CN115240300A - Control method, system and device of intelligent security system and storage medium - Google Patents

Control method, system and device of intelligent security system and storage medium Download PDF

Info

Publication number
CN115240300A
CN115240300A CN202210800095.XA CN202210800095A CN115240300A CN 115240300 A CN115240300 A CN 115240300A CN 202210800095 A CN202210800095 A CN 202210800095A CN 115240300 A CN115240300 A CN 115240300A
Authority
CN
China
Prior art keywords
security mode
user
security
management system
intelligent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210800095.XA
Other languages
Chinese (zh)
Inventor
李涛
罗逸飞
周松
陈彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yunding Network Technology Beijing Co Ltd
Original Assignee
Yunding Network Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yunding Network Technology Beijing Co Ltd filed Critical Yunding Network Technology Beijing Co Ltd
Priority to CN202210800095.XA priority Critical patent/CN115240300A/en
Publication of CN115240300A publication Critical patent/CN115240300A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C1/00Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
    • G07C1/10Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Abstract

The embodiment of the specification provides a control method, a system, a device and a storage medium for an intelligent security system, wherein the method comprises the following steps: performing identity verification on a target user based on a current security mode; when the number of verification failures exceeds a first error threshold, triggering different operations based on the current security mode; the current safety mode at least comprises a first safety mode and a second safety mode, and the safety level of the first safety mode is higher than that of the second safety mode.

Description

Control method, system and device of intelligent security system and storage medium
Description of the cases
The application is a divisional application of an invention patent application with the application number of 2022102448290, the application date of 2022, 03 and 14 and the name of 'a user right management method and system'.
Technical Field
The present disclosure relates to the field of computers, and in particular, to a method, a system, an apparatus, and a storage medium for controlling an intelligent security system.
Background
In many software or hardware application processes, different permissions are set for different users, for example, in the application of intelligent hardware, the permissions possessed by each user need to be set and managed so that the user can perform management or control functions in the permissions in the subsequent use of the hardware.
Therefore, a control method and a system for an intelligent security system capable of flexibly adjusting the authority according to the change of a user are needed.
Disclosure of Invention
One embodiment of the present specification provides a user right management method. The method comprises the following steps:
acquiring identity identification data of a user; confirming that the identity recognition data meets a first preset condition; defining the user as a first persona, the first persona having a first privilege; wherein the first right comprises at least one of: the setting authority of the security mode, the setting authority of the reset password and the system resetting authority; wherein the secure modes include at least a first secure mode and a second secure mode; the reset password at least comprises a first reset password and a second reset password, wherein the first reset password corresponds to the first security mode, and the second reset password corresponds to the second security mode.
One of embodiments of the present specification provides a user right management system, including: the system comprises a logging module, a determining module and a management module, wherein the modules are configured to execute the following processes: the input module is used for acquiring the identification data of the user; the determining module is used for confirming that the identity recognition data meets a first preset condition; the management module is used for defining the user as a first role, and the first role has a first authority; wherein the first right comprises at least one of: the setting authority of the security mode, the setting authority of the reset password and the system resetting authority; wherein the secure modes include at least a first secure mode and a second secure mode; the reset password at least comprises a first reset password and a second reset password, wherein the first reset password corresponds to the first security mode, and the second reset password corresponds to the second security mode.
One of the embodiments of the present specification provides a user right management device, which includes a processor and a memory; the memory is configured to store instructions that, when executed by the processor, cause the apparatus to implement operations corresponding to the user rights management method.
One of the embodiments of the present specification provides a computer-readable storage medium, where the storage medium stores computer instructions, and when a computer reads the computer instructions in the storage medium, the computer executes the user right management method.
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is a schematic diagram of an application scenario of a user rights management system according to some embodiments of the present description;
FIG. 2 is an exemplary flow diagram of a method of user rights management according to some embodiments of the present description;
FIG. 3 is an exemplary diagram illustrating a first privilege, according to some embodiments of the present description;
FIG. 4 is an exemplary flow diagram of a system resetting permissions, shown in accordance with some embodiments of the present description;
fig. 5 is an exemplary flow diagram illustrating resetting of modification permissions of a password in accordance with some embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or stated otherwise, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system," "device," "unit," and/or "module" as used herein is a method for distinguishing between different components, elements, parts, portions, or assemblies of different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" are intended to cover only the explicitly identified steps or elements as not constituting an exclusive list and that the method or apparatus may comprise further steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
As shown in the present specification and claims, the user right management method may refer to a right management method for an intelligent terminal or an intelligent system. For example, the method can be applied to user authority management of intelligent terminals such as computers and mobile phones or to authority management of intelligent security systems such as intelligent locks.
The embodiment of the application relates to a user authority management method, a user authority management system and a storage medium. The user authority management method, the user authority management system and the storage medium can be applied to intelligent terminals such as mobile phones, tablet computers and notebook computers or intelligent scheme systems such as intelligent locks, and the application fields can be intelligent device management, application program management of software systems, hotel room management, rental room management, access control, password security door setting, apartment door lock management, shared automobile door lock management, safe door lock management, attendance machine door lock management, dormitory door lock management and the like.
In some embodiments, the method, system and storage medium for rights management can be applied to smart device terminals, for example, rights management of anti-theft smart locks; in some embodiments, the rights management method, system, and storage medium may be applied to rights management of a monitoring device terminal, for example, a camera terminal or the like. Some embodiments of the present specification take the application of the method and system to the smart lock terminal as an example, and the examples of the smart lock terminal in the present specification cannot be taken as a limitation to the method and system to be protected in the present specification without departing from the technical principles of the method and system. In some embodiments, the method, system and storage medium for rights management may be applied to a user terminal, such as a mobile phone. In some embodiments, the rights management method, system, and storage medium may be applied to other fields, such as smart community, confidential laboratory management, and the like. The rights management method, system, and storage medium may provide services such as identification, security management, and the like.
FIG. 1 is a schematic diagram of an application scenario of a user rights management system according to some embodiments of the present description.
The user right management system 100 may acquire and recognize identity data of a user, determine a first administrator account based on the recognition result, and manage the user right management system based on the right of the first administrator account. See fig. 3 for a description of the permissions that the first administrator account has.
In some embodiments, the user rights management system 100 may include a server 110, a processing device 120, a storage device 130, a first persona terminal 140, a network 150, and a second persona terminal 160.
In some embodiments, the server 110 may be used to process information and/or data related to the user rights management system 100, for example, may be used to manage the user rights management system based on the rights the first administrator account has.
In some embodiments, the server 110 may be a single server or a group of servers. The set of servers can be centralized or distributed (e.g., the server 110 can be a distributed system). In some embodiments, the server 110 may be local or remote. For example, server 110 may access information and/or data stored in storage device 130, first persona terminal 140, and second persona terminal 160 via network 150. As another example, server 110 may be directly connected to storage device 130, first persona terminal 140, and/or second persona terminal 160 to access stored information and/or data.
In some embodiments, the server 110 may include a processing device 120. Processing device 120 may process information and/or data related to user rights management system 100 to perform one or more of the functions described herein. For example, the processing device 120 may identify the identity data of the user and determine the first administrator account based on the identification result. In some embodiments, processing device 120 may include one or more processing engines (e.g., a single chip processing engine or a multi-chip processing engine). For example only, the processing device 120 may include a Central Processing Unit (CPU).
Storage device 130 may be used to store data and/or instructions related to user rights management. In some embodiments, storage device 130 may store data obtained/obtained from first persona terminal 140 and/or second persona terminal 160. In some embodiments, storage device 130 may store data and/or instructions that server 110 uses to perform or use to perform the exemplary methods described in this application. In some embodiments, the storage device 130 may be implemented on a cloud platform.
In some embodiments, storage 130 may be connected to network 150 to communicate with one or more components of user rights management system 100 (e.g., server 110, first persona terminal 140, second persona terminal 160). One or more components of the user rights management system 100 may access data or instructions stored in the storage device 130 via the network 150. In some embodiments, storage 130 may be directly connected to or in communication with one or more components of user rights management system 100 (e.g., server 110, first persona terminal 140, second persona terminal 160). In some embodiments, the storage device 130 may be part of the server 110. In some embodiments, the storage device 130 may be a separate memory.
The first character terminal 140 may be a device or other entity directly related to user rights management. The first persona terminal 140 may be a requester of user identification information. In some embodiments of the present description, "role," "user terminal" may be used interchangeably. In some embodiments, the first character terminal 140 may include a smart mobile terminal, such as a mobile terminal 140-4, a computer 140-5, or the like; the first role terminal 140 may further include an intelligent terminal applied to an intelligent security system, such as a monitoring device, an intelligent lock, and the like. The smart locks may include, for example, combination locks 140-1, keyed locks 140-2, smart locks 140-3, and the like, or any combination thereof.
In some embodiments, the combination door lock 140-1 may include one or more combinations of a multi-dial number/text/graphic door lock, a roulette number/text/graphic door lock, and the like. The keyed door lock 140-2 may include one or more combinations of mechanical door locks, swipe door locks, and the like. In some embodiments, the smart door lock 140-3 may include a combination of one or more of a fingerprint recognition door lock, an iris recognition door lock, a vein recognition door lock, a voice recognition door lock, and the like. In some embodiments, mobile terminal 140-4 may include a smart phone, smart paging device, etc., or other smart communication device. In some embodiments, the computer 140-5 may comprise a tablet, laptop, notebook, or the like. In some embodiments, the first character terminal 140 may include other smart terminals, such as wearable smart terminals and the like. The first character terminal 140 may be an intelligent terminal, or an entity including an intelligent terminal, such as a security door including an intelligent lock, a safe including an intelligent lock, a car including an intelligent lock, etc.
In some embodiments, the first character terminal 140 can be used to collect identification data 170. Identification data 170 may be data that reflects a user as identification information, including but not limited to the following: the password 170-1, the biometric identification, the NFC170-6 and the mechanical electronic key, wherein the biometric identification comprises but is not limited to fingerprint identification 170-4, vein identification 170-3, face identification 170-5, iris identification 170-2, voice identification, palm print identification, voice print identification, fingerprint identification and the like.
The network 150 may facilitate the exchange of information and/or data. In some embodiments, one or more components of the user rights management system 100 (e.g., the server 110, the first persona terminal 140, the second persona terminal 160) may send information and/or data to other components of the user rights management system 100 via the network 150. For example, server 110 may obtain user identification data from first persona terminal 140 via network 150. In some embodiments, the network 150 may be a wired network or a wireless network, or the like, or any combination thereof. For example only, the network 150 may include a cable network. In some embodiments, the user rights management system 100 may include one or more network access points. For example, base stations and/or wireless access points 150-1, 150-2, \8230oneor more components of the user rights management system 100 can be connected to the network 150 to exchange data and/or information.
The second role terminal 160 is a mobile terminal used by a user, and may be a user terminal used by a user of an intelligent terminal, or a terminal used by a user monitoring usage of an intelligent terminal, for example, a terminal used by a property monitoring person, a terminal used by an intelligent terminal maintenance person, and the like. In some embodiments, the second persona terminal 160 may include a mobile device 160-1, a tablet 160-2, a notebook 160-3, a laptop 160-4, and the like, or any combination thereof. In some embodiments, the second character terminal 160 may receive information, such as identification data, alarm data, etc., uploaded by the first character terminal 140 via the network 150.
It should be noted that the user rights management system 100 is provided for illustrative purposes only and is not intended to limit the scope of the present application. It will be apparent to those skilled in the art that various modifications and variations can be made in light of the description herein. For example, the user rights management system 100 may also include an information source. As another example, the user rights management system 100 may implement similar or different functionality on other devices. However, such changes and modifications do not depart from the scope of the present application.
FIG. 2 is an exemplary flow diagram of a method for user rights management, shown in accordance with some embodiments of the present description. As shown in fig. 2, the process 200 includes the following steps. It should be noted that, the following step numbers are only for convenience of description, are not intended to limit the implementation order, and are not required to trigger each flow every time the user right management system is used, and in practice, the corresponding flow may be triggered according to a specific use situation. For example, after the processes such as establishment of the user account are completed, and subsequent use, the system management process can be directly entered. In some embodiments, flow 200 may be performed by processing device 120, e.g., by a corresponding processing module within processing device 120.
Step 210, the system triggers the process: and triggering the user authority management system when the identity information input by the user is acquired for the first time.
The user in some embodiments of the present description may be a user of a user rights management system. In some embodiments, the subscriber may include, for example, a smart terminal administrator, a smart terminal user, a premise renter, a premise owner, a cell owner, cell security, and the like. Each user identity may correspond to a different user type and administrator account.
The identity information may be various information reflecting the user's characteristic identification, such as a user's facial image, a user's vein image, a user's iris image, a user's voice, a user's fingerprint, a user's signature, a password input by the user, and so on. In some embodiments, the identity information may also be a characteristic value into which the above information is translated, such as a matrix, a string, and the like. In some embodiments, the identity information may be directly input by the user or sent over a network to the user rights management system based on the user's terminal.
The user authority management system is a system for managing user authority and realizing intelligent equipment authority management control. In some embodiments, the user right management system can be applied to smart devices, such as smart phones, computers, and the like. In some embodiments, the user right management system can be applied to an intelligent security system, such as an intelligent lock, an alarm and other intelligent terminals. In some embodiments, the smart security system may include a smart lock rights management system. In some embodiments, the information acquisition and information identification functions of the user rights management system may be implemented primarily at the first persona terminal 140.
When the user authority management system is used for the first time or is reset to factory settings, a system triggering process is needed before the user authority management system is used. The system triggering process refers to a process of creating a corresponding user account in the user authority management system, and includes acquiring identity information of a user, confirming authority of the user and the like. The system triggering process of the user right management system can be triggered when the identity information input by the user is acquired for the first time. After the system triggering process is triggered, the system enters a corresponding user account creating and managing program, for example, the user identification data is acquired, a corresponding user account is created, and the authority of each user account is determined.
In some embodiments, the system trigger process of the user rights management system may be based on a sensor, for example, a sensor triggers when it detects a living body nearby; or the sensor detects that the distance between the human body and the intelligent terminal is within a threshold range; or the sensor detects that the human body is triggered when the human body reaches a period of time near the intelligent terminal. For the specific description of the creation and management program of the user account, reference is made to the contents of an information entry process, an authority confirmation process, and the like.
Step 220, information entry process: the role information of the user is obtained, and the role information at least comprises the identification data of the user.
After the system is triggered, the user may enter identity information based on the first persona terminal 140 or the second persona terminal 160, and then determine identification data based on the entered identity information.
The role information may be information for distinguishing different user individuals and reflecting the user identity. For example, the character information may include information of a user's name, age, sex, facial image, fingerprint, and the like. In some embodiments, the role information includes identification data of the user.
The identification data may be data for reflecting identity information of the user, including but not limited to: passwords, biometrics, NFC, mechatronic keys, etc., see fig. 1 for further description of identification data.
In some embodiments, the identification data may be determined based on identification information. For example, fingerprint identification data is extracted from the user fingerprint information, face identification data is extracted from the user face image, vein identification data is extracted from the user wrist image, palm print identification data is extracted from the user hand image, and so on. In some embodiments, the information entry process may enter at least one piece of identification data, and determine, according to the at least one piece of identification data, a user individual corresponding to the identification data.
Step 230, the permission validation process: and judging whether the identity identification data meets a first preset condition or not. In some embodiments, step 230 is performed by a processing module.
The first preset condition may be a condition for determining the first role, and if the account corresponding to the first role is taken as the first administrator account, the first preset condition is a condition for determining the first administrator account. In some embodiments, the first preset condition may include a requirement for the type or amount of identification data entered by the first administrator account, for example, the first administrator account needs to enter at least three types of identification data.
In some embodiments, the first preset condition may further include a requirement that the first administrator account enters identification data time, for example, the first administrator account is a first user account entering at least three types of identification data.
The first administrator account is an account for which the entered identification data meets a first preset condition and is used for controlling the whole user authority management system. In some embodiments, the first management account may include at least three types of identification data to further verify the first administrator information, e.g., the setting of the first management account requires the user to enter a password, fingerprint, facial information, or other information to verify the first administrator identity. In some embodiments, the first administrator account may have the highest authority, i.e., may manage other administrator accounts, e.g., the first administrator account may be a super administrator, a highest administrator, etc. In some embodiments, the first administrator account has uniqueness, and when one or a group of identification data is determined to be the first administrator account, other identification data cannot be determined to be the first administrator account.
In some embodiments, when the entered identification data is entered for the first time and the entered identification data meets a first preset condition, an account corresponding to the user entering the identification data is determined as a first administrator account. In some embodiments, the first administrator account may also be determined based on other conditions, such as factory presets, and the like.
Step 240, the system management process: in response thereto, the user is defined as a first persona, the first persona having a first privilege.
The first authority is all control functions that the first administrator account can implement on the user authority management system. In some embodiments, the first right may include: the method comprises the following steps of setting authority of a safety mode, setting authority of a reset password, system reset authority, account management authority, modification authority of the reset password, modification authority of an error threshold value, account logout and other authorities.
For more description of the first right, refer to fig. 3, which is not described herein.
The first persona may be a user of the first administrator account. In some embodiments, the first persona may be a smart device administrator, a shared automobile platform administrator, a dormitory administrator, a safe administrator, a work attendance machine administrator, an express cabinet administrator, a home owner, community security, an access control administrator, and the like. In some embodiments herein, the first role may also be referred to as a first user.
In some embodiments, the first role enables control of the user rights management system, e.g., security mode setting, password reset, system reset, etc., based on the rights possessed by the above first administrator account.
Through the user authority management system described in some embodiments of the present specification, user authority management for a certain intelligent terminal, such as a mobile phone and a computer, or user authority management for an intelligent security system, for example, intelligent lock authority management for a single house source, an automobile, a safe, an attendance machine, an express cabinet, and the like, can be realized; in addition, different safety modes are set according to the current environment safety condition and the user authority management system use condition, the verification safety degree is improved under the unsafe environment, and the verification is simplified under the safe environment so as to improve the convenience degree.
FIG. 3 is an exemplary illustration of a first privilege shown in accordance with some embodiments of the present description.
In some embodiments, the first right 300 may include: a set authority 310 of a secure mode, a set authority 320 of a reset password, a system reset authority 330, an account management authority 340, a modification authority 350 of a reset password, a modification authority 360 of an error threshold, an account logout authority 370, and the like.
In order to provide a secure management environment for the user right management system, the first management account may set different security modes on the user right management system based on usage. The security mode may be classified according to a security level of each mode, for example, a plurality of security modes may be included, and the security levels of the security modes are different, for example, a first security mode corresponding to a strong security mode and a second security mode corresponding to a weak security mode are included, where the security level of the first security mode is higher than that of the second security mode. In some embodiments, setting the privilege of the security mode 310 may include setting a security mode that the user privilege management system needs to adopt, such as setting the user privilege management system to adopt a second security mode, and so on.
The first security mode may be a security mode with higher authentication strength and more complicated authentication process, such as a strong security mode, a highest security mode, and the like. In some embodiments, the user right management system in the first security mode may be more sophisticated, such as performing several kinds of verification on the user's identification data, monitoring and alarming for illegal activities, and the like. In some embodiments, if the first role needs to set the security mode of the user rights management system to the first security mode, two or more types of identification data need to be selected for verification, and the security mode of the user rights management system can be set to the first security mode after verification.
In some embodiments, the user rights management system authenticates the user differently in the first secure mode than in the second secure mode. Specifically, when the user authority management system is in the first security mode, at least two kinds of identification data are verified for the user using the user authority management system. For example, when the user authority management system is in the first security mode, face recognition, password authentication and other authentication are performed on the user.
The second security mode may be a security mode with low authentication strength and relatively simple authentication process, such as a weak security mode, a normal security mode, and the like. In some embodiments, the user right management system in the second security mode is adjusted to the first security mode when illegal activities are encountered. In some embodiments, if the first role needs to set the security mode of the user right management system to the second security mode, only one kind of identification data may be selected for verification, and after verification, the security mode of the user right management system may be set to the second security mode.
In some embodiments, the user using the user rights management system is authenticated to at most one identification datum when the user rights management system is in the second secure mode. For example, when the user authority management system is in the second security mode, the user is only authenticated by face recognition.
The reset password is an authentication password which needs to be input when the user authority management system is reset, and if the reset password is successfully authenticated, the user can reset the user authority management system, for example, the user authority management system is restored to factory settings or relevant data information of other users except the first role is deleted. The set authority 320 of the reset password refers to the authority to set the reset password, and in some embodiments, the set authority 320 of the reset password may include the set authority of the first reset password and the set authority of the second reset password.
The first reset password may be a reset password corresponding to the first security mode. For example, when the security mode is the first security mode, the first reset password may be the reset password in the first security mode. In some embodiments, the first role may be set by the first reset password to the user rights management system when the user rights management system is in the first secure mode. The first reset password may be set by the first persona and also may be set by the system or may be set in part by the user.
In some embodiments, the first reset password comprises a first predetermined number of digits password, a second predetermined number of digits password, and a third predetermined number of digits password. Wherein, first preset number of bits password is relevant with first time stamp, and the second preset number of bits password is set up by first persona, and the third preset number of bits password is relevant with the second time stamp, and first time stamp is relevant with the time of obtaining two kinds of at least identification data of first persona, the second time stamp with first persona sets up the time of first reset password is relevant. For example, the first reset password may be twelve bits in length, the first three bits being determined by the time of acquisition of the identification data of the first persona, the last three bits being determined by the time of setting the first reset password by the first persona, and the other bits being determined by the first persona setting.
The second reset password may be a reset password associated with the second security mode. For example, when the second security mode is the second security mode, the second reset password may be the reset password in the second security mode. In some embodiments, when the user right management system is in the second security mode, the first role can be set by the second reset password, and the second reset password can be set by the first role, the system or a combination thereof.
In some embodiments, the second reset password comprises a first password, a second password, and a third password, wherein the first password and the third password are associated with a first timestamp, the second password is set by the first character, and the first timestamp is associated with a time when the at least two identification data of the first character is obtained. For example, the second reset password may be twelve bits in length, with the first three and last three bits determined by the time of acquisition of the identification data of the first persona, and the other bits determined by the first persona setting.
The system reset authority refers to an authority to reset the setting of the system. In some embodiments, the system reset authority may be triggered by a reset password, and in a case where the user authority management system is in a different security mode, the system reset may be performed by entering the reset password in the corresponding security mode. In a corresponding security mode, when the user right management system detects the reset password set by the first role, the user right management system executes a reset process, for example, all information stored in the user right management system except the information related to the first role is erased. If the first role needs to be replaced, the first role can be selected to be cancelled on an APP matched with the user terminal or a first role interface of the user authority management system, and factory settings are restored. In some embodiments, the entry of the reset password for starting the system reset authority can be only performed in the corresponding interface of the user authority management system, and cannot be entered in the user terminal.
In some embodiments, system reset permissions 330 may include first reset permissions 331 and second reset permissions 332.
The first reset authority may be a reset authority corresponding to the first security mode. In some embodiments, when the first administrator account is in the first security mode in the smart device or the smart security system, the first reset authority is enabled by entering the first reset password, and the target information in the user authority management system is deleted by the first reset authority.
In some embodiments, the user permission management system includes a camera, responsive to a first administrator account entering a first reset password, the camera takes a video regarding the first administrator, and after the first reset permission is enabled, the camera takes a video regarding the enabled operation and sends the video to the first administrator account. For example, if the first reset authority of the intelligent device such as a computer is required to be enabled, a camera of the computer shoots a video about a requester, shoots an operation video of the requester in the first reset authority enabling process, and sends the operation video to the first administrator account after the shooting is completed. For another example, in a vehicle-mounted intelligent lock or a safe intelligent lock, when the first reset authority is required to be enabled, a camera of the intelligent lock shoots a video about a requester, shoots an operation video of the requester in the first reset authority enabling process, and sends the operation video to the first administrator account after shooting is completed.
The target information may be other user information stored in the user right management system except for the information corresponding to the first role, and the other user information may be different according to specific information content of a specific application scenario of the user right management system, for example, in a scenario applied to an intelligent terminal device such as a computer, the other user information may include IDs of other users, storage locations of newly-created information, a boot password or a boot fingerprint, and the like. For another example, when the method is applied to the management of an intelligent security system such as an intelligent lock, the information of other users may include, for example, IDs, room positions, check-in time, unlocking modes, unlocking data, and the like of other users.
The second reset permission may be a reset permission corresponding to the second security mode. In some embodiments, the first administrator account enables the second reset authority by entering the second reset password when the user authority management system is in the second security mode, and deletes the target information in the user authority management system by the second reset authority.
See fig. 4 for further explanation of system reset authority.
The first administrator account also has account management permissions 340, which include: creating a second role account and setting a security mode corresponding to the second role account; and setting the authority for the second role account based on the security mode corresponding to the second role account, wherein in some embodiments, the authority of the second role in the higher security mode is larger.
The second role account may be a user account other than the first administrator account, such as a common administrator account. In some embodiments, the second role account number may be an account number used by the second role. In some embodiments, the second role can be a managed person in the subscriber rights management system, e.g., an intelligent end user, a renter of an intelligent device, a house renter, a cell owner, a hotel check-in person, etc. In some embodiments herein, the second role may also be referred to as a second user.
In some embodiments, the account of the intelligent terminal administrator, owner of the intelligent device, owner of the house, cell security, etc. may create and set a corresponding security mode for the account of the intelligent terminal user, renter of the intelligent device, renter of the house, owner of the cell, etc. Users in different security modes have different account setting permissions.
In some embodiments, when creating the second role account corresponding to the first security mode, at least two kinds of identification data of the user corresponding to the second role account need to be acquired, and are used for authentication when the second role in the first security mode logs in.
The second role account has different permissions corresponding to different security modes, and in some embodiments, the permission of the second role account corresponding to the first security mode is greater than the permission of the second role account corresponding to the second security mode.
In some embodiments, the second role account corresponding to the first security mode (e.g., strong security mode) has at least one of the following permissions: adding an unlocking mode and corresponding unlocking data, creating a second role account corresponding to a second security mode (such as a weak security mode), and modifying the authority of the second role account corresponding to the created second security mode.
In some embodiments, the second role corresponding to the first security mode may give up its own management authority according to actual conditions, and becomes the second role corresponding to the second security mode.
The unlocking mode can be a mode that the second role account opens the intelligent terminal such as an intelligent lock or opens system software in the security mode, for example, password unlocking, fingerprint unlocking, NFC unlocking, iris unlocking and the like.
The unlocking data may be unlocking key data corresponding to the unlocking method, for example, a password input in the password unlocking method, a fingerprint input in the fingerprint unlocking method, NFC identification information in the NFC unlocking method, an iris image in the iris unlocking method, or the like.
In some embodiments, the first administrator account does not have the following permissions: and adding unlocking modes and corresponding unlocking data, and checking historical information of the intelligent equipment. The corresponding limitation on the authority of the first role can ensure the privacy and property safety of actual users of equipment, houses and other objects to which the user authority management system is applied.
In some embodiments, the number of account numbers of the second role account numbers corresponding to the second security mode which can be created by the second role account numbers corresponding to the first security mode does not exceed a preset value. The preset value may be obtained by system preset or user input.
In some embodiments, the second role account corresponding to the second security mode has at least the following permissions: and adding an unlocking mode and corresponding unlocking data. In some embodiments, the second role account corresponding to the second security mode is limited by the threshold of the number of verification errors in use of the intelligent terminal, if the number of errors in verifying the identification data exceeds the threshold of the number of verification errors when the second role corresponding to the second security mode is used in the intelligent terminal, the second role account is locked, after the second role account is locked, the user permission management system automatically sends notification information to the mobile terminal of the first role, and only after the account is unlocked by the first role, the account can be recovered for normal use.
In some embodiments, in order to ensure the use security of the user right management system, it may be defined that neither the second role account corresponding to the first security mode nor the second role account corresponding to the second security mode has the setting right to reset the password.
The permissions of the first administrator account also include modification permissions 350 to reset the password. The first persona may effect modification of the reset password by resetting the modification rights 350 for the password. For more description of resetting the modification rights 350 for the password, see FIG. 5 and its associated description.
The permissions of the first administrator account also include modification permissions for error threshold 360. The error threshold modification permission 360 refers to modifying the maximum number of acceptable continuous errors in certain preset scenes, for example, modifying the unlocking verification error threshold in the first security mode from 5 times to 3 times, and the like. In some embodiments, the error threshold may be a maximum number of times the smart security system allows errors, for example, a threshold of operation errors, a threshold of verification failure, and the like. Wherein the error threshold may comprise a first error threshold. The first error threshold may be a maximum number of authentication failures that the user rights management system allows the user to perform authentication of the identification data.
For more details regarding the first error threshold, refer to step 430 of FIG. 4 and its associated description.
The first administrator account authority further includes an account logout authority 370, which is used to restore the user authority management system to factory settings. In some embodiments, when the user right management system is just shipped or needs to be replaced, all existing user information in the user right management system may be deleted by using the account logout right 370. For example, the first role may select to log out the first administrator account at a super administrator operation interface of the APP, and the user right management system may remove all information related to the first administrator account, that is, restore factory settings. And when the user authority management system is started again, the user authority management system enters a system triggering process again to establish the first administrator account. The account logout authority 370 can realize deletion of redundant information, save data storage space, and for users who abandon the use of intelligent terminals and move out of rooms, can eliminate personal data to maintain information confidentiality.
It should be noted that the above description of the permissions 300 for the first administrator account is for illustration and explanation only, and does not limit the scope of applicability of the present description. It will be apparent to those skilled in the art that various modifications and changes can be made to the permissions 300 of the first administrator account under the guidance of the present description. However, such modifications and variations are still within the scope of the present specification. For example, the permissions 300 of the first administrator account may also include other permissions.
FIG. 4 is an exemplary flow diagram illustrating a system resetting permissions according to some embodiments of the present description. As shown in fig. 4, the process 400 includes the following steps. In some embodiments, flow 400 may be performed by processing device 120, e.g., by a corresponding processing module within processing device 120.
Step 410, determining whether to authenticate the target user based on the current security mode.
In some embodiments, prior to the system resetting the enablement of the rights, it is desirable to determine whether to authenticate with the target user based on the current security mode of the user rights management system for the first persona setting. The target user may be a user currently using the user rights management system. For example, when the current security mode is the first security mode of the strong security mode, the user right management system is in a higher standby condition, and at this time, the identity information of each target user needs to be verified; when the current security mode is the second security mode of the weak security mode, the user right management system is in a general guard condition, and at this time, the identity information of the target user can be randomly and selectively verified or not verified. In some embodiments, the setting of the current security mode may be performed by the first persona through a smart lock terminal, a user terminal such as a mobile Application (APP), and the like.
And step 420, performing identity verification on the target user based on the current security mode.
And responding to the requirement of carrying out identity authentication on the target user, and carrying out identity authentication on the target user by the user authority management system based on the current security mode. In some embodiments, the user right management system can verify the identity of the target user by verifying the identification data, such as verifying password, iris, face, fingerprint, NFC, vein, palm print, voice print, etc.
Step 430, determine whether the target user passes the authentication.
During verification, the user authority management system judges whether the identification data of the target user is consistent with the identification data of the first administrator account or the second role account, and if so, the user passes the identity verification; otherwise, the authentication is not passed. In response to the target user failing authentication, performing step 431; step 440 is performed in response to the target user being authenticated.
At step 431, it is determined whether the number of failed verifications exceeds a first error threshold.
Returning to step 420 in response to the number of verification failures not exceeding the first error threshold; in response to the number of verification failures exceeding the first error threshold, step 432 is performed. In some embodiments, a response interface of the user rights management system, such as a smart lock interface, may display the number of authentication failures and the number of times corresponding to the first error threshold.
The first error threshold may be a maximum number of authentication errors allowed by the user rights management system. The setting of the first error threshold value can allow the user to have a certain degree of misoperation, and when the verification error times are excessive, the user is judged to be illegal operation. In some embodiments, the values of the corresponding first error thresholds in different security modes are different, for example, in the first security mode, the first error threshold is five times; in the second safety mode, the first error threshold is three times. In some embodiments, a value of the first error threshold in the first safety mode is not less than a value of the first error threshold in the second safety mode.
At step 432, different operations are triggered based on the current security mode.
In response to the current security mode being the first security mode, performing step 433; in response to the current security mode being the second security mode, step 435 is performed. In some embodiments, the corresponding interface of the smart terminal may display that the current security mode is the first security mode or the second security mode.
In some embodiments, the user rights management system may autonomously determine the security mode based on environmental conditions. For example, the user right management system may obtain public security information of the location of the intelligent terminal through the network, and if there is recent information reflecting poor public security such as theft, robbery, etc., the user right management system autonomously determines to adopt the first security mode to improve the abstinence condition, and at this time, even the first role cannot change the security mode adopted by the user right management system.
In some embodiments, the user right management system may determine the security mode based on terminal conditions, such as conditions within the door lock, for example, when there is no data information to be kept secret in the smart device, the second security mode is used to reduce the arming condition and improve convenience; when the intelligent equipment has data information needing to be kept secret, the first safety mode is used for improving the arming condition, and if the user, the safe case and the express cabinet in the house and the automobile have no articles, the second safety mode is used for reducing the arming condition and improving the convenience; when no user, safe case and express delivery cabinet have article in house and the car, adopt first safe mode to promote and guard against the condition. In some embodiments, the user rights management system may determine the security mode based on a temporal situation, e.g., promoting an arm condition in a first security mode at night, reducing an arm condition in a second security mode during the day, etc.
And step 433, automatically locking the intelligent terminal and giving an alarm.
In the first security mode, when the target user performs identity authentication, if the number of times of authentication failure exceeds a corresponding first error threshold, the intelligent terminal is automatically locked and an alarm is given, such as automatic screen locking of the intelligent terminal, automatic locking of the intelligent lock, and the like. In some embodiments, the action of automatically locking the intelligent terminal may be that the intelligent terminal cannot be turned on or cannot perform authentication within a period of time, and the alarm action may be that the intelligent terminal sends an alarm sound, or that the intelligent terminal sends an alarm prompt to the first character terminal through a network.
And 434, after the intelligent terminal is locked, unlocking the intelligent terminal only after the first role verifies all the identity identification data recorded by the intelligent terminal and the verification is successful.
After the intelligent terminal is locked, the user authority management system enters a warning state. At this time, only after the first role verifies all the identification data and the verification is successful, the user authority management system releases the alarm and returns to the first safety mode or the second safety mode.
Step 435, the user right management system enters the first security mode and performs authentication corresponding to the first security mode.
In the second mode, when the target user performs identity authentication, if the number of times of authentication failure exceeds the corresponding first error threshold, the user authority management system enters the first security mode and performs identity authentication corresponding to the first security mode. For example, when the target user account is in the second security mode, if the number of authentication failures exceeds the first error threshold, the security level is raised, the user right management system enters the first security mode, and performs the authentication corresponding to the first security mode, at this time, step 431 is returned, and if the number of authentication failures still exceeds the corresponding first error threshold, the intelligent terminal is automatically locked and an alarm is given.
By setting the first safety mode and the second safety mode, the guard conditions of the user right management system can be adjusted according to the current environment safety condition and the intelligent terminal use condition, the verification safety degree is improved in an unsafe environment, and the verification is simplified in a safe environment so as to improve the convenience; in addition, a system administrator can remotely know the security mode of a certain intelligent terminal and can judge the possible risk condition of the intelligent terminal in time.
And step 440, acquiring the reset password to be verified, which is input by the target user.
The reset password to be authenticated may be password data currently input by the target user.
In some embodiments, in response to the target user passing the authentication, the target user is prompted to enter a reset password, and password data entered by the target user is taken as the reset password to be authenticated. In some embodiments, the reset password to be authenticated may be input through a smart terminal, such as a smart lock, or a smart terminal application, such as a cell phone application APP.
Step 450, determine whether the reset password to be verified is consistent with the reset password corresponding to the current security mode.
Step 460, delete the user's information in the user rights management system.
In some embodiments, in response to that the reset password to be verified is consistent with the reset password corresponding to the current security mode, and at this time, it is determined that the reset password input by the target user is correct, the information of the user in the user right management system is deleted. This completes a system reset process.
In some embodiments, the deleted user's information may include information of the first persona and information of the second persona. For example, deleting information of all users recorded in the user right management system at the same time is equivalent to restoring the user right management system to factory settings. In some embodiments, the deleted user's information may include only information of the second persona. The user information to be deleted can be selected by the first role after the password is verified, for example, after the password is verified, the first role selectively logs off the first administrator account through a corresponding interface of the mobile phone APP or the user authority management system, so that the user authority management system can be restored to factory settings.
Step 461, sending notification information to the second role.
In some embodiments, after deleting information of the second role in the user rights management system, notification information is sent to the second role. In order to guarantee the use right of the second role to the house and avoid the second role from being deleted under the unknown condition, after the account information of the second role is deleted by the first role, the user permission management system can send notification information to the terminal (such as a mobile phone application APP) of the second role, wherein the notification information content comprises information such as a deletion notification, deletion time, accumulated use/lease duration and the like of the account of the second role.
If only the second role information is deleted, the intelligent terminal can be opened by any identification data or password after the second role information is deleted. At this time, the user authority management system prompts the first administrator account that the intelligent terminal has no password.
If all the user information in the user authority management system is deleted, if the user information is restored to factory settings, when the user authority management system is started again, the processes such as a system triggering process and the like are automatically entered, so that a new first administrator account is created.
Not all of the steps described above in connection with the process 400 are essential, and some steps may be skipped or omitted according to the actual situation, for example, the step 461 may not be executed after deleting the user information in the system.
It should be noted that the above description related to the flow 400 is only for illustration and description, and does not limit the application scope of the present specification. Various modifications and changes to flow 400 will be apparent to those skilled in the art in light of this description. However, such modifications and variations are still within the scope of the present specification.
Fig. 5 is an exemplary flow diagram illustrating resetting of modification permissions of a password in accordance with some embodiments of the present description. As shown in fig. 5, the process 500 includes the following steps. In some embodiments, flow 500 may be performed by processing device 120, e.g., by a processing module within processing device 120.
Step 510, obtaining identification data to be verified.
The identification data to be verified may be identification data currently input by the target user. In some embodiments, the identification data to be verified may be obtained based on the smart terminal, or obtained through the target user by applying the APP to the mobile phone.
Step 520, determining whether the identification data to be verified conforms to the identification data entered in the first role.
In some embodiments, the first persona needs to verify all the identification data it has entered, and the modification of the reset password is not possible until all the verifications have passed.
The specific verification process corresponds to the acquired identification data, and if the acquired identification data is fingerprint data, the verification process verifies whether the acquired fingerprint data is consistent with the stored fingerprint data of the first character.
Step 530, receiving an updated reset password corresponding to at least a portion of the security mode of the first character entry.
And receiving an updated reset password corresponding to at least part of the security mode of the first character entry in response to the identity identification data to be verified conforming to the identity identification data of the first character entry. In some embodiments, after the first role passes the verification, a password modification interface of the user permission management system is accessed on the user permission management system or the APP, in the interface, the first role can see different reset passwords corresponding to different security modes, and the user can select to modify the reset password corresponding to the security mode according to the requirement. After the user enters a new reset password, the user authority management system receives the updated reset password input by the first role to replace the old password. In some embodiments, if the user selects to modify the reset password on the mobile phone APP, the user permission management system receives a new password issued by the mobile phone APP and performs storage and update. For example, the first character uses a mobile phone APP to connect with an intelligent terminal of an application user authority management system through bluetooth, and obtains an updated reset password based on the input of the first character. This completes a reset password modification process.
It should be noted that the above description related to the flow 500 is only for illustration and description, and does not limit the applicable scope of the present specification. Various modifications and changes to flow 500 may occur to those skilled in the art upon review of the present description. However, such modifications and variations are intended to be within the scope of the present description. For example, flow 500 may also include other steps.
Some embodiments of the present specification disclose a user right management system, the system comprising: the system comprises an entry module, a determination module and a management module, wherein the modules are configured to execute the following processes:
and the entry module is used for acquiring the identification data of the user.
And the determining module is used for confirming that the identification data meets a first preset condition.
The management module is used for defining the user as a first role, and the first role has a first authority; the user corresponding to the first administrator account is a first role, and the first administrator account at least includes one of the following permissions: the setting authority of the security mode, the setting authority of the reset password and the system resetting authority; the secure modes include at least a first secure mode and a second secure mode; the reset password at least comprises a first reset password and a second reset password, wherein the first reset password corresponds to the first security mode, and the second reset password corresponds to the second security mode. In some embodiments, the processing module may enable authentication of at least two of the identification data for a user using the user rights management system when the user rights management system is in the first secure mode. In some embodiments, the processing module may enable authentication of at most one identification data for a user using the user rights management system while the user rights management system is in the second secure mode.
Some embodiments of the present specification disclose a rights management apparatus of a user rights management system, the apparatus comprising a processor and a memory; wherein the memory is configured to store instructions that, when executed by the processor, cause the apparatus to perform operations corresponding to a rights management method for a user rights management system.
Some embodiments of the present specification disclose a computer-readable storage medium storing computer instructions, and when the computer reads the computer instructions in the storage medium, the computer executes a rights management method for a user rights management system.
Through the authority management method and the authority management system for the user authority management system, which are described in some embodiments of the specification, authority management of the single user authority management system can be realized; in addition, different safety modes are set according to the current environment safety condition and the user authority management system use condition, the verification safety degree is improved under the unsafe environment, and the verification is simplified under the safe environment so as to improve the convenience degree; under the condition of ensuring the highest authority of a super administrator, a common administrator is given some unique rights, so that a user of the user authority management system can normally enjoy the use right of the user authority management system.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such alterations, modifications, and improvements are intended to be suggested in this specification, and are intended to be within the spirit and scope of the exemplary embodiments of this specification.
Also, the description uses specific words to describe embodiments of the description. Reference to "one embodiment," "an embodiment," and/or "some embodiments" means a feature, structure, or characteristic described in connection with at least one embodiment of the specification. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, certain features, structures, or characteristics may be combined as suitable in one or more embodiments of the specification.
Additionally, the order in which elements and sequences are described in this specification, the use of numerical letters, or other designations are not intended to limit the order of the processes and methods described in this specification, unless explicitly stated in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the number allows a variation of ± 20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into the specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of the present specification shall control if they are inconsistent or inconsistent with the statements and/or uses of the present specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those explicitly described and depicted herein.

Claims (15)

1. A control method of an intelligent security system is characterized by comprising the following steps:
performing identity verification on the target user based on the current security mode;
triggering different operations based on the current security mode when a number of validation failures exceeds a first error threshold;
wherein the current security mode includes at least one of a first security mode and a second security mode, the first security mode having a higher security level than the second security mode.
2. The method of claim 1, wherein triggering different operations based on the current security mode comprises:
and responding to the fact that the current security mode is the second security mode, switching the current security mode to the first security mode, and performing identity authentication corresponding to the first security mode on the target user.
3. The method of claim 1, wherein triggering different operations based on the current security mode comprises:
and responding to the situation that the current security mode is the first security mode, and locking the intelligent terminal acted by the intelligent security system.
4. The method according to claim 3, further comprising after locking the intelligent terminal acted by the intelligent security system: and executing an alarm action.
5. The method according to claim 3, wherein after the intelligent terminal acted by the intelligent security system is locked, the unlocking of the intelligent terminal is completed by a first role.
6. The method of claim 5, wherein the first persona has a first privilege;
wherein the first right comprises at least one of:
the setting authority of the security mode, the setting authority of the reset password and the system resetting authority;
the reset password at least comprises a first reset password and a second reset password, wherein the first reset password corresponds to the first security mode, and the second reset password corresponds to the second security mode.
7. The method of claim 1, wherein the first security mode is configured to verify at least two types of identification data of the target user.
8. The method of claim 1, wherein the second security mode is set to verify the identification data of the target user less than the first security mode.
9. The method of claim 1, further comprising:
responding to the target user passing the identity authentication, and acquiring a reset password to be authenticated, which is input by the target user;
judging whether the reset password to be verified is consistent with the reset password corresponding to the current security mode;
in response, at least some of the user's information is deleted.
10. The method of claim 9, further comprising:
and sending notification information to at least part of the deleted users.
11. The utility model provides a control system of intelligent security system which characterized in that, the system includes:
the identity authentication module is used for authenticating the identity of the target user in the current security mode;
an operation triggering module for triggering different operations based on the current security mode when the number of times of verification failures exceeds a first error threshold;
wherein the current security mode at least comprises a first security mode and a second security mode, and the security level of the first security mode is higher than that of the second security mode.
12. The system of claim 11, wherein the operation triggering module is further configured to:
and responding to the fact that the current security mode is the second security mode, switching the current security mode to the first security mode, and performing identity authentication corresponding to the first security mode on the target user.
13. The system of claim 11, wherein the operation triggering module is further configured to:
and responding to the situation that the current security mode is the first security mode, and locking the intelligent terminal acted by the intelligent security system.
14. The control device of the intelligent security system is characterized by comprising at least one processor and at least one memory;
the at least one memory is for storing computer instructions;
the at least one processor is configured to execute at least some of the computer instructions to implement the method of any one of claims 1-10.
15. A computer-readable storage medium, characterized in that the storage medium stores computer instructions which, when executed by a processor, implement the method according to any one of claims 1 to 10.
CN202210800095.XA 2022-03-14 2022-03-14 Control method, system and device of intelligent security system and storage medium Pending CN115240300A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210800095.XA CN115240300A (en) 2022-03-14 2022-03-14 Control method, system and device of intelligent security system and storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210800095.XA CN115240300A (en) 2022-03-14 2022-03-14 Control method, system and device of intelligent security system and storage medium
CN202210244829.0A CN114360114B (en) 2022-03-14 2022-03-14 User authority management method and system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202210244829.0A Division CN114360114B (en) 2021-07-07 2022-03-14 User authority management method and system

Publications (1)

Publication Number Publication Date
CN115240300A true CN115240300A (en) 2022-10-25

Family

ID=81094640

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202210244829.0A Active CN114360114B (en) 2021-07-07 2022-03-14 User authority management method and system
CN202210800095.XA Pending CN115240300A (en) 2022-03-14 2022-03-14 Control method, system and device of intelligent security system and storage medium

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202210244829.0A Active CN114360114B (en) 2021-07-07 2022-03-14 User authority management method and system

Country Status (1)

Country Link
CN (2) CN114360114B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115767025A (en) * 2022-11-10 2023-03-07 合芯科技有限公司 Method and device for preventing data leakage, electronic equipment and storage medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023280277A1 (en) * 2021-07-07 2023-01-12 云丁网络技术(北京)有限公司 Control method and system
CN116821879B (en) * 2023-08-31 2023-11-07 四川集鲜数智供应链科技有限公司 Visual system role management system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111354109A (en) * 2020-03-16 2020-06-30 广州鸿森资本管理有限公司 Security anti-theft monitoring system and method based on big data
CN111541649A (en) * 2020-03-25 2020-08-14 中国平安财产保险股份有限公司 Password resetting method, device, server and storage medium
CN112214756A (en) * 2020-09-18 2021-01-12 广州市贺氏办公设备有限公司 Authority management system, method and storage medium of consumption machine
CN112364733A (en) * 2020-10-30 2021-02-12 重庆电子工程职业学院 Intelligent security face recognition system
CN113870468A (en) * 2021-12-02 2021-12-31 云丁网络技术(北京)有限公司 Control method and system of intelligent lock

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414905A (en) * 2007-10-17 2009-04-22 谢丹 Various selectivity cipher safety authentication system and method
US11475105B2 (en) * 2011-12-09 2022-10-18 Rightquestion, Llc Authentication translation
CN105404809B (en) * 2015-12-29 2018-09-07 宇龙计算机通信科技(深圳)有限公司 A kind of identity identifying method and user terminal
CN108537030A (en) * 2018-04-18 2018-09-14 北京旷视科技有限公司 Management method, device and the electronic equipment of identity-based identification
US11429733B2 (en) * 2018-11-15 2022-08-30 International Business Machines Corporation Sharing secret data between multiple containers
CN110347053B (en) * 2019-08-07 2020-12-08 江苏鼎峰信息技术有限公司 Intelligent Internet of things security system based on mobile terminal
CN113034747A (en) * 2021-03-19 2021-06-25 上海正之智能科技有限公司 Method and system for controlling operation of intelligent lock for cabinet body
CN113971782B (en) * 2021-12-21 2022-04-19 云丁网络技术(北京)有限公司 Comprehensive monitoring information management method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111354109A (en) * 2020-03-16 2020-06-30 广州鸿森资本管理有限公司 Security anti-theft monitoring system and method based on big data
CN111541649A (en) * 2020-03-25 2020-08-14 中国平安财产保险股份有限公司 Password resetting method, device, server and storage medium
CN112214756A (en) * 2020-09-18 2021-01-12 广州市贺氏办公设备有限公司 Authority management system, method and storage medium of consumption machine
CN112364733A (en) * 2020-10-30 2021-02-12 重庆电子工程职业学院 Intelligent security face recognition system
CN113870468A (en) * 2021-12-02 2021-12-31 云丁网络技术(北京)有限公司 Control method and system of intelligent lock

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115767025A (en) * 2022-11-10 2023-03-07 合芯科技有限公司 Method and device for preventing data leakage, electronic equipment and storage medium
CN115767025B (en) * 2022-11-10 2024-01-23 合芯科技有限公司 Method, device, electronic equipment and storage medium for preventing data leakage

Also Published As

Publication number Publication date
CN114360114A (en) 2022-04-15
CN114360114B (en) 2022-07-29

Similar Documents

Publication Publication Date Title
CN114360114B (en) User authority management method and system
CN107180464B (en) Intelligent lock unlocking method and system using same
CN111903104B (en) Method and system for performing user authentication
CN108091011A (en) Method and system of the verification technique to equipment progress permission control is unified by the testimony of a witness
US10171444B1 (en) Securitization of temporal digital communications via authentication and validation for wireless user and access devices
US20050048951A1 (en) Method and system for alternative access using mobile electronic devices
CA2585727A1 (en) Actuating a security system using a wireless device
CN109660514A (en) A kind of implementation method of smart machine system, smart machine control method and system
CN109003368B (en) Bluetooth access control system offline password updating method and Bluetooth access control system
CN108460872B (en) Control method and device of intelligent lock
US20050071673A1 (en) Method and system for secure authentication using mobile electronic devices
CN109460648B (en) Computer data defense method
CN110517372B (en) Biological characteristic information processing method and device
CN111047750A (en) Method, device and system for controlling offline access control device
CN113487779A (en) Access control method, access terminal and storage medium
CN109389720B (en) Intelligent door lock permission processing method and device
JP5094440B2 (en) System management device and security system
CN113763603B (en) Information processing apparatus, information processing method, computer-readable storage medium, and portable terminal
CN111915774B (en) Remote intelligent assisted unlocking method and device
JP6714283B1 (en) Electronic unlocking management system and program
US10645070B2 (en) Securitization of temporal digital communications via authentication and validation for wireless user and access devices
KR101967111B1 (en) Controller system for security enhancement service by reducing system load with smart characteristic information processing procedure
CN110895840A (en) Wireless-based remote door opening method and door lock device thereof
CN112669501A (en) Access control method, device and computer readable storage medium
CN110675538A (en) Intelligent door lock system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination