CN105488870A

CN105488870A - Entrance guard control method, apparatus, terminal and control server

Info

Publication number: CN105488870A
Application number: CN201410478262.9A
Authority: CN
Inventors: 陈华山
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2014-09-18
Filing date: 2014-09-18
Publication date: 2016-04-13

Abstract

The invention discloses an entrance guard control method, an apparatus, a terminal and a control server. The method comprises the following steps: a first terminal sends a temporary secret key application to a control server; the control server distributes a temporary secret key for the first terminal according to the temporary secret key application, and a usage prompt of the temporary secret key is generated; the control server returns the temporary secret key and the usage prompt to the first terminal; the first terminal sends the temporary secret key and the usage prompt to a second terminal; the second terminal uses the temporary secret key to send a temporary gate inhibition control request to the control server according to the usage prompt; the control server is used for verifying authentication for the second terminal according to the temporary gate inhibition control request, after the verification is passed, a gate inhibition state is controlled according to the temporary gate inhibition control request. According to the invention, gate inhibition control efficiency can be effectively increased, and security and intelligence of the gate inhibition control can be enhanced.

Description

A kind of access control method, device, terminal and Control Server

Technical field

The present invention relates to Internet technical field, particularly relate to a kind of access control method, device, terminal and Control Server.

Background technology

Gate inhibition refers to the gateway of transit passage, such as: the door of bank, hotel, machine room, armory, safe care registry, cubicle, intellectual communityintellectualized village, factory etc. or entrance and exit of the passage.Access control refers to that carrying out management to gate inhibition's state controls, and namely refers to control the management of the gateway of transit passage.Gate inhibition's state can comprise opening or closed condition, such as: intellectual communityintellectualized village is in gate inhibition's opening; Or factory is in gate inhibition's closed condition.For the temporary staff of turnover gate inhibition, existing access control scheme mainly contains two kinds, one is manual control, the identity of this temporary staff is checked by entrance guard management person, such as: the visitor of intelligent residential district, entrance guard management person with visit owner and carries out checking and confirm visitor's identity, Non-follow control gate inhibition state, this manual control scheme efficiency is low and needs expend larger human resources; Another kind is control of swiping the card, and by personnel's access control state voluntarily of holding access card, such as: the visitor of intelligent residential district, need owner that access card is supplied to visitor, visitor can hold access card access control state; There is inefficient problem in this scheme, and needs to make a large amount of access cards, inadequate environmental protection equally, also may occur the situation that access card is lost or abused, intelligent lower.

Summary of the invention

The embodiment of the present invention provides a kind of access control method, device, terminal and Control Server, can effectively promote gate inhibition's control efficiency, promotes the security of access control and intelligent.

Embodiment of the present invention first aspect provides a kind of access control method, can comprise:

First terminal sends temporary key application to Control Server;

Described Control Server is that described first terminal distributes temporary key according to described temporary key application, and generates the use prompting of described temporary key;

Described temporary key and described use prompting are returned to described first terminal by described Control Server;

Described temporary key and described use prompting are sent to the second terminal by described first terminal;

Described second terminal uses described temporary key to send interim access control request to described Control Server according to described use prompting;

Described Control Server carries out authentication verification according to interim access control request to described second terminal, and after being verified, according to described interim access control Request Control gate inhibition state.

Embodiment of the present invention second aspect provides another kind of access control method, can comprise:

First terminal sends temporary key application to Control Server, makes described Control Server be that described first terminal distributes temporary key according to described temporary key application, and generates the use prompting of described temporary key;

Described first terminal receives the described temporary key and described use prompting that described Control Server returns;

Described temporary key and described use prompting are sent to the second terminal by described first terminal, described temporary key is used to send interim access control request to described Control Server to make described second terminal according to described use prompting, and according to interim access control request, authentication verification is carried out to described second terminal by described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

The embodiment of the present invention third aspect provides another access control method, can comprise:

The temporary key application that Control Server sends according to first terminal, for described first terminal distributes temporary key, and generates the use prompting of described temporary key;

Described temporary key and described use prompting are returned to described first terminal by described Control Server, to make described first terminal that described temporary key and described use prompting are sent to the second terminal, the described temporary key of use is pointed out to send interim access control request to described Control Server by described second terminal according to described use;

Described Control Server carries out authentication verification according to described interim access control request to described second terminal, and after being verified, according to described interim access control Request Control gate inhibition state.

Embodiment of the present invention fourth aspect provides another access control method, can comprise:

Second terminal receives the temporary key of first terminal transmission and the use prompting of described temporary key, described temporary key and described use prompt for described first terminal and send temporary key application to Control Server, are that described first terminal distributes and obtains by described Control Server according to described temporary key application;

Described second terminal uses described temporary key to send interim access control request to described Control Server according to described use prompting, according to interim access control request, authentication verification is carried out to described second terminal to make described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

The embodiment of the present invention the 5th aspect provides a kind of access control device, can comprise:

Temporary key application module, for sending temporary key application to Control Server, making described Control Server be that first terminal distributes temporary key according to described temporary key application, and generating the use prompting of described temporary key;

Receiver module, for receiving the described temporary key and described use prompting that described Control Server returns;

Access control module, for described temporary key and described use prompting are sent to the second terminal, described temporary key is used to send interim access control request to described Control Server to make described second terminal according to described use prompting, and according to interim access control request, authentication verification is carried out to described second terminal by described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

The embodiment of the present invention the 6th aspect provides a kind of terminal, can comprise the access control device that above-mentioned 5th aspect provides.

The embodiment of the present invention the 7th aspect provides another kind of access control device, can comprise:

Distribution module, for the temporary key application sent according to first terminal, for described first terminal distributes temporary key, and generates the use prompting of described temporary key;

Return module, for described temporary key and described use prompting are returned to described first terminal, to make described first terminal that described temporary key and described use prompting are sent to the second terminal, the described temporary key of use is pointed out to send interim access control request by described second terminal according to described use;

Authentication verification module, for carrying out authentication verification according to described interim access control request to described second terminal;

Access control module, for after being verified, according to described interim access control Request Control gate inhibition state.

Embodiment of the present invention eighth aspect provides a kind of Control Server, can comprise the access control device that above-mentioned 7th aspect provides.

The embodiment of the present invention the 9th aspect provides another access control device, can comprise:

Receiver module, use for the temporary key and described temporary key that receive first terminal transmission is pointed out, described temporary key and described use prompt for described first terminal and send temporary key application to Control Server, are that described first terminal distributes and obtains by described Control Server according to described temporary key application;

Access control module, for using described temporary key to send interim access control request to described Control Server according to described use prompting, according to interim access control request, authentication verification is carried out to the second terminal to make described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

The embodiment of the present invention the tenth aspect provides another kind of terminal, can comprise the access control device that above-mentioned 9th aspect provides.

Implement the embodiment of the present invention, there is following beneficial effect:

In the embodiment of the present invention, be supplied to the second terminal by first terminal to Control Server application temporary key to use, by Control Server, authentication verification is carried out to the use procedure of temporary key, and carry out access control according to the result of authentication verification, realize access control alternately by the robotization between terminal, between terminal and server, improve the efficiency of access control; And access control process also needs through authentication verification, effectively improve the security of access control, improve the intelligent of access control simultaneously.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

The process flow diagram of a kind of access control method that Fig. 1 provides for the embodiment of the present invention;

The process flow diagram of the another kind of access control method that Fig. 2 provides for the embodiment of the present invention;

The process flow diagram of another access control method that Fig. 3 provides for the embodiment of the present invention;

The process flow diagram of another access control method that Fig. 4 provides for the embodiment of the present invention;

The process flow diagram of another access control method that Fig. 5 provides for the embodiment of the present invention;

The process flow diagram of another access control method that Fig. 6 provides for the embodiment of the present invention;

The process flow diagram of another access control method that Fig. 7 provides for the embodiment of the present invention;

The structural representation of a kind of access control device that Fig. 8 provides for the embodiment of the present invention;

Fig. 9 is the structural representation of the embodiment of the access control module 103 shown in Fig. 8;

The structural representation of the another kind of access control device that Figure 10 provides for the embodiment of the present invention;

Figure 11 is the structural representation of the embodiment of the distribution module 201 shown in Figure 10;

Figure 12 is the structural representation of an embodiment of the authentication verification module 203 shown in Figure 10;

Figure 13 is the structural representation of another embodiment of the authentication verification module 203 shown in Figure 10;

Figure 14 is the structural representation of another embodiment of the authentication verification module 203 shown in Figure 10;

The structural representation of another access control device that Figure 15 provides for the embodiment of the present invention;

Figure 16 is the structural representation of an embodiment of the access control module 302 shown in Figure 15;

Figure 17 is the structural representation of another embodiment of the access control module 302 shown in Figure 15;

Figure 18 is the structural representation of another embodiment of the access control module 302 shown in Figure 15.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

In the embodiment of the present invention, gate inhibition refers to the gateway of transit passage, such as: the door of bank, hotel, machine room, armory, safe care registry, cubicle, intellectual communityintellectualized village, factory etc. or entrance and exit of the passage.Access control refers to that carrying out management to gate inhibition's state controls, and namely refers to control the management of the gateway of transit passage.Gate inhibition's state can comprise opening or closed condition, such as: intellectual communityintellectualized village is in gate inhibition's opening; Or factory is in gate inhibition's closed condition.

Terminal can be the intelligent terminal of the band network functions such as PC (PersonalComputer, personal computer), notebook computer, mobile phone, PAD (panel computer), intelligent wearable device, car-mounted terminal.First terminal can be any one terminal in the intelligent terminal of above-mentioned band network function, and the second terminal can be any one terminal in the intelligent terminal of above-mentioned band network function except first terminal.

Control Server can for possessing the server of door access control function, and it can control gate inhibition's state, and can manage the key for access control and distribute.Wherein, the key for access control can be unique key, and the user holding unique key can not use this unique key by the restriction of time and/or number of times, such as: be supplied to gate inhibition's key that owner uses in intellectual communityintellectualized village; Or cubicle is supplied to gate inhibition's key that employee uses, etc.; Described Control Server can manage the maintenance of unique key and renewal in timing.Key for access control can also be temporary key, and the user holding temporary key in use will be subject to the restrictions such as such as time, number of times or authority, such as: the gate inhibition's key being supplied to visitor in intellectual communityintellectualized village; Or cubicle is supplied to gate inhibition's key that visitor uses, etc.; Described Control Server can manage the distribution of temporary key and use.

Below in conjunction with accompanying drawing 1-accompanying drawing 7, the access control method that the embodiment of the present invention provides is described in detail.

Referring to Fig. 1, is the process flow diagram of a kind of access control method that the embodiment of the present invention provides; The present embodiment sets forth the flow process of access control method from first terminal side; Concrete, the method can comprise the following steps S101-step S103.

S101, first terminal sends temporary key application to Control Server, makes described Control Server be that described first terminal distributes temporary key according to described temporary key application, and generates the use prompting of described temporary key.

Can be connected by wired or wireless mode between described first terminal with described Control Server.In a kind of feasible embodiment of the embodiment of the present invention, described first terminal can for carrying out registering and possessing the terminal of corresponding authority, the authority that the mark of first terminal described in described Control Server record and described first terminal possess in described Control Server; Wherein, described authority can include but not limited to: the acquisition and rights of using etc. of the acquisition of unique key and rights of using, temporary key.In the embodiment that the another kind of the embodiment of the present invention is feasible, the user of described first terminal can for registering and possessing the user of corresponding authority in described Control Server, the user of described first terminal logs in described Control Server by described first terminal, the authority that the user ID of described this user of Control Server record and this user possess.

Described temporary key application is used for obtaining temporary key to described Control Server application, and described Control Server is that described first terminal distributes temporary key according to described temporary key application, and generates the use prompting of described temporary key.Because the user holding temporary key in use will be subject to the restrictions such as such as time, number of times or authority, the use prompting of described temporary key can be used for pointing out the user holding temporary key how to use this temporary key; Particularly, the use prompting of described temporary key can include but not limited at least one in following prompting: prompting service time of described temporary key, uses the prompting reporting mark during described temporary key, and the access times prompting of described temporary key.

S102, described first terminal receives the described temporary key and described use prompting that described Control Server returns.

Can be connected by wired or wireless mode between described first terminal with described Control Server; The described use prompting of the described temporary key distributed and generation based on the wired or wireless connection of having set up, can be returned to described first terminal by described Control Server.In practical application, described temporary key and described use prompting can be encapsulated as a response message by described Control Server, and based on the wired or wireless connection of having set up, will described temporary key be comprised and use the response message of prompting to return to described first terminal.

S103, described temporary key and described use prompting are sent to the second terminal by described first terminal, described temporary key is used to send interim access control request to described Control Server to make described second terminal according to described use prompting, and according to interim access control request, authentication verification is carried out to described second terminal by described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

Data cube computation can be set up by wired or wireless mode between described first terminal and described second terminal; If when being all provided with communications applications in described first terminal and described second terminal, described first terminal and described second terminal can adopt communications applications to carry out data transmission, this communications applications can include but not limited to: short message application, SNS (SocialNetworkingServices, social network services) application, instant messaging application and mailbox application etc.Described first terminal is after receiving the described temporary key and described use prompting that described Control Server returns, can based on the data cube computation of the wired or wireless mode set up between described second terminal, or based on the communications applications in described first terminal, the response message comprising described temporary key and described use prompting is sent to described second terminal, described second terminal can show described use prompting and described temporary key in display interface, make the user of the second terminal described temporary key correctly can be used to send interim access control request to described Control Server according to described use prompting, so that can by the authentication verification of described Control Server, success access control state.

Referring to Fig. 2, is the process flow diagram of the another kind of access control method that the embodiment of the present invention provides; The present embodiment sets forth the flow process of access control method from Control Server side; The method can comprise the following steps S201-step S204.

S201, the temporary key application that Control Server sends according to first terminal, for described first terminal distributes temporary key, and generates the use prompting of described temporary key.

Described temporary key application is used for obtaining temporary key to described Control Server application.Can be connected by wired or wireless mode between described Control Server with described first terminal, described Control Server based on being wired or wirelessly connected of having set up between described first terminal, receive the temporary key application that described first terminal sends; Described Control Server, according to described temporary key application, can distribute a temporary key for access control, and configure the temporal properties of this temporary key, generates the use prompting of described temporary key according to this temporal properties.

Wherein, described temporal properties can comprise with at least one in properties: timeliness attribute, Authorization Attributes and quantitative attribute.Described timeliness attribute comprises the effective time of described temporary key; Described Authorization Attributes comprises at least one user mark of described temporary key; Described quantitative attribute comprises effective access times of described temporary key.Because the user holding temporary key in use will be subject to the restrictions such as such as time, number of times or authority, the use prompting of described temporary key can be used for pointing out the user holding temporary key how to use this temporary key; Particularly, the described at least one using prompting can comprise in following prompting: prompting service time of described temporary key, uses the prompting reporting mark during described temporary key, and the access times prompting of described temporary key.

S202, described temporary key and described use prompting are returned to described first terminal by described Control Server, to make described first terminal that described temporary key and described use prompting are sent to the second terminal, the described temporary key of use is pointed out to send interim access control request to described Control Server by described second terminal according to described use.

Can be connected by wired or wireless mode between described first terminal with described Control Server; The described use prompting of the described temporary key distributed and generation based on the wired or wireless connection of having set up, can be returned to described first terminal by described Control Server.In practical application, described temporary key and described use prompting can be encapsulated as a response message by described Control Server, and based on the wired or wireless connection of having set up, will described temporary key be comprised and use the response message of prompting to return to described first terminal.Described first terminal is after receiving the described temporary key and described use prompting that described Control Server returns, can based on the data cube computation of the wired or wireless mode set up between described second terminal, or based on the communications applications in described first terminal, the response message comprising described temporary key and described use prompting is sent to described second terminal, described second terminal can show described use prompting and described temporary key in display interface, make the user of the second terminal described temporary key correctly can be used to send interim access control request to described Control Server according to described use prompting.

S203, described Control Server carries out authentication verification according to described interim access control request to described second terminal.

Described temporary key is carried in described interim access control request.Because the user holding temporary key in use will be subject to the restriction of the temporal properties such as such as time, number of times or authority, in this step, the process of described second terminal being carried out to authentication verification can comprise: to the use authentication process of described temporary key, and the verification of correctness process to described temporary key.Wherein, described Control Server can adopt the temporal properties of described temporary key, carries out use authentication to described temporary key; The dependability of described temporary key can be ensured the use authentication process of described temporary key, prevent described temporary key from being abused.Described Control Server can adopt the authorization information that described temporary key is corresponding, carries out verification of correctness to described temporary key; The validity and the integrality that ensure described temporary key be can be used for the verification of correctness process of described temporary key.

S204, after being verified, described Control Server is according to described interim access control Request Control gate inhibition state.

If described Control Server confirms that described second terminal authentication passes through, namely show that described second terminal uses correct temporary key to carry out interim access control according to described use prompting, described Control Server then can respond described interim access control request, access control state.Particularly, if described interim access control request requires opening gate, described Control Server then access control is in opening; If described interim access control request requires to close gate inhibition, described Control Server then access control is in closed condition.In the embodiment of the present invention, if described Control Server confirms that described second terminal authentication failure is not passed through, also can send failed information to described second terminal, export described failed information to make described second terminal to the user of described second terminal.

Referring to Fig. 3, is the process flow diagram of another access control method that the embodiment of the present invention provides; The present embodiment sets forth the flow process of access control method from the second end side; Described second terminal can be the intelligent terminal of the band network functions such as smart mobile phone, panel computer, intelligent wearable device and computer.The method can comprise the following steps S301-step S302.

S301, second terminal receives the temporary key of first terminal transmission and the use prompting of described temporary key, described temporary key and described use prompt for described first terminal and send temporary key application to Control Server, are that described first terminal distributes and obtains by described Control Server according to described temporary key application.

Described first terminal can be connected based on wired or wireless between described Control Server, sends temporary key application to described Control Server, for obtaining temporary key to described Control Server application; Described Control Server is that described first terminal distributes described temporary key according to described temporary key application, and the use prompting generating described temporary key returns to described first terminal in the lump.Described first terminal can based on the data cube computation of the wired or wireless mode set up between described second terminal, or based on the communications applications in described first terminal, described temporary key and described use prompting are sent to described second terminal, in this step, described second terminal receives described temporary key and the described use prompting of the transmission of described first terminal.

S302, described second terminal uses described temporary key to send interim access control request to described Control Server according to described use prompting, according to interim access control request, authentication verification is carried out to described second terminal to make described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

Described second terminal can show described use prompting and described temporary key in display interface, and the user of the second terminal correctly can use described temporary key to send interim access control request to described Control Server according to described use prompting by described second terminal.Described Control Server carries out authentication verification according to interim access control request to described second terminal, and after being verified, according to described interim access control Request Control gate inhibition state.In this step, if described second terminal authentication passes through, namely show that described second terminal uses correct temporary key to carry out interim access control according to described use prompting, described Control Server then can respond described interim access control request, access control state.Particularly, if described interim access control request requires opening gate, described Control Server then access control is in opening; If described interim access control request requires to close gate inhibition, described Control Server then access control is in closed condition.

Referring to Fig. 4, is the process flow diagram of another access control method that the embodiment of the present invention provides; The present embodiment sets forth the flow process of access control method from the mutual side of first terminal, the second terminal and Control Server; The method can comprise the following steps S401-step S407.

S401, first terminal sends temporary key application to Control Server.

Wherein, described temporary key application is used for obtaining temporary key to described Control Server application.Can be connected by wired or wireless mode between described first terminal with described Control Server.In a kind of feasible embodiment of the embodiment of the present invention, described first terminal can for carrying out registering and possessing the terminal of corresponding authority, the authority that the mark of first terminal described in described Control Server record and described first terminal possess in described Control Server; Wherein, described authority can include but not limited to: the acquisition and rights of using etc. of the acquisition of unique key and rights of using, temporary key.In the embodiment that the another kind of the embodiment of the present invention is feasible, the user of described first terminal can for registering and possessing the user of corresponding authority in described Control Server, the user of described first terminal logs in described Control Server by described first terminal, the authority that the user ID of described this user of Control Server record and this user possess.

S402, described Control Server is that described first terminal distributes temporary key according to described temporary key application, and generates the use prompting of described temporary key.

Can be connected by wired or wireless mode between described Control Server with described first terminal, described Control Server based on being wired or wirelessly connected of having set up between described first terminal, receive the temporary key application that described first terminal sends; Described Control Server, according to described temporary key application, can distribute a temporary key for access control, and configure the temporal properties of this temporary key, generates the use prompting of described temporary key according to this temporal properties.

S403, described temporary key and described use prompting are returned to described first terminal by described Control Server.

S404, described temporary key and described use prompting are sent to the second terminal by described first terminal.

Data cube computation can be set up by wired or wireless mode between described first terminal and described second terminal; If when being all provided with communications applications in described first terminal and described second terminal, described first terminal and described second terminal can adopt communications applications to carry out data transmission, and this communications applications can include but not limited to: short message application, SNS application, instant messaging application and mailbox application etc.Described first terminal is after receiving the described temporary key and described use prompting that described Control Server returns, can based on the data cube computation of the wired or wireless mode set up between described second terminal, or based on the communications applications in described first terminal, the response message comprising described temporary key and described use prompting is sent to described second terminal.

S405, described second terminal uses described temporary key to send interim access control request to described Control Server according to described use prompting.

Described second terminal can show described use prompting and described temporary key in display interface, and the user of the second terminal correctly can use described temporary key to send interim access control request to described Control Server according to described use prompting by described second terminal.

S406, described Control Server carries out authentication verification according to interim access control request to described second terminal.

S407, after being verified, described Control Server is according to described interim access control Request Control gate inhibition state.

Referring to Fig. 5, is the process flow diagram of another access control method that the embodiment of the present invention provides; The present embodiment sets forth the flow process of access control method from the mutual side of first terminal, the second terminal and Control Server; The method can comprise the following steps S501-step S517.

S501, first terminal sends temporary key application to Control Server, carries applicant's mark in described temporary key application.

In this step, described temporary key application is used for obtaining temporary key to described Control Server application, and carries applicant's mark in described temporary key application.In a kind of feasible embodiment of the embodiment of the present invention, if described first terminal is carry out in described Control Server registering and possess the terminal of corresponding authority, described applicant's mark can be the mark of described first terminal.In the embodiment that the another kind of the embodiment of the present invention is feasible, if the user of described first terminal registers in described Control Server and possesses the user of corresponding authority, described applicant's mark can be described user ID.

S502, described Control Server detects whether described applicant's mark of carrying in described temporary key application is default access mark.

The mark that have recorded registration terminal due to described Control Server and the authority possessed, and the mark that have recorded registered user and the authority possessed, that is, described Control Server management is for obtaining the default access mark of temporary key, this default access mark both can be the mark of registration terminal, also can be the mark of registered user.In this step, described Control Server detects whether described applicant's mark of carrying in described provisional application is default access mark, and whether namely detect described applicant is possess terminal or the user that temporary key obtains authority.The testing process of this step can ensure the reliability that temporary key obtains and uses to prevent temporary key from being abused.

S503, if described applicant is designated default access mark, described Control Server distributes the authorization information of temporary key and described temporary key according to described temporary key application.

If described applicant is designated default access mark, show that applicant possesses terminal or the user that temporary key obtains authority, described Control Server then can according to described temporary key application, a temporary key for access control can be distributed, and record the authorization information of described temporary key simultaneously.It should be noted that, the authorization information of described temporary key can be used for verifying the correctness of described temporary key, and the authorization information of described temporary key and described temporary key can associatedly be stored in described Control Server in pairs; Such as: if described temporary key is identifying code abcd, then the authorization information of described temporary key is also abcd; For another example: if described temporary key be preset problem " 1+1=? ", then the authorization information of described temporary key can be preset answer " 2 "; Etc..Be understandable that, in the embodiment of the present invention, if described applicant is designated non-default capability identification, show that applicant does not possess temporary key and obtains authority, described Control Server can return the failed information of application to described first terminal, exports the failed information of described application to make described first terminal to the user of described first terminal.

S504, described Control Server is described temporary key configuration temporal properties.

Wherein, described temporal properties can comprise with at least one in properties: timeliness attribute, Authorization Attributes and quantitative attribute.Described timeliness attribute comprises the effective time of described temporary key; Described Authorization Attributes comprises at least one user mark of described temporary key; Described quantitative attribute comprises effective access times of described temporary key.In this step, described Control Server can according to the actual management strategy of temporary key, for described temporary key configuration temporal properties, such as: can according to the actual needs of registration terminal or registered user, the temporal properties of configuration temporary key, as certain registered user requires only to provide temporary key to its instant messaging good friend, user's mark that the Authorization Attributes of described temporary key can comprise by described Control Server is set to the instant messaging good friend mark of this registered user; For another example: can according to the strategy of access control, the temporal properties of configuration temporary key, as certain community requires that visitor uses the time of temporary key to be no more than 3 minutes, the effective time that the timeliness attribute of described temporary key comprises can be set to 3 minutes by described Control Server; Etc..

S505, described Control Server, according to described temporal properties, generates the use prompting that described temporary key is corresponding.

Because the user holding temporary key in use will be subject to the restrictions such as such as time, number of times or authority, the use prompting of described temporary key can be used for pointing out the user holding temporary key how to use this temporary key; Particularly, the described at least one using prompting can comprise in following prompting: prompting service time of described temporary key, uses the prompting reporting mark during described temporary key, and the access times prompting of described temporary key.In this step, described Control Server, according to described temporal properties, generates the use prompting that described temporary key is corresponding, and particularly, described Control Server, according to described timeliness attribute, generates prompting service time of described temporary key; Described Control Server, according to described Authorization Attributes, generates the prompting reporting mark when using described temporary key; Described Control Server, according to described quantitative attribute, generates the access times prompting of described temporary key.

The step S503-step S505 of the present embodiment can be the concrete refinement step of step S402 embodiment illustrated in fig. 4.

S506, described temporary key and described use prompting are returned to described first terminal by described Control Server.

The step S506 of the present embodiment can the step S403 of embodiment shown in Figure 4, is not repeated herein.

S507, the application of described first terminal open communication, described communications applications comprises: any one in short message application, SNS application, instant messaging application and mailbox application.

S508, described first terminal sends described temporary key and described use prompting by described communications applications to described second terminal.

The step S507-step S508 of the present embodiment can be the concrete refinement step of step S404 embodiment illustrated in fig. 4.

S509, described second terminal generates the first interim access control request of carrying described temporary key.

Described second terminal based on the Data Transport Protocol reached between described Control Server, can carry out encapsulation process to described temporary key, generates the described first interim access control request.

S510, described second terminal is set up short-range communication with described Control Server and is connected.

Described short-range communication connects: NFC (NearFieldCommunication, near-field communication) connects, bluetooth connects, any one in infrared connection.Be preferably NFC in the present embodiment to connect; NFC module is equipped with in described second terminal, described Control Server provides the NFC interface possessing NFC interactive function, NFC module in described second terminal is connected with the NFC interface of described Control Server, thus realizes described second terminal and be connected with the NFC between described Control Server.

S511, described second terminal was pointed out according to the service time of described temporary key, sent the described first interim access control request by being connected with the short-range communication that described Control Server is set up to described Control Server.

Described second terminal, within the time indicated by prompting service time of described temporary key, sends the described first interim access control request by being connected with the short-range communication that described Control Server is set up to described Control Server.

The step S509-step S511 of the present embodiment can be the concrete refinement step of step S405 embodiment illustrated in fig. 4.

S512, described Control Server, when receiving the described first interim access control request, obtains the system time of the time of reception.

S513, described Control Server judges that whether described system time is the effective time of the described temporary key that described timeliness attribute comprises.

If described system time is the effective time of the described temporary key that described timeliness attribute comprises, show that described second terminal uses described temporary key within the effective time of described temporary key, the use authentication success of described temporary key, follow-up flow process can be entered, the correctness of described temporary key is verified.If described system time is not the effective time of the described temporary key that described timeliness attribute comprises, show that described second terminal uses described temporary key in the out-of-service time of described temporary key, the then use failed authentication of described temporary key, authentication failed is not passed through.

S514, if described system time is the effective time of described temporary key, described Control Server is resolved and is obtained described temporary key from the described first interim access control request.

Described Control Server based on the Data Transport Protocol reached between described second terminal, can be resolved and obtains described temporary key from the described first interim access control request.

S515, described Control Server adopts the authorization information of described temporary key to verify described temporary key.

The authorization information of described temporary key can be used for verifying the correctness of described temporary key, and the authorization information of described temporary key and described temporary key can associatedly be stored in described Control Server in pairs; Such as: if described temporary key is identifying code abcd, then the authorization information of described temporary key is also abcd; For another example: if described temporary key be preset problem " 1+1=? ", then the authorization information of described temporary key can be preset answer " 2 "; Etc..

S516, if the authorization information of described temporary key and described temporary key matches, described Control Server confirms to be verified.

According to example shown in step S515, such as: if described temporary key is abcd, the authorization information of described temporary key is also abcd, and the two matches; For another example: if described temporary key be " 1+1=? ", the authorization information of described temporary key is " 2 ", and the two matches.If the authorization information of described temporary key and described temporary key matches, show that described temporary key is correctly complete, the verification of correctness success of described temporary key.So far, the use authentication success of described temporary key, and the success of the verification of correctness of described temporary key, then described Control Server can confirm to pass through the authentication verification of described second terminal.

The step S512-step S516 of the present embodiment can be the concrete refinement step of step S406 embodiment illustrated in fig. 4.

S517, after being verified, described Control Server is according to the described first interim access control Request Control gate inhibition state.

The step S517 of the present embodiment can the associated description of step S407 of embodiment shown in Figure 4, is not repeated herein.

The flow process of the access control method shown in above-mentioned Fig. 5 is elaborated below in conjunction with an instantiation.

In this instantiation, first terminal is mobile phone A, and the first user of first terminal is community owner, records this owner and is designated default access mark, and confirm that this owner possesses the acquisition authority of temporary key in the Control Server of community.Second terminal is mobile phone B, and the second user of the second terminal is the instant messaging good friend of this owner, needs access control to be opening during the second user visiting first user.The flow process of the access control method that the embodiment of the present invention provides is specific as follows:

Mobile phone A provides the application button of temporary key, and first user is clicked this button and triggered mobile phone A to the application of Control Server transmission temporary key, carries first user mark in this temporary key application.Control Server, according to existing record, detects first user and is designated default access mark, then for mobile phone A distributes the authorization information of temporary key and this temporary key; In addition, Control Server is this temporary key configuration timeliness attribute, and the effective time configuring this temporary key is 2 minutes, and prompts for " please in 2 minutes, using key " based on the service time that this timeliness attribute generates this temporary key.Prompting service time of this temporary key and this temporary key is returned to mobile phone A by Control Server.

First user can instant messaging application in starting hand-set A, and sets up instant communication session with the second user of mobile phone B side and is connected, is pointed out the service time of temporary key and temporary key and sends to the second user.Mobile phone B can show prompting service time of this temporary key and this temporary key in instant communication session interface.When user clicks this temporary key in prompting service time of this temporary key, the NFC module can called in mobile phone B is set up NFC with Control Server and is connected, meanwhile, mobile phone B generation is carried the interim access control request of this temporary key first and is sent to Control Server.

When Control Server receives the described first interim access control request, judge that whether the system time of the time of reception is the effective time that the timeliness attribute of this temporary key comprises, if, then from the described first interim access control request, extract temporary key, temporary key is mated with the authorization information of this temporary key, if match, then access control is in opening.Second user then can enter in community and visit first user.

Referring to Fig. 6, is the process flow diagram of another access control method that the embodiment of the present invention provides; The present embodiment sets forth the flow process of access control method from the mutual side of first terminal, the second terminal and Control Server; The method can comprise the following steps S601-step S616.

S601, first terminal sends temporary key application to Control Server, carries applicant's mark in described temporary key application.

S602, described Control Server detects whether described applicant's mark of carrying in described temporary key application is default access mark.

S603, if described applicant is designated default access mark, described Control Server distributes the authorization information of temporary key and described temporary key according to described temporary key application.

S604, described Control Server is described temporary key configuration temporal properties.

S605, described Control Server, according to described temporal properties, generates the use prompting that described temporary key is corresponding.

S606, described temporary key and described use prompting are returned to described first terminal by described Control Server.

S607, the application of described first terminal open communication, described communications applications comprises: any one in short message application, SNS application, instant messaging application and mailbox application.

S608, described first terminal sends described temporary key and described use prompting by described communications applications to described second terminal.

The step S601-step S608 of the present embodiment can the step S501-step S508 of embodiment shown in Figure 5, is not repeated herein.

S609, described second terminal generates the second interim access control request comprising described temporary key and requestor's mark.

Described second terminal based on the Data Transport Protocol reached between described Control Server, can be carried out encapsulation process to described temporary key and requestor's mark, generates the described second interim access control request.Wherein, described request person's mark can be the mark of described second terminal, also can be the user ID of described second end side.

S610, described second terminal is set up short-range communication with described Control Server and is connected.

The step S610 of the present embodiment can the step S510 of embodiment shown in Figure 5, is not repeated herein.

S611, reporting the prompting of mark, sending the described second interim access control request by being connected with the short-range communication that described Control Server is set up to described Control Server during described second terminal temporary key described according to described use.

The step S609-step S611 of the present embodiment can be the concrete refinement step of step S405 embodiment illustrated in fig. 4.

S612, described Control Server is resolved the described second interim access control request, obtains described temporary key and described request person's mark.

Described Control Server based on the Data Transport Protocol reached between described second terminal, can be resolved and obtains described temporary key and described request person's mark from the described second interim access control request.

S613, described Control Server judges that whether described request person's mark is user's mark of the described temporary key that described Authorization Attributes comprises.

If described request person is designated user's mark of the described temporary key that described Authorization Attributes comprises, show the legitimate user of described request person for described temporary key, the use authentication success of described temporary key; Otherwise the use failed authentication of described temporary key, authentication failed is not passed through.

S614, if described request person is designated user's mark of described temporary key, described Control Server adopts the authorization information of described temporary key to verify described temporary key.

S615, if the authorization information of described temporary key and described temporary key matches, described Control Server confirms to be verified.

The step S612-step S615 of the present embodiment can be the concrete refinement step of step S406 embodiment illustrated in fig. 4.

S616, after being verified, described Control Server is according to the described second interim access control Request Control gate inhibition state.

The step S614-S616 of the present embodiment can the associated description of step S515-S517 of embodiment shown in Figure 5, is not repeated herein.

The flow process of the access control method shown in above-mentioned Fig. 6 is elaborated below in conjunction with an instantiation.

Mobile phone A provides the application button of temporary key, and first user is clicked this button and triggered mobile phone A to the application of Control Server transmission temporary key, carries first user mark in this temporary key application.Control Server, according to existing record, detects first user and is designated default access mark, then for mobile phone A distributes the authorization information of temporary key and this temporary key; In addition, Control Server is this temporary key configuration Authorization Attributes, and the user configuring this temporary key is designated the instant messaging good friend mark of first user, and reports the prompting of mark when generating use temporary key based on this Authorization Attributes.Control Server reports the prompting of mark to return to mobile phone A by when this temporary key and use temporary key.

First user can instant messaging application in starting hand-set A, and sets up instant communication session with the second user of mobile phone B side and is connected, is pointed out the service time of temporary key and temporary key and sends to the second user.Mobile phone B can show this temporary key and use the prompting reporting mark during temporary key in instant communication session interface.When user clicks this temporary key, the NFC module can called in mobile phone B is set up NFC with Control Server and is connected, and meanwhile, mobile phone B generates the second interim access control request of carrying the mark of this temporary key and the second user and is sent to Control Server.

Control Server judges that the mark of the second user that the described second interim access control request is carried is the instant messaging good friend user ID of described first user, meet the Authorization Attributes of this temporary key, then from the described second interim access control request, extract temporary key, temporary key is mated with the authorization information of this temporary key, if match, then access control is in opening.Second user then can enter in community and visit first user.

Referring to Fig. 7, is the process flow diagram of another access control method that the embodiment of the present invention provides; The present embodiment sets forth the flow process of access control method from the mutual side of first terminal, the second terminal and Control Server; The method can comprise the following steps S701-step S716.

S701, first terminal sends temporary key application to Control Server, carries applicant's mark in described temporary key application.

S702, described Control Server detects whether described applicant's mark of carrying in described temporary key application is default access mark.

S703, if described applicant is designated default access mark, described Control Server distributes the authorization information of temporary key and described temporary key according to described temporary key application.

S704, described Control Server is described temporary key configuration temporal properties.

S705, described Control Server, according to described temporal properties, generates the use prompting that described temporary key is corresponding.

S706, described temporary key and described use prompting are returned to described first terminal by described Control Server.

S707, the application of described first terminal open communication, described communications applications comprises: any one in short message application, SNS application, instant messaging application and mailbox application.

S708, described first terminal sends described temporary key and described use prompting by described communications applications to described second terminal.

The step S701-step S708 of the present embodiment can the step S501-step S508 of embodiment shown in Figure 5, is not repeated herein.

S709, described second terminal generates the 3rd interim access control request comprising described temporary key and requestor's mark.

Described second terminal based on the Data Transport Protocol reached between described Control Server, can be carried out encapsulation process to described temporary key and requestor's mark, generates the described 3rd interim access control request.Wherein, described request person's mark can be the mark of described second terminal, also can be the user ID of described second end side.

S710, described second terminal is set up short-range communication with described Control Server and is connected.

The step S710 of the present embodiment can the step S510 of embodiment shown in Figure 5, is not repeated herein.

S711, described second terminal is pointed out according to the access times of described temporary key, sends the described 3rd interim access control request by being connected with the short-range communication that described Control Server is set up to described Control Server.

The step S709-step S711 of the present embodiment can be the concrete refinement step of step S405 embodiment illustrated in fig. 4.

S712, described Control Server is resolved the described 3rd interim access control request, obtains described temporary key and described request person's mark.

Described Control Server based on the Data Transport Protocol reached between described second terminal, can be resolved and obtains described temporary key and described request person's mark from the described 3rd interim access control request.

S713, whether described Control Server exceedes effective access times of the described temporary key that described quantitative attribute comprises from the quantity of the described 3rd interim access control request of described request person according to described request person's label detection.

If described quantity does not exceed effective access times of the described temporary key that described quantitative attribute comprises, show that described second terminal uses described temporary key in effective access times of described temporary key, the use authentication success of described temporary key; Otherwise the use failed authentication of described temporary key, authentication failed is not passed through.

S714, if described quantity does not exceed effective access times of described temporary key, described Control Server adopts the authorization information of described temporary key to verify described temporary key.

S715, if the authorization information of described temporary key and described temporary key matches, described Control Server confirms to be verified.

The step S712-step S715 of the present embodiment can be the concrete refinement step of step S406 embodiment illustrated in fig. 4.

S716, after being verified, described Control Server is according to the described 3rd interim access control Request Control gate inhibition state.

The step S714-S716 of the present embodiment can the associated description of step S515-S517 of embodiment shown in Figure 5, is not repeated herein.

The flow process of the access control method shown in above-mentioned Fig. 7 is elaborated below in conjunction with an instantiation.

Mobile phone A provides the application button of temporary key, and first user is clicked this button and triggered mobile phone A to the application of Control Server transmission temporary key, carries first user mark in this temporary key application.Control Server, according to existing record, detects first user and is designated default access mark, then for mobile phone A distributes the authorization information of temporary key and this temporary key; In addition, Control Server is this temporary key configuration quantitative attribute, and the effective access times configuring this temporary key are 3 times, and prompt for based on the access times that this timeliness attribute generates this temporary key.The use prompting for several times of this temporary key and this temporary key is returned to mobile phone A by Control Server.

First user can instant messaging application in starting hand-set A, and sets up instant communication session with the second user of mobile phone B side and is connected, is pointed out the service time of temporary key and temporary key and sends to the second user.Mobile phone B can show the access times prompting of this temporary key and this temporary key in instant communication session interface.When user clicks this temporary key in the number of times indicated by the access times prompting of this temporary key, the NFC module can called in mobile phone B is set up NFC with Control Server and is connected, meanwhile, mobile phone B generates the 3rd interim access control request of carrying the mark of this temporary key and the second user and is sent to Control Server.

Whether Control Server detects quantity that the second user asked more than 3 times, if not, then from the described 3rd interim access control request, extract temporary key, temporary key is mated with the authorization information of this temporary key, if match, then access control is in opening.Second user then can enter in community and visit first user.

It should be noted that, Fig. 5-Fig. 7 has set forth access control process when described temporal properties comprises timeliness attribute, Authorization Attributes or quantitative attribute respectively, above-mentioned three embodiments can flexible combination and utilization in actual applications, such as: if when described temporal properties comprises three attribute simultaneously, can work as described temporary key when meeting two or more attribute, described Control Server is that described second terminal carries out access control service.

Below in conjunction with accompanying drawing 8-accompanying drawing 9, the 26S Proteasome Structure and Function of a kind of access control device that the embodiment of the present invention provides is described in detail.It should be noted that, the access control device shown in Fig. 8-Fig. 9 can run in a terminal, specifically can run in the first terminal shown in the embodiment of the present invention, to be applied in the method shown in above-mentioned Fig. 1-Fig. 7.

Referring to Fig. 8, is the structural representation of a kind of access control device that the embodiment of the present invention provides; This device can comprise: temporary key application module 101, receiver module 102 and access control module 103.

Temporary key application module 101, for sending temporary key application to Control Server, making described Control Server be that first terminal distributes temporary key according to described temporary key application, and generating the use prompting of described temporary key.

Receiver module 102, for receiving the described temporary key and described use prompting that described Control Server returns.

Can be connected by wired or wireless mode between described first terminal with described Control Server; The described use prompting of the described temporary key distributed and generation based on the wired or wireless connection of having set up, can be returned to described first terminal by described Control Server.In practical application, described temporary key and described use prompting can be encapsulated as a response message by described Control Server, and based on the wired or wireless connection of having set up, will described temporary key be comprised and use the response message of prompting to return to described receiver module 102.

Access control module 103, for described temporary key and described use prompting are sent to the second terminal, described temporary key is used to send interim access control request to described Control Server to make described second terminal according to described use prompting, and according to interim access control request, authentication verification is carried out to described second terminal by described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

Data cube computation can be set up by wired or wireless mode between described first terminal and described second terminal; If when being all provided with communications applications in described first terminal and described second terminal, described first terminal and described second terminal can adopt communications applications to carry out data transmission, and this communications applications can include but not limited to: short message application, SNS application, instant messaging application and mailbox application etc.Described access control module 103 can based on the data cube computation of the wired or wireless mode set up between described second terminal, or based on the communications applications in described first terminal, the response message comprising described temporary key and described use prompting is sent to described second terminal, described second terminal can show described use prompting and described temporary key in display interface, make the user of the second terminal described temporary key correctly can be used to send interim access control request to described Control Server according to described use prompting, so that can by the authentication verification of described Control Server, success access control state.

Referring to Fig. 9, is the structural representation of the embodiment of the access control module 103 shown in Fig. 8; Unit 1301 and transmitting element 1302 are opened in application.

Application open unit 1301, for opening the communications applications in described first terminal, described communications applications comprises: short message application, SNS application, instant messaging application and mailbox application in any one.

Transmitting element 1302, for sending described temporary key and described use prompting by described communications applications to described second terminal, described temporary key is used to send interim access control request to described Control Server to make described second terminal according to described use prompting, and according to interim access control request, authentication verification is carried out to described second terminal by described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

The embodiment of the present invention additionally provides a kind of terminal, and this terminal can be the first terminal shown in the embodiment of the present invention, and this first terminal can comprise: mobile phone, smart mobile phone, PDA, intelligent wearable device etc.Can comprise an access control device in this first terminal, the 26S Proteasome Structure and Function of this device see the associated description of above-mentioned Fig. 8-embodiment illustrated in fig. 9, can be not repeated herein.

Below in conjunction with accompanying drawing 10-accompanying drawing 14, the 26S Proteasome Structure and Function of a kind of access control device that the embodiment of the present invention provides is described in detail.It should be noted that, the access control device shown in Figure 10-Figure 14 can run in Control Server, to be applied in the method shown in above-mentioned Fig. 1-Fig. 7.

Referring to Figure 10, is the structural representation of the another kind of access control device that the embodiment of the present invention provides; This device can comprise: distribution module 201, return module 202, authentication verification module 203 and access control module 204.

Distribution module 201, for the temporary key application sent according to first terminal, for described first terminal distributes temporary key, and generates the use prompting of described temporary key.

Described temporary key application is used for obtaining temporary key to described Control Server application.Can be connected by wired or wireless mode between described Control Server with described first terminal, described Control Server based on being wired or wirelessly connected of having set up between described first terminal, receive the temporary key application that described first terminal sends; Described distribution module 201, according to described temporary key application, can be distributed a temporary key for access control, and configure the temporal properties of this temporary key, generates the use prompting of described temporary key according to this temporal properties.

Return module 202, for described temporary key and described use prompting are returned to described first terminal, to make described first terminal that described temporary key and described use prompting are sent to the second terminal, the described temporary key of use is pointed out to send interim access control request by described second terminal according to described use.

Can be connected by wired or wireless mode between described first terminal with described Control Server; The described use prompting of the described temporary key distributed and generation based on the wired or wireless connection of having set up, can be returned to described first terminal by the described module 202 that returns.In practical application, described temporary key and described use prompting can be encapsulated as a response message by the described module 202 that returns, and based on the wired or wireless connection of having set up, will described temporary key be comprised and use the response message of prompting to return to described first terminal.Described first terminal is after receiving the described temporary key and described use prompting that described Control Server returns, can based on the data cube computation of the wired or wireless mode set up between described second terminal, or based on the communications applications in described first terminal, the response message comprising described temporary key and described use prompting is sent to described second terminal, described second terminal can show described use prompting and described temporary key in display interface, make the user of the second terminal described temporary key correctly can be used to send interim access control request to described Control Server according to described use prompting.

Authentication verification module 203, for carrying out authentication verification according to described interim access control request to described second terminal.

Described temporary key is carried in described interim access control request.Because the user holding temporary key in use will be subject to the restriction of the temporal properties such as such as time, number of times or authority, described authentication verification module 203 can comprise the process that described second terminal carries out authentication verification: to the use authentication process of described temporary key, and the verification of correctness process to described temporary key.Wherein, described authentication verification module 203 can adopt the temporal properties of described temporary key, carries out use authentication to described temporary key; The dependability of described temporary key can be ensured the use authentication process of described temporary key, prevent described temporary key from being abused.Described authentication verification module 203 can adopt the authorization information that described temporary key is corresponding, carries out verification of correctness to described temporary key; The validity and the integrality that ensure described temporary key be can be used for the verification of correctness process of described temporary key.

Access control module 204, for after being verified, according to described interim access control Request Control gate inhibition state.

If described access control module 204 confirms that described second terminal authentication passes through, namely show that described second terminal uses correct temporary key to carry out interim access control according to described use prompting, described access control module 204 can respond described interim access control request, access control state.Particularly, if described interim access control request requires opening gate, described access control module 204 access controls are in opening; If described interim access control request requires to close gate inhibition, described access control module 204 access controls are in closed condition.In the embodiment of the present invention, if described access control module 204 confirms that described second terminal authentication failure is not passed through, also can send failed information to described second terminal, export described failed information to make described second terminal to the user of described second terminal.

Refer to Figure 10 again, alternatively, this device also can comprise: authority detection module 205.

Authority detection module 205, for detecting whether applicant's mark of carrying in described temporary key application is default access mark, if described applicant is designated default access mark, then notify the temporary key application that described distribution module sends according to first terminal, for described first terminal distributes temporary key, and generate the use prompting of described temporary key; Wherein, described applicant mark is carried in described temporary key application.

The mark that have recorded registration terminal due to described Control Server and the authority possessed, and the mark that have recorded registered user and the authority possessed, that is, described Control Server management is for obtaining the default access mark of temporary key, this default access mark both can be the mark of registration terminal, also can be the mark of registered user.Described authority detection module 205 detects whether described applicant's mark of carrying in described provisional application is default access mark, and whether namely detect described applicant is possess terminal or the user that temporary key obtains authority.The testing process of described authority detection module 205 can ensure the reliability that temporary key obtains and uses to prevent temporary key from being abused.

Referring to Figure 11, is the structural representation of the embodiment of the distribution module 201 shown in Figure 10; This distribution module 201 can comprise: allocation units 2101, attribute configuration unit 2102 and prompting generation unit 2103.

Allocation units 2101, for distributing the authorization information of temporary key and described temporary key according to described temporary key application.

Described allocation units 2101 according to described temporary key application, can distribute a temporary key for access control, and record the authorization information of described temporary key simultaneously.It should be noted that, the authorization information of described temporary key can be used for verifying the correctness of described temporary key, and the authorization information of described temporary key and described temporary key can associatedly be stored in described Control Server in pairs; Such as: if described temporary key is identifying code abcd, then the authorization information of described temporary key is also abcd; For another example: if described temporary key be preset problem " 1+1=? ", then the authorization information of described temporary key can be preset answer " 2 "; Etc..

Attribute configuration unit 2102, for being described temporary key configuration temporal properties.

Wherein, described temporal properties can comprise with at least one in properties: timeliness attribute, Authorization Attributes and quantitative attribute.Described timeliness attribute comprises the effective time of described temporary key; Described Authorization Attributes comprises at least one user mark of described temporary key; Described quantitative attribute comprises effective access times of described temporary key.Described attribute configuration unit 2102 can according to the actual management strategy of temporary key, for described temporary key configuration temporal properties, such as: can according to the actual needs of registration terminal or registered user, the temporal properties of configuration temporary key, as certain registered user requires only to provide temporary key to its instant messaging good friend, user's mark that the Authorization Attributes of described temporary key can comprise by described attribute configuration unit 2102 is set to the instant messaging good friend mark of this registered user; For another example: can according to the strategy of access control, the temporal properties of configuration temporary key, as certain community requires that visitor uses the time of temporary key to be no more than 3 minutes, the effective time that the timeliness attribute of described temporary key comprises can be set to 3 minutes by described attribute configuration unit 2102; Etc..

Prompting generation unit 2103, for according to described temporal properties, generates the use prompting that described temporary key is corresponding.

Because the user holding temporary key in use will be subject to the restrictions such as such as time, number of times or authority, the use prompting of described temporary key can be used for pointing out the user holding temporary key how to use this temporary key; Particularly, the described at least one using prompting can comprise in following prompting: prompting service time of described temporary key, uses the prompting reporting mark during described temporary key, and the access times prompting of described temporary key.Described prompting generation unit 2103, according to described temporal properties, generates the use prompting that described temporary key is corresponding, and particularly, described prompting generation unit 2103, according to described timeliness attribute, generates prompting service time of described temporary key; Described prompting generation unit 2103, according to described Authorization Attributes, generates the prompting reporting mark when using described temporary key; Described prompting generation unit 2103, according to described quantitative attribute, generates the access times prompting of described temporary key.

Referring to Figure 12, is the structural representation of an embodiment of the authentication verification module 203 shown in Figure 10; This authentication verification module 203 can comprise: time acquisition unit 2301, timeliness judging unit 2302, first resolution unit 2303, first authentication unit 2304 and the first results verification unit 2305.

Time acquisition unit 2301, for when receiving the first interim access control request that described second terminal sends, obtain the system time of the time of reception, described temporary key is carried in the described first interim access control request.

Timeliness judging unit 2302, for judging that whether described system time is the effective time of the described temporary key that described timeliness attribute comprises.

If described system time is the effective time of the described temporary key that described timeliness attribute comprises, show that described second terminal uses described temporary key within the effective time of described temporary key, the use authentication success of described temporary key.If described system time is not the effective time of the described temporary key that described timeliness attribute comprises, show that described second terminal uses described temporary key in the out-of-service time of described temporary key, the then use failed authentication of described temporary key, authentication failed is not passed through.

First resolution unit 2303, if the effective time for described system time being described temporary key, resolves and obtains described temporary key from the described first interim access control request.

Described first resolution unit 2303 based on the Data Transport Protocol reached between described second terminal, can be resolved and obtains described temporary key from the described first interim access control request.

First authentication unit 2304, verifies described temporary key for adopting the authorization information of described temporary key.

First results verification unit 2305, if match for the authorization information of described temporary key and described temporary key, confirms to be verified.

According to example shown in the present embodiment, such as: if described temporary key is abcd, the authorization information of described temporary key is also abcd, and the two matches; For another example: if described temporary key be " 1+1=? ", the authorization information of described temporary key is " 2 ", and the two matches.If the authorization information of described temporary key and described temporary key matches, show that described temporary key is correctly complete, the verification of correctness success of described temporary key.So far, the use authentication success of described temporary key, and the success of the verification of correctness of described temporary key, then described first results verification unit 2305 can confirm to pass through the authentication verification of described second terminal.

Referring to Figure 13, is the structural representation of another embodiment of the authentication verification module 203 shown in Figure 10; This authentication verification module 203 can comprise: the second resolution unit 2311, mark judging unit 2312, second authentication unit 2313 and the second results verification unit 2314.

Second resolution unit 2311, resolves for the second interim access control request sent described second terminal, obtains described temporary key and requestor's mark.

Described second resolution unit 2311 based on the Data Transport Protocol reached between described second terminal, can be resolved and obtains described temporary key and described request person's mark from the described second interim access control request.

Mark judging unit 2312, for judging that whether described request person's mark is user's mark of the described temporary key that described Authorization Attributes comprises.

Second authentication unit 2313, if the user's mark being designated described temporary key for described request person, adopts the authorization information of described temporary key to verify described temporary key.

Second results verification unit 2314, if match for the authorization information of described temporary key and described temporary key, confirms to be verified.

Referring to Figure 14, is the structural representation of another embodiment of the authentication verification module 203 shown in Figure 10; This authentication verification module 203 can comprise: the 3rd resolution unit 2321, number of times detecting unit 2322, the 3rd authentication unit 2323 and the 3rd results verification unit 2324.

3rd resolution unit 2321, resolves for the 3rd interim access control request sent described second terminal, obtains described temporary key and requestor's mark.

Described 3rd resolution unit 2321 based on the Data Transport Protocol reached between described second terminal, can be resolved and obtains described temporary key and described request person's mark from the described 3rd interim access control request.

Whether number of times detecting unit 2322, for exceeding effective access times of the described temporary key that described quantitative attribute comprises from the quantity of the described 3rd interim access control request of described request person according to described request person's label detection.

3rd authentication unit 2323, if the effective access times not exceeding described temporary key for described quantity, adopts the authorization information of described temporary key to verify described temporary key.

3rd results verification unit 2324, if match for the authorization information of described temporary key and described temporary key, confirms to be verified.

The embodiment of the present invention additionally provides a kind of Control Server, and this Control Server can comprise an access control device, and the 26S Proteasome Structure and Function of this device see the associated description of above-mentioned Figure 10-embodiment illustrated in fig. 14, can be not repeated herein.

Below in conjunction with accompanying drawing 15-accompanying drawing 18, the 26S Proteasome Structure and Function of a kind of access control device that the embodiment of the present invention provides is described in detail.It should be noted that, the access control device shown in Figure 15-Figure 18 can run in a terminal, specifically can run in the second terminal shown in the embodiment of the present invention, to be applied in the method shown in above-mentioned Fig. 1-Fig. 7.

Referring to Figure 15, is the structural representation of another access control device that the embodiment of the present invention provides; This device can comprise: receiver module 301 and access control module 302.

Receiver module 301, use for the temporary key and described temporary key that receive first terminal transmission is pointed out, described temporary key and described use prompt for described first terminal and send temporary key application to Control Server, are that described first terminal distributes and obtains by described Control Server according to described temporary key application.

Described first terminal can be connected based on wired or wireless between described Control Server, sends temporary key application to described Control Server, for obtaining temporary key to described Control Server application; Described Control Server is that described first terminal distributes described temporary key according to described temporary key application, and the use prompting generating described temporary key returns to described first terminal in the lump.Described first terminal can based on the data cube computation of the wired or wireless mode set up between described second terminal, or based on the communications applications in described first terminal, described temporary key and described use prompting are sent to described second terminal, and described receiver module 301 receives described temporary key and the described use prompting of the transmission of described first terminal.

Access control module 302, for using described temporary key to send interim access control request to described Control Server according to described use prompting, according to interim access control request, authentication verification is carried out to the second terminal to make described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

Described second terminal can show described use prompting and described temporary key in display interface, and the user of the second terminal correctly can use described temporary key to send interim access control request to described Control Server according to described use prompting by described access control module 302.Described Control Server carries out authentication verification according to interim access control request to described second terminal, and after being verified, according to described interim access control Request Control gate inhibition state.If described second terminal authentication passes through, namely show that described second terminal uses correct temporary key to carry out interim access control according to described use prompting, described Control Server then can respond described interim access control request, access control state.Particularly, if described interim access control request requires opening gate, described Control Server then access control is in opening; If described interim access control request requires to close gate inhibition, described Control Server then access control is in closed condition.

Referring to Figure 16, is the structural representation of an embodiment of the access control module 302 shown in Figure 15; This access control module 302 can comprise: the first request generation unit 3201, first linkage unit 3202 and the first request transmitting unit 3203.

First request generation unit 3201, for generating the first interim access control request of carrying described temporary key.

Described first request generation unit 3201 based on the Data Transport Protocol reached between described Control Server, can carry out encapsulation process to described temporary key, generates the described first interim access control request.

First linkage unit 3202, is connected for setting up short-range communication with described Control Server.

Described short-range communication connects: NFC connects, bluetooth connects, any one in infrared connection.Be preferably NFC in the present embodiment to connect; NFC module is equipped with in described second terminal, described Control Server provides the NFC interface possessing NFC interactive function, NFC module in described second terminal is connected with the NFC interface of described Control Server, thus realizes described second terminal and be connected with the NFC between described Control Server.

First request transmitting unit 3203, point out for the service time according to described temporary key, the first interim access control request is sent to described Control Server by being connected with the short-range communication that described Control Server is set up, according to the described first interim access control request, authentication verification is carried out to the second terminal to make described Control Server, and after being verified, according to the described first interim access control Request Control gate inhibition state.

Described first request transmitting unit 3203, within the time indicated by prompting service time of described temporary key, sends the described first interim access control request by being connected with the short-range communication that described Control Server is set up to described Control Server.

Referring to Figure 17, is the structural representation of another embodiment of the access control module 302 shown in Figure 15; This access control module 302 can comprise: the second request generation unit 3211, second linkage unit 3212 and the second request transmitting unit 3213.

Second request generation unit 3211, generates the second interim access control request comprising described temporary key and requestor's mark for described second terminal.

Described second request generation unit 3211 based on the Data Transport Protocol reached between described Control Server, can carry out encapsulation process to described temporary key and requestor's mark, generates the described second interim access control request.Wherein, described request person's mark can be the mark of described second terminal, also can be the user ID of described second end side.

Second linkage unit 3212, is connected for setting up short-range communication with described Control Server.

Second request transmitting unit 3213, for reporting the prompting of mark during temporary key described according to described use, the described second interim access control request is sent to described Control Server by being connected with the short-range communication that described Control Server is set up, according to the described second interim access control request, authentication verification is carried out to the second terminal to make described Control Server, and after being verified, according to the described second interim access control Request Control gate inhibition state.

Referring to Figure 18, is the structural representation of another embodiment of the access control module 302 shown in Figure 15; This access control module 302 can comprise: the 3rd request generation unit 3221, the 3rd linkage unit 3222 and the 3rd request transmitting unit 3223.

3rd request generation unit 3221, for generating the 3rd interim access control request comprising described temporary key and requestor's mark.

Described 3rd request generation unit 3221 based on the Data Transport Protocol reached between described Control Server, can carry out encapsulation process to described temporary key and requestor's mark, generates the described 3rd interim access control request.Wherein, described request person's mark can be the mark of described second terminal, also can be the user ID of described second end side.

3rd linkage unit 3222, is connected for setting up short-range communication with described Control Server.

3rd request transmitting unit 3223, point out for the access times according to described temporary key, the described 3rd interim access control request is sent to described Control Server by being connected with the short-range communication that described Control Server is set up, according to the 3rd interim access control request, authentication verification is carried out to the second terminal to make described Control Server, and after being verified, according to the described 3rd interim access control Request Control gate inhibition state.

The embodiment of the present invention additionally provides another kind of terminal, and this terminal can be the second terminal shown in the embodiment of the present invention, and this second terminal can comprise: mobile phone, smart mobile phone, PDA, intelligent wearable device etc.Can comprise an access control device in this second terminal, the 26S Proteasome Structure and Function of this device see the associated description of above-mentioned Figure 15-embodiment illustrated in fig. 18, can be not repeated herein.

One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc.

Above disclosedly be only a kind of preferred embodiment of the present invention, certainly the interest field of the present invention can not be limited with this, one of ordinary skill in the art will appreciate that all or part of flow process realizing above-described embodiment, and according to the equivalent variations that the claims in the present invention are done, still belong to the scope that invention is contained.

Claims

1. an access control method, is characterized in that, comprising:

First terminal sends temporary key application to Control Server;

2. the method for claim 1, is characterized in that, carries applicant's mark in described temporary key application;

Described Control Server is that described first terminal distributes temporary key according to described temporary key application, and before generating the use prompting of described temporary key, also comprises:

Described Control Server detects whether described applicant's mark of carrying in described temporary key application is default access mark;

If described applicant is designated default access mark, it is that described first terminal distributes temporary key that described Control Server then performs according to described temporary key application, and generates the step of the use prompting of described temporary key.

3. method as claimed in claim 1 or 2, is characterized in that, described Control Server is that described first terminal distributes temporary key according to described temporary key application, and generates the use prompting of described temporary key, comprising:

Described Control Server distributes the authorization information of temporary key and described temporary key according to described temporary key application;

Described Control Server is described temporary key configuration temporal properties;

Described Control Server, according to described temporal properties, generates the use prompting that described temporary key is corresponding.

4. method as claimed in claim 3, is characterized in that, described temporal properties comprises with at least one in properties: timeliness attribute, Authorization Attributes and quantitative attribute;

Described timeliness attribute comprises the effective time of described temporary key; Described Authorization Attributes comprises at least one user mark of described temporary key; Described quantitative attribute comprises effective access times of described temporary key;

The described at least one using prompting to comprise in following prompting: prompting service time of described temporary key, uses the prompting reporting mark during described temporary key, and the access times prompting of described temporary key.

5. method as claimed in claim 3, is characterized in that, described temporary key and described use prompting are sent to the second terminal by described first terminal, comprising:

The application of described first terminal open communication, described communications applications comprises: any one in short message application, social network services SNS application, instant messaging application and mailbox application;

Described first terminal sends described temporary key and described use prompting by described communications applications to described second terminal.

6. method as claimed in claim 4, is characterized in that, described second terminal uses described temporary key to send interim access control request to described Control Server according to described use prompting, comprising:

Described second terminal generates the first interim access control request of carrying described temporary key;

Described second terminal is set up short-range communication with described Control Server and is connected;

Described second terminal was pointed out according to the service time of described temporary key, sent the described first interim access control request by being connected with the short-range communication that described Control Server is set up to described Control Server.

7. method as claimed in claim 6, it is characterized in that, described Control Server carries out authentication verification according to interim access control request to described second terminal, comprising:

Described Control Server, when receiving the described first interim access control request, obtains the system time of the time of reception;

Described Control Server judges that whether described system time is the effective time of the described temporary key that described timeliness attribute comprises;

If described system time is the effective time of described temporary key, described Control Server is resolved and is obtained described temporary key from the described first interim access control request;

Described Control Server adopts the authorization information of described temporary key to verify described temporary key;

If the authorization information of described temporary key and described temporary key matches, described Control Server confirms to be verified.

8. method as claimed in claim 4, is characterized in that, described second terminal uses described temporary key to send interim access control request to described Control Server according to described use prompting, comprising:

Described second terminal generates the second interim access control request comprising described temporary key and requestor's mark;

Reporting the prompting of mark during described second terminal temporary key described according to described use, sending the described second interim access control request by being connected with the short-range communication that described Control Server is set up to described Control Server.

9. method as claimed in claim 8, it is characterized in that, described Control Server carries out authentication verification according to interim access control request to described second terminal, comprising:

Described Control Server is resolved the described second interim access control request, obtains described temporary key and described request person's mark;

Described Control Server judges that whether described request person's mark is user's mark of the described temporary key that described Authorization Attributes comprises;

If described request person is designated user's mark of described temporary key, described Control Server adopts the authorization information of described temporary key to verify described temporary key;

10. method as claimed in claim 4, is characterized in that, described second terminal uses described temporary key to send interim access control request to described Control Server according to described use prompting, comprising:

Described second terminal generates the 3rd interim access control request comprising described temporary key and requestor's mark;

Described second terminal is pointed out according to the access times of described temporary key, sends the described 3rd interim access control request by being connected with the short-range communication that described Control Server is set up to described Control Server.

11. methods as claimed in claim 10, it is characterized in that, described Control Server carries out authentication verification according to interim access control request to described second terminal, comprising:

Described Control Server is resolved the described 3rd interim access control request, obtains described temporary key and described request person's mark;

Whether described Control Server exceedes effective access times of the described temporary key that described quantitative attribute comprises from the quantity of the described 3rd interim access control request of described request person according to described request person's label detection;

If described quantity does not exceed effective access times of described temporary key, described Control Server adopts the authorization information of described temporary key to verify described temporary key;

12. 1 kinds of access control methods, is characterized in that, comprising:

13. 1 kinds of access control methods, is characterized in that, comprising:

14. 1 kinds of access control methods, is characterized in that, comprising:

15. 1 kinds of access control devices, is characterized in that, comprising:

16. devices as claimed in claim 15, it is characterized in that, described access control module comprises:

Application open unit, for opening the communications applications in described first terminal, described communications applications comprises: short message application, SNS application, instant messaging application and mailbox application in any one;

Transmitting element, for sending described temporary key and described use prompting by described communications applications to described second terminal, described temporary key is used to send interim access control request to described Control Server to make described second terminal according to described use prompting, and according to interim access control request, authentication verification is carried out to described second terminal by described Control Server, and after being verified, according to described interim access control Request Control gate inhibition state.

17. 1 kinds of terminals, is characterized in that, comprise the access control device as described in claim 15 or 16.

18. 1 kinds of access control devices, is characterized in that, comprising:

19. devices as claimed in claim 18, is characterized in that, also comprise:

Authority detection module, for detecting whether applicant's mark of carrying in described temporary key application is default access mark, if described applicant is designated default access mark, then notify the temporary key application that described distribution module sends according to first terminal, for described first terminal distributes temporary key, and generate the use prompting of described temporary key;

Wherein, described applicant mark is carried in described temporary key application.

20. devices as described in claim 18 or 19, it is characterized in that, described distribution module comprises:

Allocation units, for distributing the authorization information of temporary key and described temporary key according to described temporary key application;

Attribute configuration unit, for being described temporary key configuration temporal properties;

Prompting generation unit, for according to described temporal properties, generates the use prompting that described temporary key is corresponding.

21. devices as claimed in claim 20, is characterized in that, described temporal properties comprises with at least one in properties: timeliness attribute, Authorization Attributes and quantitative attribute;

22. devices as claimed in claim 21, it is characterized in that, described authentication verification module comprises:

Time acquisition unit, for when receiving the first interim access control request that described second terminal sends, obtain the system time of the time of reception, described temporary key is carried in the described first interim access control request;

Timeliness judging unit, for judging that whether described system time is the effective time of the described temporary key that described timeliness attribute comprises;

First resolution unit, if the effective time for described system time being described temporary key, resolves and obtains described temporary key from the described first interim access control request;

First authentication unit, verifies described temporary key for adopting the authorization information of described temporary key;

First results verification unit, if match for the authorization information of described temporary key and described temporary key, confirms to be verified.

23. devices as claimed in claim 21, it is characterized in that, described authentication verification module comprises:

Second resolution unit, resolves for the second interim access control request sent described second terminal, obtains described temporary key and requestor's mark;

Authenticating unit, for judging that whether described request person's mark is user's mark of the described temporary key that described Authorization Attributes comprises;

Second authentication unit, if the user's mark being designated described temporary key for described request person, adopts the authorization information of described temporary key to verify described temporary key;

Second results verification unit, if match for the authorization information of described temporary key and described temporary key, confirms to be verified.

24. devices as claimed in claim 21, it is characterized in that, described authentication verification module comprises:

3rd resolution unit, resolves for the 3rd interim access control request sent described second terminal, obtains described temporary key and requestor's mark;

Whether number of times detecting unit, for exceeding effective access times of the described temporary key that described quantitative attribute comprises from the quantity of the described 3rd interim access control request of described request person according to described request person's label detection;

3rd authentication unit, if the effective access times not exceeding described temporary key for described quantity, adopts the authorization information of described temporary key to verify described temporary key;

3rd results verification unit, if match for the authorization information of described temporary key and described temporary key, confirms to be verified.

25. 1 kinds of Control Servers, is characterized in that, comprise the access control device as described in any one of claim 18-24.

26. 1 kinds of access control devices, is characterized in that, comprising:

27. devices as claimed in claim 26, it is characterized in that, described access control module comprises:

First request generation unit, for generating the first interim access control request of carrying described temporary key;

First linkage unit, is connected for setting up short-range communication with described Control Server;

First request transmitting unit, point out for the service time according to described temporary key, the first interim access control request is sent to described Control Server by being connected with the short-range communication that described Control Server is set up, according to the described first interim access control request, authentication verification is carried out to the second terminal to make described Control Server, and after being verified, according to the described first interim access control Request Control gate inhibition state.

28. devices as claimed in claim 26, it is characterized in that, described access control module comprises:

Second request generation unit, generates the second interim access control request comprising described temporary key and requestor's mark for described second terminal;

Second linkage unit, is connected for setting up short-range communication with described Control Server;

Second request transmitting unit, for reporting the prompting of mark during temporary key described according to described use, the described second interim access control request is sent to described Control Server by being connected with the short-range communication that described Control Server is set up, according to the described second interim access control request, authentication verification is carried out to the second terminal to make described Control Server, and after being verified, according to the described second interim access control Request Control gate inhibition state.

29. devices as claimed in claim 26, it is characterized in that, described access control module comprises:

3rd request generation unit, for generating the 3rd interim access control request comprising described temporary key and requestor's mark;

3rd linkage unit, is connected for setting up short-range communication with described Control Server;

3rd request transmitting unit, point out for the access times according to described temporary key, the described 3rd interim access control request is sent to described Control Server by being connected with the short-range communication that described Control Server is set up, according to the 3rd interim access control request, authentication verification is carried out to the second terminal to make described Control Server, and after being verified, according to the described 3rd interim access control Request Control gate inhibition state.

30. 1 kinds of terminals, is characterized in that, comprise the access control device as described in any one of claim 26-29.