CN-122028224-A - Method and system for secure session between door lock and mobile terminal

Abstract

The invention discloses a method and a system for secure session between a door lock and a mobile terminal, wherein the method comprises the steps of periodically collecting Bluetooth signal intensity of the mobile terminal in a coverage area of a unit door lock according to the unit door lock, dividing the signal intensity into preset gears, generating corresponding connection states, further packaging the connection states into IGMP (Internet group management protocol) joining messages, sending the IGMP joining messages to a specific multicast address, registering or refreshing the unit door lock IP, the connection states and a local forwarding interface corresponding to the Bluetooth address in a Bluetooth address binding table maintained by the unit door lock gateway according to the IGMP joining messages, constructing a multicast message according to a voice call request initiated by an indoor machine, forwarding the multicast message through a router network, and reversely transmitting the multicast message along an established (S, G) table path according to a multicast tree by a convergence point RP. By utilizing the embodiment of the invention, the rapid, accurate and safe direct session establishment between the door lock and the mobile terminal can be realized, and the communication delay and the dependence on an external network are reduced.

Inventors

• DENG YEHAO
• ZHU ZHILING
• SANG SHENGWEI
• XI JUAN
• TANG JUNXIONG
• YE FEI

Assignees

• 浙江德施曼科技智能股份有限公司

Dates

Publication Date

20260512

Application Date

20260415

Claims (10)

1. 1. A method for a secure session between a door lock and a mobile terminal, the method comprising: the Bluetooth signal perception and status report comprises periodically collecting the Bluetooth signal intensity of the mobile terminal in the coverage area of the unit door lock, dividing the signal intensity into preset gears and generating corresponding connection status, further packaging the Bluetooth signal intensity into IGMP adding messages carrying the Bluetooth address, the unit door lock IP and the connection status, and sending the IGMP adding messages to a specific multicast address; The Bluetooth address binding table is dynamically maintained, namely, the IGMP adding message is received according to a door lock gateway, and the unit door lock IP, the connection state and the local forwarding interface corresponding to the Bluetooth address are registered or refreshed in the Bluetooth address binding table maintained by the IGMP adding message according to a preset conflict arbitration and priority rule; Constructing a multicast message carrying a Bluetooth address of a target mobile terminal and the emergency degree of the message according to a voice call request initiated by an indoor telephone, forwarding the multicast message through a router network, and establishing a (S, G) source multicast tree from the indoor telephone to a corresponding unit door lock by a convergence point RP according to the Bluetooth address binding table; According to the (S, G) multicast tree, the indoor machine sends voice data to the unit door lock through multicast, the unit door lock constructs a reply message with a source address being a multicast address and a destination address being unicast IP of the indoor machine, and the reply message is reversely transmitted along the established (S, G) table entry path to complete the bidirectional security session.
2. 2. The method of claim 1, wherein the bluetooth signal sensing and status reporting comprises: The signal acquisition and gear dividing comprises the steps of scanning received Bluetooth signals in real time according to a unit door lock, acquiring received signal strength indication RSSI, and dividing the RSSI into a first gear stable state, a second gear unstable state and a third gear weak state according to a preset threshold value to obtain corresponding signal gears; judging the connection state, namely judging the connection state with the Bluetooth address according to the signal gear and the network interception result, wherein the connection state is a first gear and a linking state when no conflict exists, a second gear is a standby state, and a third gear is an active state; According to the method, before judging the state of a first file linking, firstly monitoring multicast announcements issued by other unit door locks in a network, and if the Bluetooth address is found to be declared to be linking by other door locks, giving up declarations to avoid connection conflicts; And periodically multicasting the notification, namely periodically packaging the Bluetooth address, the unit door lock IP and the connection state into an IGMP (Internet group management protocol) adding message according to the determined connection state, and sending the IGMP adding message to the specific multicasting address to complete the state notification.
3. 3. The method of claim 2, wherein the bluetooth address binding table is dynamically maintained, comprising: the binding list item registration, namely registering the Bluetooth address and the reported unit door lock IP, the connection state and the local forwarding interface thereof in a Bluetooth address binding list corresponding to the multicast address according to the IGMP adding message of a certain Bluetooth address received by the door lock gateway for the first time; The same IP refreshing step, namely refreshing the connection state and aging time in the entry according to the fact that the Bluetooth address in the subsequently received IGMP adding message is consistent with the entry in the table and the IP of the reporting unit door lock is the same; The method comprises the steps of performing different IP competition arbitration, namely arbitrating according to the signal gear priority and the special rule of the same gear when the Bluetooth address in the subsequently received IGMP adding message is consistent with the entry in the table but the reported unit door lock IP is different, wherein the first gear priority is higher than the second gear priority and the third gear priority is higher than the first gear priority, if the new and old signals belong to the first gear, the original unit door lock IP is kept unchanged, if the new and old signals belong to the second gear, the original record is replaced by the newly reported unit door lock IP and an interface, and if the new and old signals belong to the third gear, the new unit door lock IP and the interface are recorded in an increment mode; And synchronizing the binding table, namely, according to the change of the Bluetooth address binding table, the door lock gateway sends (G) joining information to the RP direction so as to enable the upstream router to update the multicast forwarding table to output interface information.
4. 4. A method according to claim 3, wherein the establishment of the voice call multicast tree comprises: according to the voice call initiated by the indoor machine, encapsulating the bound target mobile terminal Bluetooth address and the message emergency zone bit to an RTSP/RTP multicast message with the target address being the specific multicast address; The source multicast tree is built hop by hop, forwarding is carried out in a router network according to the multicast message, each router creates or matches (S, G1) forwarding list items based on a source IP (S) and a multicast address (G1), and the outlet interfaces of the forwarding list items face the RP direction, so that the (S, G1) paths from indoor branches to the RP are built hop by hop; The RP binding list inquires and forwards, namely, according to the received multicast message by the RP, extracting a Bluetooth address carried in the multicast message, inquiring binding information synchronously updated from a door lock gateway, determining the current associated unit door lock IP and connection state of the Bluetooth address, and setting an outlet interface of a (S, G1) list item as an interface pointing to the door lock gateway where the unit door lock is positioned; And the gate lock gateway precisely delivers, namely inquiring a local Bluetooth address binding table according to the multicast message received by the gate lock gateway and forwarded by the RP: If the connection state is linking or standby, the message is sent to the target unit door lock from the corresponding local forwarding interface, and if the connection state is alive, broadcast delivery is carried out from all the associated interfaces only when the message emergency degree flag bit is set.
5. 5. The method of claim 4, wherein the implementation of the two-way secure communication comprises: the reverse unicast message construction, namely replying voice data to the indoor branch machine according to the requirement of the unit door lock, and constructing a reply message with a source IP address being the specific multicast address (G1) and a destination IP address being unicast IP, port number and receiving message exchange of the indoor branch machine; Based on the reverse route of the (S, G) table item, according to the reply message of the source address as the multicast address received by the router along the way, searching whether the corresponding (S, G1) table item exists locally, if so, forwarding according to the RPF interface of the table item, thereby reversely sending to the indoor telephone gateway along the established (S, G1) multicast tree path; And (3) safety verification, namely adding a specific rule when carrying out Reverse Path Forwarding (RPF) check on the message with the source IP as the multicast address according to the router, forwarding according to the corresponding (S, G) table entry if the corresponding (S, G) table entry exists, and discarding the attack message if the corresponding (S, G) table entry does not exist.
6. 6. The method of claim 5, further comprising an exception and aging handling mechanism: Ageing the connection state, namely setting ageing time according to linking pairing information of other door locks in the network, which is recorded locally by the unit door locks, and automatically clearing after overtime so as to avoid interference of outdated information with conflict judgment; And (3) ageing the binding list item, namely automatically ageing and deleting the item according to the item in the Bluetooth address binding list maintained by the door lock gateway if the IGMP adding message refreshing the Bluetooth address is not received within a set period.
7. 7. A system for a secure session of a door lock with a mobile terminal, the system comprising: The reporting module is used for Bluetooth signal perception and status reporting, namely periodically acquiring the Bluetooth signal intensity of a mobile terminal in the coverage area of the unit door lock according to the unit door lock, dividing the signal intensity into preset gears and generating corresponding connection status, further packaging the Bluetooth signal intensity into an IGMP (Internet group management protocol) adding message carrying the Bluetooth address, the unit door lock IP and the connection status, and sending the IGMP adding message to a specific multicast address; the maintenance module is used for dynamically maintaining the Bluetooth address binding table, and is used for receiving the IGMP adding message according to a door lock gateway, registering or refreshing a unit door lock IP, a connection state and a local forwarding interface corresponding to the Bluetooth address in the Bluetooth address binding table maintained by the maintenance module according to a preset conflict arbitration and priority rule; the establishing module is used for establishing a voice call multicast tree, namely constructing a multicast message carrying a Bluetooth address of a target mobile terminal and the emergency degree of the message according to a voice call request initiated by an indoor machine, forwarding the multicast message through a router network, and establishing a (S, G) source multicast tree from the indoor machine to a corresponding unit door lock by a convergence point RP according to the Bluetooth address binding table; And the communication module is used for realizing bidirectional safety communication, namely, according to the (S, G) multicast tree, the indoor machine sends voice data to the unit door lock through multicast, the unit door lock constructs a reply message with a source address being a multicast address and a destination address being unicast IP of the indoor machine, and the reply message is reversely transmitted along an established (S, G) table entry path to complete bidirectional safety session.
8. 8. The system according to claim 7, wherein the reporting module is specifically configured to: The signal acquisition and gear dividing comprises the steps of scanning received Bluetooth signals in real time according to a unit door lock, acquiring received signal strength indication RSSI, and dividing the RSSI into a first gear stable state, a second gear unstable state and a third gear weak state according to a preset threshold value to obtain corresponding signal gears; judging the connection state, namely judging the connection state with the Bluetooth address according to the signal gear and the network interception result, wherein the connection state is a first gear and a linking state when no conflict exists, a second gear is a standby state, and a third gear is an active state; According to the method, before judging the state of a first file linking, firstly monitoring multicast announcements issued by other unit door locks in a network, and if the Bluetooth address is found to be declared to be linking by other door locks, giving up declarations to avoid connection conflicts; And periodically multicasting the notification, namely periodically packaging the Bluetooth address, the unit door lock IP and the connection state into an IGMP (Internet group management protocol) adding message according to the determined connection state, and sending the IGMP adding message to the specific multicasting address to complete the state notification.
9. 9. A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the method of any of claims 1-6 when run.
10. 10. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, the processor being arranged to run the computer program to perform the method of any of claims 1-6.

Description

Method and system for secure session between door lock and mobile terminal Technical Field The invention belongs to the technical field of intelligent door locks, and particularly relates to a method and a system for safe session between a door lock and a mobile terminal. Background Along with the popularization of intelligent home and community security systems, the demands on the intellectualization and convenience of the access control system are increasingly increased. In the prior art, the interaction between the door lock and the mobile terminal (such as a smart phone) mostly adopts a direct Bluetooth pairing or a remote communication mode based on a central server. The communication distance of the communication method is limited, stable and cross-regional session establishment cannot be realized in a complex building environment, and the communication method relies on external network and cloud transit, so that the problems of high delay, privacy leakage risk, single-point fault and the like exist. Especially in the real-time interaction scene of visitor voice call, remote door opening and the like which need low delay and high security, the existing scheme is difficult to consider efficiency, reliability and privacy protection. Therefore, a new method for realizing rapid and accurate device discovery and secure direct communication by using a local network is needed in the industry to improve the user experience and the overall security of the system. Disclosure of Invention The invention aims to provide a method and a system for secure session between a door lock and a mobile terminal, which solve the defects in the prior art, can realize quick, accurate and secure direct session establishment between the door lock and the mobile terminal, and reduce communication delay and dependence on external networks. One embodiment of the application provides a method for a secure session between a door lock and a mobile terminal, comprising the following steps: the Bluetooth signal perception and status report comprises periodically collecting the Bluetooth signal intensity of the mobile terminal in the coverage area of the unit door lock, dividing the signal intensity into preset gears and generating corresponding connection status, further packaging the Bluetooth signal intensity into IGMP adding messages carrying the Bluetooth address, the unit door lock IP and the connection status, and sending the IGMP adding messages to a specific multicast address; The Bluetooth address binding table is dynamically maintained, namely, the IGMP adding message is received according to a door lock gateway, and the unit door lock IP, the connection state and the local forwarding interface corresponding to the Bluetooth address are registered or refreshed in the Bluetooth address binding table maintained by the IGMP adding message according to a preset conflict arbitration and priority rule; Constructing a multicast message carrying a Bluetooth address of a target mobile terminal and the emergency degree of the message according to a voice call request initiated by an indoor telephone, forwarding the multicast message through a router network, and establishing a (S, G) source multicast tree from the indoor telephone to a corresponding unit door lock by a convergence point RP according to the Bluetooth address binding table; According to the (S, G) multicast tree, the indoor machine sends voice data to the unit door lock through multicast, the unit door lock constructs a reply message with a source address being a multicast address and a destination address being unicast IP of the indoor machine, and the reply message is reversely transmitted along the established (S, G) table entry path to complete the bidirectional security session. Optionally, the bluetooth signal sensing and status reporting includes: The signal acquisition and gear dividing comprises the steps of scanning received Bluetooth signals in real time according to a unit door lock, acquiring received signal strength indication RSSI, and dividing the RSSI into a first gear stable state, a second gear unstable state and a third gear weak state according to a preset threshold value to obtain corresponding signal gears; judging the connection state, namely judging the connection state with the Bluetooth address according to the signal gear and the network interception result, wherein the connection state is a first gear and a linking state when no conflict exists, a second gear is a standby state, and a third gear is an active state; According to the method, before judging the state of a first file linking, firstly monitoring multicast announcements issued by other unit door locks in a network, and if the Bluetooth address is found to be declared to be linking by other door locks, giving up declarations to avoid connection conflicts; And periodically multicasting the notification, namely periodically packaging the Bluetooth address, the unit door lock IP and the