WO2017000356A1 - Permission management method, terminal, device and system - Google Patents

Permission management method, terminal, device and system Download PDF

Info

Publication number
WO2017000356A1
WO2017000356A1 PCT/CN2015/085874 CN2015085874W WO2017000356A1 WO 2017000356 A1 WO2017000356 A1 WO 2017000356A1 CN 2015085874 W CN2015085874 W CN 2015085874W WO 2017000356 A1 WO2017000356 A1 WO 2017000356A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
terminal
authorization
human body
body feature
Prior art date
Application number
PCT/CN2015/085874
Other languages
French (fr)
Chinese (zh)
Inventor
焦铸
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2017000356A1 publication Critical patent/WO2017000356A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the present invention relates to electronic technologies, and in particular, to a rights management method, apparatus, and system.
  • the traditional setting permission is required, and the method for opening the device that uses the user to authenticate is required to be verified by the owner of the device.
  • the iris-verified access control device needs to be initialized by the owner of the preset iris to stand in front of the access control device, and the access control device can be turned on.
  • the fingerprint verification POS machine needs the preset fingerprint owner to personally input the fingerprint for verification, and the POS machine starts to swipe the card.
  • the technical problem to be solved by the embodiments of the present invention is to provide a method, device and system for managing rights.
  • the terminal can share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
  • an embodiment of the present invention provides a rights management method, including:
  • the terminal When the terminal receives an authorization request for requesting authorization to use the device, the terminal determines whether to authorize according to the authorization request;
  • the terminal When the terminal determines to perform authorization, the terminal collects human body feature information of the terminal user, and generates authorization information according to the human body feature information;
  • the terminal performs transmission processing on the authorization information, so that the device acquires the human body feature information, and revokes the operation restriction on the device user according to the human body feature information.
  • the authorization request carries the application information, where the application information includes the device user information and the device information;
  • Determining, according to the authorization request, whether the authorization is performed by the terminal includes:
  • the terminal outputs the application information, so that the terminal user determines whether to perform authorization according to the application information.
  • the terminal collects the human body feature information of the terminal user, and generates the authorization information according to the human body feature information, including:
  • the terminal acquires preset encrypted data
  • the terminal encrypts the human body feature information according to the encrypted data to obtain the authorization information.
  • the device user information includes contact information of the first terminal
  • the terminal performs the transmission processing of the authorization information, including:
  • the terminal sends the encrypted data to the device, so that when the device obtains the authorization information, the authorization information is decrypted according to the encrypted data, and the human body feature information is acquired.
  • the embodiment of the invention further provides a rights management method, the method comprising:
  • the device receives the encrypted data sent by the terminal;
  • the device determines that the matching is successful, the device revokes the operation restriction on the device user.
  • the embodiment of the present invention further provides a terminal, where the terminal includes:
  • a determining unit configured to determine, according to the authorization request, whether to authorize when receiving an authorization request for requesting authorization to use the device
  • An acquisition processing unit configured to collect human body feature information of the terminal user when the determining unit determines to perform authorization, and generate authorization information according to the human body feature information;
  • a transmission unit configured to perform the transmission processing on the authorization information, so that the device acquires the human body feature information, and revoke an operation restriction on the device user according to the human body feature information.
  • the authorization request carries the application information, where the application information includes the device user information and the device information;
  • the determining unit is specifically configured to:
  • the application information is outputted to enable the end user to determine whether to authorize based on the application information.
  • the collection processing unit includes:
  • an encryption subunit configured to encrypt the human body feature information according to the encrypted data to obtain the authorization information.
  • the device user information includes contact information of the first terminal
  • the transmission unit includes:
  • a first sending subunit configured to send the authorization information to the first terminal according to the contact information of the first terminal
  • a second sending subunit configured to send the encrypted data to the device, to decrypt the authorization information according to the encrypted data, to acquire the human body feature when the device obtains the authorization information information.
  • an embodiment of the present invention further provides an apparatus, where the apparatus includes:
  • a receiving unit configured to receive encrypted data sent by the terminal
  • a decryption unit configured to decrypt the authorization information according to the encrypted data, and obtain the decrypted human body feature information when the authorization information is acquired;
  • a judging unit configured to obtain a preset body feature information to be matched, and determine whether the human body feature information and the to-be-matched human body feature information are successfully matched;
  • the revocation unit is configured to revoke the operation restriction on the device user when the judging unit judges that the matching is successful.
  • the present invention also provides a rights management system comprising: a mobile terminal, a terminal as described above, and a device as described above.
  • the terminal is configured to determine, according to the authorization request, whether to perform authorization when receiving an authorization request for requesting authorization to use the device, and collect the human body feature information of the terminal user according to the human body characteristic information when determining to perform authorization Generating authorization information, and transmitting the authorization information to And causing the device to acquire the human body feature information, and cancel an operation restriction on the device user according to the human body feature information;
  • the device is configured to receive the encrypted data sent by the terminal, and when the authorization information is obtained, decrypt the authorization information according to the encrypted data, obtain the decrypted human body feature information, and obtain a preset Matching the human body feature information, determining whether the human body feature information and the to-be-matched human body feature information are successfully matched, and when determining that the matching is successful, canceling the operation restriction on the device user.
  • the terminal when the terminal receives an authorization request for requesting authorization to use the device, determining whether to perform authorization according to the authorization request, where the terminal manages the usage right of the device, when the terminal determines to perform authorization, The terminal collects the human body feature information of the terminal user, generates authorization information according to the human body feature information, and the terminal transmits the authorization information to enable the device to acquire the human body feature information, and cancel the pair according to the human body feature information.
  • the operation restriction of the device user enables the terminal to share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
  • FIG. 1 is a schematic flow chart of an embodiment of a rights management method according to the present invention.
  • FIG. 2 is a schematic flow chart of still another embodiment of a rights management method according to the present invention.
  • FIG. 3 is a schematic structural view of an embodiment of a terminal according to the present invention.
  • FIG. 4 is a schematic structural view of an embodiment of an apparatus of the present invention.
  • FIG. 5 is a schematic structural diagram of an embodiment of a rights management system according to the present invention.
  • the terminal or the first terminal described in the embodiment of the present invention may include: a mobile phone, a tablet computer, a palmtop computer, or a mobile Internet device (MID), etc.
  • a mobile phone a tablet computer, a palmtop computer, or a mobile Internet device (MID), etc.
  • MID mobile Internet device
  • the device described in the embodiments of the present invention may include: an access control, an automobile, a POS machine, and the like that need to verify the user.
  • a rights management method is described in the following, and a rights management method in this embodiment may include:
  • the terminal determines, according to the authorization request, whether to perform authorization.
  • the terminal can manage the usage rights of the device.
  • the authorization request received by the terminal may be sent by a device connected to the terminal.
  • the device may be a device that needs to authenticate the device user, such as an access control, a car, and a POS (point of sale) machine.
  • the device needs to authenticate the device user and determine that the device user has the right to use.
  • the device authenticates the device user the device user can revoke the operation restriction on the device user, so that the device user can use the device normally.
  • the device authenticating the device user may be: the device verifies the human body feature information of the device user.
  • the human body feature information includes one or more of face information, iris information, and fingerprint information.
  • the device presets the body feature information to be matched, wherein the body feature information to be matched may be iris information.
  • the device may collect the iris information of the device user and determine the collected information. Whether the iris information matches the preset iris information to be matched.
  • the matching is successful, it is determined that the device user has the device usage right, and the operation restriction of the device user can be revoked, so that the device user normally uses the device.
  • the device determines that the device user does not have the use permission, but may output a prompt to remind the device user to send an authorization request to the terminal user through the device to the terminal user. Request authorization to use the device.
  • the terminal user has the highest level of authority of the device, and the body feature information to be matched stored by the device may be the body feature information of the terminal user, and the terminal user may manage the usage rights of the device through the terminal.
  • the process may be: the device user may input the application information on the operation page of the device, where the application information may include the device user information and the device information.
  • the device user information may include: contact information of the device user (ie, contact information of the first terminal), identity information of the device user, location information of the device user, and usage time information, and the device information may include identity information of the device. , such as the ID or name of the device. Therefore, the device can send an authorization request carrying the application information to the terminal through the contact information of the preset terminal. Or the device user inputs the contact information of the terminal on the device, so that the device sends an authorization request carrying the application information to the terminal according to the contact information of the input terminal.
  • the terminal receiving the authorization request may also be an authorization request sent by the device user through the first terminal.
  • the device user knows that he does not have the usage right of the device, but the device user can know the contact information of the terminal, the device user can input the application information and the contact information of the terminal through the operation page of the first terminal, so that the first terminal will An authorization request carrying the application information is sent to the terminal.
  • the operation page is an operation page installed in the first terminal for applying for authorization of the application.
  • the contact information of the input terminal may be input by calling the contact information stored by the first terminal.
  • the first terminal may encrypt the information input by the device user and then send the information to the terminal.
  • the terminal when the terminal receives the authorization request carrying the application information, the terminal may determine whether to perform authorization.
  • the determining whether the terminal performs the authorization may be: the terminal outputs the application information, so that the terminal user determines, according to the application information, whether the device user is authorized to use the device. For example, the terminal user can determine whether to authorize according to the identity information of the device user in the application information, the location information of the device user, and the usage time information.
  • the terminal may receive a determination authorization command generated by the terminal user operation.
  • the terminal determines to perform authorization, the terminal collects human body feature information of the terminal user, and generates authorization information according to the human body feature information.
  • the terminal when the terminal determines to perform authorization and the terminal has not established a communication connection with the device, the terminal may establish a communication connection with the device.
  • the terminal can obtain the contact information of the device according to the application information carried in the authorization request, so that the terminal establishes a communication connection with the device according to the contact information of the device.
  • the device After the terminal establishes a communication connection with the device, the device may generate random data and return random data to the terminal, where the random data may include a random code.
  • the human body feature information may include one or more of fingerprint information, iris information, and face information.
  • the terminal may collect fingerprint information through the fingerprint collection device, or the terminal may collect iris information through the camera or the terminal may collect facial information through the camera.
  • the terminal may prompt the terminal user to input the fingerprint information to collect the fingerprint information of the terminal user;
  • the collected human body feature information preset by the terminal is the fingerprint information and the iris information,
  • the terminal collects iris information and fingerprint information of the terminal user.
  • the body feature information to be collected preset by the terminal is consistent with the type of the body feature information to be matched preset by the device.
  • the terminal may acquire the encrypted data.
  • the encrypted data may be the encrypted data preset by the terminal, or may be data such as device user identity information, device user location information, or encrypted data input by the terminal user in the application information carried by the authorization request, or may be a device. Random data returned. Further, after the terminal obtains the encrypted data, the terminal may use the encrypted data as a key and encrypt the acquired human body feature information by using a preset encryption rule to generate authorization information.
  • the encryption rule may be an encryption algorithm such as a DES (Data Encryption Standard) encryption algorithm or an RSA encryption algorithm, such as using the encrypted data as an encryption key and encrypting the human body feature information by using an RSA encryption algorithm to obtain authorization information.
  • the authorization information is encrypted human body characteristic information, and the authorization information may include image information, optical information, audio information, and the like.
  • the image information is an image description of the encrypted human body feature information
  • the light information is a light description of the encrypted human body feature information
  • the audio information is an audio description of the encrypted human body feature information.
  • the terminal performs transmission processing on the authorization information.
  • the terminal may send the authorization information to the first terminal according to the contact information of the first terminal included in the device user information in the received application information, and encrypt the data.
  • the encrypted data is sent to the device when it is not random data.
  • the first terminal may initiate a use request request to the device again.
  • the first terminal may initiate a use request request to the device.
  • the authorization information received by the first terminal is image information
  • the device user may scan the image information received by the first terminal to the device, so that the device can scan.
  • the picture information obtained by the terminal obtains the authorization information; when the authorization information received by the first terminal is the optical information, the device user can output the optical information through the light output device of the first terminal, so that the device can collect the light through the light. Collecting optical information output by the first terminal, thereby obtaining authorization information; when the first terminal When the received authorization information is audio information, the device user can output the audio information through the speaker of the first terminal, so that the device can collect the audio information output by the first terminal through the microphone, thereby obtaining the authorization information.
  • the device may decrypt the acquired authorization information according to the received encrypted data, obtain the human body feature information, and determine whether the acquired human body feature information is successfully matched with the body feature information to be matched preset by the device. When the match is successful, the device can revoke the operation restriction on the device user. Further, when the matching is successful, the device may also send a request to the terminal whether to allow the application instruction. When the device receives the confirmation instruction returned by the terminal, the device may cancel the operation restriction on the device user.
  • the terminal may send the authorization information and the encrypted data to the device, so that the device can decrypt the received authorization information according to the received encrypted data, and obtain The human body characteristic information is used to determine whether the acquired human body characteristic information is successfully matched with the body characteristic information to be matched preset by the device.
  • the device may cancel the operation restriction on the device user.
  • the terminal when the terminal receives an authorization request for requesting authorization to use the device, determining whether to perform authorization according to the authorization request, where the terminal manages the usage right of the device, when the terminal determines to perform authorization, The terminal collects the human body feature information of the terminal user, generates authorization information according to the human body feature information, and the terminal transmits the authorization information to enable the device to acquire the human body feature information, and cancel the pair according to the human body feature information.
  • the operation restriction of the device user enables the terminal to share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
  • the rights management method in this embodiment may include:
  • the device receives the encrypted data sent by the terminal.
  • the encrypted data may be encrypted data preset by the terminal, or may be data such as device user identity information, device user location information, or the terminal user input in the application information carried by the authorization request received by the terminal.
  • the data is encrypted, or it may be random data generated by the device and sent to the terminal, and is not limited herein.
  • the terminal may not send the encrypted data to the device.
  • the device obtains the authorization information, and the device obtains the authorization information by using the first terminal, where the terminal sends the authorization information to the first terminal.
  • the device may obtain the authorization information by scanning the picture information of the first terminal, and obtain the authorization information;
  • the authorization information is the optical information, the device may collect the first terminal by using the optical collector.
  • the output optical information is obtained, thereby obtaining the authorization information;
  • the authorization information is the audio information, the device can collect the audio information output by the first terminal through the microphone, thereby obtaining the authorization information.
  • the device obtains the authorization information, and the device obtains the authorization information sent by the terminal.
  • the device may use the obtained encrypted data as a decryption key, decrypt the authorization information by using a preset decryption rule, and obtain the human body feature information, wherein the decryption rule may be a DES decryption algorithm or an RSA decryption. Decryption algorithm such as algorithm.
  • the human body feature information is obtained by using the encrypted data as a decryption key and decrypting the authorization information by using an RSA decryption algorithm.
  • the human body characteristic information includes one or more kinds of information such as face information, iris information, and fingerprint information.
  • the device acquires preset human body feature information to be matched, and determines whether the human body feature information and the to-be-matched human body feature information are successfully matched.
  • the preset human body feature information to be matched may include one or more of face information, iris information, and fingerprint information.
  • the device can match the human body feature information with the body feature information to be matched, and determine whether the device is consistent. If the device is consistent, the device can determine that the human body feature information is successfully matched with the body feature information to be matched.
  • the device determines that the matching is successful, the device revokes an operation restriction on the terminal user of the device.
  • the device when the device determines that the matching is successful, the device may revoke the operation restriction on the device user. Further, when the matching is successful, the device may also send a request to the terminal whether to allow the application instruction. When the device receives the confirmation instruction returned by the terminal, the device may cancel the operation restriction on the device user.
  • the device receives the encrypted data sent by the terminal, and when the device obtains the authorization information, decrypts the authorization information according to the encrypted data, and obtains the decrypted human body feature information, where the device acquires Presetting the body feature information to be matched, and determining the body feature information and Whether the matching of the human body characteristic information to be matched is successful, and when the device determines that the matching is successful, the device revokes the operation restriction on the terminal user of the device, which enables the terminal to share management of the device rights and improve the terminal. User experience.
  • an embodiment of a terminal according to the present invention includes:
  • the determining unit 100 is configured to determine, according to the authorization request, whether to authorize when receiving an authorization request for requesting authorization to use the device;
  • the collection processing unit 200 is configured to collect human body feature information of the terminal user when the determining unit determines that authorization is performed, and generate authorization information according to the human body feature information;
  • the transmitting unit 300 is configured to perform the transmission processing on the authorization information.
  • the authorization request carries application information, where the application information includes the device user information and the device information.
  • the determining unit 100 is specifically configured to:
  • the application information is outputted to enable the end user to determine whether to authorize based on the application information.
  • the collection processing unit 200 is specifically configured to:
  • the device user information includes contact information of the first terminal.
  • the transmission unit 300 is specifically configured to:
  • the terminal can manage the usage rights of the device.
  • the authorization request received by the determining unit 100 may be transmitted by a device connected to the terminal.
  • the device may be a device that needs to authenticate the device user, such as an access control, a car, and a POS (point of sale) machine.
  • the device needs to authenticate the device user and determine that the device user has the right to use.
  • the device authenticates the device user the device user can revoke the operation restriction on the device user, so that the device user can use the device normally.
  • the device authenticating the device user may be: the device verifies the human body feature information of the device user.
  • the human body characteristic information includes one or more kinds of information of face information, iris information, and fingerprint information.
  • the device presets the body feature information to be matched, wherein the body feature information to be matched may be iris information.
  • the device may collect the iris information of the device user and determine the collected information. Whether the iris information matches the preset iris information to be matched.
  • the matching is successful, it is determined that the device user has the device usage right, and the operation restriction of the device user can be revoked, so that the device user normally uses the device.
  • the device determines that the device user does not have the use permission, but may output a prompt to remind the device user to send an authorization request to the terminal user through the device to the terminal user. Request authorization to use the device.
  • the terminal user has the highest level of authority of the device, and the body feature information to be matched stored by the device may be the body feature information of the terminal user, and the terminal user may manage the usage rights of the device through the terminal.
  • the process may be: the device user may input the application information on the operation page of the device, where the application information may include the device user information and the device.
  • the device information may include: contact information of the device user (ie, contact information of the first terminal), identity information of the device user, location information of the device user, and usage time information, and the device information may include the identity of the device. Information, such as the ID or name of the device. Therefore, the device can send an authorization request carrying the application information to the terminal through the contact information of the preset terminal. Or the device user inputs the contact information of the terminal on the device, so that the device sends an authorization request carrying the application information to the terminal according to the contact information of the input terminal.
  • the terminal receiving the authorization request may also be an authorization request sent by the device user through the first terminal.
  • the device user knows that he does not have the usage right of the device, but the device user can know the contact information of the terminal, the device user can input the application information and the contact information of the terminal through the operation page of the first terminal, so that the first terminal will An authorization request carrying the application information is sent to the terminal.
  • the operation page is an operation page installed in the first terminal for applying for authorization of the application.
  • the contact information of the input terminal may be input by calling the contact information stored by the first terminal.
  • the first terminal may encrypt the information input by the device user and then send the information to the terminal.
  • the determining unit 100 may determine whether to perform authorization. Wherein, the determining unit 100 determines whether the authorization is performed: The breaking unit 100 outputs the application information to enable the terminal user to determine whether to authorize the device user to use the device according to the application information. For example, the terminal user can determine whether to authorize according to the identity information of the device user in the application information, the location information of the device user, and the usage time information. When the terminal user determines to authorize the use of the device user, the determining unit 100 may receive the determination authorization command generated by the terminal user operation.
  • the terminal when the determining unit 100 determines to perform authorization and the terminal has not established a communication connection with the device, the terminal may establish a communication connection with the device.
  • the terminal can obtain the contact information of the device according to the application information carried in the authorization request, so that the terminal establishes a communication connection with the device according to the contact information of the device.
  • the device After the terminal establishes a communication connection with the device, the device may generate random data and return random data to the terminal, where the random data may include a random code.
  • the human body feature information may include one or more of fingerprint information, iris information, and face information.
  • the collection processing unit 200 can collect fingerprint information through the fingerprint collection device, or the collection processing unit 200 can collect iris information through the camera or the collection processing unit 200 can collect facial information through the camera.
  • the collection processing unit 200 may prompt the terminal user to input the fingerprint information to collect the fingerprint information of the terminal user; and the collected human body feature information preset by the terminal is the fingerprint information and
  • the collection processing unit 200 collects the iris information and the fingerprint information of the terminal user.
  • the body feature information to be collected preset by the terminal is consistent with the type of the body feature information to be matched preset by the device.
  • the collection processing unit 200 may acquire the encrypted data.
  • the encrypted data may be the encrypted data preset by the terminal, or may be data such as device user identity information, device user location information, or encrypted data input by the terminal user in the application information carried by the authorization request, or may be a device. Random data returned. Further, when the collection processing unit 200 can use the encrypted data as a key and encrypt the acquired human body feature information by using a preset encryption rule, the authorization information is generated.
  • the encryption rule may be an encryption algorithm such as a DES (Data Encryption Standard) encryption algorithm or an RSA encryption algorithm, such as using the encrypted data as an encryption key and encrypting the human body feature information by using an RSA encryption algorithm to obtain authorization information.
  • the authorization information is the encrypted human body feature information, and the authorization information may include image information, optical information, audio information, and the like.
  • the image information is an image description of the encrypted human body feature information
  • the light information is a light description of the encrypted human body feature information
  • the audio information is an audio description of the encrypted human body feature information.
  • the transmission unit 300 may send the authorization information to the first terminal according to the contact information of the first terminal included in the device user information in the received application information. And send the encrypted data to the device when the encrypted data is not random data.
  • the first terminal may initiate a use request request to the device again.
  • the first terminal may initiate a use request request to the device.
  • the authorization information received by the first terminal is image information
  • the device user may scan the image information received by the first terminal to the device, so that the device can scan.
  • the picture information obtained by the terminal obtains the authorization information; when the authorization information received by the first terminal is the optical information, the device user can output the optical information through the light output device of the first terminal, so that the device can collect the light through the light. Collecting the optical information output by the first terminal to obtain the authorization information; when the authorization information received by the first terminal is the audio information, the device user may output the audio information through the speaker of the first terminal, so that the device can pass the microphone The audio information output by the first terminal is collected to obtain authorization information.
  • the device may decrypt the acquired authorization information according to the received encrypted data, obtain the human body feature information, and determine whether the acquired human body feature information is successfully matched with the body feature information to be matched preset by the device. When the match is successful, the device can revoke the operation restriction on the device user. Further, when the matching is successful, the device may also send a request to the terminal whether to allow the application instruction. When the device receives the confirmation instruction returned by the terminal, the device may cancel the operation restriction on the device user.
  • the transmission unit 300 may send the authorization information and the encrypted data to the device, so that the device can authorize the received according to the received encrypted data.
  • the information is decrypted, the human body feature information is obtained, and the acquired human body feature information is successfully matched with the body feature information to be matched preset by the device.
  • the device may cancel the operation restriction on the device user.
  • the terminal when the terminal receives an authorization request for requesting authorization to use the device, determining whether to perform authorization according to the authorization request, where the terminal manages the usage right of the device, when the terminal determines to perform authorization, The terminal collects the human body feature information of the terminal user, generates authorization information according to the human body feature information, and the terminal transmits the authorization information to enable the device to acquire the human body feature information, and cancel the pair according to the human body feature information.
  • the operation restriction of the device user enables the terminal to share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
  • an embodiment of a device according to the present invention includes:
  • the receiving unit 400 is configured to receive encrypted data sent by the terminal.
  • the decryption unit 500 is configured to decrypt the authorization information according to the encrypted data when acquiring the authorization information, and obtain the decrypted human body feature information.
  • the determining unit 600 is configured to obtain the preset human body feature information to be matched, and determine whether the human body feature information and the to-be-matched human body feature information are successfully matched.
  • the revocation unit 700 is configured to revoke the operation restriction on the device user when the judging unit judges that the matching is successful.
  • the receiving unit 400 acquires the encrypted data sent by the terminal.
  • the encrypted data may be encrypted data preset by the terminal, or may be data such as device user identity information, device user location information, or the terminal user input in the application information carried by the authorization request received by the terminal.
  • the data is encrypted, or it may be random data generated by the device and sent to the terminal, and is not limited herein.
  • the terminal may not send the encrypted data to the device.
  • the device obtains the authorization information, and the device obtains the authorization information by using the first terminal, where the terminal sends the authorization information to the first terminal.
  • the device may obtain the authorization information by scanning the picture information of the first terminal, and obtain the authorization information;
  • the authorization information is the optical information, the device may collect the first terminal by using the optical collector.
  • the output optical information is obtained, thereby obtaining the authorization information;
  • the authorization information is the audio information, the device can collect the audio information output by the first terminal through the microphone, thereby obtaining the authorization information.
  • the device obtains the authorization information, and the device obtains the authorization information sent by the terminal.
  • the decryption unit 500 may use the acquired encrypted data as a decryption key, decrypt the authorization information by using a preset decryption rule, and obtain the human body feature information, where the decryption rule may be a DES decryption algorithm or A decryption algorithm such as an RSA decryption algorithm.
  • the human body feature information is obtained by using the encrypted data as a decryption key and decrypting the authorization information by using an RSA decryption algorithm. among them,
  • the human body characteristic information includes one or more kinds of information such as face information, iris information, and fingerprint information.
  • the preset human body feature information to be matched may include one or more of face information, iris information, and fingerprint information.
  • the determining unit 600 can match the human body feature information with the body feature information to be matched to determine whether the human body feature information is consistent. If the information is consistent, the determining unit 600 can determine that the human body feature information is successfully matched with the human body feature information to be matched.
  • the revoking unit 700 may cancel the operation restriction on the device user. Further, when the matching is successful, the device may also send a request to the terminal whether to allow the application instruction. When the device receives the confirmation instruction returned by the terminal, the device may cancel the operation restriction on the device user.
  • the device receives the encrypted data sent by the terminal, and when the device obtains the authorization information, decrypts the authorization information according to the encrypted data, and obtains the decrypted human body feature information, where the device acquires Presetting the human body feature information to be matched, determining whether the human body feature information and the to-be-matched human body feature information are successfully matched.
  • the device determines that the matching is successful, the device cancels the operation restriction on the terminal user of the device. This enables the terminal to share management of the device's permissions and improve the end user's experience.
  • FIG. 5 is a schematic structural diagram of an embodiment of a rights management system according to the present invention.
  • a rights management system according to this embodiment includes:
  • the mobile terminal 1 may be the first terminal as described in the foregoing embodiment
  • the terminal 2 may be the terminal as described in the foregoing embodiment
  • the device 3 may be the device described in the foregoing embodiment, and details are not described herein.
  • the terminal when the terminal receives an authorization request for requesting authorization to use the device, determining whether to perform authorization according to the authorization request, where the terminal manages the usage right of the device, when the terminal determines to perform authorization, The terminal collects the human body feature information of the terminal user, generates authorization information according to the human body feature information, and the terminal transmits the authorization information to enable the device to acquire the human body feature information, and cancel the pair according to the human body feature information.
  • the operation restriction of the device user enables the terminal to share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
  • the computer readable storage medium which when executed, may include the flow of an embodiment of the methods as described above.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Abstract

A permission management method comprises: when a terminal receives an authorization request requesting authorization to use a device, determining, by the terminal and according to the authorization request, whether to grant the authorization (S100); if the terminal determines to grant the authorization, acquiring, by the terminal, biometric information of a terminal user, and generating authorization information according to the biometric information (S101); and transmitting, by the terminal, the authorization information (S102), such that the device acquires the biometric information, and revokes, according to the biometric information, an operation restriction against the user of the device. Also disclosed are a device and system. The method, device and system enable the terminal to share authority management of the device, thus improving user convenience and terminal user experience.

Description

一种权限管理方法、终端、设备及系统Rights management method, terminal, device and system
本申请要求于2015年6月30日提交中国专利局、申请号为201510385828.8,发明名称为“一种权限管理方法、终端、设备及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201510385828.8, entitled "A Privilege Management Method, Terminal, Equipment and System" on June 30, 2015, the entire contents of which are incorporated by reference. In this application.
技术领域Technical field
本发明涉及电子技术,尤其涉及一种权限管理方法、装置及系统。The present invention relates to electronic technologies, and in particular, to a rights management method, apparatus, and system.
背景技术Background technique
目前,传统的需设置权限,对使用用户进行验证的设备的开启方法均是需设备的拥有者进行亲自验证才能开启。如:虹膜验证的门禁设备需已预置的虹膜的拥有者亲自站在门禁设备前进行验证,门禁设备才能进行开启。又还如:指纹验证的POS机需已预置的指纹拥有者亲自输入指纹进行验证,POS机才启动刷卡。但是当设备的拥有者信任的用户使用这类型设备时,由于事先没有存储用户相关的验证信息在设备内,使得用户没有使用该类型设备的权限,而需设备的拥有者亲自开启,这不仅给设备的拥有者带来极大不便,也给使用者带来了极大不便。At present, the traditional setting permission is required, and the method for opening the device that uses the user to authenticate is required to be verified by the owner of the device. For example, the iris-verified access control device needs to be initialized by the owner of the preset iris to stand in front of the access control device, and the access control device can be turned on. Another example is: the fingerprint verification POS machine needs the preset fingerprint owner to personally input the fingerprint for verification, and the POS machine starts to swipe the card. However, when the user trusted by the owner of the device uses this type of device, since the user-independent authentication information is not stored in the device in advance, the user does not have the right to use the device of the type, but the owner of the device needs to open it personally, which not only gives The owner of the device brings great inconvenience and brings great inconvenience to the user.
发明内容Summary of the invention
本发明实施例所要解决的技术问题在于,提供一种权限管理方法、装置及系统。可使得终端可对设备的权限进行共享管理,提高用户便捷度,提高了终端用户的体验。The technical problem to be solved by the embodiments of the present invention is to provide a method, device and system for managing rights. The terminal can share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
为了解决上述技术问题,本发明实施例提供了一种权限管理方法,包括:In order to solve the above technical problem, an embodiment of the present invention provides a rights management method, including:
当终端接收到用于请求授权使用设备的授权请求时,所述终端根据所述授权请求判断是否进行授权;When the terminal receives an authorization request for requesting authorization to use the device, the terminal determines whether to authorize according to the authorization request;
当所述终端确定进行授权时,所述终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息;When the terminal determines to perform authorization, the terminal collects human body feature information of the terminal user, and generates authorization information according to the human body feature information;
所述终端将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制。 The terminal performs transmission processing on the authorization information, so that the device acquires the human body feature information, and revokes the operation restriction on the device user according to the human body feature information.
其中,所述授权请求携带申请信息,其中,所述申请信息包括所述设备用户信息以及所述设备信息;The authorization request carries the application information, where the application information includes the device user information and the device information;
所述终端根据所述授权请求判断是否进行授权包括:Determining, according to the authorization request, whether the authorization is performed by the terminal includes:
所述终端输出所述申请信息,以使终端用户根据所述申请信息确定是否进行授权。The terminal outputs the application information, so that the terminal user determines whether to perform authorization according to the application information.
其中,所述当终端确定进行授权时,所述终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息包括:When the terminal determines that the authorization is performed, the terminal collects the human body feature information of the terminal user, and generates the authorization information according to the human body feature information, including:
所述终端获取预置的加密数据;The terminal acquires preset encrypted data;
所述终端根据所述加密数据对所述人体特征信息进行加密,获得所述授权信息。The terminal encrypts the human body feature information according to the encrypted data to obtain the authorization information.
其中,所述设备用户信息包括第一终端的联系信息;The device user information includes contact information of the first terminal;
所述终端将所述授权信息进行传输处理包括:The terminal performs the transmission processing of the authorization information, including:
所述终端根据所述第一终端的联系信息将所述授权信息发送给第一终端;Sending, by the terminal, the authorization information to the first terminal according to the contact information of the first terminal;
所述终端将所述加密数据发送给所述设备,以当所述设备获取到所述授权信息时,根据所述加密数据对所述授权信息进行解密,获取所述人体特征信息。The terminal sends the encrypted data to the device, so that when the device obtains the authorization information, the authorization information is decrypted according to the encrypted data, and the human body feature information is acquired.
本发明实施例还提供了一种权限管理方法,所述方法包括:The embodiment of the invention further provides a rights management method, the method comprising:
设备接收终端发送的加密数据;The device receives the encrypted data sent by the terminal;
当所述设备获取到授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息;And when the device obtains the authorization information, decrypting the authorization information according to the encrypted data, and acquiring the decrypted human body feature information;
所述设备获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功;Obtaining, by the device, the preset human body feature information to be matched, and determining whether the human body feature information and the to-be-matched human body feature information are successfully matched;
当所述设备判断匹配成功时,所述设备撤销对所述设备用户的操作限制。When the device determines that the matching is successful, the device revokes the operation restriction on the device user.
相应地,本发明实施例还提供了一种终端,其特征在于,所述终端包括:Correspondingly, the embodiment of the present invention further provides a terminal, where the terminal includes:
判断单元,用于当接收到用于请求授权使用设备的授权请求时,根据所述授权请求判断是否进行授权;a determining unit, configured to determine, according to the authorization request, whether to authorize when receiving an authorization request for requesting authorization to use the device;
采集处理单元,用于当判断单元判断进行授权时,采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息;An acquisition processing unit, configured to collect human body feature information of the terminal user when the determining unit determines to perform authorization, and generate authorization information according to the human body feature information;
传输单元,用于将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制。 And a transmission unit, configured to perform the transmission processing on the authorization information, so that the device acquires the human body feature information, and revoke an operation restriction on the device user according to the human body feature information.
其中,所述授权请求携带申请信息,其中,所述申请信息包括所述设备用户信息以及所述设备信息;The authorization request carries the application information, where the application information includes the device user information and the device information;
所述判断单元具体用于:The determining unit is specifically configured to:
输出所述申请信息,以使终端用户根据所述申请信息确定是否进行授权。The application information is outputted to enable the end user to determine whether to authorize based on the application information.
其中,所述采集处理单元包括:The collection processing unit includes:
获取子单元,用于获取预置的加密数据;Obtaining a subunit for acquiring preset encrypted data;
加密子单元,用于根据所述加密数据对所述人体特征信息进行加密,获得所述授权信息。And an encryption subunit, configured to encrypt the human body feature information according to the encrypted data to obtain the authorization information.
其中,所述设备用户信息包括第一终端的联系信息;The device user information includes contact information of the first terminal;
所述传输单元包括:The transmission unit includes:
第一发送子单元,用于根据所述第一终端的联系信息将所述授权信息发送给第一终端;a first sending subunit, configured to send the authorization information to the first terminal according to the contact information of the first terminal;
第二发送子单元,用于将所述加密数据发送给所述设备,以当所述设备获取到所述授权信息时,根据所述加密数据对所述授权信息进行解密,获取所述人体特征信息。a second sending subunit, configured to send the encrypted data to the device, to decrypt the authorization information according to the encrypted data, to acquire the human body feature when the device obtains the authorization information information.
相应地,本发明实施例还提供了一种设备,其特征在于,所述设备包括:Correspondingly, an embodiment of the present invention further provides an apparatus, where the apparatus includes:
接收单元,用于接收终端发送的加密数据;a receiving unit, configured to receive encrypted data sent by the terminal;
解密单元,用于当获取到授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息;a decryption unit, configured to decrypt the authorization information according to the encrypted data, and obtain the decrypted human body feature information when the authorization information is acquired;
判断单元,用于获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功;a judging unit, configured to obtain a preset body feature information to be matched, and determine whether the human body feature information and the to-be-matched human body feature information are successfully matched;
撤销单元,用于当判断单元判断匹配成功时,撤销对所述设备用户的操作限制。The revocation unit is configured to revoke the operation restriction on the device user when the judging unit judges that the matching is successful.
本发明还提供一种权限管理系统,包括:移动终端、如上发明内容所述的终端和如上发明内容所述的设备。The present invention also provides a rights management system comprising: a mobile terminal, a terminal as described above, and a device as described above.
所述终端,用于当接收到用于请求授权使用设备的授权请求时,根据所述授权请求判断是否进行授权,当确定进行授权时,采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息,将所述授权信息进行传输处理,以 使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制;The terminal is configured to determine, according to the authorization request, whether to perform authorization when receiving an authorization request for requesting authorization to use the device, and collect the human body feature information of the terminal user according to the human body characteristic information when determining to perform authorization Generating authorization information, and transmitting the authorization information to And causing the device to acquire the human body feature information, and cancel an operation restriction on the device user according to the human body feature information;
所述设备,用于接收所述终端发送的加密数据,当获取到所述授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息,获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功,当判断匹配成功时,撤销对所述设备用户的操作限制。The device is configured to receive the encrypted data sent by the terminal, and when the authorization information is obtained, decrypt the authorization information according to the encrypted data, obtain the decrypted human body feature information, and obtain a preset Matching the human body feature information, determining whether the human body feature information and the to-be-matched human body feature information are successfully matched, and when determining that the matching is successful, canceling the operation restriction on the device user.
实施本发明实施例,具有如下有益效果:Embodiments of the present invention have the following beneficial effects:
在本发明实施例中,当终端接收到用于请求授权使用设备的授权请求时,根据所述授权请求确定是否进行授权,其中,终端管理所述设备的使用权限,当终端确定进行授权时,终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息,终端将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制,这使得终端可对设备的权限进行共享管理,提高用户便捷度,提高了终端用户的体验。In the embodiment of the present invention, when the terminal receives an authorization request for requesting authorization to use the device, determining whether to perform authorization according to the authorization request, where the terminal manages the usage right of the device, when the terminal determines to perform authorization, The terminal collects the human body feature information of the terminal user, generates authorization information according to the human body feature information, and the terminal transmits the authorization information to enable the device to acquire the human body feature information, and cancel the pair according to the human body feature information. The operation restriction of the device user enables the terminal to share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1是本发明一种权限管理方法的一种实施例流程示意图;1 is a schematic flow chart of an embodiment of a rights management method according to the present invention;
图2是本发明一种权限管理方法的又一种实施例流程示意图;2 is a schematic flow chart of still another embodiment of a rights management method according to the present invention;
图3是本发明一种终端的一种实施例结构示意图;3 is a schematic structural view of an embodiment of a terminal according to the present invention;
图4是本发明一种设备的一种实施例结构示意图;4 is a schematic structural view of an embodiment of an apparatus of the present invention;
图5是本发明一种权限管理系统的一种实施例结构示意图。FIG. 5 is a schematic structural diagram of an embodiment of a rights management system according to the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是 全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, instead of All embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
具体实现中,本发明实施例中所描述的终端或者第一终端可包括:手机、平板电脑、掌上电脑或者移动互联网设备(Mobile Internet Device,MID)等,上述终端仅是举例,而非穷举,包含但不限于上述终端。In a specific implementation, the terminal or the first terminal described in the embodiment of the present invention may include: a mobile phone, a tablet computer, a palmtop computer, or a mobile Internet device (MID), etc., and the foregoing terminal is only an example, not an exhaustive , including but not limited to the above terminals.
具体实现中,本发明实施例所描述的设备可包括:门禁、汽车和POS机等需对使用用户进行验证的设备。In a specific implementation, the device described in the embodiments of the present invention may include: an access control, an automobile, a POS machine, and the like that need to verify the user.
请参见图1,为本发明一种权限管理方法的一种实施例,下面从终端侧阐述一种权限管理方法,本实施例所述的一种权限管理方法可包括:Referring to FIG. 1 , an embodiment of a rights management method according to the present invention is described. A rights management method is described in the following, and a rights management method in this embodiment may include:
S100,当终端接收到用于请求授权使用设备的授权请求时,终端根据所述授权请求判断是否进行授权。S100. When the terminal receives an authorization request for requesting authorization to use the device, the terminal determines, according to the authorization request, whether to perform authorization.
在本发明实施例中,终端可管理设备的使用权限。终端接收到的授权请求可以是由与终端连接的设备进行发送。具体的,设备可以是门禁、汽车和POS(point of sale,销售终端)机等需对设备用户进行验证的设备。当设备用户需使用设备时,设备需对设备用户进行身份验证,判断设备用户是有具有使用权限。其中,当设备对设备用户进行身份验证通过时,设备用户可以撤销对设备用户的操作限制,以使设备用户可正常使用设备。其中,设备对设备用户进行身份验证可以是:设备对设备用户的人体特征信息进行验证。其中,人体特征信息包括人脸信息、虹膜信息和指纹信息中的一种或多种信息。在具体应用中,可例如:设备预置待匹配人体特征信息,其中待匹配人体特征信息可以是虹膜信息,当设备用户需使用设备时,设备可采集设备用户的虹膜信息,并判断采集到的虹膜信息与预置的待匹配虹膜信息是否相匹配,当匹配成功时,则判断设备用户具有设备使用权限,可撤销对设备用户的操作限制,使得设备用户正常使用设备。In the embodiment of the present invention, the terminal can manage the usage rights of the device. The authorization request received by the terminal may be sent by a device connected to the terminal. Specifically, the device may be a device that needs to authenticate the device user, such as an access control, a car, and a POS (point of sale) machine. When a device user needs to use the device, the device needs to authenticate the device user and determine that the device user has the right to use. When the device authenticates the device user, the device user can revoke the operation restriction on the device user, so that the device user can use the device normally. The device authenticating the device user may be: the device verifies the human body feature information of the device user. The human body feature information includes one or more of face information, iris information, and fingerprint information. In a specific application, for example, the device presets the body feature information to be matched, wherein the body feature information to be matched may be iris information. When the device user needs to use the device, the device may collect the iris information of the device user and determine the collected information. Whether the iris information matches the preset iris information to be matched. When the matching is successful, it is determined that the device user has the device usage right, and the operation restriction of the device user can be revoked, so that the device user normally uses the device.
在本发明实施例中,当设备用户对设备用户进行身份验证不通过时,设备判断设备用户不具有使用权限,但可输出提示,提醒设备用户可通过设备向终端用户发送授权请求,向终端用户请求授权使用设备。其中,终端用户拥有设备的最高级别权限,设备存储的待匹配人体特征信息可以是终端用户的人体特征信息,终端用户可通过终端管理分配设备的使用权限。 In the embodiment of the present invention, when the device user fails to pass the identity verification on the device user, the device determines that the device user does not have the use permission, but may output a prompt to remind the device user to send an authorization request to the terminal user through the device to the terminal user. Request authorization to use the device. The terminal user has the highest level of authority of the device, and the body feature information to be matched stored by the device may be the body feature information of the terminal user, and the terminal user may manage the usage rights of the device through the terminal.
在本发明实施例中,当设备用户通过设备向终端用户发送授权请求时,其过程可以是:设备用户可在设备的操作页面上输入申请信息,其中,申请信息可包括设备用户信息以及设备信息,设备用户信息可包括:设备用户的联系信息(即可是第一终端的联系信息)、设备用户的身份信息、设备用户的位置信息和使用时间信息等详细信息,设备信息可包括设备的身份信息,如设备的ID或者名称。从而设备可通过预置的终端的联系信息将携带申请信息的授权请求发送给终端。或者设备用户在设备上输入终端的联系信息,以使设备根据输入的终端的联系信息将携带申请信息的授权请求发送给终端。In the embodiment of the present invention, when the device user sends an authorization request to the terminal user through the device, the process may be: the device user may input the application information on the operation page of the device, where the application information may include the device user information and the device information. The device user information may include: contact information of the device user (ie, contact information of the first terminal), identity information of the device user, location information of the device user, and usage time information, and the device information may include identity information of the device. , such as the ID or name of the device. Therefore, the device can send an authorization request carrying the application information to the terminal through the contact information of the preset terminal. Or the device user inputs the contact information of the terminal on the device, so that the device sends an authorization request carrying the application information to the terminal according to the contact information of the input terminal.
进一步的,在本发明实施例中,终端接收到授权请求还可以是设备用户通过第一终端发送的授权请求。例如:当设备用户获知自己没有设备的使用权限时,但设备用户可获知终端的联系信息,则设备用户可通过第一终端的操作页面输入申请信息以及终端的联系信息,以使第一终端将携带申请信息的授权请求发送给终端。其中,操作页面为第一终端安装的用于申请授权应用中的操作页面。进一步的,当设备用户通过第一终端的操作页面输入终端的联系信息时,可通过调用第一终端存储的联系人信息进行输入终端的联系信息。其中,第一终端可对设备用户输入的信息进行加密后,再发送给终端。Further, in the embodiment of the present invention, the terminal receiving the authorization request may also be an authorization request sent by the device user through the first terminal. For example, when the device user knows that he does not have the usage right of the device, but the device user can know the contact information of the terminal, the device user can input the application information and the contact information of the terminal through the operation page of the first terminal, so that the first terminal will An authorization request carrying the application information is sent to the terminal. The operation page is an operation page installed in the first terminal for applying for authorization of the application. Further, when the device user inputs the contact information of the terminal through the operation page of the first terminal, the contact information of the input terminal may be input by calling the contact information stored by the first terminal. The first terminal may encrypt the information input by the device user and then send the information to the terminal.
在本发明实施例中,当终端接收到携带申请信息的授权请求时,终端可确定是否进行授权。其中,终端确定是否进行授权可以是:终端输出申请信息,以使终端用户根据申请信息确定是否授权设备用户使用设备。例如:终端用户可根据申请信息中的设备用户的身份信息,设备用户的位置信息和使用时间信息等来判断是否授权。当终端用户确定对设备用户进行授权使用时,终端可接收到终端用户操作生成的确定授权指令。In the embodiment of the present invention, when the terminal receives the authorization request carrying the application information, the terminal may determine whether to perform authorization. The determining whether the terminal performs the authorization may be: the terminal outputs the application information, so that the terminal user determines, according to the application information, whether the device user is authorized to use the device. For example, the terminal user can determine whether to authorize according to the identity information of the device user in the application information, the location information of the device user, and the usage time information. When the terminal user determines to authorize use of the device user, the terminal may receive a determination authorization command generated by the terminal user operation.
S101,当终端确定进行授权时,终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息。S101. When the terminal determines to perform authorization, the terminal collects human body feature information of the terminal user, and generates authorization information according to the human body feature information.
在本发明实施例中,当终端确定进行授权且终端还没有与设备建立通信连接时,终端可与设备建立通信连接。其中,终端可根据授权请求所携带的申请信息,获取设备的联系信息,从而终端根据设备的联系信息与设备建立通信连接。其中,当终端与设备建立通信连接后,设备可生成随机数据并向终端返回随机数据,其中,随机数据可包括随机码。 In the embodiment of the present invention, when the terminal determines to perform authorization and the terminal has not established a communication connection with the device, the terminal may establish a communication connection with the device. The terminal can obtain the contact information of the device according to the application information carried in the authorization request, so that the terminal establishes a communication connection with the device according to the contact information of the device. After the terminal establishes a communication connection with the device, the device may generate random data and return random data to the terminal, where the random data may include a random code.
在本发明实施例中,人体特征信息可包括:指纹信息、虹膜信息和人脸信息中的一种或多种。终端可通过指纹采集装置采集指纹信息,或者终端可通过摄像头采集虹膜信息或者终端可通过摄像头采集人脸信息。当终端预置的需采集的人体特征信息是指纹信息时,则终端可提示终端用户输入指纹信息从而采集终端用户的指纹信息;当终端预置的采集的人体特征信息是指纹信息和虹膜信息时,则终端采集终端用户的虹膜信息和指纹信息。其中,终端预置的需采集的人体特征信息与设备预置的待匹配人体特征信息的类型一致。In the embodiment of the present invention, the human body feature information may include one or more of fingerprint information, iris information, and face information. The terminal may collect fingerprint information through the fingerprint collection device, or the terminal may collect iris information through the camera or the terminal may collect facial information through the camera. When the human body feature information to be collected preset by the terminal is the fingerprint information, the terminal may prompt the terminal user to input the fingerprint information to collect the fingerprint information of the terminal user; when the collected human body feature information preset by the terminal is the fingerprint information and the iris information, The terminal collects iris information and fingerprint information of the terminal user. The body feature information to be collected preset by the terminal is consistent with the type of the body feature information to be matched preset by the device.
在本发明实施例中,当终端采集到终端用户的人体特征信息后,终端可获取加密数据。其中,加密数据可以是终端预置的加密数据,或者可以是授权请求携带的申请信息中的设备用户身份信息、设备用户位置信息等数据,或者是终端用户输入的加密数据,或者还可以是设备返回的随机数据。进一步的,当终端获取到加密数据后,终端可将加密数据作为密钥并采用预置的加密规则对获取到的人体特征信息进行加密,生成授权信息。其中,加密规则可以是DES(Data Encryption Standard,数据加密标准)加密算法、RSA加密算法等加密算法,如使用加密数据作为加密密钥并采用RSA加密算法对人体特征信息进行加密获得授权信息。授权信息为加密后的人体特征信息,授权信息可以包括图像信息、光信息、音频信息等。其中,图像信息是对加密后的人体特征信息的图像描述,光信息是对加密后的人体特征信息的光描述,音频信息是对加密后的人体特征信息的音频描述。In the embodiment of the present invention, after the terminal collects the human body feature information of the terminal user, the terminal may acquire the encrypted data. The encrypted data may be the encrypted data preset by the terminal, or may be data such as device user identity information, device user location information, or encrypted data input by the terminal user in the application information carried by the authorization request, or may be a device. Random data returned. Further, after the terminal obtains the encrypted data, the terminal may use the encrypted data as a key and encrypt the acquired human body feature information by using a preset encryption rule to generate authorization information. The encryption rule may be an encryption algorithm such as a DES (Data Encryption Standard) encryption algorithm or an RSA encryption algorithm, such as using the encrypted data as an encryption key and encrypting the human body feature information by using an RSA encryption algorithm to obtain authorization information. The authorization information is encrypted human body characteristic information, and the authorization information may include image information, optical information, audio information, and the like. The image information is an image description of the encrypted human body feature information, the light information is a light description of the encrypted human body feature information, and the audio information is an audio description of the encrypted human body feature information.
S102,终端将所述授权信息进行传输处理。S102. The terminal performs transmission processing on the authorization information.
在本发明实施例中,当终端获取到授权信息后,终端可根据接收到的申请信息中的设备用户信息包括的第一终端的联系信息,将授权信息发送给第一终端,并当加密数据不是随机数据时将加密数据发送给设备。当第一终端接收到授权信息时,第一终端可再次向设备发起使用申请请求。其中,第一终端向设备发起使用申请请求可以是:当第一终端接收到的授权信息是图像信息时,设备用户可将第一终端接收到的图像信息给设备进行扫描,使得设备可扫描第一终端获得的图片信息,从而获得授权信息;当第一终端接收到的授权信息是光信息时,设备用户可通过第一终端的光输出装置将光信息进行输出,以使设备可通过光采集器采集第一终端输出的光信息,从而获得授权信息;当第一终端 接收到的授权信息是音频信息时,设备用户可通过第一终端的喇叭将音频信息进行输出,以使设备可以通过麦克风采集第一终端输出的音频信息,从而获得授权信息。In the embodiment of the present invention, after the terminal obtains the authorization information, the terminal may send the authorization information to the first terminal according to the contact information of the first terminal included in the device user information in the received application information, and encrypt the data. The encrypted data is sent to the device when it is not random data. When the first terminal receives the authorization information, the first terminal may initiate a use request request to the device again. The first terminal may initiate a use request request to the device. When the authorization information received by the first terminal is image information, the device user may scan the image information received by the first terminal to the device, so that the device can scan. The picture information obtained by the terminal obtains the authorization information; when the authorization information received by the first terminal is the optical information, the device user can output the optical information through the light output device of the first terminal, so that the device can collect the light through the light. Collecting optical information output by the first terminal, thereby obtaining authorization information; when the first terminal When the received authorization information is audio information, the device user can output the audio information through the speaker of the first terminal, so that the device can collect the audio information output by the first terminal through the microphone, thereby obtaining the authorization information.
在本发明实施例中,设备可根据接收到的加密数据对获取到的授权信息进行解密,获得人体特征信息,并判断获取到的人体特征信息是否与设备预置的待匹配人体特征信息匹配成功,当匹配成功,设备可撤销对设备用户的操作限制。进一步的,当匹配成功时,设备还可向终端发送是否允许申请指令,当设备接收到终端返回的确认指令时,设备可撤销对设备用户的操作限制。In the embodiment of the present invention, the device may decrypt the acquired authorization information according to the received encrypted data, obtain the human body feature information, and determine whether the acquired human body feature information is successfully matched with the body feature information to be matched preset by the device. When the match is successful, the device can revoke the operation restriction on the device user. Further, when the matching is successful, the device may also send a request to the terminal whether to allow the application instruction. When the device receives the confirmation instruction returned by the terminal, the device may cancel the operation restriction on the device user.
进一步的,在本发明实施例中,当终端获取到授权信息后,终端可将授权信息与加密数据发送给设备,以使设备可根据接收到的加密数据对接收到的授权信息进行解密,获得人体特征信息,并判断获取到的人体特征信息是否与设备预置的待匹配人体特征信息匹配成功,当匹配成功,设备可撤销对设备用户的操作限制。Further, in the embodiment of the present invention, after the terminal obtains the authorization information, the terminal may send the authorization information and the encrypted data to the device, so that the device can decrypt the received authorization information according to the received encrypted data, and obtain The human body characteristic information is used to determine whether the acquired human body characteristic information is successfully matched with the body characteristic information to be matched preset by the device. When the matching is successful, the device may cancel the operation restriction on the device user.
在本发明实施例中,当终端接收到用于请求授权使用设备的授权请求时,根据所述授权请求确定是否进行授权,其中,终端管理所述设备的使用权限,当终端确定进行授权时,终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息,终端将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制,这使得终端可对设备的权限进行共享管理,提高用户便捷度,提高了终端用户的体验。In the embodiment of the present invention, when the terminal receives an authorization request for requesting authorization to use the device, determining whether to perform authorization according to the authorization request, where the terminal manages the usage right of the device, when the terminal determines to perform authorization, The terminal collects the human body feature information of the terminal user, generates authorization information according to the human body feature information, and the terminal transmits the authorization information to enable the device to acquire the human body feature information, and cancel the pair according to the human body feature information. The operation restriction of the device user enables the terminal to share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
请参见图2,为本发明一种权限管理方法的又一种实施例,下面从设备侧阐述一种权限管理方法,本实施例所述的一种权限管理方法可包括:2 is a further embodiment of a rights management method according to the present invention. A rights management method is described below from the device side. The rights management method in this embodiment may include:
S200,设备接收终端发送的加密数据。S200. The device receives the encrypted data sent by the terminal.
在发明实施例中,加密数据可以是终端预置的加密数据,或者可以是终端接收到的授权请求携带的申请信息中的设备用户身份信息、设备用户位置信息等数据,或者是终端用户输入的加密数据,或者还可以是设备生成并发送给终端的随机数据,在此不进行限制。In the embodiment of the present invention, the encrypted data may be encrypted data preset by the terminal, or may be data such as device user identity information, device user location information, or the terminal user input in the application information carried by the authorization request received by the terminal. The data is encrypted, or it may be random data generated by the device and sent to the terminal, and is not limited herein.
进一步的,当加密数据是设备生成并发送给终端的随机数据时,终端可不对设备发送加密数据。 Further, when the encrypted data is random data generated by the device and sent to the terminal, the terminal may not send the encrypted data to the device.
S201,当所述设备获取到授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息。S201. When the device obtains the authorization information, decrypt the authorization information according to the encrypted data, and obtain the decrypted human body feature information.
在本发明实施例中,设备获取到授权信息可以是:设备通过第一终端获取授权信息,其中,终端将授权信息发送给第一终端。具体的,当授权信息是图片信息时,设备可通过扫描第一终端的图片信息获取到图片信息,从而获取到授权信息;当授权信息是光信息时,设备可通过光采集器采集第一终端输出的光信息,从而获得授权信息;当授权信息是音频信息时,设备可通过麦克风采集第一终端输出的音频信息,从而获得授权信息。In the embodiment of the present invention, the device obtains the authorization information, and the device obtains the authorization information by using the first terminal, where the terminal sends the authorization information to the first terminal. Specifically, when the authorization information is the picture information, the device may obtain the authorization information by scanning the picture information of the first terminal, and obtain the authorization information; when the authorization information is the optical information, the device may collect the first terminal by using the optical collector. The output optical information is obtained, thereby obtaining the authorization information; when the authorization information is the audio information, the device can collect the audio information output by the first terminal through the microphone, thereby obtaining the authorization information.
在本发明实施例中,设备获取到授权信息还可以是:设备获取终端发送的授权信息。In the embodiment of the present invention, the device obtains the authorization information, and the device obtains the authorization information sent by the terminal.
在本发明实施例中,设备可将获取到的加密数据作为解密密钥,对授权信息采用预置的解密规则进行解密,获取到人体特征信息,其中,解密规则可以是DES解密算法或RSA解密算法等解密算法。如使用加密数据作为解密密钥并采用RSA解密算法对授权信息进行解密获得人体特征信息。人体特征信息包括:人脸信息、虹膜信息和指纹信息中的一种或多种信息。In the embodiment of the present invention, the device may use the obtained encrypted data as a decryption key, decrypt the authorization information by using a preset decryption rule, and obtain the human body feature information, wherein the decryption rule may be a DES decryption algorithm or an RSA decryption. Decryption algorithm such as algorithm. The human body feature information is obtained by using the encrypted data as a decryption key and decrypting the authorization information by using an RSA decryption algorithm. The human body characteristic information includes one or more kinds of information such as face information, iris information, and fingerprint information.
S202,所述设备获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功。S202. The device acquires preset human body feature information to be matched, and determines whether the human body feature information and the to-be-matched human body feature information are successfully matched.
在本发明实施例中,预置的待匹配人体特征信息可以包括人脸信息、虹膜信息和指纹信息中的一种或多种信息。设备可以人体特征信息与待匹配人体特征信息进行匹配,判断是否一致,若一致,则设备可确定人体特征信息与待匹配人体特征信息匹配成功。In the embodiment of the present invention, the preset human body feature information to be matched may include one or more of face information, iris information, and fingerprint information. The device can match the human body feature information with the body feature information to be matched, and determine whether the device is consistent. If the device is consistent, the device can determine that the human body feature information is successfully matched with the body feature information to be matched.
S203,当所述设备判断匹配成功时,所述设备撤销对所述设备的终端用户的操作限制。S203. When the device determines that the matching is successful, the device revokes an operation restriction on the terminal user of the device.
在本发明实施例中,当设备确定匹配成功,设备可撤销对设备用户的操作限制。进一步的,当匹配成功时,设备还可向终端发送是否允许申请指令,当设备接收到终端返回的确认指令时,设备可撤销对设备用户的操作限制。In the embodiment of the present invention, when the device determines that the matching is successful, the device may revoke the operation restriction on the device user. Further, when the matching is successful, the device may also send a request to the terminal whether to allow the application instruction. When the device receives the confirmation instruction returned by the terminal, the device may cancel the operation restriction on the device user.
在本发明实施例中,设备接收终端发送的加密数据,当所述设备获取到授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息,所述设备获取预置的待匹配人体特征信息,判断所述人体特征信息与 所述待匹配人体特征信息是否匹配成功,当所述设备判断匹配成功时,所述设备撤销对所述设备的终端用户的操作限制,这使得终端可对设备的权限进行共享管理,提高了终端用户的体验。In the embodiment of the present invention, the device receives the encrypted data sent by the terminal, and when the device obtains the authorization information, decrypts the authorization information according to the encrypted data, and obtains the decrypted human body feature information, where the device acquires Presetting the body feature information to be matched, and determining the body feature information and Whether the matching of the human body characteristic information to be matched is successful, and when the device determines that the matching is successful, the device revokes the operation restriction on the terminal user of the device, which enables the terminal to share management of the device rights and improve the terminal. User experience.
请参见图3,为本发明一种终端的一种实施例,本实施例所述的一种终端包括:Referring to FIG. 3, an embodiment of a terminal according to the present invention includes:
判断单元100,用于当接收到用于请求授权使用设备的授权请求时,根据所述授权请求判断是否进行授权;The determining unit 100 is configured to determine, according to the authorization request, whether to authorize when receiving an authorization request for requesting authorization to use the device;
采集处理单元200,用于当判断单元判断进行授权时,采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息;The collection processing unit 200 is configured to collect human body feature information of the terminal user when the determining unit determines that authorization is performed, and generate authorization information according to the human body feature information;
传输单元300,用于将所述授权信息进行传输处理。The transmitting unit 300 is configured to perform the transmission processing on the authorization information.
其中,所述授权请求携带申请信息,其中,所述申请信息包括所述设备用户信息以及所述设备信息。The authorization request carries application information, where the application information includes the device user information and the device information.
其中,所述判断单元100具体用于:The determining unit 100 is specifically configured to:
输出所述申请信息,以使终端用户根据所述申请信息确定是否进行授权。The application information is outputted to enable the end user to determine whether to authorize based on the application information.
其中,所述采集处理单元200具体用于:The collection processing unit 200 is specifically configured to:
获取预置的加密数据;Obtain preset encrypted data;
根据所述加密数据对所述人体特征信息进行加密,获得所述授权信息。And encrypting the human body feature information according to the encrypted data to obtain the authorization information.
其中,所述设备用户信息包括第一终端的联系信息。The device user information includes contact information of the first terminal.
其中,所述传输单元300具体用于:The transmission unit 300 is specifically configured to:
根据所述第一终端的联系信息将所述授权信息发送给第一终端;Sending the authorization information to the first terminal according to the contact information of the first terminal;
将所述加密数据发送给所述设备,以当所述设备获取到所述授权信息时,根据所述加密数据对所述授权信息进行解密,获取所述人体特征信息。Sending the encrypted data to the device, when the device obtains the authorization information, decrypting the authorization information according to the encrypted data, and acquiring the human body feature information.
在本发明实施例中,终端可管理设备的使用权限。判断单元100接收到的授权请求可以是由与终端连接的设备进行发送。具体的,设备可以是门禁、汽车和POS(point of sale,销售终端)机等需对设备用户进行验证的设备。当设备用户需使用设备时,设备需对设备用户进行身份验证,判断设备用户是有具有使用权限。其中,当设备对设备用户进行身份验证通过时,设备用户可以撤销对设备用户的操作限制,以使设备用户可正常使用设备。其中,设备对设备用户进行身份验证可以是:设备对设备用户的人体特征信息进行验证。其中, 人体特征信息包括人脸信息、虹膜信息和指纹信息中的一种或多种信息。在具体应用中,可例如:设备预置待匹配人体特征信息,其中待匹配人体特征信息可以是虹膜信息,当设备用户需使用设备时,设备可采集设备用户的虹膜信息,并判断采集到的虹膜信息与预置的待匹配虹膜信息是否相匹配,当匹配成功时,则判断设备用户具有设备使用权限,可撤销对设备用户的操作限制,使得设备用户正常使用设备。In the embodiment of the present invention, the terminal can manage the usage rights of the device. The authorization request received by the determining unit 100 may be transmitted by a device connected to the terminal. Specifically, the device may be a device that needs to authenticate the device user, such as an access control, a car, and a POS (point of sale) machine. When a device user needs to use the device, the device needs to authenticate the device user and determine that the device user has the right to use. When the device authenticates the device user, the device user can revoke the operation restriction on the device user, so that the device user can use the device normally. The device authenticating the device user may be: the device verifies the human body feature information of the device user. among them, The human body characteristic information includes one or more kinds of information of face information, iris information, and fingerprint information. In a specific application, for example, the device presets the body feature information to be matched, wherein the body feature information to be matched may be iris information. When the device user needs to use the device, the device may collect the iris information of the device user and determine the collected information. Whether the iris information matches the preset iris information to be matched. When the matching is successful, it is determined that the device user has the device usage right, and the operation restriction of the device user can be revoked, so that the device user normally uses the device.
在本发明实施例中,当设备用户对设备用户进行身份验证不通过时,设备判断设备用户不具有使用权限,但可输出提示,提醒设备用户可通过设备向终端用户发送授权请求,向终端用户请求授权使用设备。其中,终端用户拥有设备的最高级别权限,设备存储的待匹配人体特征信息可以是终端用户的人体特征信息,终端用户可通过终端管理分配设备的使用权限。In the embodiment of the present invention, when the device user fails to pass the identity verification on the device user, the device determines that the device user does not have the use permission, but may output a prompt to remind the device user to send an authorization request to the terminal user through the device to the terminal user. Request authorization to use the device. The terminal user has the highest level of authority of the device, and the body feature information to be matched stored by the device may be the body feature information of the terminal user, and the terminal user may manage the usage rights of the device through the terminal.
在本发明实施例中,当设备用户通过设备向判断单元100发送授权请求时,其过程可以是:设备用户可在设备的操作页面上输入申请信息,其中,申请信息可包括设备用户信息以及设备信息,设备用户信息可包括:设备用户的联系信息(即可是第一终端的联系信息)、设备用户的身份信息、设备用户的位置信息和使用时间信息等详细信息,设备信息可包括设备的身份信息,如设备的ID或者名称。从而设备可通过预置的终端的联系信息将携带申请信息的授权请求发送给终端。或者设备用户在设备上输入终端的联系信息,以使设备根据输入的终端的联系信息将携带申请信息的授权请求发送给终端。In the embodiment of the present invention, when the device user sends an authorization request to the determining unit 100 through the device, the process may be: the device user may input the application information on the operation page of the device, where the application information may include the device user information and the device. The device information may include: contact information of the device user (ie, contact information of the first terminal), identity information of the device user, location information of the device user, and usage time information, and the device information may include the identity of the device. Information, such as the ID or name of the device. Therefore, the device can send an authorization request carrying the application information to the terminal through the contact information of the preset terminal. Or the device user inputs the contact information of the terminal on the device, so that the device sends an authorization request carrying the application information to the terminal according to the contact information of the input terminal.
进一步的,在本发明实施例中,终端接收到授权请求还可以是设备用户通过第一终端发送的授权请求。例如:当设备用户获知自己没有设备的使用权限时,但设备用户可获知终端的联系信息,则设备用户可通过第一终端的操作页面输入申请信息以及终端的联系信息,以使第一终端将携带申请信息的授权请求发送给终端。其中,操作页面为第一终端安装的用于申请授权应用中的操作页面。进一步的,当设备用户通过第一终端的操作页面输入终端的联系信息时,可通过调用第一终端存储的联系人信息进行输入终端的联系信息。其中,第一终端可对设备用户输入的信息进行加密后,再发送给终端。Further, in the embodiment of the present invention, the terminal receiving the authorization request may also be an authorization request sent by the device user through the first terminal. For example, when the device user knows that he does not have the usage right of the device, but the device user can know the contact information of the terminal, the device user can input the application information and the contact information of the terminal through the operation page of the first terminal, so that the first terminal will An authorization request carrying the application information is sent to the terminal. The operation page is an operation page installed in the first terminal for applying for authorization of the application. Further, when the device user inputs the contact information of the terminal through the operation page of the first terminal, the contact information of the input terminal may be input by calling the contact information stored by the first terminal. The first terminal may encrypt the information input by the device user and then send the information to the terminal.
在本发明实施例中,当终端接收到携带申请信息的授权请求时,判断单元100可确定是否进行授权。其中,判断单元100确定是否进行授权可以是:判 断单元100输出申请信息,以使终端用户根据申请信息确定是否授权设备用户使用设备。例如:终端用户可根据申请信息中的设备用户的身份信息,设备用户的位置信息和使用时间信息等来判断是否授权。当终端用户确定对设备用户进行授权使用时,判断单元100可接收到终端用户操作生成的确定授权指令。In the embodiment of the present invention, when the terminal receives the authorization request carrying the application information, the determining unit 100 may determine whether to perform authorization. Wherein, the determining unit 100 determines whether the authorization is performed: The breaking unit 100 outputs the application information to enable the terminal user to determine whether to authorize the device user to use the device according to the application information. For example, the terminal user can determine whether to authorize according to the identity information of the device user in the application information, the location information of the device user, and the usage time information. When the terminal user determines to authorize the use of the device user, the determining unit 100 may receive the determination authorization command generated by the terminal user operation.
在本发明实施例中,当判断单元100确定进行授权且终端还没有与设备建立通信连接时,终端可与设备建立通信连接。其中,终端可根据授权请求所携带的申请信息,获取设备的联系信息,从而终端根据设备的联系信息与设备建立通信连接。其中,当终端与设备建立通信连接后,设备可生成随机数据并向终端返回随机数据,其中,随机数据可包括随机码。In the embodiment of the present invention, when the determining unit 100 determines to perform authorization and the terminal has not established a communication connection with the device, the terminal may establish a communication connection with the device. The terminal can obtain the contact information of the device according to the application information carried in the authorization request, so that the terminal establishes a communication connection with the device according to the contact information of the device. After the terminal establishes a communication connection with the device, the device may generate random data and return random data to the terminal, where the random data may include a random code.
在本发明实施例中,人体特征信息可包括:指纹信息、虹膜信息和人脸信息中的一种或多种。采集处理单元200可通过指纹采集装置采集指纹信息,或者采集处理单元200可通过摄像头采集虹膜信息或者采集处理单元200可通过摄像头采集人脸信息。当终端预置的需采集的人体特征信息是指纹信息时,则采集处理单元200可提示终端用户输入指纹信息从而采集终端用户的指纹信息;当终端预置的采集的人体特征信息是指纹信息和虹膜信息时,则采集处理单元200采集终端用户的虹膜信息和指纹信息。其中,终端预置的需采集的人体特征信息与设备预置的待匹配人体特征信息的类型一致。In the embodiment of the present invention, the human body feature information may include one or more of fingerprint information, iris information, and face information. The collection processing unit 200 can collect fingerprint information through the fingerprint collection device, or the collection processing unit 200 can collect iris information through the camera or the collection processing unit 200 can collect facial information through the camera. When the human body feature information to be collected preset by the terminal is the fingerprint information, the collection processing unit 200 may prompt the terminal user to input the fingerprint information to collect the fingerprint information of the terminal user; and the collected human body feature information preset by the terminal is the fingerprint information and When the iris information is obtained, the collection processing unit 200 collects the iris information and the fingerprint information of the terminal user. The body feature information to be collected preset by the terminal is consistent with the type of the body feature information to be matched preset by the device.
在本发明实施例中,当采集处理单元200采集到终端用户的人体特征信息后,采集处理单元200可获取加密数据。其中,加密数据可以是终端预置的加密数据,或者可以是授权请求携带的申请信息中的设备用户身份信息、设备用户位置信息等数据,或者是终端用户输入的加密数据,或者还可以是设备返回的随机数据。进一步的,当采集处理单元200可将加密数据作为密钥并采用预置的加密规则对获取到的人体特征信息进行加密,生成授权信息。其中,加密规则可以是DES(Data Encryption Standard,数据加密标准)加密算法、RSA加密算法等加密算法,如使用加密数据作为加密密钥并采用RSA加密算法对人体特征信息进行加密获得授权信息。其中,授权信息为加密后的人体特征信息,授权信息可以包括图像信息、光信息、音频信息等。其中,图像信息是对加密后的人体特征信息的图像描述,光信息是对加密后的人体特征信息的光描述,音频信息是对加密后的人体特征信息的音频描述。 In the embodiment of the present invention, after the collection processing unit 200 collects the human body feature information of the terminal user, the collection processing unit 200 may acquire the encrypted data. The encrypted data may be the encrypted data preset by the terminal, or may be data such as device user identity information, device user location information, or encrypted data input by the terminal user in the application information carried by the authorization request, or may be a device. Random data returned. Further, when the collection processing unit 200 can use the encrypted data as a key and encrypt the acquired human body feature information by using a preset encryption rule, the authorization information is generated. The encryption rule may be an encryption algorithm such as a DES (Data Encryption Standard) encryption algorithm or an RSA encryption algorithm, such as using the encrypted data as an encryption key and encrypting the human body feature information by using an RSA encryption algorithm to obtain authorization information. The authorization information is the encrypted human body feature information, and the authorization information may include image information, optical information, audio information, and the like. The image information is an image description of the encrypted human body feature information, the light information is a light description of the encrypted human body feature information, and the audio information is an audio description of the encrypted human body feature information.
在本发明实施例中,当采集处理单元200获取到授权信息后,传输单元300可根据接收到的申请信息中的设备用户信息包括的第一终端的联系信息,将授权信息发送给第一终端,并当加密数据不是随机数据时将加密数据发送给设备。当第一终端接收到授权信息时,第一终端可再次向设备发起使用申请请求。其中,第一终端向设备发起使用申请请求可以是:当第一终端接收到的授权信息是图像信息时,设备用户可将第一终端接收到的图像信息给设备进行扫描,使得设备可扫描第一终端获得的图片信息,从而获得授权信息;当第一终端接收到的授权信息是光信息时,设备用户可通过第一终端的光输出装置将光信息进行输出,以使设备可通过光采集器采集第一终端输出的光信息,从而获得授权信息;当第一终端接收到的授权信息是音频信息时,设备用户可通过第一终端的喇叭将音频信息进行输出,以使设备可以通过麦克风采集第一终端输出的音频信息,从而获得授权信息。In the embodiment of the present invention, after the acquisition processing unit 200 acquires the authorization information, the transmission unit 300 may send the authorization information to the first terminal according to the contact information of the first terminal included in the device user information in the received application information. And send the encrypted data to the device when the encrypted data is not random data. When the first terminal receives the authorization information, the first terminal may initiate a use request request to the device again. The first terminal may initiate a use request request to the device. When the authorization information received by the first terminal is image information, the device user may scan the image information received by the first terminal to the device, so that the device can scan. The picture information obtained by the terminal obtains the authorization information; when the authorization information received by the first terminal is the optical information, the device user can output the optical information through the light output device of the first terminal, so that the device can collect the light through the light. Collecting the optical information output by the first terminal to obtain the authorization information; when the authorization information received by the first terminal is the audio information, the device user may output the audio information through the speaker of the first terminal, so that the device can pass the microphone The audio information output by the first terminal is collected to obtain authorization information.
在本发明实施例中,设备可根据接收到的加密数据对获取到的授权信息进行解密,获得人体特征信息,并判断获取到的人体特征信息是否与设备预置的待匹配人体特征信息匹配成功,当匹配成功,设备可撤销对设备用户的操作限制。进一步的,当匹配成功时,设备还可向终端发送是否允许申请指令,当设备接收到终端返回的确认指令时,设备可撤销对设备用户的操作限制。In the embodiment of the present invention, the device may decrypt the acquired authorization information according to the received encrypted data, obtain the human body feature information, and determine whether the acquired human body feature information is successfully matched with the body feature information to be matched preset by the device. When the match is successful, the device can revoke the operation restriction on the device user. Further, when the matching is successful, the device may also send a request to the terminal whether to allow the application instruction. When the device receives the confirmation instruction returned by the terminal, the device may cancel the operation restriction on the device user.
进一步的,在本发明实施例中,当采集处理单元200获取到授权信息后,传输单元300可将授权信息与加密数据发送给设备,以使设备可根据接收到的加密数据对接收到的授权信息进行解密,获得人体特征信息,并判断获取到的人体特征信息是否与设备预置的待匹配人体特征信息匹配成功,当匹配成功,设备可撤销对设备用户的操作限制。Further, in the embodiment of the present invention, after the acquisition processing unit 200 acquires the authorization information, the transmission unit 300 may send the authorization information and the encrypted data to the device, so that the device can authorize the received according to the received encrypted data. The information is decrypted, the human body feature information is obtained, and the acquired human body feature information is successfully matched with the body feature information to be matched preset by the device. When the matching is successful, the device may cancel the operation restriction on the device user.
在本发明实施例中,当终端接收到用于请求授权使用设备的授权请求时,根据所述授权请求确定是否进行授权,其中,终端管理所述设备的使用权限,当终端确定进行授权时,终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息,终端将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制,这使得终端可对设备的权限进行共享管理,提高用户便捷度,提高了终端用户的体验。 In the embodiment of the present invention, when the terminal receives an authorization request for requesting authorization to use the device, determining whether to perform authorization according to the authorization request, where the terminal manages the usage right of the device, when the terminal determines to perform authorization, The terminal collects the human body feature information of the terminal user, generates authorization information according to the human body feature information, and the terminal transmits the authorization information to enable the device to acquire the human body feature information, and cancel the pair according to the human body feature information. The operation restriction of the device user enables the terminal to share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
请参见图4,为本发明一种设备的一种实施例,本实施例所述的一种设备包括:Referring to FIG. 4, an embodiment of a device according to the present invention includes:
接收单元400,用于接收终端发送的加密数据。The receiving unit 400 is configured to receive encrypted data sent by the terminal.
解密单元500,用于当获取到授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息。The decryption unit 500 is configured to decrypt the authorization information according to the encrypted data when acquiring the authorization information, and obtain the decrypted human body feature information.
判断单元600,用于获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功。The determining unit 600 is configured to obtain the preset human body feature information to be matched, and determine whether the human body feature information and the to-be-matched human body feature information are successfully matched.
撤销单元700,用于当判断单元判断匹配成功时,撤销对所述设备用户的操作限制。The revocation unit 700 is configured to revoke the operation restriction on the device user when the judging unit judges that the matching is successful.
在发明实施例中,当加密数据不是随机数据时,接收单元400获取终端发送的加密数据。In the embodiment of the invention, when the encrypted data is not random data, the receiving unit 400 acquires the encrypted data sent by the terminal.
在发明实施例中,加密数据可以是终端预置的加密数据,或者可以是终端接收到的授权请求携带的申请信息中的设备用户身份信息、设备用户位置信息等数据,或者是终端用户输入的加密数据,或者还可以是设备生成并发送给终端的随机数据,在此不进行限制。In the embodiment of the present invention, the encrypted data may be encrypted data preset by the terminal, or may be data such as device user identity information, device user location information, or the terminal user input in the application information carried by the authorization request received by the terminal. The data is encrypted, or it may be random data generated by the device and sent to the terminal, and is not limited herein.
进一步的,当加密数据是设备生成并发送给终端的随机数据时,终端可不对设备发送加密数据。Further, when the encrypted data is random data generated by the device and sent to the terminal, the terminal may not send the encrypted data to the device.
在本发明实施例中,设备获取到授权信息可以是:设备通过第一终端获取授权信息,其中,终端将授权信息发送给第一终端。具体的,当授权信息是图片信息时,设备可通过扫描第一终端的图片信息获取到图片信息,从而获取到授权信息;当授权信息是光信息时,设备可通过光采集器采集第一终端输出的光信息,从而获得授权信息;当授权信息是音频信息时,设备可通过麦克风采集第一终端输出的音频信息,从而获得授权信息。In the embodiment of the present invention, the device obtains the authorization information, and the device obtains the authorization information by using the first terminal, where the terminal sends the authorization information to the first terminal. Specifically, when the authorization information is the picture information, the device may obtain the authorization information by scanning the picture information of the first terminal, and obtain the authorization information; when the authorization information is the optical information, the device may collect the first terminal by using the optical collector. The output optical information is obtained, thereby obtaining the authorization information; when the authorization information is the audio information, the device can collect the audio information output by the first terminal through the microphone, thereby obtaining the authorization information.
在本发明实施例中,设备获取到授权信息还可以是:设备获取终端发送的授权信息。In the embodiment of the present invention, the device obtains the authorization information, and the device obtains the authorization information sent by the terminal.
在本发明实施例中,解密单元500可将获取到的加密数据作为解密密钥,对授权信息采用预置的解密规则进行解密,获取到人体特征信息,其中,解密规则可以是DES解密算法或RSA解密算法等解密算法。如使用加密数据作为解密密钥并采用RSA解密算法对授权信息进行解密获得人体特征信息。其中, 人体特征信息包括:人脸信息、虹膜信息和指纹信息中的一种或多种信息。In the embodiment of the present invention, the decryption unit 500 may use the acquired encrypted data as a decryption key, decrypt the authorization information by using a preset decryption rule, and obtain the human body feature information, where the decryption rule may be a DES decryption algorithm or A decryption algorithm such as an RSA decryption algorithm. The human body feature information is obtained by using the encrypted data as a decryption key and decrypting the authorization information by using an RSA decryption algorithm. among them, The human body characteristic information includes one or more kinds of information such as face information, iris information, and fingerprint information.
在本发明实施例中,预置的待匹配人体特征信息可以包括人脸信息、虹膜信息和指纹信息中的一种或多种信息。判断单元600可以人体特征信息与待匹配人体特征信息进行匹配,判断是否一致,若一致,则判断单元600可确定人体特征信息与待匹配人体特征信息匹配成功。In the embodiment of the present invention, the preset human body feature information to be matched may include one or more of face information, iris information, and fingerprint information. The determining unit 600 can match the human body feature information with the body feature information to be matched to determine whether the human body feature information is consistent. If the information is consistent, the determining unit 600 can determine that the human body feature information is successfully matched with the human body feature information to be matched.
在本发明实施例中,当判断单元600确定匹配成功,撤销单元700可撤销对设备用户的操作限制。进一步的,当匹配成功时,设备还可向终端发送是否允许申请指令,当设备接收到终端返回的确认指令时,设备可撤销对设备用户的操作限制。In the embodiment of the present invention, when the determining unit 600 determines that the matching is successful, the revoking unit 700 may cancel the operation restriction on the device user. Further, when the matching is successful, the device may also send a request to the terminal whether to allow the application instruction. When the device receives the confirmation instruction returned by the terminal, the device may cancel the operation restriction on the device user.
在本发明实施例中,设备接收终端发送的加密数据,当所述设备获取到授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息,所述设备获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功,当所述设备判断匹配成功时,所述设备撤销对所述设备的终端用户的操作限制,这使得终端可对设备的权限进行共享管理,提高了终端用户的体验。In the embodiment of the present invention, the device receives the encrypted data sent by the terminal, and when the device obtains the authorization information, decrypts the authorization information according to the encrypted data, and obtains the decrypted human body feature information, where the device acquires Presetting the human body feature information to be matched, determining whether the human body feature information and the to-be-matched human body feature information are successfully matched. When the device determines that the matching is successful, the device cancels the operation restriction on the terminal user of the device. This enables the terminal to share management of the device's permissions and improve the end user's experience.
请参照图5,是本发明一种权限管理系统的一种实施例结构示意图。本实施例所述的一种权限管理系统包括:Please refer to FIG. 5, which is a schematic structural diagram of an embodiment of a rights management system according to the present invention. A rights management system according to this embodiment includes:
移动终端1、终端2和设备3。Mobile terminal 1, terminal 2 and device 3.
其中,移动终端1可如上实施例所述的第一终端,终端2可如上实施例所述的终端,设备3可如上实施例所述的设备,在此不再进行赘述。The mobile terminal 1 may be the first terminal as described in the foregoing embodiment, the terminal 2 may be the terminal as described in the foregoing embodiment, and the device 3 may be the device described in the foregoing embodiment, and details are not described herein.
在本发明实施例中,当终端接收到用于请求授权使用设备的授权请求时,根据所述授权请求确定是否进行授权,其中,终端管理所述设备的使用权限,当终端确定进行授权时,终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息,终端将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制,这使得终端可对设备的权限进行共享管理,提高用户便捷度,提高了终端用户的体验。In the embodiment of the present invention, when the terminal receives an authorization request for requesting authorization to use the device, determining whether to perform authorization according to the authorization request, where the terminal manages the usage right of the device, when the terminal determines to perform authorization, The terminal collects the human body feature information of the terminal user, generates authorization information according to the human body feature information, and the terminal transmits the authorization information to enable the device to acquire the human body feature information, and cancel the pair according to the human body feature information. The operation restriction of the device user enables the terminal to share and manage the rights of the device, improve user convenience, and improve the experience of the terminal user.
本领域普通技术人员可以。理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一 计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。One of ordinary skill in the art can. It is understood that all or part of the processes in the above embodiments may be implemented by a computer program to instruct related hardware, and the program may be stored in a The computer readable storage medium, which when executed, may include the flow of an embodiment of the methods as described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
以上所揭露的仅为本发明较佳实施例而已,当然不能以此来限定本发明之权利范围,因此依本发明权利要求所作的等同变化,仍属本发明所涵盖的范围。 The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto, and thus equivalent changes made in the claims of the present invention are still within the scope of the present invention.

Claims (11)

  1. 一种权限管理方法,其特征在于,所述方法包括:A method for managing rights, characterized in that the method comprises:
    当终端接收到用于请求授权使用设备的授权请求时,所述终端根据所述授权请求判断是否进行授权;When the terminal receives an authorization request for requesting authorization to use the device, the terminal determines whether to authorize according to the authorization request;
    当所述终端确定进行授权时,所述终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息;When the terminal determines to perform authorization, the terminal collects human body feature information of the terminal user, and generates authorization information according to the human body feature information;
    所述终端将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制。The terminal performs transmission processing on the authorization information, so that the device acquires the human body feature information, and revokes the operation restriction on the device user according to the human body feature information.
  2. 如权利要求1所述的方法,其特征在于,所述授权请求携带申请信息,其中,所述申请信息包括所述设备用户信息以及所述设备信息;The method according to claim 1, wherein the authorization request carries application information, wherein the application information includes the device user information and the device information;
    所述终端根据所述授权请求判断是否进行授权包括:Determining, according to the authorization request, whether the authorization is performed by the terminal includes:
    所述终端输出所述申请信息,以使终端用户根据所述申请信息确定是否进行授权。The terminal outputs the application information, so that the terminal user determines whether to perform authorization according to the application information.
  3. 如权利要求1所述的方法,其特征在于,所述当终端确定进行授权时,所述终端采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息包括:The method according to claim 1, wherein when the terminal determines that the authorization is performed, the terminal collects the human body feature information of the terminal user, and generates the authorization information according to the human body feature information, including:
    所述终端获取预置的加密数据;The terminal acquires preset encrypted data;
    所述终端根据所述加密数据对所述人体特征信息进行加密,获得所述授权信息。The terminal encrypts the human body feature information according to the encrypted data to obtain the authorization information.
  4. 如权利要求3所述的方法,其特征在于,所述设备用户信息包括第一终端的联系信息;The method of claim 3, wherein the device user information comprises contact information of the first terminal;
    所述终端将所述授权信息进行传输处理包括:The terminal performs the transmission processing of the authorization information, including:
    所述终端根据所述第一终端的联系信息将所述授权信息发送给第一终端;Sending, by the terminal, the authorization information to the first terminal according to the contact information of the first terminal;
    所述终端将所述加密数据发送给所述设备,以当所述设备获取到所述授权信息时,根据所述加密数据对所述授权信息进行解密,获取所述人体特征信息。 The terminal sends the encrypted data to the device, so that when the device obtains the authorization information, the authorization information is decrypted according to the encrypted data, and the human body feature information is acquired.
  5. 一种权限管理方法,其特征在于,所述方法包括:A method for managing rights, characterized in that the method comprises:
    设备接收终端发送的加密数据;The device receives the encrypted data sent by the terminal;
    当所述设备获取到授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息;And when the device obtains the authorization information, decrypting the authorization information according to the encrypted data, and acquiring the decrypted human body feature information;
    所述设备获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功;Obtaining, by the device, the preset human body feature information to be matched, and determining whether the human body feature information and the to-be-matched human body feature information are successfully matched;
    当所述设备判断匹配成功时,所述设备撤销对所述设备用户的操作限制。When the device determines that the matching is successful, the device revokes the operation restriction on the device user.
  6. 一种终端,其特征在于,所述终端包括:A terminal, wherein the terminal comprises:
    判断单元,用于当接收到用于请求授权使用设备的授权请求时,根据所述授权请求判断是否进行授权;a determining unit, configured to determine, according to the authorization request, whether to authorize when receiving an authorization request for requesting authorization to use the device;
    采集处理单元,用于当判断单元判断进行授权时,采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息;An acquisition processing unit, configured to collect human body feature information of the terminal user when the determining unit determines to perform authorization, and generate authorization information according to the human body feature information;
    传输单元,用于将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制。And a transmission unit, configured to perform the transmission processing on the authorization information, so that the device acquires the human body feature information, and revoke an operation restriction on the device user according to the human body feature information.
  7. 如权利要求6所述的终端,其特征在于,所述授权请求携带申请信息,其中,所述申请信息包括所述设备用户信息以及所述设备信息;The terminal according to claim 6, wherein the authorization request carries application information, wherein the application information includes the device user information and the device information;
    所述判断单元具体用于:The determining unit is specifically configured to:
    输出所述申请信息,以使终端用户根据所述申请信息确定是否进行授权。The application information is outputted to enable the end user to determine whether to authorize based on the application information.
  8. 如权利要求6所述的终端,其特征在于,所述采集处理单元包括:The terminal according to claim 6, wherein the collection processing unit comprises:
    获取子单元,用于获取预置的加密数据;Obtaining a subunit for acquiring preset encrypted data;
    加密子单元,用于根据所述加密数据对所述人体特征信息进行加密,获得所述授权信息。And an encryption subunit, configured to encrypt the human body feature information according to the encrypted data to obtain the authorization information.
  9. 如权利要求8所述的终端,其特征在于,所述设备用户信息包括第一终端的联系信息; The terminal according to claim 8, wherein the device user information comprises contact information of the first terminal;
    所述传输单元包括:The transmission unit includes:
    第一发送子单元,用于根据所述第一终端的联系信息将所述授权信息发送给第一终端;a first sending subunit, configured to send the authorization information to the first terminal according to the contact information of the first terminal;
    第二发送子单元,用于将所述加密数据发送给所述设备,以当所述设备获取到所述授权信息时,根据所述加密数据对所述授权信息进行解密,获取所述人体特征信息。a second sending subunit, configured to send the encrypted data to the device, to decrypt the authorization information according to the encrypted data, to acquire the human body feature when the device obtains the authorization information information.
  10. 一种设备,其特征在于,所述设备包括:A device, characterized in that the device comprises:
    接收单元,用于接收终端发送的加密数据;a receiving unit, configured to receive encrypted data sent by the terminal;
    解密单元,用于当获取到授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息;a decryption unit, configured to decrypt the authorization information according to the encrypted data, and obtain the decrypted human body feature information when the authorization information is acquired;
    判断单元,用于获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功;a judging unit, configured to obtain a preset body feature information to be matched, and determine whether the human body feature information and the to-be-matched human body feature information are successfully matched;
    撤销单元,用于当判断单元判断匹配成功时,撤销对所述设备用户的操作限制。The revocation unit is configured to revoke the operation restriction on the device user when the judging unit judges that the matching is successful.
  11. 一种权限管理系统,包括移动终端、终端和设备,其中:A rights management system includes a mobile terminal, a terminal, and a device, wherein:
    所述终端,用于当接收到用于请求授权使用设备的授权请求时,根据所述授权请求判断是否进行授权,当确定进行授权时,采集终端用户的人体特征信息,根据所述人体特征信息生成授权信息,将所述授权信息进行传输处理,以使所述设备获取所述人体特征信息,并根据所述人体特征信息撤销对所述设备用户的操作限制;The terminal is configured to determine, according to the authorization request, whether to perform authorization when receiving an authorization request for requesting authorization to use the device, and collect the human body feature information of the terminal user according to the human body characteristic information when determining to perform authorization Generating the authorization information, and performing the transmission processing on the authorization information, so that the device acquires the human body feature information, and cancels the operation restriction on the device user according to the human body feature information;
    所述设备,用于接收所述终端发送的加密数据,当获取到所述授权信息时,根据所述加密数据对所述授权信息进行解密,获取解密后的人体特征信息,获取预置的待匹配人体特征信息,判断所述人体特征信息与所述待匹配人体特征信息是否匹配成功,当判断匹配成功时,撤销对所述设备用户的操作限制。 The device is configured to receive the encrypted data sent by the terminal, and when the authorization information is obtained, decrypt the authorization information according to the encrypted data, obtain the decrypted human body feature information, and obtain a preset Matching the human body feature information, determining whether the human body feature information and the to-be-matched human body feature information are successfully matched, and when determining that the matching is successful, canceling the operation restriction on the device user.
PCT/CN2015/085874 2015-06-30 2015-07-31 Permission management method, terminal, device and system WO2017000356A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510385828.8 2015-06-30
CN201510385828.8A CN105550553B (en) 2015-06-30 2015-06-30 A kind of right management method, terminal, equipment and system

Publications (1)

Publication Number Publication Date
WO2017000356A1 true WO2017000356A1 (en) 2017-01-05

Family

ID=55829740

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/085874 WO2017000356A1 (en) 2015-06-30 2015-07-31 Permission management method, terminal, device and system

Country Status (2)

Country Link
CN (1) CN105550553B (en)
WO (1) WO2017000356A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107886247A (en) * 2017-11-14 2018-04-06 中国铁路总公司 A kind of railway electronics fortune 46 systems of system of identity-based certification

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107086985A (en) * 2017-03-17 2017-08-22 崔俊新 Fingerprint authority checking method and system
CN107070916A (en) * 2017-04-11 2017-08-18 崔俊新 Account binding method and system and storage medium
CN108806025A (en) * 2017-05-03 2018-11-13 腾讯科技(深圳)有限公司 Realize the entrance guard authorization method and device of visitor's temporary visit
CN109146098A (en) * 2017-06-14 2019-01-04 阿里巴巴集团控股有限公司 A kind of shared setting of office space, shared application method and device
CN115982684B (en) * 2022-12-01 2023-10-13 深圳市智百威科技发展有限公司 Quick POS cashing settlement system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2273719A2 (en) * 2003-01-28 2011-01-12 Cellport Systems, Inc. A method and an apparatus for securely controlling access and use related to a target service involving a vehicle having a security controller
CN103020505A (en) * 2012-12-03 2013-04-03 鹤山世达光电科技有限公司 Information management system and information management method based on fingerprint identification
WO2013182093A1 (en) * 2012-11-01 2013-12-12 中兴通讯股份有限公司 Authorizing method, target device, terminal and authorizing system
CN103532933A (en) * 2013-09-28 2014-01-22 刘琦 Method of realizing client operation authorization through fingerprint confirmation, and intelligent terminal
CN104184652A (en) * 2013-05-28 2014-12-03 北大方正集团有限公司 Method and system for information interaction between terminals

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100703805B1 (en) * 2006-02-15 2007-04-09 삼성전자주식회사 Method and apparatus using drm contents with roaming in device of external domain
CN101127625B (en) * 2006-08-18 2013-11-06 华为技术有限公司 A system and method for authorizing access request
CN102752359B (en) * 2012-02-17 2015-05-13 浙江吉利汽车研究院有限公司 Long-distance service assisted type method and system for automobile fingerprint identification authentication
CN102582574B (en) * 2012-02-23 2015-05-27 浙江吉利汽车研究院有限公司 Car start device by virtue of long-distance authorization and car start method
CN102582577B (en) * 2012-03-29 2013-06-19 程春宝 Method for realizing fingerprint security anti-theft control for automobile
CN104786991B (en) * 2015-04-21 2017-06-06 北京汽车股份有限公司 Automobile control method and system based on fingerprint recognition
CN105187442A (en) * 2015-09-28 2015-12-23 宇龙计算机通信科技(深圳)有限公司 Vehicle authorization method, device, vehicle-mounted terminal, terminal and system
CN105405185B (en) * 2015-10-23 2018-10-26 东莞酷派软件技术有限公司 Safe verification method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2273719A2 (en) * 2003-01-28 2011-01-12 Cellport Systems, Inc. A method and an apparatus for securely controlling access and use related to a target service involving a vehicle having a security controller
WO2013182093A1 (en) * 2012-11-01 2013-12-12 中兴通讯股份有限公司 Authorizing method, target device, terminal and authorizing system
CN103020505A (en) * 2012-12-03 2013-04-03 鹤山世达光电科技有限公司 Information management system and information management method based on fingerprint identification
CN104184652A (en) * 2013-05-28 2014-12-03 北大方正集团有限公司 Method and system for information interaction between terminals
CN103532933A (en) * 2013-09-28 2014-01-22 刘琦 Method of realizing client operation authorization through fingerprint confirmation, and intelligent terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107886247A (en) * 2017-11-14 2018-04-06 中国铁路总公司 A kind of railway electronics fortune 46 systems of system of identity-based certification
CN107886247B (en) * 2017-11-14 2024-04-02 中国铁路总公司 Railway electronic operation system 46 system based on identity authentication

Also Published As

Publication number Publication date
CN105550553B (en) 2019-11-12
CN105550553A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
US11764954B2 (en) Secure circuit for encryption key generation
KR102328725B1 (en) Method of using one device to unlock another device
CN107113315B (en) Identity authentication method, terminal and server
CN109410406B (en) Authorization method, device and system
WO2017000356A1 (en) Permission management method, terminal, device and system
WO2017219860A1 (en) Offline payment method and device
WO2018090183A1 (en) Identity authentication method, terminal device, authentication server and electronic device
US8321672B2 (en) Authentication system, information processing apparatus and method, program, and recording medium
US7899187B2 (en) Domain-based digital-rights management system with easy and secure device enrollment
WO2017071496A1 (en) Method and device for realizing session identifier synchronization
KR101043306B1 (en) Information processor, information management method, and computer readable medium storing information management program
US9280650B2 (en) Authenticate a fingerprint image
JP2004304751A5 (en)
JP4740885B2 (en) Method and apparatus for roaming and using DRM content on a device in a remote domain
CN107733636B (en) Authentication method and authentication system
JP2014508456A5 (en)
JP2004048660A5 (en)
KR20180129475A (en) Method, user terminal and authentication service server for authentication
CN112565281B (en) Information processing method, server and system of service key
CN113114668A (en) Information transmission method, mobile terminal, storage medium and electronic equipment
WO2022121940A1 (en) Information processing method for service key, and serving end and system
KR100892941B1 (en) Method for security-service processing based on mobile device
KR101433538B1 (en) Method and system for data sharing using near field communication and sound signal
US20220052838A1 (en) Reinitialization of an application secret by way of the terminal
WO2013144335A1 (en) Method, device and system for accessing a service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15896886

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16/05/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 15896886

Country of ref document: EP

Kind code of ref document: A1