CN110706379B - Access control method and device based on block chain - Google Patents
Access control method and device based on block chain Download PDFInfo
- Publication number
- CN110706379B CN110706379B CN201910893836.1A CN201910893836A CN110706379B CN 110706379 B CN110706379 B CN 110706379B CN 201910893836 A CN201910893836 A CN 201910893836A CN 110706379 B CN110706379 B CN 110706379B
- Authority
- CN
- China
- Prior art keywords
- key
- biological characteristic
- sub
- characteristic data
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00563—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The application relates to a block chain-based access control method and device for entrance guard. The method comprises the following steps: acquiring an unlocking authority setting request, wherein the unlocking authority setting request comprises visitor identity information; downloading a biological characteristic data ciphertext from a biological characteristic database and downloading a sub-secret key ciphertext from a block chain server according to the visitor identity information; sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals; acquiring the sub-keys decrypted by the administrator terminals with the preset number, and recovering the keys according to the sub-keys; decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data; wherein the key is destroyed after the biometric data is obtained; sending the biological characteristic data to an unlocking terminal; and the unlocking terminal unlocks according to the biological characteristic data. The method can provide the security of the biological characteristic data of the intelligent lock.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a block chain-based access control method and apparatus.
Background
With the application of emerging technologies such as a face recognition technology and a cloud network platform to access lock products, intelligent access locks are more and more favored by users, and become intelligent home products that enterprises such as house-site manufacturers and apartment leasing service providers are willing to purchase. At present, the intelligent access control lock is widely applied to places such as banks, government departments (paying attention to safety), large-scale enterprises and the like. Meanwhile, the human biological characteristic data (such as fingerprint data and face data) serving as the core of the biological characteristic identification technology has the characteristics of uniqueness and life invariance, so that the biological characteristic data serving as an important technical means for human identity confirmation has the advantages of high safety, no loss and damage and the like. The biometric identification technology is a mature technology for identifying the identity of a user, and is widely applied to the field of intelligent access locks, such as fingerprint locks, finger vein locks and the like.
However, the existing intelligent access lock utilizing the biometric identification technology has the problem that the biometric data of the user is easy to leak.
Disclosure of Invention
In view of the foregoing, there is a need to provide a block chain-based access control method and apparatus capable of improving security of biometric data.
A block chain-based access control method for entrance guard comprises the following steps:
acquiring an unlocking authority setting request, wherein the unlocking authority setting request comprises visitor identity information;
downloading a biological characteristic data ciphertext from a biological characteristic database and downloading a sub-secret key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key;
sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
acquiring the sub-keys decrypted by the administrator terminals with the preset number, and recovering the keys according to the sub-keys;
decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data; wherein, after the biometric data is obtained, the locally stored key is destroyed;
sending the biological characteristic data to an unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
A block chain-based access control method for entrance guard comprises the following steps:
receiving an unlocking authority setting request and a sub-key ciphertext sent by an access control server; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, and the sub-keys are obtained by splitting keys through a threshold in a threshold encryption method; acquiring an instruction that the unlocking authority setting request passes;
according to the instruction, obtaining a private key of an administrator to decrypt the sub-key ciphertext to obtain a sub-key;
sending the sub-secret key to the access control server; and the access control server recovers the key according to the sub-key and decrypts the biological characteristic data ciphertext through the key to obtain the biological characteristic data.
An intelligent lock unlocking control method comprises the following steps:
receiving biometric data of a visitor from an access control server; the biological characteristic data of the visitor is obtained by the access control server through decryption according to a biological characteristic data ciphertext, the biological characteristic data ciphertext is generated by biological characteristic data through key encryption and is stored in a biological characteristic database, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertext, and the sub-key ciphertext is stored in a block chain server;
collecting biological characteristic data of the visiting person;
comparing the biological feature data of the visitor with the biological feature data of the visitor;
and if the biological characteristic data of the visitor is consistent with the biological characteristic data of the visitor, controlling the intelligent lock to be opened.
A method of block chain based encrypted ciphertext generation, the method comprising:
after receiving the identity information of the visitor, generating a secret key; the secret key is used for encrypting the biological characteristic data of the visitor to generate a biological characteristic data ciphertext, and the biological characteristic data ciphertext is stored in a biological characteristic database;
encrypting the key through a server public key to generate a key ciphertext;
sending the key ciphertext to an access control server; the access control server decrypts the key ciphertext through a server private key to obtain a key;
splitting the key into a plurality of sub keys through a threshold in a threshold encryption method;
encrypting each sub-key through different administrator public keys to generate a sub-key ciphertext;
storing the sub-key ciphertext according to the identity information of the visitor;
the locally stored key is destroyed.
A block chain-based access control method for entrance guard comprises the following steps:
sending an access application to an access control server, wherein the access application comprises visitor identity information;
acquiring biological characteristic data of the visitor according to the visitor identity information; the biological characteristic data is stored in the biological characteristic database through key encryption, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server;
and receiving access reservation success information.
An access control device based on a blockchain, the device comprising:
the system comprises an unlocking authority setting request acquisition module, a visitor identity information acquisition module and a visitor identity information acquisition module, wherein the unlocking authority setting request acquisition module is used for acquiring an unlocking authority setting request which comprises visitor identity information;
the downloading module is used for downloading a biological characteristic data ciphertext and a sub-secret key ciphertext from the block chain server from a biological characteristic database according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key;
the first sending module is used for sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
the key recovery module is used for acquiring the encrypted ciphertext sub-keys decrypted by the administrator terminals with the preset number and recovering the keys according to the sub-keys;
the first decryption module is used for decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data;
the second sending module is used for sending the biological characteristic data to the unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
A terminal, the terminal comprising:
the first receiving module is used for receiving an unlocking authority setting request and a sub-key ciphertext sent by the access control server; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, and the sub-keys are obtained by splitting keys through a threshold in a threshold encryption method;
the instruction acquisition module is used for acquiring an instruction for the unlocking permission setting request to pass;
the second decryption module is used for acquiring the private key of the administrator to decrypt the sub-key ciphertext to obtain a sub-key according to the instruction;
the first key ciphertext sending module is used for sending the sub-key to the access control server; and the access control server recovers the key according to the sub-key and decrypts the biological characteristic data ciphertext through the key to obtain the biological characteristic data.
An intelligent lock unlocking control device, the device comprising:
the system comprises a biological characteristic data receiving module, a data processing module and a data processing module, wherein the biological characteristic data receiving module is used for receiving biological characteristic data of a visitor from an access control server; the biological characteristic data of the visitor is obtained by the access control server through decryption according to a biological characteristic data ciphertext, the biological characteristic data ciphertext is generated by biological characteristic data through key encryption and is stored in a biological characteristic database, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertext, and the sub-key ciphertext is stored in a block chain server;
the biological characteristic data acquisition module is used for acquiring biological characteristic data of the visitor;
the comparison module is used for comparing the biological characteristic data of the visiting person with the biological characteristic data of the visitor;
and the intelligent lock control module is used for controlling the intelligent lock to be unlocked if the two are consistent.
