[go: up one dir, main page]

WO2018095182A1 - Method and system for data exchange - Google Patents

Method and system for data exchange Download PDF

Info

Publication number
WO2018095182A1
WO2018095182A1 PCT/CN2017/107602 CN2017107602W WO2018095182A1 WO 2018095182 A1 WO2018095182 A1 WO 2018095182A1 CN 2017107602 W CN2017107602 W CN 2017107602W WO 2018095182 A1 WO2018095182 A1 WO 2018095182A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
control device
authentication
server
certified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/107602
Other languages
French (fr)
Chinese (zh)
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
Tendyron Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201611059494.6A external-priority patent/CN107231404B/en
Priority claimed from CN201611060585.1A external-priority patent/CN107230265B/en
Application filed by Tendyron Corp filed Critical Tendyron Corp
Publication of WO2018095182A1 publication Critical patent/WO2018095182A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit

Definitions

  • the present invention relates to the field of electronic technologies, and in particular, to a data interaction method and system.
  • the entrance of some community gates and the entrances of various buildings in the community usually have access control.
  • the owner who lives in the community can use the access card issued by the community to enter and exit the cell and the building, and the person without the access card cannot enter the cell.
  • the present invention is directed to solving the above problems.
  • the main object of the present invention is to provide a data interaction method
  • Another object of the present invention is to provide a data interaction system
  • Another object of the present invention is to provide a data interaction method
  • Another object of the present invention is to provide a data interaction system.
  • An aspect of the present invention provides a data interaction method, including: a first server receives first information sent by a client, where the first information includes location information; and the first server allocates a target user to the location information, and determines The identity information of the target user; the first server sends second information to the second server, the second information includes at least identity information of the target user; the second server receives the second information, and Transmitting the second information to the authority control device; the rights control device receiving the second information, and storing the second information; the rights control device detecting that the first to-be-certified information carrier enters a detection range, The first to-be-certified information carrier reads the first to-be-authenticated information, and the first to-be-authenticated information includes identity information to be authenticated; the rights control device uses the stored identity information of the target user to the identity information to be authenticated. Performing the first authentication; the authority control device performs an authorization operation after the first authentication is passed.
  • a data interaction system including: a first server, configured to receive first information sent by a client, where the first information includes location information; assign a target user to the location information, determine a location Determining identity information of the target user; transmitting second information to the second server, the second information including at least identity information of the target user; the second server, configured to receive the second information, and control the rights
  • the device sends the second information; the rights control device is configured to receive the second information, and store the second information; and detect that the first to-be-authenticated information carrier enters a detection range, from the first to be authenticated
  • the information carrier reads the first to-be-authenticated information, the first to-be-authenticated information includes the identity information to be authenticated, and performs the first authentication on the to-be-authenticated identity information by using the stored identity information of the target user; After the first authentication is passed, the authorization operation is performed.
  • An aspect of the present invention provides a data interaction method, including: a first server receives first information sent by a client, the first information includes location information; and the first server allocates a target user to the location information, Determining identity information of the target user; the first server sends second information to the second server, the second information includes at least identity information of the target user; and the second server receives the second information, Storing the second information; the right control device detects that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-authenticated information carrier, where the first to-be-certified information includes the identity to be authenticated Information; and, The rights control device sends an identity information acquisition request to the second server; the second server receives the identity information acquisition request, and sends the second information to the rights control device; the rights control device receives the The second information is used to perform the first authentication on the identity information to be authenticated by using the received identity information of the target user; after the first authentication is passed, the rights control device perform
  • a data interaction system including: a first server, configured to receive first information sent by a client, where the first information includes location information; assign a target user to the location information, determine The second user information is sent to the second server, the second information includes at least the identity information of the target user, and the second server is configured to receive the second information, and store the The second information; the authority control device is configured to detect that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-certified information includes the identity to be authenticated And sending the identity information acquisition request to the second server; the second server is further configured to receive the identity information acquisition request, and send the second information to the rights control device; the rights control device, The method is further configured to receive the second information, and perform first authentication on the to-be-authenticated identity information by using the received identity information of the target user. And after the first authentication, performs authorization operations.
  • the first server after receiving the location information sent by the client, allocates the target user and sends the identity information of the target user to the second server, where the target user is located in the The location information of the customer providing the service (such as a delivery person or a food delivery staff, etc.), the second server sends the identity information of the target user to the authority control device, and when the target user arrives at the location of the authority control device,
  • the first to-be-certified information carrier is placed in the detection area of the authority control device, the authority control device detects and reads the identity information to be authenticated, and performs the first authentication, and if the authentication passes, performs the authorization operation.
  • the access control is the authority control device
  • the target user such as a delivery person or a food delivery person, etc.
  • the solution sends the identity information of the target user to the second server through the first server, and is sent to the access control by the second server.
  • the access control uses the identity information of the target user to authenticate and pass the target user, the target user can obtain the authorization. Therefore, the user enters the cell.
  • the client who enjoys the service provided by the target user does not need to go out to open the access control for the target user, and provides convenience for the client.
  • the target user is authenticated by the authority control device when entering the cell. After being authorized to enter, security is guaranteed.
  • FIG. 1 is a flowchart of a data interaction method according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic structural diagram of a data interaction system according to Embodiment 2 of the present invention.
  • Embodiment 3 is a flowchart of a data interaction method according to Embodiment 3 of the present invention.
  • FIG. 4 is a schematic structural diagram of a data interaction system according to Embodiment 4 of the present invention.
  • connection In the description of the present invention, it should be noted that the terms “installation”, “connected”, and “connected” are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or integrally connected; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
  • Connected, or integrally connected can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
  • the specific meaning of the above terms in the present invention can be understood in a specific case by those skilled in the art.
  • the applicable scenarios in this embodiment include, but are not limited to, a client, a first server, a second server, and an authority control device; the client purchases a certain service through the client through the online order (for example, online shopping, online ordering, etc.) , the client will location information (such as shipping The address is sent to the first server, the first server allocates a target user (such as a courier) for the location information, and sends the identity information of the target user to the second server, where the second server sends the identity information of the target user to The authority control device (for example, the access control set by the location of the delivery address identifier), the target user holds the first information carrier to be authenticated, and when the target user arrives at the location of the authority control device, the authority control device uses the identity information of the target user to target The user performs the first authentication and authorization.
  • the client purchases a certain service through the client through the online order (for example, online shopping, online ordering, etc.) , the client will location information (such as shipping The address is sent to the first server
  • This embodiment provides a data interaction method. As shown in FIG. 1, the method includes the following steps:
  • the first server receives first information sent by a client, where the first information includes location information.
  • the first server in this embodiment can communicate with the client.
  • the first server may be a server that provides an online service such as an online supermarket or an online ordering service
  • the client may be an application for realizing online shopping or ordering services, and the client may be installed on a device held by the user (for example, a PC). , mobile phones, PDAs, etc.).
  • the first information may be order information
  • the location information may be an order address; for example, when the online shopping is performed, the location information is specifically a delivery address, and when the online order is ordered, the location information is specifically a delivery address and the like.
  • the location information may represent address information of different meanings, and is not limited herein.
  • the first information may further include information such as an order number, an order detail, an order amount, an order date, a user name of the order, and the like, and is not limited herein.
  • the first server allocates a target user to the location information, and determines identity information of the target user.
  • the target user is a person who provides a corresponding service to the client located in the location information.
  • the target user is specifically a delivery person.
  • the location information is specifically a food delivery person, etc. .
  • the target user can indicate the person providing different services, and there is no limitation here.
  • the identity information of the target user in this embodiment may be ID information or may be any biometric information such as fingerprint information, palm print information or iris information.
  • the ID card information includes at least an ID card number, and the ID card information can be read from the ID card, or can be read from an order graphic code or an order barcode code carrying the ID card information.
  • the first server sends second information to the second server, where the second information includes at least identity information of the target user.
  • the second server may be used to manage the rights control device.
  • the rights control device may be the access control
  • the second server is the server that can implement data interaction and management for the access control.
  • the first server and the second server are mutually independent servers, and each of them functions differently.
  • the first server is used for providing a server for online shopping, online ordering, and the like
  • the second server is used for data interaction and management of the authority control device, and the first server and the second server can communicate with each other through a wireless network or a wired network. Communicate.
  • the second server receives the second information, and sends the second information to the rights control device.
  • the second server and the authority control device can communicate through a wired connection, such as a network cable connection, or can communicate through a wireless network, such as a mobile network, a local area network in a cell, and the like.
  • the permission control device can be an access control.
  • This step can also be implemented as follows:
  • the second server receives the second information, and stores the second information; the rights control device sends an identity information acquisition request to the second server; the second server receives the identity information acquisition request, and The authority control device transmits the second information.
  • the permission control apparatus receives the second information, and stores the second information.
  • the second information includes at least the identity information of the target user
  • the rights control device stores the identity information of the received target user, so as to subsequently perform identity authentication on the target user by using the identity information of the target user.
  • the permission control device detects that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-authenticated information includes identity information to be authenticated;
  • the authority control device is provided with a module for supporting the information reading function.
  • the module may be an identity card reading module for reading the identity card information, and correspondingly, the first information carrier to be authenticated is an identity card, and the reading is performed.
  • the first information to be authenticated is the ID information; for example, the module is a scan code module, and correspondingly, the first information carrier to be authenticated may be an order graphic code or an order barcode carrying the identity information, and the like.
  • the first to-be-certified information may be that the identity information of the target user is read from the order graphic code or the order barcode (the identity information may be, for example, an identity card number such as an ID number); for example, the module may be a biometric feature.
  • the biometric reading module correspondingly, the first to-be-certified information carrier is a biometric feature, and the read first to-be-certified information is biometric information.
  • the biometric feature may be a finger, and the corresponding biometric information may be a fingerprint; or the biometric feature may be a palm, and the corresponding biometric information may be a palm print; or the biometric feature may be an eye, and the corresponding biometric information may be Iris, etc., there is no limit here.
  • the rights control device performs first authentication on the to-be-authenticated identity information by using the stored identity information of the target user.
  • the authority control device performs an authorization operation after the first authentication is passed.
  • the first authentication of the identity information to be authenticated is performed by using the stored identity information of the target user, which may be implemented by: determining the stored identity information of the target user and the identity information to be authenticated. Whether they are consistent. If they are consistent, the first authentication is passed. If they are inconsistent, the first authentication fails.
  • performing the authorization operation may be as follows: opening the door lock.
  • the first server after receiving the location information sent by the client, allocates the target user and sends the identity information of the target user to the second server, where the target user provides services for the client located in the location information.
  • a person such as a delivery person or a food delivery person, etc.
  • the second server sends the identity information of the target user to the authority control device, and when the target user arrives at the location of the authority control device, the first information carrier to be authenticated is held Placed in the detection area of the authority control device, the authority control device detects and reads the identity information to be authenticated, and performs the first authentication, and if the authentication passes, performs the authorization operation.
  • the present invention can be used.
  • the solution sends the identity information of the target user to the second server through the first server, and is sent to the access control by the second server.
  • the access control authenticates the target user by using the identity information of the target user
  • the target user can also obtain the authorization. Therefore, the user enters the cell.
  • the client who enjoys the service provided by the target user does not need to go out to open the access control for the target user, and provides convenience for the client.
  • the target user is authenticated by the authority control device when entering the cell. After being authorized to enter, security is guaranteed.
  • the rights control device deletes the stored second information or sets the state of the second information to a failure state.
  • the embodiment deletes the stored second information after performing the current authentication or the current authorization operation, so that the second information cannot be used for the next authentication or authorization in the subsequent process.
  • setting the state of the second information to a failure state that is, the second information is invalid after being used for one authentication and authorization operation, and then the second information cannot be used for the next authentication or authorization, thereby avoiding the The second information is illegally used again for authentication and authorization in subsequent processes.
  • the authorization operation may also be set, and the authority control device performs the authorization operation, including: the authority control device passes the first authentication. After that, it is judged whether the time when the timing arrives exceeds the prescribed time, and if the specified time is not exceeded, the authorization operation is performed, wherein the timing starts when the authority control device receives the second information, or the timing is in the authority The control device begins when it receives an instruction sent by the second server.
  • the time when the right control device receives the second information or receives the timing start command sent by the second server is 9:00 am, and the time starts, and the predetermined time can be set to 12 am, if the first authentication is passed.
  • the authorization operation is allowed. If the time exceeds 12 o'clock, the authorization operation is not performed even if the first authentication is passed.
  • the second information further includes: the location information.
  • the location information can be used to perform second authentication on the target user to further ensure the security of the authorization operation.
  • the sending, by the second server, the second information to the rights control device includes: when the location of the rights control device is consistent with the location information, the second server Sending the second information to the authority control device.
  • the second server can manage multiple rights control devices, and different rights control devices have different locations.
  • the second server sends the second information
  • the location information in the second information indicates the address of the service provided by the target user (for example, the target user may be a courier, the location information may be a delivery address, and the permission control device is an access control)
  • First determining whether the location information in the second information is consistent with the location information of the rights control device eg, determining whether the shipping address is consistent with the location of the access control
  • sending the second information to the rights control device if not, Then the second message is not sent.
  • the authority control device that matches the location information and the location information in the second information receives the second information, and the rights control device that does not match the location information in the second information does not receive the second information. Therefore, the authority control device can authorize the target user when the location information of the target user is consistent with the location of the authority control device in the subsequent process; otherwise, the target user is not authorized.
  • the second server when the second server sends the second information to the authority control device, the second server determines that the location information in the second information is consistent with the location of the authority control device, and of course, the second server is transmitting.
  • the second information may also not care whether the location information in the second information is consistent with the location of the rights control device, but directly sends the second information to each rights control device, and the rights control device determines the second information. Whether the location information is consistent with the location information of the self, and then corresponding processing:
  • the rights control device may perform the following operations: the location information and the rights control in the second information by the rights control device When the location information of the device is consistent, the second information is stored.
  • the second information sent by the second server to the authority control device may occur, and the location information carried by the second information is inconsistent with the location of the rights control device, and the rights control device is in the second information.
  • the second information is stored, and if not, the second information is not stored, so that the subsequent rights control device uses the location information to perform the second
  • authorization of the authority control device may be obtained; otherwise, authorization may not be obtained, further ensuring authorization operation Safety.
  • the second location may be performed on the target user by using the stored location information.
  • the method further includes: the authority control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information, wherein the second to-be-certified information includes: location information to be authenticated;
  • the rights control device performs the second authentication on the to-be-authenticated location information by using the stored location information; at this time, the rights control device performs an authorization operation, specifically: after the first authentication and the second authentication are both passed, the authorization is performed. operating.
  • the second to-be-certified information carrier includes an order graphic code or an order barcode carrying the location information, and when the target user carries the goods (the order graphic code or the order barcode indicating the order information is attached to the goods), the access control device is located.
  • the authority control device can read the delivery address from the order graphic code or the order barcode, the delivery address is equivalent to the location information to be authenticated, and since the permission control device has previously stored the location information, if the read location to be authenticated If the information is consistent with the previously stored location information, the second authentication passes, otherwise the second authentication fails.
  • the target user is the courier and the location information is the delivery address as an example: for example, there are 8 buildings in a community, each building has an access control, and the access control in the 8th building receives the second information. If the delivery address in the second information is the 8th floor, the access control of the 8th building stores the second information (the second information includes the courier's identity information and the shipping address), otherwise the second is not stored. Information, follow-up If the courier arrives at Building 8, if the delivery address of the goods that the courier needs to deliver is the No. 8 building, the access control of Building No. 8 reads the shipping address through the scanning order information, and passes the location information.
  • the result of the comparison is that the delivery address is the same as the previously stored delivery address, then the access control of the 8th building is authorized by the courier, so the courier enters the 8th building; and if the courier needs to deliver the goods
  • the access control of the 8th building reads the delivery address by scanning the order information. If the result of the position information comparison is that the delivery address is inconsistent with the previously stored delivery address, then the Courier can't get 8 Floor access authorization, they can not enter the Building 8.
  • the location information of the permission control device may be used to perform the first
  • the privilege control device does not need to store the location information in the second information, and directly performs the second authentication by using the location information of the privilege control device.
  • the method further includes: the privilege control device Detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information from the second to-be-certified information carrier, wherein the second to-be-certified information includes: to-be-authenticated location information; The second authentication is performed on the to-be-authenticated location information by using the location information of the permission control device.
  • the authorization control device performs an authorization operation, including: after the first authentication and the second authentication are both passed, performing an authorization operation.
  • the second to-be-certified information carrier includes an order graphic code or an order barcode carrying the order information, and the permission control device can read the delivery address from the order graphic code or the order barcode, which is equivalent to the authentication to be authenticated.
  • the location information because the rights control device itself also has location information, if the read location information to be authenticated is consistent with the location information of the rights control device, the second authentication passes, otherwise the second authentication fails.
  • the authority control device performs the second authentication by using the location information
  • the location for example, the delivery address
  • the authorization of the authority control device can be obtained. Otherwise, authorization cannot be obtained, further ensuring the security of the authorization operation.
  • the first to-be-authenticated information carrier and the second to-be-certified information carrier both carry the identity information and the location information of the target user
  • the first to-be-authenticated information carrier and the second to-be-certified information carrier may be the same carrier.
  • the first to-be-certified information carrier and the second to-be-certified information carrier are both an order graphic code or an order barcode
  • the order graphic code or the order barcode carries the identity information and location information of the target user.
  • the control device can obtain the identity information of the target user by scanning the code, and can also obtain the location information.
  • the first to-be-certified information carrier and the second to-be-certified information carrier may be different carriers.
  • the first to-be-certified information carrier is an identity card of the target user
  • the second to-be-certified information carrier is an order graphic code or an order barcode. Location information is carried in the order graphic code or order barcode.
  • the method further includes: after the first authentication is passed, the rights control device sends the identity information of the target user to the client.
  • the permission control device sends the identity information of the target user to the client, so that the client prompts the client that the target user has passed the authorization.
  • the access control sends the identity information of the courier to the client, so that The client can prompt the courier to be certified for access control and will be delivered soon.
  • the embodiment provides a data interaction system, which can be used to execute the data interaction method in Embodiment 1, as shown in FIG. 2, the system includes: a first server 11, a second server 12, and an authority control device 13;
  • the first server 11 is configured to receive first information sent by the client, where the first information includes location information, assign a target user to the location information, determine identity information of the target user, and send the second information to the second server.
  • the server sends the second information, where the second information includes at least the identity information of the target user;
  • the second server 12 is configured to receive the second information, and send the second information to the rights control device;
  • the right control device 13 is configured to receive the second information, and store the second information; detecting that the first to-be-certified information carrier enters the detection range, and reading the first to-be-processed information from the first to-be-certified information carrier Authentication information, the first to-be-certified information includes a body to be authenticated And performing the first authentication on the identity information to be authenticated by using the stored identity information of the target user; and performing an authorization operation after the first authentication is passed.
  • the rights control apparatus is further configured to delete the stored second information or set the second information after the first authentication is passed or after the authorization operation is performed.
  • the status is a failed state.
  • the aging control may be set for the authorization operation, and the privilege control device is specifically configured to determine the timing of the arrival of the timing after the first authentication is passed. Whether the specified time is exceeded, and if the specified time is not exceeded, the authorization operation is performed, wherein the timing starts when the authority control device receives the second information, or the timing receives the second server at the authority control device Start when the command is sent.
  • the second information further includes: the location information; the location information may be used to perform second authentication on the target user, further ensuring security of the authorization operation.
  • the second server is specifically configured to send, by the second server, the first control device to the rights control device when the location of the rights control device is consistent with the location information. Two information.
  • the authority control device is configured to: when the location information in the second information is consistent with the location information of the rights control device, storing the Two information.
  • the rights control apparatus is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information, where
  • the second to-be-certified information includes: location information to be authenticated;
  • the rights control device is further configured to perform second authentication on the to-be-authenticated location information by using the stored location information; the rights control device performs an authorization operation, Specifically, after the first authentication and the second authentication are both passed, the authorization operation is performed.
  • the rights control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading from the second to-be-certified information carrier The second to-be-certified information, wherein the second to-be-certified information includes: location information to be authenticated; and second authentication of the to-be-authenticated location information by using the location information of the rights control device; Specifically, after the first authentication and the second authentication are both passed, the authorization operation is performed.
  • the rights control apparatus is further configured to: after the first authentication is passed, send the identity information of the target user to the client.
  • the second server is configured to receive the second information, and send the second information to the rights control device: receiving the second information, storing the And receiving the identity information acquisition request, and transmitting the second information to the rights control device.
  • the permission control device does not store the second information, but the second server stores the second information, and after the permission control device requests the second information from the second server, The first authentication is performed using the identity information of the received target user.
  • the method includes:
  • the first server receives first information sent by a client, where the first information includes location information.
  • the first server allocates a target user to the location information, and determines identity information of the target user.
  • the first server sends second information to the second server, where the second information includes at least identity information of the target user.
  • the second server receives the second information, and stores the second information.
  • the second information includes at least the identity information of the target user, and the second server stores the identity information of the target user, so that the second information is provided to the authority control device when the subsequent rights control device requests to obtain the identity information.
  • the permission control device detects that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-authenticated information carrier, where the first to-be-authenticated information includes identity information to be authenticated.
  • the permission control device sends an identity information acquisition request to the second server; the second server receives the identity information acquisition request, and sends the second information to the rights control device;
  • the second server may be used to manage the rights control device.
  • the rights control device may be the access control
  • the second server is the server that can implement data interaction and management for the access control.
  • step 205 and step 206 may be performed at the same time, and step 206 may be performed first and then step 206 is performed, which is not limited herein.
  • the rights control device receives the second information, and performs first authentication on the to-be-authenticated identity information by using the received identity information of the target user.
  • the authority control device performs an authorization operation after the first authentication is passed.
  • the rights control device performs the first authentication on the to-be-authenticated identity information by using the received identity information of the target user, which may be implemented by: determining the identity information and the received target information of the target user. Whether the authentication identity information is consistent. If the identity is consistent, the first authentication is passed. If not, the first authentication fails.
  • the method further includes: after the first authentication is passed or after performing the authorization operation, the rights control device sends a security processing instruction to the second server;
  • the second server receives the security processing instruction, deletes the stored second information, or sets the state of the second information to a failure state.
  • the embodiment notifies the second server to delete the stored second information after the authorization control device performs the current authentication or the current authorization operation by using the second information, so that the second information cannot be used subsequently.
  • the information is used for the next authentication or authorization, or the second server is notified to set the state of the second information to a failure state, that is, the second information is invalid after being used for one authentication and authorization operation, and the second information cannot be used again.
  • the second information is used for the next authentication or authorization, and the second information is illegally used for authentication and authorization again in the subsequent process.
  • the second information further includes: location information
  • the sending, by the second server, the second information to the rights control device includes: when the location of the rights control device is consistent with the location information, the second server Sending the second information to the authority control device.
  • the location in the second information may be requested by using the second server.
  • the information is used to perform the second authentication on the target user.
  • the method further includes: the permission control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information, where the The second to-be-certified information includes: location information to be authenticated; the rights control device performs second authentication on the to-be-authenticated location information by using the received location information; the rights control device performs an authorization operation, specifically: the first After the authentication and the second authentication are passed, the authorization operation is performed.
  • the location information of the permission control device may be used to perform the first
  • the authority control device does not need to request the second server to obtain the location information in the second information, and directly uses the location information of the rights control device to perform the authentication.
  • the rights control device performs the authorization operation.
  • the method further includes: the authority control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information from the second to-be-certified information carrier, wherein the second to-be-certified
  • the information includes: location information to be authenticated; the rights control device performs second authentication on the location information to be authenticated by using location information of the rights control device; and the authorization control device performs an authorization operation, including: the first After the authentication and the second authentication are passed, the authorization operation is performed.
  • the method further includes: after the first authentication is passed, the rights control device sends the identity information of the target user to the client.
  • the embodiment provides a data interaction system, which can perform the data interaction method in the above embodiment 4.
  • the system includes: a first server 21, a second server 22, and an authority control device 23;
  • the first server 21 is configured to receive first information sent by the client, where the first information includes location information, assign a target user to the location information, determine identity information of the target user, and send the second information to the second server.
  • the server sends the second information, where the second information includes at least the identity information of the target user;
  • the second server 22 is configured to receive the second information, and store the second information.
  • the right control device 23 is configured to detect that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-authenticated information includes identity information to be authenticated; Sending 22 an identity information acquisition request to the second server;
  • the second server 22 is further configured to receive the identity information acquisition request, and send the second information to the rights control device 23;
  • the rights control device 23 is further configured to receive the second information, perform first authentication on the to-be-authenticated identity information by using the received identity information of the target user, and after the first authentication is passed, Perform an authorization operation.
  • the rights control apparatus is further configured to send a security processing instruction to the second server after the first authentication is passed or after performing the authorization operation;
  • the server is further configured to receive the security processing instruction, delete the stored second information, or set the state of the second information to a failure state.
  • the second information further includes: location information; using the location information, performing second authentication on the target user, further ensuring security of the authorization operation.
  • the second server is specifically configured to send, by the second server, the first control device to the rights control device when the location of the rights control device is consistent with the location information. Two information.
  • the privilege control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information, where The second to-be-certified information includes: location information to be authenticated; and second authentication of the to-be-authenticated location information by using the received location information; After the first authentication and the second authentication are both passed, the authorization operation is performed.
  • the rights control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading from the second to-be-certified information carrier The second to-be-certified information, wherein the second to-be-certified information includes: location information to be authenticated; and second authentication of the to-be-authenticated location information by using the location information of the rights control device; Specifically, after the first authentication and the second authentication are both passed, the authorization operation is performed.
  • the rights control apparatus is further configured to: after the first authentication is passed, send the identity information of the target user to the client.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Provided are a method and system for data exchange. The method comprises: a first server receives first information transmitted by a client; the first server assigns a target user for the location information and determines identity information of the target user; the first server transmits second information to the second server; the second server receives the second information and transmits the second information to a permission control device; the permission control device receives the second information and stores the second information; the permission control device detects that a carrier for first information to be authenticated entered a detection range and reads first information to be authenticated from the carrier for the first information to be authenticated, the first information to be authenticated comprising identity information to be authenticated; the permission control device uses the stored identity information of the target user to perform a first authentication with respect to the identity information to be authenticated; and the permission control device executes an authentication operation when the first authentication is successful.

Description

一种数据交互方法及系统Data interaction method and system

相关申请的交叉引用Cross-reference to related applications

本申请要求李明于2016年11月25日提交中国专利局、申请号为201611059494.6、发明名称为“一种数据交互方法及系统”的中国专利申请的优先权,以及李明于2016年11月25日提交中国专利局、申请号为201611060585.1、发明名称为“一种数据交互方法及系统”的中国专利申请的优先权。This application claims Li Ming's priority on the Chinese Patent Application submitted to the China Patent Office on November 25, 2016, the application number is 201611059494.6, and the invention name is "a data interaction method and system", and Li Ming in November 2016. The priority of the Chinese patent application filed on the 25th is the China Patent Office, the application number is 201611060585.1, and the invention name is "a data interaction method and system".

技术领域Technical field

本发明涉及一种电子技术领域,尤其涉及一种数据交互方法及系统。The present invention relates to the field of electronic technologies, and in particular, to a data interaction method and system.

背景技术Background technique

目前,为提高小区的安全性,一些小区大门的入口以及小区内各栋楼的入口通常会设有门禁。住在小区内的业主使用小区签发的门禁卡可以正常出入小区和所在楼,而没有门禁卡的人员则无法进入小区。At present, in order to improve the security of the community, the entrance of some community gates and the entrances of various buildings in the community usually have access control. The owner who lives in the community can use the access card issued by the community to enter and exit the cell and the building, and the person without the access card cannot enter the cell.

随着互联网的快速发展,越来越多的用户选择通过网络购物、网上预订外卖、或网上申请电器维修等,当服务人员例如快递员或者维修工,需要提供服务的位置位于带有门禁的小区内时,服务人员通常无法进入小区。如何使得无进门权限的服务人员在为用户提供服务时可以进入小区同时不影响小区本身管理的安全性是急需解决的问题。With the rapid development of the Internet, more and more users choose to shop online, order online, or apply for electrical repairs online. When service personnel, such as couriers or maintenance workers, need to provide services, the location is located in the community with access control. Service personnel are usually unable to enter the community. How to enable the service personnel without access rights to enter the cell while providing services to the user without affecting the security of the management of the cell itself is an urgent problem to be solved.

发明内容Summary of the invention

本发明旨在解决上述问题。The present invention is directed to solving the above problems.

本发明的主要目的在于提供一种数据交互方法;The main object of the present invention is to provide a data interaction method;

本发明的另一目的在于提供一种数据交互系统;Another object of the present invention is to provide a data interaction system;

本发明的另一目的在于还提供一种数据交互方法;Another object of the present invention is to provide a data interaction method;

本发明的另一目的在于还提供一种数据交互系统。Another object of the present invention is to provide a data interaction system.

为达到上述目的,本发明的技术方案具体是这样实现的:In order to achieve the above object, the technical solution of the present invention is specifically implemented as follows:

本发明一方面提供了一种数据交互方法,包括:第一服务器接收客户端发送的第一信息,所述第一信息包括位置信息;所述第一服务器为所述位置信息分配目标用户,确定所述目标用户的身份信息;所述第一服务器向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;所述第二服务器接收所述第二信息,并向权限控制装置发送所述第二信息;所述权限控制装置接收所述第二信息,并存储所述第二信息;所述权限控制装置检测到第一待认证信息载体进入检测范围,从所述第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;所述权限控制装置使用存储的所述目标用户的身份信息对所述待认证身份信息进行第一认证;所述权限控制装置在所述第一认证通过后,执行授权操作。An aspect of the present invention provides a data interaction method, including: a first server receives first information sent by a client, where the first information includes location information; and the first server allocates a target user to the location information, and determines The identity information of the target user; the first server sends second information to the second server, the second information includes at least identity information of the target user; the second server receives the second information, and Transmitting the second information to the authority control device; the rights control device receiving the second information, and storing the second information; the rights control device detecting that the first to-be-certified information carrier enters a detection range, The first to-be-certified information carrier reads the first to-be-authenticated information, and the first to-be-authenticated information includes identity information to be authenticated; the rights control device uses the stored identity information of the target user to the identity information to be authenticated. Performing the first authentication; the authority control device performs an authorization operation after the first authentication is passed.

本发明另一方面,提供一种数据交互系统,包括:第一服务器,用于接收客户端发送的第一信息,所述第一信息包括位置信息;为所述位置信息分配目标用户,确定所述目标用户的身份信息;向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;所述第二服务器,用于接收所述第二信息,并向权限控制装置发送所述第二信息;所述权限控制装置,用于接收所述第二信息,并存储所述第二信息;检测到第一待认证信息载体进入检测范围,从所述第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;并使用存储的所述目标用户的身份信息对所述待认证身份信息进行第一认证;以及在所述第一认证通过后,执行授权操作。Another aspect of the present invention provides a data interaction system, including: a first server, configured to receive first information sent by a client, where the first information includes location information; assign a target user to the location information, determine a location Determining identity information of the target user; transmitting second information to the second server, the second information including at least identity information of the target user; the second server, configured to receive the second information, and control the rights The device sends the second information; the rights control device is configured to receive the second information, and store the second information; and detect that the first to-be-authenticated information carrier enters a detection range, from the first to be authenticated The information carrier reads the first to-be-authenticated information, the first to-be-authenticated information includes the identity information to be authenticated, and performs the first authentication on the to-be-authenticated identity information by using the stored identity information of the target user; After the first authentication is passed, the authorization operation is performed.

本发明一方面,还提供一种数据交互方法,包括:第一服务器接收客户端发送的第一信息,所述第一信息包括位置信息;所述第一服务器为所述位置信息分配目标用户,确定所述目标用户的身份信息;所述第一服务器向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;所述第二服务器接收所述第二信息,存储所述第二信息;所述权限控制装置检测到第一待认证信息载体进入检测范围,从第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;以及, 所述权限控制装置向所述第二服务器发送身份信息获取请求;所述第二服务器接收所述身份信息获取请求,向权限控制装置发送所述第二信息;所述权限控制装置接收所述第二信息,使用接收到的所述目标用户的身份信息对所述待认证身份信息进行第一认证;所述权限控制装置在所述第一认证通过后,执行授权操作。An aspect of the present invention provides a data interaction method, including: a first server receives first information sent by a client, the first information includes location information; and the first server allocates a target user to the location information, Determining identity information of the target user; the first server sends second information to the second server, the second information includes at least identity information of the target user; and the second server receives the second information, Storing the second information; the right control device detects that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-authenticated information carrier, where the first to-be-certified information includes the identity to be authenticated Information; and, The rights control device sends an identity information acquisition request to the second server; the second server receives the identity information acquisition request, and sends the second information to the rights control device; the rights control device receives the The second information is used to perform the first authentication on the identity information to be authenticated by using the received identity information of the target user; after the first authentication is passed, the rights control device performs an authorization operation.

本发明另一方面,还提供一种数据交互系统,包括:第一服务器,用于接收客户端发送的第一信息,所述第一信息包括位置信息;为所述位置信息分配目标用户,确定所述目标用户的身份信息;向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;所述第二服务器,用于接收所述第二信息,存储所述第二信息;所述权限控制装置,用于检测到第一待认证信息载体进入检测范围,从第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;以及,向所述第二服务器发送身份信息获取请求;所述第二服务器,还用于接收所述身份信息获取请求,向权限控制装置发送所述第二信息;所述权限控制装置,还用于接收所述第二信息,使用接收到的所述目标用户的身份信息对所述待认证身份信息进行第一认证;以及在所述第一认证通过后,执行授权操作。According to another aspect of the present invention, a data interaction system is provided, including: a first server, configured to receive first information sent by a client, where the first information includes location information; assign a target user to the location information, determine The second user information is sent to the second server, the second information includes at least the identity information of the target user, and the second server is configured to receive the second information, and store the The second information; the authority control device is configured to detect that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-certified information includes the identity to be authenticated And sending the identity information acquisition request to the second server; the second server is further configured to receive the identity information acquisition request, and send the second information to the rights control device; the rights control device, The method is further configured to receive the second information, and perform first authentication on the to-be-authenticated identity information by using the received identity information of the target user. And after the first authentication, performs authorization operations.

由上述本发明提供的技术方案可以看出,第一服务器收到客户端发送的位置信息后,分配目标用户并将该目标用户的身份信息发送给第二服务器,该目标用户是为位于所述位置信息的客户提供服务的人员(例如送货员或送餐员等),第二服务器将目标用户的身份信息发送至权限控制装置,当目标用户到达权限控制装置所在位置后,将所持有的第一待认证信息载体放置在权限控制装置的检测区域,权限控制装置检测并读取待认证身份信息,并进行第一认证,如果认证通过,则进行授权操作。由此可以看出,在设有门禁(该门禁即为权限控制装置)的小区中,即使目标用户(例如送货员或送餐员等)没有该小区的门禁卡,也可以采用本发明中的方案通过第一服务器将目标用户的身份信息发送给第二服务器,并由第二服务器发送至门禁,门禁利用目标用户的身份信息对目标用户进行认证并通过后,目标用户即可获得授权,从而进入该小区,一方面,享受目标用户所提供服务的客户不需要出门为所述目标用户开启门禁,为客户提供了便捷,另一方面,目标用户在进入小区时是通过权限控制装置的认证后才获得授权进入的,保障了安全性。According to the technical solution provided by the present invention, after receiving the location information sent by the client, the first server allocates the target user and sends the identity information of the target user to the second server, where the target user is located in the The location information of the customer providing the service (such as a delivery person or a food delivery staff, etc.), the second server sends the identity information of the target user to the authority control device, and when the target user arrives at the location of the authority control device, The first to-be-certified information carrier is placed in the detection area of the authority control device, the authority control device detects and reads the identity information to be authenticated, and performs the first authentication, and if the authentication passes, performs the authorization operation. It can be seen that in the cell with the access control (the access control is the authority control device), even if the target user (such as a delivery person or a food delivery person, etc.) does not have the access card of the cell, the present invention can be used. The solution sends the identity information of the target user to the second server through the first server, and is sent to the access control by the second server. After the access control uses the identity information of the target user to authenticate and pass the target user, the target user can obtain the authorization. Therefore, the user enters the cell. On the one hand, the client who enjoys the service provided by the target user does not need to go out to open the access control for the target user, and provides convenience for the client. On the other hand, the target user is authenticated by the authority control device when entering the cell. After being authorized to enter, security is guaranteed.

附图说明DRAWINGS

为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those of ordinary skill in the art will be able to obtain other figures from these drawings without the inventive effort.

图1为本发明实施例1提供的一种数据交互方法的流程图;1 is a flowchart of a data interaction method according to Embodiment 1 of the present invention;

图2为本发明实施例2提供的一种数据交互系统结构示意图;2 is a schematic structural diagram of a data interaction system according to Embodiment 2 of the present invention;

图3为本发明实施例3提供的一种数据交互方法的流程图;3 is a flowchart of a data interaction method according to Embodiment 3 of the present invention;

图4为本发明实施例4提供的一种数据交互系统结构示意图。FIG. 4 is a schematic structural diagram of a data interaction system according to Embodiment 4 of the present invention.

具体实施方式detailed description

下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明的保护范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

在本发明的描述中,需要理解的是,术语“中心”、“纵向”、“横向”、“上”、“下”、“前”、“后”、“左”、“右”、“竖直”、“水平”、“顶”、“底”、“内”、“外”等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本发明和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本发明的限制。此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或数量或位置。In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "upper", "lower", "front", "back", "left", "right", " The orientation or positional relationship of the indications of "upright", "horizontal", "top", "bottom", "inside", "outside", etc. is based on the orientation or positional relationship shown in the drawings, only for the convenience of describing the present invention and The simplification of the description is not intended to limit or imply that the device or component that is referred to has a particular orientation, is constructed and operated in a particular orientation, and thus is not to be construed as limiting. Moreover, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.

在本发明的描述中,需要说明的是,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通。对于本领域的普通技术人员而言,可以具体情况理解上述术语在本发明中的具体含义。In the description of the present invention, it should be noted that the terms "installation", "connected", and "connected" are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or integrally connected; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components. The specific meaning of the above terms in the present invention can be understood in a specific case by those skilled in the art.

下面将结合附图对本发明实施例作进一步地详细描述。The embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.

为便于理解本发明,下面对本实施例中可能的应用场景进行简要介绍:To facilitate the understanding of the present invention, a brief description of possible application scenarios in this embodiment is provided below:

本实施例可适用的场景中包括但不限于:客户端、第一服务器、第二服务器、权限控制装置;客户通过客户端在网上下单购买某种服务(例如,网上购物、网上订餐等),客户端将位置信息(例如送货 地址)发送至第一服务器,第一服务器为该位置信息分配目标用户(例如快递员),并将该目标用户的身份信息发送至第二服务器,第二服务器将该目标用户的身份信息发送至权限控制装置(例如送货地址标识的位置所设置的门禁),目标用户持有第一待认证信息载体,当目标用户到达权限控制装置所在位置时,权限控制装置利用目标用户的身份信息对目标用户进行第一认证并授权。The applicable scenarios in this embodiment include, but are not limited to, a client, a first server, a second server, and an authority control device; the client purchases a certain service through the client through the online order (for example, online shopping, online ordering, etc.) , the client will location information (such as shipping The address is sent to the first server, the first server allocates a target user (such as a courier) for the location information, and sends the identity information of the target user to the second server, where the second server sends the identity information of the target user to The authority control device (for example, the access control set by the location of the delivery address identifier), the target user holds the first information carrier to be authenticated, and when the target user arrives at the location of the authority control device, the authority control device uses the identity information of the target user to target The user performs the first authentication and authorization.

实施例1Example 1

本实施例提供一种数据交互方法,如图1所示,该方法包括如下步骤:This embodiment provides a data interaction method. As shown in FIG. 1, the method includes the following steps:

101、第一服务器接收客户端发送的第一信息,所述第一信息包括位置信息;101. The first server receives first information sent by a client, where the first information includes location information.

本实施例中的第一服务器可以与客户端进行通信。第一服务器可以是提供网上超市、网上订餐等网上服务的服务器,客户端可以是实现网上下单进行购物或订餐等服务的应用程序,该客户端可以安装在用户持有的设备(例如PC机、手机、掌上电脑等)上。The first server in this embodiment can communicate with the client. The first server may be a server that provides an online service such as an online supermarket or an online ordering service, and the client may be an application for realizing online shopping or ordering services, and the client may be installed on a device held by the user (for example, a PC). , mobile phones, PDAs, etc.).

本实施例中,第一信息可以为订单信息,位置信息可以为订单地址;例如网上购物时,该位置信息具体为送货地址,网上订餐时,该位置信息具体为送餐地址等等。不同的应用场景,该位置信息可以表示不同含义的地址信息,在此不作限制。In this embodiment, the first information may be order information, and the location information may be an order address; for example, when the online shopping is performed, the location information is specifically a delivery address, and when the online order is ordered, the location information is specifically a delivery address and the like. For different application scenarios, the location information may represent address information of different meanings, and is not limited herein.

此外,该第一信息还可以包括订单号、订单明细、订单金额、订单日期、下单的用户名称等等信息,在此不作限制。In addition, the first information may further include information such as an order number, an order detail, an order amount, an order date, a user name of the order, and the like, and is not limited herein.

102、所述第一服务器为所述位置信息分配目标用户,确定所述目标用户的身份信息;102. The first server allocates a target user to the location information, and determines identity information of the target user.

本实施例中,目标用户是为位于所述位置信息的客户提供相应服务的人员,例如网上购物时,该目标用户具体为送货员,网上订餐时,该位置信息具体为送餐员等等。不同的应用场景,该目标用户可以表示提供不同服务的人员,在此不作限制。In this embodiment, the target user is a person who provides a corresponding service to the client located in the location information. For example, when the online shopping is performed, the target user is specifically a delivery person. When the online order is ordered, the location information is specifically a food delivery person, etc. . For different application scenarios, the target user can indicate the person providing different services, and there is no limitation here.

本实施例中的目标用户的身份信息,可以为身份证信息或者可以为指纹信息、掌纹信息或虹膜信息等任一种生物特征信息。其中,该身份证信息至少包括身份证号码,该身份证信息可以从身份证中读取,也可以是从携带有身份证信息的订单图形码或者订单条性码中读取。The identity information of the target user in this embodiment may be ID information or may be any biometric information such as fingerprint information, palm print information or iris information. The ID card information includes at least an ID card number, and the ID card information can be read from the ID card, or can be read from an order graphic code or an order barcode code carrying the ID card information.

103、所述第一服务器向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;103. The first server sends second information to the second server, where the second information includes at least identity information of the target user.

本实施例中第二服务器可以用于对权限控制装置进行管理,例如在设有门禁的小区中,权限控制装置可以为门禁,第二服务器为可以对门禁实现数据交互以及管理的服务器。In this embodiment, the second server may be used to manage the rights control device. For example, in the cell with the access control, the rights control device may be the access control, and the second server is the server that can implement data interaction and management for the access control.

本实施例中,第一服务器和第二服务器是相互独立的服务器,各自所起的作用也不相同。第一服务器用于提供网上购物、网上订餐等网络服务的服务器,第二服务器用于对权限控制装置进行数据交互以及管理的服务器,第一服务器与第二服务器之间可以通过无线网络或者有线网络进行通信。In this embodiment, the first server and the second server are mutually independent servers, and each of them functions differently. The first server is used for providing a server for online shopping, online ordering, and the like, the second server is used for data interaction and management of the authority control device, and the first server and the second server can communicate with each other through a wireless network or a wired network. Communicate.

104、所述第二服务器接收所述第二信息,并向权限控制装置发送所述第二信息;104. The second server receives the second information, and sends the second information to the rights control device.

本实施例中,第二服务器与权限控制装置可以通过有线连接进行通信,例如网线连接,也可以通过无线网络进行通信,例如移动网络,小区内局域网等。In this embodiment, the second server and the authority control device can communicate through a wired connection, such as a network cable connection, or can communicate through a wireless network, such as a mobile network, a local area network in a cell, and the like.

权限控制装置可以为门禁。The permission control device can be an access control.

本步骤还可以采用如下方式实现:This step can also be implemented as follows:

所述第二服务器接收所述第二信息,存储所述第二信息;所述权限控制装置向所述第二服务器发送身份信息获取请求;所述第二服务器接收所述身份信息获取请求,向所述权限控制装置发送所述第二信息。The second server receives the second information, and stores the second information; the rights control device sends an identity information acquisition request to the second server; the second server receives the identity information acquisition request, and The authority control device transmits the second information.

105、所述权限控制装置接收所述第二信息,并存储所述第二信息;105. The permission control apparatus receives the second information, and stores the second information.

本实施例中,第二信息至少包括目标用户的身份信息,权限控制装置存储收到的目标用户的身份信息,以便于后续利用该目标用户的身份信息对目标用户进行身份认证。In this embodiment, the second information includes at least the identity information of the target user, and the rights control device stores the identity information of the received target user, so as to subsequently perform identity authentication on the target user by using the identity information of the target user.

106、所述权限控制装置检测到第一待认证信息载体进入检测范围,从第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;106. The permission control device detects that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-authenticated information includes identity information to be authenticated;

本实施例中,权限控制装置设有支持信息读取功能的模块,例如,该模块可以是读取身份证信息的身份证读取模块,相应的,第一待认证信息载体为身份证,读取出的第一待认证信息为身份证信息;比如,该模块为扫码模块,相应的,第一待认证信息载体可以为携带有身份信息的订单图形码或订单条形码等,读取出的第一待认证信息可以是从订单图形码或订单条形码中读取目标用户的身份信息(该身份信息例如可以为身份证号等身份证信息);又如,该模块可以是读取生物特征的生物特征读取模块,相应的,第一待认证信息载体为生物特征,读取出的第一待认证信息为生物特征信息。其中,生物特征可以为手指,对应的生物特征信息可以为指纹;或者,生物特征可以为手掌,对应的生物特征信息可以为掌纹;或者,生物特征可以为眼睛,对应的生物特征信息可以为虹膜等等,在此不作限制。In this embodiment, the authority control device is provided with a module for supporting the information reading function. For example, the module may be an identity card reading module for reading the identity card information, and correspondingly, the first information carrier to be authenticated is an identity card, and the reading is performed. The first information to be authenticated is the ID information; for example, the module is a scan code module, and correspondingly, the first information carrier to be authenticated may be an order graphic code or an order barcode carrying the identity information, and the like. The first to-be-certified information may be that the identity information of the target user is read from the order graphic code or the order barcode (the identity information may be, for example, an identity card number such as an ID number); for example, the module may be a biometric feature. The biometric reading module, correspondingly, the first to-be-certified information carrier is a biometric feature, and the read first to-be-certified information is biometric information. The biometric feature may be a finger, and the corresponding biometric information may be a fingerprint; or the biometric feature may be a palm, and the corresponding biometric information may be a palm print; or the biometric feature may be an eye, and the corresponding biometric information may be Iris, etc., there is no limit here.

107、所述权限控制装置使用存储的所述目标用户的身份信息对所述待认证身份信息进行第一认证;107. The rights control device performs first authentication on the to-be-authenticated identity information by using the stored identity information of the target user.

108、所述权限控制装置在所述第一认证通过后,执行授权操作。 108. The authority control device performs an authorization operation after the first authentication is passed.

本实施例中,使用存储的所述目标用户的身份信息对所述待认证身份信息进行第一认证,可以通过如下方式实现:判断存储的所述目标用户的身份信息与所述待认证身份信息是否一致,若一致,则第一认证通过,若不一致,则第一认证不通过。In this embodiment, the first authentication of the identity information to be authenticated is performed by using the stored identity information of the target user, which may be implemented by: determining the stored identity information of the target user and the identity information to be authenticated. Whether they are consistent. If they are consistent, the first authentication is passed. If they are inconsistent, the first authentication fails.

本实施例中,权限控制装置为门禁时,执行授权操作可以为如下操作:开启门锁。In this embodiment, when the authority control device is an access control, performing the authorization operation may be as follows: opening the door lock.

本实施例中,第一服务器收到客户端发送的位置信息后,分配目标用户并将该目标用户的身份信息发送给第二服务器,该目标用户是为位于所述位置信息的客户提供服务的人员(例如送货员或送餐员等),第二服务器将目标用户的身份信息发送至权限控制装置,当目标用户到达权限控制装置所在位置后,将所持有的第一待认证信息载体放置在权限控制装置的检测区域,权限控制装置检测并读取待认证身份信息,并进行第一认证,如果认证通过,则进行授权操作。由此可以看出,在设有门禁(该门禁即为权限控制装置)的小区中,即使目标用户(例如送货员或送餐员等)没有该小区的门禁卡,也可以采用本发明中的方案通过第一服务器将目标用户的身份信息发送给第二服务器,并由第二服务器发送至门禁,门禁利用目标用户的身份信息对目标用户进行认证并通过后,目标用户也可以获得授权,从而进入该小区,一方面,享受目标用户所提供服务的客户不需要出门为所述目标用户开启门禁,为客户提供了便捷,另一方面,目标用户在进入小区时是通过权限控制装置的认证后才获得授权进入的,保障了安全性。In this embodiment, after receiving the location information sent by the client, the first server allocates the target user and sends the identity information of the target user to the second server, where the target user provides services for the client located in the location information. a person (such as a delivery person or a food delivery person, etc.), the second server sends the identity information of the target user to the authority control device, and when the target user arrives at the location of the authority control device, the first information carrier to be authenticated is held Placed in the detection area of the authority control device, the authority control device detects and reads the identity information to be authenticated, and performs the first authentication, and if the authentication passes, performs the authorization operation. It can be seen that in the cell with the access control (the access control is the authority control device), even if the target user (such as a delivery person or a food delivery person, etc.) does not have the access card of the cell, the present invention can be used. The solution sends the identity information of the target user to the second server through the first server, and is sent to the access control by the second server. After the access control authenticates the target user by using the identity information of the target user, the target user can also obtain the authorization. Therefore, the user enters the cell. On the one hand, the client who enjoys the service provided by the target user does not need to go out to open the access control for the target user, and provides convenience for the client. On the other hand, the target user is authenticated by the authority control device when entering the cell. After being authorized to enter, security is guaranteed.

作为本实施例的一种可选实施方式,所述权限控制装置在所述第一认证通过后或者执行授权操作后,删除存储的所述第二信息或者设置该第二信息的状态为失效状态。为提高授权操作的安全性,本实施例通过在执行本次认证或者本次授权操作后,删除存储的第二信息,使得后续流程中无法再使用该第二信息进行下次的认证或授权,或者设置该第二信息的状态为失效状态,亦即该第二信息用于一次认证和授权的操作后即失效,之后也无法再使用该第二信息进行下次的认证或授权,避免了该第二信息在后续流程中被非法再次用于认证和授权。As an optional implementation manner of this embodiment, after the first authentication is passed or after the authorization operation is performed, the rights control device deletes the stored second information or sets the state of the second information to a failure state. . In order to improve the security of the authorization operation, the embodiment deletes the stored second information after performing the current authentication or the current authorization operation, so that the second information cannot be used for the next authentication or authorization in the subsequent process. Or setting the state of the second information to a failure state, that is, the second information is invalid after being used for one authentication and authorization operation, and then the second information cannot be used for the next authentication or authorization, thereby avoiding the The second information is illegally used again for authentication and authorization in subsequent processes.

作为本实施例的一种可选实施方式,为进一步保证授权操作的安全性,还可以为授权操作设置时效,所述权限控制装置执行授权操作,包括:所述权限控制装置在第一认证通过后,判断计时到达的时刻是否超出规定时间,如果没有超出规定时间,则执行授权操作,其中,所述计时在所述权限控制装置接收到第二信息时开始,或者所述计时在所述权限控制装置接收到第二服务器发送的指令时开始。As an optional implementation manner of this embodiment, in order to further ensure the security of the authorization operation, the authorization operation may also be set, and the authority control device performs the authorization operation, including: the authority control device passes the first authentication. After that, it is judged whether the time when the timing arrives exceeds the prescribed time, and if the specified time is not exceeded, the authorization operation is performed, wherein the timing starts when the authority control device receives the second information, or the timing is in the authority The control device begins when it receives an instruction sent by the second server.

例如,权限控制装置接收到第二信息或者接收到第二服务器发送的计时开始指令的时刻为上午9点,此时开始计时,规定时间可以设置为上午12点,则若第一认证通过后,权限控制装置计时的时刻未超出上午12点时,则允许执行授权操作,若超出上午12点,则即使第一认证通过,也不执行授权操作。For example, the time when the right control device receives the second information or receives the timing start command sent by the second server is 9:00 am, and the time starts, and the predetermined time can be set to 12 am, if the first authentication is passed, When the time when the authority control device counts does not exceed 12 o'clock in the morning, the authorization operation is allowed. If the time exceeds 12 o'clock, the authorization operation is not performed even if the first authentication is passed.

作为本实施例的一种可选实施方式,第二信息还包括:所述位置信息。该位置信息可以用于对目标用户进行第二认证,进一步保障授权操作的安全性。As an optional implementation manner of this embodiment, the second information further includes: the location information. The location information can be used to perform second authentication on the target user to further ensure the security of the authorization operation.

作为本实施例的一种可选实施方式,所述第二服务器向权限控制装置发送所述第二信息,包括:所述第二服务器在所述权限控制装置所在位置与所述位置信息一致时,向权限控制装置发送所述第二信息。实际应用中,第二服务器可以管理多个权限控制装置,不同的权限控制装置的位置也不相同。第二服务器在发送第二信息时,由于第二信息中的位置信息表示目标用户提供服务的地址(例如目标用户可以为快递员,位置信息可以为送货地址,权限控制装置为门禁),可以先确定第二信息中的位置信息与权限控制装置的位置信息是否一致(例如确定送货地址与门禁的位置是否一致),若一致,向该权限控制装置发送所述第二信息,若不一致,则不发送第二信息。本实施方式中,位置信息与第二信息中的位置信息一致的权限控制装置会接收到第二信息,而位置信息与第二信息中的位置信息不一致的权限控制装置不会收到第二信息,从而使得后续流程中该权限控制装置可以在目标用户的位置信息与权限控制装置的所在位置一致时,对目标用户进行授权,否则,对目标用户不进行授权。As an optional implementation manner of this embodiment, the sending, by the second server, the second information to the rights control device includes: when the location of the rights control device is consistent with the location information, the second server Sending the second information to the authority control device. In practical applications, the second server can manage multiple rights control devices, and different rights control devices have different locations. When the second server sends the second information, because the location information in the second information indicates the address of the service provided by the target user (for example, the target user may be a courier, the location information may be a delivery address, and the permission control device is an access control), First determining whether the location information in the second information is consistent with the location information of the rights control device (eg, determining whether the shipping address is consistent with the location of the access control), and if yes, sending the second information to the rights control device, if not, Then the second message is not sent. In this embodiment, the authority control device that matches the location information and the location information in the second information receives the second information, and the rights control device that does not match the location information in the second information does not receive the second information. Therefore, the authority control device can authorize the target user when the location information of the target user is consistent with the location of the authority control device in the subsequent process; otherwise, the target user is not authorized.

上述实施方式中,在第二服务器向权限控制装置发送第二信息时,是由第二服务器确定第二信息中位置信息与权限控制装置的所在位置一致时发送,当然,第二服务器在发送第二信息时也可以不关心第二信息中位置信息是否与权限控制装置的所在位置一致的问题,而是直接将第二信息发送给各个权限控制装置,由权限控制装置确定所述第二信息中的所述位置信息与所述自身所在的位置信息是否一致,再进行相应处理:In the above embodiment, when the second server sends the second information to the authority control device, the second server determines that the location information in the second information is consistent with the location of the authority control device, and of course, the second server is transmitting. The second information may also not care whether the location information in the second information is consistent with the location of the rights control device, but directly sends the second information to each rights control device, and the rights control device determines the second information. Whether the location information is consistent with the location information of the self, and then corresponding processing:

作为本实施例的一种可选实施方式,所述权限控制装置接收第二信息后,可以执行如下操作:所述权限控制装置在所述第二信息中的所述位置信息与所述权限控制装置所在的位置信息一致时,存储所述第二信息。本实施例中,第二服务器向权限控制装置发送的第二信息中有可能会出现,第二信息所携带的位置信息与权限控制装置所在位置不一致的情况,权限控制装置在所述第二信息中的所述位置信息与所述权限控制装置所在的位置信息一致时,存储所述第二信息,若不一致,则不存储所述第二信息,从而使得后续权限控制装置利用位置信息进行第二认证时,目标用户所提供服务的位置与所述权限控制装置存储的位置信息一致时,可以获得权限控制装置的授权,否则,无法获得授权,进一步保证了授权操 作的安全性。As an optional implementation manner of this embodiment, after receiving the second information, the rights control device may perform the following operations: the location information and the rights control in the second information by the rights control device When the location information of the device is consistent, the second information is stored. In this embodiment, the second information sent by the second server to the authority control device may occur, and the location information carried by the second information is inconsistent with the location of the rights control device, and the rights control device is in the second information. When the location information in the location is consistent with the location information of the rights control device, the second information is stored, and if not, the second information is not stored, so that the subsequent rights control device uses the location information to perform the second At the time of authentication, when the location of the service provided by the target user is consistent with the location information stored by the authority control device, authorization of the authority control device may be obtained; otherwise, authorization may not be obtained, further ensuring authorization operation Safety.

作为本实施例的一种可选实施方式,所述权限控制装置执行授权操作之前,除了可以利用身份信息对目标用户进行第一认证,还可以利用存储的位置信息对目标用户进行第二认证,所述方法还包括:所述权限控制装置检测到第二待认证信息载体进入检测范围,读取所述第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;所述权限控制装置利用存储的位置信息对所述待认证位置信息进行第二认证;此时所述权限控制装置执行授权操作,具体为:所述第一认证和第二认证均通过后,执行授权操作。本实施例中第二待认证信息载体包括携带有位置信息的订单图形码或订单条形码等,当目标用户携带货物(货物上贴有表示订单信息的订单图形码或订单条形码)到达权限控制装置所在位置时,权限控制装置可以从订单图形码或订单条形码中读取送货地址,该送货地址相当于待认证位置信息,由于权限控制装置之前已经存储过位置信息,若读取的待认证位置信息与之前存储的位置信息一致,则第二认证通过,否则第二认证不通过。As an optional implementation manner of this embodiment, before the authorization control apparatus performs the authorization operation, in addition to performing the first authentication on the target user by using the identity information, the second location may be performed on the target user by using the stored location information. The method further includes: the authority control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information, wherein the second to-be-certified information includes: location information to be authenticated; The rights control device performs the second authentication on the to-be-authenticated location information by using the stored location information; at this time, the rights control device performs an authorization operation, specifically: after the first authentication and the second authentication are both passed, the authorization is performed. operating. In this embodiment, the second to-be-certified information carrier includes an order graphic code or an order barcode carrying the location information, and when the target user carries the goods (the order graphic code or the order barcode indicating the order information is attached to the goods), the access control device is located. In the position, the authority control device can read the delivery address from the order graphic code or the order barcode, the delivery address is equivalent to the location information to be authenticated, and since the permission control device has previously stored the location information, if the read location to be authenticated If the information is consistent with the previously stored location information, the second authentication passes, otherwise the second authentication fails.

下面,以目标用户为快递员,位置信息为送货地址为例进行说明:例如,一小区中设有8栋楼,每座楼均设有门禁,位于8号楼的门禁接收到第二信息时,如果第二信息中的送货地址为8号楼,则8号楼的门禁存储该第二信息(该第二信息包括快递员的身份信息和送货地址),否则不存储该第二信息,后续如果快递员来到8号楼时,如果该快递员需要派送的货物的送货地址为8号楼时,8号楼的门禁通过扫描订单信息读取出送货地址,通过位置信息比对得出的结果为比对该送货地址与之前存储的送货地址一致,则8号楼的门禁为快递员授权,从而快递员进入8号楼;而如果快递员需要派送的货物的送货地址不是8号楼时,8号楼的门禁通过扫描订单信息读取出送货地址,通过位置信息比对得出的结果为该送货地址与之前存储的送货地址不一致,则该快递员无法获得8号楼的门禁授权,也就无法进入8号楼。In the following, the target user is the courier and the location information is the delivery address as an example: for example, there are 8 buildings in a community, each building has an access control, and the access control in the 8th building receives the second information. If the delivery address in the second information is the 8th floor, the access control of the 8th building stores the second information (the second information includes the courier's identity information and the shipping address), otherwise the second is not stored. Information, follow-up If the courier arrives at Building 8, if the delivery address of the goods that the courier needs to deliver is the No. 8 building, the access control of Building No. 8 reads the shipping address through the scanning order information, and passes the location information. The result of the comparison is that the delivery address is the same as the previously stored delivery address, then the access control of the 8th building is authorized by the courier, so the courier enters the 8th building; and if the courier needs to deliver the goods When the delivery address is not the 8th floor, the access control of the 8th building reads the delivery address by scanning the order information. If the result of the position information comparison is that the delivery address is inconsistent with the previously stored delivery address, then the Courier can't get 8 Floor access authorization, they can not enter the Building 8.

作为本实施例的一种可选实施方式,所述权限控制装置执行授权操作之前,除了可以利用身份信息对目标用户进行第一认证,还可以利用权限控制装置所在的位置信息对目标用户进行第二认证,本实施方式中,权限控制装置不需要存储第二信息中的位置信息,直接利用权限控制装置所在的位置信息进行第二认证,具体的,所述方法还包括:所述权限控制装置检测到第二待认证信息载体进入检测范围,从所述第二待认证信息载体读取第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;所述权限控制装置利用所述权限控制装置所在的位置信息对所述待认证位置信息进行第二认证;所述权限控制装置执行授权操作,包括:所述第一认证和第二认证均通过后,执行授权操作。本实施例中第二待认证信息载体包括携带有订单信息的订单图形码或订单条形码等,权限控制装置可以从订单图形码或订单条形码中读取送货地址,该送货地址相当于待认证位置信息,由于权限控制装置自身也有位置信息,若读取的待认证位置信息与权限控制装置所在的位置信息一致,则第二认证通过,否则第二认证不通过。也就是说,权限控制装置利用位置信息进行第二认证时,目标用户所提供服务的位置(例如送货地址)与所述权限控制装置所在的位置信息一致时,可以获得权限控制装置的授权,否则,无法获得授权,进一步保证了授权操作的安全性。As an optional implementation manner of this embodiment, before the authorization control device performs the authorization operation, in addition to performing the first authentication on the target user by using the identity information, the location information of the permission control device may be used to perform the first In the second embodiment, the privilege control device does not need to store the location information in the second information, and directly performs the second authentication by using the location information of the privilege control device. Specifically, the method further includes: the privilege control device Detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information from the second to-be-certified information carrier, wherein the second to-be-certified information includes: to-be-authenticated location information; The second authentication is performed on the to-be-authenticated location information by using the location information of the permission control device. The authorization control device performs an authorization operation, including: after the first authentication and the second authentication are both passed, performing an authorization operation. In this embodiment, the second to-be-certified information carrier includes an order graphic code or an order barcode carrying the order information, and the permission control device can read the delivery address from the order graphic code or the order barcode, which is equivalent to the authentication to be authenticated. The location information, because the rights control device itself also has location information, if the read location information to be authenticated is consistent with the location information of the rights control device, the second authentication passes, otherwise the second authentication fails. That is to say, when the authority control device performs the second authentication by using the location information, when the location (for example, the delivery address) of the service provided by the target user is consistent with the location information of the authority control device, the authorization of the authority control device can be obtained. Otherwise, authorization cannot be obtained, further ensuring the security of the authorization operation.

需要说明的是,本实施例中,当第一待认证信息载体和第二待认证信息载体均携带有目标用户的身份信息和位置信息时,该第一待认证信息载体和第二待认证信息载体可以为同一载体,例如,第一待认证信息载体和第二待认证信息载体均为订单图形码或订单条形码,订单图形码或订单条形码中携带有目标用户的身份信息和位置信息时,权限控制装置通过扫码可以获得目标用户的身份信息,也可以获得位置信息。当然,第一待认证信息载体和第二待认证信息载体可以为不同的载体,例如,第一待认证信息载体为目标用户的身份证,第二待认证信息载体为订单图形码或订单条形码,订单图形码或订单条形码中携带有位置信息。It should be noted that, in this embodiment, when the first to-be-authenticated information carrier and the second to-be-certified information carrier both carry the identity information and the location information of the target user, the first to-be-authenticated information carrier and the second to-be-certified information The carrier may be the same carrier. For example, the first to-be-certified information carrier and the second to-be-certified information carrier are both an order graphic code or an order barcode, and the order graphic code or the order barcode carries the identity information and location information of the target user. The control device can obtain the identity information of the target user by scanning the code, and can also obtain the location information. Certainly, the first to-be-certified information carrier and the second to-be-certified information carrier may be different carriers. For example, the first to-be-certified information carrier is an identity card of the target user, and the second to-be-certified information carrier is an order graphic code or an order barcode. Location information is carried in the order graphic code or order barcode.

作为本实施例的一种可选实施方式,所述方法还包括:所述权限控制装置在第一认证通过后,向所述客户端发送所述目标用户的身份信息。权限控制装置向客户端发送目标用户的身份信息以便于客户端向客户提示该目标用户已通过授权,例如,门禁对快递员第一认证通过后,门禁向客户端发送快递员的身份信息,以便客户端可以提示该快递员已经经过门禁的认证,即将进行送货。As an optional implementation manner of this embodiment, the method further includes: after the first authentication is passed, the rights control device sends the identity information of the target user to the client. The permission control device sends the identity information of the target user to the client, so that the client prompts the client that the target user has passed the authorization. For example, after the first pass of the access control to the courier, the access control sends the identity information of the courier to the client, so that The client can prompt the courier to be certified for access control and will be delivered soon.

实施例2Example 2

本实施例提供一种数据交互系统,可用于执行实施例1中的数据交互方法,如图2所示,该系统包括:第一服务器11、第二服务器12和权限控制装置13;The embodiment provides a data interaction system, which can be used to execute the data interaction method in Embodiment 1, as shown in FIG. 2, the system includes: a first server 11, a second server 12, and an authority control device 13;

其中,第一服务器11,用于接收客户端发送的第一信息,所述第一信息包括位置信息;为所述位置信息分配目标用户,确定所述目标用户的身份信息;向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;The first server 11 is configured to receive first information sent by the client, where the first information includes location information, assign a target user to the location information, determine identity information of the target user, and send the second information to the second server. The server sends the second information, where the second information includes at least the identity information of the target user;

所述第二服务器12,用于接收所述第二信息,并向权限控制装置发送所述第二信息;The second server 12 is configured to receive the second information, and send the second information to the rights control device;

所述权限控制装置13,用于接收所述第二信息,并存储所述第二信息;检测到第一待认证信息载体进入检测范围,从所述第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身 份信息;并使用存储的所述目标用户的身份信息对所述待认证身份信息进行第一认证;以及在所述第一认证通过后,执行授权操作。The right control device 13 is configured to receive the second information, and store the second information; detecting that the first to-be-certified information carrier enters the detection range, and reading the first to-be-processed information from the first to-be-certified information carrier Authentication information, the first to-be-certified information includes a body to be authenticated And performing the first authentication on the identity information to be authenticated by using the stored identity information of the target user; and performing an authorization operation after the first authentication is passed.

作为本实施例的一种可选实施方式,所述权限控制装置,还用于在所述第一认证通过后或者执行授权操作后,删除存储的所述第二信息或者设置该第二信息的状态为失效状态。As an optional implementation manner of this embodiment, the rights control apparatus is further configured to delete the stored second information or set the second information after the first authentication is passed or after the authorization operation is performed. The status is a failed state.

作为本实施例的一种可选实施方式,为进一步保证授权操作的安全性,还可以为授权操作设置时效,所述权限控制装置,具体用于在第一认证通过后,判断计时到达的时刻是否超出规定时间,如果没有超出规定时间,则执行授权操作,其中,所述计时在所述权限控制装置接收到第二信息时开始,或者所述计时在所述权限控制装置接收到第二服务器发送的指令时开始。As an optional implementation manner of this embodiment, in order to further ensure the security of the authorization operation, the aging control may be set for the authorization operation, and the privilege control device is specifically configured to determine the timing of the arrival of the timing after the first authentication is passed. Whether the specified time is exceeded, and if the specified time is not exceeded, the authorization operation is performed, wherein the timing starts when the authority control device receives the second information, or the timing receives the second server at the authority control device Start when the command is sent.

作为本实施例的一种可选实施方式,所述第二信息还包括:所述位置信息;该位置信息可以用于对目标用户进行第二认证,进一步保障授权操作的安全性。As an optional implementation manner of the embodiment, the second information further includes: the location information; the location information may be used to perform second authentication on the target user, further ensuring security of the authorization operation.

作为本实施例的一种可选实施方式,所述第二服务器,具体用于所述第二服务器在所述权限控制装置所在位置与所述位置信息一致时,向权限控制装置发送所述第二信息。As an optional implementation manner of this embodiment, the second server is specifically configured to send, by the second server, the first control device to the rights control device when the location of the rights control device is consistent with the location information. Two information.

作为本实施例的一种可选实施方式,所述权限控制装置,具体用于在所述第二信息中的所述位置信息与所述权限控制装置所在的位置信息一致时,存储所述第二信息。As an optional implementation manner of this embodiment, the authority control device is configured to: when the location information in the second information is consistent with the location information of the rights control device, storing the Two information.

作为本实施例的一种可选实施方式,所述权限控制装置,还用于在执行授权操作之前,检测到第二待认证信息载体进入检测范围,读取所述第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;所述权限控制装置,还用于利用存储的位置信息对所述待认证位置信息进行第二认证;所述权限控制装置执行授权操作,具体用于所述第一认证和第二认证均通过后,执行授权操作。作为本实施例的一种可选实施方式,所述权限控制装置,还用于执行授权操作之前,检测到第二待认证信息载体进入检测范围,从所述第二待认证信息载体读取第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;以及利用所述权限控制装置所在的位置信息对所述待认证位置信息进行第二认证;所述权限控制装置,具体用于所述第一认证和第二认证均通过后,执行授权操作。As an optional implementation manner of this embodiment, the rights control apparatus is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information, where The second to-be-certified information includes: location information to be authenticated; the rights control device is further configured to perform second authentication on the to-be-authenticated location information by using the stored location information; the rights control device performs an authorization operation, Specifically, after the first authentication and the second authentication are both passed, the authorization operation is performed. As an optional implementation manner of this embodiment, the rights control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading from the second to-be-certified information carrier The second to-be-certified information, wherein the second to-be-certified information includes: location information to be authenticated; and second authentication of the to-be-authenticated location information by using the location information of the rights control device; Specifically, after the first authentication and the second authentication are both passed, the authorization operation is performed.

作为本实施例的一种可选实施方式,所述权限控制装置,还用于在第一认证通过后,向所述客户端发送所述目标用户的身份信息。As an optional implementation manner of this embodiment, the rights control apparatus is further configured to: after the first authentication is passed, send the identity information of the target user to the client.

作为本实施例的一种可选实施方式,所述第二服务器通过如下方式实现接收所述第二信息,并向权限控制装置发送所述第二信息:接收所述第二信息,存储所述第二信息;以及接收所述身份信息获取请求,向所述权限控制装置发送所述第二信息。As an optional implementation manner of this embodiment, the second server is configured to receive the second information, and send the second information to the rights control device: receiving the second information, storing the And receiving the identity information acquisition request, and transmitting the second information to the rights control device.

实施例3Example 3

本实施例中,与实施例1不同的是:权限控制装置不会存储第二信息,而是由第二服务器存储该第二信息,权限控制装置从第二服务器请求获取该第二信息后,使用接收的目标用户的身份信息进行第一认证。In this embodiment, different from the first embodiment, the permission control device does not store the second information, but the second server stores the second information, and after the permission control device requests the second information from the second server, The first authentication is performed using the identity information of the received target user.

下面,对本实施例提供一种的数据交互方法进行简要说明,其他与实施例1相同的部分可以参见实施例1中的相关描述,在此不再赘述。The following is a brief description of the data interaction method provided in this embodiment. For the other parts in the same manner as the first embodiment, reference may be made to the related description in Embodiment 1, and details are not described herein again.

如图3所示,该方法包括:As shown in FIG. 3, the method includes:

201、第一服务器接收客户端发送的第一信息,所述第一信息包括位置信息;201. The first server receives first information sent by a client, where the first information includes location information.

202、所述第一服务器为所述位置信息分配目标用户,确定所述目标用户的身份信息;202. The first server allocates a target user to the location information, and determines identity information of the target user.

203、所述第一服务器向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;203. The first server sends second information to the second server, where the second information includes at least identity information of the target user.

204、所述第二服务器接收所述第二信息,存储所述第二信息;204. The second server receives the second information, and stores the second information.

本实施例中,第二信息至少包括目标用户的身份信息,第二服务器存储所述目标用户的身份信息,以便于后续权限控制装置请求获取该身份信息时向权限控制装置提供该第二信息。In this embodiment, the second information includes at least the identity information of the target user, and the second server stores the identity information of the target user, so that the second information is provided to the authority control device when the subsequent rights control device requests to obtain the identity information.

205、所述权限控制装置检测到第一待认证信息载体进入检测范围,从第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;205. The permission control device detects that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-authenticated information carrier, where the first to-be-authenticated information includes identity information to be authenticated.

206、所述权限控制装置向所述第二服务器发送身份信息获取请求;所述第二服务器接收所述身份信息获取请求,向权限控制装置发送所述第二信息;The permission control device sends an identity information acquisition request to the second server; the second server receives the identity information acquisition request, and sends the second information to the rights control device;

本实施例中第二服务器可以用于对权限控制装置进行管理,例如在设有门禁的小区中,权限控制装置可以为门禁,第二服务器为可以对门禁实现数据交互以及管理的服务器。In this embodiment, the second server may be used to manage the rights control device. For example, in the cell with the access control, the rights control device may be the access control, and the second server is the server that can implement data interaction and management for the access control.

需要说明的是,步骤205和步骤206可以同时执行,也可以先执行步骤205后执行步骤206,在此不做限定。It should be noted that step 205 and step 206 may be performed at the same time, and step 206 may be performed first and then step 206 is performed, which is not limited herein.

207、所述权限控制装置接收所述第二信息,使用接收到的所述目标用户的身份信息对所述待认证身份信息进行第一认证;207. The rights control device receives the second information, and performs first authentication on the to-be-authenticated identity information by using the received identity information of the target user.

208、所述权限控制装置在所述第一认证通过后,执行授权操作。 208. The authority control device performs an authorization operation after the first authentication is passed.

本实施例中,权限控制装置使用接收到的所述目标用户的身份信息对所述待认证身份信息进行第一认证,可以通过如下方式实现:判断接收到的所述目标用户的身份信息与所述待认证身份信息是否一致,若一致,则第一认证通过,若不一致,则第一认证不通过。In this embodiment, the rights control device performs the first authentication on the to-be-authenticated identity information by using the received identity information of the target user, which may be implemented by: determining the identity information and the received target information of the target user. Whether the authentication identity information is consistent. If the identity is consistent, the first authentication is passed. If not, the first authentication fails.

作为本实施例的一种可选实施方式,该方法还包括:所述权限控制装置在所述第一认证通过后或者执行授权操作后,向所述第二服务器发送安全处理指令;所述第二服务器接收所述安全处理指令,删除存储的所述第二信息或者设置该第二信息的状态为失效状态。为提高授权操作的安全性,本实施例通过在权限控制装置利用第二信息执行本次认证或者本次授权操作后,通知第二服务器删除存储的第二信息,使得后续无法再使用该第二信息进行下次的认证或授权,或者通知第二服务器设置该第二信息的状态为失效状态,亦即该第二信息用于一次认证和授权的操作后即失效,之后也无法再使用该第二信息进行下次的认证或授权,避免了该第二信息在后续流程中被非法再次用于认证和授权。As an optional implementation manner of this embodiment, the method further includes: after the first authentication is passed or after performing the authorization operation, the rights control device sends a security processing instruction to the second server; The second server receives the security processing instruction, deletes the stored second information, or sets the state of the second information to a failure state. In order to improve the security of the authorization operation, the embodiment notifies the second server to delete the stored second information after the authorization control device performs the current authentication or the current authorization operation by using the second information, so that the second information cannot be used subsequently. The information is used for the next authentication or authorization, or the second server is notified to set the state of the second information to a failure state, that is, the second information is invalid after being used for one authentication and authorization operation, and the second information cannot be used again. The second information is used for the next authentication or authorization, and the second information is illegally used for authentication and authorization again in the subsequent process.

作为本实施例的一种可选实施方式,所述第二信息还包括:位置信息;As an optional implementation manner of this embodiment, the second information further includes: location information;

作为本实施例的一种可选实施方式,所述第二服务器向权限控制装置发送所述第二信息,包括:所述第二服务器在所述权限控制装置所在位置与所述位置信息一致时,向权限控制装置发送所述第二信息。As an optional implementation manner of this embodiment, the sending, by the second server, the second information to the rights control device includes: when the location of the rights control device is consistent with the location information, the second server Sending the second information to the authority control device.

作为本实施例的一种可选实施方式,所述权限控制装置执行授权操作之前,除了可以利用身份信息对目标用户进行第一认证,还可以利用从第二服务器请求获得第二信息中的位置信息对目标用户进行第二认证,具体的,所述方法还包括:所述权限控制装置检测到第二待认证信息载体进入检测范围,读取所述第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;所述权限控制装置利用接收到的位置信息对所述待认证位置信息进行第二认证;所述权限控制装置执行授权操作,具体为:所述第一认证和第二认证均通过后,执行授权操作。As an optional implementation manner of this embodiment, before the authorization control apparatus performs the authorization operation, in addition to performing the first authentication on the target user by using the identity information, the location in the second information may be requested by using the second server. The information is used to perform the second authentication on the target user. Specifically, the method further includes: the permission control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information, where the The second to-be-certified information includes: location information to be authenticated; the rights control device performs second authentication on the to-be-authenticated location information by using the received location information; the rights control device performs an authorization operation, specifically: the first After the authentication and the second authentication are passed, the authorization operation is performed.

作为本实施例的一种可选实施方式,所述权限控制装置执行授权操作之前,除了可以利用身份信息对目标用户进行第一认证,还可以利用权限控制装置所在的位置信息对目标用户进行第二认证,本实施方式中,权限控制装置不需要从第二服务器请求获取第二信息中的位置信息,直接利用权限控制装置所在的位置信息进行认证,具体的,所述权限控制装置执行授权操作之前,所述方法还包括:所述权限控制装置检测到第二待认证信息载体进入检测范围,从所述第二待认证信息载体读取第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;所述权限控制装置利用所述权限控制装置所在的位置信息对所述待认证位置信息进行第二认证;所述权限控制装置执行授权操作,包括:所述第一认证和第二认证均通过后,执行授权操作。As an optional implementation manner of this embodiment, before the authorization control device performs the authorization operation, in addition to performing the first authentication on the target user by using the identity information, the location information of the permission control device may be used to perform the first In the second embodiment, the authority control device does not need to request the second server to obtain the location information in the second information, and directly uses the location information of the rights control device to perform the authentication. Specifically, the rights control device performs the authorization operation. The method further includes: the authority control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information from the second to-be-certified information carrier, wherein the second to-be-certified The information includes: location information to be authenticated; the rights control device performs second authentication on the location information to be authenticated by using location information of the rights control device; and the authorization control device performs an authorization operation, including: the first After the authentication and the second authentication are passed, the authorization operation is performed.

作为本实施例的一种可选实施方式,所述方法还包括:所述权限控制装置在第一认证通过后,向所述客户端发送所述目标用户的身份信息。As an optional implementation manner of this embodiment, the method further includes: after the first authentication is passed, the rights control device sends the identity information of the target user to the client.

实施例4Example 4

本实施例提供一种数据交互系统,可执行上述实施例4中的数据交互方法,如图4所示,该系统包括:第一服务器21、第二服务器22和权限控制装置23;The embodiment provides a data interaction system, which can perform the data interaction method in the above embodiment 4. As shown in FIG. 4, the system includes: a first server 21, a second server 22, and an authority control device 23;

其中,第一服务器21,用于接收客户端发送的第一信息,所述第一信息包括位置信息;为所述位置信息分配目标用户,确定所述目标用户的身份信息;向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;The first server 21 is configured to receive first information sent by the client, where the first information includes location information, assign a target user to the location information, determine identity information of the target user, and send the second information to the second server. The server sends the second information, where the second information includes at least the identity information of the target user;

所述第二服务器22,用于接收所述第二信息,存储所述第二信息;The second server 22 is configured to receive the second information, and store the second information.

所述权限控制装置23,用于检测到第一待认证信息载体进入检测范围,从第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;以及,向所述第二服务器发22送身份信息获取请求;The right control device 23 is configured to detect that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-authenticated information includes identity information to be authenticated; Sending 22 an identity information acquisition request to the second server;

所述第二服务器22,还用于接收所述身份信息获取请求,向权限控制装置23发送所述第二信息;The second server 22 is further configured to receive the identity information acquisition request, and send the second information to the rights control device 23;

所述权限控制装置23,还用于接收所述第二信息,使用接收到的所述目标用户的身份信息对所述待认证身份信息进行第一认证;以及在所述第一认证通过后,执行授权操作。The rights control device 23 is further configured to receive the second information, perform first authentication on the to-be-authenticated identity information by using the received identity information of the target user, and after the first authentication is passed, Perform an authorization operation.

作为本实施例的一种可选实施方式,所述权限控制装置,还用于在所述第一认证通过后或者执行授权操作后,向所述第二服务器发送安全处理指令;所述第二服务器,还用于接收所述安全处理指令,删除存储的所述第二信息或者设置该第二信息的状态为失效状态。As an optional implementation manner of this embodiment, the rights control apparatus is further configured to send a security processing instruction to the second server after the first authentication is passed or after performing the authorization operation; The server is further configured to receive the security processing instruction, delete the stored second information, or set the state of the second information to a failure state.

作为本实施例的一种可选实施方式,所述第二信息还包括:位置信息;使用该位置信息可以实现对目标用户进行第二认证,进一步保障授权操作的安全性。As an optional implementation manner of the embodiment, the second information further includes: location information; using the location information, performing second authentication on the target user, further ensuring security of the authorization operation.

作为本实施例的一种可选实施方式,所述第二服务器,具体用于所述第二服务器在所述权限控制装置所在位置与所述位置信息一致时,向权限控制装置发送所述第二信息。As an optional implementation manner of this embodiment, the second server is specifically configured to send, by the second server, the first control device to the rights control device when the location of the rights control device is consistent with the location information. Two information.

作为本实施例的一种可选实施方式,所述权限控制装置,还用于执行授权操作之前,检测到第二待认证信息载体进入检测范围,读取所述第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;以及利用接收到的位置信息对所述待认证位置信息进行第二认证;所述权限控制装置,具体用于 所述第一认证和第二认证均通过后,执行授权操作。As an optional implementation manner of this embodiment, the privilege control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information, where The second to-be-certified information includes: location information to be authenticated; and second authentication of the to-be-authenticated location information by using the received location information; After the first authentication and the second authentication are both passed, the authorization operation is performed.

作为本实施例的一种可选实施方式,所述权限控制装置,还用于执行授权操作之前,检测到第二待认证信息载体进入检测范围,从所述第二待认证信息载体读取第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;以及利用所述权限控制装置所在的位置信息对所述待认证位置信息进行第二认证;所述权限控制装置,具体用于所述第一认证和第二认证均通过后,执行授权操作。As an optional implementation manner of this embodiment, the rights control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading from the second to-be-certified information carrier The second to-be-certified information, wherein the second to-be-certified information includes: location information to be authenticated; and second authentication of the to-be-authenticated location information by using the location information of the rights control device; Specifically, after the first authentication and the second authentication are both passed, the authorization operation is performed.

作为本实施例的一种可选实施方式,所述权限控制装置,还用于在第一认证通过后,向所述客户端发送所述目标用户的身份信息。As an optional implementation manner of this embodiment, the rights control apparatus is further configured to: after the first authentication is passed, send the identity information of the target user to the client.

在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of the present specification, the description with reference to the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. A structure, material or feature is included in at least one embodiment or example of the invention. In the present specification, the schematic representation of the above terms does not necessarily mean the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples.

尽管上面已经示出和描述了本发明的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本发明的限制,本领域的普通技术人员在不脱离本发明的原理和宗旨的情况下在本发明的范围内可以对上述实施例进行变化、修改、替换和变型。本发明的范围由所附权利要求及其等同限定。 Although the embodiments of the present invention have been shown and described, it is understood that the foregoing embodiments are illustrative and not restrictive Variations, modifications, alterations and variations of the above-described embodiments are possible within the scope of the invention. The scope of the invention is defined by the appended claims and their equivalents.

Claims (34)

一种数据交互方法,其特征在于,包括:A data interaction method, comprising: 第一服务器接收客户端发送的第一信息,所述第一信息包括位置信息;The first server receives the first information sent by the client, where the first information includes location information; 所述第一服务器为所述位置信息分配目标用户,确定所述目标用户的身份信息;The first server allocates a target user to the location information, and determines identity information of the target user; 所述第一服务器向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;The first server sends second information to the second server, where the second information includes at least identity information of the target user; 所述第二服务器接收所述第二信息,并向权限控制装置发送所述第二信息;The second server receives the second information, and sends the second information to the rights control device; 所述权限控制装置接收所述第二信息,并存储所述第二信息;The authority control device receives the second information and stores the second information; 所述权限控制装置检测到第一待认证信息载体进入检测范围,从所述第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;The right control device detects that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-certified information includes identity information to be authenticated; 所述权限控制装置使用存储的所述目标用户的身份信息对所述待认证身份信息进行第一认证;The rights control device performs first authentication on the to-be-authenticated identity information by using the stored identity information of the target user. 所述权限控制装置在所述第一认证通过后,执行授权操作。The authority control device performs an authorization operation after the first authentication is passed. 根据权利要求1所述的方法,其特征在于,还包括:所述权限控制装置在所述第一认证通过后或者执行授权操作后,删除存储的所述第二信息或者设置所述第二信息的状态为失效状态。The method according to claim 1, further comprising: the authority control means deleting the stored second information or setting the second information after the first authentication is passed or after performing an authorization operation The status is a failed state. 根据权利要求1所述的方法,其特征在于,所述第二信息还包括:所述位置信息;The method according to claim 1, wherein the second information further comprises: the location information; 所述权限控制装置存储所述第二信息,包括:所述权限控制装置在所述第二信息中的所述位置信息与所述权限控制装置所在的位置信息一致时,存储所述第二信息。The storing, by the permission control device, the second information, when the location information in the second information is consistent with the location information of the rights control device, storing the second information . 根据权利要求3所述的方法,其特征在于,所述权限控制装置执行授权操作之前,所述方法还包括:The method according to claim 3, wherein before the authorization control device performs the authorization operation, the method further includes: 所述权限控制装置检测到第二待认证信息载体进入检测范围,读取所述第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;The right control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information, wherein the second to-be-certified information includes: to-be-authenticated location information; 所述权限控制装置利用存储的位置信息对所述待认证位置信息进行第二认证;The authority control device performs second authentication on the to-be-authenticated location information by using the stored location information; 所述权限控制装置执行授权操作,具体为:所述第一认证和第二认证均通过后,执行授权操作。The authorization control device performs an authorization operation, where the authorization operation is performed after the first authentication and the second authentication are both passed. 根据权利要求1所述的方法,其特征在于,所述权限控制装置执行授权操作,包括:所述权限控制装置在第一认证通过后,判断计时到达的时刻是否超出规定时间,如果没有超出规定时间,则执行授权操作,其中,所述计时在所述权限控制装置接收到第二信息时开始,或者所述计时在所述权限控制装置接收到第二服务器发送的指令时开始。The method according to claim 1, wherein the authority control means performs an authorization operation, comprising: after the first authentication is passed, determining, by the authority control means, whether the time of arrival of the time exceeds a prescribed time, if the rule is not exceeded At the time, an authorization operation is performed, wherein the timing starts when the authority control device receives the second information, or the timing starts when the authority control device receives the instruction sent by the second server. 根据权利要求1所述的方法,其特征在于,所述第二信息还包括位置信息;所述第二服务器向权限控制装置发送所述第二信息,包括:所述第二服务器在所述权限控制装置所在位置与所述位置信息一致时,向权限控制装置发送所述第二信息。The method according to claim 1, wherein the second information further comprises location information; the second server sends the second information to the rights control device, including: the second server is in the permission When the location of the control device coincides with the location information, the second information is sent to the authority control device. 根据权利要求1所述的方法,其特征在于,所述权限控制装置执行授权操作之前,所述方法还包括:The method according to claim 1, wherein before the authorization control device performs the authorization operation, the method further includes: 所述权限控制装置检测到第二待认证信息载体进入检测范围,从所述第二待认证信息载体读取第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;The right control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information from the second to-be-certified information carrier, where the second to-be-certified information includes: to-be-authenticated location information; 所述权限控制装置利用所述权限控制装置所在的位置信息对所述待认证位置信息进行第二认证;The rights control device performs second authentication on the to-be-authenticated location information by using the location information of the rights control device; 所述权限控制装置执行授权操作,包括:所述第一认证和第二认证均通过后,执行授权操作。The authorization control device performs an authorization operation, including: after the first authentication and the second authentication are both passed, performing an authorization operation. 根据权利要求1-7任一项所述的方法,其特征在于,所述第一待认证信息载体为身份证、携带有身份信息的图形码、携带有身份信息的条形码或者生物特征。The method according to any one of claims 1 to 7, wherein the first information to be authenticated is an identity card, a graphic code carrying identity information, a barcode carrying identity information or a biometric. 根据权利要求1-7任一项所述的方法,其特征在于,所述方法还包括:所述权限控制装置在第一认证通过后,向所述客户端发送所述目标用户的身份信息。The method according to any one of claims 1 to 7, wherein the method further comprises: after the first authentication is passed, the authority control device sends the identity information of the target user to the client. 根据权利要求1所述的方法,其特征在于,所述第二服务器接收所述第二信息,并向权限控制装置发送所述第二信息,具体包括:The method according to claim 1, wherein the second server receives the second information and sends the second information to the rights control device, specifically: 所述第二服务器接收所述第二信息,存储所述第二信息;The second server receives the second information, and stores the second information; 所述权限控制装置向所述第二服务器发送身份信息获取请求;所述第二服务器接收所述身份信息获取请求,向所述权限控制装置发送所述第二信息。The authority control device sends an identity information acquisition request to the second server; the second server receives the identity information acquisition request, and sends the second information to the rights control device. 一种数据交互系统,其特征在于,包括:A data interaction system, comprising: 第一服务器,用于接收客户端发送的第一信息,所述第一信息包括位置信息;为所述位置信息分配目标用户,确定所述目标用户的身份信息;向所述第二服务器发送第二信息,所述第二信 息至少包括目标用户的身份信息;a first server, configured to receive first information sent by a client, where the first information includes location information, assign a target user to the location information, determine identity information of the target user, and send a message to the second server. Two information, the second letter The interest includes at least the identity information of the target user; 所述第二服务器,用于接收所述第二信息,并向权限控制装置发送所述第二信息;The second server is configured to receive the second information, and send the second information to the rights control device; 所述权限控制装置,用于接收所述第二信息,并存储所述第二信息;检测到第一待认证信息载体进入检测范围,从所述第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;并使用存储的所述目标用户的身份信息对所述待认证身份信息进行第一认证;以及在所述第一认证通过后,执行授权操作。The right control device is configured to receive the second information and store the second information; detecting that the first to-be-certified information carrier enters the detection range, and reading the first to-be-certified from the first to-be-certified information carrier Information, the first to-be-authenticated information includes identity information to be authenticated; and the first authentication of the to-be-authenticated identity information is performed using the stored identity information of the target user; and after the first authentication is passed, authorization is performed. operating. 根据权利要求11所述的系统,其特征在于,所述权限控制装置,还用于在所述第一认证通过后或者执行授权操作后,删除存储的所述第二信息或者设置所述第二信息的状态为失效状态。The system according to claim 11, wherein the authority control device is further configured to: after the first authentication is passed or after performing an authorization operation, deleting the stored second information or setting the second The status of the message is a failed state. 根据权利要求11所述的系统,其特征在于,所述第二信息还包括:所述位置信息;The system according to claim 11, wherein the second information further comprises: the location information; 所述权限控制装置,具体用于在所述第二信息中的所述位置信息与所述权限控制装置所在的位置信息一致时,存储所述第二信息。The authority control device is configured to store the second information when the location information in the second information is consistent with the location information of the rights control device. 根据权利要求13所述的系统,其特征在于,The system of claim 13 wherein: 所述权限控制装置,还用于在执行授权操作之前,检测到第二待认证信息载体进入检测范围,读取所述第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;The privilege control device is further configured to: before the performing the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information, where the second to-be-certified information includes: to be authenticated location information; 所述权限控制装置,还用于利用存储的位置信息对所述待认证位置信息进行第二认证;The rights control device is further configured to perform second authentication on the to-be-authenticated location information by using the stored location information. 所述权限控制装置执行授权操作,具体用于所述第一认证和第二认证均通过后,执行授权操作。The authorization control device performs an authorization operation, specifically, after the first authentication and the second authentication are passed, performing an authorization operation. 根据权利要求11所述的系统,其特征在于,所述权限控制装置,具体用于在第一认证通过后,判断计时到达的时刻是否超出规定时间,如果没有超出规定时间,则执行授权操作,其中,所述计时在所述权限控制装置接收到第二信息时开始,或者所述计时在所述权限控制装置接收到第二服务器发送的指令时开始。The system according to claim 11, wherein the authority control means is configured to determine whether the time of arrival of the time exceeds a predetermined time after the first authentication is passed, and if the specified time is not exceeded, perform an authorization operation, The timing starts when the rights control device receives the second information, or the timing starts when the rights control device receives the command sent by the second server. 根据权利要求11所述的系统,其特征在于,所述第二信息还包括位置信息;所述第二服务器,具体用于所述第二服务器在所述权限控制装置所在位置与所述位置信息一致时,向权限控制装置发送所述第二信息。The system according to claim 11, wherein the second information further comprises location information; the second server is specifically configured to: the location where the rights control device is located and the location information of the second server When they are consistent, the second information is sent to the authority control device. 根据权利要求11所述的系统,其特征在于,The system of claim 11 wherein: 所述权限控制装置,还用于执行授权操作之前,检测到第二待认证信息载体进入检测范围,从所述第二待认证信息载体读取第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;以及利用所述权限控制装置所在的位置信息对所述待认证位置信息进行第二认证;The permission control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information from the second to-be-certified information carrier, where the second to-be-certified information The authentication information includes: location information to be authenticated; and second authentication of the location information to be authenticated by using location information of the rights control device; 所述权限控制装置,具体用于所述第一认证和第二认证均通过后,执行授权操作。The authority control device is specifically configured to perform an authorization operation after the first authentication and the second authentication are both passed. 根据权利要求11-17任一项所述的系统,其特征在于,所述第一待认证信息载体为身份证、携带有身份信息的图形码、携带有身份信息的条形码或者生物特征。The system according to any one of claims 11-17, wherein the first to-be-certified information carrier is an identity card, a graphic code carrying identity information, a barcode carrying identity information, or a biometric. 根据权利要求11-17任一项所述的系统,其特征在于,所述权限控制装置,还用于在第一认证通过后,向所述客户端发送所述目标用户的身份信息。The system according to any one of claims 11-17, wherein the authority control device is further configured to send the identity information of the target user to the client after the first authentication is passed. 根据权利要求11所述的系统,其特征在于,所述第二服务器通过如下方式实现接收所述第二信息,并向权限控制装置发送所述第二信息:接收所述第二信息,存储所述第二信息;以及接收所述身份信息获取请求,向所述权限控制装置发送所述第二信息。The system according to claim 11, wherein the second server implements receiving the second information by transmitting the second information to the rights control device: receiving the second information, and storing the second information Determining the second information; and receiving the identity information acquisition request, and transmitting the second information to the rights control device. 一种数据交互方法,其特征在于,包括:A data interaction method, comprising: 第一服务器接收客户端发送的第一信息,所述第一信息包括位置信息;The first server receives the first information sent by the client, where the first information includes location information; 所述第一服务器为所述位置信息分配目标用户,确定所述目标用户的身份信息;The first server allocates a target user to the location information, and determines identity information of the target user; 所述第一服务器向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;The first server sends second information to the second server, where the second information includes at least identity information of the target user; 所述第二服务器接收所述第二信息,存储所述第二信息;The second server receives the second information, and stores the second information; 所述权限控制装置检测到第一待认证信息载体进入检测范围,从第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;以及,所述权限控制装置向所述第二服务器发送身份信息获取请求;所述第二服务器接收所述身份信息获取请求,向权限控制装置发送所述第二信息;The right control device detects that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-certified information includes identity information to be authenticated; and the permission The control device sends an identity information acquisition request to the second server; the second server receives the identity information acquisition request, and sends the second information to the rights control device; 所述权限控制装置接收所述第二信息,使用接收到的所述目标用户的身份信息对所述待认证身份信息进行第一认证;The rights control device receives the second information, and performs first authentication on the to-be-authenticated identity information by using the received identity information of the target user. 所述权限控制装置在所述第一认证通过后,执行授权操作。The authority control device performs an authorization operation after the first authentication is passed. 根据权利要求21所述的方法,其特征在于,还包括:所述权限控制装置在所述第一认证通过后或者执行授权操作后,向所述第二服务器发送安全处理指令;所述第二服务器接收所述安全处理指令,删除存储的所述第二信息或者设置所述第二信息的状态为失效状态。The method according to claim 21, further comprising: said authority control means transmitting a security processing instruction to said second server after said first authentication is passed or after performing an authorization operation; said second The server receives the security processing instruction, deletes the stored second information, or sets the state of the second information to a failure state. 根据权利要求21所述的方法,其特征在于,所述第二信息还包括:位置信息; The method according to claim 21, wherein the second information further comprises: location information; 所述权限控制装置执行授权操作之前,所述方法还包括:Before the authorization control device performs the authorization operation, the method further includes: 所述权限控制装置检测到第二待认证信息载体进入检测范围,读取所述第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;The right control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information, wherein the second to-be-certified information includes: to-be-authenticated location information; 所述权限控制装置利用接收到的位置信息对所述待认证位置信息进行第二认证;The authority control device performs second authentication on the to-be-authenticated location information by using the received location information; 所述权限控制装置执行授权操作,具体为:所述第一认证和第二认证均通过后,执行授权操作。The authorization control device performs an authorization operation, where the authorization operation is performed after the first authentication and the second authentication are both passed. 根据权利要求21所述的方法,其特征在于,所述第二信息还包括位置信息;所述第二服务器向权限控制装置发送所述第二信息,包括:所述第二服务器在所述权限控制装置所在位置与所述位置信息一致时,向权限控制装置发送所述第二信息。The method according to claim 21, wherein the second information further comprises location information; the second server sends the second information to the rights control device, comprising: the second server is in the permission When the location of the control device coincides with the location information, the second information is sent to the authority control device. 根据权利要求21所述的方法,其特征在于,所述权限控制装置执行授权操作之前,所述方法还包括:The method according to claim 21, wherein before the authorization control device performs the authorization operation, the method further includes: 所述权限控制装置检测到第二待认证信息载体进入检测范围,从所述第二待认证信息载体读取第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;The right control device detects that the second to-be-certified information carrier enters the detection range, and reads the second to-be-certified information from the second to-be-certified information carrier, where the second to-be-certified information includes: to-be-authenticated location information; 所述权限控制装置利用所述权限控制装置所在的位置信息对所述待认证位置信息进行第二认证;The rights control device performs second authentication on the to-be-authenticated location information by using the location information of the rights control device; 所述权限控制装置执行授权操作,包括:所述第一认证和第二认证均通过后,执行授权操作。The authorization control device performs an authorization operation, including: after the first authentication and the second authentication are both passed, performing an authorization operation. 根据权利要求21-25任一项所述的方法,其特征在于,所述第一待认证信息载体为身份证、携带有身份信息的图形码、携带有身份信息的条形码或者生物特征。The method according to any one of claims 21-25, wherein the first to-be-certified information carrier is an identity card, a graphic code carrying identity information, a barcode carrying identity information, or a biometric. 根据权利要求21-25任一项所述的方法,其特征在于,所述方法还包括:所述权限控制装置在第一认证通过后,向所述客户端发送所述目标用户的身份信息。The method according to any one of claims 21 to 25, wherein the method further comprises: after the first authentication is passed, the authority control device sends the identity information of the target user to the client. 一种数据交互系统,其特征在于,包括:A data interaction system, comprising: 第一服务器,用于接收客户端发送的第一信息,所述第一信息包括位置信息;为所述位置信息分配目标用户,确定所述目标用户的身份信息;向所述第二服务器发送第二信息,所述第二信息至少包括目标用户的身份信息;a first server, configured to receive first information sent by a client, where the first information includes location information, assign a target user to the location information, determine identity information of the target user, and send a message to the second server. Second information, the second information includes at least identity information of the target user; 所述第二服务器,用于接收所述第二信息,存储所述第二信息;The second server is configured to receive the second information, and store the second information. 所述权限控制装置,用于检测到第一待认证信息载体进入检测范围,从第一待认证信息载体读取第一待认证信息,所述第一待认证信息包括待认证身份信息;以及,向所述第二服务器发送身份信息获取请求;The permission control device is configured to detect that the first to-be-certified information carrier enters the detection range, and reads the first to-be-certified information from the first to-be-certified information carrier, where the first to-be-certified information includes identity information to be authenticated; Sending an identity information acquisition request to the second server; 所述第二服务器,还用于接收所述身份信息获取请求,向权限控制装置发送所述第二信息;The second server is further configured to receive the identity information acquisition request, and send the second information to the rights control device; 所述权限控制装置,还用于接收所述第二信息,使用接收到的所述目标用户的身份信息对所述待认证身份信息进行第一认证;以及在所述第一认证通过后,执行授权操作。The rights control device is further configured to receive the second information, perform first authentication on the to-be-authenticated identity information by using the received identity information of the target user, and perform, after the first authentication is passed, Authorized operation. 根据权利要求28所述的系统,其特征在于,所述权限控制装置,还用于在所述第一认证通过后或者执行授权操作后,向所述第二服务器发送安全处理指令;The system according to claim 28, wherein the authority control means is further configured to send a security processing instruction to the second server after the first authentication is passed or after the authorization operation is performed; 所述第二服务器,还用于接收所述安全处理指令,删除存储的所述第二信息或者设置所述第二信息的状态为失效状态。The second server is further configured to receive the security processing instruction, delete the stored second information, or set a state of the second information to a failure state. 根据权利要求28所述的系统,其特征在于,所述第二信息还包括:位置信息;The system according to claim 28, wherein said second information further comprises: location information; 所述权限控制装置,还用于执行授权操作之前,检测到第二待认证信息载体进入检测范围,读取所述第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;以及利用接收到的位置信息对所述待认证位置信息进行第二认证;The privilege control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information, where the second to-be-certified information includes: a to-be-authenticated location Information; and performing second authentication on the to-be-authenticated location information by using the received location information; 所述权限控制装置,具体用于所述第一认证和第二认证均通过后,执行授权操作。The authority control device is specifically configured to perform an authorization operation after the first authentication and the second authentication are both passed. 根据权利要求28所述的系统,其特征在于,所述第二信息还包括位置信息;所述第二服务器,具体用于所述第二服务器在所述权限控制装置所在位置与所述位置信息一致时,向权限控制装置发送所述第二信息。The system according to claim 28, wherein said second information further comprises location information; said second server, specifically for said second server at said location of said rights control device and said location information When they are consistent, the second information is sent to the authority control device. 根据权利要求28所述的系统,其特征在于,The system of claim 28 wherein: 所述权限控制装置,还用于执行授权操作之前,检测到第二待认证信息载体进入检测范围,从所述第二待认证信息载体读取第二待认证信息,其中,所述第二待认证信息包括:待认证位置信息;以及利用所述权限控制装置所在的位置信息对所述待认证位置信息进行第二认证;The permission control device is further configured to: before detecting the authorization operation, detecting that the second to-be-certified information carrier enters the detection range, and reading the second to-be-certified information from the second to-be-certified information carrier, where the second to-be-certified information The authentication information includes: location information to be authenticated; and second authentication of the location information to be authenticated by using location information of the rights control device; 所述权限控制装置,具体用于所述第一认证和第二认证均通过后,执行授权操作。The authority control device is specifically configured to perform an authorization operation after the first authentication and the second authentication are both passed. 根据权利要求28-32任一项所述的系统,其特征在于,所述第一待认证信息载体为身份证、携带有身份信息的图形码、携带有身份信息的条形码或者生物特征。The system according to any one of claims 28 to 32, wherein the first to-be-certified information carrier is an identity card, a graphic code carrying identity information, a barcode carrying identity information, or a biometric. 根据权利要求28-32任一项所述的系统,其特征在于,所述权限控制装置,还用于在第一认证通过后,向所述客户端发送所述目标用户的身份信息。 The system according to any one of claims 28 to 32, wherein the authority control device is further configured to: after the first authentication is passed, send the identity information of the target user to the client.
PCT/CN2017/107602 2016-11-25 2017-10-25 Method and system for data exchange Ceased WO2018095182A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201611059494.6A CN107231404B (en) 2016-11-25 2016-11-25 Data interaction method and system
CN201611060585.1 2016-11-25
CN201611060585.1A CN107230265B (en) 2016-11-25 2016-11-25 Data interaction method and system
CN201611059494.6 2016-11-25

Publications (1)

Publication Number Publication Date
WO2018095182A1 true WO2018095182A1 (en) 2018-05-31

Family

ID=62195391

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/107602 Ceased WO2018095182A1 (en) 2016-11-25 2017-10-25 Method and system for data exchange

Country Status (1)

Country Link
WO (1) WO2018095182A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111881163A (en) * 2020-07-07 2020-11-03 上海中通吉网络技术有限公司 Express delivery pickup reminding method and system based on access control system and access control system
US12020525B2 (en) 2019-07-31 2024-06-25 Dominus Systems, Limited Property management systems

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130117815A1 (en) * 2010-06-04 2013-05-09 Ubiqu B.V. Method of Authorizing a Person, an Authorizing Architecture and a Computer Program Product
CN105427414A (en) * 2015-11-03 2016-03-23 徐承柬 Visitor management method and system
CN105741395A (en) * 2016-02-03 2016-07-06 慧锐通智能科技股份有限公司 Entrance guard access method and system based on two-dimension code and face identification
CN107230265A (en) * 2016-11-25 2017-10-03 天地融科技股份有限公司 A kind of data interactive method and system
CN107231404A (en) * 2016-11-25 2017-10-03 天地融科技股份有限公司 A kind of data interactive method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130117815A1 (en) * 2010-06-04 2013-05-09 Ubiqu B.V. Method of Authorizing a Person, an Authorizing Architecture and a Computer Program Product
CN105427414A (en) * 2015-11-03 2016-03-23 徐承柬 Visitor management method and system
CN105741395A (en) * 2016-02-03 2016-07-06 慧锐通智能科技股份有限公司 Entrance guard access method and system based on two-dimension code and face identification
CN107230265A (en) * 2016-11-25 2017-10-03 天地融科技股份有限公司 A kind of data interactive method and system
CN107231404A (en) * 2016-11-25 2017-10-03 天地融科技股份有限公司 A kind of data interactive method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12020525B2 (en) 2019-07-31 2024-06-25 Dominus Systems, Limited Property management systems
CN111881163A (en) * 2020-07-07 2020-11-03 上海中通吉网络技术有限公司 Express delivery pickup reminding method and system based on access control system and access control system

Similar Documents

Publication Publication Date Title
US12200497B2 (en) Checkpoint identity verification using mobile identification credential
US9202322B2 (en) Distribution of premises access information
EP3492414B1 (en) Elevator request authorization system for a third party
US11871226B2 (en) Method and system for providing location-aware multi-factor mobile authentication
JP6081859B2 (en) Entrance / exit management system and entrance / exit management method
WO2018092127A1 (en) System, methods and software for user authentication
CN107018124A (en) For the remote application for controlling to access
CN109076070A (en) Method and apparatus for facilitating frictionless two-factor authentication
CA3056644A1 (en) Multi-factor authentication for vehicles
JP2009150192A (en) Admission restriction device and admission restriction system
KR101855494B1 (en) Door system and method using mobile device
CN107230265B (en) Data interaction method and system
WO2018095184A1 (en) Data interaction method and system
WO2018095182A1 (en) Method and system for data exchange
CN107231404B (en) Data interaction method and system
CN107533790A (en) System and method for managing the identity information being stored in Cloud Server
CN111899394A (en) Data processing method, device, equipment and computer readable storage medium
JP5937276B1 (en) Visitor authentication system and visitor authentication method
JP2022118914A (en) Facility rental system and facility rental method
JP2024122319A (en) User authentication system, authentication terminal, management server, business device, user terminal, and user authentication method using the user authentication system
WO2023243046A1 (en) Server device, system, server device control method, and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17874569

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17874569

Country of ref document: EP

Kind code of ref document: A1