之解鎖裝置30先與該電子鎖20進行初始化的認證成功後,使用者之後再使用已認證的解鎖裝置30,先於該解鎖裝置30通過開啟該解鎖應用元件301的身份認證程序,即可選擇解鎖程序與電子鎖20進行解鎖程序,藉由對稱加解密及非對稱加解密來完成解鎖認證,其中加密金鑰及金鑰對均包含電子鎖20及解鎖裝置30自行產生的一次性資料,並加入累計解鎖次數,以確保認證資料的不可複製性;因此,本發明的解鎖程序使用方便且安全性更佳。此外,於解鎖程序中使用的主鑰及金鑰對係於初始化程序中產生,並且透過建立安全通道完成傳送,有效提高後續解鎖程序的可信賴度。Therefore, after the user successfully initializes the unlocking device 30 of the electronic lock of the present invention with the electronic lock 20, the user then uses the authenticated unlocking device 30, and the unlocking device 30 is used to turn on the unlocking device 30. Unlocking the identity authentication program of the application component 301, the unlocking program and the electronic lock 20 can be selected to perform an unlocking process, and the unlocking authentication is completed by symmetric encryption and decryption and asymmetric encryption and decryption, wherein the encryption key and the key pair both include the electronic lock 20 And unlocking the self-generated one-time data and adding the accumulated unlocking times to ensure the non-reproducibility of the authentication data; therefore, the unlocking program of the present invention is convenient to use and safer. In addition, the master key and key pair used in the unlocking process are generated in the initialization program, and the transmission is completed by establishing a secure channel, thereby effectively improving the reliability of the subsequent unlocking program.
再請參閱圖1C、圖2及圖6B所示,本發明可進一步於圖5步驟S26取出第二裝置密碼後,先依據該解鎖裝置20預設的該使用控制參數,判斷是否設定由該主機40進行線上驗證S30;若是,則由該處理單元21採用SSL加密方式並透過該第一網路模組24,向該主機40連線並請求線上驗證;若驗證通過,通知該電子鎖20解除鎖定狀態S31,最後由該電子鎖20解除鎖定狀態S32。Referring to FIG. 1C, FIG. 2 and FIG. 6B, the present invention can further determine whether the host is set by the host according to the usage control parameter preset by the unlocking device 20 after the second device password is taken out in step S26 of FIG. 5 . The online verification S30 is performed; if yes, the processing unit 21 uses the SSL encryption method and connects to the host 40 through the first network module 24 to request online verification; if the verification is passed, the electronic lock 20 is notified to be released. The state S31 is locked, and finally the lock state S32 is released by the electronic lock 20.
再請配合參閱圖6D所示,上述步驟S31的詳細驗證流程,係由該處理單元21透過該第一網路模組24向該主機40連線(線上傳輸資料採用SSL加密方式),以建立雙向通訊S311,再將該第二裝置密碼、一次性第二鎖具資料、該一次性第二裝置資料、目前計數器371的累計解鎖次數、主鑰資訊、解鎖裝置序號、解鎖裝置持有人識別碼傳送至該電子行動裝置40a(S312)。於本實施例中,該主機40已先與該電子鎖20完成如圖4所示的初始化程序,故此時該電子行動裝置40a已設定有主鑰及私鑰資料等。因此,當該電子行動裝置40a接收來自該電子鎖20傳來的資料後,根據主鑰資訊即可找到相對應的主鑰,同樣控制其第二對稱金鑰產生器48依據主鑰及其它資料產生一對稱金鑰,再控制該第二對稱加解密單元481對該第二裝置密碼進行驗證S313,若驗證通過,即通知電子鎖20解除其鎖定裝置S314,待該電子鎖20接收後即解除其鎖定狀態S32。Referring to FIG. 6D, the detailed verification process of step S31 is performed by the processing unit 21 to connect to the host 40 through the first network module 24 (the data is transmitted by using SSL encryption on the line) to establish Two-way communication S311, the second device password, the disposable second lock data, the disposable second device data, the current number of accumulated unlocks of the counter 371, the master key information, the unlocking device serial number, and the unlocking device holder identification code It is transmitted to the electronic mobile device 40a (S312). In this embodiment, the host 40 has previously completed the initialization procedure shown in FIG. 4 with the electronic lock 20. Therefore, the electronic mobile device 40a has set the master key and the private key data. Therefore, when the electronic mobile device 40a receives the data from the electronic lock 20, the corresponding master key can be found according to the master key information, and the second symmetric key generator 48 is also controlled according to the master key and other data. A symmetric key is generated, and the second symmetric encryption/decryption unit 481 is controlled to verify the second device password S313. If the verification is passed, the electronic lock 20 is notified to release the locking device S314, and the electronic lock 20 is released after being received. It locks state S32.
當圖6B步驟S30不必線上驗證時,如圖6C所示,首先運算出對稱金鑰S33,即以對稱金鑰驗證第二裝置密碼S34,於驗證成功S35後再依據該解鎖裝置20預設的該使用控制參數,判斷是否設定由該主機40進行線上手動審核S36;若否,則由該電子鎖20直接解除鎖定狀態S37;若是,由該於本實施例的該主機40為一電子行動裝置40a,故可選擇手動審核該解鎖裝置是否符合解鎖條件S38。若審核通過,該電子行動裝置40a的第二控制單元41即同樣透過該第二網路模組43通知電子鎖20解除其鎖定狀態S39,待該電子鎖20接收後即解除其鎖定狀態S37。When the step S30 of FIG. 6B does not need to be verified online, as shown in FIG. 6C, the symmetric key S33 is first calculated, that is, the second device password S34 is verified by the symmetric key, and the preset is determined according to the unlocking device 20 after the verification succeeds S35. Using the control parameter, determining whether the online manual audit S36 is set by the host 40; if not, the lock state S37 is directly released by the electronic lock 20; if so, the host 40 of the embodiment is an electronic mobile device 40a, so it is optional to manually check whether the unlocking device meets the unlocking condition S38. If the audit is passed, the second control unit 41 of the electronic mobile device 40a also informs the electronic lock 20 to release its locked state S39 through the second network module 43. After the electronic lock 20 is received, the locked state S37 is released.
由圖6B及圖6C可知,本發明提出一道由該主機40進行審核及驗證的程序,而且是由該電子鎖20與主機40直接連線進行,加上主鑰與私鑰不會相互傳送,同樣確保解鎖程序安全性。As can be seen from FIG. 6B and FIG. 6C, the present invention proposes a procedure for auditing and verification by the host 40, and the electronic lock 20 is directly connected to the host 40, and the master key and the private key are not transmitted to each other. Also make sure to unlock the program security.
又本發明進一步考慮當使用者未攜帶已認證的解鎖裝置30時,仍提供一種安全解鎖方法。由於該主機40已與該電子鎖20完成初始化的認證程序,此時該主機40已設定有主鑰及私鑰資料等。若該主機40a使用如圖1C所示的電子行動裝置,則再如圖8A所示,其使用介面302會提供一授權程序,以接受一未經初始化認證的解鎖裝置30a透過行動網路(3G或4G)請求遠端授權解鎖,故該主機40可與該電子鎖20進行部份的解鎖程序,請參閱圖7A所示,該解鎖程序包含有圖5步驟S20至S25,惟步驟S21及S22係建立SSL連線,且該步驟S25該主機40除產生的數位簽章外,再產生一會議識別碼(Session ID)並回傳會議識別碼給電子鎖20,該會議識別碼係對應該一次性第二鎖具資料,此時該電子鎖會20暫存該該會議識別碼及其對應的該一次性第二鎖具資料S26’。再如圖7B所示,該主機40將數位簽章與會議識別碼傳送至一未經初始化認證的解鎖裝置30a(如圖1C所示)。較佳地,若該主機40使用如手機的電子行動裝置,即可透過行動網路(3G or 4G)進行該數位簽章及會議識別碼的傳輸。Still further, the present invention further contemplates providing a secure unlocking method when the user does not carry the authenticated unlocking device 30. Since the host 40 has completed the initialization authentication procedure with the electronic lock 20, the host 40 has set the master key and the private key data and the like at this time. If the host 40a uses the electronic mobile device as shown in FIG. 1C, then as shown in FIG. 8A, the use interface 302 provides an authorization program to accept an uninitialized authentication unlocking device 30a through the mobile network (3G). Or 4G) requesting the remote authorization to unlock, so the host 40 can perform a partial unlocking process with the electronic lock 20, as shown in FIG. 7A, the unlocking procedure includes steps S20 to S25 of FIG. 5, but steps S21 and S22. The SSL connection is established, and in step S25, the host 40 generates a conference ID (Session ID) in addition to the generated digital signature and returns the conference identification code to the electronic lock 20, and the conference identification code corresponds to the conference. The second lock data, at this time, the electronic lock 20 temporarily stores the conference identification code and the corresponding one-time second lock data S26'. As shown in FIG. 7B, the host 40 transmits the digital signature and the conference identification code to an unlocking device 30a that is not initialized (as shown in FIG. 1C). Preferably, if the host 40 uses an electronic mobile device such as a mobile phone, the digital signature and the conference identification code can be transmitted through the mobile network (3G or 4G).
由於該未經初始化認證的解鎖裝置30a同樣安裝有該解鎖應用元件,該解鎖應用元件301的解鎖使用介面302於接收到該主機40傳送的數位簽章及會議識別碼S50,會於解鎖使用介面302上提供一遠端解鎖程序,如圖8B所示,以提醒該未經初始化認證的解鎖裝置30a的使用者是否使用該數位簽章與該電子鎖進行解鎖程序;若接收該數位簽章進行解鎖,接著使用者將該未經初始化認證的解鎖裝置30a靠近該電子鎖20一定距離,以NFC通訊模組來說靠近約5cm以內,如圖1A,該處理單元21即可感應到解鎖裝置30存在,並開始建立雙向通訊S51、S52。此時該電子鎖20產生一次性第一鎖具資料,並接著下指令要求未經初始化認證的解鎖裝置30a產生第二裝置密碼與數位簽章S53,並提供一次性第二鎖具資料給未經初始化認證的解鎖裝置30a,惟該未經初始化認證的解鎖裝置30a未與電子鎖進行過初始化程序,故當收到此一要求,直接回傳數位簽章與會議識別碼給該電子鎖20(S54),該電子鎖20以公鑰解密與驗證該數位簽章,並取出該第二裝置密碼、該主鑰資料、累計解鎖次數、解鎖裝置序號、解鎖裝置識別碼與該一次性第二裝置資料,並於收到該會議識別碼後,丟棄剛剛產生的一次性第二鎖具資料,並以該會議識別碼對應的一次性第二鎖具資料取代S55再配合圖6A及6B其中之一驗證步驟,完成解鎖。Since the uninitialized authentication unlocking device 30a is also equipped with the unlocking application component, the unlocking application interface 301 of the unlocking application component 301 receives the digital signature and the conference identification code S50 transmitted by the host 40, and the unlocking interface is used. A remote unlocking program is provided on the 302, as shown in FIG. 8B, to remind the user of the uninitialized unlocking device 30a whether to use the digital signature to unlock the electronic lock; if the digital signature is received After the unlocking, the user closes the unlocking device 30a that is not initialized to a certain distance, and is close to about 5 cm in the NFC communication module. As shown in FIG. 1A, the processing unit 21 can sense the unlocking device 30. Exist, and start to establish two-way communication S51, S52. At this time, the electronic lock 20 generates the disposable first lock data, and then the next command to request the uninitialized unlocking device 30a to generate the second device password and the digital signature S53, and provides the disposable second lock data to the uninitialized The authenticated unlocking device 30a, but the uninitialized unlocking device 30a has not been initialized with the electronic lock, so when receiving this request, the digital signature and the conference identification code are directly transmitted back to the electronic lock 20 (S54) The electronic lock 20 decrypts and verifies the digital signature with the public key, and extracts the second device password, the master key data, the cumulative unlocking number, the unlocking device serial number, the unlocking device identification code, and the disposable second device data. And after receiving the conference identification code, discard the disposable second lock data that has just been generated, and replace the S55 with the one-time second lock data corresponding to the conference identification code, and cooperate with one of the verification steps of FIG. 6A and FIG. 6B. Finish unlocking.
上述本發明的解鎖方法及系統提供使用者只要將欲開啟電子鎖之解鎖裝置,先與該電子鎖進行初始化的認證成功後,當欲對該電子鎖解鎖時,先將該解鎖裝置通過開啟該解鎖應用元件的身份認證程序,即可選擇解鎖程序與電子鎖進行解鎖程序,藉由對稱加密及非對稱加密來完成解鎖認證,其中加密金鑰及金鑰對均包含電子鎖20及解鎖裝置30自行產生的一次性資料,並加入累計解鎖次數,以確保認證資料的不可複製性;數位簽章則確保訊息的完整性(Integrity)、隱密性、不可否認性(Non-repudiation)與使用者鑑別等特性;因此,本發明的解鎖方法及系統使用方便且安全性更佳。此外,於解鎖程序中使用的主鑰及金鑰對係於初始化程序中產生,並且透過建立安全通道完成傳送,有效提高後續解鎖程序的可信賴度。The above-mentioned unlocking method and system of the present invention provides that the user only needs to unlock the unlocking device of the electronic lock, and after initializing the authentication with the electronic lock, when the electronic lock is to be unlocked, the unlocking device is first turned on. The unlocking program is unlocked by the unlocking program and the electronic lock, and the unlocking authentication is completed by symmetric encryption and asymmetric encryption, wherein the encryption key and the key pair both include the electronic lock 20 and the unlocking device 30. Self-generated one-time data, and the cumulative number of unlocks to ensure the non-reproducibility of the certification data; digital signature to ensure the integrity of the message (Integrity), privacy, non-repudiation and users Identification and other characteristics; therefore, the unlocking method and system of the present invention are convenient to use and safer. In addition, the master key and key pair used in the unlocking process are generated in the initialization program, and the transmission is completed by establishing a secure channel, thereby effectively improving the reliability of the subsequent unlocking program.
以上所述僅是本發明的實施例而已,並非對本發明做任何形式上的限制,雖然本發明已以實施例揭露如上,然而並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明技術方案的範圍內,當可利用上述揭示的技術內容作出些許更動或修飾為等同變化的等效實施例,但凡是未脫離本發明技術方案的內容,依據本發明的技術實質對以上實施例所作的任何簡單修改、等同變化與修飾,均仍屬於本發明技術方案的範圍內。The above is only the embodiment of the present invention, and is not intended to limit the scope of the present invention. The present invention has been disclosed by the embodiments, but is not intended to limit the invention, and any one of ordinary skill in the art, In the scope of the technical solutions of the present invention, equivalent modifications may be made to the equivalents of the embodiments of the present invention without departing from the technical scope of the present invention. Any simple modifications, equivalent changes and modifications made to the above embodiments are still within the scope of the technical solutions of the present invention.
10 門 10a 車門 20 電子鎖 21 處理單元 22 第一記憶單元 23 第一近端無線通訊模組 24 第一網路模組 25 電源模組 26 一次性鎖具資料產生器 27 第一對稱金鑰產生器 271 第一對稱加解密單元 28 非對稱解密單元 30、30a 解鎖裝置 301 解鎖應用元件 302 解鎖使用介面 31 第一控制單元 32 第二記憶單元 33 第二近端無線通訊模組 34 輸入裝置 35 顯示模組 36 電源模組 37 一次性裝置資料產生器 371 計數器 38 第二對稱金鑰產生器 38a 主鑰產生器 381 第二對稱加解密單元 39 非對稱金鑰對產生器 391 非對稱加密單元 40 主機 40a 電子行動裝置 40b 雲端伺服器 40c 遠端電腦主機 41 第二控制單元 42 第三記憶單元 43 第二網路模組 44 輸入裝置 45 顯示模組 46 電源模組 47 一次性裝置資料產生器 471 計數器 48 第二對稱金鑰產生器 48a 主鑰產生器 481 第二對稱加解密單元 49 非對稱金鑰對產生器 50 門 51 電子鎖 52 手機 60 手機10 door 10a door 20 electronic lock 21 processing unit 22 first memory unit 23 first near-end wireless communication module 24 first network module 25 power module 26 disposable lock data generator 27 first symmetric key generator 271 first symmetric encryption and decryption unit 28 asymmetric decryption unit 30, 30a unlocking device 301 unlocking application component 302 unlocking use interface 31 first control unit 32 second memory unit 33 second near-end wireless communication module 34 input device 35 display Module 36 Power Module 37 Disposable Device Data Generator 371 Counter 38 Second Symmetric Key Generator 38a Master Key Generator 381 Second Symmetric Encryption Unit 39 Asymmetric Key Pair Generator 391 Asymmetric Encryption Unit 40 Host 40a electronic mobile device 40b cloud server 40c remote computer host 41 second control unit 42 third memory unit 43 second network module 44 input device 45 display module 46 power module 47 one-time device data generator 471 counter 48 second symmetric key generator 48a master key generator 481 second symmetric encryption and decryption unit 49 asymmetric key pair generator 50 door 51 electronic lock 52 mobile phone 60 mobile phone
圖1A:係本發明電子鎖應用於一門禁系統的示意圖。 圖1B:係本發明電子鎖應用於一車門系統的示意圖。 圖1C:係本發明解鎖系統的示意圖。 圖2:係本發明電子鎖解鎖系統的功能方塊圖。 圖3A:係本發明解鎖裝置的顯示模組顯示應用程式的畫面示意圖。 圖3B至3D:係本發明解鎖裝置的顯示模組顯示一解鎖操作介面的不同畫面示意圖。 圖4係本發明電子鎖解鎖方法的初始化程序的流程圖。 圖5:係本發明電子鎖解鎖方法的解鎖程序的第一較佳實施例的流程圖。 圖6A:係本發明圖3的電子鎖解除其鎖定狀態的流程圖。 圖6B及6C:係本發明圖3的電子鎖解除其鎖定狀態的另一流程圖。 圖6D:係本發明圖6B的詳細流程圖。 圖7A及7B:係本發明電子鎖解鎖方法的解鎖程序的第二較佳實施例的流程圖。 圖8A:係圖7A中主機的一使用介面的畫面示意圖。 圖8B:係圖7A中未經初始化認證的解鎖裝置的解鎖操作介面的畫面示意圖。 圖9:係本國公告第M471649號新型專利的系統示意圖。Figure 1A is a schematic illustration of the application of the electronic lock of the present invention to an access control system. Figure 1B is a schematic illustration of the application of the electronic lock of the present invention to a door system. Figure 1C is a schematic illustration of the unlocking system of the present invention. Figure 2 is a functional block diagram of the electronic lock unlocking system of the present invention. FIG. 3A is a schematic diagram of a screen display application of the display module of the unlocking device of the present invention. FIG. 3B to 3D are schematic diagrams showing different screens of an unlocking operation interface of the display module of the unlocking device of the present invention. 4 is a flow chart showing an initialization procedure of the electronic lock unlocking method of the present invention. Figure 5 is a flow chart showing a first preferred embodiment of the unlocking procedure of the electronic lock unlocking method of the present invention. Figure 6A is a flow chart showing the state in which the electronic lock of Figure 3 of the present invention is unlocked. Figures 6B and 6C are another flow chart of the electronic lock of Figure 3 of the present invention releasing its locked state. Figure 6D is a detailed flow chart of Figure 6B of the present invention. 7A and 7B are flowcharts showing a second preferred embodiment of the unlocking procedure of the electronic lock unlocking method of the present invention. FIG. 8A is a schematic diagram of a screen of a user interface of the host in FIG. 7A. FIG. 8B is a schematic diagram showing the unlocking operation interface of the unlocking device without uninitial authentication in FIG. 7A. Figure 9 is a schematic diagram of the system of the new patent No. M471649.
無no
Claims (32)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW104121806A TWI573921B (en) | 2015-07-06 | 2015-07-06 | Method And System Of Unlocking Digital Lock |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW104121806A TWI573921B (en) | 2015-07-06 | 2015-07-06 | Method And System Of Unlocking Digital Lock |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201702469A TW201702469A (en) | 2017-01-16 |
| TWI573921B true TWI573921B (en) | 2017-03-11 |
Family
ID=58401110
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW104121806A TWI573921B (en) | 2015-07-06 | 2015-07-06 | Method And System Of Unlocking Digital Lock |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI573921B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI638081B (en) * | 2018-02-12 | 2018-10-11 | 天揚精密科技股份有限公司 | Remote control electronic lock system and encrypting/decrypting method |
| TWI662177B (en) * | 2018-10-12 | 2019-06-11 | 一德金屬工業股份有限公司 | Access control method with double unlock recognition pattern |
| TWI700608B (en) * | 2018-12-26 | 2020-08-01 | 新唐科技股份有限公司 | Lock control circuit and electronic system having the same |
| TWI726613B (en) * | 2020-02-12 | 2021-05-01 | 寬豐工業股份有限公司 | Combination lock system and method of operating the same |
| TWI736280B (en) * | 2020-05-22 | 2021-08-11 | 國立虎尾科技大學 | Identity verification method based on biometrics |
| TWI871022B (en) * | 2023-09-25 | 2025-01-21 | 簡永杰 | Information security management system for opening nfc locks with authorization |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109184361B (en) * | 2018-10-29 | 2023-09-26 | 深圳市创想网络系统有限公司 | Door lock with high safety and working method thereof |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020046188A1 (en) * | 2000-06-12 | 2002-04-18 | Burges Ronald Llewellyn | Electronic deposit box system |
| US20080309458A1 (en) * | 2004-03-19 | 2008-12-18 | Sentrilock, Inc. | Electronic lock box with time-related data encryption based on user-selected pin |
| US20130061055A1 (en) * | 2007-11-08 | 2013-03-07 | SurlDx, Inc. | Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones |
| TWI410555B (en) * | 2010-11-12 | 2013-10-01 | ||
| TWM483988U (en) * | 2014-04-11 | 2014-08-11 | Syoung Technology Co Ltd | Integrated bluetooth and NFC with image transmission that access control system |
| US20150088754A1 (en) * | 2011-06-16 | 2015-03-26 | OneID Inc. | Method and system for fully encrypted repository |
| US20150129657A1 (en) * | 2013-06-04 | 2015-05-14 | April Elizabeth Rogers | System and method for controlling locks |
| TWM510956U (en) * | 2015-07-06 | 2015-10-21 | Qi-Yang Chen | Unlocking system of electronic lock |
-
2015
- 2015-07-06 TW TW104121806A patent/TWI573921B/en not_active IP Right Cessation
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020046188A1 (en) * | 2000-06-12 | 2002-04-18 | Burges Ronald Llewellyn | Electronic deposit box system |
| US20080309458A1 (en) * | 2004-03-19 | 2008-12-18 | Sentrilock, Inc. | Electronic lock box with time-related data encryption based on user-selected pin |
| US20130061055A1 (en) * | 2007-11-08 | 2013-03-07 | SurlDx, Inc. | Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones |
| TWI410555B (en) * | 2010-11-12 | 2013-10-01 | ||
| US20150088754A1 (en) * | 2011-06-16 | 2015-03-26 | OneID Inc. | Method and system for fully encrypted repository |
| US20150129657A1 (en) * | 2013-06-04 | 2015-05-14 | April Elizabeth Rogers | System and method for controlling locks |
| TWM483988U (en) * | 2014-04-11 | 2014-08-11 | Syoung Technology Co Ltd | Integrated bluetooth and NFC with image transmission that access control system |
| TWM510956U (en) * | 2015-07-06 | 2015-10-21 | Qi-Yang Chen | Unlocking system of electronic lock |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI638081B (en) * | 2018-02-12 | 2018-10-11 | 天揚精密科技股份有限公司 | Remote control electronic lock system and encrypting/decrypting method |
| TWI662177B (en) * | 2018-10-12 | 2019-06-11 | 一德金屬工業股份有限公司 | Access control method with double unlock recognition pattern |
| TWI700608B (en) * | 2018-12-26 | 2020-08-01 | 新唐科技股份有限公司 | Lock control circuit and electronic system having the same |
| TWI726613B (en) * | 2020-02-12 | 2021-05-01 | 寬豐工業股份有限公司 | Combination lock system and method of operating the same |
| TWI736280B (en) * | 2020-05-22 | 2021-08-11 | 國立虎尾科技大學 | Identity verification method based on biometrics |
| TWI871022B (en) * | 2023-09-25 | 2025-01-21 | 簡永杰 | Information security management system for opening nfc locks with authorization |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201702469A (en) | 2017-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI573921B (en) | Method And System Of Unlocking Digital Lock | |
| CN109410406B (en) | Authorization method, device and system | |
| KR102144528B1 (en) | An authentication apparatus with a bluetooth interface | |
| US9858401B2 (en) | Securing transactions against cyberattacks | |
| CN108809659B (en) | Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system | |
| CN105184929B (en) | Intelligent door lock control method and device | |
| US20200169550A1 (en) | Methods and devices for authenticating smart card | |
| CN109076090B (en) | Updating biometric data templates | |
| US20200302043A1 (en) | Authentication system | |
| US12437594B2 (en) | Establishment of secure Bluetooth connection to internet of things devices, such as electronic locks | |
| CN110189442A (en) | Authentication method and device | |
| WO2017197974A1 (en) | Biometric characteristic-based security authentication method, device and electronic equipment | |
| WO2017071496A1 (en) | Method and device for realizing session identifier synchronization | |
| WO2015058596A1 (en) | Dynamic password generation method and system, and transaction request processing method and system | |
| CN102571802B (en) | Information safety devices and Server remote unlock method, equipment and server | |
| US10686787B2 (en) | Use of personal device for convenient and secure authentication | |
| WO2014187206A1 (en) | Method and system for backing up private key in electronic signature token | |
| CN108650219B (en) | User identity identification method, related device, equipment and system | |
| EP4227844A1 (en) | Electronic device for generating and authenticating identification information of hardware device, and operation method thereof | |
| CN109920100A (en) | A kind of smart lock method for unlocking and system | |
| KR20000024445A (en) | User Authentication Algorithm Using Digital Signature and/or Wireless Digital Signature with a Portable Device | |
| TWM510956U (en) | Unlocking system of electronic lock | |
| CN104702566B (en) | Authorized use method and device of virtual equipment | |
| KR102521936B1 (en) | Method of secured sharing of vehicle key | |
| EP3945442B1 (en) | Security method and device for electronic transactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |