[go: up one dir, main page]

CN110390746A - An implementation method of fingerprint anti-theft access control - Google Patents

An implementation method of fingerprint anti-theft access control Download PDF

Info

Publication number
CN110390746A
CN110390746A CN201910518914.XA CN201910518914A CN110390746A CN 110390746 A CN110390746 A CN 110390746A CN 201910518914 A CN201910518914 A CN 201910518914A CN 110390746 A CN110390746 A CN 110390746A
Authority
CN
China
Prior art keywords
fingerprint
main control
chip
control chip
fingerprint algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910518914.XA
Other languages
Chinese (zh)
Other versions
CN110390746B (en
Inventor
胡建国
吴劲
王德明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yantian District Zhongda Integrated Circuit Research Institute
Original Assignee
GUANGZHOU SYSUR MICROELECTRONICS Inc
Guangzhou Smart City Development Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GUANGZHOU SYSUR MICROELECTRONICS Inc, Guangzhou Smart City Development Research Institute filed Critical GUANGZHOU SYSUR MICROELECTRONICS Inc
Priority to CN201910518914.XA priority Critical patent/CN110390746B/en
Publication of CN110390746A publication Critical patent/CN110390746A/en
Application granted granted Critical
Publication of CN110390746B publication Critical patent/CN110390746B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention discloses the implementation methods of fingerprint anti-theft gate inhibition a kind of, it is related to gate inhibition's security technology area, including fingerprint algorithm chip, main control chip and connect system and system outdoors in the door of main control chip, fingerprint algorithm chip is connect with main control chip, and it is equipped with ID authentication mechanism, authorization sequence number is transferred to the fingerprint algorithm chip of unauthorized by production tool by main control chip, arithmetic operation is carried out with unique authorization sequence number and random number, obtained root key is for the identity binding certification between main control chip and fingerprint algorithm chip, secure communication mechanism is equipped between main control chip and fingerprint algorithm module, instruction between the two is using session key and passes through SM4 encrypted transmission, session key after powering on every time is generated by different random number operation, session key is stored in RAM, in fingerprint algorithm chip power-down, The session key is lost therewith.Method of the invention enhances the reliability and anti-attack ability of access control system coded communication, improves communications security.

Description

一种指纹防盗门禁的实现方法An implementation method of fingerprint anti-theft access control

技术领域technical field

本发明涉及身份识别电路领域,具体涉及一种适用于指纹识别、门禁等领域的指纹防盗门禁的实现方法。The invention relates to the field of identification circuits, in particular to a method for realizing fingerprint anti-theft access control applicable to the fields of fingerprint identification and access control.

背景技术Background technique

随着社会的进步,人们的安全防盗意识在逐渐增强,为门禁控制系统提供了良好的发展平台。其中,家庭、学校、公司等场所中,门禁控制系统的应用较多,同时人们也对该系统的人性化水平、安全性,提出了更高的要求,因此将指纹识别技术应用在门禁控制系统中。通过这样的设计方式,进一步提高了门禁控制系统的安全性,并满足人们对系统人性化的要求。With the progress of society, people's awareness of security and anti-theft is gradually increasing, which provides a good development platform for the access control system. Among them, in homes, schools, companies and other places, access control systems are widely used. At the same time, people also put forward higher requirements for the humanization level and safety of the system. Therefore, fingerprint recognition technology is applied to access control systems. middle. Through such a design method, the security of the access control system is further improved, and people's requirements for the humanization of the system are met.

发明内容Contents of the invention

为了解决上述技术存在的缺陷,本发明提供一种适用于指纹识别、门禁等领域的指纹防盗门禁的实现方法。In order to solve the defects in the above technologies, the present invention provides a fingerprint anti-theft access control method suitable for fingerprint identification, access control and other fields.

本发明实现上述技术效果所采用的技术方案是:The technical scheme adopted by the present invention to realize above-mentioned technical effect is:

一种指纹防盗门禁的实现方法,包括主控芯片及连接所述主控芯片的门内系统和门外系统,所述门外系统包括外键盘模块、指纹识别模块、报警器、环境传感器模组、压力传感器、红外传感器模块、两相步进电机模块,所述门内系统包括内键盘模块、LCD 显示屏,LCD显示屏用于将压力、温度、湿度等信息显示出来,在监测到异常时,驱动报警器以蜂鸣的形式报警,所述门内系统用于提供指纹增删、密码修改等权限操作,所述门外系统用于对访问者身份的判断,同时对门外系统中的红外传感器模块进行管理,在检测到有人时自动将指纹识别模块由待机状态恢复到工作状态。A method for implementing fingerprint anti-theft access control, comprising a main control chip and an in-door system and an out-of-door system connected to the main control chip, the out-of-door system including an external keyboard module, a fingerprint identification module, an alarm, and an environmental sensor module , pressure sensor, infrared sensor module, two-phase stepper motor module, the door system includes an inner keyboard module, an LCD display, and the LCD display is used to display information such as pressure, temperature, humidity, etc., when an abnormality is detected , drive the alarm to alarm in the form of buzzing, the system inside the door is used to provide authority operations such as fingerprint addition and deletion, password modification, etc., the system outside the door is used to judge the identity of the visitor The module manages and automatically restores the fingerprint recognition module from the standby state to the working state when someone is detected.

优选地,在上述的支指纹防盗门禁的实现方法中,为保证信息的安全性,在进入所述门内系统时,须以指纹验证的方式完成权限认证,然后进入所述LCD 显示屏的设置界面,根据需要,在内键盘模块上通过相应按键选择恢复数据、指纹修改、指纹增删、密码修改等权限操作项。Preferably, in the above-mentioned implementation method of fingerprint anti-theft access control, in order to ensure the security of information, when entering the in-door system, authority authentication must be completed in the form of fingerprint verification, and then enter the setting of the LCD display screen Interface, according to the need, select the authority operation items such as data recovery, fingerprint modification, fingerprint addition and deletion, and password modification through corresponding buttons on the inner keyboard module.

优选地,在上述的支指纹防盗门禁的实现方法中,所述门外系统包含指纹识别功能和红外识别功能,其中,所述指纹识别功能包括获取指纹信息、删除指纹信息、验证指纹信息、添加指纹信息 ,所述红外识别功能用于对所述门外系统附近的人进行检测,将获取的数据通过传输,进入指纹识别模块中,实现对指纹的识别控制与管理。Preferably, in the above-mentioned implementation method of fingerprint anti-theft access control, the outside system includes a fingerprint recognition function and an infrared recognition function, wherein the fingerprint recognition function includes acquiring fingerprint information, deleting fingerprint information, verifying fingerprint information, adding For fingerprint information, the infrared identification function is used to detect people near the outside system, and the acquired data is transmitted into the fingerprint identification module to realize identification control and management of fingerprints.

优选地,在上述的支指纹防盗门禁的实现方法中,所述指纹算法芯片与所述主控芯片连接,所述指纹算法芯片与所述主控芯片设有身份认证机制,所述主控芯片通过量产工具将授权序列号传输给未授权的所述指纹算法芯片,该所述指纹算法芯片接收并保存序列号之后,应答成功指令,如所述指纹算法芯片己经授权,则应答失败指令,即所述指纹算法芯片在出厂之后只能接受一次授权序列号,用该唯一的授权序列号与随机数进行运算操作,得到的根密钥用于所述主控芯片与所述指纹算法芯片之间的身份绑定认证。Preferably, in the above-mentioned implementation method of fingerprint anti-theft access control, the fingerprint algorithm chip is connected to the main control chip, the fingerprint algorithm chip and the main control chip are provided with an identity authentication mechanism, and the main control chip The authorized serial number is transmitted to the unauthorized fingerprint algorithm chip through the mass production tool, and after the fingerprint algorithm chip receives and saves the serial number, it responds to a successful command, and if the fingerprint algorithm chip has been authorized, it responds to a failed command , that is, the fingerprint algorithm chip can only accept the authorized serial number once after leaving the factory, and use the unique authorized serial number and random number to perform operations, and the obtained root key is used for the main control chip and the fingerprint algorithm chip Identity binding authentication between.

优选地,在上述的支指纹防盗门禁的实现方法中,出厂后的每次系统上电,所述主控芯片与所述指纹算法芯片首先需要进行互相身份绑定认证,只有当身份绑定认证成功后才能进入下一步。Preferably, in the above-mentioned implementation method of fingerprint anti-theft access control, each time the system is powered on after leaving the factory, the main control chip and the fingerprint algorithm chip first need to perform mutual identity binding authentication, only when the identity binding authentication Only after success can proceed to the next step.

优选地,在上述的支指纹防盗门禁的实现方法中,所述身份绑定认证过程是将所述主控芯片与所述指纹算法芯片中根密钥生成的认证数据进行对比,对比成功才能完成认证,使所述指纹算法芯片与所述主控芯片相互进行唯一的身份绑定认证,从而排除了非法用户通过置换所述指纹算法芯片获取所述主控芯片数据的可能性。Preferably, in the above implementation method of fingerprint anti-theft access control, the identity binding authentication process is to compare the authentication data generated by the main control chip with the root key in the fingerprint algorithm chip, and the authentication can only be completed if the comparison is successful. , making the fingerprint algorithm chip and the main control chip perform unique identity binding authentication with each other, thereby eliminating the possibility that an illegal user obtains the data of the main control chip by replacing the fingerprint algorithm chip.

优选地,在上述的支指纹防盗门禁的实现方法中,所述主控芯片与所述指纹算法模块之间设有安全通信机制,所述安全通信机制包括步骤:Preferably, in the above-mentioned implementation method of fingerprint anti-theft access control, a secure communication mechanism is provided between the main control chip and the fingerprint algorithm module, and the secure communication mechanism includes the steps of:

S1、发送随机数,所述主控芯片发送16Byte随机数RN1到所述指纹算法S1. Send a random number, the main control chip sends a 16Byte random number RN1 to the fingerprint algorithm

芯片,所述指纹算法芯片发送16Byte随机数RN2到所述主控芯片;Chip, the fingerprint algorithm chip sends 16Byte random number RN2 to the main control chip;

S2、获取认证数据,所述指纹算法芯片将随机数RN1与根密钥进行异或运算操作得到的数值作为密钥,对根密钥进行SM4加密运算得到认证数据,之后所述指纹算法芯片将认证数据发送到所述主控芯片进行校验对比,所述主控芯片将随机数RN2与根密钥进行异或运算操作得到的数值作为密钥,对根密钥进行SM4加密运算得到认证数据,之后所述主控芯片将认证数据发送到所述指纹算法芯片进行校验对比;S2. Obtain authentication data. The fingerprint algorithm chip uses the random number RN1 and the root key to perform an XOR operation as a key, and performs an SM4 encryption operation on the root key to obtain authentication data. After that, the fingerprint algorithm chip will The authentication data is sent to the main control chip for verification and comparison. The main control chip uses the value obtained by XOR operation of the random number RN2 and the root key as the key, and performs SM4 encryption operation on the root key to obtain the authentication data. , and then the main control chip sends the authentication data to the fingerprint algorithm chip for verification and comparison;

S3、对比认证数据,所述主控芯片和所述指纹算法芯片均对自身计算出的认证数据与收到的认证数据进行对比,相同则认证通过,不同则认证失败,认证通过后开始生成会话密钥用于所述主控芯片与所述指纹算法芯片间的通信;S3. Comparing the authentication data, both the main control chip and the fingerprint algorithm chip compare the authentication data calculated by themselves with the received authentication data, if they are the same, the authentication will pass, if they are different, the authentication will fail, and the session will be generated after the authentication is passed The key is used for communication between the main control chip and the fingerprint algorithm chip;

S4、会话密钥生成,所述指纹算法芯片与所述主控芯片都将随机数RN1与随机数RN2进行异或运算操作得到的数值作为密钥,对随机数RN2再进行SM4加密运算得到会话密钥。S4. Session key generation. Both the fingerprint algorithm chip and the main control chip use the value obtained by XOR operation of random number RN1 and random number RN2 as a key, and perform SM4 encryption operation on random number RN2 to obtain a session key.

优选地,在上述的支指纹防盗门禁的实现方法中,所述主控芯片与所述指纹算法芯片间的指令使用会话密钥并经过SM4加密传输,每次上电后的会话密钥均由不同随机数运算生成。Preferably, in the above-mentioned implementation method of fingerprint anti-theft access control, the instructions between the main control chip and the fingerprint algorithm chip use a session key and are encrypted and transmitted through SM4, and the session key after each power-on is determined by Different random number operations are generated.

优选地,在上述的支指纹防盗门禁的实现方法中,所述会话密钥存储在RAM中,在所述指纹算法芯片掉电时,该所述会话密钥随之丢失,用于在最大程度上降低了通信指令被非法用户截取并破解的可能性。Preferably, in the above-mentioned implementation method of fingerprint anti-theft access control, the session key is stored in RAM, and when the fingerprint algorithm chip is powered off, the session key is lost, and is used to maximize This reduces the possibility of communication instructions being intercepted and cracked by illegal users.

优选地,在上述的支指纹防盗门禁的实现方法中,所述主控芯片的型号为STM32F103 ,所述指纹算法芯片的型号为BRD501。Preferably, in the above implementation method of fingerprint anti-theft access control, the model of the main control chip is STM32F103, and the model of the fingerprint algorithm chip is BRD501.

本发明的有益效果是:本发明的支指纹防盗门禁的实现方法通过在指纹算法芯片与主控芯片设有身份认证机制,使指纹算法芯片与主控芯片相互进行唯一的身份绑定认证,从而排除了非法用户通过置换指纹算法芯片获取主控芯片数据的可能性,大大提高了身份认证机制。另外,通过在指纹算法芯片与主控芯片之间添加安全通信机制,对两者之间的通信进行加密,可保证数据安全。会话密钥存储在RAM中,当指纹算法芯片掉电时,会话密钥随之丢失,故在最大程度上降低了通信指令被非法用户截取并破解的可能性,增强了加密通信的可靠性与抗攻击能力,提升了通信安全性。能够充分发挥指纹识别技术的作用,提高门禁控制系统的整体性能,从而保护用户财产的安全。The beneficial effects of the present invention are: the realization method of the fingerprint anti-theft access control of the present invention is provided with an identity authentication mechanism on the fingerprint algorithm chip and the main control chip, so that the fingerprint algorithm chip and the main control chip perform unique identity binding authentication each other, thereby The possibility of illegal users obtaining the data of the main control chip by replacing the fingerprint algorithm chip is eliminated, and the identity authentication mechanism is greatly improved. In addition, by adding a secure communication mechanism between the fingerprint algorithm chip and the main control chip, the communication between the two is encrypted to ensure data security. The session key is stored in RAM. When the fingerprint algorithm chip is powered off, the session key will be lost, so the possibility of communication commands being intercepted and cracked by illegal users is reduced to the greatest extent, and the reliability and reliability of encrypted communication are enhanced. The ability to resist attacks improves communication security. It can give full play to the role of fingerprint identification technology, improve the overall performance of the access control system, and thus protect the safety of users' property.

附图说明Description of drawings

图1为本发明的模块框图;Fig. 1 is a module block diagram of the present invention;

图2为本发明所述安全通信机制的原理图。Fig. 2 is a schematic diagram of the secure communication mechanism of the present invention.

具体实施方式Detailed ways

为使对本发明作进一步的了解,下面参照说明书附图和具体实施例对本发明作进一步说明:In order to make the present invention be further understood, the present invention will be further described below with reference to accompanying drawing and specific embodiment of description:

如图1和图2所示,本发明公开了一种指纹防盗门禁的实现方法,包括主控芯片及连接主控芯片的门内系统和门外系统,门外系统包括外键盘模块、指纹识别模块、报警器、环境传感器模组、压力传感器、红外传感器模块、两相步进电机模块。门内系统包括内键盘模块、LCD 显示屏,LCD 显示屏用于将压力、温度、湿度等信息显示出来,在监测到异常时,驱动报警器以蜂鸣的形式报警。门内系统用于提供指纹增删、密码修改等权限操作。As shown in Figures 1 and 2, the present invention discloses a method for implementing fingerprint anti-theft access control, including a main control chip and an in-door system and an out-of-door system connected to the main control chip. The out-of-door system includes an external keyboard module, a fingerprint identification Modules, alarms, environmental sensor modules, pressure sensors, infrared sensor modules, two-phase stepper motor modules. The door system includes an internal keyboard module and an LCD display. The LCD display is used to display information such as pressure, temperature, and humidity. When an abnormality is detected, the alarm will be driven to give an alarm in the form of a buzzer. The in-door system is used to provide permission operations such as adding and deleting fingerprints and changing passwords.

具体地,该权限操作包括:Specifically, the permission operation includes:

1、恢复数据 :如果用户选择该选项,那么门禁控制系统就会自动进入到恢复出厂设置的环节,同时密码也会自动重置,恢复成为默认密码“222222”,而系统中所保存的指纹信息也会随之删除;1. Restore data: If the user chooses this option, the access control system will automatically enter the link of restoring factory settings, and the password will also be automatically reset, and the recovery will become the default password "222222", and the fingerprint information saved in the system will also be deleted;

2、修改指纹 :门禁控制系统中修改指纹包含两个功能,即删除指纹、添加指纹,前者会删除系统中所保存的所有指纹信息,所以用户应该谨慎操作 ;后者添加指纹就会录入一个系统中没有的指纹,需要在完成权限认证以后才能进行。录入指纹的过程中,需要对同一枚指纹录入三次,在对比无误后,添加至系统的指纹库之中;2. Modifying fingerprints: modifying fingerprints in the access control system includes two functions, namely, deleting fingerprints and adding fingerprints. The former will delete all fingerprint information stored in the system, so users should operate with caution; adding fingerprints in the latter will enter a system Fingerprints that are not in , need to complete authority authentication before proceeding. In the process of entering fingerprints, the same fingerprint needs to be entered three times, and after the comparison is correct, it will be added to the fingerprint database of the system;

3、修改密码 :密码的修改需要用户输出旧密码来验证身份,然后将新密码输入其中,点击键盘中的 # 号键完成修改。随后,如果修改成功 M 门禁控制系统就会做出“修改成功”的提示,反之则会做出“修改失败”的提示。3. Modify password: To modify the password, the user needs to output the old password to verify the identity, then input the new password, and click the # key on the keyboard to complete the modification. Then, if the modification is successful, the M access control system will give a prompt of "modification successful", otherwise it will give a prompt of "modification failure".

门外系统用于对访问者身份的判断,同时对门外系统中的红外传感器模块进行管理,在检测到有人时自动将指纹识别模块由待机状态恢复到工作状态。在密码输入发生错误且超过3次,门外系统就会触发警报,随后只有当密码验证、指纹验证均成功以后才能够完成开关门。The outside system is used to judge the identity of the visitor, and at the same time manage the infrared sensor module in the outside system, and automatically restore the fingerprint recognition module from the standby state to the working state when someone is detected. When the password is entered incorrectly and exceeds 3 times, the system outside the door will trigger an alarm, and then the door can be opened and closed only after the password verification and fingerprint verification are successful.

为保证信息的安全性,在进入门内系统时,须以指纹验证的方式完成权限认证,然后进入LCD 显示屏的设置界面,根据需要,在内键盘模块上通过相应按键选择恢复数据、指纹修改、指纹增删、密码修改等权限操作项。In order to ensure the safety of information, when entering the door system, the authority authentication must be completed by means of fingerprint verification, and then enter the setting interface of the LCD display screen, and select data recovery and fingerprint modification by pressing the corresponding buttons on the inner keyboard module as required , fingerprint addition and deletion, password modification and other permission operation items.

进一步地,门外系统包含指纹识别功能和红外识别功能,其中,指纹识别功能包括获取指纹信息、删除指纹信息、验证指纹信息、添加指纹信息 ,红外识别功能用于对门外系统附近的人进行检测,将获取的数据通过传输,进入指纹识别模块中,实现对指纹的识别控制与管理。Further, the outside system includes fingerprint recognition function and infrared recognition function, wherein, the fingerprint recognition function includes acquiring fingerprint information, deleting fingerprint information, verifying fingerprint information, adding fingerprint information, and the infrared recognition function is used to detect people near the outside system , and transmit the acquired data into the fingerprint identification module to realize the identification control and management of the fingerprint.

为了进一步地增加安全性,指纹算法芯片与主控芯片连接,指纹算法芯片与主控芯片设有身份认证机制。出厂后的每次系统上电,主控芯片与指纹算法芯片首先需要进行互相身份绑定认证,只有当身份绑定认证成功后才能进入下一步。身份绑定认证过程是将主控芯片与指纹算法芯片中根密钥生成的认证数据进行对比,对比成功才能完成认证,使指纹算法芯片与主控芯片相互进行唯一的身份绑定认证,从而排除了非法用户通过置换指纹算法芯片获取主控芯片数据的可能性。In order to further increase security, the fingerprint algorithm chip is connected to the main control chip, and the fingerprint algorithm chip and the main control chip are provided with an identity authentication mechanism. Every time the system is powered on after leaving the factory, the main control chip and the fingerprint algorithm chip first need to perform mutual identity binding authentication. Only after the identity binding authentication is successful can the next step be entered. The identity binding authentication process is to compare the authentication data generated by the main control chip and the root key in the fingerprint algorithm chip. Only when the comparison is successful can the authentication be completed, so that the fingerprint algorithm chip and the main control chip can perform unique identity binding authentication with each other, thus eliminating It is possible for illegal users to obtain the data of the main control chip by replacing the fingerprint algorithm chip.

主控芯片通过量产工具将授权序列号传输给未授权的指纹算法芯片,该指纹算法芯片接收并保存序列号之后,应答成功指令。如指纹算法芯片己经授权,则应答失败指令,即指纹算法芯片在出厂之后只能接受一次授权序列号。用该唯一的授权序列号与随机数进行运算操作,得到的根密钥用于所述主控芯片与所述指纹算法芯片之间的身份绑定认证。The main control chip transmits the authorized serial number to the unauthorized fingerprint algorithm chip through the mass production tool, and the fingerprint algorithm chip responds to the successful command after receiving and saving the serial number. If the fingerprint algorithm chip has been authorized, it will respond to the failure command, that is, the fingerprint algorithm chip can only accept the authorized serial number once after leaving the factory. The unique authorization serial number and the random number are used for operation, and the obtained root key is used for identity binding authentication between the main control chip and the fingerprint algorithm chip.

主控芯片与指纹算法模块之间设有安全通信机制,该安全通信机制包括步骤:There is a secure communication mechanism between the main control chip and the fingerprint algorithm module, and the secure communication mechanism includes steps:

S1、发送随机数,主控芯片发送16Byte随机数RN1到指纹算法芯片,指纹算法芯片发送16Byte随机数RN2到主控芯片;S1. Send random numbers, the main control chip sends 16Byte random number RN1 to the fingerprint algorithm chip, and the fingerprint algorithm chip sends 16Byte random number RN2 to the main control chip;

S2、获取认证数据,指纹算法芯片将随机数RN1与根密钥进行异或运算操作得到的数值作为密钥,对根密钥进行SM4加密运算得到认证数据,之后指纹算法芯片将认证数据发送到主控芯片进行校验对比,主控芯片将随机数RN2与根密钥进行异或运算操作得到的数值作为密钥,对根密钥进行SM4加密运算得到认证数据,之后主控芯片将认证数据发送到指纹算法芯片进行校验对比;S2. Obtain the authentication data. The fingerprint algorithm chip uses the random number RN1 and the value obtained by XOR operation with the root key as the key, performs SM4 encryption operation on the root key to obtain the authentication data, and then the fingerprint algorithm chip sends the authentication data to The main control chip performs verification and comparison. The main control chip uses the random number RN2 and the value obtained by XOR operation with the root key as the key, performs SM4 encryption operation on the root key to obtain the authentication data, and then the main control chip uses the authentication data Send to the fingerprint algorithm chip for verification and comparison;

S3、对比认证数据,主控芯片和指纹算法芯片均对自身计算出的认证数据与收到的认证数据进行对比,相同则认证通过,不同则认证失败,认证通过后开始生成会话密钥用于主控芯片与指纹算法芯片间的通信;S3. Comparing the authentication data, both the main control chip and the fingerprint algorithm chip compare the authentication data calculated by themselves with the received authentication data. If they are the same, the authentication will pass, and if they are different, the authentication will fail. Communication between the main control chip and the fingerprint algorithm chip;

S4、会话密钥生成,指纹算法芯片与主控芯片都将随机数RN1与随机数RN2进行异或运算操作得到的数值作为密钥,对随机数RN2再进行SM4加密运算得到会话密钥。S4. Session key generation. Both the fingerprint algorithm chip and the main control chip use the value obtained by XOR operation of random number RN1 and random number RN2 as a key, and perform SM4 encryption operation on random number RN2 to obtain a session key.

具体地,在本发明的优选实施例中,主控芯片与指纹算法芯片间的指令使用会话密钥并经过SM4加密传输,每次上电后的会话密钥均由不同随机数运算生成。会话密钥存储在RAM中,在指纹算法芯片掉电时,该所述会话密钥随之丢失,用于在最大程度上降低了通信指令被非法用户截取并破解的可能性。主控芯片的型号为STM32F103 ,指纹算法芯片的型号为BRD501。Specifically, in a preferred embodiment of the present invention, the instructions between the main control chip and the fingerprint algorithm chip use a session key and are encrypted and transmitted through SM4, and the session key after each power-on is generated by different random number operations. The session key is stored in the RAM, and when the fingerprint algorithm chip is powered off, the session key is lost, so as to reduce the possibility that the communication instruction is intercepted and cracked by an illegal user to the greatest extent. The model of the main control chip is STM32F103, and the model of the fingerprint algorithm chip is BRD501.

综上所述,本发明的支指纹防盗门禁的实现方法通过在指纹算法芯片与主控芯片设有身份认证机制,使指纹算法芯片与主控芯片相互进行唯一的身份绑定认证,从而排除了非法用户通过置换指纹算法芯片获取主控芯片数据的可能性,大大提高了身份认证机制。另外,通过在指纹算法芯片与主控芯片之间添加安全通信机制,对两者之间的通信进行加密,可保证数据安全。会话密钥存储在RAM中,当指纹算法芯片掉电时,会话密钥随之丢失,故在最大程度上降低了通信指令被非法用户截取并破解的可能性,增强了加密通信的可靠性与抗攻击能力,提升了通信安全性。能够充分发挥指纹识别技术的作用,提高门禁控制系统的整体性能,从而保护用户财产的安全。In summary, the implementation method of the fingerprint anti-theft access control of the present invention is provided with an identity authentication mechanism on the fingerprint algorithm chip and the main control chip, so that the fingerprint algorithm chip and the main control chip perform unique identity binding authentication with each other, thereby eliminating The possibility for illegal users to obtain the data of the main control chip by replacing the fingerprint algorithm chip greatly improves the identity authentication mechanism. In addition, by adding a secure communication mechanism between the fingerprint algorithm chip and the main control chip, the communication between the two is encrypted to ensure data security. The session key is stored in RAM. When the fingerprint algorithm chip is powered off, the session key will be lost, so the possibility of communication commands being intercepted and cracked by illegal users is reduced to the greatest extent, and the reliability and reliability of encrypted communication are enhanced. The ability to resist attacks improves communication security. It can give full play to the role of fingerprint identification technology, improve the overall performance of the access control system, and thus protect the safety of users' property.

