Embodiment
In order to make technical matters to be solved by this invention, technical scheme and beneficial effect clearer, clear,, the present invention is further elaborated below in conjunction with accompanying drawing and embodiment.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
The present invention is in order to improve the authority-identifying speed of access controller, and the method and the device that provide a kind of gate inhibition of realization to control below in conjunction with Figure of description, are elaborated to the present invention.
The process that Figure 1B controls for a kind of gate inhibition of realization provided by the invention, this process comprises following step:
S101: access controller is according to the user totem information that receives, in the corresponding relation of the user totem information of preserving and rule number, searches the corresponding rule of carrying out authentication of this user totem information number.
Wherein in the present invention, this user totem information with the rule number corresponding relation can be kept in the user policy table.
Comprise in this concrete user policy table: user totem information, rule number and user totem information with regular number between corresponding relation.
User totem information is that the read head through access control system obtains; Difference according to recognition technology; This user totem information can obtain user totem information through fingerprint identification technology, iris recognition technology and the recognition technology of swiping the card, so can be user's information such as fingerprint, iris or user tag.
S102: according to the corresponding rule of this user totem information that finds number, and the corresponding relation of the rule of preserving number and authentication rules information, search and said rule number corresponding authentication rules information.
In the present invention; The corresponding relation of this rule number and authentication rules information can be kept in the rale store table; This rale store table can be an arbitrary format, in this rale store table, comprises: the rule number, authentication rules information and the rule number and authentication rules information between corresponding relation.
S103: the authentication rules information according to finding is carried out authentication to the user, and determines whether this user is carried out opening door operation.
Since in the present invention preserve user totem information and the rule number corresponding relation; And preserve the rule number and the corresponding relation of authentication rules information, and when having obtained user totem information, can be according to above-mentioned two corresponding relations of preservation; Confirm the corresponding authentication Rule Information; And adopt this authentication rules information that the user is carried out authentication, carry out control corresponding, thereby reduce the time of from user rights database, searching the respective user authority; Shortened the authentication time, effectively guaranteed user experience each user.
In the present invention since preserve user totem information and the rule number corresponding relation; And preserve the rule number and the corresponding relation of authentication rules information; Therefore according to user totem information, when carrying out the searching of rule number, corresponding with user totem information when carrying out the rule of authentication when not finding; Then determine that the user is the disabled user, this user is not carried out opening door operation.In addition, when finding corresponding rule number, but when not finding, then also determine that the user is the disabled user, this user is not carried out opening door operation with number corresponding authentication rules information of this rule.
Wherein, Access controller in the database of its flash, preserve comprise user totem information with the rule number corresponding relation; And the user policy table of rule number and the corresponding relation of authentication rules information, reach the rale store table, for server is issued in the access controller.And through access controller can realize to the corresponding information in user policy table and the rale store table add, operation such as renewal and deletion.
During operations such as user policy table or the corresponding information of in server need be to access controller, preserving in the rale store table adds, renewal or deletion, issue the information of command adapted thereto to this access controller.When access controller receive that server issues comprise the information of command adapted thereto the time, this information is resolved, get access to corresponding instruction after, according to this instruction the corresponding information in user policy table or the rale store table is operated.
For example when this instruction is instructed for adding; Then in the database of self flash, add the corresponding relation of this user totem information and rule number; Or the rule number and the corresponding relation of authentication rules information, when this instruction during for update instruction, the corresponding relation of the user totem information of then preserving in the database to flash and regular number; Or rule number is upgraded with the corresponding relation of authentication rules information; When this instruction when the delete instruction, the corresponding relation of user totem information of then preserving in the database with flash and rule number, or rule number is deleted with the corresponding relation of authentication rules information.
For a step is improved the efficient that access controller carries out authentication, shorten the time that access controller carries out authentication, in the internal memory of this access controller, open up a storage space in the present invention as buffer zone, be used to deposit the authentication rules information of some.
When storing authentication rules information in the buffer zone, the authentication rules information of searching said rule correspondence in the present invention comprises:
Judge the authentication rules information of whether preserving said rule correspondence in the buffer zone;
When in confirming buffer zone, preserving the authentication rules information of said rule correspondence, in said buffer zone, search this authentication rules information;
Otherwise, in flash, search the authentication rules information of this rule correspondence.
Wherein, the authentication rules information of preserving in this buffer zone in the present invention can default in this buffer zone, and the authentication rules information of for example selecting arbitrarily to set quantity is saved in this buffer zone.
The process that Fig. 2 controls for a kind of gate inhibition of realization provided by the invention, this process comprises following step:
S201: access controller receives the user totem information that read head sends.
S202: access controller is according to the user totem information that receives; Reach the user totem information of preservation and regular number corresponding relation; Judge whether to preserve the rule of carrying out authentication corresponding number with this user totem information, when result of determination when being, carry out step S203; Otherwise, this user is not carried out opening door operation.
S203: search the corresponding rule of this user totem information number.
S204: according to the rule of preserving number corresponding relation, judge and whether preserve in the buffer zone and this rule number corresponding authentication rules information with authentication rules information, when result of determination when being, carry out step S205, otherwise, carry out step S206.
S205: search this authentication rules information, the user is carried out authentication, and determine whether this user is carried out opening door operation according to this authentication rules information.
S206: in flash, search and said rule number corresponding authentication rules information, according to the authentication that finds the user is carried out authentication, and determine whether this user is carried out opening door operation.
Perhaps, in order further to improve the efficient that access controller carries out authentication, the authentication rules information of in this buffer zone, preserving can be authentication rules information commonly used, and the authentication rules information of up-to-date use.But the quantity of the authentication rules information that can preserve in this buffer zone is limited; Therefore; For the authentication rules information that guarantees to preserve in this buffer zone is authentication rules information commonly used, and the authentication rules information of up-to-date use, be provided with the counter corresponding among the present invention in the buffer zone of internal memory with each authentication rules information; Number of times according to each authentication rules information is used upgrades the authentication rules information of preserving in this buffer zone.
Specifically in the present invention; When confirming to preserve the authentication rules information of said rule correspondence in the buffer zone; In said buffer zone, search this authentication rules information, according to the number of times that the information of authentication rules described in the buffer zone is used, the counter that this authentication rules information is corresponding adds one.
When the authentication rules information of preserving in to this buffer zone is upgraded, in flash, search the authentication rules information of this rule correspondence after, said method also comprises:
Whether the quantity of judging the authentication rules information of preserving in the said buffer zone reaches setting threshold;
When not reaching setting threshold, the authentication rules information of this rule correspondence that finds among this flash is added in the said buffer zone,
Otherwise; Number of times according to the corresponding counter of each authentication rules information in the buffer zone; Be employed in the authentication rules information of this rule correspondence that finds among this flash, the authentication rules information of the least number of times of replacement counter, and the counter O reset corresponding to this authentication rules information.
Wherein, this preset threshold can be set as required flexibly, the size that the storage space of buffer zone in the needs consideration internal memory is set of this concrete preset threshold.
Fig. 3 is the detailed process that a kind of gate inhibition of realization of example controls for provided by the invention opening the door with user card punching, and this process may further comprise the steps:
S301: read head obtains user totem information during user card punching, and this user totem information is sent to access controller.
S302: access controller is according to the user totem information that receives; And the corresponding relation of the user totem information of preserving and rule number, whether preserve the rule of carrying out authentication corresponding number in the judges rule list with this user totem information, when result of determination when being; Carry out step S303; Otherwise, this user not being carried out opening door operation, access controller sends to read head with failure result.
S303: in the user policy table, search the rule corresponding number with this user totem information.
S304: according to the corresponding rule of this user totem information number, and the corresponding relation of rule of preserving number and authentication rules information, judge whether buffer memory has and this rule number corresponding authentication rules information in the buffer zone; When result of determination when being; Carry out step S305, otherwise, carry out step S306.
S305: search this authentication rules information, the counter that this authentication rules information is corresponding adds one, according to this authentication rules information the user is carried out authentication, and determines whether this user is carried out opening door operation.
S306: in flash, search and said rule number corresponding authentication rules information, according to the authentication that finds the user is carried out authentication, and determine whether this user is carried out opening door operation.
S307: whether the quantity of judging the authentication rules information of preserving in the buffer zone reaches setting threshold, when result of determination when being, carry out step S308, otherwise, carry out step S309.
S308: according to the number of times of the corresponding counter of each authentication rules information in the buffer zone; Be employed in the authentication rules information of this rule correspondence that finds among this flash; The authentication rules information of the least number of times of replacement counter, and the counter O reset corresponding to this authentication rules information.
S309: the authentication rules information of this rule correspondence that finds among this flash is added in the said buffer zone.
Concrete, preserve the corresponding relation of user totem information and rule number in the present invention in this user policy table, this user policy table can adopt following form:
User totem information |
Regular number |
8 bytes |
1 byte |
In this user policy table, this user totem information can be user identity ID, takies the length of 8 bytes, and rule number takies the length of 1 byte, and wherein the length of user totem information is according to different recognition technologies, and length is different.
And preserve the rule number and the corresponding relation of authentication rules information in the rale store table; And in the present invention; For the convenience of authentication, this authentication rules information can be subdivided into the authentication rules information of festivals or holidays again, and weekend authentication rules information; And according to the corresponding preservation of condition of different several festivals or holidays of authentication rules; And weekend authentication rules information, for example May Day, 11, New Year's Day etc. corresponding different respectively authentication rules information festivals or holidays, the authentication rules information etc. at weekend that the weekend in different seasons is corresponding different.
Simultaneously; Because existing server is not distinguished each access controller when sending the rale store table to access controller, so the rale store table that receives of each access controller; Possibly be the rale store table of other access controllers uses; Therefore can in this rale store table, also include the equipment group to count information so that each access controller can confirm that which rale store table is rale store table for oneself using, and equipment group id information; The all corresponding corresponding apparatus group of each access controller, the read head of access controller and its control constitutes an equipment group.After access controller receives the rale store table,, judge that which rale store table is self operable rale store table according to the equipment group ID that preserves in this rale store table.In addition; Along with the development of technology, when server can be distinguished each access controller, perhaps; So the content of the corresponding rale store table of access controller when all identical; This server can not distinguished access controller, in this rale store table, can not comprise equipment group id information, and server issues identical rale store table to each access controller.
Following table is a kind of structural representation of this rale store table:
The length that should rule in this rale store table table number takies 1 byte; Equipment group number takies the length of a byte; Each equipment group takies the length of 2 bytes among the equipment group ID, and week, regular number took the length of 1 byte, and the byte number that all rules take is according to the number of week rule; And the byte number that each all rule takies is confirmed; Festivals or holidays, the rule number took the length of 1 byte, and the byte number that festivals or holidays, rule took is according to the number of rule festivals or holidays, and the byte number that each festivals or holidays, rule took is confirmed.
When the user need pass through access control system, read head obtained this user's user totem information, and this user totem information is sent to access controller.After access controller receives the user totem information that read head sends,, determine whether to exist the corresponding rule of this user totem information number according to the corresponding relation of the user totem information of preserving in self user policy table and rule number.
In confirming the user policy table of self preserving, when not preserving the rule corresponding, this user is not operated with this user totem information, promptly this user is not carried out opening door operation.
In confirming the user policy table of self preserving, when preserving the corresponding rule of this user totem information, obtain this rule number.And the rale store table that issues according to the server that receives, judge among the equipment group ID with self place whether have the week rule number corresponding, festivals or holidays are regular or other authentication rules information with this rule.
When confirming to exist, judge whether this authentication rules information is kept in the buffer area, when this authentication rules information is kept in the buffer area; According to this authentication rules information of preserving in the buffer area, this user is carried out authentication, and the corresponding counter of this authentication rules information is added one; When authentication was passed through, then access controller notice door lock or button carried out opening door operation, otherwise; This user is not handled, promptly this user is not carried out opening door operation.
When this authentication rules information is not kept in the buffer area; According to this authentication rules information of preserving among the flash, this user is carried out authentication, when authentication is passed through; Then access controller notice door lock or button carry out opening door operation; Otherwise, this user is not handled, promptly this user is not carried out opening door operation.And; When the quantity of the authentication rules of preserving in this buffer zone does not reach setting threshold; This authentication rules information of preserving among this flash is added in the buffer area; The quantity of the authentication rules of in this buffer zone, preserving reaches setting threshold, adopts the minimum authentication rules information of counter in this this buffer zone of authentication rules information replacement, promptly replaces the minimum authentication rules information of access times; And the counter O reset corresponding to this authentication rules information, so that restart the number of times that this authentication rules information is used is counted.
Simultaneously, for the ease of server the user is managed in embodiments of the present invention, after this access controller carries out authentication to each user totem information, can be with authenticating result, and corresponding user totem information sends to server.
User totem information through receiving is in the present invention searched corresponding rule number in the user policy table, according to the rule that finds number; In the rale store table, search corresponding authentication rules information, and carry out authentication, reduced the authentication time effectively according to finding authentication rules information; The Rule Information that buffer memory is used always in the buffer zone of internal memory simultaneously; Further shortened the time of searching authentication rules information, therefore improved authentication efficient, thereby guaranteed user experience.
The apparatus structure synoptic diagram that Fig. 4 controls for a kind of gate inhibition of realization provided by the invention, said device comprises:
First searches module 41, is used for according to the user totem information that receives, in the corresponding relation of the user totem information of preserving and rule number, searches the corresponding rule of carrying out authentication of this user totem information number;
Second searches module 42, is used for according to the corresponding rule of this user totem information that finds number, and the corresponding relation of rule of preserving number and authentication rules information, searches the authentication rules information of said rule correspondence;
Control module 43 is used for according to the authentication rules information that finds the user being carried out authentication, and determines whether this user is carried out opening door operation.
Said control module 43 also is used for not finding when the corresponding relation in the user totem information of preserving and rule number, and is corresponding with this user totem information when this user is carried out the rule of authentication, and this user is not carried out opening door operation.
Said second searches module 42, is used for specifically judging whether buffer zone preserves the authentication rules information of said rule correspondence; When in confirming buffer zone, preserving the authentication rules information of said rule correspondence, in said buffer zone, search this authentication rules information, otherwise, the authentication rules information of this rule correspondence in flash, searched.
Said device also comprises:
Numeration module 44 is used for the number of times that is used according to the information of authentication rules described in the buffer zone, and the counter that this authentication rules information is corresponding adds one.
Said device also comprises:
Update module 45, whether the quantity of the authentication rules information that is used for judging that said buffer zone is preserved reaches setting threshold; When not reaching setting threshold; The authentication rules information of this rule correspondence that finds among this flash is added in the said buffer zone; Otherwise,, be employed in the authentication rules information of this rule correspondence that finds among this flash according to the number of times of the corresponding counter of each authentication rules information in the buffer zone; The authentication rules information of the least number of times of replacement counter, and to counter O reset.
Method and device that the embodiment of the invention provides a kind of gate inhibition of realization to control are preserved the corresponding relation of user totem information and rule number in the method, and preserve the rule number and the corresponding relation of authentication rules information; When having obtained user totem information; Can confirm the corresponding authentication Rule Information, and adopt this authentication rules information that the user is carried out authentication according to above-mentioned two corresponding relations of preserving; Carry out control corresponding; Thereby reduce the time of from user rights database, searching the respective user authority, shortened the authentication time, effectively guaranteed user experience each user.
Above-mentioned explanation illustrates and has described the preferred embodiments of the present invention; But as previously mentioned; Be to be understood that the present invention is not limited to the form that this paper discloses, should do not regard eliminating as, and can be used for various other combinations, modification and environment other embodiment; And can in invention contemplated scope described herein, change through the technology or the knowledge of above-mentioned instruction or association area.And change that those skilled in the art carried out and variation do not break away from the spirit and scope of the present invention, then all should be in the protection domain of accompanying claims of the present invention.