Embodiment
In order to make technical matters to be solved by this invention, technical scheme and beneficial effect clearly, understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The present invention is in order to improve the authority-identifying speed of access controller, and provide a kind of method and the device that realize access control, below in conjunction with Figure of description, the present invention is described in detail.
Figure 1B is a kind of process realizing access control provided by the invention, and this process comprises following step:
S101: access controller, according to the user totem information received, in the corresponding relation of the user totem information preserved with regular number, searches the rule number of carrying out authentication that this user totem information is corresponding.
Wherein in the present invention, this user totem information with rule number corresponding relation can be kept in user policy table.
This concrete user policy table comprises: the corresponding relation between user totem information, rule number and user totem information and rule number.
User totem information is obtained by the read head of access control system, according to the difference of recognition technology, this user totem information user totem information can be obtained, so can be fingerprint, the information such as iris or user tag of user by fingerprint identification technology, iris recognition technology and recognition technology of swiping the card.
S102: the rule number corresponding according to this user totem information found, and the rule number of preserving and the corresponding relation of authentication rules information, search and described rule number corresponding authentication rules information.
In the present invention, the corresponding relation of this rule number and authentication rules information can be kept in rale store table, this rale store table can be arbitrary format, comprises at this rale store table: rule number, authentication rules information and rule number and authentication rules information between corresponding relation.
S103: the authentication rules information according to finding carries out authentication to user, and determine whether to carry out opening door operation to this user.
Owing to preserving the corresponding relation of user totem information and regular number in the present invention, and preserve rule number and the corresponding relation of authentication rules information, when obtaining user totem information, can according to above-mentioned two corresponding relations preserved, determine corresponding authentication rules information, and adopt this authentication rules information to carry out authentication to user, control accordingly, thus reduce the time of searching respective user authority from user rights database, shorten the Authentication time to each user, effectively ensure that Consumer's Experience.
In the present invention owing to preserving the corresponding relation of user totem information and regular number, and preserve rule number and the corresponding relation of authentication rules information, therefore according to user totem information, carry out rule number search time, when do not find corresponding with user totem information carry out the rule of authentication time, then determine that the user is disabled user, opening door operation is not carried out to this user.In addition, when finding corresponding rule number, but when not finding with this rule number corresponding authentication rules information, then also determine that the user is disabled user, opening door operation is not carried out to this user.
Wherein, access controller preserves the corresponding relation comprising user totem information and regular number in the database of its flash, and rule number and the user policy table of the corresponding relation of authentication rules information and rale store table, for server is issued in access controller.And can realize adding the corresponding information in user policy table and rale store table by access controller, upgrade and the operation such as deletion.
When server need the corresponding information in the user policy table preserved in access controller or rale store table to add, upgrade or the operation such as deletion time, issue the information of command adapted thereto to this access controller.When access controller receive that server issues comprise the information of command adapted thereto time, this information is resolved, after getting corresponding instruction, according to this instruction, the corresponding information in user policy table or rale store table is operated.
Such as when this instruction is for adding instruction, in the database of self flash, then add the corresponding relation of this user totem information and regular number, or rule number and the corresponding relation of authentication rules information, when this instruction is update instruction, then to the user totem information preserved in the database of flash and rule number corresponding relation, or rule number upgrades with the corresponding relation of authentication rules information, when this instruction is delete instruction, then by the corresponding relation of the user totem information preserved in the database of flash and rule number, or rule number is deleted with the corresponding relation of authentication rules information.
In order to a step improves the efficiency that access controller carries out authentication, shortening the time that access controller carries out authentication, in the internal memory of this access controller, opening up one piece of storage space in the present invention as buffer zone, for depositing the authentication rules information of some.
When storing authentication rules information in buffer zone, searching described rule number corresponding authentication rules information in the present invention and comprising:
Judge in buffer zone, whether to preserve described rule number corresponding authentication rules information;
When determining to preserve in buffer zone described rule number corresponding authentication rules information, in described buffer zone, search this authentication rules information;
Otherwise, in flash, search this rule number corresponding authentication rules information.
Wherein, the authentication rules information of preserving in this buffer zone in the present invention, can default in this buffer zone, such as, select arbitrarily the authentication rules information of setting quantity to be saved in this buffer zone.
Fig. 2 is a kind of process realizing access control provided by the invention, and this process comprises following step:
S201: access controller receives the user totem information that read head sends.
S202: access controller is according to the user totem information received, and preserve user totem information with rule number corresponding relation, judge whether to preserve the rule number of carrying out authentication corresponding with this user totem information, when result of determination is for being, carry out step S203, otherwise, opening door operation is not carried out to this user.
S203: search the rule number that this user totem information is corresponding.
S204: according to the corresponding relation of the rule number of preserving with authentication rules information, judge whether preserve in buffer zone and this rule number corresponding authentication rules information, when result of determination is for being, carry out step S205, otherwise, carry out step S206.
S205: search this authentication rules information, carries out authentication according to this authentication rules information to user, and determines whether to carry out opening door operation to this user.
S206: search in flash and described rule number corresponding authentication rules information, according to the authentication found, authentication is carried out to user, and determine whether to carry out opening door operation to this user.
Or carry out the efficiency of authentication to improve access controller further, the authentication rules information of preserving in this buffer zone can be comparatively conventional authentication rules information, and the authentication rules information of up-to-date use.But the quantity of the authentication rules information can preserved in this buffer zone is limited, therefore, in order to ensure that the authentication rules information of preserving in this buffer zone is the authentication rules information comparatively commonly used, and the authentication rules information of up-to-date use, in the present invention internal memory buffer zone in be provided with the counter corresponding with each authentication rules information, according to each authentication rules information by the number of times used, the authentication rules information of preserving in this buffer zone is upgraded.
Specifically in the present invention, when determining to preserve in buffer zone described rule number corresponding authentication rules information, in described buffer zone, search this authentication rules information, according to the information of authentication rules described in buffer zone by the number of times used, counter corresponding for this authentication rules information is added one.
When the authentication rules information of preserving in this buffer zone upgrades, search this rule number corresponding authentication rules information in flash after, described method also comprises:
Judge whether the quantity of the authentication rules information of preserving in described buffer zone reaches setting threshold value;
When not reaching setting threshold value, this rule found in this flash number corresponding authentication rules information is added in described buffer zone,
Otherwise, according to the number of times of counter corresponding to authentication rules information each in buffer zone, adopt this rule number corresponding authentication rules information found in this flash, replace the authentication rules information of the least number of times of counter, and the counter O reset corresponding to this authentication rules information.
Wherein, the threshold value of this setting can set as required flexibly, the size arranging the storage space needing buffer zone in consideration internal memory of the threshold value of this concrete setting.
Fig. 3 is provided by the invention for a kind of detailed process realizing access control of user card punching enabling, and this process comprises the following steps:
S301: during user card punching, read head obtains user totem information, and this user totem information is sent to access controller.
S302: access controller is according to the user totem information received, and preserve user totem information with rule number corresponding relation, judge in user policy table, whether to preserve the rule number of carrying out authentication corresponding with this user totem information, when result of determination is for being, carry out step S303, otherwise do not carry out opening door operation to this user, failure result is sent to read head by access controller.
S303: search the rule number corresponding with this user totem information in user policy table.
S304: the rule number corresponding according to this user totem information, and the corresponding relation of the rule number of preserving and authentication rules information, judge whether be cached with in buffer zone and this rule number corresponding authentication rules information, when result of determination is for being, carry out step S305, otherwise, carry out step S306.
S305: search this authentication rules information, counter corresponding for this authentication rules information is added one, carries out authentication according to this authentication rules information to user, and determines whether to carry out opening door operation to this user.
S306: search in flash and described rule number corresponding authentication rules information, according to the authentication found, authentication is carried out to user, and determine whether to carry out opening door operation to this user.
S307: judging whether the quantity of the authentication rules information of preserving in buffer zone reaches setting threshold value, when result of determination is for being, carrying out step S308, otherwise, carry out step S309.
S308: according to the number of times of counter corresponding to authentication rules information each in buffer zone, adopt this rule number corresponding authentication rules information found in this flash, replace the authentication rules information of the least number of times of counter, and the counter O reset corresponding to this authentication rules information.
S309: this rule found in this flash number corresponding authentication rules information is added in described buffer zone.
Concrete, preserve the corresponding relation of user totem information and regular number in the present invention in this user policy table, this user policy table can adopt following form:
User totem information |
Rule number |
8 bytes |
1 byte |
In this user policy table, this user totem information can be user identity ID, takies the length of 8 bytes, and rule number takies the length of 1 byte, and wherein the length of user totem information is according to different recognition technologies, and length is different.
And in rale store table, preserve the corresponding relation of regular number and authentication rules information, and in the present invention, in order to the convenience of authentication, this authentication rules information can be subdivided into again the authentication rules information of festivals or holidays, and weekend authentication rules information, and according to different situations correspondence preservation authentication rules several festivals or holidays, and weekend authentication rules information, such as May Day, 11, New Year's Day etc. corresponding different respectively authentication rules information festivals or holidays, the authentication rules information etc. at weekend that weekend in different season is corresponding different.
Simultaneously, because existing server is when sending rale store table to access controller, each access controller is not distinguished, therefore the rale store table that receives of each access controller, the rale store table that may use for other access controllers, therefore can so that each access controller can determine which rale store table is the rale store table that oneself uses, equipment group number information is also included in this rale store table, and equipment group id information, the corresponding corresponding equipment group of each access controller, the read head of access controller and its control forms an equipment group.After access controller receives rale store table, according to the equipment group ID preserved in this rale store table, judge which rale store table is self operable rale store table.In addition, along with the development of technology, when server can be distinguished each access controller, or, so the content of rale store table corresponding to access controller all identical time, this server can not be distinguished access controller, can not comprise equipment group id information in this rale store table, and server issues identical rale store table to each access controller.
Following table is a kind of structural representation of this rale store table:
In this rale store table table, this rule number takies the length of 1 byte, equipment group number takies the length of a byte, in equipment group ID, each equipment group takies the length of 2 bytes, the number of all rules takies the length of 1 byte, the byte number that all rules take is according to the number of week rule, and the byte number that each all rules take is determined, festivals or holidays, rule number took the length of 1 byte, the byte number that festivals or holidays, rule took is according to the number of rule festivals or holidays, and the byte number that each festivals or holidays, rule took is determined.
When user needs by access control system, read head obtains the user totem information of this user, and this user totem information is sent to access controller.Access controller receive read head send user totem information after, according to the user totem information preserved in own user rule list and rule number corresponding relation, determine whether there is the rule number that this user totem information is corresponding.
When in the user policy table determining self to preserve, when not preserving the rule corresponding with this user totem information, this user is not operated, namely opening door operation is not carried out to this user.
When in the user policy table determining self to preserve, when preserving rule corresponding to this user totem information, obtain this rule number.And according to the rale store table that the server received issues, judge with the equipment group ID at self place, whether exist regular with this rule number corresponding week, festivals or holidays are regular or other authentication rules information.
When determining to exist, judge whether this authentication rules information is kept in buffer area, when this authentication rules information is kept in buffer area, according to this authentication rules information of preserving in buffer area, authentication is carried out to this user, and the counter corresponding to this authentication rules information adds one, when authentication is passed through, then access controller notice door lock or button carry out opening door operation, otherwise, this user is not processed, namely opening door operation is not carried out to this user.
When this authentication rules information is not kept in buffer area, according to this authentication rules information of preserving in flash, authentication is carried out to this user, when authentication is passed through, then access controller notice door lock or button carry out opening door operation, otherwise, this user is not processed, namely opening door operation is not carried out to this user.And, when the quantity of the authentication rules of preserving in this buffer zone does not reach setting threshold value, this authentication rules information of preserving in this flash is added in buffer area, when the quantity of the authentication rules of preserving in this buffer zone reaches setting threshold value, this authentication rules information is adopted to replace the minimum authentication rules information of this buffer zone Counter, namely the minimum authentication rules information of access times is replaced, and the counter O reset corresponding to this authentication rules information, to restart to be counted by the number of times used to this authentication rules information.
, for the ease of server, user is managed in embodiments of the present invention meanwhile, after this access controller carries out authentication to each user totem information, can by authenticating result, and the user totem information of correspondence is sent to server.
User totem information in the present invention by receiving, corresponding rule number is searched in user policy table, according to the rule number found, in rale store table, searching corresponding authentication rules information, and carrying out authentication according to finding authentication rules information, effectively reduce Authentication time, the Rule Information that buffer memory is conventional in the buffer zone of internal memory simultaneously, further shorten the time of searching authentication rules information, therefore improve authentication efficiency, thus ensure that Consumer's Experience.
Fig. 4 is a kind of apparatus structure schematic diagram realizing access control provided by the invention, and described device comprises:
First searches module 41, for according to the user totem information received, in the corresponding relation of the user totem information preserved with regular number, searches the rule number of carrying out authentication that this user totem information is corresponding;
Second searches module 42, for the rule number corresponding according to this user totem information of finding, and the corresponding relation of the rule of preserving number and authentication rules information, search described rule number corresponding authentication rules information;
Control module 43, for carrying out authentication according to the authentication rules information found to user, and determines whether to carry out opening door operation to this user.
Described control module 43, also for when not finding in the corresponding relation in the user totem information preserved and rule number, corresponding with this user totem information when the rule of authentication is carried out to this user, opening door operation is not carried out to this user.
Described second searches module 42, whether preserves described rule number corresponding authentication rules information specifically for judging in buffer zone; When determining to preserve in buffer zone described rule number corresponding authentication rules information, in described buffer zone, search this authentication rules information, otherwise, in flash, search this rule number corresponding authentication rules information.
Described device also comprises:
Numeration module 44, for according to the information of authentication rules described in buffer zone by the number of times used, counter corresponding for this authentication rules information is added one.
Described device also comprises:
Update module 45, for judging whether the quantity of the authentication rules information of preserving in described buffer zone reaches setting threshold value; When not reaching setting threshold value, this rule found in this flash number corresponding authentication rules information is added in described buffer zone, otherwise, according to the number of times of counter corresponding to authentication rules information each in buffer zone, adopt this rule number corresponding authentication rules information found in this flash, replace the authentication rules information of the least number of times of counter, and to counter O reset.
Embodiments provide a kind of method and the device that realize access control, preserve the corresponding relation of user totem information and regular number in the method, and preserve rule number and the corresponding relation of authentication rules information, when obtaining user totem information, can according to above-mentioned two corresponding relations preserved, determine corresponding authentication rules information, and adopt this authentication rules information to carry out authentication to user, control accordingly, thus reduce the time of searching respective user authority from user rights database, shorten the Authentication time to each user, effectively ensure that Consumer's Experience.
Above-mentioned explanation illustrate and describes the preferred embodiments of the present invention, but as previously mentioned, be to be understood that the present invention is not limited to the form disclosed by this paper, should not regard the eliminating to other embodiments as, and can be used for other combinations various, amendment and environment, and can in invention contemplated scope described herein, changed by the technology of above-mentioned instruction or association area or knowledge.And the change that those skilled in the art carry out and change do not depart from the spirit and scope of the present invention, then all should in the protection domain of claims of the present invention.