[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN111563980A - Bluetooth lock key generation and authentication method - Google Patents

Bluetooth lock key generation and authentication method Download PDF

Info

Publication number
CN111563980A
CN111563980A CN201910076596.6A CN201910076596A CN111563980A CN 111563980 A CN111563980 A CN 111563980A CN 201910076596 A CN201910076596 A CN 201910076596A CN 111563980 A CN111563980 A CN 111563980A
Authority
CN
China
Prior art keywords
key
factory
user
bluetooth lock
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910076596.6A
Other languages
Chinese (zh)
Other versions
CN111563980B (en
Inventor
杨刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhihui Space Technology Co ltd
Original Assignee
Beijing Zhihui Space Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhihui Space Technology Co ltd filed Critical Beijing Zhihui Space Technology Co ltd
Priority to CN201910076596.6A priority Critical patent/CN111563980B/en
Publication of CN111563980A publication Critical patent/CN111563980A/en
Application granted granted Critical
Publication of CN111563980B publication Critical patent/CN111563980B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00658Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by passive electrical keys
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • G07C2009/00825Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed remotely by lines or wireless communication

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Lock And Its Accessories (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method for generating and authenticating a Bluetooth lock key, wherein a root key of a Bluetooth lock comprises a factory root key, a user root key and a key root key; each type of root key can generate a corresponding type of key, namely a factory key, a user key and a key; the authentication of bluetooth lock and key is gone on through the APP, and wherein, mill's root key is generated when bluetooth lock is initialized, and user's root key is by bluetooth lock random generation, prevents that the root key from losing the back, and the emergence of unable remedy phenomenon connects at every turn simultaneously and renegotiates the communication key, has prevented the possibility that the replay is attacked, and three root key generation three key has more guaranteed the safety of key.

Description

Bluetooth lock key generation and authentication method
Technical Field
The invention relates to the technical field of Bluetooth locks, in particular to a Bluetooth lock key generation and authentication method.
Background
The door lock relates to personal and property safety, so the requirement on safety is high. Because the bluetooth system of unblanking involves high in the clouds database and code security, APP data and code security, firmware data and code security, these three-terminal as long as have one end to produce the leak, will exert an influence to whole security.
The firmware is the most important relation of the security of the bluetooth lock, and if the design is not proper, the bluetooth lock is easy to be attacked by hackers, for example, under the condition that the most basic communication protocol is plaintext, or the door opening instruction is the same each time, or the door opening logic is cracked, and the like, the hackers can copy the digital key without contacting. In order to prevent the communication protocol from transmitting plaintext, encryption is required in the communication process. Because the low-power consumption Bluetooth has limited data transmission amount each time and small calculation power, only a symmetrical algorithm with low calculation power requirement can be selected. However, if the encryption key of the symmetric algorithm is not changed, the instruction for opening the door every time is the same, so that the encryption is meaningless, and a key needs to be negotiated in each communication process. Only a certain logic algorithm is used for negotiating the key, and once the logic is leaked, the negotiated key is also unsafe; if a root key is built in the Bluetooth lock, the key exists in the APP or the cloud. If in APP, there may be some problems, such as the APP is unloaded carelessly, or the mobile phone is formatted, and the user has no card or key, and can only find the locksmith to unlock, or violently disassemble. Meanwhile, the APP installation package can be decompiled, and even if codes are confused or technical means such as sandbox are used, cracking is only a time problem. If the root key is parsed, the lock has no security. In addition, the root key is stored in the APP, so that the B-end application scene is not convenient, namely, the requirement of multiple administrators for managing keys in batch is met, and from the point of view, the root key is stored in the cloud end to be the best choice, and the APP only plays the role of a 'middle man' in unlocking.
But when there is not the network, APP can't connect the server, can't realize unblanking.
The root key is stored in the cloud, and the 'business server' containing the key generation algorithm and the 'secret management center' storing the root key are separately deployed, so that the safety of the root key is ensured to a certain extent. Although the probability of the server being broken is extremely low, the world has no absolute security, and once the 'crypto-center' and the 'business server' are broken, the security of all Bluetooth locks can be threatened, and a large-scale security event is caused.
If only one kind of root key exists inside the bluetooth lock, and the distributed key is required to be recovered (the root key is regenerated), the problem of data asynchronization is easy to occur. For example, when the root key is regenerated, an irreparable interruption occurs in a certain step, so that a new root key is not uploaded to the server, and then the root key of the lock is lost (equivalent to that the bluetooth function is not available) and no remedial measures are taken.
In order to solve the above problems, it is an urgent need to design a secure bluetooth lock system.
Disclosure of Invention
The invention aims to provide a method for generating and authenticating a Bluetooth lock key, which is characterized in that three types of root keys are correspondingly generated by using three types of root keys, and respective original data are respectively added in the generation process, so that the security of the key is improved.
The above object of the present invention is achieved by the following technical solutions:
a bluetooth lock key generation and authentication method, the root key of the said bluetooth lock includes factory root key, user root key and key set root key; generating keys of corresponding types by the root key of each type, wherein the keys are respectively a factory key, a user key and a key; the authentication of the Bluetooth lock and the user key is realized through the user APP, wherein the factory root key is generated when the Bluetooth lock is initialized, the user root key is randomly generated by the Bluetooth lock, and the key root key is fixedly set.
The invention is further configured to: the factory root key generating the factory key, comprising the steps of:
s31, splitting the factory root key into two segments, namely a factory root key A and a factory root key B;
s32, after the factory original data and the factory root key B are spliced together, encrypting by using the factory root key, and taking the obtained data as a factory parameter key;
s33, splitting the factory parameter key into two sections, namely a factory parameter key A and a factory parameter key B;
s34, after the factory parameter key A and the factory root key A are spliced together, the factory root key is used for encryption, and the obtained data is a factory authentication key;
and S35, splicing the factory parameter key and the factory authentication key together to obtain data, namely the factory key.
The invention is further configured to: in step S31, the factory root key a includes 12 bytes, and the factory root key B includes 4 bytes; in step S33, the parameter key a includes 4 bytes, and the parameter key B includes 12 bytes.
The invention is further configured to: the method for generating the key by the key root key and the method for generating the user key by the user root key are the same as the method for generating the factory key by the factory root key, and the difference is that the key raw data is used in the process of generating the key; in the process of generating the user key, the user original data is used.
The invention is further configured to: the Bluetooth lock is the same as the authentication methods of a user key, a key and a factory key respectively.
The invention is further configured to: the Bluetooth lock and the user key authentication method and the working process of the user APP comprise the following steps:
r1, connecting the user APP with the Bluetooth lock;
r2, the user APP adopts the user key to send a request authentication to the Bluetooth lock;
r3, the user APP receives the challenge initiated by the Bluetooth lock, the challenge data is decrypted and analyzed by the authentication key, the challenge data is used for updating the encryption key, and the communication key for communication encryption is negotiated at the moment;
r4, the user APP replies the challenge to the Bluetooth lock and sends the operation to be performed to the Bluetooth lock;
r5, the user key authentication process ends.
The invention is further configured to: the Bluetooth lock and the user key authentication method, the working process of the Bluetooth lock, include the following steps:
after receiving the request authentication, the Bluetooth lock firstly generates an authentication key, decrypts part of the request authentication data packet and verifies the data packet, then decrypts the parameter key to obtain and verify the data packet, if the verification is successful, the challenge is initiated, namely, after a challenge random number is generated, a challenge data packet is generated and encrypted by the authentication key to be sent to the user APP.
The invention is further configured to: in step R2, the request for authentication packet includes: the key comprises a parameter key, a key type, a random number and a check bit, wherein the parameter key comprises 16 bytes, the key type comprises 1 byte, the random number comprises 2 bytes, the check bit comprises 1 byte, the first 4 bytes of the parameter key are not encrypted, and the last 12 bytes of the parameter key, the key type, the random number and the check bit are encrypted by an authentication key.
The invention is further configured to: the communication key comprises challenge data 2 and a second half part of the authentication key; the challenge data 2 comprises 8 bytes and 8 bytes after the latter half part of the authentication key; the reply challenge and operation data packet comprises challenge data 1, a command segment and check bits, wherein the challenge data 1 comprises 4 bytes, the command segment comprises 15 bytes, the check bits comprise 1 byte, and the command segment and the check bits of the reply challenge and operation data packet are encrypted by a communication key and are not processed for the challenge data 1.
The invention is further configured to: the challenge packet includes: the authentication device comprises an authentication reply, challenge data 1, challenge data 2, a random number and check bits, wherein the authentication reply comprises 2 bytes, the challenge data 1 comprises 4 bytes, the challenge data 2 comprises 8 bytes, the random number comprises 5 bytes, the check bits comprise 1 byte, the first 2 bytes of the authentication reply, the challenge data 1, the challenge data 2 and the random number are encrypted by an authentication key, and the last 3 bytes and the check bits of the random number are not processed.
Compared with the prior art, the invention has the beneficial technical effects that:
1. according to the invention, three different root keys are generated by setting three different root keys, so that the safety of the Bluetooth lock is ensured, and the problem that the root keys cannot be remedied after being lost is solved.
2. Furthermore, in the process of updating the user root key, the factory root key is used for verification and encryption, and the safety of the Bluetooth lock is improved.
Drawings
FIG. 1 is a schematic initialization flow diagram of an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a process of generating a user root key by a B-lock according to an embodiment of the present invention.
Fig. 3 is a flowchart illustrating a process of generating a user root key by a C-lock according to an embodiment of the present invention. Fig. 4 is a flowchart illustrating a process of issuing a key by a server according to an embodiment of the present invention.
Fig. 5 is a flowchart illustrating bluetooth authentication unlocking according to an embodiment of the present invention.
Fig. 6 is a flowchart illustrating key authentication according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The invention provides a Bluetooth lock system, which comprises a factory root key, a user root key and a key root key, wherein the factory root key is used for verification and encryption in the process of updating the user root key, so that if data is lost when the user root key is updated, the user root key only needs to be updated again, and the problem of root key loss can not be caused.
The "factory root key" and the "user root key" are generated randomly by the lock, and the "key press root key" is fixed. Each type of root Key may generate a corresponding type of Key, and thus the keys are also classified into a factory Key (factory Key), a User Key (User Key), and a press Key (PressKey).
In the production process of the bluetooth lock, a key generated when the bluetooth lock is initialized is a 'factory root key', and a factory key (factory key) is a key generated by the 'factory root key'. Factory APPs used at the factory can be guaranteed to be secure, and thus the "factory root key" can be considered secure as well.
The user root key is mostly generated in a normal use environment, the factory root key is used for encrypting the user root key to ensure the safety, and the problem that the safety of the user root key cannot be ensured by using a fixed key for encryption is solved.
When the Bluetooth lock is added with a user root key, the user is required to fill in a self-defined door opening password. This password only stores in bluetooth lock and APP, does not upload to the high in the clouds. At this time, the mobile phone only has a password and a key, and the server only has a root key. When opening the door at every turn, the key that password and high in the clouds were sent in the APP all corresponds with the lock in information and could open the bluetooth lock, has solved if "close management center" and "business server" are attacked the back, the problem that bluetooth lock safety can not be guaranteed.
A key is a set of data that is processed to represent a certain meaning and encrypted with a root key. The key obtained by the APP is divided into two parts, wherein one part is an AuthKey for verification, and the other part is a ParamKey for verifying information such as authority. At the moment, the APP is not only purely used as a 'middle man', and a root key of the lock is not obtained, so that the situation of opening the door offline is solved, and the problem of exposing the root key is also solved.
When the bluetooth lock is initialized, a lock identifier of a B end or a C end can be written in, wherein the B end represents a lock for collective unified management, such as hotel and community entrance guard, and the C end represents a lock for a personal user, such as a door lock in a home.
The B-side Bluetooth lock can only use a factory key (FactoryKey) to perform authentication and add a 'user root key', the B-side Bluetooth lock is bound to a certain group or a certain cell, and an individual user cannot add the 'user root key'. The non-group account of the APP cannot obtain a corresponding factory key (factory key), so that the situation that a non-group user maliciously adds a "user root key" is prevented.
Set up a button in C end bluetooth lock's inside, only can open the people of this bluetooth lock (the owner of lock promptly) can press, solved because C end bluetooth lock does not have a one-to-one with the APP account number, can't judge whether some account number has the problem of adding this bluetooth lock user key (UserKey) permission. After the key is pressed, a fixed key (PressKey) can be used for authentication and a "user root key" can be generated within 30 seconds.
After the burning of the firmware of the Bluetooth lock is finished, the internal data are default values, and the Bluetooth unlocking function can be realized only after four steps of initialization, user key generation, key issuing by a server and Bluetooth authentication unlocking are required. The initialization is completed in the factory, and the rest steps are carried out according to the actual application scene.
The bluetooth lock initialization operation is to write necessary information into the lock device which just burns the firmware, generate a 'factory root key' and record the 'factory root key' into the server correspondingly. The 'factory root key' is not changeable after being generated, and can be generated again only after the program is rewritten and internal data is emptied.
In a specific embodiment of the present invention, as shown in fig. 1, the server, the bluetooth lock, and the factory APP cooperate to complete an initialization process.
A server workflow, comprising the steps of:
c1, after receiving an account password login request sent by the factory APP, the server verifies account authority and production quantity, if the account password is consistent, login success information is sent to the factory APP, wherein the account password is sent in an HTTPS encryption mode;
c2, the server receives the MAC address reported by the factory APP, MAC duplication checking is carried out, a Bluetooth lock ID and a password ID are generated, and related data are recorded;
c3, the server sends ID and password ID to give factory APP;
and C4, the server receives the factory root key ciphertext sent by the factory APP, decrypts and stores the factory root key ciphertext.
The factory APP workflow comprises the following steps:
d1, sending an account password login request to the server by the factory APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS mode;
d2, the factory APP receives the broadcast MAC address of the Bluetooth lock and reports the broadcast MAC address to the server;
d3, receiving the Bluetooth lock ID and the password ID sent by the server by the factory APP;
d4, realizing the connection with the Bluetooth lock by the factory APP; and the Bluetooth lock is subjected to factory key authentication, and the Bluetooth lock ID, the password ID and the B/C terminal identification are written into the Bluetooth lock;
d5, the factory APP receives the write-in success information sent by the Bluetooth lock and sends an initialization factory root key instruction to the Bluetooth lock;
d6, the factory APP receives the factory root key ciphertext sent by the Bluetooth lock, and reports the factory root key ciphertext to the server;
d7, leave factory APP disconnection and bluetooth lock's connection.
The working process of the Bluetooth lock comprises the following steps:
e1, broadcasting and sending the MAC address to a factory APP by the Bluetooth lock;
e2, establishing connection with a factory APP by the Bluetooth lock; performing factory key authentication with a factory APP;
e3, writing ID, password ID and B/C terminal identification into the Bluetooth lock; after the write-in operation is successful, sending operation success information to a factory APP;
e4, the Bluetooth lock receives an instruction of initializing a factory root key, randomly generates and stores a new factory root key, randomly selects a key to encrypt the factory root key, and then sends a factory root key ciphertext to a factory APP;
e4, the connection of bluetooth lock disconnection and factory APP.
In a specific embodiment of the present invention, the server, the bluetooth lock, and the user APP cooperate to generate the user root key.
The user root key is used for generating a user key (UserKey) used by the door opening operation of the user, and the user root key is stored in the server. For keys with the authority to generate the "user root key", the "user root key" may be regenerated.
In an embodiment of the present invention, as shown in fig. 2, the B-side bluetooth lock generates a user root key, and the server working process includes the following steps:
s11, after receiving an account password login request sent by a user APP, the server verifies the account, and if the account password is consistent, the server sends login success information to the user APP, wherein the account password is sent in an HTTPS encryption mode;
s12, the server receives the broadcast password ID sent by the user APP, verifies the account authority, generates a factory key (FactoryKey) and sends the factory key (FactoryKey) to the user APP;
and S13, the server receives the user root key ciphertext sent by the user APP, decrypts and stores the user root key ciphertext.
The working process of the user APP comprises the following steps:
a11, sending an account password login request to a server by a user APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS encryption mode;
a12, the user APP receives the broadcast password ID of the Bluetooth lock and reports the broadcast password ID to the server;
a13, receiving the factory key sent by the server by the user APP;
a14, connecting the user APP with the Bluetooth lock; and the Bluetooth lock is subjected to factory key authentication, and a user root key generating instruction is sent to the Bluetooth lock;
a15, the user APP receives a user root key ciphertext sent by the Bluetooth lock and reports the user root key ciphertext to the server;
a16, the user APP disconnects from the Bluetooth lock.
The working process of the Bluetooth lock comprises the following steps:
b11, the Bluetooth lock sends the broadcast password ID to the user APP;
b12, the Bluetooth lock establishes connection with the APP of the user; and performing factory key authentication with the user APP;
b13, the Bluetooth lock receives a user root key generating instruction sent by a user APP;
b14, the Bluetooth lock randomly generates a new user root key, stores and updates the user root key, encrypts the user root key by adopting a factory root key to form a user root key ciphertext, and reports the user root key ciphertext to the user APP;
b15, the connection of the Bluetooth lock and the APP of the user is disconnected.
In an embodiment of the present invention, as shown in fig. 3, the bluetooth lock at the C-side generates a user root key, and the server working process includes the following steps:
s21, after receiving an account password login request sent by a user APP, the server verifies the account, and if the account password is consistent, the server sends login success information to the user APP, wherein the account password is sent in an HTTPS encryption mode;
and S22, the server receives the user root key ciphertext sent by the user APP, decrypts and stores the user root key ciphertext.
The working process of the user APP comprises the following steps:
a21, sending an account password login request to a server by a user APP, and receiving login success information sent by the server, wherein the account password is sent in an HTTPS mode;
a22, receiving the code ID and the C end identification information broadcasted by the Bluetooth lock by the user APP;
a23, connecting the user APP with the Bluetooth lock; key authentication is carried out on the Bluetooth lock and a user root key generating instruction is sent to the Bluetooth lock;
a25, the user APP receives a user root key ciphertext sent by the Bluetooth lock and reports the user root key ciphertext to the server;
a26, the user APP disconnects from the Bluetooth lock.
The working process of the Bluetooth lock, the Bluetooth lock uses the key to authenticate and generate a user root key within the set time after the key is pressed down, and the method comprises the following steps:
b21, pressing the button of the Bluetooth lock;
b22, broadcasting the password ID and the C end identification information to the user APP by the Bluetooth lock;
b23, the Bluetooth lock establishes connection with the APP of the user; and key-press key authentication is carried out with the user APP;
b24, the Bluetooth lock receives a user root key generating instruction sent by a user APP;
b25, the Bluetooth lock randomly generates a new user root key, the user root key is updated and stored, the user root key is encrypted by adopting a factory root key to form a user root key ciphertext, and the user root key ciphertext is reported to a user APP;
b25, the connection of the Bluetooth lock and the APP of the user is disconnected.
Preferably, the set time is 30 seconds.
In one embodiment of the present invention, after the bluetooth lock has a "user root key", the key may be calculated. As shown in fig. 4, in the process of issuing the user key to the user APP by the server, the server workflow includes the following steps:
f1, after receiving account password login information sent by the user APP, the server performs account verification, and if the verification is successful, the server sends login success information to the user APP, wherein the account password is sent in an HTTPS encryption mode;
f2, the server sends the user key to the user APP.
In the process of issuing the user key by the server, the user APP workflow comprises the following steps:
f11, sending account password information to the server by the user APP in an HTTPS encryption mode, and requesting login;
f12, the user APP receives the login success signal returned by the server and the issued user key.
In a specific embodiment of the present invention, as shown in fig. 5, the bluetooth lock authenticates unlocking, only a user key with authority can authenticate unlocking, and the user unlocking information needs to be determined during unlocking, and the working process of the bluetooth lock includes the following steps:
g1, broadcasting a password ID (cipher ID) to a user APP by the Bluetooth lock;
g2, the Bluetooth lock establishes connection with the APP of the user;
g3, carrying out user key verification on the Bluetooth lock and the user APP;
g4, the Bluetooth lock receives operation information sent by a user APP, and the operation information comprises a door opening command and a user self-defined password;
g5, after the Bluetooth lock is successfully unlocked, reporting unlocking success information to a user APP;
g6, the connection of bluetooth lock disconnection and user APP.
Bluetooth lock authentication is unblanked, and user APP working process includes following step:
h1, receiving the broadcast password ID of the Bluetooth lock by the user APP;
h2, establishing connection between the user APP and the Bluetooth lock;
h3, carrying out user key verification on the user APP and the Bluetooth lock;
h4, sending operation information to the Bluetooth lock by the user APP, wherein the operation information comprises a door opening command and a user self-defined password;
h5, receiving unlocking success information sent by the Bluetooth lock by the user APP;
h6, disconnecting the user APP from the Bluetooth lock;
h7, the user APP reports the user root key ciphertext to the server for storage.
In one embodiment of the present invention, different types of keys are generated in the same way, and are encrypted by AES or other symmetric algorithm, except that the original Data (Data) (12 bytes) carried by the different types of keys have different meanings and different root keys are used in the key generation process.
Specifically, the generation of the factory key includes the steps of:
s31, splitting the factory root key into a factory root key A and a factory root key B; the factory root key a comprises 12 bytes and the factory root key B comprises 4 bytes;
s32, after factory original Data (Data) and a factory root key B are spliced together and encrypted by the factory root key, the obtained Data is a factory parameter key (Paramkey) which comprises 16 bytes;
s33, splitting a factory parameter key (Paramkey) into two sections, wherein the factory parameter key A (Paramkey A) and the factory parameter key B (Paramkey B) comprise 4 bytes, and the factory parameter key B comprises 12 bytes;
s34, after the factory parameter key A and the factory root key A are spliced together, the factory root key is used for encryption, and the obtained data is a factory authentication key and comprises 16 bytes;
and S35, splicing the factory parameter key and the factory authentication key together to obtain data, namely the factory key, which comprises 32 bytes.
Likewise, the generation of the key-press includes the steps of:
s41, splitting the key root key into two sections of key root key A and key root key B, wherein the key root key A comprises 12 bytes, and the key root key B comprises 4 bytes;
s42, after the key original data and the key root key B are spliced together and encrypted by the key root key, the obtained data is a key parameter key and comprises 16 bytes;
s43, splitting the key parameter key into two sections of key parameter key A and key parameter key B, wherein the key parameter key A comprises 4 bytes, and the key parameter key B comprises 12 bytes;
s44, after the key parameter key A and the key root key A are spliced together, the key root key is used for encryption, and the obtained data is a key authentication key and comprises 16 bytes;
and S45, the key parameter key and the key authentication key are spliced together, and the obtained data is the key.
Likewise, a user root key generates the user key, comprising the steps of:
s51, splitting the user root key into two segments, namely a user root key A and a user root key B, wherein the user root key A comprises 12 bytes, and the user root key B comprises 4 bytes;
s52, after the original data of the user and the user root key B are spliced together, the original data of the user and the user root key B are encrypted by the user root key, and the obtained data is the user parameter key;
s53, splitting the user parameter key into two sections, namely a user parameter key A and a user parameter key B, wherein the user parameter key A comprises 4 bytes, and the user parameter key B comprises 12 bytes;
s54, after the user parameter key A and the user root key A are spliced together, encrypting the data by using the user root key, and obtaining data as a user authentication key;
and S55, the user parameter key and the user authentication key are spliced together, and the obtained data is the user key.
In one embodiment of the present invention, the bluetooth lock is the same as the key authentication method regardless of the type of key, but differs in the subsequent operation authority of the key. For example, a factory key (factory key) may not open a door, a user key (UserKey) may not add a "user root key", etc.
As shown in fig. 6, in the process of authenticating the bluetooth lock and the user key, the working process of the user APP includes the following steps:
r1, connecting the user APP with the Bluetooth lock;
r2, the user APP adopts the user key to send a request authentication (Auth) to the Bluetooth lock;
r3, the user APP receives the Challenge initiated by the Bluetooth lock, the Challenge (Challenge) data is decrypted and analyzed by using the authentication key (AuthKey), and the encryption key is updated by using the Challenge (Challenge) data, which is equivalent to a communication key for communication encryption;
r4, the user APP replies the challenge to the Bluetooth lock and sends the operation to be performed to the Bluetooth lock;
r5, the user key authentication process ends.
In the process of authenticating the Bluetooth lock and the user key, the working process of the Bluetooth lock comprises the following steps:
after receiving the request authentication, the R11 bluetooth lock first generates an authentication key (AuthKey), decrypts part of the request authentication data packet and verifies it, then decrypts the parameter key (ParamKey) and obtains and verifies it, if the verification is successful, the Challenge is initiated, that is, after a Challenge (Challenge) random number is generated, a Challenge data packet is generated and encrypted by the authentication key (AuthKey) and sent to the user APP.
As can be seen from the key generation process, the authentication key (AuthKey) can be calculated using the unencrypted parameter key (ParamKey) and the root key stored inside the lock.
Wherein,
in step R2, an authentication packet structure is requested, as shown in table 1:
Figure BDA0001959029120000101
a request authentication packet comprising: the key comprises a parameter key, a key type, a random number and a check bit, wherein the parameter key comprises 16 bytes, the key type comprises 1 byte, the random number comprises 2 bytes, the check bit comprises 1 byte, the first 4 bytes of the parameter key are not encrypted, and the last 12 bytes of the parameter key, the key type, the random number and the check bit are encrypted by a verification key.
In step R11, the data packet structure is challenged, as shown in table 2:
Figure BDA0001959029120000102
a challenge packet comprising: authentication reply (authreply), challenge data (challenge data)1, challenge data (challenge data)2, random number and check bit, wherein the authentication reply comprises 2 bytes, the challenge data 1 comprises 4 bytes, the challenge data 2 comprises 8 bytes, the random number comprises 5 bytes, the check bit comprises 1 byte, the first 2 bytes of the authentication reply, the challenge data 1, the challenge data 2 and the random number are encrypted by a verification key, and the last 3 bytes and the check bit of the random number are not processed.
In step R3, the communication key structure is shown in table 3:
Figure BDA0001959029120000111
the communication key comprises challenge data (challenge data)2 and a second half part of an authentication key (AuthKey); the challenge data 2 includes 8 bytes, and the second half of the authentication key includes the last 8 bytes.
In step R4, the challenge and operation packet structure is recovered, as shown in table 4:
Figure BDA0001959029120000112
the reply challenge and operation data packet comprises challenge data 1, a Command (Command) section and check bits, wherein the challenge data 1 comprises 4 bytes, the Command section comprises 15 bytes, the check bits comprise 1 byte, and the Command section and the check bits of the reply challenge and operation data packet are encrypted by a communication key and are not processed by the challenge data 1.
So far the bluetooth authentication process is finished.
In the communication process, the original text of the key data is not exposed in the communication process, and the key cannot be acquired in a wireless packet capturing mode. Meanwhile, the used communication key is renegotiated for each connection, so that the possibility of replay attack is prevented. When the man-in-the-middle attack is used, the man-in-the-middle can not obtain the communication key and can not carry out data tampering.
The embodiments of the present invention are preferred embodiments of the present invention, and the scope of the present invention is not limited by these embodiments, so: all equivalent changes made according to the structure, shape and principle of the invention are covered by the protection scope of the invention.

