[go: up one dir, main page]

CN114202840B - Authentication control method, device and medium - Google Patents

Authentication control method, device and medium Download PDF

Info

Publication number
CN114202840B
CN114202840B CN202010872111.7A CN202010872111A CN114202840B CN 114202840 B CN114202840 B CN 114202840B CN 202010872111 A CN202010872111 A CN 202010872111A CN 114202840 B CN114202840 B CN 114202840B
Authority
CN
China
Prior art keywords
target
information
team
application
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010872111.7A
Other languages
Chinese (zh)
Other versions
CN114202840A (en
Inventor
黄铁鸣
杜麒麟
陈丘
刘润生
楼宏微
陈育武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202010872111.7A priority Critical patent/CN114202840B/en
Publication of CN114202840A publication Critical patent/CN114202840A/en
Application granted granted Critical
Publication of CN114202840B publication Critical patent/CN114202840B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/38Individual registration on entry or exit not involving the use of a pass with central registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • H04L51/046Interoperability with other network applications or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application provides an identity verification control method, an identity verification control device and an identity verification control medium, and relates to the technical field of computers, wherein the identity verification control method comprises the following steps: a server corresponding to the team instant messaging application sends a membership information set associated with the target team identification to the target access control equipment; receiving a verification information request sent by a target sub-application in a second team instant messaging client; the verification information request carries a target identity associated with a target account number logging in the second team instant messaging client; generating verification information according to the target identity; the verification information is target identity information corresponding to the target identity; and sending the verification information to the target sub-application so that the target access control equipment reads the verification information displayed by the target sub-application or receives the verification information sent by the target sub-application to obtain target identity information, and carrying out authority verification on the target identity according to the membership information set.

Description

Authentication control method, device and medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an authentication control method, apparatus, and medium.
Background
To manage the ingress and egress of relevant members of a company, the company is typically equipped with access devices. The access control equipment is used for verifying the identity of the coming and going member. In order to realize access control, the manufacturers who make access control equipment are more, and in order to realize access control, still need to develop the management system who corresponds with access control equipment when producing access control equipment, management system is used for the member's of passing through two-dimensional code that verifies access control equipment, but this certainly has increased the cost of authentication.
Disclosure of Invention
The embodiment of the application provides an identity verification control method, an identity verification control device and a medium, which are used for reducing the cost of identity verification.
In one aspect, an authentication control method is provided, and is applied to a server of a team instant messaging application, and the method includes:
binding information sent by a target team account of a first team instant messaging client is received; the binding information comprises an equipment address of target access control equipment and a target team identifier bound by the target access control equipment;
according to the equipment address and the target team identification, sending a membership information set associated with the target team identification to the target access control equipment; the membership information set is set by the target team account, and a member corresponding to each membership information in the membership information set has a right to pass through the target access control equipment;
Receiving a verification information request sent by a target sub-application in a second team instant messaging client; the verification information request carries a target identity associated with a target account number logged in the second team instant messaging client;
generating verification information according to the target identity; the verification information is target identity information corresponding to the target identity;
and sending the verification information to the target sub-application so that target access control equipment reads the verification information displayed by the target sub-application or receives the verification information sent by the target sub-application, obtaining the target identity information, and carrying out authority verification on the target identity according to the membership information set.
In still another aspect, an authentication control method is provided, which is applied to an access control device, and the method includes:
receiving a membership information set sent by a server; the server is a server corresponding to a team instant messaging application, the membership information set is set by a target team account in a first team instant messaging client, and members corresponding to each membership information in the membership information set have authority to pass through the target access control equipment;
Reading verification information displayed by a target sub-application or receiving the verification information sent by the target sub-application to obtain target identity information in the verification information; the target sub-application is a sub-application in a second team instant messaging client, the verification information comprises target identity information corresponding to a target identity, and the target identity is an identity corresponding to a target account logged in the second team instant messaging client;
and verifying the authority of the target identity information according to the membership information set.
On the other hand, an identity verification control method is provided, and is applied to a terminal, and the method comprises the following steps:
responding to a first operation in a team instant messaging client, displaying an application identifier of a target sub-application, wherein the team instant messaging client is a client corresponding to the team instant messaging application;
in response to a second operation for the application identification, displaying verification information containing target identity information in the target sub-application; the target identity information is obtained according to a target identity identifier associated with a target account number logged in the team instant messaging client, and is used for verifying whether the target user has a right to pass through target access control equipment, wherein the right is set by the target team account number of the instant messaging application.
The embodiment of the application provides an identity verification control device, which comprises:
the receiving module is used for receiving binding information sent by a target team account of the first team instant messaging client; the binding information comprises an equipment address of target access control equipment and a target team identifier bound by the target access control equipment;
the sending module is used for sending the membership information set associated with the target team identification to the target access control equipment according to the equipment address and the target team identification; the membership information set is set by the target team account, and a member corresponding to each membership information in the membership information set has a right to pass through the target access control equipment;
the receiving module is further used for receiving a verification information request sent by a target sub-application in the second team instant messaging client; the verification information request carries a target identity associated with a target account number logged in the second team instant messaging client;
the generation module is used for generating verification information according to the target identity; the verification information is target identity information corresponding to the target identity;
The sending module is further configured to send the verification information to the target sub-application, so that the target access control device reads the verification information displayed by the target sub-application, or receives the verification information sent by the target sub-application, obtains the target identity information, and performs authority verification on the target identity according to the membership information set.
In one possible embodiment. The verification information comprises a two-dimensional code with effective duration; the two-dimensional code comprises the target identity information and the effective duration information.
In a possible embodiment, the server stores a private key in a public-private key pair, the target access control device stores a public key in the public-private key pair, and the generating module is specifically configured to:
obtaining target identity information according to the target identity;
carrying out hash operation on the target identity information and the effective duration information to obtain a hash value;
the private key and a pre-stored signature algorithm sign the hash value to obtain a signature value;
and generating a two-dimensional code according to the signature value, the target identity information and the effective duration information.
In a possible embodiment, the generating module is specifically configured to:
obtaining the authority type corresponding to the membership identification from the membership information set according to the target identity identification; the target identity and the right type corresponding to the target identity are target identity information.
In a possible embodiment, the sending module is further configured to:
and if the target access control equipment receives an identity information update request or determines that the membership information set is updated, transmitting the update information in the membership information set to the target access control equipment so that the target access control equipment updates the membership information set.
The embodiment of the application provides an identity verification control device, which comprises:
the acquisition module is used for receiving the membership information set sent by the server; the server is a server corresponding to a team instant messaging application, the membership information set is set by a target team account in a first team instant messaging client, and members corresponding to each membership information in the membership information set have authority to pass through the target access control equipment;
The acquisition module is used for reading verification information displayed by the target sub-application or receiving the verification information sent by the target sub-application to acquire target identity information in the verification information; the target sub-application is a sub-application in a second team instant messaging client, the verification information comprises target identity information corresponding to a target identity, and the target identity is an identity corresponding to a target account logged in the second team instant messaging client;
and the verification module is used for carrying out authority verification on the target identity information according to the membership information set.
In a possible embodiment, the obtaining module is specifically configured to:
obtaining verification information by scanning the two-dimensional code displayed by the target sub-application;
analyzing the verification information to obtain the target identity information of the target user.
In a possible embodiment, the verification information further includes valid duration information, and the verification module is further configured to:
before the authorization verification is carried out on the target identity information according to the membership information set, the verification information is determined to not exceed the effective duration indicated by the effective duration information.
In a possible embodiment, the server stores a private key of a public-private key pair, the access control device stores a public key of the public-private key pair, the verification information further includes a signature value, and the verification module is further configured to:
and if the signature value is determined to be correct according to the public key and the signature algorithm, performing authority verification on the target identity information according to the membership information set.
In a possible embodiment, the authentication control device further comprises an update module for:
if the version number of the membership information set stored by the server is different from the version number of the membership information set stored by the server, generating an identity information update request;
sending the identity information updating request to the server;
and receiving the update information fed back by the server, and updating the membership information set according to the update information.
The embodiment of the application provides an identity verification control device, which comprises:
the first display module is used for responding to a first operation in the team instant messaging client, displaying the application identifier of the target sub-application, wherein the team instant messaging client is a client corresponding to the team instant messaging application;
The second display module is used for responding to a second operation aiming at the application identification and displaying verification information containing target identity information in the target sub-application; the target identity information is obtained according to a target identity identifier associated with a target account number logged in the team instant messaging client, and is used for verifying whether the target user has a right to pass through target access control equipment, wherein the right is set by the target team account number of the instant messaging application.
The embodiment of the application provides an identity verification control system which comprises the identity verification control devices.
An embodiment of the present application provides a computer device, including:
at least one processor, and
a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the authentication control method as described in any one of the above by executing the instructions stored by the memory.
The embodiment of the application provides a storage medium storing computer instructions that, when executed on a computer, cause the computer to perform any one of the authentication control methods described above.
Due to the adoption of the technical scheme, the embodiment of the application has at least the following technical effects:
in the embodiment of the application, the verification information is generated for the target account number logging in the team instant messaging client by using the target sub-application in the team instant messaging client to the server corresponding to the instant messaging client, and the target sub-application can exist relatively independently with the team instant messaging client and can be compatible with various access control devices, so that a corresponding management system is not required to be developed for each type of access control device, and the cost of identity verification control is reduced. And because the team instant messaging client is relatively independent from the target sub-application, the team instant messaging client does not need to be updated when the target sub-application is updated, and the maintenance cost can be relatively reduced. And the membership information set in the access control equipment can be obtained and issued by the server according to the team corresponding to the team instant messaging application, so that the server can automatically issue and update the membership information set in the access control equipment without manually updating and maintaining the membership information, and the safety problem caused by not updating the membership information in time can be avoided.
Drawings
Fig. 1A is an application scenario diagram of an authentication control method provided in an embodiment of the present application;
FIG. 1B is a diagram illustrating communication among a sub-application, a client, and a server according to an embodiment of the present application;
fig. 1C is an application scenario diagram two of an authentication control method provided in an embodiment of the present application;
FIG. 2 is a schematic diagram illustrating interactions between the devices in FIG. 1 according to an embodiment of the present application;
FIG. 3 is an exemplary diagram of an interface for a team instant messaging application provided in an embodiment of the present application;
FIG. 4 is a flowchart for generating a signature value according to an embodiment of the present application;
FIG. 5 is an exemplary diagram showing verification information provided in an embodiment of the present application;
FIG. 6 is a diagram illustrating an exemplary process for verifying verification information according to an embodiment of the present application;
FIG. 7 is a second schematic interaction diagram between the devices in FIG. 1 according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an authentication control device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram II of an authentication control device according to an embodiment of the present application;
fig. 10 is a schematic structural diagram III of an authentication control device according to an embodiment of the present application;
fig. 11 is a diagram illustrating a structure of a computer device according to an embodiment of the present application.
Detailed Description
For a better understanding of the technical solutions provided by the embodiments of the present application, the following detailed description will be given with reference to the accompanying drawings and specific embodiments.
In order to facilitate a better understanding of the technical solutions of the present application, the following description refers to the terms related to the present application.
Team instant messaging application: refers to an application that enables instant messaging functionality between teams, which may be teams in a company, organization, or other form. For convenience of description, a team with access control device rights will be referred to as a target team, and the account numbers of the individual members under the target team may be referred to as a target team account number. For instant messaging applications, a team may be considered a team user, each team user including one or more team members, which may also be referred to as members for short. An account number with an identity information set of a management team in the team is called a management account number, a user corresponding to the management account number is called a management user, one team can comprise one or more management users, and the management user can add or delete or change membership information in the team. After the management user sets the members in the team user, the members in the team can communicate with each other without adding friends to each other. The intercommunication among the members in the team includes but is not limited to various kinds of communication such as text messages, documents, pictures, expressions or voices.
Team instant messaging client: the team instant messaging client in the application refers to a program carrier used for realizing functions corresponding to the team instant messaging application in the terminal. Team instant messaging clients include, but are not limited to, pre-installed clients, web page clients, or clients embedded in third party applications, etc.
Sub-applications: the application can be used without downloading and installing, so that the application becomes accessible, and a user can quickly and conveniently use the application by scanning various entrances such as two-dimension codes, searching, public numbers and the like. The starting entrance of the sub-application can be arranged in other applications, and the sub-application can independently interact with the background and can also independently display. Sub-applications such as applets or plug-ins, etc. The target sub-application in the application is a sub-application embedded in the client, and the target sub-application is used for acquiring verification information required by a target user in the access control equipment from the server.
Team identification: refers to an organization code used to represent a corresponding team in a team instant messaging application, the team identification, for example, the name of the team, or the team.
Membership information set: and the membership information of each member capable of passing through the access control equipment is referred to. Including membership information that refers to the team user including some or all of the members, and may also include membership information for other members of the non-team members, such as temporary guests, etc. For example, the membership information sets include membership A, membership B, and membership C in a team, and membership information sets for visitor D.
The membership information includes an identity, for example, an account unique identifier of the instant messaging client, and the like. The membership information may also include a permission type of a member accessing the access control device, when the management user sets membership information of each member, the management user may set permission types of different access control devices for different members, for example, temporary access permission (may also be referred to as access permission), long-term access permission (may also be referred to as employee permission), etc., for example, temporary access permission may be set for a temporary visitor, permanent access permission may be set for an employee, and the management user may also change membership information of different members. Each authority type corresponds to its corresponding access age duration, for example, the access effective duration of a member having a guest authority is 1 day, etc. Membership information may also include one or more of the member's name, phone or job position, etc. The membership information sets are associated with teams in the instant messaging application, each team having its corresponding membership information set. The membership information may further include a face feature value of a face image corresponding to the member, where the face feature value may be a result obtained by extracting features from the face image, weighting or encrypting the obtained features, and so on. The membership information may also include a license plate number or the like to which the member corresponds.
For example, referring to Table 1 below, an example of a team's membership information collection is shown:
TABLE 1
And when the member in the team changes, the membership information set also changes, for example, the member A in the table 1 leaves the team, the management user in the team can delete the member A in the membership information set, or the member A automatically exits the team, the corresponding server of the instant messaging client can update the membership information set, and the updated membership information set does not comprise the member A.
Target account number: the user corresponding to the target account is called as the target user. It should be noted that, since the terminal corresponding to the target account may be used by other users, the target user corresponding to the target account is not necessarily the user to which the target account actually belongs.
Entrance guard's equipment: the door access device is widely used for equipment needing to be applied to identity verification, and various application scenes of the door access device are provided, such as a gate arranged at an access opening, a traffic vehicle passing railing or elevator control and the like. The entrance guard equipment has multiple types, and the type of entrance guard equipment is not limited in the application. The different types of access control equipment comprise different analysis data modes, communication modes and the like corresponding to the access control equipment.
Binding information: the related information of the access control equipment comprises equipment addresses of the access control equipment and group identifications with equipment passing rights. The method can also comprise a data analysis mode of the access control equipment, a supported communication protocol and the like.
It should be noted that "at least one" in the embodiments of the present application means one or more, and "a plurality" means two or more. The terms "first" and "second" are used to distinguish names from each other, and the order of the two is not limited unless otherwise specified.
The following describes the design ideas of the embodiments of the present application.
In the related art, a management system needs to be independently developed for various access control devices, and the development cost is high. And if the user needs to pass through various access control equipment every day, the user needs to download the client corresponding to each access control equipment, and when passing through, different clients need to be opened for passing verification, so that the user is extremely complicated in operation during identity verification. And, the data corresponding to different clients also need different administrators to manually maintain, so that the authentication cost is further increased.
Therefore, the embodiment of the application provides an identity verification control method, and the idea of the verification control method is as follows: the method comprises the steps that a target sub-application is added in the existing team instant messaging application, the target sub-application requests verification information corresponding to a target account number of a current login team instant messaging client from a server corresponding to the team instant messaging application, and the server generates the verification information and sends the verification information to the target sub-application. The target sub-application obtains the verification information, the target access control equipment obtains the verification information through the target sub-application, and performs authority verification on the verification information to realize identity verification.
Firstly, the target sub-application has the functions of sending requests and receiving verification information, and the code of the target sub-application is not limited by the type of access control equipment, namely the target sub-application can be adapted to any type of access control equipment, so that different management systems are not required to be developed for various access control equipment, and the cost of identity verification is reduced. Secondly, the server can timely acquire the latest membership information set of the team, naturally, the server can timely synchronize the latest membership information set to the access control equipment, namely, the automatic update of membership information with passing authority in the access control equipment is realized, a large amount of manpower is not required to be consumed for maintaining an identity verification control system, the cost of identity verification is further reduced, the address book in the access control equipment is automatically maintained, and the situation that the access control equipment is wrongly released due to the fact that the membership information set in the access control equipment is not updated timely can be avoided. Thirdly, because the server itself stores the corresponding identity information sets of each team, the identity information of the user can be generated rapidly based on the team instant messaging client, and the efficiency of the identity verification process is improved. Fourth, because the target sub-application and the team instant messaging client are relatively independent, the team instant messaging client does not need to be updated when the target sub-application is updated, and therefore the updating maintenance cost of subsequent software is reduced.
Based on the above design concept, the application scenario of the authentication control method in the embodiment of the present application is described below.
Fig. 1 is an application scenario of the authentication control method in the embodiment of the present application, or may be understood as an architecture diagram of an authentication control system. The application scenario includes a first terminal 110, a second terminal 120, a server 130, a database 140, and a target access device 150.
Wherein each terminal and server 130 may communicate over a communication network, such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet, etc., without limitation. Server 130 may perform read and write operations on database 140. The database 140 is provided in the server 130, or the database 140 may be provided independently of the server 130, and the server 130 accesses the database 140 through a communication network to implement a read-write operation on the database 140. The number of databases 140 may be arbitrary and is not limited in this application.
The first terminal 110 and the second terminal 120 are preloaded with team instant messaging clients, and target sub-applications are arranged in the team instant messaging clients. In fig. 2, two terminals are taken as an example, and the number of terminals is not limited in practice.
For convenience of simplifying the description, in this embodiment of the present application, the team instant messaging application installed in the first terminal 110 is referred to as a first team instant messaging client 111, the target sub-application set in the first team instant messaging client 111 is referred to as a first target sub-application 112, in this embodiment of the present application, the team instant messaging application installed in the second terminal 120 is referred to as a second team instant messaging client 113, and the target sub-application set in the second team instant messaging client 113 is referred to as a second target application 114. In fact, the first team instant messaging client 111 and the second team instant messaging client 113 are clients corresponding to the same instant messaging application. The first target sub-application 112 and the second target application 114 are the same target sub-application provided in different terminals.
In order to more clearly illustrate the relationship between the target sub-application, the server 130 and the client, an exemplary description of the communication manner between the first target sub-application 112, the server 130 and the first team instant messaging client 111 is described below in connection with the example shown in fig. 1B.
Both the first target sub-application 112 and the first team instant messaging client 111 may communicate with the server 130, for example, the first target sub-application 112 may be a substantially web page version client, the first target sub-application 112 and the server 130 may communicate via a hypertext transfer protocol, and the first team instant messaging client 111 and the server 130 may communicate via a transmission control protocol (Transmission Control Protocol, TCP). Moreover, the first target sub-application 112 can independently generate a display interface according to the interaction between the servers 130 to display the corresponding content. Alternatively, the first target sub-application 112 may also implement communication with the server 130 through the first team instant messaging client 111.
Taking the management account number with management authority as an example, the user corresponding to the management account number may be referred to as a management user, where the first team instant messaging client 111 logs in, and the second team instant messaging client 113 logs in, as an example, a target account number that needs to be authenticated, where the user corresponding to the target account number may be referred to as a target user, and introducing functions of the above devices:
the first terminal 110 adds a target sub-application, and sets each membership information in the team according to the input operation of the management user, and the content of the membership information may refer to the content discussed above, which is not described herein again. In addition, the management user can set the authority types of the members so as to obtain a membership information set, wherein the membership information set can comprise the membership information of the members in the team, the authority types of each member, or the membership information set only comprises the membership information of part of the members set by the management user. After obtaining the set of membership information, the first terminal 110 may send the set of membership information to the server 130. After the server 130 obtains the set of membership information, the obtained set of membership information may be stored in the database 140. The server 130 may also respectively issue the application identifier of the target sub-application to the instant messaging clients of each member corresponding to the membership information set.
In addition to obtaining membership information in the availability team, server 130 may also obtain membership information for other members capable of passing through target access device 150 from first terminal 110 or other devices. For example, a managing user may set a member in a non-team as a temporary visitor and add membership information for the member to the set of membership information.
Before the target access device is put into use, the first terminal 110 may obtain binding information of the target access device 150, where the binding information includes a device address and a team identifier with a right to pass the target access device 150. For example, the first terminal 110 obtains the device address of the target access device 150 by scanning the two-dimensional code on the target access device 150, and obtains the team identifier with the passing authority of the target access device 150 according to the input operation of the management user. Or, the first terminal 110 obtains candidate team identifications with the passing right of the passing target access control device 150 according to the electronic map and the current position of the target access control device 150, and further determines the team identifications associated with the target access control device 150 according to the selection operation of the management user on the candidate team identifications, for example, the target access control device 150 is installed in the office building a, and the first terminal 110 obtains the candidate team identifications corresponding to the target access control device 150 according to each enterprise included in the office building a.
It should be noted that the team with the right to pass the target access device 150 may be one or more, and is not particularly limited.
After the first terminal 110 sends the device address and team identifier of the target access device 150 to the server 130, the server 130 may establish communication with the target access device 150 through the device address, so as to implement binding between the server 130 and the target access device 150. The communication between the target access device 150 and the server 130 may be in any manner, and is not particularly limited.
After the server 130 establishes communication with the target access device 150, the server 130 may send a set of membership information corresponding to the team identification to the corresponding target access device 150, so that the target access device 150 may subsequently verify the identity of the member according to the set of membership information. The target access device 150 may be disposed at any location where authentication is required, such as a vehicle entrance, a staff pass entrance, etc.
When the target user needs to perform identity verification, a first operation may be performed in the second team instant messaging client 113, the second terminal 120 generates a verification information request according to the first operation, and sends the verification information request to the server 130, and the server 130 generates verification information according to the target identity information of the target user, and sends the verification information to the second terminal 120. Among them, how the server 130 generates the contents of the authentication information will be described below.
After the second target sub-application 114 in the second terminal 120 receives the verification information, the verification information may be sent to the target access control device 150, or the verification information is displayed, where the target access control device 150 reads the verification information displayed by the target access control device, for example, the verification information is a two-dimensional code displayed in the second target sub-application 114, the target access control device 150 may include a code brushing area 151, the target user may align the two-dimensional code with the code brushing area 151, and the target access control device 150 reads the two-dimensional code bearing the verification information to obtain the verification information.
After obtaining the authentication information, the target access control device 150 performs authentication on the target user according to the authentication information. For example, the target access device 150 may verify whether the target identity information in the verification information belongs to a set of membership information. If the target identity information belongs to the membership information set, determining that the target identity information is legal, and executing corresponding business logic, for example, allowing the target user to pass. If the target identity information is determined not to belong to the membership information set, the target user identity information is determined to be illegal, and corresponding business logic is executed, for example, the target user is forbidden to pass.
In addition, when a member in the team changes, the first terminal 110 may generate update information according to a change operation of the management user in the first team instant messaging client 111, where the update information is used to instruct to delete or add the member information in the member information set, and send the member information to the server 130. Or a certain member actively exits a certain team in the team instant messaging client, the terminal corresponding to the member determines that the member exits the team according to the operation of the member, generates update information, and sends the update information to the server 130. After obtaining the update information, the server 130 updates the membership information set in the database 140 to obtain an updated membership information set, and the server 130 may also send the updated membership information set to the target access control device 150, so that the target access control device 150 updates the membership information set stored by itself in time.
It should be noted that, in fig. 1, an access control device is taken as an example for illustration, the number of access control devices is not limited in practice, and the verification of each access control device and the communication establishment with the server can be referred to the above, and will not be repeated.
Among them, terminals such as smartphones, tablet computers, notebook computers, desktop computers, smart speakers, smartwatches, sites, units, devices, multimedia computers, multimedia tablets, internet nodes, communicators, desktop computers, smarttelevisions, personal Communication Systems (PCS) devices, personal navigation devices, personal Digital Assistants (PDAs), audio/video players, digital cameras/video cameras, positioning devices, television receivers, radio broadcast receivers, electronic book devices, gaming devices, or any combination thereof, including accessories and peripherals of these devices, or any combination thereof. It is also contemplated that the terminal can support any type of interface device (e.g., wearable device) or the like for the user. Server 130 may be one or more servers. The server may be a physical server, a virtual server, or the like. For example, server 130 may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, web services, cloud communications, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and artificial intelligence platforms.
The identity verification control method in the embodiment of the application can be suitable for various scenes needing identity verification, such as elevator passing, entrance guard passing, vehicle passing or staff going to and from work to punch cards, and the like, the application is not limited to the specific use scene of the verification method, and the following is exemplified by vehicle passing examples:
referring to fig. 1C, an exemplary diagram of a scenario of an authentication control method is shown, where the scenario includes a second terminal 120, a server 130, a database 140, and a target access control device 150. The scenario illustrated in fig. 1C is illustrated with the second terminal 120 as an in-vehicle terminal. The second terminal 120 is specifically installed in a vehicle.
The vehicle terminal is also installed with a second team instant messaging client 113, and a second target sub-application 114 in the second team instant messaging client 113. The second team instant messaging client 113 binds the target account number of the instant messaging application. In an autopilot scenario, the target user may activate the second target sub-application 114 via a manually operated, near or remote voice command to obtain verification information, which may be obtained by the target access device 150 to perform a permission verification on the vehicle to control the passage of the vehicle.
Based on the application scenarios discussed in fig. 1A to 1C, the authentication control method according to the embodiment of the present application is described below. Referring to fig. 2, an interaction process diagram between the first terminal 110, the second terminal 120, the server 130 and the target access control device 150 is shown as follows:
s201, the first terminal 110 sends the related information of the target access device 150 to the server 130.
The binding entry of the target access device 150 may be set in the second team instant messaging client 113 in the first terminal 110, the first terminal 110 responds to the operation of the management user on the binding entry, and obtains the binding information of the target access device 150 according to the input operation of the management user, where the binding information may refer to the content discussed above and will not be described herein. Or, the first terminal 110 reads the two-dimensional code of the target access control device 150, and obtains the device information of the target access control device 150, and the two-dimensional code of the target access control device 150 carries the device information of the target access control device 150. The device information, such as a device address, further, the first terminal 110 may obtain a team identifier corresponding to the target access device 150, etc., in response to an input operation of the management user, to obtain the binding information. Or the first terminal 110 may determine candidate team identifications possibly associated with the target access device 150 according to the location of the target access device 150 and the electronic map, and determine the team identifications associated with the target access device 150 according to the selection operation of the management user. After the second terminal 120 obtains the binding information of the target access device 150, the binding information is uploaded to the server 130.
S202, the server 130 establishes communication with the target access device 150.
After obtaining the information about the target access device 150, the server 130 may establish communication with the target access device 150 according to the device address in the target access device 150. For example, the server 130 may connect with the target access device 150 through the device address to establish communication between the target access device 150 and the server 130, which is equivalent to implementing a binding procedure between the target access device 150 and the server 130.
In fact, if each server 130 performs the steps of S201 to 202 with each access device, the transmission load of the server 130 is large, so in this embodiment of the present application, the access devices may communicate with each other through bluetooth or other communication modes, the server 130 may be connected with only one access device of the access devices, and after receiving the information issued by the server 130, the access devices may share with other access devices of the access devices. Firstly, the transmission burden of the server 130 can be reduced, and secondly, the efficiency of managing a plurality of access control devices can be improved.
It should be noted that, S201 to S202 are executed when the target access device 150 binds the server 130 for the first time, and after the target access device 150 and the server 130 are bound, the steps of S201 to S202 are not executed.
In one possible embodiment, the team having the right to pass through the target access device 150 may change, for example, the number of teams passing through the target access device 150 increases, at which time the second terminal 120 may obtain updated binding information according to the input operation of the management user, and send the updated binding information to the server 130. Or, after the binding information of the target access control device 150 is updated, the updated binding information is directly sent to the server 130 by the target access control device 150. In this embodiment, the updated binding information of the target access control device 150 can be timely reported to the server 130.
In another possible embodiment, when the server 130 detects that the location of the target access device 150 changes, the server may request the target access device 150 for its associated team identification again, and after obtaining the updated team identification of the target access device 150, the updated set of membership information associated with the team identification may be sent to the target access device 150. The server 130 may determine whether the location of the target access device 150 changes according to the location information periodically reported by the target access device 150. In this embodiment, when determining that the placement position of the target access device 150 changes, the server 130 may actively request to issue a corresponding membership information set, without requiring the administrative user to bind the server 130 and the target access device 150 again.
S203, the server 130 sends the membership information set to the target access device 150.
Server 130 may determine a team with rights to pass through target access device 150 based on the binding information, or may determine a team with rights to pass through target access device 150 based on the updated binding information, thereby issuing the stored set of membership information for the team to target access device 150.
Because the database 140 stores the membership information sets corresponding to each team in advance, and the membership information sets of each team are also changed, which makes it more cumbersome to manage the membership information sets, in this embodiment of the present application, each membership information set of each team may be associated with a corresponding version number, where the version number is used to indicate the version of the membership information set of the team, the version number changes with each update of the membership information set, for example, the version number of the membership information set increases once every update. For example, the default version number of the team's membership information set is 0, and when the team's membership information set is updated once, the version number of the team's membership information set is incremented to 1.
Similarly, a large amount of membership information sets stored in the database 140 by the server 130 also needs to take a large amount of time, and in order to solve this problem, in this embodiment of the present application, each membership information set of a team is associated with a unique index number, where the unique index number may be a team identifier of the team corresponding to the identity information set, or may be generated according to a preset algorithm according to the team identifier. In this way, after obtaining the relevant information of the target access device 150, the server 130 may quickly search the membership information set corresponding to the team from the database 140 according to the team identifier in the relevant information, so as to improve the searching efficiency of the server 130.
It should be noted that the step of S203 may be performed only once. Alternatively, the server 130 may perform the step of S203 when the membership information set of the team is updated.
As an embodiment, in order to facilitate the subsequent target access device 150 to correctly parse out the verification information generated by the server 130, the server 130 may also send the preset signature algorithm and the public key corresponding to the preset signature algorithm to the target access device 150.
S204, the second terminal 120 transmits the authentication information request to the server 130.
When the target access control device 150 needs to be passed, the target user may perform a first operation in the second team instant messaging client 113, where the first operation is used to request the target sub-application, and the first operation is, for example, clicking on a workbench in the second team instant messaging client 113. The second terminal 120 displays an application identification of the target sub-application, which is an indication of the target sub-application, including one or both of an icon of the target sub-application or a name of the target sub-application, in response to the first operation.
When the target user performs a second operation on the application identifier, for example, an operation of clicking on the application identifier, the second terminal 120 may determine that identity verification is currently required according to the second operation, thereby generating a verification information request. The authentication information request is for requesting authentication information for the target user to perform rights authentication at the target access device 150. The authentication information request carries a target identity for indicating the identity of the target user, such as the name of the target user, the account number of the target user, or a user identification (user identification, UID), etc.
Since a target user may be in different teams, and the membership information sets of the different teams may not be identical, in order to facilitate the server 130 to be able to distinguish the team in which the target user is currently located based on the verification information request, in the embodiment of the present application, the target identity may also be able to indicate the team to which the target user corresponds, where the target identity is, for example, the name and the team representation of the target user, or an employee identifier (opening), or a UID and the team identifier of the team. The employee identification is a unique identification generated by the server 130 that indicates the target user and the team on which it is located.
Even if the target user logs in the second team instant messaging client 113 with the account corresponding to each team in the multiple teams, the server 130 can open the target account corresponding to the second target sub-application 114 by the target user in the second team instant messaging client 113 to distinguish the team currently corresponding to the target user.
Since the second target sub-application 114 and the server 130 may communicate directly, the second terminal 120 may be transmitted to the server 130 by the second target sub-application 114 when transmitting the authentication information request to the server 130.
For example, when the target user clicks on the workstation 301, corresponding to performing the first operation, the second terminal 120 responds to the first operation to display an interface of the second team instant messaging client 113 shown in fig. 3, where an application identifier 302 corresponding to the target sub-application is displayed. The application identifier is specifically shown as an application icon in fig. 3 and an application name, and the application name is specifically shown as an "electronic tablet" in fig. 3. When the target user clicks the application identifier 302, corresponding to a second operation being performed, the second terminal 120 generates a request for authentication information in response to the second operation.
S205, the server 130 acquires the cache data containing the target identity information.
The server 130 may use the target identity as the target identity information, or may obtain membership information of the target user based on the set of membership information in the database 140 according to the target identity, and use the membership information as the target identity information. The membership information may refer to what has been previously discussed and will not be described in detail herein.
Since the server 130 may update the data format, etc., in order to avoid that the target access device 150 may not be able to correctly parse the data after the server 130 updates the data format, the server 130 may also obtain the current Version number (Version) of the data format when generating the verification information in order to improve the compatibility of the data format of the verification information. The current data version number is used to indicate the data version number used by the server 130 to generate the authentication information. Default data version number is, for example, 0 × 01。
If the verification information generated by the server 130 has no age restriction, the target user may use the verification information permanently to pass through the target access control device 150 after requesting once, but some members in the team may exit, etc., and may use the verification information to communicate with the target access control device 150 after the members exit the team, where the permanently valid verification information is obviously not secure enough, for this purpose, the server 130 may further obtain valid duration information, which is used to indicate a valid period of the verification information, specifically including a start time (which may be represented as start_time) and a valid duration (which may be represented as expires_in), where the start time is, for example, a current time, and is represented by a You Nisi (UNIX) operating system timestamp. The verification information is valid for a period of time indicated by the valid duration information, and is invalid beyond the period of time indicated by the valid duration information. For example, a start time of 2020, 5, 3, 9:00 and an effective duration of 15 minutes indicates that the validation information has failed after 2020, 5, 3, 9:15.
Each member in the team may have different types of rights, or the team may have different types of rights with other external members, so the server 130 may also obtain the rights type of the target user, which refers to the rights type of the target user to pass through the target access device 150. The type of rights is, for example, a temporary visitor, or an employee. The permission type may also correspond to an effective duration of associated membership information, e.g., the temporary visitor type membership information has an effective duration of 3 days, indicating that the member can only pass through the target access device 150 within 3 days. Or, the number of rights usage times of the rights type corresponding to the associated membership information, for example, the valid duration of the membership information of the temporary visitor type is 3 times, which means that the member can only pass through the target access control device 150 three times.
Because there may be an lawless person borrowing the terminal of the user to perform identity verification, in the embodiment of the present application, the second target sub-application may also collect a face image of the target user through the camera, perform feature extraction on the target face image, and weight or encrypt the result of feature extraction to generate a face feature value. The characteristic value can be used for verifying whether the target user is the user to which the target account truly belongs, so that the verification safety is further improved. For example, the gray values of all pixel points in the face image corresponding to the target user are extracted, and the gray values are weighted and summed, so that the face characteristic value of the face image is obtained.
In the verification of the vehicle, the license plate may be verified in addition to the face of the verification target user, and thus, the server 130 may also collect the license plate number of the vehicle that is currently required to be verified.
The server 130 may splice the obtained target identity information and one or more of the data format version number, the effective duration information, the license plate number and the face feature value, and specifically select which one or more of the data format version number, the effective duration information, the license plate number and the face feature value needs to be selected according to the actual situation, so as to obtain the cache data. Splicing is understood to mean arranging individual pieces of information in a certain order.
In order to avoid that the bytes occupied by the respective information are too large, the server 130 may also set the bytes occupied by the respective information in the target identity information, the version number of the data format, and the valid duration information.
For example, please refer to a cache data shown in table 2:
TABLE 2
Table 2 above shows that the data format version number is 1 byte, the rights type is 1 byte, and so on.
S206, the server 130 signs the buffered data.
In order to improve the security of the verification information, in the embodiment of the present application, after the server 130 obtains the cache data, the cache data may be signed, and the sign of the obtained cache data is used to prove the authenticity of the cache data.
For example, referring to fig. 4, a flow chart of signing the cached data is shown, and the signing process specifically includes:
s401, the server 130 performs hash operation on the cache data to obtain a hash value.
For example, the server 130 may hash the buffered data using the SHA256 algorithm to obtain the hash value.
S402, the server 130 signs the hash value by using the private key and a pre-stored signature algorithm to obtain a signature value.
As previously discussed, the server 130 signs the hash value according to a pre-stored private key and signature algorithm to obtain a signature value (sign). Signature algorithms such as elliptic curve digital signature algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA) or symmetric encryption algorithm, etc.
The processing of the signature algorithm may be represented by way of example as:
Sign=ECDSA(SHA256(join(openvid,start_time,expires_in)))。
as an example, the ECDSA selected elliptic curve is nid_x9_62_primer 256v1.
The unit bit strength of the elliptic curve cryptography algorithm is far higher than that of the traditional discrete logarithm algorithm, and ECDSA belongs to the elliptic curve cryptography algorithm, so that the unit bit strength of the elliptic curve cryptography algorithm is higher than that of other public key systems, and the signature is shorter under the same cracking strength. The capability of reading and analyzing the two-dimensional code information of the access control equipment is usually limited, so that the shorter signature is more beneficial to reducing the difficulty of reading or analyzing the verification information of the access control equipment.
Fig. 4 is an example of a manner of obtaining the signature value of the cache data, and there are various manners of actually constructing the signature value, which is not particularly limited.
S207, the server 130 generates authentication information from the signature value and the buffered data.
After the server 130 obtains the signature value and the buffered data, the signature value and the buffered data may be encoded to generate verification information. The server 130 encodes the signature value and the cache data, for example, by base64 encoding, and generates a two-dimensional code, and the two-dimensional code carrying the signature value and the cache data is the verification information. Or, for example, the server 130 may encapsulate the signature value and the buffered data in a transmission protocol format to obtain the authentication information.
As an embodiment, the steps of S206 to S207 are optional, and when S206 to S207 are not performed, the server 130 directly obtains the cache data, and uses the cache data as the authentication information.
S208, the server 130 transmits the authentication information to the first terminal 110.
After the server 130 generates the authentication information, the authentication information may be sent to the second terminal 120, and in particular, may be sent to the second target sub-application 114 in the second terminal 120. After the second target sub-application 114 receives the authentication information, the authentication information may be displayed so that the target user sees the obtained authentication information.
For example, with continued reference to the example of fig. 3, after the target user clicks on the application identifier 302 shown in fig. 3, the second target sub-application 114, after obtaining the verification information, presents an exemplary diagram of an interface containing the verification information, as shown in fig. 5, where the interface includes a two-dimensional code 501 carrying a signature value and cached data, and may further include basic information 502 of the target user, where the basic information 502 includes, for example, an account header of the second team instant messaging client 113 of the target user, a name "X" of the target user, and a team "company a" where the target user is located, as shown in fig. 5.
S209, the target access control device 150 obtains the verification information through the second terminal 120.
When the verification information is a two-dimensional code, the target user can aim the two-dimensional code at the code brushing area 151 in the target access control device 150, and the target access control device 150 scans the two-dimensional code to obtain the verification information.
Or, for example, the target access control device 150 includes an input device, and the target user inputs the obtained authentication information to the target access control device 150, which is equivalent to the target access control device 150 obtaining the authentication information.
Or, for example, the second target sub-application 114 may connect to the target access control device 150 through bluetooth communication, near field communication (Near Field Communication, NFC), or the like, and send the authentication information to the target access control device 150.
Further, since a plurality of access devices may be provided at a certain place, if the second terminal 120 connects the access devices through bluetooth communication, NFC, or the like, the second terminal 120 may be connected to the plurality of access devices, and at this time, the second terminal 120 may determine the access device closest to itself as the target access device 150 and send the verification information to the target access device 150, or may be the most idle access device among the plurality of access devices as the target access device 150 and send the verification information to the target access device 150. The most idle means that the access control equipment needs to process the least pass verification currently.
S210, the target access control equipment 150 analyzes the verification information to obtain cache data.
After the target access control device 150 obtains the verification information, the verification information is parsed to obtain the cache data and the signature value. When the server 130 encodes the cache data and the signature value by using the base64, the target access control device 150 scans the two-dimensional code and obtains the cache data and the signature value encoded by the base 64.
Please refer to the cached data and signature values shown in table 3 below:
TABLE 3 Table 3
S211, the target access control equipment 150 verifies the verification information.
After the target access control device 150 obtains the verification information, the verification information may be verified, where the verification information specifically includes: (1) If the verification information comprises effective duration information, verifying the validity of the verification information; (2) If the verification information contains a signature value, for example, the signature value needs to be verified; (3) The authorization verification may be performed on the target identity information, where the authorization verification performed on the target identity information refers to verifying whether the target user corresponding to the target identity information has the authorization to pass through the target access control device 150. The authentication process in (3) above is one authentication process that must be performed, while the authentication processes in (1) and (2) are dependent on the content of the authentication information, and determine whether or not to proceed.
The verification process in the above-described (1) to (3) is exemplarily described below with reference to a flowchart for verifying verification information shown in fig. 6:
s601, the target access control device 150 obtains the cached data and the signature value.
The manner in which the target access device 150 obtains the cached data and the signature value, and the meaning of the cached data may refer to the foregoing discussion, and will not be described herein.
S602, checking whether the verification information is invalid.
When the verification information includes effective duration information, the target access control device 150 may verify whether the verification information is invalid according to the effective duration information, where whether the verification information is invalid refers to whether the verification information exceeds an effective duration indicated by the effective duration information, and if the verification information exceeds the effective duration indicated by the effective duration information, it is determined that the verification information is invalid, and S603 is executed, that is, the passage is prohibited, that is, the verification information is invalid, and the target user is not permitted to pass. If the verification information does not exceed the valid duration indicated by the valid duration information, it is determined that the verification information is valid, and S604 is performed, that is, whether the signature value is correct is verified using the public key and a pre-stored signature algorithm. For example, the server 130 may recalculate the signature value of the cached data according to the public key and the pre-stored signature algorithm, if the recalculated signature value is the same as the signature value in the verification information, it indicates that the signature value in the verification information is correct, and if the recalculated signature value is not the same as the signature value in the verification information, it indicates that the signature value in the verification information is incorrect.
If the signature value is verified to be incorrect based on the public key and the signature algorithm, S604 is performed. If the signature value is verified to be correct based on the public key and the signature algorithm, S605 is performed, i.e., verifying whether the target identity information has authority. If the target access control device 150 determines that the target identity information belongs to the identity information in the membership information set, which indicates that the target identity information has authority, S606 is executed, i.e. the access control is opened. If the target access control device 150 determines that the target identity information does not belong to the identity information in the membership information set, that is, the target identity information does not have authority, S603 is executed.
It should be noted that S602 and S603 in fig. 6 are optional steps.
In addition to verifying the target identity information, the signature value, and the age of the verification information, if the verification information further includes a face feature value, the server 130 needs to determine whether a face feature value matching the face feature value in the verification information exists in the membership information set, if so, determine that the verification is passed, and if not, determine that the verification is not passed. Matching is, for example, that the similarity between the face feature values in the authentication information and the face feature values in the membership information set is greater than or equal to a threshold value. A mismatch is, for example, that the similarity between the face feature value in the authentication information and the face feature value in the membership information set is less than a threshold.
If the license plate number is also included in the authentication information, the server 130 may determine whether the same license plate number as the license plate number in the authentication information exists in the membership information set, determine that the authentication is passed if the same license plate number exists, and determine that the authentication is not passed if the same license plate number does not exist.
S212, the target access control equipment 150 executes corresponding business logic according to the verification result.
The business logic is related to a specific use scenario of the target access control device 150, for example, if the access control of the target user is verified, if the target access control device 150 determines that the target identity information has authority, the target user can be released, and if the target access control device 150 determines that the target identity information does not have authority, the target user can be refused to be released. Or, for example, if the vehicle access of the target user is verified, the vehicle of the target user may be released if the target identity information is determined to have authority, and the vehicle of the target user may be denied if the target identity information is determined to not have authority.
In one possible embodiment, if the second terminal 120 does not use the authentication information after obtaining the authentication information, resulting in the authentication information being disabled, the user may perform a third operation for instructing to regenerate the authentication information, the second terminal 120 regenerates the authentication information request in response to the third operation, the server 130 regenerates the authentication information according to the above discussion, and transmits the regenerated authentication information to the second terminal 120, and the second terminal 120 again displays the updated authentication information.
For example, with continued reference to the example shown in FIG. 5, the interface also includes a refresh key 503, and after the target user clicks on the refresh key 503, it is equivalent to requesting the server 130 to issue authentication information again so that the second target sub-application 114 can retrieve the authentication information.
In one possible embodiment, after verifying the target user corresponding to the target account, the target access device 150 may feed back a verification result to the server 130, where the verification result is used to indicate whether the target identity information passes verification, and the server 130 records the verification result corresponding to each account. After determining that the number of failures corresponding to the verification result of a target account in the preset time period exceeds the preset number of times, the server 130 may refuse to respond to the verification information generation request corresponding to the target account. Of course, the rejection of the verification information generation request corresponding to the account number may be a rejection of the response within a certain period of time, or a permanent rejection of the verification information generation request corresponding to the account number. In the embodiment, when the verification failure times of a certain account number in a preset time period exceeds a certain number of times, the account number is indicated to belong to violent traffic cracking, the response of the verification information generation request corresponding to the account number can be refused,
In this embodiment, firstly, the problem of large power consumption caused by frequent verification of the server and the access control device can be reduced, secondly, because the access control device is usually a device with relatively low hardware cost, the frequent verification may cause the access control device to fail, so that the server in the embodiment of the application refuses to respond to the verification information generation request, and naturally, the verification times of the access control device can also be reduced, so that the condition that lawbreakers crack traffic by force is avoided.
In a possible embodiment, the first terminal 110 may update the membership information set according to the change situation of the team member, so that the server 130 and the target access control device 150 can timely obtain the latest membership information set, in this embodiment, the first terminal 110 may timely send the update information to the server 130, and the server 130 may timely send the update information to the target access control device 150, and the process of updating the membership information set is described in the following example with reference to the interaction example diagram shown in fig. 7.
S701, the first terminal 110 transmits the update information to the target access control device 150.
The first terminal 110 updates the membership information set according to an input operation of the management user, for example, adds membership information to the original membership information set, or deletes membership information, or changes one or more of the membership information. The second terminal 120 transmits the update information to the server 130. The update information is used, for example, to indicate one or more of deleted membership information, or newly added membership information, or altered membership information.
The update information may be obtained by the server 130 according to an update operation performed by the management user in the database 140, or may be transmitted by the server 130 of the first terminal 110.
S702, the server 130 sends a deletion notification to the target access device 150.
If the server 130 determines that the designated membership information needs to be deleted in the membership information set corresponding to the target access device 150, the server 130 generates a deletion notification according to the designated membership information, where the deletion notification is used to instruct the target access device 150 to delete the designated membership information, and the deletion notification carries the designated membership information.
S703, the target access control device 150 deletes the designated membership information.
After receiving the deletion notification, the target access control device 150 deletes the indicated designated membership information according to the deletion notification, thereby realizing the update of the membership information.
S704, the server 130 sends the newly added or changed membership information to the target access device 150.
If the server 130 determines that the membership information needs to be newly added in the membership information set corresponding to the target access device 150, the server 130 may directly issue the membership information that needs to be newly added to the target access device 150. Or, if the server 130 determines that the membership information in the membership information set corresponding to the target access control device 150 needs to be changed, the server 130 may directly issue the membership information after the change to the target access control device 150.
In the embodiment shown in S704, the membership information that needs to be newly added or changed is directly issued, that is, the membership information in the target access control device 150 is updated in an incremental update manner, so that the transmission overhead between the target access control device 150 and the server 130 can be relatively reduced.
It should be noted that S702 to S703 and S704 are optional two cases, and one of them may occur or both may occur in the actual implementation process.
In the embodiment shown in fig. 7, the target access device 150 and the server 130 are in a normal communication state, but in some cases, the target access device 150 may not be able to communicate with the server 130 temporarily due to the situations of closing the target access device 150 or abnormal network, etc., so in order to enable the target access device 150 to timely update the membership information, in this embodiment, when the target access device 150 determines that the version number of the membership information set stored in itself is inconsistent with the version number of the membership information set stored in the server 130, the target access device 150 may actively request the membership information set with the latest version number from the server 130. The specific target access device 150 may send the following request to request the set of membership information for the latest version number through the calling interface:
The respective parameter descriptions in the above requests are specifically shown in the following table 4:
TABLE 4 Table 4
It should be noted that, in fig. 2, one target access control device 150, one first terminal 110, and one second terminal 120 are taken as examples, and the number of the respective devices is not limited in practice.
In the embodiment discussed in fig. 7, the target user can obtain the verification information required by verification through the target sub-application in the instant messaging application, so that a corresponding management system is not required to be developed for each type of access control equipment, and the cost of identity verification can be reduced. And the server can timely acquire the update condition of team users corresponding to the instant messaging application, timely update the identity information set in the access control equipment, and avoid the access control safety problem caused by not timely updating the identity information set. In addition, in the process of generating the verification information by the server, a signature value and the like are generated for the target identity information, so that the security of the verification information can be improved.
Based on the same inventive concept, the embodiment of the present application further provides an authentication control device, which may be used to implement the functions of the server 130 in fig. 1, referring to fig. 8, the authentication control device 800 includes:
A receiving module 801, configured to receive binding information sent by a target team account of a first team instant messaging client; the binding information comprises an equipment address of the target access control equipment and a target team identifier bound by the target access control equipment;
a sending module 802, configured to send, to a target access control device, a membership information set associated with a target team identifier according to a device address and the target team identifier; the membership information set is set by a target team account, and a member corresponding to each membership information in the membership information set has a right to pass through target access control equipment;
the receiving module 801 is further configured to receive a verification information request sent by a target sub-application in the second team instant messaging client; the verification information request carries a target identity associated with a target account number logging in the second team instant messaging client;
a generating module 803, configured to generate verification information according to the target identity; the verification information is target identity information corresponding to the target identity;
the sending module 802 is further configured to send verification information to the target sub-application, so that the target access control device reads the verification information displayed by the target sub-application, or receives the verification information sent by the target sub-application, obtains target identity information, and performs authority verification on the target identity according to the membership information set.
In one possible embodiment. The verification information comprises a two-dimensional code with effective duration; the two-dimensional code comprises target identity information and effective duration information.
In one possible embodiment, the server stores a private key in a public-private key pair, the target access device stores a public key in a public-private key pair, and the generating module 803 is specifically configured to:
obtaining target identity information according to the target identity;
carrying out hash operation on the target identity information and the effective duration information to obtain a hash value;
the private key and a pre-stored signature algorithm sign the hash value to obtain a signature value;
and generating a two-dimensional code according to the signature value, the target identity information and the effective duration information.
In one possible embodiment, the generating module 803 is specifically configured to:
obtaining the authority type corresponding to the membership identification from the membership information set according to the target identity identification; the target identity and the right type corresponding to the target identity are target identity information.
In one possible embodiment, the sending module 802 is further configured to:
and if the target access control equipment receives the identity information updating request or determines that the membership information set is updated, transmitting the updating information in the membership information set to the target access control equipment so that the target access control equipment updates the membership information set.
It should be noted that the authentication control apparatus 800 may implement any one of the authentication control methods described above, and will not be described herein.
Based on the same inventive concept, the embodiment of the present application further provides an authentication control device, where the authentication control device may be used to implement the function of the target access control device 150 in fig. 1, referring to fig. 9, the authentication control device 900 includes:
an acquisition module 901, configured to receive a membership information set sent by a server; the method comprises the steps that a server corresponds to a team instant messaging application, a membership information set is set by a target team account in a first team instant messaging client, and members corresponding to each membership information in the membership information set have authority to pass through target access control equipment;
the obtaining module 902 is configured to read verification information displayed by the target sub-application, or receive verification information sent by the target sub-application, and obtain target identity information in the verification information; the target sub-application is a sub-application in the second team instant messaging client, the verification information comprises target identity information corresponding to a target identity, and the target identity is an identity corresponding to a target account number logged in the second team instant messaging client;
The verification module 903 is configured to perform authority verification on the target identity information according to the membership information set.
In one possible embodiment, the obtaining module 902 is specifically configured to:
obtaining verification information by scanning the two-dimensional code displayed by the target sub-application;
and analyzing the verification information to obtain target identity information of the target user.
In one possible embodiment, the verification information further includes valid duration information, and the verification module 903 is further configured to:
before authority verification is carried out on the target identity information according to the membership information set, the fact that verification information does not exceed the effective duration indicated by the effective duration information is determined.
In a possible embodiment, the server stores a private key of a public-private key pair, the access device stores a public key of a public-private key pair, the authentication information further includes a signature value, and the authentication module 903 is further configured to:
if the signature value is correct according to the public key and the signature algorithm, the authority verification is carried out on the target identity information according to the membership information set.
In a possible embodiment, the authentication control device further comprises an update module 904, the update module 904 being configured to:
if the version number of the membership information set stored by the server is different from the version number of the membership information set stored by the server, an identity information update request is generated;
Sending an identity information updating request to a server;
and receiving the update information fed back by the server, and updating the membership information set according to the update information.
It should be noted that the authentication control apparatus 900 may implement any one of the authentication control methods described above, which is not described herein.
Based on the same inventive concept, the embodiment of the present application further provides an authentication control device, where the authentication control device may be used to implement the functions of the first terminal 110 or the second terminal 120 in fig. 1, referring to fig. 10, the authentication control device 1000 includes:
the embodiment of the application provides an identity verification control device, which comprises:
the first display module 1001 is configured to display an application identifier of a target sub-application in response to a first operation in a team instant messaging client, where the team instant messaging client is a client corresponding to a team instant messaging application;
a second display module 1002, configured to display verification information including target identity information in a target sub-application in response to a second operation for application identification; the target identity information is obtained according to a target identity identifier associated with a target account number of the login team instant messaging client, and is used for verifying whether a target user has permission to pass through target access control equipment, wherein the permission is set by the target team account number of the instant messaging application.
In one possible embodiment, the second display module 1002 is specifically configured to: and responding to a second operation aiming at the application identification, and displaying the two-dimensional code containing the target identity information of the target user in the target sub-application.
It should be noted that the authentication control apparatus 1000 may implement any one of the authentication control methods described above, and will not be described herein.
Based on the same inventive concept, the embodiments of the present application also provide an authentication control system, which may be used to implement the functions of the first terminal 110 or the second terminal 120 in the foregoing, including the respective authentication control devices in fig. 8 to 10.
Based on the same inventive concept, the embodiment of the application also provides a computer device. The computer device corresponds to the server, terminal or access point device discussed above.
Referring to FIG. 11, the computer device 1100 is embodied in the form of a general purpose computer device. Components of computer device 1100 may include, but are not limited to: at least one processor 1110, at least one memory 1120, a bus 1130 that connects the different system components, including the processor 1110 and the memory 1120.
The processor 1110 may be a central processing unit (central processing unit, CPU), or be a digital processing unit, or be implemented by an embedded chip, etc. The memory 203 may be a volatile memory (RAM), such as a random-access memory (RAM).
Bus 1130 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a processor, and a local bus using any of a variety of bus architectures.
The memory 1120 may include readable media in the form of volatile memory, such as Random Access Memory (RAM) 1121 and/or cache memory 1122, and may further include Read Only Memory (ROM) 1123. Memory 1120 may also include a program/utility 1126 having a set (at least one) of program modules 1125, such program modules 1125 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. The processor 1110 is configured to execute program instructions stored in the memory 1120 and the like to implement the authentication control method discussed above.
The computer device 1100 may communicate with one or more external devices 1140 (e.g., keyboard, pointing device, etc.) and/or may also communicate with the computer device 1100 via other devices, such as routers, modems, etc. Such communication may occur through an input/output (I/O) interface 1150. Moreover, the computer device 1100 may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through a network adapter 1160. As shown, network adapter 1160 communicates with other modules for computer device 1100 via bus 1130. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with computer device 1100, including, but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
Based on the same inventive concept, embodiments of the present application provide a storage medium storing computer instructions that, when run on a computer, cause the computer to perform the authentication control method discussed previously.
Based on the same inventive concept, embodiments of the present application provide a computer program product comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions so that the computer device performs the authentication control method described above.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the integrated units described above may be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partly contributing to the prior art, and the computer software product may be stored in a storage medium, and include several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (15)

1. An authentication control method, which is applied to a server of a team instant messaging application, comprises the following steps:
binding information sent by a target team account of a first team instant messaging client is received; the binding information comprises an equipment address of target access control equipment and a target team identifier bound by the target access control equipment;
according to the equipment address and the target team identification, sending a membership information set associated with the target team identification to the target access control equipment; the membership information set is set by the target team account, and a member corresponding to each membership information in the membership information set has a right to pass through the target access control equipment;
receiving a verification information request sent by a target sub-application in a second team instant messaging client; the verification information request carries a target identity associated with a target account number logged in the second team instant messaging client;
Generating verification information according to the target identity; the verification information is target identity information corresponding to the target identity;
and sending the verification information to the target sub-application so that target access control equipment reads the verification information displayed by the target sub-application or receives the verification information sent by the target sub-application, obtaining the target identity information, and carrying out authority verification on the target identity according to the membership information set.
2. The method of claim 1, wherein the verification information comprises a two-dimensional code having a valid duration; the two-dimensional code comprises the target identity information and effective duration information.
3. The method of claim 2, wherein the server stores a private key of a public-private key pair, the target access device stores a public key of the public-private key pair, and,
generating verification information according to the target identity, wherein the verification information specifically comprises:
obtaining target identity information according to the target identity;
carrying out hash operation on the target identity information and the effective duration information to obtain a hash value;
The private key and a pre-stored signature algorithm sign the hash value to obtain a signature value;
and generating a two-dimensional code according to the signature value, the target identity information and the effective duration information.
4. The method of claim 3, wherein the set of membership information includes a permission type of each member corresponding to membership information for the target access device, and wherein the obtaining target identity information according to the target identity identifier specifically includes:
obtaining the authority type corresponding to the target identity from the membership information set according to the target identity; the target identity and the right type corresponding to the target identity are target identity information.
5. The method of any one of claims 1-4, further comprising:
and if the target access control equipment receives an identity information update request or determines that the membership information set is updated, transmitting the update information in the membership information set to the target access control equipment so that the target access control equipment updates the membership information set.
6. An identity verification control method is characterized by being applied to access control equipment, and comprises the following steps:
receiving a membership information set sent by a server; the server is a server corresponding to a team instant messaging application, the membership information set is set by a target team account in a first team instant messaging client, and members corresponding to each membership information in the membership information set have authority to pass through target access control equipment;
reading verification information displayed by a target sub-application or receiving the verification information sent by the target sub-application to obtain target identity information in the verification information; the target sub-application is a sub-application in a second team instant messaging client, the verification information comprises target identity information corresponding to a target identity, and the target identity is an identity corresponding to a target account logged in the second team instant messaging client;
and verifying the authority of the target identity information according to the membership information set.
7. The method of claim 6, wherein the reading the verification information presented by the target sub-application to obtain the target identity information in the verification information specifically comprises:
Obtaining verification information by scanning the two-dimensional code displayed by the target sub-application;
analyzing the verification information to obtain target identity information of the target user.
8. The method of claim 7, wherein the authentication information further comprises validity duration information, and further comprising, prior to the verifying the rights to the target identity information based on the set of membership information:
and determining that the verification information does not exceed the effective duration indicated by the effective duration information.
9. The method according to any one of claims 6 to 8, wherein the server stores a private key of a public-private key pair, the access control device stores a public key of the public-private key pair, the verification information further includes a signature value, and the performing authority verification on the target identity information according to the membership information set specifically includes:
and if the signature value is determined to be correct according to the public key and the signature algorithm, performing authority verification on the target identity information according to the membership information set.
10. The method according to any one of claims 6 to 8, further comprising:
if the version number of the membership information set stored by the server is different from the version number of the membership information set stored by the server, generating an identity information update request;
Sending the identity information updating request to the server;
and receiving the update information fed back by the server, and updating the membership information set according to the update information.
11. An authentication control method, which is applied to a terminal, comprising:
responding to a first operation in a team instant messaging client, displaying an application identifier of a target sub-application, wherein the team instant messaging client is a client corresponding to the team instant messaging application;
in response to a second operation for the application identification, displaying verification information containing target identity information in the target sub-application; the verification information is obtained according to the target identity identifier associated with the target account number logged in the team instant messaging client, the target identity information is used for verifying whether a target user has permission to pass through target access control equipment or not, and the permission is set by the target team account number of the team instant messaging application.
12. An authentication control apparatus, characterized by comprising:
the receiving module is used for receiving binding information sent by a target team account of the first team instant messaging client; the binding information comprises an equipment address of target access control equipment and a target team identifier bound by the target access control equipment;
the sending module is used for sending the membership information set associated with the target team identification to the target access control equipment according to the equipment address and the target team identification; the membership information set is set by the target team account, and a member corresponding to each membership information in the membership information set has a right to pass through the target access control equipment;
the receiving module is further used for receiving a verification information request sent by a target sub-application in the second team instant messaging client; the verification information request carries a target identity associated with a target account number logged in the second team instant messaging client;
the generation module is used for generating verification information according to the target identity; the verification information is target identity information corresponding to the target identity;
The sending module is further configured to send the verification information to the target sub-application, so that the target access control device reads the verification information displayed by the target sub-application, or receives the verification information sent by the target sub-application, obtains the target identity information, and performs authority verification on the target identity according to the membership information set.
13. An authentication control apparatus, characterized by comprising:
the acquisition module is used for receiving the membership information set sent by the server; the server is a server corresponding to a team instant messaging application, the membership information set is set by a target team account in a first team instant messaging client, and members corresponding to each membership information in the membership information set have authority to pass through target access control equipment;
the acquisition module is used for reading verification information displayed by the target sub-application or receiving the verification information sent by the target sub-application to acquire target identity information in the verification information; the target sub-application is a sub-application in a second team instant messaging client, the verification information comprises target identity information corresponding to a target identity, and the target identity is an identity corresponding to a target account logged in the second team instant messaging client;
And the verification module is used for carrying out authority verification on the target identity information according to the membership information set.
14. An authentication control apparatus, characterized by comprising:
the first display module is used for responding to a first operation in the team instant messaging client, displaying the application identifier of the target sub-application, wherein the team instant messaging client is a client corresponding to the team instant messaging application;
the second display module is used for responding to a second operation aiming at the application identification and displaying verification information containing target identity information in the target sub-application; the verification information is obtained according to the target identity identifier associated with the target account number logged in the team instant messaging client, the target identity information is used for verifying whether a target user has permission to pass through target access control equipment or not, and the permission is set by the target team account number of the team instant messaging application.
15. A storage medium storing computer instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 5 or 6 to 10 or 11.
CN202010872111.7A 2020-08-26 2020-08-26 Authentication control method, device and medium Active CN114202840B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010872111.7A CN114202840B (en) 2020-08-26 2020-08-26 Authentication control method, device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010872111.7A CN114202840B (en) 2020-08-26 2020-08-26 Authentication control method, device and medium

Publications (2)

Publication Number Publication Date
CN114202840A CN114202840A (en) 2022-03-18
CN114202840B true CN114202840B (en) 2023-07-18

Family

ID=80644148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010872111.7A Active CN114202840B (en) 2020-08-26 2020-08-26 Authentication control method, device and medium

Country Status (1)

Country Link
CN (1) CN114202840B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116416723B (en) * 2022-12-16 2026-02-03 上海云思智慧信息技术有限公司 Intelligent access control authority network system, method, electronic equipment and medium
CN116343419B (en) * 2023-01-10 2023-11-28 广州烽云信息科技有限公司 Intelligent video monitoring alarm management system

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7043760B2 (en) * 2000-10-11 2006-05-09 David H. Holtzman System and method for establishing and managing relationships between pseudonymous identifications and memberships in organizations
US20120169457A1 (en) * 2010-12-31 2012-07-05 Schneider Electric Buildings Ab Method and system for dynamically assigning access rights
US9426216B2 (en) * 2013-03-10 2016-08-23 Dropbox, Inc. Content item sharing and synchronization system with team shared folders
KR102635772B1 (en) * 2015-04-16 2024-02-13 아싸 아브로이 에이비 How to determine whether a user with your credentials will have access to your physical space
US10127368B2 (en) * 2016-03-01 2018-11-13 Filevine, Inc. Systems for identity validation and association
CN106056707A (en) * 2016-05-19 2016-10-26 李悌荷 Residential quarter network access control scheme
CN106293816B (en) * 2016-08-02 2019-10-18 成都荷码科技有限公司 A method for increasing the stickiness between users and Apps installed on mobile smart terminals
CN108133523B (en) * 2016-12-01 2020-08-14 阿里巴巴集团控股有限公司 Access control method and device
CN106803295A (en) * 2016-12-28 2017-06-06 福建星网锐捷安防科技有限公司 Gate inhibition's authentication control method and system based on Quick Response Code
CN108062809B (en) * 2017-11-28 2019-02-22 特斯联(北京)科技有限公司 A kind of house access control system for realizing personnel's big data collection analysis
CN108597082A (en) * 2018-04-27 2018-09-28 深圳市零度智控科技有限公司 Auth method and system, storage medium based on bank gate inhibition
CN110535968B (en) * 2019-09-07 2023-04-07 长沙北之辰智能技术有限公司 Cabinet access control system and method based on dynamic password
CN111182159B (en) * 2019-10-18 2022-03-04 腾讯科技(深圳)有限公司 Communication method, device and storage medium based on team instant messaging application

Also Published As

Publication number Publication date
CN114202840A (en) 2022-03-18

Similar Documents

Publication Publication Date Title
US11757652B2 (en) Decentralized system for securely resolving domain names
CN116438531B (en) DID system and control method thereof using browser-based secure PIN authentication
US8554749B2 (en) Data file access control
US8549326B2 (en) Method and system for extending encrypting file system
US11102189B2 (en) Techniques for delegation of access privileges
US20140075493A1 (en) System and method for location-based protection of mobile data
US9100171B1 (en) Computer-implemented forum for enabling secure exchange of information
US20140123240A1 (en) System and service providing apparatus
CN111881483B (en) Resource account binding method, device, equipment and medium based on blockchain
JP2018116708A (en) Network connection automation
US10148637B2 (en) Secure authentication to provide mobile access to shared network resources
CN102498701A (en) Method and apparatus for identity verification
US11275858B2 (en) Document signing system for mobile devices
US20090260066A1 (en) Single Sign-On To Administer Target Systems with Disparate Security Models
CN114202840B (en) Authentication control method, device and medium
CN102546166A (en) Method, system and device for identity authentication
US20090271870A1 (en) Methods, apparatuses, and computer program products for providing distributed access rights management using access rights filters
US12248553B2 (en) Document signing system for mobile devices
CN1601954A (en) Moving principals across security boundaries without service interruption
CN115834245A (en) Security authentication method, system, equipment and storage medium
KR102697292B1 (en) Phone number-based user account management technology
CN118445092A (en) Cross-application information transfer sharing and tracing method and system
KR102465744B1 (en) Device authentication method by login session passing
CN118690400A (en) Data processing method, device, computer equipment, storage medium and product
CN118264430A (en) Data processing method, device, computer equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant