CN109003381A - access control method, system and computer readable storage medium - Google Patents
access control method, system and computer readable storage medium Download PDFInfo
- Publication number
- CN109003381A CN109003381A CN201811129540.4A CN201811129540A CN109003381A CN 109003381 A CN109003381 A CN 109003381A CN 201811129540 A CN201811129540 A CN 201811129540A CN 109003381 A CN109003381 A CN 109003381A
- Authority
- CN
- China
- Prior art keywords
- access control
- information
- control information
- initial
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/23—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Time Recorders, Dirve Recorders, Access Control (AREA)
Abstract
The embodiment of the invention provides a kind of access control method, system and computer readable storage mediums.This method comprises: gate inhibition's server sends initial access information corresponding with the user information to the door control terminal according to the user information;The initial access information is encrypted to generate encryption access information in the door control terminal;The access-control card reader reads the encryption access information being stored in the door control terminal, and the encryption access information is decrypted to obtain the corresponding initial access information of the encryption access information, and the initial access information is uploaded to gate inhibition's server;Gate inhibition's authenticating result is sent to the access-control card reader by gate inhibition's server;Gate inhibition's authenticating result generates corresponding control instruction to the access-control card reader based on the received.Implement the embodiment of the present invention, is conducive to the safety for promoting access control system.
Description
Technical Field
The present invention relates to the field of computer data processing, and in particular, to a method and a system for controlling an access control, and a computer-readable storage medium.
Background
With the rapid development of the intelligent building entrance guard security defense technology, the requirements of people on the security, the intellectualization and the convenience of entrance guard systems of office buildings, family houses, automatic bank outlets, base stations and other various confidential places are higher and higher, and the application field is wider and wider. The existing access control system usually adopts an access control card (non-release identification card) to interact with an access control card reader, so as to complete access control identification and authentication operation. However, the security of the access control card is low, and other people can easily copy the access control card to steal the access control card, so that the access control system is similar to a virtual access control system.
Disclosure of Invention
The embodiment of the invention provides an access control method, an access control system and a computer readable storage medium, and aims to solve the problems of poor security and the like of an access control system.
In a first aspect, an embodiment of the present invention provides an access control method, which includes: the entrance guard server receives user information sent by an entrance guard terminal and sends initial entrance guard information corresponding to the user information to the entrance guard terminal according to the user information; the access control terminal encrypts the initial access control information to generate encrypted access control information, and stores the encrypted access control information in the access control terminal; the access control card reader reads encrypted access control information stored in the access control terminal, decrypts the encrypted access control information to obtain initial access control information corresponding to the encrypted access control information, and uploads the initial access control information to the access control server to request access control authentication; the entrance guard server generates an entrance guard authentication result according to the received initial entrance guard information and sends the entrance guard authentication result to the entrance guard card reader; and the entrance guard card reader generates a corresponding control instruction according to the received entrance guard authentication result.
In a second aspect, an embodiment of the present invention provides an access control system, where the access control system includes an access server, an access terminal, and an access card reader; the access control server comprises an access control information generating unit and an authentication result generating unit; the access control terminal comprises an encryption unit; the entrance guard card reader comprises an entrance guard information reading unit and a control unit; wherein,
the access control information generating unit is used for receiving user information sent by an access control terminal and sending initial access control information corresponding to the user information to the access control terminal according to the user information;
the encryption unit is used for the access control terminal to encrypt the initial access control information to generate encrypted access control information and store the encrypted access control information in the access control terminal;
the access control information reading unit is used for the access control card reader to read encrypted access control information stored in the access control terminal, decrypt the encrypted access control information to obtain initial access control information corresponding to the encrypted access control information, and upload the initial access control information to the access control server to request access control authentication;
the authentication result generating unit is used for generating an access control authentication result according to the received initial access control information and sending the access control authentication result to the access control card reader;
and the control unit is used for generating a corresponding control instruction according to the received access control authentication result.
In a third aspect, an embodiment of the present invention further provides an access control system, including at least three pieces of computer equipment, where each piece of computer equipment includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and the processors in the at least three pieces of computer equipment implement the access control method together when executing the corresponding computer program.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program includes program instructions, and when the program instructions are executed by a processor, the processor executes the access control method.
The embodiment of the invention provides an access control method, an access control system and a computer readable storage medium. The method comprises the following steps: the access control server sends initial access control information corresponding to the user information to the access control terminal according to the user information; the access control terminal encrypts the initial access control information to generate encrypted access control information; the access control card reader reads encrypted access control information stored in the access control terminal, decrypts the encrypted access control information to obtain initial access control information corresponding to the encrypted access control information, and uploads the initial access control information to the access control server; the entrance guard server sends the entrance guard authentication result to the entrance guard card reader; and the entrance guard card reader generates a corresponding control instruction according to the received entrance guard authentication result. The embodiment of the invention is beneficial to improving the safety of the access control system.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of an access control method according to an embodiment of the present invention;
fig. 2 is a schematic view of an application scenario of a door access control method according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating an access control method according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating an access control method according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating an access control method according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating an access control method according to an embodiment of the present invention;
fig. 7 is a schematic block diagram of an access control system according to an embodiment of the present invention;
fig. 8 is another schematic block diagram of an access control system according to an embodiment of the present invention;
fig. 9 is another schematic block diagram of an access control system according to an embodiment of the present invention;
fig. 10 is another schematic block diagram of an access control system according to an embodiment of the present invention;
fig. 11 is another schematic block diagram of an access control system according to an embodiment of the present invention;
fig. 12 is a schematic block diagram of another access control system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
Fig. 1 and fig. 2 are a flowchart and an application scenario diagram of an access control method according to an embodiment of the present invention. The access control method is applied to an access control system, and the access control system comprises an access server 10, an access terminal 20 and an access card reader 30. The access control server 10 may be an independent server, or a server cluster formed by a plurality of servers. The access control terminal 20 may be an electronic terminal such as a mobile phone, a tablet computer, and an intelligent bracelet having a Near Field Communication (NFC) function. The access control card reader 30 may perform data interaction with the access control terminal 20 to read access control information in the access control terminal 20.
Referring to fig. 1, the access control method includes, but is not limited to, steps S110 to S150.
And S110, the entrance guard server receives the user information sent by the entrance guard terminal and sends the initial entrance guard information corresponding to the user information to the entrance guard terminal according to the user information.
Specifically, the entrance guard terminal with entrance guard server accessible establishes wireless communication connection, in order to realize with user information by entrance guard terminal sends to entrance guard server. The wireless communication connection mode includes, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a UWB (Ultra Wideband) connection, and other wireless communication connection modes now known or developed in the future.
The user information includes, but is not limited to, a user account name and password, user avatar information, user fingerprint information, user iris information, user voiceprint information, and the like, which may be one or more of them.
The initial access control information is stored in the access control server in advance. For example, assuming that training of employees will be performed in a 12 th building of a solar building in the next month, No. 1 to No. 5, before the training of employees, unique initial access control information may be assigned to each employee information in advance according to the employee information (i.e., user information) participating in the training, and the initial access control information may be stored in the access control server. The initial access control information is a set of unique character strings for releasing access control, for example, the initial access control information may be "abcd" or the like, and the length and format thereof are not unique, which is not limited in the embodiment of the present invention.
In one embodiment, as shown in FIG. 3, the step S110 may include steps S111-S113.
And S111, the access control server receives the user information sent by the access control terminal and judges whether the user information exists in a preset access control mapping table.
Specifically, the preset access control mapping table includes one or more access control mapping relationships, and the access control mapping relationships are used for constructing a one-to-one correspondence relationship between the user information and the initial access control information. For example, before the training of the staff, unique initial access control information is allocated to each staff information according to the staff information participating in the training. For example, the initial access control information corresponding to the employee information "zhang san" is "abcd"; the initial access control information corresponding to the employee information "liquad" is "asdf". Accordingly, a plurality of access control mapping relations can be formed, and a preset access control mapping table is generated according to the initial access control information. The preset access control mapping table can be stored in an access control server in advance.
Specifically, assume that the access control mapping relationship in the preset access control mapping table includes: the employee information of Zhang III is mapped to the initial access control information of abcd. If the user information received by the access control server is 'three-in-one', according to the user information and a preset access control mapping table, the fact that the user information 'three-in-one' is the same as the employee information 'three-in-one' in the door forbidden mapping table can be determined, and then the fact that the user information 'three-in-one' exists in the preset access control mapping table can be determined.
And S112, if the user information exists in a preset access control mapping table, acquiring initial access control information corresponding to the user information according to the user information and the preset access control mapping table.
Specifically, according to the user information and a preset access control mapping table, it can be determined that the initial access control information corresponding to the user information "zhang san" is "abcd".
And S113, sending the initial access control information corresponding to the user information to the access control terminal.
Specifically, initial access control information corresponding to the user information is sent to the access control terminal in an encrypted transmission mode. The encryption transmission method includes, but is not limited to SSL, SFTP, MD5 algorithm, etc., which are not listed here.
And S120, the access control terminal encrypts the initial access control information to generate encrypted access control information, and stores the encrypted access control information in the access control terminal.
In one embodiment, as shown in FIG. 4, the step S120 may include steps S121-S123.
And S121, the access control terminal encrypts the initial access control information to generate an encrypted ciphertext.
Specifically, the encryption processing of the initial access control information may adopt an RSA encryption algorithm or the like. Assuming that the initial access control information is 'abcd', the generated encryption ciphertext after the encryption processing is '7421'
And S122, performing displacement processing on the encrypted ciphertext to generate the encrypted access control information.
Specifically, the shifting process performed on the encrypted ciphertext may be performed according to a preset shifting rule, for example, two characters at the beginning and the end of the encrypted ciphertext are exchanged, and the embodiment of the present invention is not limited thereto. And if the encrypted ciphertext is '7421', interchanging the first character and the last character of the encrypted ciphertext to generate the encrypted access control information '1427'.
And S123, storing the encrypted access control information in the access control terminal.
And S130, the access control card reader reads the encrypted access control information stored in the access control terminal, decrypts the encrypted access control information to acquire initial access control information corresponding to the encrypted access control information, and uploads the initial access control information to the access control server to request access control authentication.
Specifically, a decryption algorithm corresponding to the encryption algorithm of the initial access control information, such as an RSA decryption algorithm, is pre-stored in the access control card reader. And the decryption of the encrypted access control information is determined according to the encryption algorithm of the initial access control information. For example, the access terminal encrypts the initial access information by using an RSA encryption algorithm. Correspondingly, the RSA decryption algorithm is used for decrypting the encrypted access control information.
The entrance guard card reader can communicate with the entrance guard server through wired communication connection or wireless communication connection so as to upload the initial entrance guard information to the entrance guard server and request to acquire an entrance guard authentication result.
And S140, the entrance guard server generates an entrance guard authentication result according to the received initial entrance guard information and sends the entrance guard authentication result to the entrance guard card reader.
Specifically, the access control authentication result includes an authorized access and an unauthorized access. The authorized access means that the user has the right to remove the access control, and the unauthorized access means that the user does not have the right to remove the access control.
In one embodiment, as shown in FIG. 5, the step S140 may include steps S141-S143.
And S141, the entrance guard server judges whether the initial entrance guard information exists in a preset entrance guard mapping table.
Specifically, the preset access control mapping table includes one or more access control mapping relationships, and the access control mapping relationships are used for constructing a one-to-one correspondence relationship between the user information and the initial access control information. The access control mapping relation stored in the preset access control mapping table is divided into a permanent access control mapping relation and a temporary access control mapping relation. The permanent access control mapping relation is not provided with a valid period, and the permanent access control mapping relation is invalid under the condition that a manager deletes the permanent access control mapping relation manually; the temporary door control mapping relation is provided with a validity period, and the temporary door control mapping relation automatically fails after the validity period expires, namely, the temporary door control mapping relation is automatically deleted in the preset door control mapping table after the validity period expires.
For example, if the employee a is a regular employee of the sun building, the access control mapping relationship corresponding to the employee a is a permanent access control mapping relationship. In addition, assuming that staff training will be held in a 12 th building of a sunshine building from No. 1 to No. 5 of the next month, the access control mapping relationship generated according to the staff training is a temporary access control mapping relationship, and the corresponding validity period can be set to be No. 6 and No. 0 of the next month, namely after No. 6 and No. 0 of the next month, the access control mapping relationship generated according to the staff training is automatically deleted in a preset access control mapping table.
By implementing the embodiment of the invention, the initial access control information received by the access control server is compared with the preset access control mapping table one by one, so that whether the initial access control information exists in the preset access control mapping table can be determined, and the initial access control information can be prevented from being forged by an illegal user.
And S142, if the initial access control information exists in a preset access control mapping table, the generated authentication result is authorized to access.
And S143, if the initial access control information does not exist in the preset access control mapping table, the generated authentication result is unauthorized access.
In an embodiment, as shown in fig. 6, after the step S141, steps S144-S146 may be further included.
And S144, if the initial access control information exists in a preset access control mapping table, acquiring the head portrait information of the current user through the access control card reader.
And S145, judging whether the head portrait information of the current user is matched with the head portrait information corresponding to the initial access control information.
And S146, if the head portrait information of the current user is matched with the head portrait information corresponding to the initial access control information, the generated authentication result is authorized to access.
Specifically, if the avatar information of the current user is not matched with the avatar information corresponding to the initial access control information, the generated authentication result is unauthorized to access. By implementing the embodiment of the invention, the initial access control information and the head portrait information of the user are subjected to double authentication, so that the access control information can be prevented from being illegally used by others, and the safety of the access control system is greatly improved.
And S150, the entrance guard card reader generates a corresponding control instruction according to the received entrance guard authentication result.
Wherein, the control command can comprise an alarm command and an entrance guard releasing command. And if the authentication result is that the access is authorized, generating an access releasing instruction so as to release the access operation. The access control releasing can be specifically to open a gate, release elevator floor menu restriction, open a door lock and the like. And if the authentication result is unauthorized access, generating an alarm instruction to realize alarm operation. The alarm operation may specifically be sending an alarm sound, sending alarm information to a relevant manager, sending an alarm mail, and the like.
Fig. 7 is a schematic block diagram of an access control system 100 according to an embodiment of the present invention. As shown in fig. 7, the present invention further provides an access control system 100 corresponding to the above access control method. The access control system 100 includes a unit for executing the access control method, and the system 100 may be configured in a desktop computer, a tablet computer, a laptop computer, or other terminals.
Specifically, referring to fig. 7, the access control system 100 includes an access server, an access terminal, and an access card reader. The access control server includes an access control information generating unit 110 and an authentication result generating unit 140. The access terminal includes an encryption unit 120. The entrance guard card reader includes an entrance guard information reading unit 130 and a control unit 150. Wherein,
the access control information generating unit 110 is configured to receive user information sent by an access control terminal, and send initial access control information corresponding to the user information to the access control terminal according to the user information.
In an embodiment, as shown in fig. 8, the entrance guard information generating unit 110 includes a first determining unit 111, a first obtaining unit 112, and a first sending unit 113.
The first judging unit 111 is configured to receive, by the access control server, user information sent by the access control terminal, and judge whether the user information exists in a preset access control mapping table.
A first obtaining unit 112, configured to, if the user information exists in a preset access control mapping table, obtain initial access control information corresponding to the user information according to the user information and the preset access control mapping table.
A first sending unit 113, configured to send initial access control information corresponding to the user information to the access control terminal.
The encryption unit 120 is configured to encrypt the initial access control information by the access control terminal to generate encrypted access control information, and store the encrypted access control information in the access control terminal.
In one embodiment, as shown in fig. 9, the encryption unit 120 includes a first generation unit 121, a second generation unit 122, and a storage unit 123.
A first generating unit 121, configured to encrypt the initial access control information by the access control terminal to generate an encrypted ciphertext.
And a second generating unit 122, configured to shift the encrypted ciphertext to generate the encrypted access control information.
And the storage unit 123 is configured to store the encrypted access control information in the access control terminal.
The access control information reading unit 130 is configured to read, by the access control card reader, the encrypted access control information stored in the access control terminal, decrypt the encrypted access control information to obtain initial access control information corresponding to the encrypted access control information, and upload the initial access control information to the access control server to request access control authentication.
The authentication result generating unit 140 is configured to generate an access authentication result according to the received initial access control information, and send the access authentication result to the access card reader.
In an embodiment, as shown in fig. 10, the authentication result generating unit 140 includes a second judging unit 141, a third generating unit 142, and a fourth generating unit 143.
A second determining unit 141, configured to determine, by the access control server, whether the initial access control information exists in a preset access control mapping table;
a third generating unit 142, configured to generate an authentication result that the access is authorized if the initial access control information exists in a preset access control mapping table;
a fourth generating unit 143, configured to generate an authentication result as unauthorized access if the initial access control information does not exist in the preset access control mapping table.
In an embodiment, as shown in fig. 11, the authentication result generating unit 140 further includes a second obtaining unit 144, a third judging unit 145, and a fifth generating unit 146.
A second obtaining unit 144, configured to obtain the avatar information of the current user through the access card reader if the initial access control information exists in a preset access control mapping table.
And a third determining unit 145, configured to determine whether the avatar information of the current user matches the avatar information corresponding to the initial access control information.
A fifth generating unit 146, configured to, if the avatar information of the current user matches the avatar information corresponding to the initial access control information, generate an authentication result that is authorized to access.
The control unit 150 is configured to generate a corresponding control instruction according to the received access authentication result.
It should be noted that, as can be clearly understood by those skilled in the art, the specific implementation processes of the access control system 100 and each unit may refer to the corresponding descriptions in the foregoing method embodiments, and for convenience and brevity of description, no further description is provided herein.
The embodiment of the invention also provides another access control system which comprises at least three computer devices, wherein the computer devices are specifically shown in fig. 12. The system 100 described above may be implemented in the form of a computer program that may be run on a computer device as shown in fig. 12.
Referring to fig. 12, fig. 12 is a schematic block diagram of a computer device according to an embodiment of the present invention. The computer device 500 may be an access server, an access terminal, and an access card reader. The access control server can be an independent server or a server cluster formed by a plurality of servers. The access control terminal can be an electronic terminal such as a mobile phone, a tablet computer, and an intelligent bracelet with a Near Field Communication (NFC) function. The access card reader may be an electronic device having a Near Field Communication (NFC) function.
The computer device 500 includes a processor 520, memory, and a network interface 550 coupled by a system bus 510, where the memory may include a non-volatile storage medium 530 and an internal memory 540.
The non-volatile storage medium 530 may store an operating system 531 and computer programs 532. The computer program 532, when executed, may cause the processor 520 to perform a method of access control.
The processor 520 is used to provide computing and control capabilities that support the operation of the overall computer device 500.
The internal memory 540 provides an environment for running a computer program in a non-volatile storage medium, which when executed by the processor 520, causes the processor 520 to perform a door control method.
The network interface 550 is used for network communication with other devices. It will be appreciated by those skilled in the art that the schematic block diagram of the computer device is only a partial block diagram of the structure associated with the inventive arrangements and does not constitute a limitation of the computer device 500 to which the inventive arrangements are applied, and that a particular computer device 500 may include more or less components than those shown, or combine certain components, or have a different arrangement of components.
Wherein the processor 520 is configured to run the program code stored in the memory to implement the following functions: the entrance guard server receives user information sent by an entrance guard terminal and sends initial entrance guard information corresponding to the user information to the entrance guard terminal according to the user information; the access control terminal encrypts the initial access control information to generate encrypted access control information, and stores the encrypted access control information in the access control terminal; the access control card reader reads encrypted access control information stored in the access control terminal, decrypts the encrypted access control information to obtain initial access control information corresponding to the encrypted access control information, and uploads the initial access control information to the access control server to request access control authentication; the entrance guard server generates an entrance guard authentication result according to the received initial entrance guard information and sends the entrance guard authentication result to the entrance guard card reader; and the entrance guard card reader generates a corresponding control instruction according to the received entrance guard authentication result.
In an embodiment, when executing the step of receiving, by the access control server, user information sent by an access control terminal and sending, to the access control terminal, initial access control information corresponding to the user information according to the user information, the processor 520 specifically executes the following steps: the method comprises the steps that an access control server receives user information sent by an access control terminal and judges whether the user information exists in a preset access control mapping table or not; if the user information exists in a preset access control mapping table, acquiring initial access control information corresponding to the user information according to the user information and the preset access control mapping table; and sending the initial access control information corresponding to the user information to the access control terminal.
In an embodiment, when executing the step of encrypting the initial access control information by the access control terminal to generate encrypted access control information and storing the encrypted access control information in the access control terminal, the processor 520 specifically executes the following steps: the access control terminal encrypts the initial access control information to generate an encrypted ciphertext; shifting the encrypted ciphertext to generate the encrypted access control information; and storing the encrypted access control information in the access control terminal.
In an embodiment, when the processor 520 executes the steps that the access control authentication result includes an authorized access and an unauthorized access, the access control server generates an access control authentication result according to the received initial access control information, and sends the access control authentication result to the access control card reader, the following steps are specifically executed: the access control server judges whether the initial access control information exists in a preset access control mapping table or not; if the initial access control information exists in a preset access control mapping table, the generated authentication result is authorized to access; and if the initial access control information does not exist in a preset access control mapping table, the generated authentication result is unauthorized access.
In an embodiment, after the step of determining whether the initial access control information exists in the preset access control mapping table is executed by the processor 520, the following steps are specifically executed: if the initial access control information exists in a preset access control mapping table, acquiring the head portrait information of the current user through the access control card reader; judging whether the head portrait information of the current user is matched with the head portrait information corresponding to the initial access control information; and if the head portrait information of the current user is matched with the head portrait information corresponding to the initial access control information, the generated authentication result is authorized to access.
It should be understood that, in the embodiment of the present invention, the Processor 520 may be a Central Processing Unit (CPU), and the Processor 520 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Those skilled in the art will appreciate that the schematic block diagram of the computer device 500 does not constitute a limitation of the computer device 500 and may include more or less components than those shown, or some components in combination, or a different arrangement of components.
In another embodiment of the present invention, a computer-readable storage medium is provided that stores a computer program, wherein the computer program comprises program instructions. The program instructions when executed by a processor implement the steps of: the entrance guard server receives user information sent by an entrance guard terminal and sends initial entrance guard information corresponding to the user information to the entrance guard terminal according to the user information; the access control terminal encrypts the initial access control information to generate encrypted access control information, and stores the encrypted access control information in the access control terminal; the access control card reader reads encrypted access control information stored in the access control terminal, decrypts the encrypted access control information to obtain initial access control information corresponding to the encrypted access control information, and uploads the initial access control information to the access control server to request access control authentication; the entrance guard server generates an entrance guard authentication result according to the received initial entrance guard information and sends the entrance guard authentication result to the entrance guard card reader; and the entrance guard card reader generates a corresponding control instruction according to the received entrance guard authentication result.
In an embodiment, the program instructions are executed by a processor to implement the steps of receiving, by the access control server, user information sent by an access control terminal, and sending, to the access control terminal, initial access control information corresponding to the user information according to the user information, and specifically implementing the steps of: the method comprises the steps that an access control server receives user information sent by an access control terminal and judges whether the user information exists in a preset access control mapping table or not; if the user information exists in a preset access control mapping table, acquiring initial access control information corresponding to the user information according to the user information and the preset access control mapping table; and sending the initial access control information corresponding to the user information to the access control terminal.
In an embodiment, the program instructions are executed by a processor to implement the steps of encrypting the initial access control information by the access control terminal to generate encrypted access control information, and storing the encrypted access control information in the access control terminal, and specifically implement the following steps: the access control terminal encrypts the initial access control information to generate an encrypted ciphertext; shifting the encrypted ciphertext to generate the encrypted access control information; and storing the encrypted access control information in the access control terminal.
In an embodiment, the program instructions are executed by a processor to implement that the access control authentication result includes an authorized access and an unauthorized access, and when the access control server generates an access control authentication result according to the received initial access control information and sends the access control authentication result to the access control card reader, the following steps are specifically implemented: the access control server judges whether the initial access control information exists in a preset access control mapping table or not; if the initial access control information exists in a preset access control mapping table, the generated authentication result is authorized to access; and if the initial access control information does not exist in a preset access control mapping table, the generated authentication result is unauthorized access.
In an embodiment, after the step of determining whether the initial access control information exists in the preset access control mapping table is implemented by the program instructions executed by the processor, the following steps are specifically implemented: if the initial access control information exists in a preset access control mapping table, acquiring the head portrait information of the current user through the access control card reader; judging whether the head portrait information of the current user is matched with the head portrait information corresponding to the initial access control information; and if the head portrait information of the current user is matched with the head portrait information corresponding to the initial access control information, the generated authentication result is authorized to access.
The computer readable storage medium may be various media that can store program codes, such as a usb disk, a removable hard disk, a Read-only memory (ROM), a magnetic disk, or an optical disk.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed system and method can be implemented in other ways. For example, the system embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, more than one unit or component may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the system of the embodiment of the invention can be merged, divided and deleted according to actual needs.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. The access control method is characterized by being applied to an access control system, wherein the access control system comprises an access server, an access terminal and an access card reader, and the method comprises the following steps:
the entrance guard server receives user information sent by an entrance guard terminal and sends initial entrance guard information corresponding to the user information to the entrance guard terminal according to the user information;
the access control terminal encrypts the initial access control information to generate encrypted access control information, and stores the encrypted access control information in the access control terminal;
the access control card reader reads encrypted access control information stored in the access control terminal, decrypts the encrypted access control information to obtain initial access control information corresponding to the encrypted access control information, and uploads the initial access control information to the access control server to request access control authentication;
the entrance guard server generates an entrance guard authentication result according to the received initial entrance guard information and sends the entrance guard authentication result to the entrance guard card reader;
and the entrance guard card reader generates a corresponding control instruction according to the received entrance guard authentication result.
2. The method of claim 1, wherein the step of receiving user information sent by an access control terminal and sending initial access control information corresponding to the user information to the access control terminal according to the user information comprises:
the method comprises the steps that an access control server receives user information sent by an access control terminal and judges whether the user information exists in a preset access control mapping table or not;
if the user information exists in a preset access control mapping table, acquiring initial access control information corresponding to the user information according to the user information and the preset access control mapping table;
and sending the initial access control information corresponding to the user information to the access control terminal.
3. The method of claim 1, wherein the access control terminal encrypts the initial access control information to generate encrypted access control information, and stores the encrypted access control information in the access control terminal, and the method comprises:
the access control terminal encrypts the initial access control information to generate an encrypted ciphertext;
shifting the encrypted ciphertext to generate the encrypted access control information;
and storing the encrypted access control information in the access control terminal.
4. The method of claim 1, wherein the access authentication result comprises an authorized access and an unauthorized access, and the access server generates an access authentication result according to the received initial access information and sends the access authentication result to the access card reader, comprising:
the access control server judges whether the initial access control information exists in a preset access control mapping table or not;
if the initial access control information exists in a preset access control mapping table, the generated authentication result is authorized to access;
and if the initial access control information does not exist in a preset access control mapping table, the generated authentication result is unauthorized access.
5. The method of claim 4, wherein after determining whether the initial access control information exists in a preset access control mapping table, the method further comprises:
if the initial access control information exists in a preset access control mapping table, acquiring the head portrait information of the current user through the access control card reader;
judging whether the head portrait information of the current user is matched with the head portrait information corresponding to the initial access control information;
and if the head portrait information of the current user is matched with the head portrait information corresponding to the initial access control information, the generated authentication result is authorized to access.
6. The access control system is characterized by comprising an access server, an access terminal and an access card reader; the access control server comprises an access control information generating unit and an authentication result generating unit; the access control terminal comprises an encryption unit; the entrance guard card reader comprises an entrance guard information reading unit and a control unit; wherein,
the access control information generating unit is used for receiving user information sent by an access control terminal and sending initial access control information corresponding to the user information to the access control terminal according to the user information;
the encryption unit is used for the access control terminal to encrypt the initial access control information to generate encrypted access control information and store the encrypted access control information in the access control terminal;
the access control information reading unit is used for the access control card reader to read encrypted access control information stored in the access control terminal, decrypt the encrypted access control information to obtain initial access control information corresponding to the encrypted access control information, and upload the initial access control information to the access control server to request access control authentication;
the authentication result generating unit is used for generating an access control authentication result according to the received initial access control information and sending the access control authentication result to the access control card reader;
and the control unit is used for generating a corresponding control instruction according to the received access control authentication result.
7. The system of claim 6, wherein the entrance guard information generating unit comprises:
the first judgment unit is used for receiving user information sent by the access control terminal by the access control server and judging whether the user information exists in a preset access control mapping table or not;
the first obtaining unit is used for obtaining initial access control information corresponding to the user information according to the user information and a preset access control mapping table if the user information exists in the preset access control mapping table;
and the first sending unit is used for sending the initial access control information corresponding to the user information to the access control terminal.
8. The system of claim 6, wherein the encryption unit comprises:
the first generation unit is used for the access control terminal to encrypt the initial access control information so as to generate an encrypted ciphertext;
the second generation unit is used for carrying out displacement processing on the encrypted ciphertext to generate the encrypted access control information;
and the storage unit is used for storing the encrypted access control information in the access control terminal.
9. An access control system comprising at least three computer devices, each comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processors of the at least three computer devices collectively implementing the method of any one of claims 1 to 5 when executing the respective computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811129540.4A CN109003381A (en) | 2018-09-27 | 2018-09-27 | access control method, system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811129540.4A CN109003381A (en) | 2018-09-27 | 2018-09-27 | access control method, system and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109003381A true CN109003381A (en) | 2018-12-14 |
Family
ID=64589478
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811129540.4A Pending CN109003381A (en) | 2018-09-27 | 2018-09-27 | access control method, system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109003381A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115171262A (en) * | 2022-06-02 | 2022-10-11 | 福建新大陆通信科技股份有限公司 | Low-power-consumption face unlocking method and system based on CTID and 4G network communication |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104157029A (en) * | 2014-05-12 | 2014-11-19 | 惠州Tcl移动通信有限公司 | Access control system, mobile terminal based control method thereof and mobile terminal |
| CN107016765A (en) * | 2017-05-24 | 2017-08-04 | 六安维奥智能科技有限公司 | A kind of entrance guard device |
| CN107393066A (en) * | 2017-06-30 | 2017-11-24 | 北京康得新创科技股份有限公司 | Unlocking method, terminal, server and the system for unlocking of smart lock |
-
2018
- 2018-09-27 CN CN201811129540.4A patent/CN109003381A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104157029A (en) * | 2014-05-12 | 2014-11-19 | 惠州Tcl移动通信有限公司 | Access control system, mobile terminal based control method thereof and mobile terminal |
| CN107016765A (en) * | 2017-05-24 | 2017-08-04 | 六安维奥智能科技有限公司 | A kind of entrance guard device |
| CN107393066A (en) * | 2017-06-30 | 2017-11-24 | 北京康得新创科技股份有限公司 | Unlocking method, terminal, server and the system for unlocking of smart lock |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115171262A (en) * | 2022-06-02 | 2022-10-11 | 福建新大陆通信科技股份有限公司 | Low-power-consumption face unlocking method and system based on CTID and 4G network communication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9525549B2 (en) | Method and apparatus for securing a mobile application | |
| CN109150835B (en) | Cloud data access method, device, equipment and computer readable storage medium | |
| RU2718226C2 (en) | Biometric data safe handling systems and methods | |
| US8639940B2 (en) | Methods and systems for assigning roles on a token | |
| EP3435591A1 (en) | 1:n biometric authentication, encryption, signature system | |
| US11025592B2 (en) | System, method and computer-accessible medium for two-factor authentication during virtual private network sessions | |
| US9448949B2 (en) | Mobile data vault | |
| WO2016086584A1 (en) | Method and authentication device for unlocking administrative rights | |
| US20070223685A1 (en) | Secure system and method of providing same | |
| US11809540B2 (en) | System and method for facilitating authentication via a short-range wireless token | |
| CN113282944B (en) | Intelligent lock unlocking method and device, electronic equipment and storage medium | |
| JP2019506789A (en) | A method, system, and apparatus using forward secure encryption technology for passcode verification. | |
| KR102068041B1 (en) | Appratus and method of user authentication and digital signature using user's biometrics | |
| WO2022042745A1 (en) | Key management method and apparatus | |
| CN101771680A (en) | Method for writing data to smart card, system and remote writing-card terminal | |
| CN112102524A (en) | Unlocking method and unlocking system | |
| US20240305450A1 (en) | Authentication system for a multiuser device | |
| CN109003381A (en) | access control method, system and computer readable storage medium | |
| US11991270B2 (en) | Optimized authentication system | |
| CN107920097A (en) | A kind of method and device of unlock | |
| CN112184960A (en) | Intelligent lock control method and device, intelligent lock system and storage medium | |
| CN112232806A (en) | Block chain private key management method, device, equipment and medium | |
| CN115331330A (en) | Unlocking method, key resetting method, device, terminal, lock and system | |
| KR20190026327A (en) | Method and system for encryption and decryption using wearable terminal | |
| TW201828143A (en) | Method and device to realize conversation label synchronization to prevent the terminal user from inputting again a new password to login the application program for greatly increasing the user's experience to login the application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181214 |
|
| RJ01 | Rejection of invention patent application after publication |