Claims (10)

1. A bluetooth lock key generation and authentication method is characterized in that: the root key of the Bluetooth lock comprises a factory root key, a user root key and a key root key; generating keys of corresponding types by the root key of each type, wherein the keys are respectively a factory key, a user key and a key; the authentication of the Bluetooth lock and the user key is realized through the user APP, wherein the factory root key is generated when the Bluetooth lock is initialized, the user root key is randomly generated by the Bluetooth lock, and the key root key is fixedly set.
2. The bluetooth lock key generation and authentication method according to claim 1, wherein: the factory root key generating the factory key, comprising the steps of:
s31, splitting the factory root key into two segments, namely a factory root key A and a factory root key B;
s32, after the factory original data and the factory root key B are spliced together, encrypting by using the factory root key, and taking the obtained data as a factory parameter key;
s33, splitting the factory parameter key into two sections, namely a factory parameter key A and a factory parameter key B;
s34, after the factory parameter key A and the factory root key A are spliced together, the factory root key is used for encryption, and the obtained data is a factory authentication key;
and S35, splicing the factory parameter key and the factory authentication key together to obtain data, namely the factory key.
3. The bluetooth lock key generation and authentication method according to claim 2, wherein: in step S31, the factory root key a includes 12 bytes, and the factory root key B includes 4 bytes; in step S33, the parameter key a includes 4 bytes, and the parameter key B includes 12 bytes.
4. The bluetooth lock key generation and authentication method according to claim 1, wherein: the method for generating the key by the key root key and the method for generating the user key by the user root key are the same as the method for generating the factory key by the factory root key, and the difference is that the key raw data is used in the process of generating the key; in the process of generating the user key, the user original data is used.
5. The bluetooth lock key generation and authentication method according to claim 1, wherein: the Bluetooth lock is the same as the authentication methods of a user key, a key and a factory key respectively.
6. The bluetooth lock key generation and authentication method according to claim 1, wherein: the Bluetooth lock and the user key authentication method and the working process of the user APP comprise the following steps:
r1, connecting the user APP with the Bluetooth lock;
r2, the user APP adopts the user key to send a request authentication to the Bluetooth lock;
r3, the user APP receives the challenge initiated by the Bluetooth lock, the challenge data is decrypted and analyzed by the authentication key, the challenge data is used for updating the encryption key, and the communication key for communication encryption is negotiated at the moment;
r4, the user APP replies the challenge to the Bluetooth lock and sends the operation to be performed to the Bluetooth lock;
r5, the user key authentication process ends.
7. The bluetooth lock key generation and authentication method according to claim 1, wherein: the Bluetooth lock and the user key authentication method, the working process of the Bluetooth lock, include the following steps:
after receiving the request authentication, the Bluetooth lock firstly generates an authentication key, decrypts part of the request authentication data packet and verifies the data packet, then decrypts the parameter key to obtain and verify the data packet, if the verification is successful, the challenge is initiated, namely, after a challenge random number is generated, a challenge data packet is generated and encrypted by the authentication key to be sent to the user APP.
8. The bluetooth lock key generation and authentication method according to claim 6, wherein: in step R2, the request for authentication packet includes: the key comprises a parameter key, a key type, a random number and a check bit, wherein the parameter key comprises 16 bytes, the key type comprises 1 byte, the random number comprises 2 bytes, the check bit comprises 1 byte, the first 4 bytes of the parameter key are not encrypted, and the last 12 bytes of the parameter key, the key type, the random number and the check bit are encrypted by an authentication key.
9. The bluetooth lock key generation and authentication method according to claim 6, wherein: the communication key comprises challenge data 2 and a second half part of the authentication key; the challenge data 2 comprises 8 bytes and 8 bytes after the latter half part of the authentication key; the reply challenge and operation data packet comprises challenge data 1, a command segment and check bits, wherein the challenge data 1 comprises 4 bytes, the command segment comprises 15 bytes, the check bits comprise 1 byte, and the command segment and the check bits of the reply challenge and operation data packet are encrypted by a communication key and are not processed for the challenge data 1.
10. The bluetooth lock key generation and authentication method according to claim 7, wherein: the challenge packet includes: the authentication device comprises an authentication reply, challenge data 1, challenge data 2, a random number and check bits, wherein the authentication reply comprises 2 bytes, the challenge data 1 comprises 4 bytes, the challenge data 2 comprises 8 bytes, the random number comprises 5 bytes, the check bits comprise 1 byte, the first 2 bytes of the authentication reply, the challenge data 1, the challenge data 2 and the random number are encrypted by an authentication key, and the last 3 bytes and the check bits of the random number are not processed.
CN201910076596.6A 2019-01-26 2019-01-26 Bluetooth lock key generation and authentication method Active CN111563980B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910076596.6A CN111563980B (en) 2019-01-26 2019-01-26 Bluetooth lock key generation and authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910076596.6A CN111563980B (en) 2019-01-26 2019-01-26 Bluetooth lock key generation and authentication method

Publications (2)

Publication Number Publication Date
CN111563980A true CN111563980A (en) 2020-08-21
CN111563980B CN111563980B (en) 2022-04-29

Family

ID=72074038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910076596.6A Active CN111563980B (en) 2019-01-26 2019-01-26 Bluetooth lock key generation and authentication method

Country Status (1)

Country Link
CN (1) CN111563980B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112396738A (en) * 2020-12-01 2021-02-23 深圳市汇顶科技股份有限公司 Unlocking method of shared device and related device
CN114148286A (en) * 2021-11-03 2022-03-08 中山市澳多电子科技有限公司 Automobile control system based on Bluetooth and NFC

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4947163A (en) * 1985-10-16 1990-08-07 Supra Products, Inc. Electronic security system with configurable key
CN102945574A (en) * 2012-11-14 2013-02-27 李凯 Device and method for controlling locking system permission by mobile equipment
CN103593892A (en) * 2013-11-06 2014-02-19 天津大学 Challenge response and symmetrical encryption based electronic lock unlocking method
CN104618422A (en) * 2014-08-22 2015-05-13 东风小康汽车有限公司重庆分公司 Bluetooth type automobile starting control method and mobile terminal
US20160036594A1 (en) * 2014-07-30 2016-02-04 Master Lock Company Wireless key management for authentication
CN106851540A (en) * 2017-02-08 2017-06-13 飞天诚信科技股份有限公司 The implementation method and device of a kind of Bluetooth pairing
CN106934903A (en) * 2017-04-26 2017-07-07 杨昌华 A kind of blue-tooth intelligence lock
CN107086915A (en) * 2017-05-25 2017-08-22 山东浪潮商用系统有限公司 A kind of data transmission method, data sending terminal and data receiver
CN107786550A (en) * 2017-10-17 2018-03-09 中电长城(长沙)信息技术有限公司 A kind of safety communicating method of self-service device, safe communication system and self-service device
CN107833334A (en) * 2017-11-29 2018-03-23 南华大学 Shared place door lock key management system and method based on bluetooth and mobile network
CN107948961A (en) * 2017-12-23 2018-04-20 北京智辉空间科技有限责任公司 Bluetooth alignment system and method
CN108989318A (en) * 2018-07-26 2018-12-11 中国电子科技集团公司第三十研究所 A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4947163A (en) * 1985-10-16 1990-08-07 Supra Products, Inc. Electronic security system with configurable key
CN102945574A (en) * 2012-11-14 2013-02-27 李凯 Device and method for controlling locking system permission by mobile equipment
CN103593892A (en) * 2013-11-06 2014-02-19 天津大学 Challenge response and symmetrical encryption based electronic lock unlocking method
US20160036594A1 (en) * 2014-07-30 2016-02-04 Master Lock Company Wireless key management for authentication
CN104618422A (en) * 2014-08-22 2015-05-13 东风小康汽车有限公司重庆分公司 Bluetooth type automobile starting control method and mobile terminal
CN106851540A (en) * 2017-02-08 2017-06-13 飞天诚信科技股份有限公司 The implementation method and device of a kind of Bluetooth pairing
CN106934903A (en) * 2017-04-26 2017-07-07 杨昌华 A kind of blue-tooth intelligence lock
CN107086915A (en) * 2017-05-25 2017-08-22 山东浪潮商用系统有限公司 A kind of data transmission method, data sending terminal and data receiver
CN107786550A (en) * 2017-10-17 2018-03-09 中电长城(长沙)信息技术有限公司 A kind of safety communicating method of self-service device, safe communication system and self-service device
CN107833334A (en) * 2017-11-29 2018-03-23 南华大学 Shared place door lock key management system and method based on bluetooth and mobile network
CN107948961A (en) * 2017-12-23 2018-04-20 北京智辉空间科技有限责任公司 Bluetooth alignment system and method
CN108989318A (en) * 2018-07-26 2018-12-11 中国电子科技集团公司第三十研究所 A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112396738A (en) * 2020-12-01 2021-02-23 深圳市汇顶科技股份有限公司 Unlocking method of shared device and related device
CN114148286A (en) * 2021-11-03 2022-03-08 中山市澳多电子科技有限公司 Automobile control system based on Bluetooth and NFC

Also Published As

Publication number Publication date
CN111563980B (en) 2022-04-29

Similar Documents

Publication Publication Date Title
CN106130982B (en) Intelligent household appliance remote control method based on PKI system
JP3863852B2 (en) Method of controlling access to network in wireless environment and recording medium recording the same
CN111080845B (en) Temporary unlocking method, system, door lock, administrator terminal and readable storage medium
CN109495274A (en) A kind of decentralization smart lock electron key distribution method and system
CN107612889B (en) Method for preventing user information leakage
CN107154847A (en) Towards the method for generating cipher code, verification method and its smart machine of offline environment
CN112104454B (en) Data secure transmission method and system
CN111243133A (en) Bluetooth door lock system based on dynamic password generation and matching and unlocking method
CN108650261B (en) Mobile terminal system software burning method based on remote encryption interaction
CN113572740A (en) Cloud management platform authentication encryption method based on state password
CN111181723A (en) Method and device for offline security authentication between Internet of things devices
CN104767766A (en) Web Service interface verification method, Web Service server and client
CN112672342B (en) Data transmission method, device, equipment, system and storage medium
CN105141629A (en) Method for improving network security of public Wi-Fi based on WPA/WPA2 PSK multiple passwords
CN111563980B (en) Bluetooth lock key generation and authentication method
CN111489462B (en) Personal Bluetooth key system
CN107566112A (en) Dynamic encryption and decryption method and server
CN108206738B (en) Quantum key output method and system
CN114697082B (en) Production and application method of encryption and decryption device in server-free environment
CN108650096A (en) A kind of industrial field bus control system
CN111489461B (en) Bluetooth key system for group
CN107104792B (en) Portable mobile password management system and management method thereof
KR101996317B1 (en) Block chain based user authentication system using authentication variable and method thereof
CN112054905B (en) Secure communication method and system of mobile terminal
CN111600718B (en) Digital certificate offline authentication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 230001 China (Anhui) pilot Free Trade Zone, Hefei, Anhui Province a3-14, floor 14, block a, building J1, phase II, innovation industrial park, No. 2800, innovation Avenue, high tech Zone, Hefei

Applicant after: Hefei Zhihui Space Technology Co.,Ltd.

Address before: 100020 room 801, 8th floor, building 2, courtyard 16, Guangshun North Street, Chaoyang District, Beijing

Applicant before: BEIJING ZHIHUI SPACE TECHNOLOGY CO.,LTD.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant