Summary of the invention
In order to solve the problems of the technologies described above, the invention provides a kind of electronic cipher Rights Management System of smart lock, can realize sharing and managing of electronic cipher, limit its service time, it is simple to operate, security performance is high.
In order to achieve the above object, technical scheme of the present invention is: a kind of electronic cipher Rights Management System of smart lock, it is characterized in that, comprise smart lock, mobile terminal and cloud server, be provided with lock controller, Password Management module, lock bluetooth transceiver module, lock Encryption Decryption module and lock memory module in described smart lock, lock controller respectively with Password Management module, lock bluetooth transceiver module, lock Encryption Decryption module and lock memory module; Be provided with terminal control unit, terminal Bluetooth transceiver module, ordinary password administration module, temporary password administration module, terminal encryption deciphering module, https traffic module and terminal storage module in described mobile terminal, terminal control unit is connected with terminal storage module with terminal Bluetooth transceiver module, ordinary password administration module, temporary password administration module, terminal encryption deciphering module, https traffic module respectively; Described cloud server comprises high in the clouds controller, communication module, high in the clouds encrypting module, user management module, high in the clouds Password Management module, time verifying module, message push module and high in the clouds memory module, and high in the clouds controller is connected with high in the clouds memory module with communication module, high in the clouds encrypting module, user management module, high in the clouds Password Management module, time verifying module, message push module respectively; Described terminal Bluetooth transceiver module is connected with lock bluetooth transceiver module, and communication module is connected with https traffic module.
Also be provided with anti-read protection module in described smart lock, do not read by outside for the protection of the electronic cipher in lock memory module.
Described terminal Bluetooth transceiver module is connected by Bluetooth technology with lock bluetooth transceiver module, and communication module is connected by mobile network or wireless network with https traffic module.
Described lock Encryption Decryption module, terminal encryption deciphering module and high in the clouds memory module adopt ellipse curve encryption and decryption algorithm realization.
Described electronic cipher is divided into ordinary electronic password and temporary electronic password; Described user management module is for arranging the user right of each electronic cipher, and described user right comprises owner, keeper, member, client; Described owner is responsible for activating and management smart lock, and owner has unblanking, shares/reclaim the authority of electron key; Described keeper has unblanking, shares/reclaim the authority of electron key; Described member has the authority of unblanking; Described guest is scope drawback lock at the appointed time; Described owner, keeper, rank and file have 1 ordinary electronic password respectively, and ordinary electronic password stores terminal storage module in the terminal, utilizes mobile terminal directly can open smart lock; Described client utilizes temporary electronic password to realize opening smart lock by mobile terminal and cloud server.
The generation of described electronic cipher and the method for preservation are: the Bluetooth signal of the mobile scanning terminal smart lock of described owner, connected the lock bluetooth transceiver module of smart lock, activated by smart lock by terminal Bluetooth transceiver module; The multiple electronic cipher of smart lock stochastic generation, wherein comprise N number of ordinary electronic password and 1 temporary electronic password, electronics is preserved in lock memory module, all electronic ciphers are returned to mobile terminal by lock bluetooth transceiver module, terminal Bluetooth transceiver module after the encryption of lock Encryption Decryption module simultaneously; All electronic ciphers are decrypted by terminal encryption deciphering module by mobile terminal, one of them is set to temporary electronic password by terminal control unit, other are set to ordinary electronic password, and terminal storage module stores is 1 ordinary electronic password wherein, unblanks for follow-up; The information of all electronic ciphers and owner's mobile terminal is reported to cloud server by https traffic module, communication module by terminal control unit; Cloud server preserves the information of owner's mobile terminal and all electronic cipher information of smart lock.
