How is the temporary password of smart lock realized?

There are two main ways to achieve this:

First, generate the door lock in advance and send it to the mobile phone via Bluetooth.

This temporary password is a batch of 6-digit temporary passwords randomly generated by the door lock and sent to the APP when the mobile APP manages the door lock based on Bluetooth. These passwords are stored in both the door lock and the mobile phone. When the owner needs to issue a temporary password remotely, the APP will randomly select a previously saved temporary password from the mobile phone and display it, and mark that the temporary password has been used.

Second, the mobile phone is generated in real time and sent to the door lock through cloud service.

This temporary password scheme requires the door lock to connect to the gateway through Zigbee or Bluetooth to keep real-time networking. When the owner issues a temporary password, he needs to generate a 6-digit temporary password on the mobile APP. The data is sent to the cloud service first, and then transmitted to the door lock by the cloud service.

Unsafe: The door lock received the unlocking password of the cloud service. If the door lock lacks reliable means to verify the legitimacy of the password source (such as digital signature based on security chip and two-way asymmetric encryption algorithm), hackers (or employees inside the door lock manufacturer) can attack the communication link between APP, cloud service, or APP and the door lock, simulate the password issuing command, and issue the unlocking password to the door lock.