RU2817109C1 - Reverse identification technology with three-tier architecture - Google Patents

Abstract

FIELD: computer engineering.

SUBSTANCE: present technical solution relates to computer engineering. On the cloud server, the object local access switches are configured with controllers and access points connected to it; configuration of access levels of subjects is performed on the side of the cloud part and is synchronized in the form of an access cache with local access switches of the object, which provides: broadcasting of commands received from outside to access points actuators; storage of local access cache and its synchronization with cloud platform data; wherein the process of passing through the access points of the object is possible only for the authorized subject using the computing device (CD) of the authorized user, by reading the access point identifier; obtained access point identifier together with user identifier is transmitted from user CD to local switch for execution; local switch performs authorization of operation, checking availability of powers in local access cache; in case of successful user authorization, the local switch sends an opening signal to the access point actuator.

EFFECT: higher safety of protected object.

6 cl, 3 dwg

Description

TECHNICAL FIELD

This technical solution relates to the field of computer technology, in particular to methods of access control and management.

BACKGROUND OF THE ART

The solution chosen as the closest analogue is known from the prior art, RU2756701C1, 10/04/2021. This solution relates to the field of computer technology, namely to the method of providing access and protecting an object. The method of providing access and protecting an object is based on a scoring system, in which access to the protected object is provided by the user collecting a predetermined required number of points, and, due to each of the above options for providing access, the user, upon positive identification, is assigned a predetermined certain number of points through a scoring system.

The proposed solution is aimed at eliminating the shortcomings of the current state of the art and differs from known solutions in that the proposed solution improves the security of the protected object, as well as increases the level of fault tolerance and reliability in terms of providing and controlling access to the premises of the object.

SUMMARY OF THE INVENTION

The technical problem that the claimed solution is aimed at is creating a method for access control and management. Additional embodiments of the present invention are presented in the dependent claims.

The technical result is to increase the security of the protected object.

The declared technical result is achieved through the implementation of a method of access control and management, including the stages at which: on the cloud server, the local access switches of the object are configured with controllers and access points connected to it; the configuration of subject access levels is performed on the cloud side and is synchronized in the form of an access cache with the local access switches of the object; in this case, the local access switch provides the following functionality for interaction with access point actuators:

broadcasting commands received from outside to access point actuators;

storing a local access cache and synchronizing it with cloud platform data;

in this case, the process of passing through the access points of the object is possible only for an authorized subject and is carried out through the computing device of the authorized user, by reading the access point identifier;

the obtained access point ID along with the authorized user ID is transmitted from the user's computing device to the local switch for execution;

The local switch authorizes the operation by checking for permissions in the local access cache.;

In case of successful user authorization, the local switch sends an opening signal to the access point actuator where the tag read by the user was installed.

In a particular embodiment of the described method, the process of obtaining an access point identifier is performed by reading a QR code with the camera of a computing device.

In another particular embodiment of the described method, the process of obtaining an access point identifier is performed by reading the NFC tag data.

In another particular embodiment of the described method, the process of obtaining an access point identifier is performed by reading the Bluetooth tag data.

In another particular embodiment of the described method, the process of obtaining an access point identifier is performed by recognizing the audio-sound identifier of the tag.

In another particular embodiment of the described method, the local access cache is a database that contains current information about the user’s permissions, and the permission data contains the following attributes: user identifier, access point identifier, authority validity period; in this case, based on the data in the database for the pair “user ID” and “access point ID”, the pass request is authorized, and if there is no data, the pass request is rejected.

DESCRIPTION OF DRAWINGS

The implementation of the invention will be described further in accordance with the accompanying drawings, which are presented to explain the essence of the invention and in no way limit the scope of the invention. The following drawings are attached to the application:

Fig. 1 illustrates the general diagram of the proposed technical solution.

Fig. 2 illustrates the description of the parameters.

Fig. 3 illustrates a block diagram of an example implementation of the invention.

DETAILED DESCRIPTION OF THE INVENTION

The following detailed description of the invention sets forth numerous implementation details designed to provide a clear understanding of the present invention. However, it will be apparent to one skilled in the art how the present invention can be used with or without these implementation details. In other cases, well-known methods, procedures and components have not been described in detail so as not to unduly obscure the features of the present invention.

In addition, from the above discussion it will be clear that the invention is not limited to the above implementation. Numerous possible modifications, alterations, variations and substitutions, while retaining the spirit and form of the present invention, will be apparent to those skilled in the art.

This technical solution relates to the field of computer technology, in particular to a method for access control and management. The proposed solution ensures increased security of the protected object, as well as an increase in the level of fault tolerance and reliability in terms of providing and controlling access to the premises of the object.

Currently, access to various objects (for example: objects requiring a high degree of protection, office buildings, apartment buildings, etc.) is provided through primitive and insufficiently safe object protection systems. The proposed method is aimed at solving the above problems. In this technical solution, an access point is understood as a certain object - a physical barrier equipped with a blocking device (door, barrier turnstile, etc.), an actuator (locks, latches, drives), a reader, sensors.

Technical means that implement this technical solution (facility safety circuit).

Cloud platform is a system that provides functions for configuring end devices (switches, access controllers) at an object, issuing access point identifiers, forming and updating an object’s access cache. An access cache is understood as a set of powers of subjects to object-passage points. By updating the access cache, the security of the protected object is significantly increased.

The local access cache can be a database that contains up-to-date information about the user's permissions. Authorization data contains the following attributes: user ID, access point ID, authorization period. The presence of data in the database for the pair user ID + access point ID allows you to authorize a pass request. If there is no data, the pass request is rejected.

Local switch is a subsystem in the facility infrastructure that provides storage and updating of the local access cache, receiving, authorizing and transmitting access requests to access point actuators. By reducing the number and complexity of functions performed, hardware requirements are significantly reduced, allowing it to be placed on single-board microcomputer-class devices.

The switch can be a software and hardware complex based on single-board microcomputers with the following minimum characteristics: 2 GB RAM, 32 GB ROM.

Interaction between the cloud, switch and controller occurs via a secure protocol (SSL).

Figure 1 illustrates the general diagram of the proposed technical solution.

The local switch stores the configuration of controllers and access points necessary to communicate with the device. In general, several access points can be connected to one controller. The configuration of the controllers connected to the switch comes from the cloud server. The solution can involve any network access controllers with an open interface for exchanging data and management commands. Examples of controllers from different suppliers: Iron Logic Model: Z-5R (mod. Web), Dahua DHI-ASC2202C-D. The configuration itself is saved locally on the switch and contains additional controller and access point parameters necessary for interaction via the controller API. A description of the configuration parameters is illustrated in Figure 2.

The switch provides:

• the ability to interact with access controllers from various suppliers via API;

• interface (m2m) for receiving commands for interaction with access points (doors, barriers, turnstiles). Basic commands: opening an access point, getting the current access point mode, changing the access point mode;

• local storage of the access cache with the ability to synchronize it with the cloud server;

• local storage of settings of connected controllers and access points.

Access controller is a device that provides interaction with final actuators (electromechanical locks, barriers, etc.).

To identify access requests, reverse identification technology is used, in which a unique identifier is issued for each access point (door, barrier, etc.) in the form of a QR, NFC, Bluethouth tag. The user, using a mobile application with the application installed, scans the tag. The mobile application transmits an access request containing the subject and object ID to the access switch for execution. This approach makes it possible to abandon the use of additional actuators to identify the access subject (access card readers, fingerprint scanners, etc.).

Configuration of facility safety loop devices.

In the platform application hosted on a cloud server, the local access switches of the object are configured with controllers and access points connected to it. The configuration of subject access levels is carried out on the side of the cloud part of the platform and is synchronized in the form of an access cache with the local access switches of the object, thereby further increasing the security of the protected object.

When configuring a local switch, you specify:

• data about connected access controllers (IP address, MAC address, controller model and vendor, API version);

• information about access points connected to the controller (access point number, access point type, access point name).

The local access switch provides the minimum required functionality for interaction with access point actuators:

• translation of commands received from outside to actuators of access points;

• storing a local access cache and synchronizing it with cloud platform data.

The process of passing through an object's access points.

Passage through the facility's access points is available to an authorized subject. When using a computing device with a platform application installed, an authorized user reads the access point ID. Depending on the technical capabilities of the user’s device, the process of obtaining an access point identifier can be performed in one of the following ways:

• reading a QR code with a smartphone camera;

• reading NFC tag data;

• reading bluetooth tag data;

• recognition of the audio-sound identifier of the tag.

The resulting access point ID along with the authorized user ID is transmitted from the computing device to the local switch for execution. An alternative interaction option is possible, in which the identifiers are transferred to the cloud server. In an alternative option, authorization of the operation is performed on the cloud server, after which, if the authority is verified successfully, the command is transmitted from the cloud server to the local switch for execution. The local switch authorizes the operation by checking the local access cache for the required permissions. Interaction between the cloud, switch and controller is carried out via a secure protocol (SSL). If the user is successfully authorized, the local switch sends an opening signal to the access point actuator where the tag read by the user was installed.

Figure 3 illustrates a block diagram of an example implementation of the invention.

In these application materials, a preferred disclosure of the implementation of the claimed technical solution was presented, which should not be used as limiting other, private embodiments of its implementation, which do not go beyond the scope of the requested scope of legal protection and are obvious to specialists in the relevant field of technology.

Claims (11)

1. A method for access control and management, including the stages at which: on the cloud server, the local access switches of the object are configured with controllers and access points connected to it; the configuration of subject access levels is performed on the cloud side and is synchronized in the form of an access cache with the local access switches of the object; in this case, the local access switch provides the following functionality for interaction with access point actuators: broadcasting commands received from outside to access point actuators; storing a local access cache and synchronizing it with cloud platform data; in this case, the process of passing through the access points of the object is possible only for an authorized subject and is carried out through the computing device of the authorized user, by reading the access point identifier; the obtained access point ID along with the authorized user ID is transmitted from the user's computing device to the local switch for execution; the local switch authorizes the operation by checking the local access cache for permissions; In case of successful user authorization, the local switch sends an opening signal to the access point actuator where the tag read by the user was installed. 2. The method of claim 1, wherein the process of obtaining the access point identifier is performed by reading the QR code with the camera of the computing device. 3. The method according to claim 1, wherein the process of obtaining the access point ID is performed by reading NFC tag data. 4. The method according to claim 1, wherein the process of obtaining the access point ID is performed by reading the Bluetooth tag data. 5. The method according to claim 1, wherein the process of obtaining the access point ID is performed by recognizing the audio-sound ID of the tag. 6. The method according to claim 1, in which the local access cache is a database that contains up-to-date information about the user’s permissions, and the permission data contains the following attributes: user identifier, access point identifier, authority validity period; in this case, based on the data in the database for the pair “user ID” and “access point ID”, the pass request is authorized, and if there is no data, the pass request is rejected.