Smart locks, as an important component of the smart home ecosystem, bring great convenience to users’ daily lives, but the accompanying security risks cannot be ignored. In the field of smart locks, the ease of copying card keys is a prominent issue and security concern.
In the field of smart access control and locks, the unlocking function of card keys is completed through reading the information on the card for authentication to unlock the door. Therefore, the risk of card duplication has become one of the main security vulnerabilities of smart locks. Some technicians can obtain and analyze the card signals to read the corresponding information from the card, and then write the obtained information onto another card, achieving card duplication. This allows unauthorized users to easily mimic legitimate users to unlock the door, raising fundamental security issues.
To address the aforementioned security issues, security chip manufacturers typically recommend using financial-grade secure CPU card application solutions on the user end. These solutions utilize security firmware with national encryption keys, such as the Huayi Micro HYM4616 security chip (a product certified by the National Cryptography Administration), which truly implements one card one secret, preventing duplication, and supports the ISO/IEC 14443 contactless protocol (Type A). This chip model has become the most widely adopted model among leading smart lock companies and well-known access control product fields.
To illustrate the characteristics and application examples of the HYM4616 chip solution (card binding process):
After utilizing this high-level encrypted card lock authentication solution, the unlocking process is as follows:
This solution has the following characteristics:
1. One lock one secret: Each lock has a uniquely generated unlocking digital key, ensuring security and independence. Users can own and manage their private data, enhancing the protection of user data.
2. User CPU card: Utilizing a one card one secret security solution effectively prevents key duplication and eliminates cumbersome card issuing environments. Users can perform identity verification and authorization operations through their personal CPU cards, simplifying the user lock process.
3. Flexible key management: There is no need for dedicated key management devices or software, achieving flexible key management. This eliminates reliance on dedicated devices such as encryption machines, reducing costs and complexity.
4. National/international dual algorithm: It adopts dual algorithms (SM1/SM4) that comply with national cryptography bureau/international standards, ensuring the system’s autonomy, security, compliance, and trustworthiness. It meets domestic market demands while possessing international interoperability capabilities.
Combining CPU smart cards with smart locks, this solution provides a smarter, safer, and more convenient one-stop solution for smart lock and access control manufacturers. Of course, in addition to this basic solution, some higher-level security requirements usually necessitate the addition of an ESAM module at the lock end. This solution poses new requirements for lock manufacturers’ production—requiring the use of encryptors to issue CPU cards and ESAM modules, but the issuance steps are relatively flexible, cost-effective, and highly feasible. A dedicated article will be written later regarding the application of the ESAM module.