Intelligent door lock identity authentication method and system, readable storage medium and mobile terminal
A smart door lock and identity authentication technology, which is applied in the field of communication security, can solve the problems of users' production and life troubles, easy to be monitored by hackers, threats to users' work or living safety, etc., and achieve the effect of improving security and preventing identity information leakage
Active Publication Date: 2019-05-03
深圳市小石安防科技有限公司
5 Cites 36 Cited by
AI-Extracted Technical Summary
Problems solved by technology
[0003] Usually, the user can control the smart door lock by entering the target password or identity information into the smart door lock in advance, accessing the password or verifying the identity information, and in the process of using the smart door lock, the target password or Identity information relies on wireless transmission, wh...
Method used
[0101] After negotiating the second encryption key, both the mobile terminal and the smart door lock replace the first encryption key saved by themselves with the second encryption key (the second encryption key has not yet been uploaded to the server for Encryption key refresh), then the mobile terminal uses the second encryption key to establish a second encrypted communication channel with the smart door lock, and accordingly, the smart door lock uses the second encryption key to establish a second encrypted communication channel with the mobile terminal, realizing Two-way encryption; in this embodiment, the security of the smart door lock is further improved by regularly updating the encryption key.
[0131] Therefore, the intelligent door lock identity authentication method of the present invention can prevent identity authentication between the mobile terminal and the intelligent door lock by implementing double encryption and two-way identity authentication during the identity authentication process between the mobile terminal and the intelligent door lock. Identity information leakage occurs during the authentication process, which improves the security of smart door locks:
[0132] The smart door lock identity authentication method first uses an encryption key to establish a two-way encrypted communication channel between the mobile terminal and the smart door lock, so that the data transmitted between the mobile terminal and the smart door lock is encrypted by the encryption key Encrypted encrypted data, so that even if a hacker intercepts the relevant data, he will not be able to know the content of the data because he does not have an encryption key, thus effectively improving the security of data transmission; then use the specified first identity to encrypt information and the second identity encryption information for two-way identity authentication, so that before the mobile terminal sends configuration commands to the smart door lock, both the mobile terminal and the smart door lock need to perform identity authentication according to the identity encryption information provided by the other party, only the identity of both parties After all are confirmed, the mobile termi...
Abstract
The invention discloses an intelligent door lock identity authentication method and system, a readable storage medium and a mobile terminal. The method comprises steps that the request information about the identity identifier is sent by a mobile terminal to an intelligent door lock, and the identity identifier corresponds to the intelligent door lock; first feedback data sent by the intelligent door lock is received and saved, the first feedback data contains a first random number and the specified first identity encryption information, and the first identity encryption information corresponds to the identity identifier; the first identity encryption information is authenticated, and whether the first identity encryption information is legal is determined; if the first identity encryptioninformation is legal, the specified second identity encryption information is generated according to the first token information and the first random number and sent to the intelligent door lock foridentity authentication, the first token information is pre-stored on the mobile terminal and the intelligent door lock; the identity authentication result sent by the intelligent door lock is received, and feedback operation is performed based on the identity authentication result. The method is advantaged in that safety of the intelligent door lock is improved.
Application Domain
Individual entry/exit registers
Technology Topic
EncryptionAuthentication +1
Image
Examples
- Experimental program(1)
Example Embodiment
[0062] It should be understood that the specific embodiments described here are only used to explain the present invention, but not to limit the present invention.
[0063] Reference figure 1 The present invention proposes a smart door lock identity authentication method. The smart door lock is in communication connection with a mobile terminal, and the mobile terminal is in communication connection with a server. The method includes the following steps:
[0064] S11: The mobile terminal sends request information about the identity identifier to the smart door lock, where the identity identifier corresponds to the smart door lock;
[0065] S12. Receive and save the first feedback data sent by the smart door lock, where the first feedback data contains a first random number and designated first identity encryption information, where the first identity encryption information corresponds to an identity identifier;
[0066] S13: Perform identity verification on the first identity encrypted information, and determine whether the first identity encrypted information is legal;
[0067] If the first identity encryption information is legal, then perform S14, according to the first token information and the first random number, generate the specified second identity encryption information and send it to the smart door lock for identity verification, where the first token information Pre-stored on the mobile terminal and smart door lock;
[0068] S15: Receive the identity verification result sent by the smart door lock, and perform a feedback operation according to the identity verification result.
[0069] In the above S11, the smart door lock and the mobile terminal can be connected through wireless communication technologies such as Bluetooth and WIFI. For the mobile terminal and the server, a specific application (APP) can be installed on the mobile terminal. Way to realize the communication connection between the two; the identity is a set of random numbers composed of visible characters, which is the unique identity certificate issued by the server to the smart door lock when the smart door lock needs to be registered for use on the server. That is, the identity identifier corresponds to the smart door lock one to one, and its function is to verify whether the smart door lock has been registered and activated on the server. Specifically, the mobile terminal sends request information about the identity to the smart door lock. When the smart door lock receives the request information, the smart door lock checks whether the identity is present, and makes a corresponding response to the mobile terminal based on the check result. Feedback.
[0070] In the above S12, specifically, when the smart door lock detects its own identity, the smart door lock sends the first feedback data to the mobile terminal. Accordingly, the mobile terminal receives and saves the first feedback data sent by the smart door lock, The first feedback data contains a first random number and designated first identity encryption information, and the first identity encryption information corresponds to an identity identifier, where the first random number is a dynamic random character string, which is characterized in that once the mobile terminal and the After the smart door lock disconnects the communication connection and re-establishes the communication connection, the first random number generated by the smart door lock is different from the first random number generated last time; and the function of the first identity encryption information is to make the mobile terminal Verify the legality of the current smart door lock identity.
[0071] In the above S13, when the first identity encryption information is legal, it indicates that the current smart door lock is a smart door lock that needs to be configured by the mobile terminal (current user). At this time, you can enter S14 to perform related operations; and when the first identity is encrypted When the information is illegal, there are two possibilities: one is that the current smart door lock has been registered and activated by another user, making the first-identity encrypted information unable to pass the identity verification, and the current user cannot configure the current smart door lock; The other is that the first identity encrypted information has been tampered with or forged, so that the first identity encrypted information cannot pass identity verification. At this time, the current user cannot configure the current smart door lock. In this step, under the premise that the current smart door lock is the smart door lock that the current user needs to configure, since the first identity encryption information is designated (corresponding to the identity identifier) and encrypted data, even if the hacker captures The data packet of the first identity encrypted information cannot be tampered with or forged, because once the first identity encrypted information has been tampered with or forged, the identity verification cannot be passed and the operation cannot be continued.
[0072] In an optional embodiment, the first identity encryption information is the first MD5 value of the corresponding identity. Specifically, when the smart door lock detects that it has an identity, it indicates that the current smart door lock has been registered on the server and Activate, at this time, the smart door lock generation generates the first random number through the preset random number generation algorithm and saves it, and at the same time calculates the identity through the preset MD5 algorithm (Message-Digest Algorithm 5, the fifth generation of information digest algorithm) , Obtain the first MD5 value, and then send the first random number and the first MD5 value as the first identity encrypted information to the mobile terminal. At this time, the first identity encrypted information can be authenticated in the following manner to determine the first identity Is the encrypted information legal:
[0073] S131: Calculate one or more identities obtained in advance from the server by using a preset MD5 algorithm to obtain one or more MD5 values;
[0074] S132: Compare the first MD5 value with one or more MD5 values to find whether there is an MD5 value matching the first MD5;
[0075] If it exists, execute S133 to determine that the first identity encrypted information is legal;
[0076] If it does not exist, execute S134 to determine that the first identity encrypted information is illegal.
[0077] In this embodiment, specifically, for example, when the mobile terminal obtains 3 identities from the server in advance, it indicates that the current user has registered and activated 3 smart door locks on the server in advance. Among these 3 identities, There is an identity corresponding to the current smart door lock, or it may not exist. Specifically, when the mobile terminal receives the first MD5 value and the first random number sent by the current smart door lock, the mobile terminal uses the preset MD5 algorithm to The 3 identities obtained from the server in advance are calculated separately to obtain 3 corresponding MD5 values, and then the first MD5 value and these 3 MD5 values are compared one by one to determine whether there is any difference between the first MD5 value and the first MD5 value. If the MD5 value matched by MD5 exists, it means that the first ID encrypted information is legal, that is, the first MD5 value is legal, and you can enter S14 to perform related operations; if it does not exist, it means that the first identity encrypted information is illegal, that is The first MD5 value is illegal. At this time, the reason why the first MD5 value is illegal may be that the current smart door lock has been registered and activated by another user, or the first MD5 value may have been tampered with. In this embodiment, under the premise that the current smart door lock has been pre-registered and activated by the current user on the server, since the first MD5 value has uniqueness (one-to-one correspondence with the identity) and irreversibility (that is, in the known Under the conditions of MD5 algorithm and identity, the MD5 value of the corresponding identity can be calculated, but under the condition of known MD5 algorithm and MD5 value, the identity corresponding to the MD5 value cannot be obtained through inverse calculation), so even if the hacker intercepts The first MD5 value cannot be tampered with, because once the MD5 value has been tampered with, the identity verification cannot be passed and the operation cannot be continued.
[0078] In the above S14, specifically, the mobile terminal calculates the first token information and the first random number through a preset algorithm, obtains the designated second identity encryption information and sends it to the smart door lock, when the smart door lock receives When the second identity encrypts information, the smart door lock calculates the first token information and the first random number stored by the same preset algorithm to obtain the specified third identity encrypted information, and then the smart door lock encrypts the second identity The information is compared with the third identity encryption information, and it is determined whether the second identity encryption information is consistent with the third identity encryption information. If they are consistent, the authentication result that the second identity encryption information is legal is sent to the mobile terminal, and the mobile terminal is allowed to The smart door lock is configured; if it is inconsistent, it means that the second identity encryption information received by the smart door lock has been tampered with or forged. At this time, the identity verification result that the second identity encryption information is illegal is sent to the mobile terminal, and it is not allowed The mobile terminal configures the smart door lock.
[0079] In an optional embodiment, the second identity encryption information is a second MD5 value corresponding to the first token information and the first random number, the identity verification result sent by the smart door lock is received, and the feedback operation is performed according to the identity verification result The steps include:
[0080] S151: If the identity verification result is that the second identity encryption information is legal, send a configuration command with a second MD5 value attached to the smart door lock.
[0081] In this embodiment, specifically, when the mobile terminal determines that the first identity encryption information is legal, the mobile terminal uses the preset MD5 algorithm to calculate the stored first token information and the first random number to obtain the second The MD5 value is sent to the smart door lock. When the smart door lock receives the second MD5 value sent by the mobile terminal, the smart door lock performs the first token information and the first random number stored by itself through the preset MD5 algorithm. Calculate, obtain the sixth MD5 value and compare it with the second MD5 value, determine whether the sixth MD5 value is consistent with the second MD5 value, and if they are consistent, send the second identity encryption information to the mobile terminal as legal (ie, the second MD5 value) If it is inconsistent, it means that the second MD5 value received by the smart door lock has been tampered with. At this time, sending the second identity encryption information to the mobile terminal is illegal (that is, the second MD5 value is legal). Validation results. When the identity verification result received by the mobile terminal is that the second identity encryption information is legal, it means that the current smart door lock allows the mobile terminal to configure it. At this time, the mobile terminal sends a configuration command with the second MD5 value to the smart door lock. Among them, the configuration commands include instructions for configuring the smart door lock, such as modifying the unlocking password, adding fingerprints, deleting the local information of the smart door lock, etc., which can be one or multiple, and there is no specific restriction on this; accordingly, When the smart door lock receives the configuration command attached with the second MD5 value sent by the mobile terminal, before executing the configuration command, the smart door lock first verifies whether the second MD5 value is legal, and if it is legal, executes the configuration command. Illegal, which means that the configuration command has been tampered with or forged, and the configuration command is not executed at this time; in this embodiment, because the configuration command is accompanied by a second MD5 value, even if the hacker intercepts the configuration command, The configuration command cannot be tampered with, because once the configuration command is tampered with, the second MD5 value attached to the configuration command will also change accordingly, and the identity verification cannot be passed, so that the smart door lock will not ring Commands should be configured to perform related operations, thus ensuring the reliability and security of data, and thereby ensuring the security of smart door locks.
[0082] In an optional embodiment, the step of receiving the identity verification result sent by the smart door lock and performing a feedback operation according to the identity verification result further includes:
[0083] S152: If the identity verification result is that the second identity encryption information is illegal, receive request information about verifying the administrator password sent by the smart door lock;
[0084] S153: Prompt the user to enter the administrator password according to the requested information;
[0085] S154: Obtain the administrator password input by the user, and generate a third MD5 value according to the administrator password and the first random number and send it to the smart door lock for verification.
[0086] In this embodiment, specifically, when the smart door lock determines that the sixth MD5 value is inconsistent with the second MD5 value, the smart door lock sends to the mobile terminal the identity verification result that the second identity encryption information is illegal and information about the verification administrator The password request information. Correspondingly, when the identity verification result received by the mobile terminal is that the second identity encryption information is illegal, it means that the current smart door lock does not allow the mobile terminal to configure it. At this time, the mobile terminal is based on the received The request information prompts the current user to enter the administrator password. After the current user enters the administrator password, the mobile terminal uses the preset MD5 algorithm to calculate the administrator password and the first random number to obtain the third MD5 value and send it to the smart door lock When the smart door lock receives the third MD5 value sent by the mobile terminal, the smart door lock uses the preset MD5 algorithm to calculate the first random number and the administrator password saved by itself to obtain the seventh MD5 value and compare it with The third MD5 value is compared to determine whether the seventh MD5 value is consistent with the third MD5 value. If they are consistent, the administrator password verification is successful, and the smart door lock allows the mobile terminal to configure it; if they are inconsistent, it indicates management If the administrator password verification is unsuccessful, the smart door lock sends a notification that the administrator password verification failed to the mobile terminal. The mobile terminal can prompt the user to re-enter the administrator password for verification based on the notification. If the administrator password verification fails too many times, The smart door lock sends a message that the administrator password verification has failed too many times to the mobile terminal. The mobile terminal can prompt the user to wait a period of time and then re-enter the administrator password for verification based on the message until the administrator password verification is successful.
[0087] Preferably, after the step of generating the third MD5 value according to the administrator password and the first random number and sending it to the smart door lock for verification, the method further includes:
[0088] S155: Receive the second token information sent by the smart door lock, and send the second token information and the identity identifier to the server to refresh the token information.
[0089] In this embodiment, specifically, when the administrator password verification is successful (that is, when the seventh MD5 value is consistent with the third MD5 value), the smart door lock regenerates and saves the second token information corresponding to the administrator password, At the same time, the second token information is sent to the mobile terminal. Correspondingly, when the mobile terminal receives the second token information sent by the smart door lock, the mobile terminal will use the second token information with the corresponding one obtained in advance from the server. The identity of the current smart door lock is uploaded to the server. When the server receives the identity and the second token information returned by the mobile terminal, the server finds the first token information corresponding to the current smart door lock according to the identity, and then uploads the first The token information is replaced with the second token information to refresh the token information corresponding to the current door lock, so that the second identity encryption information verification (corresponding to the relevant principle process of S14 above) or the smart door lock configuration will be performed next time (Ie corresponding to the related principle process of S151 above), use the second token information to perform related operations (such as generating the second identity encryption information), so even if the first token information is leaked, the first token information cannot be used Complete the relevant identity verification, thereby further improving the security of the smart door lock. Further, after the mobile terminal sends the second token information and the identity identifier to the server to refresh the token information, the mobile terminal can configure the current smart door lock at this time. Specifically, the mobile terminal uses the preset MD5 The algorithm calculates the second token information and the first random number to obtain the MD5 value corresponding to the second token information and the first random number, and then the mobile terminal sends the configuration command with the MD5 value to the smart door lock for execution Related operations, related operations are similar to the related principle process of S151, and will not be repeated here.
[0090] Specifically, before the step of the mobile terminal sending the request information about the identity to the smart door lock, it further includes:
[0091] S09: Obtain account binding information corresponding to one or more smart door locks pre-stored in the server, where the account binding information includes the first encryption key, the first token information, and the identity;
[0092] S10: Establish a first encrypted communication channel with the smart door lock by using the first encryption key.
[0093] In this embodiment, specifically, the communication connection between the mobile terminal and the server can be realized by installing a specific application (APP) on the mobile terminal. Before configuring the smart door lock, the user can use the pre-registered APP account Or a third-party application account can log in to the APP for use. After the account is logged in, the mobile terminal requests the binding information of this account from the server, and the server responds to the request of the mobile terminal to return the binding information of this account, because the account may be pre-bound Or multiple smart door locks, so the user can see the account binding information of one or more smart door locks on the designated application interface after logging in to the account. Among them, the account binding information of each smart door lock includes the first An encryption key, first token information and identity identification.
[0094] When the mobile terminal establishes a communication connection with the current smart door lock through Bluetooth or WIFI, the mobile terminal uses the first encryption key to establish a first encrypted communication channel with the smart door lock. Accordingly, the current smart door lock also uses the pre-stored The first encryption key of its own establishes a first encrypted communication channel with the mobile terminal to realize two-way encryption, so that the data transmitted between the mobile terminal and the smart door lock afterwards is encrypted by the first encryption key Data, that is, the first encrypted communication channel is two-way. Once the first encrypted communication channel is established, the data sent by the mobile terminal to the smart door lock is encrypted by the first encryption key. When the smart door lock receives the mobile terminal When sending data, the smart door lock needs to use the stored first encryption key to decrypt the data to know the content information in the data. Similarly, when the mobile terminal receives the data sent by the smart door lock, the mobile terminal also It is necessary to use the first encryption key to decrypt the data to obtain the content information. Therefore, in the subsequent process of dual identity authentication between the mobile terminal and the smart door lock, and the process of configuring the smart door lock by the mobile terminal, the first The feedback data, the second identity encryption information, and the configuration command are all encrypted by the first encryption key, where the first random number is equivalent to a double encryption, the first identity encryption information, the second identity encryption information and The configuration command is equivalent to double encryption. Therefore, even if a hacker captures the data packet transmitted between the mobile terminal and the smart door lock, it will not be able to know the content of the data because there is no encryption key. After establishing a communication connection with the smart door lock, the first encryption key is used to establish a two-way first encrypted communication channel, which can effectively guarantee the security of data transmission, thereby further improving the security of the smart door lock.
[0095] Reference figure 2 Specifically, before the step of using the first encryption key to establish the first encrypted communication channel with the smart door lock, the method further includes:
[0096] S10a: Determine whether the first encryption key has expired;
[0097] If the first encryption key expires, execute S10b, and perform key negotiation with the smart door lock through the first encrypted communication channel according to preset rules, and obtain and save the second encryption key;
[0098] S10c: Replace the first encryption key with the second encryption key, and use the second encryption key to establish a second encrypted communication channel with the smart door lock.
[0099] In this embodiment, specifically, a timestamp (that is, the time when the first encryption key is generated) is attached to the first encryption key, and before the first encryption communication channel is established, the mobile terminal passes on the first encryption key The time stamp of the first encryption key is detected to determine whether the first encryption key has expired (at this time, the smart door lock also performs the same operation simultaneously), for example, the time stamp on the first encryption key is 11:11, November 11, 2018 Minutes and 11 seconds, the preset validity period is 7 days. If the mobile terminal obtains the current time at 12:12:12 on November 20, 2018, the mobile terminal can determine that the first encryption key has expired. The first encryption key is updated. Specifically, the key negotiation process is as follows:
[0100] When it is determined that the first encryption key has expired, the mobile terminal and the smart door lock each generate a pair of key pairs, for example, the mobile terminal generates a pair of key pairs: public key A and private key a, and the smart door lock generates a pair Key pair: public key B and private key b, then the mobile terminal uses the first encryption key to encrypt the public key A and sends it to the smart door lock, and the smart door lock also uses the first encryption key to encrypt the public key B Send to the mobile terminal, after decrypting the encrypted public key A and public key B, the mobile terminal uses the preset ECDH algorithm to calculate the public key B and the private key a according to the ECDH key exchange principle to obtain the second encryption Similarly, the smart door lock uses the preset ECDH algorithm to calculate the public key A and the private key b according to the ECDH key exchange principle to obtain the same second encryption key and save it.
[0101] After the second encryption key is negotiated, both the mobile terminal and the smart door lock replace the first encryption key stored by themselves with the second encryption key (at this time the second encryption key has not been uploaded to the server for encryption key Refresh), then the mobile terminal uses the second encryption key to establish a second encrypted communication channel with the smart door lock. Accordingly, the smart door lock uses the second encryption key to establish a second encrypted communication channel with the mobile terminal to achieve two-way encryption; In this embodiment, by regularly updating the encryption key, the security of the smart door lock is further improved.
[0102] Reference figure 2 Specifically, the account binding information further includes the wireless Mac address corresponding to the smart door lock, and before the step of determining whether the first encryption key has expired, it also includes:
[0103] S10a1, get the wireless Mac address of the current smart door lock;
[0104] S10a2: Compare the wireless Mac address of the current smart door lock with one or more wireless Mac addresses obtained in advance from the server to find whether there is a match;
[0105] If there is no match, execute S10a3, conduct key negotiation with the current smart door lock according to preset rules, obtain the first encryption key and save it, so as to use the first encryption key to establish the first encrypted communication with the current smart door lock aisle.
[0106] In this embodiment, specifically, when the mobile terminal establishes a communication connection with the current smart door lock via Bluetooth or WIFI, the mobile terminal first obtains the wireless Mac address of the current smart door lock (such as the Bluetooth Mac address of the smart door lock) , And then compare the wireless Mac address of the current smart door lock with one or more wireless Mac addresses obtained in advance from the server to find out if there is a match. If there is, it means that the current smart door lock has been registered and registered on the server. Activate, and bind with the account currently used; if it does not exist, negotiate the first encryption key according to the above key negotiation process, and use the first encryption key to establish the first encrypted communication channel to achieve two-way At the same time, if the smart door lock is not bound by other users in the future, the smart door lock and the current account will be bound and activated on the server to generate the corresponding account binding information.
[0107] Preferably, before the step of receiving the identity verification result sent by the smart door lock and performing the feedback operation according to the identity verification result, the method further includes:
[0108] S15a, checking whether the first encryption key has an expired update;
[0109] If there is an expired update, execute S15b to notify the server to replace the first encryption key with the second encryption key.
[0110] In this embodiment, specifically, each time before the mobile terminal sends a configuration command to the smart door lock, the mobile terminal first checks whether the first encryption key has an expired update, that is, whether the mobile terminal exists and replace the first encryption key with If the second encryption key exists, the server is notified to replace the first encryption key in the account binding information corresponding to the current smart door lock with the second encryption key, so that the mobile terminal can obtain it from the server next time Perform related operations on the updated second encryption key (ie, establish a second encrypted communication channel).
[0111] Specifically, after the step of sending the request information about the identity identifier to the smart door lock by the mobile terminal, it further includes:
[0112] S16. Receive and save the second feedback data sent by the smart door lock, where the second feedback data includes a second random number and door lock information, and the door lock information includes at least the first token information and the wireless Mac address;
[0113] S17: Summarize the door lock information and the information stored by itself, obtain the summary data and send it to the server for activation binding, where the summary data includes the door lock information, the first encryption key, and user account information used to log in to the server;
[0114] S18, receiving the identity sent by the server, and generating a fourth MD5 value according to the second random number and the first token information;
[0115] S19: Send the identification with the fourth MD5 value to the smart door lock for storage;
[0116] S20: Receive a feedback result that allows configuration from the smart door lock, and send a configuration command with a fourth MD5 value attached to the smart door lock according to the feedback result.
[0117] In the above S16, specifically, when the smart door lock detects that there is no identity identifier, it means that the current smart door lock has not been registered and activated on the server. At this time, the smart door lock sends the second feedback data to the sending mobile terminal. , In order to bind and activate with the current account on the server, where the second feedback data contains the second random number and door lock information. The door lock information includes the first token information, the wireless Mac address, the current smart door lock model, The unique hardware ID of the current smart door lock, etc.
[0118] In the above S17, specifically, when the mobile terminal receives the second feedback data sent by the smart door lock, the mobile terminal sends the door lock information in the second feedback data, the currently used user account information, and the previously negotiated first The encryption key is summarized into summary data and sent to the server. At the same time, a request for activation binding is sent to the server. When the server receives the request and summary data, the server binds the summary data with the current user account to obtain the corresponding The account binding information of the current smart door lock.
[0119] In the above S18, specifically, after obtaining the account binding information corresponding to the current smart door lock, the server generates and saves the identity identifier corresponding to the current smart door lock according to the account binding information and sends it to the mobile terminal. When the mobile terminal receives When the identity is issued by the server, the mobile terminal calculates the second random number and the first token information through the preset MD5 algorithm to obtain the fourth MD5 value for subsequent related operations.
[0120] In S19 above, specifically, after obtaining the fourth MD5 value and the identity, the mobile terminal sends the identity with the fourth MD5 value to the smart door lock. When the smart door lock receives the identity, the smart door lock First, verify whether the fourth MD5 value is legal (the specific verification process is similar to the aforementioned verification process of the relevant MD5 value, and will not be repeated here). If the fourth MD5 value is legal, the smart door lock saves the identity, otherwise it does not save.
[0121] Specifically, before the step of receiving and saving the second feedback data sent by the smart door lock, it further includes:
[0122] S16a1, receiving the configuration request for configuring the administrator password sent by the smart door lock;
[0123] S16a2, prompt the user to configure the administrator password according to the configuration request;
[0124] S16a3: Receive the administrator password entered by the user and send it to the smart door lock for storage.
[0125] In this embodiment, specifically, when the smart door lock detects that there is no identity identifier, before the smart door lock sends the second feedback data to the sending mobile terminal, the smart door lock first checks whether it has been configured with an administrator password. If the administrator password is not configured, the smart door lock generates a random number (that is, the second random number) and saves it, and at the same time sends a configuration request for configuring the administrator password to the mobile terminal (at this time, the second random number can be sent together It can also be sent to the mobile terminal later). When the mobile terminal receives the configuration request, the mobile terminal prompts the user to configure the administrator password in response to the configuration request. After the user enters the administrator password, the mobile terminal will The password is sent to the smart door lock, and the smart door lock receives and saves the administrator password, and at the same time generates and saves the first token information corresponding to the administrator password, so that the first token information can be subsequently uploaded to the server for storage.
[0126] Specifically, before the step of receiving and saving the second feedback data sent by the smart door lock, it further includes:
[0127] S16b1, receiving the second random number sent by the smart door lock and the verification request for verifying the administrator password;
[0128] S16b2, prompt the user to enter the administrator password according to the verification request;
[0129] S16b3: Obtain the administrator password entered by the user, and generate a fifth MD5 value according to the administrator password and the second random number, and send it to the smart door lock for verification.
[0130] In this embodiment, when the smart door lock detects that it does not have an identity identifier, before the smart door lock sends the second feedback data to the sending mobile terminal, the smart door lock first checks whether the administrator password has been configured. The administrator password means that the user has configured the administrator password locally on the smart door lock, but the smart door lock has not been activated and bound on the server. At this time, the smart door lock generates a random number (that is, the second random number). ) And save, and at the same time send the second random number and the verification request for verifying the administrator password to the mobile terminal. When the mobile terminal receives the verification request, the mobile terminal prompts the user to enter the administrator password in response to the verification request, and the user enters the management After the user password, the mobile terminal calculates the administrator password and the second random number through the preset MD5 algorithm to obtain the fifth MD5 value and send it to the smart door lock. The smart door lock receives the fifth MD5 value and verifies the fifth MD5 value. Whether the MD5 value is legal (the specific verification process is similar to the aforementioned related MD5 value verification process, and will not be repeated here), if the fifth MD5 value is legal, the smart door lock generates and saves the first token information corresponding to the administrator password, In order to subsequently upload the first token information to the server for storage; if it is not legal, the administrator password verification is unsuccessful. At this time, the smart door lock sends a notification that the administrator password verification failed to the mobile terminal, and the mobile terminal can follow the notification Prompt the user to re-enter the administrator password for verification. If the administrator password verification fails too many times, the smart door lock sends a message that the administrator password verification fails too many times to the mobile terminal, and the mobile terminal can prompt the user to wait for a period of time according to the message Then re-enter the administrator password for verification until the administrator password verification is successful.
[0131] Therefore, the smart door lock identity authentication method of the present invention can prevent the identity authentication process between the mobile terminal and the smart door lock by implementing double encryption and two-way identity authentication during the identity authentication process between the mobile terminal and the smart door lock. Identity information leakage occurred during the period, which improved the security of the smart door lock:
[0132] The smart door lock identity authentication method first uses the encryption key to establish a two-way encrypted communication channel between the mobile terminal and the smart door lock, so that the data transmitted between the mobile terminal and the smart door lock is encrypted by the encryption key In this way, even if the hacker intercepts the relevant data, they will not be able to know the content of the data because they do not have the encryption key, so the security of data transmission is effectively improved; then the designated first identity is used to encrypt the information and the first Second, the identity encryption information performs two-way identity authentication, so that before the mobile terminal sends configuration commands to the smart door lock, both the mobile terminal and the smart door lock need to perform identity authentication based on the identity encryption information provided by the other party, and only the identities of both parties are confirmed Only after that, the mobile terminal is allowed to send configuration commands to the smart door lock. Since the first identity encryption information and the second identity encryption information are designated encrypted information, it can effectively prevent the leakage of identity information, even if a hacker captures the relevant data packet , The first identity encryption information and the second identity encryption information cannot be tampered with, because once the first identity encryption information and the second identity encryption information are tampered with, the identity verification cannot be passed, which makes the mobile terminal unable to lock the smart door lock. Therefore, the security of the smart door lock is effectively improved; at the same time, when the smart door lock receives the configuration command sent by the mobile terminal, it needs to verify the validity of the configuration command according to the MD5 value. Only when the configuration command is legal, The smart door lock executes the configuration command. In this way, even if the hacker tampered with or forged the configuration command, the MD5 value verification cannot be passed, so that the smart door lock will not perform related operations in response to the configuration command, thus further improving the intelligence The security of the door lock, and the entire process from the activation of the smart door lock to the configuration of the smart door lock by the mobile terminal, only one transmission of the administrator password is performed on the communication link (that is, the relevant process of S16a3 above) ), and the administrator password is encrypted by the first encryption key, and the first encryption key has not been transmitted on the communication link, so it is difficult for hackers to know the first encryption key, thereby ensuring The security of the administrator password transmission ensures the security of the smart door lock. Therefore, in theory, if the hacker does not obtain the administrator password when the user configures the administrator password, the hacker will not be able to impersonate the user to the smart door. The lock is configured.
[0133] The present invention also provides a readable storage medium with a computer program stored on the readable storage medium, and when the computer program is executed by a processor, the smart door lock identity authentication method in any of the above embodiments is implemented.
[0134] The present invention also provides a mobile terminal, including a memory, a processor, and a computer program stored on the memory and running on the processor. The processor executes the computer program to implement the smart door lock identity authentication method in any of the above embodiments .
[0135] The present invention also provides a smart door lock identity authentication system, which includes the smart door lock, server, and mobile terminal described in any of the above embodiments.
[0136] Those skilled in the art can understand that the mobile terminal described in the embodiment of the present invention is the aforementioned device for executing one or more of the methods described in the present application. These devices may be specially designed and manufactured for the required purpose, or may also include known devices in general-purpose computers. These devices have computer programs or application programs stored in them, which are selectively activated or reconfigured. Such a computer program may be stored in a device (for example, computer) readable medium or in any type of medium suitable for storing electronic instructions and respectively coupled to a bus. The computer readable medium includes but is not limited to any Types of disks (including floppy disks, hard disks, CD-ROMs, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory), RAM (Random Access Memory, random access memory), EPROM (Erasable Programmable Read-Only Memory) , Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or optical card. That is, a readable storage medium includes any medium that stores or transmits information in a readable form by a device (for example, a computer).
[0137] Those skilled in the art can understand that the server used here includes but is not limited to a computer, a network host, a single network server, a set of multiple network servers, or a cloud composed of multiple servers. Here, the cloud is composed of a large number of computers or network servers based on Cloud Computing, where cloud computing is a type of distributed computing, a super virtual computer composed of a group of loosely coupled computer sets. In the embodiment of the present invention, the server and the mobile terminal can communicate with each other through any communication method, including but not limited to mobile communications based on 3GPP/4GPP/5GPP, LTE, WIMAX, and computers based on TCP/IP and UDP protocols. Telecommunication.
[0138] Those skilled in the art can understand that the "first, second, third, ..." in the above-mentioned embodiments of the present invention do not represent specific numbers and sequences, but are merely used to distinguish names.
[0139] Those skilled in the art can understand that computer program instructions can be used to implement each block in these structure diagrams and/or block diagrams and/or flow diagrams and combinations of blocks in these structure diagrams and/or block diagrams and/or flow diagrams. . Those skilled in the art can understand that these computer program instructions can be provided to processors of general-purpose computers, professional computers, or other programmable data processing methods for implementation, so that the computer or other programmable data processing method processors can execute this The structure diagram and/or the block diagram and/or the flow diagram of the disclosure of the invention are a block or schemes specified in multiple blocks.
[0140] Those skilled in the art can understand that the various operations, methods, steps, measures, and solutions in the process that have been discussed in the present invention can be alternated, changed, combined, or deleted. Further, various operations, methods, and other steps, measures, and solutions in the process that have been discussed in the present invention can also be alternated, changed, rearranged, decomposed, combined or deleted. Further, the steps, measures, and solutions in the various operations, methods, and procedures disclosed in the present invention in the prior art can also be alternated, changed, rearranged, decomposed, combined or deleted.
[0141] The above are only the preferred embodiments of the present invention, and do not limit the scope of the present invention. Any equivalent structure or equivalent process transformation made by using the content of the description and drawings of the present invention, or directly or indirectly applied to other related The technical field is similarly included in the scope of patent protection of the present invention.
PUM


Description & Claims & Application Information
We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
Similar technology patents
Foodstuff monitoring method and device
Owner:XIAOMI INC
Cookie-based secure single sign-on method and unified authentication service system thereof
Owner:SICHUAN CHANGHONG ELECTRIC CO LTD
Method, device and system for carrying out service access control on third-party application
Owner:ALIBABA GRP HLDG LTD
Multifunctional carry-on power supply
Owner:NANKAI UNIV
Classification and recommendation of technical efficacy words
- improve security
Block chain system, and data storage method and apparatus
Owner:ADVANCED NEW TECH CO LTD
Pesticide micro-capsule granules and preparation method thereof
Owner:联合国南通农药剂型开发中心 +1
Method for achieving user authentication by utilizing camera
Owner:湖北微模式科技发展有限公司
Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
Owner:INST OF INFORMATION ENG CAS