The method that described ordinary electronic password is shared is: the mobile terminal of owner or keeper sends ordinary electronic password sharing information by ordinary password administration module to cloud server, any 1 ordinary electronic password not having mobile terminal to preserve is selected from the ordinary electronic password of high in the clouds memory module, and utilize user management module to specify the user of this ordinary electronic password of use to be keeper or rank and file, cloud server preserves this sharing information, and message push module sends out message to the mobile terminal of other users; The ordinary electronic password that user uses mobile terminal to share from the mobile terminal that cloud server obtains owner or keeper, is kept at the terminal storage module of mobile terminal; User, when unblanking, utilizes the terminal encryption deciphering module of its mobile terminal to be encrypted this electronic cipher, is sent to lock controller by terminal Bluetooth transceiver module, lock bluetooth transceiver module; Smart lock by after the deciphering of lock Encryption Decryption module be kept at the electronic cipher locked in memory module and compare, if there is identical electronic cipher, unblank.
The method that described temporary electronic password is shared is: owner or keeper use its mobile terminal to send temporary electronic password sharing information by temporary password administration module to cloud server, by unique 1, temporary electronic password is shared with guest, temporary password administration module used for mobile terminal specifies scope effective time this time shared, cloud server preserves sharing information, and message push module sends out message to the mobile terminal of guest; The mobile terminal of guest obtains the sharing information of owner or keeper from the high in the clouds memory module of cloud server, containing mark, scope effective time shared of smart lock, not containing the specifying information of temporary electronic password; Guest is when unblanking, and mobile terminal is to cloud server request temporary electronic password; Whether the time verifying module verification temporary electronic password of cloud server is in time range effectively, if effectively, temporary electronic password is rear by being returned to the mobile terminal of guest by https traffic module, communication module by the encryption of high in the clouds encrypting module, otherwise return mistake; The enciphered message that cloud server is returned by terminal Bluetooth transceiver module, lock bluetooth transceiver module by mobile terminal transfers to smart lock; Lock Encryption Decryption module is deciphered afterwards and is kept at the electronic cipher locked in memory module and compares, if there is electronic cipher identical, unblanks.
The method that described ordinary electronic password reclaims is: owner or keeper use the ordinary password administration module of mobile terminal to send message by terminal Bluetooth transceiver module, lock bluetooth transceiver module to smart lock, and the ordinary electronic password of specifying is deleted in request; The ordinary electronic password be kept in lock memory module is deleted by the lock management module of smart lock, returns successfully; The ordinary password administration module of mobile terminal sends message to cloud server, and the ordinary electronic password of specifying is deleted in request; Cloud server receives solicited message, and the ordinary electronic password of specifying is deleted by Password Management module in high in the clouds from the memory module of high in the clouds, and sends out message to the mobile terminal of guest by message push module; If the mobile terminal that guest uses receives the message of cloud server, know that ordinary electronic password is deleted, then deleted by the ordinary electronic encrypted message of terminal storage module by ordinary password administration module, recovery process terminates; If the mobile terminal that guest uses does not receive the message of cloud server, this electronic cipher in smart lock is deleted, mobile terminal will report an error when next time unblanks to be connected with smart lock, refusal is unblanked, the ordinary password administration module of mobile terminal deletes local encrypted message, and recovery process terminates.
The method that described temporary electronic password reclaims is: owner or keeper use mobile terminal to utilize temporary password administration module to send message to cloud server, and the temporary electronic password of specifying guest is deleted in request; Cloud server receives solicited message, and will the temporary electronic password sharing information of guest be specified to delete, message push module sends out message to the mobile terminal of guest; If the mobile terminal that guest uses receives the message of cloud server, know that temporary electronic password sharing information is deleted, then by the electronic cipher information deletion of its terminal storage module, recovery process terminates; If the mobile terminal that guest uses does not receive the message of cloud server, ask cloud server to report an error when next time unblanks, refusal is unblanked, and delete the temporary electronic encrypted message of terminal storage module, recovery process terminates simultaneously.
Smart lock of the present invention can generate multiple random electronic cipher, utilizes cloud server can arrange the authority of user to different electronic cipher; Electronic cipher is wherein divided into ordinary electronic password and temporary electronic password by mobile terminal, and ordinary electronic password can directly be unblanked by mobile terminal, and temporary electronic password needs to connect cloud server by network and could realize unblanking; The service time of temporary electronic password can be limited simultaneously, realize the different rights of using of user, and it is not high to realize cost.Therefore, security of the present invention is high, easy to use, achieves the rights of using of different user electronic cipher.
Embodiment
The present invention is specifically described below by drawings and Examples.
An electronic cipher Rights Management System for smart lock, as shown in Figure 1, comprise smart lock 1, mobile terminal 2 and cloud server 3, mobile terminal 2 is at least provided with two; Described smart lock 1 is connected with mobile terminal 2 by Bluetooth technology, and mobile terminal 2 is connected with cloud server 3 by mobile network or wireless network.Network can be utilized between mobile terminal 2 to connect the communication being realized data by cloud server 3.Mobile terminal 2 can be mobile phone, PC or iPad.
Be provided with lock controller 4, Password Management module 5, lock bluetooth transceiver module 6, lock Encryption Decryption module 9 and lock memory module 8 in smart lock 1, lock controller 4 respectively with Password Management module 5, lock bluetooth transceiver module 6, lock Encryption Decryption module 9 and lock memory module 8.Lock controller 4 can the multiple electronic cipher of stochastic generation, and lock memory module 8 can realize the preservation to all electronic ciphers, when conveniently unblanking, compares, realize unblanking to the electronic cipher received.Multiple electronic cipher can avoid attacker to the conjecture of electronic cipher.Lock bluetooth transceiver module 6, for externally sending Bluetooth signal, can realize receiving or sending electronic cipher by Bluetooth technology.Lock Encryption Decryption module 9 realizes the electronic cipher memory cryptographic operation to sending, and is decrypted operation to the electronic cipher received.Lock Encryption Decryption module 9 adopts ellipse curve encryption and decryption algorithm realization.Lock cipher administration module 5, for processing the electronic cipher in lock memory module 8, such as, when mobile terminal 2 is lost, can be deleted by lock memory module 8 electronic cipher stored in mobile terminal 2, thus stop other people to use this electronic cipher to unblank.
Preferably, be also provided with anti-read protection module 7 in smart lock 1, anti-read protection module 7 is realized by anti-read protection chip, can not read by the electronic cipher in lock controller 4 protection lock memory module 8 by outside.
Be provided with terminal control unit 11, terminal Bluetooth transceiver module 12, ordinary password administration module 13, temporary password administration module 16, terminal encryption deciphering module 14, https traffic module 17 and terminal storage module 16 in mobile terminal 2, terminal control unit 11 is connected with terminal storage module 16 with terminal Bluetooth transceiver module 12, ordinary password administration module 13, temporary password administration module 15, terminal encryption deciphering module 14, https traffic module 17 respectively.Terminal Bluetooth transceiver module 12 is connected by Bluetooth technology with lock bluetooth transceiver module 8, and the electronic cipher realized after encryption transmits between mobile terminal 2 and smart lock 1.Terminal storage module 16 is for storing the electronic cipher of oneself.The electronic cipher that terminal encryption deciphering module 14 realizes sending is encrypted operation, is decrypted operation to the electronic cipher received.Terminal encryption deciphering module 14 adopts ellipse curve encryption and decryption algorithm realization.Https traffic module 17 is for securely communicating with cloud server 3.
All electronic ciphers that smart lock 1 is generated send to mobile terminal 2 by lock bluetooth transceiver module 8, terminal Bluetooth transceiver module 16 after being encrypted by lock Encryption Decryption module 9.After the electronic cipher of reception utilizes terminal encryption deciphering module 14 to be decrypted by mobile terminal 2, electronic cipher is divided into ordinary electronic password and temporary electronic password.Ordinary electronic password has multiple, and temporary electronic password only has unique one.One of them ordinary electronic password is stored in terminal storage module 16 by terminal control unit 11, and for carrying out unblanking to smart lock 1, other ordinary electronic passwords and temporary electronic password are sent to cloud server 3 by https traffic module 17.Ordinary password administration module 13 is for managing the ordinary electronic password in mobile terminal 2, namely carry out adding or deleting electronic cipher according to smart lock 1 or cloud server 3, send ordinary electronic password sharing information to cloud server 3 simultaneously, send the message of deleting ordinary electronic password to smart lock 1 or cloud server.Temporary password administration module 16 is for arranging the effective time of temporary electronic password, temporary electronic password sharing information is sent to cloud server 3, the message of deleting temporary electronic password is sent to smart lock 1 or cloud server, temporary electronic password is managed, namely carries out adding or delete electronic cipher information according to smart lock 1 or cloud server 3.
Cloud server 3 comprises high in the clouds controller 10, communication module 18, high in the clouds encrypting module 24, user management module 21, high in the clouds Password Management module 24, time verifying module 23, message push module 20 and high in the clouds memory module 19.High in the clouds controller 10 is connected with high in the clouds memory module 19 with communication module 18, high in the clouds encrypting module 24, user management module 21, high in the clouds Password Management module 24, time verifying module 23, message push module 20 respectively.Communication module 18 is connected with https traffic module 17, and they are connected by mobile network or wireless network, realizes the communication of terminal control unit 11 and cloud server 10.Encrypting module 24 pairs of temporary electronic passwords in high in the clouds are encrypted computing, adopt ellipse curve encryption and decryption algorithm realization.High in the clouds memory module 19 is for storing ordinary electronic password and user profile, the temporary electronic password of reception.User management module 21 is for arranging the user right of each ordinary electronic password.Time verifying module 23 for recording the effective time of temporary electronic password, and judges temporary electronic password whether within effective time.Mobile terminal 2 only asks temporary electronic password within the effective time, is just sent to mobile terminal 2 by after temporary electronic password encryption.High in the clouds Password Management module 24 is for deleting all electronic ciphers in high in the clouds memory module 19 or add.The real-time sharing information preserved of message push module 20 is sent to mobile terminal 2.
User is divided into owner, keeper, rank and file, guest.Owner is responsible for activating and management smart lock 1; Keeper has unblanking, shares/reclaim the authority of electronic cipher; Rank and file only has the authority of unblanking; Guest can only at the appointed time scope drawback lock.Owner, keeper, rank and file have 1 ordinary electronic password separately, only utilize mobile terminal 2 to unblank, and support that off-line is unblanked, and namely network connection also need can not carry out unlock operation.Guest gathers around has plenty of temporary electronic password, just can be unblanked by cloud server 3, is namely merely able to carry out unlock operation under the environment having network to connect and in the time range of specifying.Ordinary electronic password can only a user have, and temporary electronic password can be shared with multiple user.With 1, ordinary electronic password synchronization can only be stored by the mobile terminal 2 of 1 user; Temporary electronic password can be had by any mobile terminal 2 simultaneously.
Workflow:
One. the generation of electronic cipher and preservation
The mobile terminal 2 of owner scans the Bluetooth signal of smart lock 1, and connects the lock bluetooth transceiver module 6 of smart lock 1 by terminal Bluetooth transceiver module 12, is activated by smart lock 1; The multiple electronic cipher of smart lock 1 stochastic generation, wherein comprise N number of ordinary electronic password and 1 temporary electronic password, preserved in lock memory module 8, utilize anti-read protection module 7 to protect, all electronic ciphers are returned to mobile terminal 2 by lock bluetooth transceiver module 6, terminal Bluetooth transceiver module 12 after lock Encryption Decryption module 9 is encrypted simultaneously; All electronic ciphers are decrypted by terminal encryption deciphering module 14 by mobile terminal 2, one of them are set to temporary electronic password, and other are set to ordinary electronic password, and terminal storage module 16 stores wherein 1 ordinary electronic password, unblanks for follow-up; The information of all electronic ciphers and owner's mobile terminal 2 is reported cloud server 3 by https traffic module 17, communication module 18 by terminal control unit 11 together; Cloud server 3 preserves the information of owner's mobile terminal 2 and all electronic cipher information of smart lock 1.
Two. flow process shared by ordinary electronic password
The mobile terminal 2 of owner or keeper sends ordinary electronic password sharing information by ordinary password administration module 13 to cloud server 3, any 1 ordinary electronic password not having mobile terminal 2 to preserve is selected from the ordinary electronic password of high in the clouds memory module 19, and utilize user management module 19 to specify the user of this ordinary electronic password of use to be keeper or rank and file, cloud server 3 preserves this sharing information, and message push module 20 message give the mobile terminal 2 of other users; The ordinary electronic password that user uses mobile terminal 2 to share from the mobile terminal 2 that cloud server 3 obtains owner or keeper, is kept at the terminal storage module 16 of mobile terminal 2; User, when unblanking, utilizes the terminal encryption deciphering module 14 of its mobile terminal 2 to be encrypted this electronic cipher, is sent to lock controller 4 by terminal Bluetooth transceiver module 12, lock bluetooth transceiver module 6; Smart lock 1 is deciphered afterwards by lock Encryption Decryption module 9 and is kept at the electronic cipher locked in memory module 8 and compares, if there is identical electronic cipher, unblanks.
Three. flow process shared by temporary electronic password
Owner or keeper use its mobile terminal 2 to send temporary electronic password sharing information by temporary password administration module 15 to cloud server 3, by unique 1, temporary electronic password is shared with guest's (can unlimitedly share), scope effective time that mobile terminal 2 utilizes temporary password administration module 15 to specify this time to share, cloud server 3 preserves sharing information, and message push module 20 message are to the mobile terminal 2 of guest; The mobile terminal 2 of guest obtains the sharing information of owner or keeper from the high in the clouds memory module 19 of cloud server 3, containing mark, scope effective time shared of smart lock, not containing the specifying information of temporary electronic password; Guest is when unblanking, and mobile terminal 2 asks temporary electronic password to cloud server 3; The time verifying module 23 of cloud server 3 verifies temporary electronic password whether in time range effectively, if effectively, by being returned to the mobile terminal 2 of guest by https traffic module 17, communication module 18 after being encrypted by high in the clouds encrypting module 22 by temporary electronic password, otherwise return mistake; The enciphered message that cloud server 3(mould returns is transferred to smart lock 1 by terminal Bluetooth transceiver module 12, lock bluetooth transceiver module 6 by mobile terminal 2; Lock Encryption Decryption module 9 is deciphered afterwards and is kept at the electronic cipher locked in memory module 8 and compares, if there is electronic cipher identical, unblanks.
Four. ordinary electronic password recovery process
Owner or keeper use the ordinary password administration module 13 of mobile terminal 2 to send message by terminal Bluetooth transceiver module 12, lock bluetooth transceiver module 6 to smart lock 1, and the ordinary electronic password of specifying is deleted in request; The ordinary electronic password be kept in lock memory module 8 is deleted by the lock management module 5 of smart lock 1, returns successfully; The ordinary password administration module 13 of mobile terminal 2 sends message to cloud server 3, and the ordinary electronic password of specifying is deleted in request; Cloud server 3 receives solicited message, and the ordinary electronic password of specifying is deleted by high in the clouds Password Management module 24 from high in the clouds memory module 19, and by message push module 20 message to the mobile terminal 2 of guest; If the mobile terminal 2 that guest uses receives the message of cloud server 3, know that ordinary electronic password is deleted, then deleted by the ordinary electronic encrypted message of terminal storage module 16 by ordinary password administration module 13, recovery process terminates; If the mobile terminal 2 that guest uses does not receive the message of cloud server 3, because this electronic cipher in smart lock 1 is deleted, mobile terminal 2 will report an error when next time unblanks to be connected with smart lock 1, refusal is unblanked, the ordinary password administration module 13 of mobile terminal 2 deletes local encrypted message, and recovery process terminates.
Five. temporary electronic password recovery process
Owner or keeper use mobile terminal 2 to utilize temporary password administration module 15 to send message to cloud server 3, and the temporary electronic password of specifying guest is deleted in request; Cloud server 3 receives solicited message, and will the temporary electronic password sharing information of guest be specified to delete, message push module 20 message be to the mobile terminal 2 of guest; If the mobile terminal 2 that guest uses receives the message of cloud server 3, know that temporary electronic password sharing information is deleted, then by the electronic cipher information deletion of its terminal storage module 16, recovery process terminates; If the mobile terminal 2 that guest uses does not receive the message of cloud server 3, ask cloud server 3 to report an error when next time unblanks, refusal is unblanked, and delete the temporary electronic encrypted message of terminal storage module 16, recovery process terminates simultaneously.
The above; be only the present invention's preferably embodiment, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.