Here, we present an overview of the designed Smart Lock, its different parts and their interactions.
As can be seen in the diagram, the system has three parts: lock, user (phone application) and data log.
The User can use his Phone Application to send his login information to the Lock. This login information is a pair of username and password (username, password) that is entered by User. The Lock on the other side, receives this information and examines the authentication of User. If this information is validated by the Lock, it allows User to lock/unlock the door for a limited time. Also, the login information (username, date, and time) is stored in Cloud to keep track of the valid/invalid Users.
The most important issue here is the security of the connection between User and Lock. Not to mention the User's login information is sensitive and cannot be discoverable by other entities. If this information is sent over the link without any modification, any invalid User can easily discover this information and use it to secure access to the Lock. Therefore, this information should be sent securely over the link. Secure communication of sensitive information requires the Lock to ascertain the identity of the User (authentication) and User scramble the information from view by others (encryption). Cryptography allows both tasks to be accomplished. In particular, the User and Lock should first agree upon a shared and secret key. Then User encrypts his sensitive information based on the shared secret key and sends it to the Lock over the TCP connection. The Lock can discover the received (encrypted) information with its secret key. Note that no other entity can decipher the encrypted information sent over the link because no one has the secret key except User and Lock. After decrypting the information, the validity of the information is examined by lock and and an access will be granted, or denied, based on the result of examination.