An apparatus for block chain based encrypted ciphertext generation, the apparatus comprising:
the secret key generation module is used for generating a secret key after receiving the identity information of the visitor; the secret key is used for encrypting the biological characteristic data of the visitor to generate a biological characteristic data ciphertext, and the biological characteristic data ciphertext is stored in a biological characteristic database;
the key ciphertext generating module is used for encrypting the key through a server public key to generate a key ciphertext;
the second key ciphertext sending module is used for sending the key ciphertext to the access control server; the access control server decrypts the key ciphertext through a server private key to obtain a key;
the threshold splitting module is used for splitting the key into a plurality of sub keys through a threshold in a threshold encryption method;
the encryption module is used for encrypting each sub-key through different administrator public keys to generate a sub-key ciphertext;
the storage module is used for storing the sub-key ciphertext according to the visitor identity information;
and the key destroying module is used for destroying the locally stored key.
A terminal, the terminal comprising:
the access application sending module is used for sending an access application to the access control server, wherein the access application comprises visitor identity information;
the biological characteristic data acquisition module is used for acquiring biological characteristic data of the visitor according to the identity information of the visitor; the biological characteristic data is stored in the biological characteristic database through key encryption, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server;
and the information receiving module is used for receiving the access reservation success information.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring an unlocking authority setting request, wherein the unlocking authority setting request comprises visitor identity information;
downloading a biological characteristic data ciphertext from a biological characteristic database and downloading a sub-secret key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key;
sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
acquiring the sub-keys decrypted by the administrator terminals with the preset number, and recovering the keys according to the sub-keys;
decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data; wherein, after the biometric data is obtained, the locally stored key is destroyed;
sending the biological characteristic data to an unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring an unlocking authority setting request, wherein the unlocking authority setting request comprises visitor identity information;
downloading a biological characteristic data ciphertext from a biological characteristic database and downloading a sub-secret key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key;
sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
acquiring the sub-keys decrypted by the administrator terminals with the preset number, and recovering the keys according to the sub-keys;
decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data; wherein, after the biometric data is obtained, the locally stored key is destroyed;
sending the biological characteristic data to an unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
According to the block chain-based access control method, device, computer equipment and storage medium, the biological characteristic data ciphertext is downloaded from the object characteristic database, the sub-key ciphertext is downloaded from the block chain server, the sub-encrypted ciphertext is decrypted by the administrator terminal with the preset number, and the key is recovered by the sub-key to decrypt the biological characteristic data ciphertext, so that the biological characteristic data of the visitor can be prevented from being leaked when the visitor is used for access control, and the safety of the biological characteristic data is improved.
Drawings
Fig. 1 is an application environment diagram of an access control method based on a block chain in an embodiment;
fig. 2 is a schematic flow chart of a block chain-based access control method in an embodiment;
FIG. 3 is a flow chart illustrating an unlocking control method of the smart lock according to an embodiment;
FIG. 4 is a flowchart illustrating a method for generating a key ciphertext based on a blockchain according to an embodiment;
fig. 5 is a flowchart illustrating a public-private key pair registration method of an administrator terminal according to an embodiment;
FIG. 6 is a flow diagram illustrating encryption of biometric data according to one embodiment;
FIG. 7 is a schematic diagram illustrating a process for decrypting biometric data according to one embodiment;
fig. 8 is a block diagram of an access control device based on a block chain according to an embodiment;
FIG. 9 is a block diagram showing the structure of an unlocking control device of the smart lock according to an embodiment;
FIG. 10 is a block diagram of a key ciphertext generating apparatus based on a blockchain in one embodiment;
FIG. 11 is a diagram illustrating an internal structure of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The access control method based on the block chain can be applied to the application environment shown in fig. 1. The administrator terminal 101, the visitor terminal 103, the blockchain server 104, and the unlock terminal 105 communicate with the access control server 102 via a network. The access control server 102 acquires an unlocking authority setting request, wherein the unlocking authority setting request comprises visitor identity information; downloading a biological characteristic data ciphertext from a biological characteristic database and downloading a sub-secret key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key; sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals 101; acquiring the sub-keys decrypted by the administrator terminal 101 with the preset number, and recovering the keys according to the sub-keys; decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data; wherein, the local storage key is destroyed after the biological characteristic data is obtained; sending the biometric data to an unlocking terminal 105; wherein, the unlocking terminal 105 unlocks according to the biological characteristic data and stores the unlocking record. The administrator terminal 101 and the visitor terminal 103 may be, but are not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the access control server 102 may be implemented by an independent server or a server cluster formed by a plurality of servers.
In an embodiment, as shown in fig. 2, a block chain-based access control method is provided, which is described by taking the access control server 102 in fig. 1 as an example, and includes the following steps:
s110, an unlocking authority setting request is obtained, and the unlocking authority setting request comprises visitor identity information.
The unlocking permission setting request can be automatically generated through an access control server or generated through an administrator terminal.
Wherein, before step S110, the method comprises the steps of: sending an unlocking authority examination and approval strategy to a block chain server; the unlocking permission approval strategy corresponds to the unlocking permission setting request, and both the unlocking permission approval strategy and the unlocking permission setting request comprise visitor identity information, access time information, access frequency information and access reason. The unlocking authority examination and approval strategy and the unlocking authority setting request also comprise information of an administrator with examination and approval authority. And the block chain server stores the unlocking authority approval strategy for subsequent inquiry.
S120, downloading a biological characteristic data ciphertext from a biological characteristic database and a sub-secret key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key.
Wherein the biometric data comprises a hash value of fingerprint data, iris data, vein data, or face data. The biological characteristic database is used for storing a biological characteristic data ciphertext of the user. The blockchain server stores the subkey ciphertext. The biological characteristic data ciphertext is stored in association with the visitor identity information in the biological characteristic database, the sub-key ciphertext is also stored in association with the visitor identity information in the block chain server, the corresponding biological characteristic data ciphertext can be found only by searching the biological characteristic database through the visitor identity information, and the corresponding sub-key ciphertext can be found only by searching the block chain server through the visitor identity information.
And S130, sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals.
The method comprises the steps that an administrator terminal examines and approves visitor identity information, access time information, access frequency information and access reason in an unlocking authority setting request, when the administrator confirms that the visitor can access, an instruction that the unlocking authority setting request passes is sent out, and the administrator terminal obtains an administrator private key according to the instruction and decrypts the sub-key to obtain the sub-key.
S140, obtaining the sub-keys decrypted by the administrator terminals with the preset number, and recovering the keys according to the sub-keys.
S150, decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data.
And after the key decrypts the biological characteristic data ciphertext, destroying the locally stored key.
And S160, sending the biological characteristic data to an unlocking terminal. And the unlocking terminal unlocks according to the biological characteristic data.
Wherein, unblank the terminal and preserve biological characteristic data, when the visitor reached the entrance guard, gather the biological characteristic data of visitor with unblank the terminal and preserve biological characteristic data and compare, compare successfully, then can open the intelligence lock and let the visitor get into.
The block chain-based access control method can be used for intelligent access control systems, such as park access control systems, and the adopted intelligent access control equipment can be an intelligent lock based on communication protocols of the Internet of things such as LoRa, NB-IOT and the like, and can support various biological identification unlocking modes such as fingerprint unlocking, finger vein unlocking and the like.
According to the block chain-based access control method, the biological characteristic data ciphertext is downloaded from the biological characteristic database, the sub-key ciphertext is downloaded from the block chain server, the sub-encrypted ciphertext is decrypted through the administrator terminals with the preset number, and the key is recovered through the sub-key to decrypt the biological characteristic data ciphertext, so that the biological characteristic data of the visitor can be prevented from being leaked when the biological characteristic data is used for access control, and the safety of the biological characteristic data is improved.
In one embodiment, a block chain-based access control method further includes:
s111, receiving an access application of the visitor terminal, wherein the access application comprises visitor identity information.
When a visitor needs to carry out a certain area, the visitor submits an access application at a visitor terminal and sends the access application to a corresponding area access control server. The access control server can generate a digital identity according to the access application.
S112, obtaining biological feature data of the visitor according to the access application;
the access control server receives the access application of the visitor, the biological characteristic data of the visitor needs to be collected, the fingerprint information of the visitor can be collected through the fingerprint collection terminal, or the face of the visitor is identified through the face identification device, and a background manager verifies whether the access control server is in personal operation or not through sending short messages, comparing the face, checking identity cards and the like.
S113, obtaining a key ciphertext from the blockchain server, and encrypting the biological characteristic data through a key in the key ciphertext to generate a biological characteristic data ciphertext; the key ciphertext is generated by encrypting a key randomly generated by the blockchain server through a server public key, and the key which is stored locally is destroyed after the biological characteristic data ciphertext is generated by encrypting the biological characteristic data through the key in the key ciphertext.
The key generated from the block chain server is encrypted through a public key of the server to generate a key ciphertext and then is sent to the access control server, and the access control server receives the key ciphertext and then decrypts through a private key of the server to obtain the key. The server public key and the server private key are generated in the access control server, the server public key is sent to the block chain server to be stored, and the server private key is stored locally. And after the biological characteristic data is encrypted by the key in the key ciphertext to generate a biological characteristic data ciphertext, destroying the locally stored key.
The key is split into a plurality of sub-keys through a threshold splitting method at the block chain server, each sub-key is encrypted through different administrator public keys to generate a sub-key ciphertext, and the sub-key ciphertext is stored at the block chain server.
And S114, sending the biological characteristic data ciphertext to a biological characteristic database for storage.
Specifically, the access control server calls a user registration method register of a block chain SDK (Software Development Kit) to obtain a returned key ciphertext epk (K), the access control server service decrypts the key ciphertext to obtain the key K, encrypts the user biological characteristic data by using the key K to generate a biological characteristic data ciphertext, and calls a biometricardatadad of the biological characteristic data of the block chain SDK to store the user biological characteristic data ciphertext into a biological characteristic database of the block chain server to complete the entry of the user biological characteristic data. And the secret key K is destroyed by the access control server after the encryption of the biological characteristic data is completed, namely is released from the system memory.
For example, a certain user needs to access a certain company, and first performs identity registration by using an APP/applet/web browser, including inputting an identity card number, a work unit, a mobile phone number, an identity card photo, and the like, after receiving an access application of the user, an access control server acquires user biometric data by using a biometric acquisition terminal, encrypts and stores the user biometric data in a biometric database, splits a secret key by using a threshold encryption method and stores the split secret key in a block chain server, and if the secret key is split into five sub-secret keys, each sub-secret key is encrypted by using a public key of an administrator, and then stores a sub-secret key ciphertext in a digital identity of the user.
In one embodiment, a block chain-based access control method further includes: sending the access application to an administrator terminal; and the unlocking authority setting request is generated by the administrator terminal according to the access application.
In one embodiment, the unlocking authority setting request further includes access time information and access times information. The sending the biometric data to the unlocking terminal comprises: sending the visitor access time information, the visitor access frequency information and the biological characteristic data to an unlocking terminal; the unlocking terminal unlocks in the access time and stores unlocking records, and the unlocking terminal deletes the biological characteristic data when the unlocking times reach the access times or exceed the access time.
In one embodiment, a block chain-based access control method further includes: receiving registration information of an administrator; generating a public and private key pair of each administrator terminal according to the registration information; generating a public and private key pair of each administrator according to the registration information; and sending the administrator private key to an administrator terminal for storage, and sending the administrator public key to a block chain server for storage.
The registration information of the administrator comprises personal identity information of the administrator, such as a work unit, a mobile phone number, an identity card photo and the like. The unlocking is performed by collecting the biological characteristic data of the administrator, the same way as the unlocking by the visitor can be adopted, the access times can be increased, and the access time can be prolonged. In the embodiment, the public and private key pair of the administrator terminal is generated by adopting an asymmetric encryption algorithm, and the asymmetric encryption algorithm comprises an elliptic curve algorithm.
Alternatively, a public and private key pair can be generated at the administrator terminal, the private key is stored locally, and the public and private keys are uploaded to the access control server and then sent to the blockchain server for storage through the access control server while being registered by the administrator.
Alternatively, the administrator private key is a number, letter, character, or a combination thereof, and the private key may be memorized by the administrator without being saved.
In one embodiment, after the sending the biometric data to the unlocking terminal, the method includes: and sending the access reservation success information to the visitor terminal.
In one embodiment, a block chain-based access control method is provided, and the method includes: receiving an access application sent by an access control server; generating an unlocking authority setting request according to the access application; and sending the unlocking permission setting request to an access control server.
The method of the embodiment is applied to an administrator terminal. The unlocking authority setting request includes access application information and an unlocking policy, such as access application information (uid, mid, message), wherein the uid is the ID of the user applying for access, the mid is the ID of the reception staff, the message comprises information such as access department, affair, time and the like, and the unlocking strategy (uid, message, lockid, starttime, endtime, time and mid), wherein lockid is an intelligent lock ID (start time, end time) providing unlocking authority for a user, time is a specified unlocking frequency, mid is an administrator ID responsible for approval, mid can comprise a plurality of administrator IDs responsible for approval, the number of selected administrators must meet the requirement of key reconstruction for encryption by a preset threshold splitting method, that is, the encrypted ciphertext is split into five sub-keys, any three of the five sub-keys are needed to reconstruct the encrypted ciphertext, and the number of approved administrators must be greater than or equal to three. Particularly, the receptionist can select the approved administrator and the intelligent lock providing unlocking authority for the user by selecting mid and lockid, so that the access authority can be flexibly obtained according to the department which the visitor needs to access, and the corresponding intelligent lock can be controlled to be unlocked.
In one embodiment, a block chain-based access control method is provided, and the method includes: receiving an unlocking authority setting request and a sub-key ciphertext sent by an access control server; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, and the sub-keys are obtained by splitting keys through a threshold in a threshold encryption method; acquiring an instruction that the unlocking authority setting request passes; according to the instruction, obtaining a private key of an administrator to decrypt the sub-key ciphertext to obtain a sub-key; sending the sub-secret key to the access control server; and the access control server recovers the key according to the sub-key and decrypts the biological characteristic data ciphertext through the key to obtain the biological characteristic data.
The administrator can audit the access application of the visitor through the administrator terminal by implementing the method, each administrator can unlock one of the sub-keys by sending an instruction that an unlocking permission setting request passes through the administrator terminal, a plurality of administrators send the sub-keys to the access control server, and the access control server reconstructs an encrypted ciphertext according to the sub-keys.
In one embodiment, as shown in fig. 3, there is provided an unlocking control method of an intelligent lock, the method including:
s210, receiving biological characteristic data of a visitor from an access control server; the biological characteristic data of the visitor is obtained by the access control server through decryption according to a biological characteristic data ciphertext, the biological characteristic data ciphertext is generated by encrypting the biological characteristic data through a key and is stored in a biological characteristic database, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertext, and the sub-key ciphertext is stored in the block chain server.
Wherein the biometric data is used to verify the identity of the visitor.
And S220, collecting the biological characteristic data of the visitor.
The biometric data includes a hash value of fingerprint data, iris data, vein data, or face data. The intelligent access control equipment can be an intelligent lock based on communication protocols of the Internet of things such as LoRa, NB-IOT and the like, various biological identification unlocking modes such as fingerprint unlocking and finger vein unlocking are supported, and the biological characteristic data of the visiting person can be collected by the intelligent access control equipment through the visiting person according to the fingerprint or other modes.
And S230, comparing the biological characteristic data of the visitor with the biological characteristic data of the visitor.
S240, if the biological characteristic data of the visitor is consistent with the biological characteristic data of the visitor, the intelligent lock is controlled to be unlocked.
In this embodiment, step S210 and step S220 are not sequential, that is, the biometric data may be downloaded and stored to the unlocking terminal before the visitor visits, or the downloading of the biometric data of the visitor from the access control server may be triggered when the visitor visits.
In one embodiment, an unlocking control method of an intelligent lock is provided, which further includes: receiving access time information and access frequency information of a visitor from an access control server; storing an unlocking record; deleting the biological characteristic data of the visitor when the unlocking times reach the access times or exceed the access time; sending the unlocking record to the access control server; and the entrance guard access control server uploads the unlocking record to a block chain server.
The access time information and the access times information of the visitor are used for limiting the access time and the access times of the visitor.
Specifically, after the visitor successfully unlocks, the unlocking terminal sends the unlocking record to the access control server including the visitor ID, the intelligent lock ID and the unlocking time, and the unlocking record is pushed to the block chain server by the access control server to be stored.
In one embodiment, as shown in fig. 4, there is provided a method for generating a key ciphertext based on a block chain, the method including:
s310, after receiving the identity information of the visitor, generating a secret key; the secret key is used for encrypting the biological characteristic data of the visitor to generate a biological characteristic data ciphertext, and the biological characteristic data ciphertext is stored in a biological characteristic database.
Specifically, the blockchain server randomly generates a key when receiving the visitor identity information.
S320, encrypting the secret key through the server public key to generate a secret key cryptograph.
S330, sending a key ciphertext to an access control server; and the access control server decrypts the key ciphertext through a server private key to obtain a key.
S340, splitting the key into a plurality of sub keys through a threshold in a threshold encryption method.
The threshold splitting method is a cryptographic algorithm, for example, a key is split into five sub-keys, and any three sub-keys are needed to reconstruct the key.
And S350, encrypting each sub-key through different administrator public keys to generate a sub-key ciphertext.
And S360, storing the sub-key ciphertext according to the visitor identity information.
And S370, destroying the locally stored key.
And the encrypted sub-key is stored under the visitor identity information, so that the next search is facilitated.
By the method, the key can be prevented from being stolen to decrypt the biological characteristic data, and the safety of the biological characteristic data of the user is improved.
In one embodiment, a block chain-based access control method is provided, and the method includes: sending an access application to an access control server, wherein the access application comprises visitor identity information; acquiring biological characteristic data of the visitor according to the visitor identity information; the biological characteristic data is stored in the biological characteristic database through key encryption, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server; and receiving access reservation success information.
The visitor can submit an access application and receive access reservation success information through the method of the embodiment. When a visitor needs to carry out a certain area, the visitor submits an access application at a visitor terminal and sends the access application to the area access control server. The access control server can generate a digital identity according to the access application.
In one embodiment, as shown in fig. 5, a flowchart of a public-private key pair registration method of an administrator terminal is provided. The method comprises the steps that an administrator registers personal digital identity in an access control server by sending a registration request, the access control server generates the digital identity and a public and private key pair of the administrator according to the registration request, a public key of the administrator is sent to a block chain server, the private key of the administrator is sent back to an administrator terminal, and the block chain server receives and stores the digital identity and the public key of the administrator and returns a registration result to the access control server.
In one particular embodiment, as shown in FIG. 6, a flow diagram for encryption of biometric data of a guest is provided. An ordinary user needs to access a certain entrance guard, the biological characteristic data of the ordinary user needs to be collected firstly, the ordinary user collects the biological characteristic data by fingers at a registration terminal, the registration terminal sends the biological characteristic data of the ordinary user to an entrance guard access control server, the entrance guard access control server binds the biological characteristic data with the user identity and calculates the hash value of the biological characteristic data, the user identity information is uploaded to a block chain server and a request for applying a secret key is sent, the block chain server generates the secret key according to the request, then, the key is encrypted by the public key of the administrator to generate a key ciphertext to be returned to the access control server, and the same-time block chain server splits the key into a plurality of sub-keys, each sub-key is encrypted through different administrator public keys to generate a sub-key ciphertext, and the plurality of sub-key ciphertexts are stored in the user identity information.
In one embodiment, as shown in FIG. 7, a flow chart for biometric data decryption is provided. An administrator sends an unlocking authority setting request to an access control server, the access control server downloads biological characteristic data of a visitor to a biological characteristic database according to the unlocking authority setting request, the biological characteristic database returns a biological characteristic data ciphertext to the access control server, the access control server inquires an administrator with an approval authority and obtains a sub-key ciphertext from a block chain server, sends a corresponding sub-key ciphertext to the administrator with the approval authority, the administrator with the approval authority decrypts the sub-key ciphertext to obtain a sub-key, and sends the sub-key to the access control server, the access control server reconstructs a key according to a plurality of sub-keys, the biological characteristic data ciphertext is decrypted through the secret key to obtain the biological characteristic data, and the access control server sends the biological characteristic data to the intelligent lock.
In a specific embodiment, the block chain-based access control method of the present application is described with a specific application scenario.
The first process, visitor A wants to visit employee D of department C of company B, visitor A uses mobile phone APP/applet/web browser to register identity, including inputting identity card number, work unit, mobile phone number, identity card photo, etc. after registering successfully, sends access application to company B access control server, certainly access application and registration can be carried out simultaneously, namely sends access application after registration information input, after registering successfully visitor A has obtained a digital identity L at company B access control server.
And secondly, after receiving the access application of the user, the access control server of the company B acquires the biological characteristic data of the user by using the biological characteristic acquisition terminal, for example, the camera of the mobile phone of the visitor A or the fingerprint acquisition terminal acquires the face data or the fingerprint data of the visitor A, and then applies the key to the block chain server according to the digital identity L of the visitor A.
And thirdly, the block chain server generates a secret key according to the digital identity L of the visitor A, encrypts the secret key through a server public key (after the access control server generates a public and private key pair, the server public key is uploaded to the block chain server, and the server private key is stored locally) to generate a secret key ciphertext, and sends the secret key ciphertext to the access control server. Meanwhile, the block chain server splits the key into 5 sub-keys by a threshold splitting method, each sub-key is encrypted by a public key of an administrator to generate a sub-key ciphertext H, and the sub-key ciphertext H is stored under the digital identity L of the visitor A. The administrator registers in a company B access control server in advance through a mobile phone APP/small program/web browser, the registration information comprises personal identity information of the administrator, such as a work unit, a mobile phone number and an identity card photo, after the registration is successful, a digital identity M of the administrator is generated, a public and private key pair of each administrator is generated, an administrator public key is uploaded to a block chain server, an administrator private key is sent to an administrator terminal to be stored, and the administrator can be an administrator of the company B.
And fourthly, the company B access control server receives the key ciphertext, decrypts the key ciphertext through a locally stored server private key to obtain a key, encrypts the biological characteristic data of the visitor A through the key to generate a biological characteristic data ciphertext S, and then sends the biological characteristic data S to the biological characteristic database for storage.
And fifthly, the company B access control server generates an unlocking authority setting request according to the access application, and certainly, the unlocking authority setting request can be generated by inputting the relevant information of the visitor A through an administrator and sent to the company B access control server, for example, the access application of the visitor A comprises a visitor digital identity L, access time, access times, visitors and access reasons, the corresponding unlocking authority setting request also comprises the visitor digital identity L, the access time, the access times, the visitors and the access reasons, and the company B access control server downloads the biological characteristic data ciphertext S from the biological characteristic database and the sub-key ciphertext H from the block chain server according to the digital identity of the visitor A.
And sixthly, the company B access control server acquires the digital identity M of the administrator with the application authority in the unlocking authority setting request, sends a corresponding sub-key ciphertext H to the administrator according to the digital identity M of the administrator, and confirms that the visitor A can visit the employee D of the department C of the company B when each administrator sees the relevant information in the unlocking authority setting request, wherein the relevant information comprises the visitor digital identity L, the visit time, the visit times, the visit personnel and the visit reason, and the mobile phone APP/applet/web browser decrypts the sub-key ciphertext H through the stored administrator private key to acquire the sub-key at the moment and then sends the sub-key to the company B access control server.
And seventhly, after receiving the sub-keys, the access control server of the company B recovers the keys through the sub-keys after reaching the threshold number, if 3 of 5 sub-keys can recover the keys, the threshold number is 3, the biometric data ciphertext S is decrypted through the keys to obtain the biometric data of the visitor A, and the digital identity L, the biometric data, the access time and the access frequency of the visitor A are sent to the access intelligent lock of the department C of the company B.
And the process eight is that when the visitor A reaches the entrance guard of the department C of the company B according to the access time, the biological characteristic data is collected at a biological characteristic data collecting terminal (such as a fingerprint collector and a face recognition device), the unlocking terminal of the intelligent lock compares the collected biological characteristic data with the stored biological characteristic data of the visitor A, and if the collected biological characteristic data is consistent with the stored biological characteristic data of the visitor A, the entrance guard intelligent lock is controlled to be unlocked and the unlocking record is saved. The entrance guard's intelligence lock can all preserve every record of unblanking, when exceeding the access time and surpassing the access number of times, visitor A's biological characteristic data can be deleted to the entrance guard of visitor A's department C, visitor A can not visit company B's department C again this moment, if want to continue the visit, need put forward the visit application to company B access control server again through cell-phone APP/applet/web browser, do not need to upload visitor A's biological characteristic data to biological characteristic database again this moment, it is direct to accomplish the intelligence lock from process five and open to process eight.
When the staff or the administrator of the company B wants to get in or out of the access control, the method can be used for controlling the opening of the intelligent access control lock.
It should be understood that although the various steps in the flow charts of fig. 2-7 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-7 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 8, there is provided a block chain-based access control device for entrance guard, including: an unlocking authority setting request obtaining module 410, a downloading module 420, a first sending module 430, a key recovery module 440, a first decryption module 450 and a second sending module 460, wherein:
an unlocking authority setting request obtaining module 410, configured to obtain an unlocking authority setting request, where the unlocking authority setting request includes visitor identity information;
the downloading module 420 downloads a biological characteristic data ciphertext from a biological characteristic database and a sub-key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key;
the first sending module 430 is configured to send the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
the key recovery module 440 is configured to obtain the encrypted ciphertext sub-keys decrypted by the administrator terminals in the preset number, and recover the key according to the sub-keys;
the first decryption module 450 is configured to decrypt the biometric data ciphertext through the secret key to obtain the biometric data;
a second sending module 460, configured to send the biometric data to an unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
Wherein, an entrance guard access control device based on block chain still includes: the unlocking authority examination and approval strategy sending module is used for sending an unlocking authority examination and approval strategy to the block chain server; the unlocking permission approval strategy corresponds to the unlocking permission setting request, and both the unlocking permission approval strategy and the unlocking permission setting request comprise visitor identity information, access time information, access frequency information and access reason. The unlocking authority examination and approval strategy and the unlocking authority setting request also comprise information of an administrator with examination and approval authority. And the block chain server stores the unlocking authority approval strategy for subsequent inquiry.
In one embodiment, an access control device based on a block chain further includes: the visitor terminal comprises an access application receiving module, a visitor terminal and a visitor identity information acquiring module, wherein the access application receiving module is used for receiving an access application of the visitor terminal, and the access application comprises visitor identity information; the biological characteristic data acquisition module is used for acquiring biological characteristic data of the visitor according to the access application; the biological characteristic data encryption module is used for acquiring a key ciphertext from the block chain server and encrypting the biological characteristic data through a key in the key ciphertext to generate a biological characteristic data ciphertext; the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server; and the biological characteristic data sending module is used for sending the biological characteristic data ciphertext to a biological characteristic database for storage.
In one embodiment, the first sending module 430 is further configured to: sending the access application to an administrator terminal; and the unlocking authority setting request is generated by the administrator terminal according to the access application.
In one embodiment, the unlocking authority setting request further includes access time information and access times information. The sending the biometric data to the unlocking terminal comprises: sending the visitor access time information, the visitor access frequency information and the biological characteristic data to an unlocking terminal; the unlocking terminal unlocks in the access time and stores unlocking records, and the unlocking terminal deletes the biological characteristic data when the unlocking times reach the access times or exceed the access time.
In one embodiment, an access control device based on a block chain further includes: the registration information receiving module is used for receiving the registration information of the administrator; a public and private key pair generation module for generating a public and private key pair of each administrator according to the registration information; the first sending module 430 is further configured to send the administrator private key to an administrator terminal for storage, and send the administrator public key to a block chain server for storage.
In one embodiment, the second sending module 450 is further configured to send an access reservation success message to the guest terminal after the sending of the biometric data to the unlocking terminal.
In one embodiment, there is provided a terminal, including: the access application receiving module is used for receiving an access application sent by the access control server; the unlocking authority setting request generating module is used for generating an unlocking authority setting request according to the access application; and the unlocking permission setting request sending module is used for sending the unlocking permission setting request to the access control server.
In another embodiment, there is provided a terminal including: the first receiving module is used for receiving an unlocking authority setting request and a sub-key ciphertext sent by the access control server; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, and the sub-keys are obtained by splitting keys through a threshold in a threshold encryption method; the instruction acquisition module is used for acquiring an instruction for the unlocking permission setting request to pass; the second decryption module is used for acquiring the private key of the administrator to decrypt the sub-key ciphertext to obtain a sub-key according to the instruction; the first encrypted ciphertext sending module is used for sending the sub-secret key to the access control server; and the access control server recovers the key according to the sub-key and decrypts the biological characteristic data ciphertext through the key to obtain the biological characteristic data.
In one embodiment, as shown in fig. 9, there is provided an intelligent lock unlocking control device, the device including: a biometric data receiving module 510, configured to receive biometric data of a visitor from an access control server; the biological characteristic data of the visitor is obtained by the access control server through decryption according to a biological characteristic data ciphertext, the biological characteristic data ciphertext is generated by biological characteristic data through key encryption and is stored in a biological characteristic database, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertext, and the sub-key ciphertext is stored in a block chain server; a biometric data acquisition module 520, configured to acquire biometric data of the visitor; a comparison module 530, configured to compare the biometric data of the visitor with the biometric data of the visitor; and the intelligent lock control module 540 is used for controlling the intelligent lock to be unlocked if the intelligent lock is consistent with the intelligent lock.
In one embodiment, the unlocking control device for the intelligent lock further comprises: the access authority receiving module is used for receiving the access time information and the access frequency information of the visitor from the access control server; the unlocking record storage module is used for storing the unlocking record; the deleting module is used for deleting the biological characteristic data of the visitor when the unlocking times reach the access times or exceed the access time; the unlocking record sending module is used for sending the unlocking record to the access control server; and the entrance guard access control server uploads the unlocking record to a block chain server.
In one embodiment, as shown in fig. 10, there is provided an encryption ciphertext generation apparatus based on a block chain, the apparatus including: a key generation module 610, configured to generate a key after receiving the visitor identity information; the secret key is used for encrypting the biological characteristic data of the visitor to generate a biological characteristic data ciphertext, and the biological characteristic data ciphertext is stored in a biological characteristic database; a key ciphertext generating module 620, configured to encrypt the key by using the server public key to generate a key ciphertext; a second key ciphertext sending module 630, configured to send the key ciphertext to the access control server; the access control server decrypts the key ciphertext through a server private key to obtain a key; a threshold splitting module 640, configured to split the key into a plurality of sub-keys through a threshold in a threshold encryption method; the encryption module 650 is configured to encrypt each of the sub-keys with different administrator public keys to generate a sub-key ciphertext; a storage module 660, configured to store the sub-key ciphertext according to the visitor identity information; and the key destruction module 670 is configured to destroy the locally stored key.
In one embodiment, there is provided a terminal, including: the access application sending module is used for sending an access application to the access control server, wherein the access application comprises visitor identity information; the biological characteristic data acquisition module is used for acquiring biological characteristic data of the visitor according to the identity information of the visitor; the biological characteristic data is stored in the biological characteristic database through key encryption, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server; and the information receiving module is used for receiving the access reservation success information.
For specific limitations of the block chain-based access control device, the terminal, the intelligent lock unlocking control device, and the block chain-based encrypted ciphertext generation device, reference may be made to the above limitations of the block chain-based access control method, the intelligent lock unlocking control method, and the block chain-based encrypted ciphertext generation method, which are not described herein again. All modules in the access control device based on the block chain, the terminal, the intelligent lock unlocking control device and the encrypted ciphertext generation device based on the block chain can be completely or partially realized through software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 11. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used to store biometric data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a block chain based access control method.
Those skilled in the art will appreciate that the architecture shown in fig. 11 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
acquiring an unlocking authority setting request, wherein the unlocking authority setting request comprises visitor identity information;
downloading a biological characteristic data ciphertext from a biological characteristic database and downloading a sub-secret key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key;
sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
acquiring the sub-keys decrypted by the administrator terminals with the preset number, and recovering the keys according to the sub-keys;
decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data; wherein, after the biometric data is obtained, the locally stored key is destroyed;
sending the biological characteristic data to an unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
In one embodiment, the processor, when executing the computer program, further performs the steps of: receiving an access application of a visitor terminal, wherein the access application comprises visitor identity information; obtaining biological feature data of the visitor according to the access application; acquiring a key ciphertext from a block chain server, and encrypting the biological characteristic data through a key in the key ciphertext to generate a biological characteristic data ciphertext; the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server; and sending the biological characteristic data ciphertext to a biological characteristic database for storage.
In one embodiment, the processor, when executing the computer program, further performs the steps of: receiving registration information of an administrator; generating a public and private key pair of each administrator according to the registration information; and sending the administrator private key to an administrator terminal for storage, and sending the administrator public key to a block chain server for storage.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring an unlocking authority setting request, wherein the unlocking authority setting request comprises visitor identity information;
downloading a biological characteristic data ciphertext from a biological characteristic database and downloading a sub-secret key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key;
sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
acquiring the sub-keys decrypted by the administrator terminals with the preset number, and recovering the keys according to the sub-keys;
decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data; wherein, after the biometric data is obtained, the locally stored key is destroyed;
sending the biological characteristic data to an unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
In one embodiment, the computer program when executed by the processor further performs the steps of: receiving an access application of a visitor terminal, wherein the access application comprises visitor identity information; obtaining biological feature data of the visitor according to the access application; acquiring a key ciphertext from a block chain server, and encrypting the biological characteristic data through a key in the key ciphertext to generate a biological characteristic data ciphertext; the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server; and sending the biological characteristic data ciphertext to a biological characteristic database for storage.
In one embodiment, the computer program when executed by the processor further performs the steps of: receiving registration information of an administrator; generating a public and private key pair of each administrator according to the registration information; and sending the administrator private key to an administrator terminal for storage, and sending the administrator public key to a block chain server for storage.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (14)
1. An access control method based on a block chain is characterized in that the method is executed by an access control server, and the method comprises the following steps:
acquiring an unlocking authority setting request, wherein the unlocking authority setting request comprises visitor identity information;
downloading a biological characteristic data ciphertext from a biological characteristic database and downloading a sub-secret key ciphertext from a block chain server according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext is generated by encrypting the key;
sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
acquiring the sub-keys decrypted by the administrator terminals with the preset number, and recovering the keys according to the sub-keys;
decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data; wherein, after the biometric data is obtained, the locally stored key is destroyed;
sending the biological characteristic data to an unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
2. The method of claim 1, further comprising:
receiving an access application of a visitor terminal, wherein the access application comprises visitor identity information;
obtaining biological feature data of the visitor according to the access application;
acquiring a key ciphertext from a block chain server, and encrypting the biological characteristic data through a key in the key ciphertext to generate a biological characteristic data ciphertext; the key ciphertext is generated by encrypting a key randomly generated by the block chain server through a server public key, and the locally stored key is destroyed after the biological characteristic data is encrypted through the key in the key ciphertext to generate the biological characteristic data ciphertext;
and sending the biological characteristic data ciphertext to a biological characteristic database for storage.
3. The method according to claim 1, wherein the unlocking right setting request further includes access time information, access times information;
the sending the biometric data to the unlocking terminal comprises:
sending the visitor access time information, the visitor access frequency information and the biological characteristic data to an unlocking terminal; the unlocking terminal unlocks in the access time and stores unlocking records, and the unlocking terminal deletes the biological characteristic data when the unlocking times reach the access times or exceed the access time.
4. The method of claim 1, further comprising:
receiving registration information of an administrator;
generating a public and private key pair of each administrator according to the registration information;
and sending the administrator private key to an administrator terminal for storage, and sending the administrator public key to a block chain server for storage.
5. An access control method based on a block chain is characterized in that the method is executed by an administrator terminal, and the method comprises the following steps:
receiving an unlocking authority setting request and a sub-key ciphertext sent by an access control server; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, and the sub-keys are obtained by splitting keys through a threshold in a threshold encryption method;
acquiring an instruction that the unlocking authority setting request passes;
according to the instruction, obtaining a private key of an administrator to decrypt the sub-key ciphertext to obtain a sub-key;
sending the sub-secret key to the access control server; and the access control server recovers the key according to the sub-key and decrypts the biological characteristic data ciphertext through the key to obtain the biological characteristic data.
6. An intelligent lock unlocking control method is characterized in that the method is executed by an unlocking terminal, and the method comprises the following steps:
receiving biometric data of a visitor from an access control server; the biological characteristic data of the visitor is obtained by the access control server through decryption according to a biological characteristic data ciphertext, the biological characteristic data ciphertext is generated by biological characteristic data through key encryption and is stored in a biological characteristic database, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertext, and the sub-key ciphertext is stored in a block chain server;
collecting biological characteristic data of the visiting person;
comparing the biological feature data of the visitor with the biological feature data of the visitor;
and if the biological characteristic data of the visitor is consistent with the biological characteristic data of the visitor, controlling the intelligent lock to be opened.
7. The method of claim 6, further comprising:
receiving access time information and access frequency information of a visitor from an access control server;
storing an unlocking record;
deleting the biological characteristic data of the visitor when the unlocking times reach the access times or exceed the access time;
sending the unlocking record to the access control server; and the access control server uploads the unlocking record to the block chain.
8. A method for generating a key ciphertext based on a blockchain, the method being performed by a blockchain server, the method comprising:
after receiving the identity information of the visitor, generating a secret key; the secret key is used for encrypting the biological characteristic data of the visitor to generate a biological characteristic data ciphertext, and the biological characteristic data ciphertext is stored in a biological characteristic database;
encrypting the key through a server public key to generate a key ciphertext;
sending a key ciphertext to an access control server; the access control server decrypts the key ciphertext through a server private key to obtain a key;
splitting the key into a plurality of sub keys through a threshold in a threshold encryption method;
encrypting each sub-key through different administrator public keys to generate a sub-key ciphertext;
storing the sub-key ciphertext according to the identity information of the visitor;
the locally stored key is destroyed.
9. An access control method based on a block chain is characterized in that the method is executed by a visitor terminal, and the method comprises the following steps:
sending an access application to an access control server, wherein the access application comprises visitor identity information;
acquiring biological characteristic data of the visitor according to the visitor identity information; the biological characteristic data is stored in the biological characteristic database through key encryption, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server;
and receiving access reservation success information.
10. The utility model provides an entrance guard access control device based on block chain which characterized in that is applied to entrance guard access control server, the device includes:
the system comprises an unlocking authority setting request acquisition module, a visitor identity information acquisition module and a visitor identity information acquisition module, wherein the unlocking authority setting request acquisition module is used for acquiring an unlocking authority setting request which comprises visitor identity information;
the downloading module is used for downloading a biological characteristic data ciphertext and a sub-secret key ciphertext from the block chain server from a biological characteristic database according to the visitor identity information; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, the sub-keys are obtained by splitting a key through a threshold in a threshold encryption method, and the biological characteristic data ciphertext passes through the key;
the first sending module is used for sending the unlocking authority setting request and the sub-key ciphertext to a preset number of administrator terminals;
the key recovery module is used for acquiring the encrypted ciphertext sub-keys decrypted by the administrator terminals with the preset number and recovering the keys according to the sub-keys;
the first decryption module is used for decrypting the biological characteristic data ciphertext through the secret key to obtain the biological characteristic data;
the second sending module is used for sending the biological characteristic data to the unlocking terminal;
and the unlocking terminal unlocks according to the biological characteristic data.
11. An administrator terminal, comprising:
the first receiving module is used for receiving an unlocking authority setting request and a sub-key ciphertext sent by the access control server; the sub-key ciphertext is generated by encrypting a plurality of sub-keys through a plurality of administrator public keys respectively, and the sub-keys are obtained by splitting keys through a threshold in a threshold encryption method;
the instruction acquisition module is used for acquiring an instruction for the unlocking permission setting request to pass;
the second decryption module is used for acquiring the private key of the administrator to decrypt the sub-key ciphertext to obtain a sub-key according to the instruction;
the first key ciphertext sending module is used for sending the sub-key to the access control server; and the access control server recovers the key according to the sub-key and decrypts the biological characteristic data ciphertext through the key to obtain the biological characteristic data.
12. The utility model provides an intelligence lock controlling means that unblanks which characterized in that is applied to the terminal of unblanking, the device includes:
the system comprises a biological characteristic data receiving module, a data processing module and a data processing module, wherein the biological characteristic data receiving module is used for receiving biological characteristic data of a visitor from an access control server; the biological characteristic data of the visitor is obtained by the access control server through decryption according to a biological characteristic data ciphertext, the biological characteristic data ciphertext is generated by biological characteristic data through key encryption and is stored in a biological characteristic database, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertext, and the sub-key ciphertext is stored in a block chain server;
the biological characteristic data acquisition module is used for acquiring biological characteristic data of the visitor;
the comparison module is used for comparing the biological characteristic data of the visiting person with the biological characteristic data of the visitor;
and the intelligent lock control module is used for controlling the intelligent lock to be unlocked if the two are consistent.
13. An apparatus for generating an encrypted ciphertext based on a blockchain, the apparatus being applied to a blockchain server, the apparatus comprising:
the secret key generation module is used for generating a secret key after receiving the identity information of the visitor; the secret key is used for encrypting the biological characteristic data of the visitor to generate a biological characteristic data ciphertext, and the biological characteristic data ciphertext is stored in a biological characteristic database;
the key ciphertext generating module is used for encrypting the key through a server public key to generate a key ciphertext;
the second key ciphertext sending module is used for sending the key ciphertext to the access control server; the access control server decrypts the key ciphertext through a server private key to obtain a key;
the threshold splitting module is used for splitting the key into a plurality of sub keys through a threshold in a threshold encryption method;
the encryption module is used for encrypting each sub-key through different administrator public keys to generate a sub-key ciphertext;
the storage module is used for storing the sub-key ciphertext according to the visitor identity information;
and the key destroying module is used for destroying the locally stored key.
14. A guest terminal, characterized in that the guest terminal comprises:
the access application sending module is used for sending an access application to the access control server, wherein the access application comprises visitor identity information;
the biological characteristic data acquisition module is used for acquiring biological characteristic data of the visitor according to the identity information of the visitor; the biological characteristic data is stored in the biological characteristic database through key encryption, the key is divided into a plurality of sub-keys through a threshold in a threshold encryption method, the sub-keys are respectively encrypted through a plurality of administrator public keys to generate sub-key ciphertexts, and the sub-key ciphertexts are stored in a block chain server;
and the information receiving module is used for receiving the access reservation success information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910893836.1A CN110706379B (en) | 2019-09-20 | 2019-09-20 | Access control method and device based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910893836.1A CN110706379B (en) | 2019-09-20 | 2019-09-20 | Access control method and device based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110706379A CN110706379A (en) | 2020-01-17 |
| CN110706379B true CN110706379B (en) | 2022-03-11 |
Family
ID=69195579
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910893836.1A Active CN110706379B (en) | 2019-09-20 | 2019-09-20 | Access control method and device based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110706379B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111355581B (en) * | 2020-02-18 | 2022-07-19 | 杭州复杂美科技有限公司 | Block chain access control method, device and storage medium |
| CN111431936B (en) * | 2020-04-17 | 2021-09-21 | 支付宝(杭州)信息技术有限公司 | Authorization processing method, device, equipment, system and storage medium based on verifiable statement |
| CN111784879B (en) * | 2020-07-09 | 2022-04-05 | 杭州复杂美科技有限公司 | Access control method, device and storage medium |
| CN112233282A (en) * | 2020-10-14 | 2021-01-15 | 重庆创敏科技集团有限责任公司 | Block chain type artificial intelligent safety intelligent door lock system |
| CN115331330A (en) * | 2021-04-26 | 2022-11-11 | 华为技术有限公司 | Unlocking method, key resetting method, device, terminal, lock and system |
| CN115567565A (en) * | 2021-06-30 | 2023-01-03 | 华为技术有限公司 | Equipment control method and device |
| CN113611058B (en) * | 2021-07-27 | 2023-07-14 | 中国银行股份有限公司 | Convenient payment method for public transportation, related device and computer storage medium |
| CN113608049B (en) * | 2021-08-05 | 2023-12-01 | 驭势科技(北京)有限公司 | Collision failure detection system, collision failure detection device, and electronic device |
| CN116402882B (en) * | 2023-06-09 | 2023-09-08 | 天津市渤海新能科技有限公司 | Photovoltaic power station fault positioning method, device, system and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107958412A (en) * | 2017-12-29 | 2018-04-24 | 云南飞网科技有限公司 | One kind is rented a house platform and its network fingerprinting electronic door lock system |
| CN109672529A (en) * | 2019-01-07 | 2019-04-23 | 苏宁易购集团股份有限公司 | A kind of method and system for going anonymization of combination block chain and privacy sharing |
| CN109767530A (en) * | 2018-12-28 | 2019-05-17 | 中链科技有限公司 | Smart lock control method, apparatus and system based on block chain |
| CN109801418A (en) * | 2019-01-16 | 2019-05-24 | 浙江汉默生链商科技有限公司 | User autonomous controllable fining authorization management method and device |
| US10325428B1 (en) * | 2018-05-23 | 2019-06-18 | Bank Of America Corporation | Access control using device location tracking and blockchains |
-
2019
- 2019-09-20 CN CN201910893836.1A patent/CN110706379B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107958412A (en) * | 2017-12-29 | 2018-04-24 | 云南飞网科技有限公司 | One kind is rented a house platform and its network fingerprinting electronic door lock system |
| US10325428B1 (en) * | 2018-05-23 | 2019-06-18 | Bank Of America Corporation | Access control using device location tracking and blockchains |
| CN109767530A (en) * | 2018-12-28 | 2019-05-17 | 中链科技有限公司 | Smart lock control method, apparatus and system based on block chain |
| CN109672529A (en) * | 2019-01-07 | 2019-04-23 | 苏宁易购集团股份有限公司 | A kind of method and system for going anonymization of combination block chain and privacy sharing |
| CN109801418A (en) * | 2019-01-16 | 2019-05-24 | 浙江汉默生链商科技有限公司 | User autonomous controllable fining authorization management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110706379A (en) | 2020-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110706379B (en) | Access control method and device based on block chain | |
| CN109471844B (en) | File sharing method and device, computer equipment and storage medium | |
| CN109325342B (en) | Identity information management method, device, computer equipment and storage medium | |
| US10680808B2 (en) | 1:N biometric authentication, encryption, signature system | |
| US10181952B2 (en) | Encryption using biometric image-based key | |
| US8930700B2 (en) | Remote device secure data file storage system and method | |
| JP5816750B2 (en) | Authentication method and apparatus using disposable password including biometric image information | |
| US9189612B2 (en) | Biometric verification with improved privacy and network performance in client-server networks | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN105429761A (en) | Key generation method and device | |
| US20130088327A1 (en) | Template delivery type cancelable biometric authentication system and method therefor | |
| CN107864124B (en) | Terminal information security protection method, terminal and Bluetooth lock | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| CN113472793A (en) | Personal data protection system based on hardware password equipment | |
| CA2958433A1 (en) | Private data management system and method therefor | |
| CN110771190A (en) | Controlling access to data | |
| US20190288833A1 (en) | System and Method for Securing Private Keys Behind a Biometric Authentication Gateway | |
| CN114730337A (en) | Cryptographic key management | |
| CN111242611A (en) | Method and system for recovering digital wallet key | |
| CN114006700A (en) | Client login method and device, computer equipment and storage medium | |
| CN114547589A (en) | Privacy-protecting user registration and user authentication method and device | |
| KR20040082674A (en) | System and Method for Authenticating a Living Body Doubly | |
| CN111355588B (en) | Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics | |
| CN109302283B (en) | Anti-quantum computing agent cloud storage method and system based on public asymmetric key pool | |
| WO2017091133A1 (en) | Method and system for secure storage of information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |