Patent Application
20200169550
This application is based upon and claims priority to Chinese Patent Application No. 201811410112.9, filed on Nov. 23, 2018, the entire contents thereof are incorporated herein by reference.
The present disclosure relates to the technical field of Internet of Things, and more particularly, to methods and devices for authenticating a smart card.
With the development of the Internet of Things technology, the concept of smart life has gradually entered the user's life, and the demand for smart home products is increasing. Among many smart home products, smart locks have unique application scenarios and are widely used in apartments, houses, office buildings and other scenarios. As the key of the smart lock, the smart card realizes the authentication by interacting with the smart lock, and then the smart lock can be quickly opened based on the authenticated smart card. Compared with the conventional unlocking method, this method is more convenient and safer.
At present, the smart lock mainly authenticates the smart card based on a preset unlocking key, which requires that the smart lock manufacturer presets the unlocking key before the smart lock is shipped from the factory, and a fixed management terminal writes the set unlocking key into the smart card after leaving the factory. The smart card is then distributed to individual users.
According to a first aspect of the embodiments of the present disclosure, there is provided a method for authenticating a smart card, including: determining whether the smart card satisfies a first authentication condition according to authentication information provided by the smart card; in response to the determination that the smart card satisfies the first authentication condition, sending a generated unlocking key to the smart card; and in response to receiving feedback information of the smart card, determining the smart card to be an authenticated smart card.
According to a second aspect of the embodiments of the present disclosure, there is provided a method for authenticating a smart card, including: providing authentication information to a smart lock; receiving an unlocking key sent by the smart lock, the unlocking key being sent by the smart lock when determining that the smart card satisfies a first authentication condition according to the authentication information; and sending feedback information to the smart lock.
According to a third aspect of the embodiments of the present disclosure, there is provided a device for authenticating a smart card, including: a processor; and a memory for storing instructions executable by the processor; wherein the processor is configured to: determine whether the smart card satisfies a first authentication condition according to authentication information provided by the smart card; in response to the determination that the smart card satisfies the first authentication condition, send a generated unlocking key to the smart card; and in response to receiving feedback information of the smart card, determine the smart card to be an authenticated smart card.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a device for authenticating a smart card, including: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to: provide authentication information to a smart lock; receive an unlocking key sent by the smart lock, the unlocking key being sent by the smart lock when determining that the smart card satisfies a first authentication condition according to the authentication information; and send feedback information to the smart lock.
The technical solutions provided by the embodiments of the present disclosure may include the following beneficial effects.
When it is determined that the smart card satisfies the first authentication condition based on the authentication information provided by the smart card, the generated unlocking key is sent to the smart card, and when the feedback of the smart card is received, the authentication of the smart card is completed, that is, the key distribution process is completed. Compared with the key distribution process in the related art, this process does not require the smart lock manufacturer to preset the unlocking key, nor does it require a third-party, such as a cloud end or a data center, to allocate the unlocking key; instead, the smart lock first authenticates the smart card, and after the authentication is passed, the unlocking key is generated locally by the smart lock itself and assigned to the smart card, which not only reduces the complexity of the production process of the factory, but also reduces the participation of the third-party and has a relatively high security.
In addition, when performing an unlocking operation on the smart lock, the smart lock is interacted with the smart card, so as to complete the authentication to the smart lock by the smart card and the authentication to the smart card by the smart lock, and the smart lock is controlled to be opened when two authentication results are both that the authentication is passed. Based on the above unlocking authentication method, the malicious copy attack is effectively avoided, and the reliability and security of the smart lock are improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the present disclosure.
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise represented. The implementations set forth in the following description of exemplary embodiments do not represent all implementations consistent with the invention. Instead, they are merely examples of apparatuses and methods consistent with some aspects related to the present disclosure as recited in the appended claims.
The smart lock 101 includes a front end and a back end. The front end is composed of a card reader and an electronic lock cylinder, and is configured for data interaction between the back end and the outside world. The card reader may be an NFC (Near-Field Communication) card reader, a Bluetooth card reader, etc., and is configured for data interaction with the smart card 102. On the basis of the original general mechanical lock cylinder, an electronic component that communicates with the external smart card is added in the electronic lock cylinder. The electronic lock cylinder has the function of the general mechanical lock cylinder, and also has the function of electronic identity authentication. The back end is composed of an MCU (Microprogrammed Control Unit) and an SE (Security Element), and is configured for smart card authentication and key distribution. The key distribution is a process of adding a card identifier of a smart card to a white list.
The smart card 102 includes a merchant door card that interacts with the smart lock 101, a smart phone with short-range communication function, a physical key, and the like. The merchant card has two forms: physical card and virtual card. The physical card is customized by the merchant, and the virtual card is stored in an application (APP) of the smart phone. The smart phone with short-range communication function may simulate a virtual card to communicate with the smart lock, so as to transfer configuration information. The physical key has the same appearance as the ordinary key. The physical key differs from the ordinary key in that a security chip is added, and the same function as the merchant door card can be realized. That is, except that the communication link is contact type, the unlocking authentication process is consistent with the merchant door card. The physical key may be understood as another form of the merchant door card. The smart card belongs to a CPU (Central Processing Unit) card, and each smart card has a unique identification code CID and a digital certificate. In one embodiment, the CID may be composed of 16 digits, and the first 6 digits are an identification code of a card issuer (Issuer Identification Number, IIN) for classifying the smart card. The digital certificate is issued by the merchant and is unique to the whole network.
In step S201, it is determined whether the smart card satisfies a first authentication condition according to authentication information provided by the smart card.
The authentication information includes a card identifier and a card status of the smart card. The card status includes both an unkeyed state and a keyed state. When the authentication information provided by the smart card is obtained, the smart lock needs to determine whether the smart card satisfies the first authentication condition. For example, the smart lock may check whether the card status is the unkeyed state, and whether the card identifier includes a specified number segment. If the card status is the keyed state, it indicates that the smart card has been authenticated, then the process ends; if the card status is the unkeyed state, and the specified number segment is not included in the card identifier, it indicates that the card is not the smart card corresponding to the smart lock, then the process ends; and if the card status is the unkeyed state, and the card identifier includes the specified number, then the smart lock determines that the smart card satisfies the first authentication condition. The designated number segment is an identification number of the card issuer, which is used to distinguish different smart cards.
Before acquiring the authentication information provided by the smart card, the smart lock needs to establish a connection with the smart card first. The connection process may be triggered by a third-party application. When the smart lock receives an authentication trigger instruction from the third-party application, the smart lock may establish a connection with the smart card by searching for signals such as Bluetooth, WiFi, infrared, NFC (Near Field Communication), and the like. Further, based on the connection established with the smart card, the smart lock may acquire the authentication information of the smart card.
In step S202, in response to the determination that the smart card satisfies the first authentication condition, a generated unlocking key is sent to the smart card.
In response to that the smart card satisfies the first authentication condition, the smart lock generates an unlocking key according to the card identifier, and then sends the generated unlocking key to the smart card. The unlocking key includes an internal authentication key and an external authentication key. The external authentication key may be a Card Control Key (CCK) for authenticating the smart lock by the smart card during the unlocking process; and the internal authentication key may be an Internal Authentication Key (IAK) for authenticating the smart card by the smart lock during the unlocking process.
In step S203, in response to receiving feedback information of the smart card, the smart card is determined to be an authenticated smart card.
Upon receiving the feedback information sent by the smart card, in response to the received feedback information, the smart lock determines the smart card as an authenticated smart card.
In order to facilitate the search for the authenticated smart card, a white list may be maintained on the side of the smart lock. The white list includes the card identifier of the authenticated smart card. Therefore, when it is determined that the smart card is an authenticated smart card, the smart lock may also add the card identifier of the smart card to the white list.
The method provided by the embodiment of the present disclosure, when determining that the smart card satisfies the first authentication condition based on the authentication information provided by the smart card, sends the generated unlocking key to the smart card, and completes the authentication of the smart card when receiving the feedback of the smart card. The process does not require the smart lock manufacturer to preset the unlocking key, instead, the smart lock first authenticates the smart card, and after the authentication is passed, the smart lock itself generates the unlocking key locally and assigns it to the smart card, which not only reduces the complexity of the production process of the factory, but also reduces the participation of third parties, thereby improving the safety.
Accordingly, the method for authenticating a smart card may be used in a smart card, and includes the following steps.
In step S301, authentication information is provided to the smart lock.
In step S302, an unlocking key sent by the smart lock is received.
The unlocking key is sent by the smart lock when it is determined that the smart card satisfies the first authentication condition according to the authentication information.
In step S303, feedback information is sent to the smart lock.
In response to the received unlocking key, the smart card sends feedback information to the smart lock, the feedback information being used by the smart lock to determine the smart card as an authenticated smart card.
In the method provided by the embodiment of the present disclosure, by providing the smart lock with the authentication information, the smart lock is enabled to determine whether the smart card satisfies the first authentication condition based on the authentication information, and when the smart card is determined to satisfy the first authentication condition, the generated unlocking key is sent to the smart card, and after receiving the unlocking key, the verification is performed, and the feedback information of the verification success is sent to the smart lock, thereby completing the authentication of the smart card. The process does not need to generate an unlocking key in advance, and the authentication is performed in real time based on the authentication information of the smart card and the unlocking key generated by the smart lock, therefore the authentication result is reliable and safe.
In order to enhance the security of the unlocking key during transmission,
In step S401, based on authentication information provided by the smart card, it is determined whether the smart card satisfies a first authentication condition.
In step S402, in response to that the smart card satisfies the first authentication condition, a digital certificate requested from the smart card is acquired.
In response to that the smart card satisfies the first authentication condition, the smart lock sends a digital certificate acquiring request to the smart card. When receiving the digital certificate acquiring request, the smart card acquires the digital certificate according to the digital certificate acquiring request, and sends the digital certificate to the smart lock.
In step S403, the digital certificate is verified to obtain a public key of the smart card.
The digital certificate may be issued by the manufacturer and stored on the side of the smart card, and the smart key stores the public key of the issued certificate. Therefore, when receiving the digital certificate, the smart lock verifies the digital certificate based on a Certificate Authority (CA) public key, and may obtain the public key of the smart card.
In step S404, the generated unlocking key is encrypted using the public key.
Based on the obtained public key of the smart card, the smart lock uses the public key to encrypt the generated unlocking key. In this way, the security of the unlocking key during transmission is guaranteed.
In step S405, the encrypted unlocking key is sent to the smart card.
In step S406, in response to receiving feedback information that the smart card decrypts the encrypted unlocking key by the private key corresponding to the public key successfully, the smart card is determined as the authenticated smart card.
Corresponding to
In step S501, authentication information is provided to the smart lock.
In step S502, in response to a request instruction for a digital certificate, the digital certificate is sent to the smart lock.
In step S503, the encrypted unlocking key sent by the smart lock is received.
In step S504, the encrypted unlocking key is decrypted by a private key corresponding to the public key.
In step S505, feedback information indicating that the decryption is successful is sent to the smart lock.
After successfully decrypting the encrypted unlocking key by using the private key corresponding to the public key, the smart card sends the feedback information of decryption success to the smart lock, and the feedback information is used for the smart lock to determine the smart card as the authenticated smart card.
In order to further enhance the security of the unlocking key in the transmission process, a special transport key may be generated.
In step S601, based on authentication information provided by the smart card, it is determined whether the smart card satisfies a first authentication condition.
In step S602, in response to that the smart card satisfies the first authentication condition, a generated transport key is sent to the smart card.
In response to the determination that the smart card satisfies the first authentication condition, the smart lock may randomly generate a transport key and send the transport key to the smart card. The transport key may be represented by a Card Transport Key (CTK).
In step S603, a first random number generated by the smart card is acquired.
In step S604, an encryption processing is performed on the generated unlocking key based on the transport key and the first random number to obtain first encrypted information.
The smart lock encrypts the generated unlocking key by using the transport key and the first random number, and then performs Message Authentication Code (MAC) calculation on the encrypted information to obtain first encrypted information including the MAC verification information.
In step S605, the first encrypted information is sent to the smart card.
In step S606, in response to receiving feedback information that the smart card decrypts and verifies the first encrypted information successfully, the smart card is determined to be an authenticated smart card.
Corresponding to
In step S701, authentication information is provided to the smart lock.
In step S702, a transport key sent by the smart lock is received.
In step S703, a generated first random number is sent to the smart lock.
Based on the acquired transport key, the smart card randomly generates a first random number and transmits the first random number to the smart lock. Alternatively and/or additionally, the smart card may also obtain an Initialization Vector (IV) of the first random number, and then send the IV of the first random number to the smart lock.
In step S704, the first encrypted information sent by the smart lock is received.
In step S705, the first encrypted information is decrypted based on the transport key and the generated first random number, and feedback information for successful verification is generated.
For the received first encrypted information, the smart card decrypts the first encrypted information by using the generated first random number and the pre-stored transport key, obtains an unlocking key, and performs MAC calculation on the unlocking key to obtain MAC verification information, then compares the MAC verification information with MAC verification information generated at the side of the smart lock. If the MAC verification information is the same as the MAC verification information generated at the side of the smart lock, it is determined that the verification succeeds, and feedback information indicating the successful verification is sent to the smart lock.
In another embodiment of the present disclosure, in order to improve the security of the sent transport key, the smart lock also acquires the digital certificate requested from the smart card, verifies the digital certificate to obtain the public key of the smart card, encrypts the transport key using the public key to obtain second encrypted information, and then sends the second encrypted information to the smart card. When receiving the second encrypted information, the smart card decrypts the second encrypted information by using a private key corresponding to the public key to obtain the transport key.
In another embodiment of the present disclosure, in order to improve the security of the sent first random number, the smart card further encrypts the generated first random number by using the transport key to obtain third encrypted information, and then sends the third encrypted message to the smart lock. When receiving the third encrypted information sent by the smart card, the smart lock decrypts the third encrypted information by using the transport key to obtain a first random number. Alternatively and/or additionally, the smart card may also obtain the IV of the first random number, and encrypt the IV of the first random number by using the transport key to obtain the third encrypted information, and then send the third encrypted information to the smart lock. When receiving the third encrypted information sent by the smart card, the smart lock decrypts the third encrypted information by using the transport key to obtain the IV of the first random number.
The above authentication method for the smart card will be described below with reference to
Referring to
In step S901, it is determined whether the smart card satisfies a second authentication condition according to authentication information provided by the smart card.
Based on the authentication information provided by the smart card, the smart lock needs to determine whether the smart card satisfies the second authentication condition, so that when the smart card satisfies the second authentication condition, the subsequent authentication process is performed. For example, the smart lock determines whether the smart card satisfies the second authentication condition, including but not limited to the following manner: the smart lock checks whether the card status in the authentication information is an unkeyed state, and checks whether the card identifier is a card of an authenticated smart card. If the card status is the unkeyed state, the process ends; and if the card status is the keyed status and the card identifier is the card identifier of the authenticated smart card, the smart lock determines that the smart card satisfies the second authentication condition.
In step S902, in response to that the smart card satisfies the second authentication condition, an external authentication result of the smart lock is acquired by the smart card.
When it is determined that the smart card satisfies the second authentication condition, the smart lock sends a second random number acquisition request to the smart card. When receiving the second random number acquisition request, the smart card generates a second random number according to the second random number acquisition request, and sends the second random number to the smart lock. When the second random number is received, the smart lock encrypts the second random number by using an external authentication key in the pre-stored unlocking key to obtain fourth encrypted information, and then sends the fourth encrypted information to the smart card.
When receiving the fourth encrypted information, the smart card decrypts the fourth encrypted information by using the external authentication key in the pre-stored unlocking key to obtain a second random number, and verifies the second random number obtained by the decryption according to the generated second random number to obtain an external authentication result. If the generated second random number is the same as the second random number obtained by the decryption, the external authentication result indicating that the authentication is passed is obtained; and if the generated second random number is different from the second random number obtained by the decryption, the external authentication result indicating that the authentication is failed is obtained.
In step S903, in response to the external authentication result that the authentication is passed, the smart card is authenticated to obtain an internal authentication result.
In response to the external authentication result that the authentication is passed, the smart lock generates a third random number, and sends the generated third random number to the smart card. When the third random number is received, the smart card adopts an internal authentication key in the pre-stored unlocking key to encrypt the third random number to obtain fifth encrypted information, and sends the fifth encrypted information to the smart lock. When the fifth encrypted information is received, the smart lock uses the internal authentication key in the pre-stored unlocking key to decrypt the encrypted information to obtain a third random number, and verifies the third random number obtained by the decryption according to the generated third random number to obtain an internal authentication result. If the generated third random number is the same as the third random number obtained by the decryption, the internal authentication result indicating that the authentication is passed is obtained; and if the generated third random number is different from the third random number obtained by the decryption, the internal authentication result indicating that the authentication is failed is obtained.
In step S904, in response to the internal authentication result indicating that the authentication is passed, the smart lock is controlled to be opened.
In response to the internal authentication result that the authentication is passed, the smart lock and the smart card confirm each other as a trusted device, thereby controlling the smart lock to be opened.
Corresponding to
In step S1001, authentication information is provided to the smart lock.
Based on the connection established with the smart card, the smart lock may send to the smart card an information acquisition instruction for providing the authentication information. When receiving the information acquisition instruction, the smart card acquires the authentication information and sends the authentication information to the smart lock. The authentication information includes the card identifier and the card status of the smart card. The card status includes both an unkeyed state and a keyed state.
In step S1002, in response to that the smart card satisfies the second authentication condition, the smart lock is externally authenticated to obtain an external authentication result.
In step S1003, in response to the external authentication result that the authentication is passed, an internal authentication result of the smart card by the smart lock is acquired.
The internal authentication result is used to control the smart lock to be opened when the authentication result is that the authentication is passed.
In the method provided by the embodiment of the present disclosure, when unlocking the smart lock, by interacting between the smart card and the smart lock, the authentication of the smart lock by the smart lock card and the authentication of the smart card by the smart lock are completed, and when the two authentication results are both that the authentication is passed, the smart lock is controlled to be unlocked. Based on the above unlocking authentication method, the malicious copy attack is effectively avoided, and the reliability and security of the smart lock are improved.
For the above-mentioned unlocking authentication method, the interaction process between the smart card and the smart lock will be described as an example in conjunction with
Referring to
The determining module 1201 is configured to determine, according to authentication information provided by the smart card, whether the smart card satisfies a first authentication condition.
The sending module 1202 is configured to send a generated unlocking key to the smart card in response to the determination that the smart card satisfies the first authentication condition.
The determining module 1201 is configured to determine the smart card as an authenticated smart card in response to receiving feedback information of the smart card.
In another embodiment of the present disclosure, the determining module 1201 is configured to acquire authentication information requested from the smart card, the authentication information including a card identifier and a card status of the smart card; and when the card status is determined to be an unkeyed state, and the card identifier includes a specified number segment, determine that the smart card satisfies the first authentication condition.
In another embodiment of the present disclosure, the smart lock further includes: an acquisition module, a verification module, and an encryption module.
The acquisition module is configured to acquire a digital certificate requested from the smart card.
The verification module is configured to verify the digital certificate to obtain a public key of the smart card.
The encryption module is configured to encrypt a generated unlocking key by using a public key.
The sending module 1202 is configured to send the encrypted unlocking key to the smart card.
The determining module 1201 is configured to determine the smart card as an authenticated smart card in response to receiving feedback information that the smart card successfully decrypts the encrypted unlocking key by using a private key corresponding to the public key.
In another embodiment of the present disclosure, the smart lock further includes: an acquisition module.
The sending module 1202 is configured to send the generated transport key to the smart card.
The acquisition module is configured to acquire a first random number generated by the smart card.
The sending module 1202 is configured to perform an encryption processing on the generated unlocking key based on the transport key and the first random number to obtain first encrypted information.
The sending module 1202 is configured to send the first encrypted information to the smart card.
The determining module 1201 is configured to determine the smart card as an authenticated smart card in response to receiving feedback information that the smart card decrypts and verifies the first encrypted information successfully.
In another embodiment of the present disclosure, the smart lock further includes: an acquisition module and a verification module.
The acquisition module is configured to acquire a digital certificate requested from the smart card.
The verification module is configured to verify the digital certificate to obtain a public key of the smart card.
The sending module 1202 is configured to encrypt the transport key by using a public key to obtain second encrypted information; and send the second encrypted information to the smart card.
In another embodiment of the present disclosure, the acquisition module is configured to receive the third encrypted information sent by the smart card, the third encrypted information being obtained by the smart card by using the transport key to encrypt the generated first random number; and use the transport key to decrypt the third encrypted information to obtain a first random number.
In another embodiment of the present disclosure, the smart lock further includes: a receiving module and a connection module.
The receiving module is configured to receive an authentication trigger instruction from a third-party application.
The connection module is configured to establish a connection with the smart card.
In another embodiment of the present disclosure, the smart lock further includes: an acquisition module, an authentication module, and a control module.
The determining module 1201 is configured to determine whether the smart card satisfies a second authentication condition.
The acquisition module is configured to acquire an external authentication result of the smart lock by the smart card in response to that the smart card satisfies the second authentication condition.
The authentication module is configured to authenticate the smart card in response to the external authentication result that the authentication is passed, and obtain an internal authentication result.
The control module is configured to control the smart lock to be opened in response to the internal authentication result that the authentication is passed.
In another embodiment of the present disclosure, the determining module 1201 is configured to acquire authentication information requested from the smart card, the authentication information including a card identifier and a card status of the smart card; and when the card status is determined to be a keyed state, and the card identification represents that the smart card is an authenticated smart card, determine that the smart card satisfies the second authentication condition.
In another embodiment of the present disclosure, the acquisition module is configured to send a second random number acquisition request to the smart card, the second random number acquisition request being used by the smart card for generating a second random number and returning the second random number; receive the second random number; encrypt the second random number by using an external authentication key in a pre-stored unlocking key to obtain fourth encrypted information; send the fourth encrypted information to the smart card, the fourth encrypted information being used by the smart card for using the external authentication key in the pre-stored unlocking key for decryption to obtain a second random number, and verifying the second random number to obtain an external authentication result and returning the external authentication result; and receive the external authentication result sent by the smart card.
In another embodiment of the present disclosure, the authentication module is configured to send the generated third random number to the smart card, the third random number being used by the smart card for encrypting using an internal authentication key in a pre-stored unlocking key, obtaining the fifth encrypted information and returning the fifth encrypted information; receive the fifth encrypted information; decrypt the fifth encrypted information by using the internal authentication key in the pre-stored unlocking key to obtain a third random number; and verify the third random number to obtain an internal certification result.
When determining that the smart card satisfies the first authentication condition according to the authentication information provided by the smart card, the smart lock provided by the embodiment of the present disclosure sends the generated unlocking key to the smart card, and performs verification by the smart card, and when receiving feedback of successful verification, the authentication of the smart card is completed. The process does not need to generate an unlocking key in advance, and the authentication is performed in real time based on the authentication information of the smart card and the unlocking key generated by the smart lock, thereby the authentication result is reliable and safe.
In addition, when unlocking the smart lock, by the interaction between the smart lock and the smart card, the authentication of the smart lock by the smart lock card and the authentication of the smart card by the smart lock are completed, and when the two authentication results are both that the authentication is passed, the smart lock is controlled to be opened. Based on the above unlocking authentication method, the malicious copy attack is effectively avoided, and the reliability and security of the smart lock are improved.
With regard to the smart locks in the above embodiments, the implementation manners in which the respective modules perform the operations have been described in detail in the embodiments relating to the method, and will not be explained in detail herein.
The information providing module 1301 is configured to provide authentication information to the smart lock.
The receiving module 1302 is configured to receive an unlocking key sent by the smart lock, where the unlocking key is sent by the smart lock when determining that the smart card satisfies the first authentication condition according to the authentication information.
The sending module 1303 is configured to send feedback information to the smart lock.
In another embodiment of the present disclosure, the information providing module 1301 is configured to provide the smart lock with the authentication information in response to the request instruction for the authentication information.
The authentication information includes a card identifier and a card status of the smart card, and the authentication information is used by the smart lock to determine that the smart card satisfies the first authentication condition when the card status is an unkeyed state and the card identifier includes the specified number segment.
In another embodiment of the present disclosure, the sending module 1303 is configured to send a digital certificate to the smart lock in response to a request for the digital certificate.
The digital certificate is verified by the smart lock to obtain a public key of the smart card, and the public key is used to encrypt the generated unlocking key.
The receiving module 1302 is configured to receive an encrypted unlocking key sent by the smart lock.
The smart card further includes: a decryption module.
The decryption module is configured to decrypt the encrypted unlocking key by a private key corresponding to the public key.
The sending module 1303 is configured to send feedback information of successful decryption to the smart lock.
In another embodiment of the present disclosure, the receiving module 1302 is configured to receive a transport key sent by the smart lock.
The sending module 1303 is configured to send the generated first random number to the smart lock.
The smart lock performs an encryption processing on the generated unlocking key based on the transport key and the first random number to obtain the first encrypted information and returns the first encrypted information.
The receiving module 1302 is configured to receive first encrypted information sent by the smart lock.
The sending module 1303 is configured to decrypt the first encrypted information based on the transport key and the generated first random number, and generate feedback information that the verification succeeds.
In another embodiment of the present disclosure, the sending module 1303 is configured to send the digital certificate to the smart lock in response to the request for the digital certificate. The digital certificate is verified by the smart lock to obtain the public key of the smart card. The public key is used to encrypt the generated transport key to obtain second encrypted information.
The receiving module 1302 is configured to receive the second encrypted information sent by the smart lock.
The smart card further includes: an acquisition module.
The acquisition module is configured to decrypt the second encrypted information by using a private key corresponding to the public key to obtain a transport key.
In another embodiment of the present disclosure, the sending module 1303 is configured to encrypt the generated first random number with the transport key to obtain third encrypted information; and send the third encrypted information to the smart lock.
In another embodiment of the present disclosure, the smart card further includes: an authentication module and an acquisition module.
The information providing module 1301 is configured to provide authentication information to the smart lock.
The authentication module is configured to externally authenticate the smart lock in response to the smart card satisfying the second authentication condition, and obtain an external authentication result.
The acquisition module is configured to acquire an internal authentication result of the smart lock to the smart card in response to the external authentication result that the authentication is passed, and when the internal authentication result is that the authentication is passed, the smart lock is controlled to be opened.
In another embodiment of the present disclosure, the information providing module 1301 is configured to send the authentication information to the smart lock in response to the request instruction for the authentication information.
The authentication information includes the card identifier and the card status of the smart card. The authentication information is used by the smart lock to determine that the smart card satisfies the second authentication condition when the smart card is in the keyed state and the card identifier is in the whitelist, the card identifier being in the whitelist representing that the smart card is the authenticated card.
In another embodiment of the present disclosure, the authentication module is configured to receive a second random number acquisition request sent by the smart lock; generate a second random number; and send the second random number to the smart lock, the second random number being encrypted by the smart lock using an external authentication key in a pre-stored unlocking key to obtain and return the fourth encrypted information; receive the fourth encrypted information; use the external authentication key in the pre-stored unlocking key to decrypt the fourth encrypted information to obtain a second random number; and verify the second random number according to the generated second random number to obtain an external authentication result.
In another embodiment of the present disclosure, the acquisition module is configured to receive a third random number sent by the smart lock; encrypt the third random number by using an internal authentication key in the pre-stored unlocking key to obtain fifth encrypted information; and send the fifth encrypted information to the smart lock, where the smart lock decrypts the fifth encrypted information by using the internal authentication key in the pre-stored unlocking key to obtain a third random number, and verify the third random number to obtain an internal certification result.
In the smart card provided by the embodiment of the present disclosure, by providing the smart lock with the authentication information, the smart lock is capable of determining whether the smart card satisfies the first authentication condition based on the authentication information, and when the smart card is determined to satisfy the first authentication condition, the generated unlocking key is sent to the smart card, and after receiving the unlocking key, the verification is performed, and the feedback information of the verification success is sent to the smart lock, thereby completing the authentication of the smart card. The process does not need to generate an unlocking key in advance, and the authentication is performed in real time based on the authentication information of the smart card and the unlocking key generated by the smart lock, and the authentication result reliable and safe.
In addition, when unlocking the smart lock, the smart lock is interacted with the smart card to complete the authentication of the smart lock by the smart lock card and the authentication of the smart card by the smart lock, and when the two authentication results are both that the authentication is passed, the smart lock is controlled to be opened. Based on the above unlocking authentication method, the malicious copy attack is effectively avoided, and the reliability and security of the smart lock are improved.
The embodiment of the present disclosure further provides a smart lock system, including the smart lock provided by any of the above embodiments, and at least one smart card provided by any of the above embodiments.
Referring to
The processing component 1402 typically controls overall operations of the device 1400, such as the operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 1402 may include one or more processors 1420 to execute instructions to perform all or part of the steps in the above described methods. Moreover, the processing component 1402 may include one or more modules which facilitate the interaction between the processing component 1402 and other components. For instance, the processing component 1402 may include a multimedia module to facilitate the interaction between the multimedia component 1408 and the processing component 1402.
The memory 1404 is configured to store various types of data to support the operation of the device 1400. Examples of such data include instructions for any application or method operated on the device 1400, contact data, phonebook data, messages, pictures, videos, etc. The memory 1404 may be implemented using any type of volatile or non-volatile storage devices, or a combination thereof, such as a static random access memory (SRAM), an electrically erasable programmable read-only memory (EEPROM), an erasable programmable read-only memory (EPROM), a programmable read-only memory (PROM), a read-only memory (ROM), a magnetic memory, a flash memory, a magnetic or optical disk.
The power component 1406 provides power to various components of the device 1400. The power component 1406 may include a power management system, one or more power sources, and any other components associated with the generation, management, and distribution of power in the device 1400.
The multimedia component 1408 includes a screen providing an output interface between the device 1400 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes the touch panel, the screen may be implemented as a touch screen to receive input signals from the user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensors may not only sense a boundary of a touch or swipe action, but also sense a period of time and a pressure associated with the touch or swipe action. In some embodiments, the multimedia component 1408 includes a front camera and/or a rear camera. The front camera and the rear camera may receive an external multimedia datum while the device 1400 is in an operation mode, such as a photographing mode or a video mode. Each of the front camera and the rear camera may be a fixed optical lens system or have focus and optical zoom capability.
The audio component 1410 is configured to output and/or input audio signals. For example, the audio component 1410 includes a microphone (“MIC”) configured to receive an external audio signal when the device 1400 is in an operation mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signal may be further stored in the memory 1404 or transmitted via the communication component 1416. In some embodiments, the audio component 1410 further includes a speaker to output audio signals.
The I/O interface 1412 provides an interface between the processing component 1402 and peripheral interface modules, such as a keyboard, a click wheel, buttons, and the like. The buttons may include, but are not limited to, a home button, a volume button, a starting button, and a locking button.
The sensor component 1414 includes one or more sensors to provide status assessments of various aspects of the device 1400. For instance, the sensor component 1414 may detect an open/closed status of the device 1400, relative positioning of components, e.g., the display and the keypad, of the device 1400, a change in position of the device 1400 or a component of the device 1400, a presence or absence of user contact with the device 1400, an orientation or an acceleration/deceleration of the device 1400, and a change in temperature of the device 1400. The sensor component 1414 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor component 1414 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor component 1414 may also include an accelerometer sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 1416 is configured to facilitate communication, wired or wirelessly, between the device 1400 and other devices. The device 1400 can access a wireless network based on a communication standard, such as WiFi, 4G, or 5G, or a combination thereof. In one exemplary embodiment, the communication component 1416 receives a broadcast signal or broadcast associated information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 1416 further includes a near field communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on a radio frequency identification (RFID) technology, an infrared data association (IrDA) technology, an ultra-wideband (UWB) technology, a Bluetooth (BT) technology, and other technologies.
In exemplary embodiments, the device 1400 may be implemented with one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), controllers, micro-controllers, microprocessors, or other electronic components, for performing the above described methods.
In exemplary embodiments, there is also provided a non-transitory computer-readable storage medium including instructions, such as included in the memory 1404, executable by the processor 1420 in the device 1400, for performing the above-described methods. For example, the non-transitory computer-readable storage medium may be a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disc, an optical data storage device, and the like.
In the device provided by the embodiment of the present disclosure, when it is determined that the smart card satisfies the first authentication condition based on the authentication information provided by the smart card, the generated unlocking key is sent to the smart card and is verified by the smart card, and when receiving the feedback of the successful verification, the authentication of the smart card is completed. The process does not need to generate an unlocking key in advance, and the authentication is performed in real time based on the authentication information of the smart card and the unlocking key generated by the smart lock, thus the authentication result is more reliable and safer.
In addition, when unlocking the smart lock, the smart lock is interacted with the smart card to complete the authentication of the smart lock by the smart lock card and the authentication of the smart card by the smart lock, and when the two authentication results are both that the authentication is passed, the smart lock is controlled to be opened. Based on the above unlocking authentication method, the malicious copy attack is effectively avoided, and the reliability and security of the smart lock are improved.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed here. This application is intended to cover any variations, uses, or adaptations of the disclosure following the general principles thereof and including such departures from the present disclosure as come within known or customary practice in the art. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be appreciated that the present disclosure is not limited to the exact construction that has been described above and illustrated in the accompanying drawings, and that various modifications and changes can be made without departing from the scope thereof. It is intended that the scope of the disclosure only be limited by the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 201811410112.9 | Nov 2018 | CN | national |
