Unlocking method and intelligent access control system

Abstract

The application discloses a method for unlocking and an intelligent access control system. An intelligent lock generates unlocking operation information based on an identity input by a user, and sends the unlocking operation information to an infrastructure platform through a lock server. The infrastructure platform stores the unlocking operation information and sends a query parameter to the lock server. The lock server generates a two-dimensional code based on the query parameter, and displays the two-dimensional code by the intelligent lock. A mobile terminal scans the two-dimensional code, and a first application program sends a data acquisition request to the infrastructure platform, and performs identity authentication based on the unlocking operation information sent by the infrastructure platform. If the identity authentication is passed, a third message is sent to the infrastructure platform, and the third message contains the received unlocking operation information and a first digital signature. The infrastructure platform verifies the first digital signature, and if the verification is passed, the intelligent lock performs an unlocking operation. Based on the scheme disclosed in the application, the security of the access control system can be improved, and the anti-fraud performance is good.

Description

Technical Field

[0001] This application belongs to the field of smart lock technology, and in particular relates to unlocking methods and smart access control systems. Background Technology

[0002] In financial institutions, strict personnel access management is required for areas with high security requirements, such as safety production rooms, safety operation rooms, vaults, and archives.

[0003] The current solution involves installing smart locks in areas requiring access control, allowing personnel to enter by swiping access cards, entering fingerprints, or passwords. However, access cards, fingerprints, and passwords are easily obtained illegally, resulting in shortcomings in security and non-repudiation of the existing solution. Summary of the Invention

[0004] In view of this, the purpose of this application is to provide an unlocking method and an intelligent access control system with better security and non-repudiation.

[0005] To achieve the above objectives, this application provides the following technical solution:

[0006] Firstly, this application provides a method for unlocking, comprising:

[0007] The smart lock obtains the user's input identity identifier and responds to the unlocking instruction by sending unlocking operation information to the lock server. The unlocking operation information includes the identity identifier and operation time information.

[0008] The lock server generates a first message and sends the first message to the infrastructure platform. The first message includes the unlocking operation information.

[0009] The infrastructure platform obtains the unlocking operation information in the first message, stores the obtained unlocking operation information, and sends the query parameters of the unlocking operation information to the lock server;

[0010] The lock server generates a QR code, sends the QR code to the smart lock, and the smart lock displays the QR code. The QR code carries the query parameters and information that enables the first application in the mobile terminal to perform identity authentication.

[0011] The mobile terminal scans the QR code so that the first application obtains the query parameters in the QR code and sends a data acquisition request carrying the query parameters to the infrastructure platform;

[0012] The infrastructure platform generates a second message and sends the second message to the first application in the mobile terminal. The second message includes unlocking operation information obtained based on the query parameters in the data acquisition request.

[0013] The first application performs identity authentication based on the unlocking operation information carried in the second message. If the identity authentication is successful, a third message is generated and sent to the infrastructure platform. The third message includes the unlocking operation information obtained from the second message and the corresponding first digital signature.

[0014] The infrastructure platform verifies the first digital signature;

[0015] Once the lock server receives the verification result, and if the first digital signature passes verification, it sends an unlocking command to the smart lock so that the smart lock can perform the unlocking operation.

[0016] Optionally, in addition to the above unlocking methods, the following methods may also be included:

[0017] If the first digital signature is verified, the infrastructure platform stores the third message.

[0018] Optionally, in the above unlocking method, the first application performs identity authentication based on the unlocking operation information carried in the second message, including:

[0019] The first application obtains the unlocking operation information carried in the second message;

[0020] Determine whether the identity identifier in the unlocking operation information matches the identity identifier of the currently logged-in user. If they match, then the authentication is successful.

[0021] Optionally, in the above unlocking method, the first application performs identity authentication based on the unlocking operation information carried in the second message, including:

[0022] The first application obtains the unlocking operation information carried in the second message;

[0023] Determine whether the identity identifier in the unlocking operation information matches the identity identifier of the currently logged-in user. If they match, instruct the user to enter a password.

[0024] The input password is compared with the preset password. If they are the same, the authentication is successful.

[0025] Optionally, in the above unlocking method, the first application generates a third message, including:

[0026] The first application calls the security authentication tool in the mobile terminal, and the security authentication tool generates a first digital signature based on the unlocking operation information carried in the second message;

[0027] The third message is generated based on the unlocking operation information carried in the second message and the first digital signature.

[0028] Optionally, in the above unlocking method, the lock server generating the first message includes: the lock server generating a second digital signature based on the unlocking operation information; and generating the first message based on the unlocking operation information and the second digital signature.

[0029] The infrastructure platform obtains the unlocking operation information from the first message and stores the obtained unlocking operation information, including: the infrastructure platform parses the first message to obtain the unlocking operation information and the second digital signature in the first message; verifies the second digital signature; and stores the unlocking operation information obtained from the first message if the second digital signature passes the verification.

[0030] Optionally, in the above unlocking method, the infrastructure platform generates a second message, including: the infrastructure platform obtains unlocking operation information based on query parameters in the data acquisition request; generates a third digital signature based on the obtained unlocking operation information; and generates the second message based on the obtained unlocking operation information and the third digital signature.

[0031] Accordingly, after the first application obtains the unlocking operation information carried by the second message, it further includes: obtaining the third digital signature carried by the second message, verifying the third digital signature, and if the third digital signature passes the verification, then performing the step of determining whether the identity identifier in the unlocking operation information matches the identity identifier of the currently logged-in user; if the third digital signature fails the verification, then ending the current unlocking process.

[0032] Optionally, in the above unlocking method, the identity identifier includes any one of a mobile phone number, an ID card number, and an employee number.

[0033] Secondly, this application provides an intelligent access control system, including an intelligent lock, a lock server, a mobile terminal, and an infrastructure platform;

[0034] The smart lock is used to: obtain the user's input identity identifier; respond to the unlocking instruction and send unlocking operation information to the lock server, the unlocking operation information including the identity identifier and operation time information; display the QR code sent by the lock server; and respond to the unlocking command sent by the lock server and execute the unlocking operation.

[0035] The lock server is configured to: generate a first message and send the first message to the infrastructure platform, the first message including unlocking operation information sent by the smart lock; generate a QR code and send the QR code to the smart lock, the QR code carrying query parameters sent by the infrastructure platform and information that causes a first application in the mobile terminal to perform identity authentication; receive a verification result sent by the infrastructure platform, and if the verification result is successful, send an unlocking command to the smart lock;

[0036] The infrastructure platform is used to: obtain unlocking operation information from the first message, store the obtained unlocking operation information, and send query parameters of the unlocking operation information to the lock server; respond to a data acquisition request sent by a first application in the mobile terminal, generate a second message, and send the second message to the first application in the mobile terminal, the second message including unlocking operation information obtained based on the query parameters in the data acquisition request; verify the first digital signature in the third message sent by the first application, generate a verification result, and send the verification result to the lock server;

[0037] The mobile terminal is equipped with a first application for: scanning the QR code so that the first application can obtain query parameters in the QR code and send a data acquisition request carrying the query parameters to the infrastructure platform; the first application performs identity authentication based on the unlocking operation information carried in the second message, and if the identity authentication is successful, generates a third message and sends it to the infrastructure platform, the third message including the unlocking operation information obtained from the second message and the corresponding first digital signature.

[0038] Optionally, the infrastructure platform is also used to: store the third message if the first digital signature is verified, and use the third message as a non-repudiation basis.

[0039] Therefore, the beneficial effects of this application are as follows:

[0040] The unlocking method disclosed in this application uses a first application in a mobile terminal to unlock the door. Since it is difficult for others to illegally obtain the mobile terminal and to illegally use the first application, the security of the access control system can be improved. In addition, the message sent by the mobile terminal to the infrastructure platform carries unlocking operation information and a digital signature generated based on the unlocking operation information, which has good non-repudiation. Attached Figure Description

[0041] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0042] Figure 1 This is a signaling diagram of a lock-picking method disclosed in this application;

[0043] Figure 2 This is an architecture diagram of an intelligent access control system disclosed in this application. Detailed Implementation

[0044] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0045] See Figure 1 , Figure 1 This is a signaling diagram of a lock-picking method disclosed in this application. The lock-picking method includes:

[0046] S1: The smart lock obtains the user's input identity identifier.

[0047] The identity identifiers include, but are not limited to: the user's mobile phone number, the user's ID card number, and the user's employee number.

[0048] The smart lock features a human-machine interface module. Optionally, the human-machine interface module includes a touchscreen. Accordingly, the user inputs identification via the touchscreen. Optionally, the human-machine interface module includes a display screen and a physical keyboard. Accordingly, the user inputs identification via the physical keyboard. In this application, "user" refers to the person performing the door opening operation.

[0049] S2: The smart lock responds to the unlocking instruction and sends unlocking operation information to the lock server.

[0050] The unlocking operation information includes identification and operation time information.

[0051] When the human-machine interface module of a smart lock includes a touchscreen, the user can input the unlocking instruction in the following way: the touchscreen displays a confirmation control for unlocking; the user clicks this control to input the unlocking instruction into the smart lock. When the human-machine interface module of a smart lock includes both a display screen and physical buttons, the user can input the unlocking instruction in the following way: pressing the confirmation button inputs the unlocking instruction into the smart lock.

[0052] Optionally, after obtaining the user's input identity, the smart lock displays a prompt asking whether to confirm unlocking. If the user inputs an unlocking instruction, the smart lock responds by sending unlocking operation information to the lock server.

[0053] S3: The lock server generates the first message.

[0054] The first message includes unlocking operation information sent by the smart lock.

[0055] S4: The lock server sends the first message to the infrastructure platform.

[0056] S5: The infrastructure platform obtains the unlocking operation information from the first message and stores the obtained unlocking operation information.

[0057] S6: The infrastructure platform sends query parameters for unlocking operation information to the lock server.

[0058] The infrastructure platform can find unlocking operation information based on this query parameter.

[0059] Optionally, the infrastructure platform stores unlocking operation information in key-value pairs, and the key can be used as a query parameter for unlocking operation information. Of course, the query parameters for unlocking operation information are not limited to this, as long as the infrastructure platform can find the unlocking operation information based on the query parameters.

[0060] Infrastructure platforms are part of the back-office service systems of financial institutions.

[0061] S7: The lock server generates a QR code.

[0062] The QR code carries query parameters sent by the infrastructure platform and information that enables the first application on the mobile terminal to perform identity authentication. Optionally, the first application is a mobile banking app, specifically one corresponding to a financial institution. The mobile terminal can be a smartphone or other portable user device capable of installing the first application.

[0063] S8: The lock server sends a QR code to the smart lock.

[0064] S9: Smart lock displays QR code.

[0065] S10: The mobile terminal scans the QR code so that the first application can obtain the query parameters in the QR code.

[0066] S11: The first application sends a data retrieval request to the infrastructure platform.

[0067] The data retrieval request carries query parameters obtained from the QR code.

[0068] Typically, the main interface of the first application contains controls that instruct users to perform a scanning operation; for ease of description, these controls are referred to as scanning controls. When a user launches the first application on their mobile device, the application displays its main interface. The user clicks the scanning control on the main interface, and the mobile device's image acquisition module captures an image of the QR code. The first application analyzes the QR code image to obtain the query parameters within the QR code. Furthermore, the first application initiates an authentication process, sending a data retrieval request to the infrastructure platform.

[0069] S12: The infrastructure platform generates a second message.

[0070] The second message includes unlocking operation information obtained based on the query parameters in the data acquisition request.

[0071] S13: The infrastructure platform sends a second message to the first application in the mobile terminal.

[0072] S14: The first application performs identity authentication based on the unlocking operation information carried in the second message, and generates a third message if the identity authentication is successful.

[0073] The third message includes unlocking operation information obtained from the second message and a first digital signature generated based on the unlocking operation information.

[0074] S15: The first application sends a third message to the infrastructure platform.

[0075] S16: The infrastructure platform verifies the first digital signature.

[0076] As an optional approach, the first application generates a third message, including:

[0077] A1: The first application generates a first digital signature based on the unlocking operation information carried in the second message;

[0078] A2: The first application generates a third message based on the unlocking operation information carried in the second message and the first digital signature.

[0079] Understandably, there are multiple ways for the first application to generate the first digital signature based on the unlocking operation information, and correspondingly, the infrastructure platform will also have different ways of verifying the first digital signature.

[0080] Option 1:

[0081] The first application processes the unlocking operation information using a hash function to obtain a message digest; it then encrypts the message digest using its private key to obtain a digital signature, which is referred to as the first digital signature for ease of description. Correspondingly, the infrastructure platform processes the unlocking operation information obtained from the third message using the same hash function to obtain a message digest; it decrypts the first digital signature using the first application's public key to obtain another message digest; and it compares the two message digests. If they match, the verification is successful.

[0082] The second option:

[0083] The first application encrypts the unlocking operation information using its private key to obtain a digital signature, which is referred to as the first digital signature for ease of description. Correspondingly, the infrastructure platform decrypts the first digital signature using the first application's public key to obtain the unlocking operation information; it compares the decrypted unlocking operation information with the unlocking operation information obtained from the third message. If they are identical, the verification is successful.

[0084] As an alternative, the first application generates a third message, including:

[0085] B1: The first application calls the security authentication tool in the mobile terminal, and the security authentication tool generates a first digital signature based on the unlocking operation information carried in the second message;

[0086] B2: The first application generates the third message based on the unlocking operation information carried in the second message and the first digital signature.

[0087] The security authentication tool can be a mobile security token or other tools that can generate digital signatures.

[0088] Understandably, infrastructure platforms need a scheme to generate the first digital signature based on security authentication tools, and then use a corresponding scheme to verify the first digital signature.

[0089] In the above scheme, the first application calls the security authentication tool in the mobile terminal to generate the first digital signature, which effectively utilizes the existing software and hardware resources of the mobile terminal and does not require the application to generate digital signatures itself.

[0090] S17: The infrastructure platform sends the verification result to the lock server.

[0091] S18: If the first digital signature is verified, the lock server sends an unlocking command to the smart lock.

[0092] S19: The smart lock performs an unlocking operation.

[0093] The unlocking method disclosed in this application involves a user inputting an identity identifier into a smart lock. The smart lock generates unlocking operation information containing the identity identifier and operation time information. This unlocking operation information is sent to an infrastructure platform via a lock server. The infrastructure platform stores the unlocking operation information and sends query parameters of the unlocking operation information to the lock server. The lock server generates a QR code, which is displayed by the smart lock. The QR code carries query parameters of the unlocking operation information and information that enables a first application on a mobile terminal to perform identity authentication. The user launches the first application on the mobile terminal, scans the QR code, obtains the query parameters carried by the QR code, and sends a data retrieval request containing the query parameters to the infrastructure platform to obtain the corresponding unlocking operation information. The first application performs identity authentication based on the received unlocking operation information. If the identity authentication is successful, a third message containing the unlocking operation information and a first digital signature is generated. The infrastructure platform verifies the first digital signature in the third message. If the verification is successful, the lock server sends an unlocking command to the smart lock, and the smart lock executes the unlocking operation. The unlocking method disclosed in this application uses a first application in a mobile terminal to unlock the device. Since it is difficult for others to illegally obtain the mobile terminal and to illegally use the first application (usually, unlocking the mobile terminal requires entering a password or fingerprint, and launching the first application also requires identity verification), the security of the access control system can be improved. In addition, the message sent by the mobile terminal to the infrastructure platform carries unlocking operation information and a digital signature generated based on the unlocking operation information, which has good non-repudiation.

[0094] Based on the unlocking method disclosed above in this application, the following further features are provided:

[0095] Once the first digital signature is verified, the infrastructure platform stores the third message.

[0096] The third message includes the user's unlocking operation information and the first digital signature, and is non-repudiable. Therefore, if the first digital signature is verified, the third message is stored as the unlocking record. Based on the third message stored on the infrastructure platform, it is possible to query personnel access information. In case of an anomaly, the corresponding third message can be retrieved from the infrastructure platform as evidence for non-repudiation.

[0097] It should be noted that compared with capturing the user's image when the user performs the unlocking operation as evidence of non-repudiation, using a third message as evidence of non-repudiation has the following advantages: First, it eliminates the need for an image acquisition device, thus reducing system costs; second, the data volume of the third message is much smaller than that of the user's image, so the cost of storing the third message is much lower than the cost of storing the user's image.

[0098] Optionally, the infrastructure platform sends a third message to the lock server, which stores the third message. In case of an anomaly, the lock server can retrieve the corresponding third message as evidence for non-repudiation.

[0099] In the unlocking method disclosed above in this application, the first application performs identity authentication based on the unlocking operation information carried by the second message, which can be implemented using various schemes.

[0100] Option 1:

[0101] C1: The first application obtains the unlocking operation information carried in the second message;

[0102] C2: Determine whether the identity identifier in the unlocking operation information carried in the second message matches the identity identifier of the currently logged-in user;

[0103] C3: If the two match, the authentication is successful; if they do not match, the authentication fails.

[0104] The second option:

[0105] D1: The first application obtains the unlocking operation information carried in the second message;

[0106] D2: Determine whether the identity identifier in the unlocking operation information carried in the second message matches the identity identifier of the currently logged-in user;

[0107] D3: If the two match, then prompt for a password;

[0108] D4: Compare the entered password with the preset password;

[0109] D5: If the two are the same, then the identity verification is successful; if the two are different, then the identity verification is unsuccessful.

[0110] In the second scheme described above, if the first application determines that the identity identifier in the unlocking operation information carried in the second message matches the identity identifier of the currently logged-in user, it prompts the user to enter a password. If the password entered by the user matches the preset password, the authentication is confirmed to be successful, a third message is generated, and the third message is sent to the infrastructure platform. Based on this scheme, a dual authentication method of password verification and digital signature verification is implemented, which can improve the security and non-repudiation of the access control system.

[0111] In the unlocking method disclosed above in this application, as an optional solution, the infrastructure platform generates the second message using the following method:

[0112] The infrastructure platform obtains unlocking operation information based on the query parameters in the data acquisition request; generates a third digital signature based on the obtained unlocking operation information; and generates a second message based on the obtained unlocking operation information and the third digital signature.

[0113] In other words, the second message sent by the infrastructure platform carries unlocking operation information obtained based on query parameters and a third digital signature generated based on that unlocking operation information.

[0114] Accordingly, the first application in the mobile terminal parses the second message to obtain the unlocking operation information and the third digital signature in the second message; verifies the third digital signature; if the verification is successful, executes step C2 or step D2 in the above two schemes; if the third digital signature fails to be verified, the unlocking process ends.

[0115] Understandably, there are multiple schemes for infrastructure platforms to generate third-party digital signatures, and correspondingly, the schemes for first-party application services to verify third-party digital signatures will also differ.

[0116] Option 1:

[0117] The infrastructure platform processes the unlocking operation information using a hash function to obtain a message digest; it then encrypts the message digest using its private key to obtain a digital signature, which is referred to as the third digital signature for ease of description. Correspondingly, the first application processes the unlocking operation information obtained from the second message using the same hash function to obtain a message digest; it then decrypts the third digital signature using the infrastructure platform's public key to obtain another message digest; the two message digests are compared, and if they match, the verification is successful.

[0118] The second option:

[0119] The infrastructure platform encrypts the unlocking operation information using its private key to obtain a digital signature, which is referred to as the third digital signature for ease of description. Correspondingly, the first application decrypts the third digital signature using the infrastructure platform's public key to obtain the unlocking operation information; it compares the decrypted unlocking operation information with the unlocking operation information obtained from the second message. If they match, the verification is successful.

[0120] As can be seen, in the above scheme, the second message sent by the infrastructure platform includes unlocking operation information and a third digital signature. The first application obtains the unlocking operation information and the third digital signature from the second message, verifies the third digital signature, and only executes subsequent operations if the verification is successful. Compared with the infrastructure platform only sending unlocking operation information to the first application, this scheme can achieve identity verification of the infrastructure platform (i.e., non-repudiation or denial) and ensure the integrity and authenticity of the unlocking operation information.

[0121] In the unlocking method disclosed above in this application, as an optional scheme, the lock server generates the first message using the following scheme:

[0122] The lock server generates a second digital signature based on the unlocking operation information; and generates a first message based on the unlocking operation information and the second digital signature.

[0123] In other words, the first message sent by the lock server carries unlocking operation information and a second digital signature generated based on that unlocking operation information.

[0124] Accordingly, the infrastructure platform obtains the unlocking operation information from the first message, stores the obtained unlocking operation information, and adopts the following scheme:

[0125] The infrastructure platform parses the first message to obtain the unlocking operation information and the second digital signature from the first message; verifies the second digital signature; and if the verification is successful, stores the unlocking operation information obtained from the first message.

[0126] Understandably, there are multiple schemes for lock servers to generate a second digital signature, and correspondingly, the schemes for infrastructure platforms to verify the second digital signature will also differ.

[0127] Option 1:

[0128] The lock server processes the unlocking operation information using a hash function to obtain a message digest; it then encrypts the message digest using its private key to obtain a digital signature, which is referred to as the second digital signature for ease of description. Correspondingly, the infrastructure platform processes the unlocking operation information obtained from the first message using the same hash function to obtain a message digest; it decrypts the second digital signature using the lock server's public key to obtain another message digest; the two message digests are compared, and if they match, the verification is successful, and the unlocking operation information obtained from the first message is stored.

[0129] The second option:

[0130] The lock server encrypts the unlocking operation information using its private key to obtain a digital signature, which is referred to as the second digital signature for ease of description. Correspondingly, the infrastructure platform decrypts the second digital signature using the lock server's public key to obtain the unlocking operation information. It compares the decrypted unlocking operation information with the unlocking operation information obtained from the first message. If they match, the verification is successful, and the unlocking operation information obtained from the first message is stored.

[0131] As can be seen, in the above scheme, the first message sent by the lock server includes unlocking operation information and a second digital signature. The infrastructure platform obtains the unlocking operation information and the second digital signature from the first message, verifies the second digital signature, and stores the unlocking operation information obtained from the first message if the verification is successful. Compared with the lock server only sending unlocking operation information to the infrastructure platform, this scheme can achieve identity verification of the lock server (i.e., non-repudiation or denial), and can guarantee the integrity and authenticity of the unlocking operation information.

[0132] This application also discloses an intelligent access control system, the structure of which is as follows: Figure 2 As shown, it includes a smart lock 100, a lock server 200, a mobile terminal 300, and an infrastructure platform 400.

[0133] The smart lock 100 is used to: obtain the user's input identity identifier; respond to the unlocking instruction and send unlocking operation information to the lock server 200, the unlocking operation information including the identity identifier and operation time information; display the QR code sent by the lock server 200; and respond to the unlocking command sent by the lock server 200 and execute the unlocking operation.

[0134] The lock server 200 is used to: generate a first message and send it to the infrastructure platform 400, the first message including unlocking operation information sent by the smart lock 100; generate a QR code and send it to the smart lock 100, the QR code carrying query parameters sent by the infrastructure platform 400 and information that enables the first application in the mobile terminal 300 to perform identity authentication; receive the verification result sent by the infrastructure platform 400, and if the verification result is successful, send an unlocking command to the smart lock 100.

[0135] The infrastructure platform 400 is used to: obtain unlocking operation information from a first message, store the obtained unlocking operation information, and send query parameters of the unlocking operation information to the lock server 200; respond to a data acquisition request sent by a first application in the mobile terminal 300, generate a second message, and send the second message to the first application in the mobile terminal 300, the second message including the unlocking operation information obtained based on the query parameters in the data acquisition request; verify the first digital signature in a third message sent by the first application, generate a verification result, and send the verification result to the lock server 200.

[0136] The mobile terminal 300 is equipped with a first application for: scanning a QR code so that the first application can obtain the query parameters in the QR code and send a data acquisition request carrying the query parameters to the infrastructure platform 400; the first application performs identity authentication based on the unlocking operation information carried in the second message, and if the identity authentication is successful, generates a third message and sends it to the infrastructure platform 400. The third message includes the unlocking operation information obtained from the second message and the corresponding first digital signature.

[0137] Optionally, the infrastructure platform 400 is also used to store a third message if the first digital signature is verified.

[0138] Here is an explanation of one structure of the smart lock 100.

[0139] Smart door lock 100 includes:

[0140] case;

[0141] The processor is housed within the casing;

[0142] The human-computer interaction module is connected to the processor, and the interaction surface of the human-computer interaction module is exposed on the outer surface of the shell;

[0143] The latch drive module is located inside the housing and connected to the processor.

[0144] The locking tongue moves under the drive of the locking tongue drive module and can extend or retract into the housing;

[0145] The communication module is located inside the housing and connects to the processor.

[0146] As an alternative, the human-computer interaction module includes a touchscreen, the panel of which is exposed on the outer surface of the housing, allowing the user to perform touch operations. Alternatively, the human-computer interaction module includes a display screen and a physical keyboard, the display screen panel being exposed on the outer surface of the housing, and the pressing side of the physical keyboard being exposed on the outer surface of the housing, allowing the user to perform input operations on the physical keyboard.

[0147] It should be noted that the detailed and extended functions of the smart lock 100, lock server 200, mobile terminal 300 and infrastructure platform 400 can be found in the relevant descriptions in the unlocking method section.

[0148] It should be noted that the technical features described in the various embodiments of this specification can be substituted for or combined with each other. Each embodiment focuses on describing the differences from other embodiments, and the same or similar parts between the various embodiments can be referred to mutually. The steps in the methods of the various embodiments of this application can be adjusted, merged, and deleted according to actual needs. The modules and sub-modules in the devices and equipment of the various embodiments of this application can be merged, divided, and deleted according to actual needs.

[0149] It should also be noted that, in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

[0150] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on its differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. The technical features in each embodiment can be arranged and combined to form new embodiments. The description of the intelligent access control system in this specification is relatively simple; relevant details can be found in the unlocking method section.

[0151] The above description of the disclosed embodiments enables those skilled in the art to make or use this application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of this application. Therefore, this application is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A method for unlocking locks, characterized in that, include: The smart lock obtains the user's input identity identifier and responds to the unlocking instruction by sending unlocking operation information to the lock server. The unlocking operation information includes the identity identifier and operation time information. The lock server generates a first message and sends the first message to the infrastructure platform. The first message includes the unlocking operation information. The infrastructure platform obtains the unlocking operation information in the first message, stores the obtained unlocking operation information, and sends the query parameters of the unlocking operation information to the lock server; The lock server generates a QR code, sends the QR code to the smart lock, and the smart lock displays the QR code. The QR code carries the query parameters and information that enables the first application in the mobile terminal to perform identity authentication. The mobile terminal scans the QR code so that the first application can obtain the query parameters in the QR code and send a data acquisition request carrying the query parameters to the infrastructure platform. The infrastructure platform generates a second message and sends the second message to the first application in the mobile terminal. The second message includes unlocking operation information obtained based on the query parameters in the data acquisition request. The first application performs identity authentication based on the unlocking operation information carried in the second message. If the identity authentication is successful, a third message is generated and sent to the infrastructure platform. The third message includes the unlocking operation information obtained from the second message and the corresponding first digital signature. The infrastructure platform verifies the first digital signature; Once the lock server receives the verification result, and if the first digital signature passes verification, it sends an unlocking command to the smart lock so that the smart lock can perform the unlocking operation.

2. The unlocking method according to claim 1, characterized in that, Also includes: If the first digital signature is verified, the infrastructure platform stores the third message.

3. The unlocking method according to claim 1, characterized in that, The first application performs identity authentication based on the unlocking operation information carried in the second message, including: The first application obtains the unlocking operation information carried in the second message; Determine whether the identity identifier in the unlocking operation information matches the identity identifier of the currently logged-in user. If they match, then the authentication is successful.

4. The unlocking method according to claim 1, characterized in that, The first application performs identity authentication based on the unlocking operation information carried in the second message, including: The first application obtains the unlocking operation information carried in the second message; Determine whether the identity identifier in the unlocking operation information matches the identity identifier of the currently logged-in user. If they match, instruct the user to enter a password. The input password is compared with the preset password. If they are the same, the authentication is successful.

5. The unlocking method according to claim 1 or 2, characterized in that, The first application generates the third message, including: The first application calls the security authentication tool in the mobile terminal, and the security authentication tool generates a first digital signature based on the unlocking operation information carried in the second message; The first application generates the third message based on the unlocking operation information carried in the second message and the first digital signature.

6. The unlocking method according to claim 1 or 2, characterized in that, The lock server generates a first message, including: the lock server generating a second digital signature based on the unlocking operation information; and generating the first message based on the unlocking operation information and the second digital signature. The infrastructure platform obtains the unlocking operation information from the first message and stores the obtained unlocking operation information, including: the infrastructure platform parses the first message to obtain the unlocking operation information and the second digital signature in the first message; verifies the second digital signature; and stores the unlocking operation information obtained from the first message if the second digital signature passes the verification.

7. The unlocking method according to claim 3 or 4, characterized in that, The infrastructure platform generates a second message, including: the infrastructure platform obtaining unlocking operation information based on query parameters in the data acquisition request; generating a third digital signature based on the obtained unlocking operation information; and generating the second message based on the obtained unlocking operation information and the third digital signature. Accordingly, after the first application obtains the unlocking operation information carried by the second message, it further includes: obtaining the third digital signature carried by the second message, verifying the third digital signature, and if the third digital signature passes the verification, then performing the step of determining whether the identity identifier in the unlocking operation information matches the identity identifier of the currently logged-in user; if the third digital signature fails the verification, then ending the current unlocking process.

8. The unlocking method according to claim 1, characterized in that, The identity identifier includes any one of the following: mobile phone number, ID card number, and employee number.

9. An intelligent access control system, characterized in that, This includes smart locks, lock servers, mobile terminals, and infrastructure platforms; The smart lock is used to: obtain the user's input identity identifier; respond to the unlocking instruction and send unlocking operation information to the lock server, the unlocking operation information including the identity identifier and operation time information; display the QR code sent by the lock server; and respond to the unlocking command sent by the lock server and execute the unlocking operation. The lock server is configured to: generate a first message and send the first message to the infrastructure platform, the first message including unlocking operation information sent by the smart lock; generate a QR code and send the QR code to the smart lock, the QR code carrying query parameters sent by the infrastructure platform and information that causes a first application in the mobile terminal to perform identity authentication; receive a verification result sent by the infrastructure platform, and if the verification result is successful, send an unlocking command to the smart lock; The infrastructure platform is used to: obtain unlocking operation information from the first message, store the obtained unlocking operation information, and send query parameters of the unlocking operation information to the lock server; In response to a data acquisition request sent by a first application in the mobile terminal, a second message is generated and sent to the first application in the mobile terminal. The second message includes unlocking operation information obtained based on the query parameters in the data acquisition request. The first digital signature in the third message sent by the first application is verified, a verification result is generated, and the verification result is sent to the lock server. The mobile terminal is equipped with a first application for: scanning the QR code so that the first application can obtain query parameters in the QR code and send a data acquisition request carrying the query parameters to the infrastructure platform; the first application performs identity authentication based on the unlocking operation information carried in the second message, and if the identity authentication is successful, generates a third message and sends it to the infrastructure platform, the third message including the unlocking operation information obtained from the second message and the corresponding first digital signature.

10. The intelligent access control system according to claim 9, characterized in that, The infrastructure platform is also used to store the third message if the first digital signature is verified.

Images