以上显示和描述了本发明的基本原理、主要特征和本发明的优点。本行业的技术人员应该了解,本发明不受上述实施例的限制,上述实施例和说明书中描述的只是本发明的原理,在不脱离本发明精神和范围的前提下本发明还会有各种变化和改进,这些变化和改进都落入要求保护的本发明的范围内,本发明要求的保护范围由所附的权利要求书及其等同物界定。The basic principles, main features and advantages of the present invention have been shown and described above. Those skilled in the art should understand that the present invention is not limited by the above-mentioned embodiments. What are described in the above-mentioned embodiments and the description are only the principles of the present invention. Changes and improvements, these changes and improvements all fall within the scope of the claimed invention, and the protection scope of the present invention is defined by the appended claims and their equivalents.

Claims (10)

1. a kind of implementation method of fingerprint anti-theft gate inhibition, which is characterized in that including main control chip and connect the main control chip System and system, the system outdoors include outer Keysheet module, fingerprint identification module, alarm, environmental sensor outdoors in door Mould group, pressure sensor, infrared sensor module, two-phase stepping motor module, in the door system include internal key disk module, LCD display screen, LCD display screen is for showing the information such as pressure, temperature, humidity, when monitoring abnormal, driving report Alert device alarm in the form of buzzing, and system is operated for providing the permissions such as fingerprint additions and deletions, password modification in the door, it is described outdoors System is for the judgement to visitor's identity, while the infrared sensor module in external system is managed on the door, is being detected Fingerprint identification module is restored to working condition by standby mode automatically when someone.
2. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 1, which is characterized in that for the safety for guaranteeing information Property, when entering system in the door, purview certification must be completed in a manner of fingerprint authentication, subsequently into the LCD display screen Set interface, as needed, on interior Keysheet module by respective keys select restore data, fingerprint modification, fingerprint additions and deletions, The permissions action-items such as password modification.
3. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 1, which is characterized in that the system outdoors includes Fingerprint identification function and infrared identification function, wherein the fingerprint identification function includes obtaining finger print information, deleting fingerprint letter Breath, verifying finger print information, addition finger print information, the infrared identification function are used to carry out the people of the arrangement adjacent outdoors Detection, the data that will acquire are by transmission, into fingerprint identification module, realize identification control and the management to fingerprint.
4. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 1, which is characterized in that further include fingerprint algorithm core Piece, the fingerprint algorithm chip are connected with the main control chip, and the fingerprint algorithm chip and the main control chip are equipped with identity Authorization sequence number is transferred to the fingerprint algorithm chip of unauthorized by production tool by authentication mechanism, the main control chip, After the fingerprint algorithm chip receives and saves sequence number, response is successfully instructed, such as the fingerprint algorithm chip oneself through awarding Power, then answer failed instructs, i.e., the described fingerprint algorithm chip can only receive an authorization sequence number after factory, unique with this Authorization sequence number and random number carry out arithmetic operation, obtained root key is for the main control chip and the fingerprint algorithm core Identity binding certification between piece.
5. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 4, which is characterized in that every subsystem after factory It powers on, the main control chip and the fingerprint algorithm chip are firstly the need of mutual identity binding certification is carried out, only when identity is tied up It just can enter after authenticating successfully calmly in next step.
6. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 5, which is characterized in that the identity binding certification Process is that the authentication data for generating the main control chip with root key in the fingerprint algorithm chip compares, and is compared successfully Certification could be completed, the fingerprint algorithm chip and the main control chip is made mutually to carry out unique identity binding certification, thus Illegal user is eliminated by replacing a possibility that fingerprint algorithm chip obtains the main control chip data.
7. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 6, which is characterized in that the main control chip and institute State between fingerprint algorithm module be equipped with secure communication mechanism, the secure communication mechanism comprising steps of
S1, random number is sent, the main control chip sends 16Byte random number R N1 to the fingerprint algorithm
Chip, the fingerprint algorithm chip send 16Byte random number R N2 to the main control chip;
S2, authentication data is obtained, random number R N1 and root key are carried out what XOR operation operated by the fingerprint algorithm chip Numerical value carries out SM4 cryptographic calculation to root key and obtains authentication data, the fingerprint algorithm chip will authenticate number later as key Verification comparison is carried out according to the main control chip is sent to, random number R N2 and root key are carried out XOR operation by the main control chip Obtained numerical value is operated as key, SM4 cryptographic calculation is carried out to root key and obtains authentication data, the main control chip will later Authentication data is sent to the fingerprint algorithm chip and carries out verification comparison;
S3, comparative certification data, the main control chip and the fingerprint algorithm chip to itself calculated authentication data with The authentication data received compares, identical, and certification passes through, different then authentification failure, and certification starts generation session after passing through close Key is used for the communication of the main control chip and the fingerprint algorithm chip chamber;
S4, session key generate, the fingerprint algorithm chip and the main control chip all by random number R N1 and random number R N2 into The numerical value that row XOR operation operates carries out SM4 cryptographic calculation as key, to random number R N2 again and obtains session key.
8. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 7, which is characterized in that the main control chip and institute The instruction of fingerprint algorithm chip chamber is stated using session key and passes through SM4 encrypted transmission, the session key after powering on every time by Different random number operation generates.
9. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 7 or 8, which is characterized in that the session key It is stored in RAM, in the fingerprint algorithm chip power-down, which loses therewith, for the full extent Reduce a possibility that communication instruction is intercepted and cracked by illegal user.
10. the implementation method of branch fingerprint anti-theft gate inhibition according to claim 1, which is characterized in that the main control chip Model STM32F103, the model BRD501 of the fingerprint algorithm chip.
CN201910518914.XA 2019-06-16 2019-06-16 A method for implementing fingerprint anti-theft access control Active CN110390746B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910518914.XA CN110390746B (en) 2019-06-16 2019-06-16 A method for implementing fingerprint anti-theft access control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910518914.XA CN110390746B (en) 2019-06-16 2019-06-16 A method for implementing fingerprint anti-theft access control

Publications (2)

Publication Number Publication Date
CN110390746A true CN110390746A (en) 2019-10-29
CN110390746B CN110390746B (en) 2024-12-27

Family

ID=68285543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910518914.XA Active CN110390746B (en) 2019-06-16 2019-06-16 A method for implementing fingerprint anti-theft access control

Country Status (1)

Country Link
CN (1) CN110390746B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111211906A (en) * 2019-12-20 2020-05-29 福建魔方电子科技有限公司 Method, system, device, equipment and medium for realizing one-machine-one-secret of terminal equipment
CN112288914A (en) * 2020-10-30 2021-01-29 深圳坚朗海贝斯智能科技有限公司 Peripheral binding and authentication security management method based on intelligent lock
CN113132087A (en) * 2019-12-30 2021-07-16 国民技术股份有限公司 Internet of things, identity authentication and secret communication method, chip, equipment and medium
CN115798082A (en) * 2021-09-10 2023-03-14 国民科技(深圳)有限公司 Security control method for intelligent electronic lock, intelligent electronic lock and electronic equipment

Citations (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050099106A (en) * 2004-04-08 2005-10-13 주식회사 엘립시스 Portable hsm, user registration and authentication method thereof
CN2845028Y (en) * 2005-07-29 2006-12-06 北京中天一维科技有限公司 Fingerprint identifying system
CN101945114A (en) * 2010-09-20 2011-01-12 西安电子科技大学 Identity authentication method based on fuzzy vault and digital certificate
CN102176694A (en) * 2011-03-14 2011-09-07 张龙其 Fingerprint module with encryption unit
CN102568061A (en) * 2010-12-30 2012-07-11 中国移动通信集团公司 Method, system and device for achieving entrance guard control
US20120222103A1 (en) * 2009-11-27 2012-08-30 Phoniro Ab Access control method, and associated lock device and administration server
CN103279411A (en) * 2013-06-06 2013-09-04 刘洪磊 Method and system of entering application programs based on fingerprint identification
CN103400431A (en) * 2013-07-28 2013-11-20 石家庄国耀电子科技有限公司 Intelligent double-management and double-control secret carrier storage cabinet
CN104751538A (en) * 2013-12-26 2015-07-01 联芯科技有限公司 Implementation method for opening access controller, and access control system
US20160205098A1 (en) * 2014-06-09 2016-07-14 Beijing Stone Sheild Technology Co., Ltd. Identity verifying method, apparatus and system, and related devices
CN106056196A (en) * 2016-05-31 2016-10-26 成都方程式电子有限公司 Modular fingerprint U disk and communication method thereof
US20170180125A1 (en) * 2015-12-17 2017-06-22 Deutsche Post Ag Device and method for the personalized provision of a key
CN106981111A (en) * 2017-03-22 2017-07-25 福建农林大学 A kind of utilization rivest, shamir, adelman encrypts the electronic switch lock and its method for unlocking of sonic data
CN107123181A (en) * 2017-04-14 2017-09-01 天地融科技股份有限公司 A kind of access control method and system
CN206888723U (en) * 2017-06-26 2018-01-16 河北豪威电子科技有限公司 A kind of finger-print cipher electronic lock
CN206921175U (en) * 2017-07-07 2018-01-23 南京甄视智能科技有限公司 ATM Self-Services region gate control system based on recognition of face
CN207302174U (en) * 2017-09-04 2018-05-01 上海合悦信息技术有限公司 A Fingerprint Access Control System Providing Instantaneous Power Supply Authentication
WO2018076163A1 (en) * 2016-10-25 2018-05-03 深圳市汇顶科技股份有限公司 Binding authentication method for fingerprint algorithm library and fingerprint sensor, and fingerprint recognition system
CN108234132A (en) * 2017-12-07 2018-06-29 深圳市中易通安全芯科技有限公司 The safe communication system and method for a kind of main control chip and encryption chip
CN108266061A (en) * 2017-12-29 2018-07-10 武汉九万里科技有限公司 Fingerprint lock
CN208240108U (en) * 2018-05-29 2018-12-14 杭州晟元数据安全技术股份有限公司 Fingerprint entrance guard system based on cryptographic fingerprint mould group
CN109448197A (en) * 2018-12-18 2019-03-08 杭州高锦科技有限公司 A kind of cloud intelligent lock system and key management method based on multi-enciphering mode

Patent Citations (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050099106A (en) * 2004-04-08 2005-10-13 주식회사 엘립시스 Portable hsm, user registration and authentication method thereof
CN2845028Y (en) * 2005-07-29 2006-12-06 北京中天一维科技有限公司 Fingerprint identifying system
US20120222103A1 (en) * 2009-11-27 2012-08-30 Phoniro Ab Access control method, and associated lock device and administration server
CN101945114A (en) * 2010-09-20 2011-01-12 西安电子科技大学 Identity authentication method based on fuzzy vault and digital certificate
CN102568061A (en) * 2010-12-30 2012-07-11 中国移动通信集团公司 Method, system and device for achieving entrance guard control
CN102176694A (en) * 2011-03-14 2011-09-07 张龙其 Fingerprint module with encryption unit
CN103279411A (en) * 2013-06-06 2013-09-04 刘洪磊 Method and system of entering application programs based on fingerprint identification
CN103400431A (en) * 2013-07-28 2013-11-20 石家庄国耀电子科技有限公司 Intelligent double-management and double-control secret carrier storage cabinet
CN104751538A (en) * 2013-12-26 2015-07-01 联芯科技有限公司 Implementation method for opening access controller, and access control system
US20160205098A1 (en) * 2014-06-09 2016-07-14 Beijing Stone Sheild Technology Co., Ltd. Identity verifying method, apparatus and system, and related devices
US20170180125A1 (en) * 2015-12-17 2017-06-22 Deutsche Post Ag Device and method for the personalized provision of a key
CN106056196A (en) * 2016-05-31 2016-10-26 成都方程式电子有限公司 Modular fingerprint U disk and communication method thereof
WO2018076163A1 (en) * 2016-10-25 2018-05-03 深圳市汇顶科技股份有限公司 Binding authentication method for fingerprint algorithm library and fingerprint sensor, and fingerprint recognition system
CN106981111A (en) * 2017-03-22 2017-07-25 福建农林大学 A kind of utilization rivest, shamir, adelman encrypts the electronic switch lock and its method for unlocking of sonic data
CN107123181A (en) * 2017-04-14 2017-09-01 天地融科技股份有限公司 A kind of access control method and system
CN206888723U (en) * 2017-06-26 2018-01-16 河北豪威电子科技有限公司 A kind of finger-print cipher electronic lock
CN206921175U (en) * 2017-07-07 2018-01-23 南京甄视智能科技有限公司 ATM Self-Services region gate control system based on recognition of face
CN207302174U (en) * 2017-09-04 2018-05-01 上海合悦信息技术有限公司 A Fingerprint Access Control System Providing Instantaneous Power Supply Authentication
CN108234132A (en) * 2017-12-07 2018-06-29 深圳市中易通安全芯科技有限公司 The safe communication system and method for a kind of main control chip and encryption chip
CN108266061A (en) * 2017-12-29 2018-07-10 武汉九万里科技有限公司 Fingerprint lock
CN208240108U (en) * 2018-05-29 2018-12-14 杭州晟元数据安全技术股份有限公司 Fingerprint entrance guard system based on cryptographic fingerprint mould group
CN109448197A (en) * 2018-12-18 2019-03-08 杭州高锦科技有限公司 A kind of cloud intelligent lock system and key management method based on multi-enciphering mode

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111211906A (en) * 2019-12-20 2020-05-29 福建魔方电子科技有限公司 Method, system, device, equipment and medium for realizing one-machine-one-secret of terminal equipment
CN111211906B (en) * 2019-12-20 2023-09-26 福建魔方电子科技有限公司 Method, system, device, equipment and medium for realizing one-machine one-secret of terminal equipment
CN113132087A (en) * 2019-12-30 2021-07-16 国民技术股份有限公司 Internet of things, identity authentication and secret communication method, chip, equipment and medium
CN112288914A (en) * 2020-10-30 2021-01-29 深圳坚朗海贝斯智能科技有限公司 Peripheral binding and authentication security management method based on intelligent lock
CN115798082A (en) * 2021-09-10 2023-03-14 国民科技(深圳)有限公司 Security control method for intelligent electronic lock, intelligent electronic lock and electronic equipment

Also Published As

Publication number Publication date
CN110390746B (en) 2024-12-27

Similar Documents

Publication Publication Date Title
US11947649B2 (en) Locking device biometric access
CN110390746A (en) An implementation method of fingerprint anti-theft access control
CA2527836C (en) An in-circuit security system and methods for controlling access to and use of sensitive data
US10171444B1 (en) Securitization of temporal digital communications via authentication and validation for wireless user and access devices
CN107274532A (en) The temporary password gate control system that encryption parameter dynamically updates
CN104468113A (en) Distribution of user credentials
JP2019505058A (en) System and method for controlling access to physical space
CN104282058B (en) The method for unlocking of the safety intelligent lock system of band video monitoring based on bluetooth
CN108712389A (en) A kind of intelligent lock system
CN108460862A (en) The method and electric lockset, lock system having with palmprint authentication and Mobile phone control lock
CN101298817B (en) Lock body control device and method thereof
CN105447937A (en) Control system and control method for staff entrance of nuclear power station
CN110310406A (en) Unlocking method of intelligent door lock and intelligent door lock
CN105827405A (en) Remotely-controlled safety lock device and remote control method thereof
CN111340987A (en) Internet of things door lock communication method, device and system and computer storage medium
WO2021174264A1 (en) Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method
US8151111B2 (en) Processing device constituting an authentication system, authentication system, and the operation method thereof
CN112288914B (en) A security management method for peripheral binding and authentication based on smart locks
CN106447835A (en) Door lock sound wave control system and method
CN210598504U (en) NB (node B) Internet of things safety intelligent door lock based on dual-core multi-layer verification
CN116340920A (en) Intelligent wearable equipment coded lock system based on security model
CN107454352A (en) Remote control
CN107249111A (en) Remote control
CN107168122B (en) A kind of power equipment case centralized control system and method
Premalatha et al. ‘A 2-way verification process using one time password key for home authentication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right

Effective date of registration: 20191015

Address after: Room 620 and 623, 88 Tiangui Road, Huadu District, Guangzhou City, Guangdong 510000

Applicant after: DEVELOPMENT Research Institute OF GUANGZHOU SMART CITY

Address before: Room 620 and 623, 88 Tiangui Road, Huadu District, Guangzhou City, Guangdong 510000

Applicant before: DEVELOPMENT Research Institute OF GUANGZHOU SMART CITY

Applicant before: Guangzhou Sysur Microelectronics, Inc.

TA01 Transfer of patent application right
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20240627

Address after: 518000, Building 1, Zone 1, Yihaicheng, Yantian District, Shenzhen City, Guangdong Province, China, 2106

Applicant after: Shenzhen Yantian District Zhongda Integrated Circuit Research Institute

Country or region after: China

Address before: 510000 rooms 620 and 623, No. 88, Tiangui Road, Huadu District, Guangzhou, Guangdong

Applicant before: DEVELOPMENT Research Institute OF GUANGZHOU SMART CITY

Country or region before: China

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant