CN109407528A

CN109407528A - Safety access method, device, server and storage medium

Info

Publication number: CN109407528A
Application number: CN201811094060.9A
Authority: CN
Inventors: 孙永利
Original assignee: Beijing Xiaomi Mobile Software Co Ltd
Current assignee: Beijing Xiaomi Mobile Software Co Ltd
Priority date: 2018-09-19
Filing date: 2018-09-19
Publication date: 2019-03-01

Abstract

The disclosure is directed to a kind of safety access method, device, server and storage mediums, this method comprises: receiving access request；Judge in the access request whether include preset kind information, the information of the preset kind includes the facility information for sending the account information of the access request and executing the electronic equipment of access operation, and the information of the preset kind is at least used for the account access authority whether of monitoring device described in authentication-access；If including the information of the preset kind in the access request, the verification result of the access authority for the account for accessing the monitoring device is obtained；If verification result shows that the account of the access monitoring device has access authority, the corresponding access data of the access request are sent.The embodiment of the present disclosure can reduce the probability of the leakage of the privacy information of user.

Description

Safety access method, device, server and storage medium

Technical field

This disclosure relates to which family's monitoring field more particularly to a kind of safety access method, device, server and storage are situated between Matter.

Background technique

In order to improve the security requirement of user's domestic environment perhaps working environment can install additional indoors camera or The monitoring devices such as recording device are monitored room area.Monitoring device can connect with the home network of user simultaneously It connects, allows users to remotely through the monitoring number of the monitoring device of application program real time inspection installation within the family on mobile phone According to allowing user in real time in checking monitoring region.

And in the actual use process, malicious intrusions personnel can check prison by stealing other staff's account to realize The purpose for controlling data, can also be carrying out checking monitoring number by way of the network-control order for directly forging checking monitoring data According to so that the stage of monitoring device permission account verifying is skipped, in this way, will lead to the leakage of the privacy information of user.Therefore, it needs Certain limitation is made to the access of the monitoring data of checking monitoring equipment, avoid the leakage of the privacy information of user.

Summary of the invention

The embodiment of the present disclosure provides a kind of safety access method, device, server and storage medium, so as to monitoring device Access controlled, reduce malicious user accessing monitoring equipment probability, protect the safety of monitoring device.

According to the first aspect of the embodiments of the present disclosure, a kind of safety access method is provided, the method is applied to monitoring and sets In standby, which comprises receive access request；Judge in the access request whether include preset kind information, it is described The information of preset kind includes the equipment letter for the electronic equipment for sending the account information of the access request and executing access operation Whether breath, the account that the information of the preset kind is at least used for monitoring device described in authentication-access have access authority；If Include the information of the preset kind in the access request, then obtains the access right for the account for accessing the monitoring device The verification result of limit；If verification result shows that the account of the access monitoring device has access authority, institute is sent State the corresponding access data of access request.

In a kind of possible embodiment, if not including the information of the preset kind in the access request, Refuse the access request.

In a kind of possible embodiment, the facility information includes: the first identifier and positioning of the electronic equipment At least one of information, wherein the first identifier is used to confirm the identity for the electronic equipment for executing the access operation.

In a kind of possible embodiment, if in the access request including the information of the preset kind, The verification result for then obtaining the access authority of the account for the access monitoring device includes: according to the access request and institute It states the second identifier of monitoring device, generates the first checking request, and send first checking request to server, described second Identify the identity for confirming the monitoring device；Receive be directed to first checking request the returned from the server One return information；The verification result for being directed to the access request is determined based on first return information

In a kind of possible embodiment, if in the access request including the information of the preset kind, The verification result for then obtaining the access authority of the account for the access monitoring device includes: according to the access request and institute The second identifier for stating monitoring device generates the first checking request, and sends first checking request to server, and described second Identify the identity for confirming the monitoring device；Receive be directed to first checking request the returned from the server One return information；The verifying of the access authority for the account for accessing the monitoring device is determined based on first return information As a result.

In a kind of possible embodiment, described determined based on first return information is set for the access monitoring If the verification result of the access authority of standby account includes: that first return information indicates to access the account of the monitoring device Family has the access authority of monitoring device corresponding with the second identifier, it is determined that is proved to be successful to the access request.

In a kind of possible embodiment, if showing the account of the access monitoring device in the verification result After family has access authority, and before the corresponding access data of the transmission access request, further includes:

The access data are generated according to the monitoring data of the monitoring device.

In a kind of possible embodiment, if showing the account of the access monitoring device in the verification result After family has access authority, and before the corresponding access data of the transmission access request, further includes: according to described The access data are generated to the access log of the monitoring device in the monitoring data and preset time of monitoring device；It is described Access log includes the equipment for executing the account information of access operation to the monitoring device, executing the electronic equipment of access operation At least one of information and access time.

In a kind of possible embodiment, the monitoring device includes: picture pick-up device and/or sound pick-up outfit.

According to the second aspect of an embodiment of the present disclosure, a kind of safety access method is provided, the method is applied to server In, which comprises

The first checking request is received, first checking request includes the information of preset kind, the letter of the preset kind Breath includes the electronic equipment for sending the account information of access request to monitoring device and executing the access operation of the monitoring device Facility information, and whether account of the information of the preset kind for monitoring device described in authentication-access has access right Limit；According to the information of the preset kind, whether the account for verifying the access monitoring device, which has, sets the monitoring Standby access authority；If the account for accessing the monitoring device has the access authority to the monitoring device, return Return the first return information for indicating to be proved to be successful.

In a kind of possible embodiment, if the account for accessing the monitoring device does not have to the monitoring device Access authority, then return indicate authentication failed the second return information.

In a kind of possible embodiment, the method also includes: have if accessing the account of the monitoring device To the access authority of the monitoring device, then the access log of the monitoring device, the access log are generated and store Information and access time including the preset kind.

In a kind of possible embodiment, the method also includes: it receives access log and checks request；Based on the visit It asks the second identifier that the monitoring device for including in request is checked in log, returns to prison corresponding with the second identifier in preset time The access log of equipment is controlled, the second identifier is used to confirm the identity of the monitoring device.

According to the third aspect of an embodiment of the present disclosure, a kind of secure access device is provided, comprising:

Communication module is used to receive access request；

Judgment module, be used to judge in the access request whether include preset kind information, the preset kind Information include sent to teaching equipment the access request account information and execute access operation electronic equipment equipment Information, and whether the account that the information of the preset kind is at least used for monitoring device described in authentication-access has access right Limit；

Data processing module, when being used in the access request include the information of the preset kind, acquisition is directed to The verification result of the access authority of the account of the monitoring device is accessed, and shows that the access monitoring is set in verification result When standby account has access authority, the corresponding access data of the access request are sent.

In a kind of possible embodiment, the facility information includes: the first identifier and positioning of the electronic equipment At least one of information, the first identifier are used to confirm the identity for the electronic equipment for executing the access operation.

In a kind of possible embodiment, the data processing module is also used in the access request comprising described When the information of preset kind, the first checking request is generated according to the second identifier of the access request and the monitoring device, and First checking request is sent to server, and based on be directed to first checking request the returned from the server One return information determines the verification result for being directed to the access request, and the second identifier is used to confirm the body of the monitoring device Part.

In a kind of possible embodiment, the data processing module is also used in the access monitoring device When account does not have the access authority to the monitoring device, the second return information for indicating authentication failed is returned.

In a kind of possible embodiment, the data processing module is also used to indicate institute in first return information It states and accesses access authority of the account of the monitoring device with monitoring device corresponding with the second identifier of the monitoring device When, determination is proved to be successful the access request.

In a kind of possible embodiment, the data processing module is also used to based on the verification result being proved to be successful, The access data are generated according to the monitoring data of the monitoring device.

In a kind of possible embodiment, the data processing module is also used to the monitoring number according to the monitoring device The access data are generated to the access log of the monitoring device accordingly and in preset time；

The access log includes the account information that access operation is executed to the monitoring device, the electricity for executing access operation At least one of the facility information of sub- equipment and access time.

According to a fourth aspect of embodiments of the present disclosure, a kind of server is provided comprising:

Memory module is used to store the access log of each monitoring device；

Communication module, is used to receive the first checking request, and first checking request includes the information of preset kind, institute The information for stating preset kind includes the account information that access request is sent to monitoring device and the access for executing the monitoring device The facility information of the electronic equipment of operation, and account of the information of the preset kind for monitoring device described in authentication-access Whether there is access authority；

Authentication module is used for the information according to the preset kind, and whether the account of monitoring device described in authentication-access With the access authority to the monitoring device；

Data processing module is used to have the access right to the monitoring device in the account for accessing the monitoring device In limited time, the first return information for indicating to be proved to be successful is returned.

In a kind of possible embodiment, the data processing module is also used in the access monitoring device When account has the access authority, the access log of the monitoring device is generated and stores by the memory module, it is described Access log includes information and the access time of the preset kind.

In a kind of possible embodiment, the data processing module is also used to receive by the communication module and access Request is checked in log, and checks second identifier corresponding with monitoring device in request based on the access log, when returning to default The access log of interior monitoring device corresponding with second identifier, the second identifier are used to confirm the body of the monitoring device Part.

According to a fifth aspect of the embodiments of the present disclosure, a kind of secure access device is provided, comprising: processor；For storing The memory of processor-executable instruction；Wherein, the processor is configured to executing described in the embodiment of above-mentioned first aspect Method.

According to a sixth aspect of an embodiment of the present disclosure, a kind of server is provided, comprising: processor；For storage processor The memory of executable instruction；Wherein, the processor is configured to executing method described in the embodiment of above-mentioned second aspect.

According to the 7th of the embodiment of the present disclosure the aspect, a kind of non-transitorycomputer readable storage medium, when the storage When instruction in medium is executed by processor, enable a processor to execute side described in the embodiment for realizing above-mentioned first aspect Method, or enable a processor to execute method described in the embodiment for realizing above-mentioned second aspect.

The technical scheme provided by this disclosed embodiment can include the following benefits: the embodiment of the present disclosure can be first The data type for including in received access request is confirmed, includes the Information Number of preset kind only in access request According to when, can the data in access request be carried out with the operation such as Authority Verification, so as to further prevent malicious intrusions people Member directly passes through the account stolen and obtains monitoring data, it can reduces the probability of the malicious intrusions operation to monitoring device.

It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not The disclosure can be limited.

Detailed description of the invention

The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure Example, and together with specification for explaining the principles of this disclosure.

Fig. 1 is the flow chart for implementing a kind of safety access method exemplified according to the disclosure one.

Fig. 2 is the structural schematic diagram for implementing the intelligent home network exemplified according to the disclosure one.

If Fig. 3 is the letter implemented in the access request exemplified comprising the preset kind according to the disclosure one Breath then obtains the flow chart of the verification result of the access authority for the account for accessing the monitoring device.

Fig. 4 is the flow chart for implementing a kind of safety access method exemplified according to the disclosure one.

Fig. 5 is another flow chart for implementing a kind of safety access method exemplified according to the disclosure one.

Fig. 6 is the block diagram for implementing a kind of secure access device exemplified according to the disclosure one.

Fig. 7 is a kind of block diagram of server shown according to an exemplary embodiment.

Fig. 8 is the block diagram for implementing a kind of secure access device exemplified according to the disclosure one.

Fig. 9 is the block diagram for implementing a kind of server exemplified according to the disclosure one.

Specific embodiment

Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.

Fig. 1 is a kind of flow chart of safety access method shown according to an exemplary embodiment, as shown in Figure 1, the party Method is applied in monitoring device, includes the following steps.

S11: access request is received；

S12: judge in the access request whether include preset kind information, the information of the preset kind includes hair It send the account information of the access request and executes the facility information of the electronic equipment of access operation, and the letter of the preset kind Whether account of the breath at least for monitoring device described in authentication-access has access authority；

S13: it if in the access request including the information of the preset kind, takes for the access monitoring The verification result of the access authority of the account of equipment；

S14: show that the account of the access monitoring device has access authority based on verification result, then described in transmission The corresponding access data of access request.

The process of the embodiment of the present disclosure is illustrated respectively below, wherein in step s 11, receive and be directed to the prison Control the access request of equipment.

The safety access method of the embodiment of the present disclosure can be applied in monitoring device, can be used for executing for the monitoring The verification operation of the access request of equipment, and when verification passes through, just execute the return operation of monitoring data.For example, user can To be communicatively coupled by electronic equipment (such as terminal device) with the monitoring device, and by running phase on an electronic device The application program answered, logon account, and access request is sent to monitoring device to obtain monitoring data.It is corresponding, monitoring device The access request can be verified, monitoring data is only just returned when being verified.Wherein monitoring device may include The equipment such as camera, sound pick-up outfit, but the embodiment of the present disclosure is without being limited thereto.In addition, electronic equipment can set for arbitrary terminal Wherein terminal device may include handheld terminal or portable terminal to the standby equipment that can perhaps execute network operation, for example, Computer, mobile phone or tablet computer etc., but the embodiment of the present disclosure is without being limited thereto.For convenience of description, below by taking mobile terminal as an example.

Fig. 2 is the structural schematic diagram for implementing the intelligent home network exemplified according to the disclosure one.As shown in Fig. 2, in intelligence Energy household field, monitoring device 01, server 03 and mobile terminal 04 can pass through network 02 (home network or internet Network) it is connected with each other, monitoring device 01 can be attached with server 03 and mobile terminal 04 respectively by network 02, together Sample mobile terminal 04 and server 03 can also be interconnected by network 02.Mobile terminal 04 can log in use by network 02 Family account, monitoring device 01 is accessed and be managed, such as can be with the monitoring data of checking monitoring equipment or to monitoring Equipment is managed.Wherein monitoring data may include image data, audio data, or is also possible to others and sets with monitoring Standby related access data, such as access time, accessed monitoring device information.Wherein home network can be local area network, Be also possible to internet, when network is internet, stay out in user can with telnet accessing monitoring equipment, access prison Data are controlled, access stencil is not limited to checking monitoring video recording, downloading image data or access data.

When mobile terminal wants access to monitoring device, access request can be sent to monitoring device 01.Or user is such as Fruit is wanted to send access request to monitoring device, can also log in corresponding user's account by application program on mobile terminals Family, and generate and send access request.That is, in the embodiment of the present disclosure, be able to carry out the access operation of monitoring device can be with It also may include the account of user including mobile terminal.Wherein, access request can be transmitted through the network to monitoring device, The instruction of accessing monitoring equipment can be directly generated with accessing monitoring equipment.Monitoring device receives the access for being directed to the monitoring device Request, can verify the information in access request, such as whether can determine in the access request includes preset kind Information.In the embodiment of the present disclosure, the access request sent to monitoring device may include executing the access operation (to send and visit Ask request) account information and execute access operation electronic equipment facility information, and the data content to be requested.Account Family information can be the information such as the title of user account or the mark of account, such as account information can be by English alphabet, number Word and/or character are formed according to the combination of ad hoc rules, or in the other embodiments of the disclosure can also include user its His information, such as face-image etc., the disclosure are not limited this.In addition, execution access behaviour that facility information can be Mark, title or model of the mobile terminal of work etc. are also possible to the information for being presently in position about the facility information, example As the facility information in location information, such as the embodiment of the present disclosure may include in first identifier and location information at least one Kind, wherein the first identifier is used to confirm the identity for the electronic equipment for executing the access operation.In addition, in disclosure reality It applies in example, access request can also include other information, such as describe the temporal information etc. of the secondary access operation.In access request The information for including be not limited to above-mentioned example, also may include other information, herein without repeating.

As described above, monitoring device can basis after receiving the access request that mobile terminal is sent to monitoring device Received access request gets the information carried in access request, and can further verify to the information of carrying, i.e., Execute step S12.

In step s 12, judge in the access request whether include preset kind information, the letter of the preset kind Breath includes the facility information for sending the account information of the access request and executing the electronic equipment of access operation, and this is default Whether the account that the information of type is at least used for monitoring device described in authentication-access has access authority.

Monitoring device can identify information included by access request, such as can determine whether to include preset kind Information, the information of the preset kind at least can be used for verifying the access right of the account of the access operation to the monitoring device Limit.

As described in above-described embodiment, the information of the preset kind may include execute the access operation account information and Execute the facility information of the electronic equipment of the access operation.Wherein execute the facility information of the electronic equipment of the access operation It may include at least one of first identifier and the location information of the electronic equipment.

For example, if the electronic equipment of accessing monitoring equipment is mobile terminal, the visit to monitoring device is executed That asks operation can be the user of operation mobile terminal accessing monitoring device, or be also possible to execute the movement of the access operation Terminal.The account information for executing access operation can be the account information of the user.Execute the electronic equipment of the access operation Facility information can be the first identifier of mobile terminal and at least one of location information.Monitoring device can be in access request In carry above-mentioned account information and facility information just and can determine that the access request includes the information of preset kind, and then hold The verification operation of row access request.

That is, in the embodiments of the present disclosure, if it is desired to access to monitoring device, the access being sent to it is asked Not only to include the account information of the access monitoring device in asking, while also to include that access operation is executed to the monitoring device The facility information of electronic equipment only includes account information and facility information, the corresponding execution access operation of ability simultaneously.Example It such as, include executing the account information of access operation and executing visit only in access request in some embodiments of the present disclosure When asking the location information of the electronic equipment of operation, just it is determined as in access request comprising preset kind information.In its of the disclosure In his embodiment, it is also possible to the combination of other preset kind information, the disclosure is to this without limiting.

In step S12, if including the information of preset kind in authentication-access request, S13 is thened follow the steps, if do not wrapped The information of preset kind is included, then refuses the access request.Wherein, the mode of denied access request may include in following manner Any one or more:

Any operation is not executed for the access request；

The prompt information of backward reference failure；

Backward reference failure prompt information, and backward reference fail the reason of, the reason may include information type not It meets the requirements or inactive users etc..

By the configuration, preset kind information is only carried in access request just can further execute user The verifying of identity or the verifying of equipment identities can effectively prevent malicious intrusions personnel from directly sending to monitoring device and visit The case where asking request appearance.

In step s 13, it if in the access request including the information of the preset kind, obtains for access institute State the verification result of the access authority of the account of monitoring device.

Whether monitoring device receives the access request to monitoring device, judge in the access request comprising preset kind Information, if in the access request include the preset kind information, monitoring device can be to the account of accessing monitoring equipment The permission at family is verified.

Wherein, in embodiment of the disclosure, it can store the first equipment with its access authority in monitoring device Information and the first account information.Therefore in access request include preset kind information when, can voluntarily to access operation The permission of account verified.For example, the information of the preset kind includes the location information of account information and equipment, then may be used It is verified with the permission to account information.If including believing in first account information with the account in preset kind information Matched information is ceased, then to showing that the account has access authority, and is proved to be successful, returns to authentication and successfully verify knot Fruit；If do not include in first account information with the matched information of account information in preset kind information, authentication failed, Then return to the verification result of authentication failed.Alternatively, may include the first mark of account information and equipment in the information of preset kind Know, then can the first identifier based on account information and equipment simultaneously verified, if include in the first account information in advance If including letter corresponding with first identifier in the matched information of account information and the first facility information in the information of type Breath, then to access authority verification success, return the successful verification result of authentication, if do not include in the first account information with It include letter corresponding with first identifier in the matched information of account information or the first facility information in the information of preset kind Breath, then to account authentication failed, return to the verification result of authentication failed.It, can also or in the other embodiments of the disclosure Only to be verified by facility information, the disclosure to this without verifying, as long as in the information of preset kind include meet test Desired information is demonstrate,proved, then access side is proved to be successful.

In the embodiments of the present disclosure, permission can also be carried out to the account and equipment that execute access operation by server to test Card.For example, in access request include preset kind information when, can be generated and to server send the first checking request, So that whether the account and equipment of server authentication accessing monitoring equipment have corresponding access authority.

If Fig. 3 is the letter implemented in the access request exemplified comprising the preset kind according to the disclosure one Breath then obtains the flow chart (step S13) of the verification result of the access authority for the account for accessing the monitoring device.Such as figure Shown in 3, if including the information of the preset kind in the access request, obtain for the account for accessing the monitoring device The verification result of the access authority at family may include:

Step S1301 generates the first checking request according to the second identifier of the access request and the monitoring device, And first checking request is sent to server, the second identifier is used to confirm the identity of the monitoring device；

Step S1302 receives the first return information for first checking request returned from the server；

Step S1303 determines the access right for the account for accessing the monitoring device based on first return information The verification result of limit.

Wherein, in access request include preset kind information in the case where, the first checking request can be generated, wherein It may include the information of preset kind included in access request and the second identifier of monitoring device, so that server Which monitoring device can know the Authority Verification of being executed is.Second identifier can be monitoring device title or other The information of monitoring device can uniquely be corresponded to, such as identification code, the disclosure are not limited this.Server is receiving When the first checking request, monitoring device corresponding with having access second identifier can be found according to the second identifier is corresponding Permission the first account information and the first facility information.And using first account information and in factor and type information Account carries out Authority Verification.If including in first account information and the matched letter of account information in preset kind information Breath returns to successful first return information of authentication then to being proved to be successful to the account for executing access is indicated；If this Do not include in one account information with the matched information of account information in preset kind information, then authentication failed, then return to verifying Second return information of failure.Alternatively, may include the first identifier of account information and equipment in the information of preset kind, then may be used With the first identifier based on account information and equipment simultaneously access authority is verified, if include in the first account information with It include letter corresponding with first identifier in the matched information of account information and the first facility information in the information of preset kind Breath, then be proved to be successful the access, successful first return information of authentication is returned to, if not including in the first account information It and include corresponding with first identifier in the matched information of account information or the first facility information in the information of preset kind Information returns to the second return information of authentication failed then to the access authentication failed.Or the other embodiments in the disclosure In, can also only be verified by facility information, the disclosure to this without verifying, as long as including in the information of preset kind Meet the information that verifying requires, then to access authority verification success.

Then, monitoring device can determine the verifying knot being verified by the first return information returned from server Fruit, and the second return information by returning from server, determine the verification result of authentication failed.

It can determine whether the account for executing access operation or equipment have access authority through the above way.In turn Step S14 can be executed.In step S14, based on the verification result being proved to be successful, the corresponding access of the access request is returned to Data.

As described in above-described embodiment, monitoring device voluntarily can obtain the verification result of Authority Verification, or pass through clothes Business device obtains the verification result of Authority Verification, after obtaining verification result, then can execute access number based on the verification result According to return or denied access.

Wherein, it when monitoring device or server are successful to the Authority Verification of account, then can be returned based on access request The monitoring data for returning monitoring device, so that user can obtain monitoring data in real time.In monitoring device or server pair It when the Authority Verification failure of account, then can be requested with denied access, while Reason For Denial can also be returned to mobile terminal.

In addition, can also include for monitoring device in the access data that monitoring device returns in the embodiments of the present disclosure The information such as access log.That is, can be set based on the verification result being proved to be successful according to the monitoring in the embodiment of the present disclosure The access data are generated to the access log of the monitoring device in standby monitoring data and preset time；The access day Will include to the monitoring device execute access operation account information, execute access operation electronic equipment facility information and At least one of access time.

Monitoring device can generate access log for each access request, wherein can only include that successfully access is asked for access The log asked, or can also simultaneously include the log for accessing successfully and accessing the access request of failure.For example, monitoring device can With record access request access time, including account information, facility information, and access result information.The visit Ask that result may include accessing successfully or accessing failure.

Therefore, monitoring device or server can be incited somebody to action when the account that verifying sends access request has access authority Access log in monitoring device and preset time for the monitoring device returns to user together, should to facilitate user to understand The access situation of monitoring device.

In the other embodiments of the disclosure, when monitoring device can also return to default based on the request of received log access The interior access log to monitoring device.

Based on above-mentioned configuration, the access that the embodiment of the present disclosure can make monitoring device can receive for monitoring device is asked It asks, judges whether include the information of preset kind in the access request, if including the letter of preset kind in the access request Breath then further sends checking request to server, and obtains the verification result for being directed to access request, based on what is be proved to be successful Corresponding access data are requested in verification result, backward reference.So as to only in access request include preset kind letter The verifying that permission is just executed when breath, avoids the case where directly accessing to monitoring device due to malicious intrusions.

In the embodiments of the present disclosure, a kind of safety access method applied in server is additionally provided, Fig. 4 is according to this public affairs A kind of flow chart for safety access method that an implementation exemplifies is opened, this method is applied in server, and may include following Step:

S41: the first checking request is received, first checking request includes the information of preset kind, the preset kind Information include the electronics for sending the account information of access request to monitoring device and executing the access operation of the monitoring device The facility information of equipment, and the information of the preset kind is used to verify to whether the account for accessing the monitoring device has Access authority；

S42: according to the information of the preset kind, whether the account of monitoring device described in authentication-access has to the prison Control the access authority of equipment；

S43: there is the access authority if accessing the account of the monitoring device, return to indicate to be proved to be successful the One return information.

In the embodiment of the present disclosure, when monitoring device includes the information of preset kind in verifying the access request to it, then The first checking request can be sent to server.Therefore server can receive first verifying by monitoring device communication and ask It asks.After receiving first checking request, then can to accessed in first checking request account of the monitoring device into Row Authority Verification, i.e. execution step S42.

In step S42, according to the information of the preset kind, whether the account for accessing the monitoring device is verified With the access authority to the monitoring device.

Server can store the management information of each monitoring device, wherein may include the second identifier of monitoring device with And the access day of the first account information of the access authority with the monitoring device, the first facility information or each monitoring device The information such as will.

As described above, may include the information of preset kind in the first checking request, the information of the preset kind be can wrap Include the facility information of account information and the electronic equipment for executing the access operation that access operation is executed to monitoring device； Wherein, account information can be the information such as user.name, facility information may include electronic equipment first identifier and At least one of location information.In addition, further including the second identifier of monitoring device in the first checking request with corresponding to prison Control equipment, wherein second identifier can be monitoring device title or other can uniquely correspond to monitoring device letter Breath, such as identification code, the disclosure are not limited this.

Server can find and have access according to the second identifier is corresponding when receiving the first checking request The first account information and the first facility information of the permission of the corresponding monitoring device of second identifier.And utilize first account information With the first facility information to the account information and facility information progress Authority Verification in the information of preset kind.If first account Include in the information of family with the matched information of account information in preset kind information, then to the access operation of the execution monitoring device Account verification success, return successful first return information of authentication；If do not include in first account information in advance If the matched information of account information in type information, then authentication failed, then return to the second return information of authentication failed.

Alternatively, may include the first identifier of account information and equipment in the information of preset kind, then account can be based on The first identifier of information and equipment simultaneously verifies access authority, if including and preset kind in the first account information It include information corresponding with first identifier in the matched information of account information and the first facility information in information, then to this The account and device authentication success for accessing the monitoring device, return to successful first return information of authentication, if first Not including in the matched information of account information or the first facility information in the information with preset kind in account information includes Information corresponding with first identifier then fails the account of the access monitoring device and device authentication, returns to authentication failed The second return information.Or in the other embodiments of the disclosure, only access authority can also be carried out by facility information Verifying, the disclosure to this without verifying, as long as in the information of preset kind include meet verifying require information, to the visit Ask Authority Verification success.

It can be in addition, in the embodiment of the present disclosure, in the facility information of the information of the preset kind in the first checking request The temporal information of location information and execution access operation including equipment, server can also believe the location information and time Breath is associated storage with monitoring device, and generates the access log for the monitoring device.

That is, the embodiment of the present disclosure can generate the storage log of monitoring device with the first checking request based on the received, In can recorde and execute access time of access operation, facility information (may include location information), account for each monitoring device The contents such as family information, the disclosure, without limiting, can also include other kinds of information to this.Based on this, server may be used also Request is checked to receive the log from monitoring device or electronic equipment, and corresponding according to the request backward reference log.

Fig. 5 is another flow chart for implementing a kind of safety access method exemplified according to the disclosure one, wherein being based on Fig. 4 The embodiment shown can also include the process of log access, wherein may include:

Step S44 receives access log and checks request；

Step S45 checks the second identifier for the monitoring device for including in request based on the access log, when returning to default The access log of interior monitoring device corresponding with the second identifier.

As described above, user, which can send access log to server by electronic equipment, checks that request, or monitoring are set It is standby to check request to server transmission access log, wherein access log checks that in request may include monitoring device Second identifier, the log of which monitoring device is obtained according to the second identifier determination.The embodiment of the present disclosure, user can lead to It crosses electronic equipment and directly checks request to server transmission log, or asked sending the first verifying to server to monitoring device The access log is sent while asking checks request.

Server can will correspond to the default of the monitoring device of second identifier when receiving access log and checking request Access log in time is sent to the electronic equipment or monitoring device of user.

Wherein, preset time can be preconfigured temporal information, such as 1 week, 1 month, or when being also possible to other Between information, the disclosure is not limited this or preset time also may include in access log request, i.e. user can be with The time range of the predetermined access log to be obtained, server can execute access log according to above-mentioned preset time It obtains.

Based on above-mentioned configuration, the server of the embodiment of the present disclosure can be directed to received first checking request, to account or The permission of person's equipment is verified, and corresponding return verification result, can be further ensured that the secure access of equipment.

It is appreciated that above-mentioned each embodiment of the method that the disclosure refers to, without prejudice to principle logic, To engage one another while the embodiment to be formed after combining, as space is limited, the disclosure is repeated no more.

In addition, the disclosure additionally provides secure access device, electronic equipment, computer readable storage medium, program, it is above-mentioned It can be used to realize any safety access method that the disclosure provides, corresponding technical solution and description and referring to method part It is corresponding to record, it repeats no more.

Fig. 6 is a kind of secure access device block diagram shown according to an exemplary embodiment.Referring to Fig. 6, which can be with Applied to the equipment of access micro services system, which includes communication module 10, judgment module 20 and data processing module 30.

Communication module 10 is configured as receiving needle access request；

Judgment module 20, be configured as judging in the access request whether include preset kind information, it is described pre- If the information of type includes the equipment for sending the account information of the access request and executing the electronic equipment of the access operation Information, and whether the account that the information of the preset kind is at least used for monitoring device described in authentication-access has access right Limit；

Data processing module 30 obtains when being configured as in the access request including the information of the preset kind The verification result of the access authority for the account for accessing the monitoring device is taken, and is shown described in the access in verification result When the account of monitoring device has access authority, the corresponding access data of the access request are sent.

In a kind of possible embodiment, facility information may include: the first identifier and positioning of the electronic equipment At least one of information, the first identifier are used to confirm the identity for the electronic equipment for executing the access operation.

In a kind of possible embodiment, data processing module is additionally configured in the access request comprising described When the information of preset kind, the first checking request is generated based on the second identifier of the access request and the monitoring device, and First checking request is sent to server, and based on be directed to first checking request the returned from the server One return information determines the verification result for being directed to the access request, and the second identifier is used to confirm the body of the monitoring device Part.

In a kind of possible embodiment, data processing module is additionally configured to indicate institute in first return information When stating the account for accessing the monitoring device has the access authority of monitoring device corresponding with the second identifier, determine to institute Access request is stated to be proved to be successful.

In a kind of possible embodiment, data processing module is additionally configured to based on the verification result being proved to be successful, The access data are generated according to the monitoring data of the monitoring device.

In a kind of possible embodiment, data processing module is additionally configured to the monitoring number according to the monitoring device The access data are generated to the access log of the monitoring device accordingly and in preset time；The access log includes to institute Monitoring device is stated to execute in the facility information and access time of the account information of access operation, the electronic equipment for executing access operation At least one.

Fig. 7 is a kind of block diagram of server shown according to an exemplary embodiment.Referring to Fig. 7, which can be applied In the equipment of access micro services system, which includes memory module 100, at communication module 200, authentication module 300 and data Manage module 400.

Memory module 100 is configured as storing the access log of each monitoring device；

Communication module 200 is configured as receiving the first checking request, and the information of the preset kind includes setting to monitoring Preparation send the account information of access request and executes the facility information of the electronic equipment of the access operation of the monitoring device, and First checking request includes the information of preset kind, and the information of the preset kind is for monitoring device described in authentication-access Account whether there is access authority；

Authentication module 300 is configured as the information according to the preset kind, verifies the access monitoring device Account whether there is the access authority to the monitoring device；

Data processing module 400 is configured as having in the account of the access monitoring device to the monitoring When the access authority of equipment, the first return information for indicating to be proved to be successful is returned.

In a kind of possible embodiment, data processing module is additionally configured to described, and the first identifier is used for When the identity that confirmation executes the electronic equipment of the access operation has the access authority, the memory module is generated and passed through The access log of the monitoring device is stored, the access log includes information and the access time of the preset kind.

In a kind of possible embodiment, data processing module is additionally configured to receive by the communication module and access Request is checked in log, and checks second identifier corresponding with monitoring device in request based on the access log, when returning to default The access log of interior monitoring device corresponding with second identifier, the second identifier are used to confirm the body of the monitoring device Part.

About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method Embodiment in be described in detail, no detailed explanation will be given here.

Fig. 8 is a kind of block diagram of device for secure access shown according to an exemplary embodiment.For example, device 800 can be mobile phone, computer, digital broadcasting terminal, messaging device, game console, tablet device, and medical treatment is set It is standby, body-building equipment, personal digital assistant etc..

Referring to Fig. 8, device 800 may include following one or more components: processing component 802, memory 804, power supply Component 806, multimedia component 808, audio component 810, the interface 812 of input/output (I/O), sensor module 814, and Communication component 816.

The integrated operation of the usual control device 800 of processing component 802, such as with display, telephone call, data communication, phase Machine operation and record operate associated operation.Processing component 802 may include that one or more processors 820 refer to execute It enables, to perform all or part of the steps of the methods described above.In addition, processing component 802 may include one or more modules, just Interaction between processing component 802 and other assemblies.For example, processing component 802 may include multi-media module, it is more to facilitate Interaction between media component 808 and processing component 802.

Memory 804 is configured as storing various types of data to support the operation in device 800.These data are shown Example includes the instruction of any application or method for operating on device 800, contact data, and telephone book data disappears Breath, picture, video etc..Memory 804 can be by any kind of volatibility or non-volatile memory device or their group It closes and realizes, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM) is erasable to compile Journey read-only memory (EPROM), programmable read only memory (PROM), read-only memory (ROM), magnetic memory, flash Device, disk or CD.

Power supply module 806 provides electric power for the various assemblies of device 800.Power supply module 806 may include power management system System, one or more power supplys and other with for device 800 generate, manage, and distribute the associated component of electric power.

Multimedia component 808 includes the screen of one output interface of offer between described device 800 and user.One In a little embodiments, screen may include liquid crystal display (LCD) and touch panel (TP).If screen includes touch panel, screen Curtain may be implemented as touch screen, to receive input signal from the user.Touch panel includes one or more touch sensings Device is to sense the gesture on touch, slide, and touch panel.The touch sensor can not only sense touch or sliding action Boundary, but also detect duration and pressure associated with the touch or slide operation.In some embodiments, more matchmakers Body component 808 includes a front camera and/or rear camera.When device 800 is in operation mode, such as screening-mode or When video mode, front camera and/or rear camera can receive external multi-medium data.Each front camera and Rear camera can be a fixed optical lens system or have focusing and optical zoom capabilities.

Audio component 810 is configured as output and/or input audio signal.For example, audio component 810 includes a Mike Wind (MIC), when device 800 is in operation mode, when such as call mode, recording mode, and voice recognition mode, microphone is matched It is set to reception external audio signal.The received audio signal can be further stored in memory 804 or via communication set Part 816 is sent.In some embodiments, audio component 810 further includes a loudspeaker, is used for output audio signal.

I/O interface 812 provides interface between processing component 802 and peripheral interface module, and above-mentioned peripheral interface module can To be keyboard, click wheel, button etc..These buttons may include, but are not limited to: home button, volume button, start button and lock Determine button.

Sensor module 814 includes one or more sensors, and the state for providing various aspects for device 800 is commented Estimate.For example, sensor module 814 can detecte the state that opens/closes of device 800, and the relative positioning of component, for example, it is described Component is the display and keypad of device 800, and sensor module 814 can be with 800 1 components of detection device 800 or device Position change, the existence or non-existence that user contacts with device 800,800 orientation of device or acceleration/deceleration and device 800 Temperature change.Sensor module 814 may include proximity sensor, be configured to detect without any physical contact Presence of nearby objects.Sensor module 814 can also include optical sensor, such as CMOS or ccd image sensor, at As being used in application.In some embodiments, which can also include acceleration transducer, gyro sensors Device, Magnetic Sensor, pressure sensor or temperature sensor.

Communication component 816 is configured to facilitate the communication of wired or wireless way between device 800 and other equipment.Device 800 can access the wireless network based on communication standard, such as WiFi, 2G or 3G or their combination.In an exemplary implementation In example, communication component 816 receives broadcast singal or broadcast related information from external broadcasting management system via broadcast channel. In one exemplary embodiment, the communication component 816 further includes near-field communication (NFC) module, to promote short range communication.Example Such as, NFC module can be based on radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra wide band (UWB) technology, Bluetooth (BT) technology and other technologies are realized.

In the exemplary embodiment, device 800 can be believed by one or more application specific integrated circuit (ASIC), number Number processor (DSP), digital signal processing appts (DSPD), programmable logic device (PLD), field programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic components are realized, for executing the above method.

In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instruction, example are additionally provided It such as include the memory 804 of instruction, above-metioned instruction can be executed by the processor 820 of device 800 to complete the above method.For example, The non-transitorycomputer readable storage medium can be ROM, random access memory (RAM), CD-ROM, tape, floppy disk With optical data storage devices etc..

Fig. 9 is a kind of block diagram for server 1900 shown according to an exemplary embodiment.For example, device 1900 can To be provided as a server.Referring to Fig. 9, it further comprises one or more places that device 1900, which includes processing component 1922, Manage device and memory resource represented by a memory 1932, for store can by the instruction of the execution of processing component 1922, Such as application program.The application program stored in memory 1932 may include it is one or more each correspond to one The module of group instruction.In addition, processing component 1922 is configured as executing instruction, to execute the above method.

Device 1900 can also include that a power supply module 1926 be configured as the power management of executive device 1900, and one Wired or wireless network interface 1950 is configured as device 1900 being connected to network and input and output (I/O) interface 1958.Device 1900 can be operated based on the operating system for being stored in memory 1932, such as WindowsServerTM, MacOSXTM, UnixTM, LinuxTM, FreeBSDTM or similar.

In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instruction, example are additionally provided It such as include the memory 1932 of instruction, above-metioned instruction can be executed by the processing component 1922 of device 1900 to complete the above method. For example, the non-transitorycomputer readable storage medium can be ROM, random access memory (RAM), CD-ROM, tape, Floppy disk and optical data storage devices etc..

Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following Claim is pointed out.

It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.

Claims

1. a kind of safety access method, which is characterized in that the method is applied in monitoring device, and includes:

Receive access request；

Judge in the access request whether include preset kind information, the information of the preset kind includes sending the visit It asks the account information of request and executes the facility information of the electronic equipment of access operation, the information of the preset kind is at least used for Whether the account of monitoring device described in authentication-access has access authority；

If including the information of the preset kind in the access request, obtain for the account for accessing the monitoring device Access authority verification result；

If verification result shows that the account of the access monitoring device has access authority, the access request is sent Corresponding access data.

2. the method according to claim 1, wherein the method also includes:

If not including the information of the preset kind in the access request, refuse the access request.

3. the method according to claim 1, wherein the facility information includes: the first of the electronic equipment At least one of mark and location information, wherein the first identifier is for confirming that the electronics for executing the access operation is set Standby identity.

4. if the method according to claim 1, wherein include the default class in the access request The information of type, the then verification result obtained for the access authority for the account for accessing the monitoring device include:

The first checking request is generated according to the second identifier of the access request and the monitoring device, and sends institute to server The first checking request is stated, the second identifier is used to confirm the identity of the monitoring device；

Receive the first return information for first checking request returned from the server；

The verification result of the access authority for the account for accessing the monitoring device is determined based on first return information.

5. according to the method described in claim 4, it is characterized in that, described determined based on first return information for access The verification result of the access authority of the account of the monitoring device includes:

If first return information indicates that the account for accessing the monitoring device has prison corresponding with the second identifier Control the access authority of equipment, it is determined that be proved to be successful to the access request.

6. method described in any one of -5 according to claim 1, which is characterized in that if showing institute in the verification result State access the monitoring device account there is access authority after, and send the corresponding access number of the access request described According to before, further includes:

7. method described in any one of -5 according to claim 1, which is characterized in that if showing institute in the verification result State access the monitoring device account there is access authority after, and send the corresponding access number of the access request described According to before, further includes:

According to being generated in the monitoring data of the monitoring device and preset time to the access log of the monitoring device Access data；

The access log includes setting to the account information of monitoring device execution access operation, the electronics of execution access operation At least one of standby facility information and access time.

8. the method according to claim 1, wherein the monitoring device includes: that picture pick-up device and/or recording are set It is standby.

9. a kind of safety access method, which is characterized in that the method is applied in server, and includes:

The first checking request is received, first checking request includes the information of preset kind, the packet of the preset kind It includes to monitoring device and sends the account information of access request and setting for the electronic equipment for the access operation for executing the monitoring device Standby information, and whether account of the information of the preset kind for monitoring device described in authentication-access has access authority；

According to the information of the preset kind, whether the account of monitoring device described in authentication-access has to the monitoring device Access authority；

If the account for accessing the monitoring device has the access authority to the monitoring device, returns to expression and be proved to be successful The first return information.

10. according to the method described in claim 9, it is characterized in that, the method also includes:

If the account for accessing the monitoring device does not have the access authority to the monitoring device, returns to expression verifying and lose The second return information lost.

11. according to the method described in claim 9, it is characterized in that, the facility information includes: the first of the electronic equipment At least one of mark and location information；

Wherein, the first identifier is used to confirm the identity for the electronic equipment for executing the access operation.

12. according to the method described in claim 9, it is characterized in that, the method also includes:

If the account for accessing the monitoring device has the access authority to the monitoring device, generates and store the prison The access log of equipment is controlled, the access log includes information and the access time of the preset kind.

13. according to the method described in claim 9, it is characterized in that, the method also includes:

It receives access log and checks request；

The second identifier for the monitoring device for including in request is checked based on the access log, is sent in preset time with described the The access log of the corresponding monitoring device of two marks, the second identifier are used to confirm the identity of the monitoring device.

14. a kind of secure access device, characterized in that it comprises:

Communication module is used to receive access request；

Judgment module, be used to judge in the access request whether include preset kind information, the letter of the preset kind Breath includes the facility information for sending the account information of the access request and executing the electronic equipment of access operation, and described pre- If whether the account that the information of type is at least used for authentication-access monitoring device has access authority；

Data processing module obtains when being used in the access request include the information of the preset kind for access The verification result of the access authority of the account of the monitoring device, and show the access monitoring device in verification result When account has access authority, the corresponding access data of the access request are sent.

15. a kind of server characterized by comprising

Memory module is used to store the access log of each monitoring device；

Communication module is used to receive the first checking request, and first checking request includes the information of preset kind, described pre- If the information of type includes the account information for sending access request to monitoring device and the access operation for executing the monitoring device Electronic equipment facility information, and the information of the preset kind for monitoring device described in authentication-access account whether With access authority；

Authentication module, is used for the information according to the preset kind, and whether the account of monitoring device described in authentication-access has To the access authority of the monitoring device；

Data processing module is used to have the access authority to the monitoring device in the account for accessing the monitoring device When, return to the first return information for indicating to be proved to be successful.

16. a kind of secure access device characterized by comprising

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is configured to executing the method as described in any one of claim 1-8.

17. a kind of server characterized by comprising

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is configured to executing the method as described in claim 9-13.

18. a kind of non-transitorycomputer readable storage medium makes when the instruction in the storage medium is executed by processor It obtains processor and is able to carry out method described in any one of -8 according to claim 1, or enable a processor to execute root According to method described in any one of claim 9-13.