CN104240342B - Access control method and device based on identity authentication - Google Patents
Access control method and device based on identity authentication Download PDFInfo
- Publication number
- CN104240342B CN104240342B CN201410422030.1A CN201410422030A CN104240342B CN 104240342 B CN104240342 B CN 104240342B CN 201410422030 A CN201410422030 A CN 201410422030A CN 104240342 B CN104240342 B CN 104240342B
- Authority
- CN
- China
- Prior art keywords
- identity
- gate inhibition
- access control
- management system
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Time Recorders, Dirve Recorders, Access Control (AREA)
Abstract
The embodiment of the invention provides an access control method and device based on identity authentication. The access control device is associated with a preset on-line management system and comprises an information acquisition module, an identity identifying module and an access control opening module, wherein the information acquisition module is used for acquiring identity information of a target requesting for passing through an access control at present; the identity identifying module is used for judging whether an identity mark matched with a first identity mark is stored in a first preset database, and can be used for obtaining a second identity mark and sending the second identity mark to the on-line management system if the identity mark matched with the first identity mark is stored in the first preset database; the access control opening module is used for opening the access control according to a legal verification result which is information generated after the identity mark as same as the second identity mark is found in a second preset database after the second identity mark is received by the on-line management system. By virtue of the access control method and device, the workload of an enterprise management department can be reduced, the management efficiency can be improved and the enterprise management safety can be improved.
Description
Technical field
The present invention relates to information checking technical field, particularly relate to the door of a kind of identity-based checking
Prohibit control method and the access control device of a kind of identity-based checking.
Background technology
Along with development and the raising of enterprise security consciousness of Information technology, particularly recent years is along with sense
Answering card technique, the development of biological identification technology, gate inhibition's technology has obtained rapid development, gate inhibition's technology
Having surmounted simple gateway and key management already, it has evolved into the discrepancy pipe into complete set
Reason system, gate inhibition's technology plays in the Administrations such as work circumstances safe, personnel attendance management
Huge effect.
Traditional access control equipment typically carries out off line identification, and its operation principle is: identification information shifts to an earlier date typing
In access control equipment, when there being personnel to pass in and out gate inhibition, access control equipment is direct according to the personal information collected
Mate in identification information, the match is successful then opening gate.But, above-mentioned operation principle needs people
Power resource is identified the regular typing of information, labor intensive cost, reduces the work efficiency of personnel.
Further, if the identification information updating in access control equipment not in time, it is likely that cause having for the previous period
The personnel that right of access but current time do not have right of access enter gate inhibition smoothly, particularly pacify enterprise
For the enterprise that the strict controllers in anti-field comes in and goes out, reduce the safety of enterprise.
Therefore, a technical problem that those skilled in the art urgently solve is presently required exactly: carry
For a kind of access control mechanism, in order to reduce the workload of department of enterprise organization, improve the efficiency of management
And improve enterprise security.
Summary of the invention
Embodiment of the present invention technical problem to be solved is to provide the gate inhibition of a kind of identity-based checking
Control method, in order to reduce the workload of department of enterprise organization, improves the efficiency of management, and improves
Business administration safety.
Accordingly, the embodiment of the present invention additionally provides the access control device of a kind of identity-based checking,
In order to ensure realization and the application of said method.
In order to solve the problems referred to above, the invention discloses the access control dress of a kind of identity-based checking
Putting, described access control device associates with the online management system preset, described access control device
Including:
Information acquisition module, for gathering the identity information of the current request object by gate inhibition, institute
State identity information and include the first identity;
Identification module, for judging whether have and described first in the first data base preset
The identity of identity coupling, the most then obtain the second identity, and by described second
Identity sends in real time to described online management system, described in described first database purchase first
Identity and the incidence relation of the second identity;
Gate inhibition's opening module, for receiving the legal knot of checking that described online management system returns
After Guo, opening gate;Described checking valid result be described online management system receive described
After second identity, find from the second default data base and described second identity phase
With the information generated after identity.
Preferably, described device also includes:
Traffic information transfer module, is used for generating traffic information, and described traffic information is transferred to
Described online management system.
Preferably, described traffic information transfer module includes:
Monitoring submodule, for being monitored described gate inhibition's opening module;
Data acquisition submodule, for when monitoring described gate inhibition's opening module opening gate, from institute
State the second identity obtaining the current object by gate inhibition in identification module;
Time record sub module, for recording the current time by the object of gate inhibition by gate inhibition;
Information generates submodule, for organizing the second identity of the described current object by gate inhibition
And described current time by the object of gate inhibition by gate inhibition, generate traffic information;
Transmission submodule, for being transferred to described online management system by described traffic information.
Preferably, described access control device has gate inhibition's mark, and described identification module is additionally operable to
Described gate inhibition identifies transmission extremely described online management system, and described online management system is used for combining
Described second identity is verified by described gate inhibition mark.
Preferably, described current request includes personnel and the request asking to go out by the object of gate inhibition
At least one of the vehicle gone out.
Present invention also offers the access control method of a kind of identity-based checking, described access control side
Method is applied in access control device, and described access control device closes with the online management system preset
Connection, described method includes:
Access control device gathers the identity information of the current request object by gate inhibition, and described identity is believed
Breath includes the first identity;
Access control device judges whether have and described first identity mark in the first data base preset
Know the identity of coupling, the most then obtain the second identity, and by described second identity mark
Know and send extremely described online management system in real time, the first identity mark described in described first database purchase
Know the incidence relation with the second identity;
Access control device, after receiving the checking valid result that described online management system returns, is opened
Open gate inhibition;Described checking valid result is that described online management system is receiving described second identity
After mark, find from the second default data base and described second identity common identity mark
The information generated after knowledge.
Preferably, described method also includes:
Access control device generates traffic information, and described traffic information is transferred to described online management
System.
Preferably, described access control device generates traffic information, and described traffic information is transferred to
The step of described online management system includes:
When monitoring gate inhibition and opening, the record current time by the object of gate inhibition by gate inhibition;
Second identity of the current object by gate inhibition of tissue and described current by gate inhibition's
The object time by gate inhibition, generate traffic information;
Described traffic information is transferred to described online management system.
Preferably, described access control device has gate inhibition's mark, and described method also includes:
Described gate inhibition is identified transmission to described online management system.
Preferably, described current request includes, by the object of gate inhibition, the personnel asking to go out and asks
Seek at least one of the vehicle gone out.
Compared with background technology, the embodiment of the present invention includes advantages below:
The embodiment of the present invention innovatively proposes a kind of online access control device, and this gate inhibition is controlled
Device processed interconnects online with the online management system of enterprise, is asked by gate inhibition's by Real-time Collection
The identity information of object, sends to online management system after being identified the identity information of this collection
Carry out authentication, control in real time when receiving the checking valid result that online management system sends
The unlatching of gate inhibition, thus realize the data syn-chronization of online management system and access control device, it is to avoid
For the previous period there is right of access but the current time personnel that do not have a right of access enter gate inhibition's
Situation occurs, and improves business administration safety, and decreases the workload of enterprise administrator,
Improve the efficiency of management, meet the demand of modern management.
Accompanying drawing explanation
Fig. 1 is the structural frames of the access control device embodiment of a kind of identity-based checking of the present invention
Figure;
Fig. 2 is the interactive step flow chart of the access control device of the embodiment of the present invention;
Fig. 3 is the steps flow chart of the access control method embodiment of a kind of identity-based of present invention checking
Figure.
Detailed description of the invention
Understandable for enabling the above-mentioned purpose of the present invention, feature and advantage to become apparent from, below in conjunction with
The present invention is further detailed explanation for the drawings and specific embodiments.
With reference to Fig. 1, it is shown that the access control device embodiment of a kind of identity-based checking of the present invention
Structured flowchart, wherein, described access control device with preset online management system associate, institute
State access control device can include such as lower module:
Information acquisition module 101, for gathering the identity information of the current request object by gate inhibition,
Described identity information includes the first identity;
As a kind of preferred exemplary of the present embodiment, current request can be included by the object of gate inhibition
At least one of the vehicle that the personnel that go out of request and request are gone out.
Whether identification module 102, for judging to have in the first data base preset and described the
The identity of one identity coupling, the most then obtain the second identity, and by described the
Two identity send in real time to described online management system;
Gate inhibition's opening module 103, for legal in the checking receiving the return of described online management system
After result, opening gate;Described checking valid result is that described online management system is receiving
After stating the second identity, find from the second default data base and described second identity
The information generated after common identity mark.
In a kind of preferred embodiment of the embodiment of the present invention, described device can also include:
Traffic information transfer module, is used for generating traffic information, and described traffic information is transferred to
Described online management system.
In a kind of preferred embodiment of the embodiment of the present invention, described traffic information transfer module can be entered
One step includes following submodule:
Monitoring submodule, for being monitored described gate inhibition's opening module;
Data acquisition submodule, for when monitoring described gate inhibition's opening module opening gate, from institute
State the second identity obtaining the current object by gate inhibition in identification module;
Time record sub module, for recording the current time by the object of gate inhibition by gate inhibition;
Information generates submodule, for organizing the second identity of the described current object by gate inhibition
And described current time by the object of gate inhibition by gate inhibition, generate traffic information;
Transmission submodule, for being transferred to described online management system by described traffic information.
In a kind of preferred embodiment of the embodiment of the present invention, described access control device has gate inhibition's mark
Knowing, described identification module can be also used for described gate inhibition identifying transmission to described online management
System, described online management system is used for combining described gate inhibition mark and enters described second identity
Row checking.
The embodiment of the present invention innovatively proposes a kind of online access control device, and this gate inhibition is controlled
Device processed interconnects online with the online management system of enterprise, is asked by gate inhibition's by Real-time Collection
The identity information of object, sends to online management system after being identified the identity information of this collection
Carry out authentication, control in real time when receiving the checking valid result that online management system sends
The unlatching of gate inhibition, thus realize the data syn-chronization of online management system and access control device, it is to avoid
For the previous period there is right of access but the current time personnel that do not have a right of access enter gate inhibition's
Situation occurs, and improves business administration safety, and decreases the workload of enterprise administrator,
Improve the efficiency of management, meet the demand of modern management.
It should be noted that in order to access control device is combined with online management system, it is achieved
Online intercommunication, the environment building both online intercommunications that the embodiment of the present invention needs, such as build meter
Calculation machine network (can be to include IP network, RS485 bus and the network of other form) and
Switching equipment, server, database server, gate inhibition's access device, and supporting bottom fortune
Line program and communications protocol, such as: configure application server, storage data base, net at central machine room
Cross winding exchange device, is transmitted by comprehensive wiring system, with the gate inhibition being distributed in each gateway
System equipment, management system etc. interconnect, it is achieved the said equipment 24 hours round-the-clock
Line runs, and ensures real-time request for data and checks and writes off the needs that data are uploaded, real-time discrepancy is current.
Build this set of environments, need the use demand according to user and required terminal, room entry/exit management terminal
Quantity determine, and carry out the construction of civil engineering, strong and weak electricity, installation etc..
In order to preferably the access control device of the present invention be illustrated, below to online management system
Illustrate:
Described online management system includes:
Data management module, for obtaining the request for data that examination & approval are passed through;And, lead in described examination & approval
When the request for data crossed finds the request for data mated with described traffic information, to described coupling
Request for data carry out checking and writing off process according to preset rules;
Authentication module, for obtaining the application that described examination & approval are passed through from described data management module
Data, and, exist with described in verifying the identity of request for data that described examination & approval are passed through
When current request is by request for data that the second identity of the object of gate inhibition is consistent, generate checking
Valid result, and described checking valid result is sent to gate inhibition's opening module.
In one embodiment, described data management module can include following submodule:
Online application submodule, for receiving the request for data filled in online;
Examine submodule online, for described request for data is examined online, and examination & approval are passed through
Request for data send to sub module stored;
Sub module stored, for storing the request for data that described examination & approval are passed through.
In one embodiment, described request for data also includes the time period applying for going out, described data
Management module includes following submodule:
State checks submodule, works as with described for finding in the request for data that described examination & approval are passed through
During the request for data that the identity of the front object by gate inhibition is mated, check the request of described coupling
Whether data has specific markers;
Labelling adds submodule, in time there is no specific markers in the request data of described coupling, for
The request data of described coupling adds specific markers;
Check and write off process submodule, for having specific markers, and institute in the request data of described coupling
State the scope of the time period currently gone out in described application by the time of gate inhibition by the object of gate inhibition
Time interior, the request for data of described coupling is checked and write off process.
In one embodiment, described data management module also includes:
First records interpolation submodule, in violation of rules and regulations for having specific mark in the request data of described coupling
Note, and described currently by the object of gate inhibition by the time of gate inhibition not when described application is gone out
Between in the range of section time, the request data of described coupling is added in default violation record list;
Second records interpolation submodule, in violation of rules and regulations for periodically to the described application with described specific markers
Data detect, and are added by the request for data outside the preset time period exceeding the time period that application is gone out
It is added in the violation record list preset.
In one embodiment, described online management system also includes:
Enquiry module, for receiving the querying condition of input, obtains and institute from described data management module
State the request for data of querying condition coupling;
Output module, for exporting the described request for data mated with described querying condition.
In one embodiment, described authentication module is additionally operable in the Shen verifying that described examination & approval are passed through
Please there is not the identity consistent with the identity of the object that described current request passes through gate inhibition in data
During mark, generate and verify illegal result, and the transmission of illegal for described checking result is opened to gate inhibition
Open module;
The most described gate inhibition's opening module is additionally operable to receiving the checking that described authentication module sends
During illegal result, it is not turned on gate inhibition.
In one embodiment, the request for data that described examination & approval are passed through also includes capability identification, described door
Prohibiting control device storage and have the right of way limit scope of current gate inhibition, described authentication module includes:
Authority obtains submodule, for existing with described in verifying the request for data that described examination & approval are passed through
When current request is by identity that the identity of the object of gate inhibition is consistent, lead to from described examination & approval
The request for data crossed obtains the capability identification of the current request object by gate inhibition;
Judge submodule, for judging that by the capability identification of the object of gate inhibition whether described current request
In the range of described right of access;
Result generates submodule, at the authority mark judging the described current request object by gate inhibition
When knowing in the range of described right of access, generate checking valid result;
Result transmission submodule, opens mould for described checking valid result is transferred to described gate inhibition
Block.
The access control device of the embodiment of the present invention and the friendship of online management system is shown with reference to Fig. 2
Flow chart of steps mutually, may include steps of:
Step 301, data management module obtains the request for data that examination & approval are passed through;
In one preferred embodiment of the invention, step 301 can include following sub-step:
Sub-step S11, data management module receives the request for data filled in online;
In practice, if application personnel have the authority of operation online management system, then can be by applicant
Member fills in request for data online by online management system, to make relevant application;Or, if Shen
Personnel please be not operate in the authority of wire management system, then application personnel can be by written form
Filing an application to administration section, the related management personnel of administration section are existed by online management system again
Request for data filled in by line.
As a kind of example, request for data can be request for data, the Shen of application field personnel asked for leave
Please at least one of data and vehicle request for utilization data, can think the personnel's of application field personnel
Request for data, the request for data of the personnel of application field personnel and vehicle request for utilization data, application is asked for leave
The request for data etc. of personnel, such as, request field personnel personnel can fill in field personnel request for data and
Vehicle request for utilization data, or only fill in field personnel request for data.
Request for data can include time period, the application identity of personnel, the vehicle mark applying for going out
The information such as knowledge, capability identification, reason for the request, wherein, application personnel's identity can be application
Personnel ID or application personnel's title, be the foundation identifying application personnel;Capability identification is used for identifying Shen
Please the right of access of vehicle of personnel or application, can be the rank of the vehicle of applicant person or application
Coding, different stage encodes transitable region and number of times is different.
Sub-step S12, described request for data is examined, is examined by data management module online
The request for data passed through;
In implementing, after data management module receives the request for data of application, can be according in advance
If it is examined by rule automatically, such as, identify that whether capability identification is at default capability identification model
In enclosing, the most then examination & approval are passed through, and otherwise, examination & approval are not passed through.
It is of course also possible to the request for data of application is manually examined by the related personnel of administration section
Batch, detailed process can be, after the related personnel of administration section logs in wire management system, online
Management system demonstration request for data gives these personnel, and these personnel are by clicking on examining in wire management system
Batch by or examination & approval not by wait functional keys submit to examination & approval by result or examination & approval by tie
Really.It should be noted that when there being the request for data of submission, online management system can carry in real time
The related personnel of awake administration section examines in real time, and online management system can also be when default
Between section remind administration section related personnel batch processing request for data, or, online management system is also
Can not remind, department related personnel to be managed actively checks application when logging in wire management system
Data are also made examination & approval and are processed, the embodiment of the present invention to this without being any limitation as.
Sub-step S13, data management module stores the request for data that described examination & approval are passed through.
After obtaining the request for data that passes through of examination & approval, data management module can be with list or data base (the
Two data bases) or the form of file store the request for data that passes through of described examination & approval, for follow-up its
He uses and follow-up maintenance module.
It practice, all can preserve for all request for data online management systems, this all of application number
According to being a list, and examining the request for data passed through can be another part of list;Or,
The request for data that examination & approval are passed through does examination & approval in the list of described all request for data and passes through labelling.
It should be noted that the request for data that the examination & approval of data management module storage are passed through has storage period
Limit, the request for data exceeding storage period can automatically be cleared up, or remind administration section's cleaning.
In another preferred embodiment of the invention, administration section can also pass through online management system
Batch uploads the request for data that examination & approval are passed through, after data management module receives the request for data uploaded,
The request for data that described examination & approval are passed through is stored with the form of list or data base or file.
Step 302, information acquisition module Real-time Collection current request is believed by the identity of the object of gate inhibition
Breath, described identity information includes the first identity;
Specifically, access control device is the equipment that exit and entrance carries out control, it be
Develop on the basis of traditional door lock.Access control device in the embodiment of the present invention can wrap
At least one of entrance guard device that the personnel of including pass through and the porte-cochere lock of vehicle pass-through, then described
Current request can include, by the object of gate inhibition, the vehicle that the personnel asking to go out and request are gone out
At least one, and ask the personnel that go out can include the personnel of asking for leave, the personnel etc. of request field personnel.
When having detected that object requests passes through gate inhibition, information acquisition module can be by being positioned at gate inhibition
Wherein the one of the equipment such as the radio-frequency card card-reading apparatus of gateway, fingerprint instrument equipment, portrait recognition device
Plant the identity information of the Real-time Collection current request object by gate inhibition.
In implementing, identity information is the information of unique identified person or testing vehicle register, permissible
Including the first identity, the first identity can include the perfect instrument number of object, object
Biometric feature information, the various card images that can represent personnel identity etc., such as, for asking
For asking the personnel gone out, the first identity can include at least one of following information: personnel
ID (identity number) card No., the fingerprint feature information of personnel, the iris feature information of personnel, the face of personnel
Portion's characteristic information, the skeleton character information of personnel, the voice characteristics information of personnel, personnel can be represented
The IC-card of identity, the ID card etc. of personnel identity can be represented;For the vehicle that request is gone out,
First identity can include at least one of following information: the number-plate number, containing car plate ground form
The number-plate number, the IC-card of testing vehicle register can be represented, the ID card of testing vehicle register can be represented, car can be represented
The bluetooth card of identity, the microwave card etc. of testing vehicle register can be represented.
After information acquisition module collects the identity information of the object that current request passes through gate inhibition, passed
It is handed to identification module, to carry out identification.
Step 303, identification module judges whether have in the first data base preset and described the
Second identity of one identity coupling, the most then obtain described second identity, and
Described second identity is sent in real time to described authentication module;
After identification module receives the first identity, from the first default data base search with
The identity that described first identity is identical, obtains this mark corresponding in the first data base
Second identity.Wherein, the first data base can store the first identity and the second body
The incidence relation of part mark, the data in the first data base can be the data prestored, or from online
The data obtained in management system.
After identification module identifies the second identity, this second identity is sent to identity
Authentication module, carries out authentication for authentication module.
Such as, application personnel ask to enter gate inhibition, information acquisition module collection by the way of brush finger stricture of vagina
After the finger print information of this application personnel, finger print data is transferred to identification module, then identity
Identification module mates this finger print information in the first data base, if matching, then obtains the Shen of correspondence
The person's of asking someone title or ID, and application personnel's title or ID are sent to authentication module.
Step 304, authentication module receives the second identity of the current request object by gate inhibition
After mark, from described data management module, obtain the request for data that described examination & approval are passed through, and,
Exist in verifying the identity of request for data that described examination & approval are passed through and pass through with described current request
During the consistent request for data of the second identity of the object of gate inhibition, generate checking valid result;
Specifically, authentication module receive identification module send current request pass through door
After second identity of the object prohibited, checking current request passes through the legal of the object identity of gate inhibition
Property, verification method can be, authentication module obtains described examination & approval from data management module and leads to
After the request for data crossed, verify whether the request for data that these examination & approval are passed through exists and lead to current request
The request for data that second identity of the object crossing gate inhibition is identical, if existing, then it is legal to verify,
Generate checking valid result.Correspondingly, if verifying the identity mark of the request for data that described examination & approval pass through
Knowledge does not exist the application consistent with the second identity of the object that described current request passes through gate inhibition
During data, generate and verify illegal result.
Further, in access control device, storage has the right of way limit scope of current gate inhibition, and this can
Right of access scope defines the object of which authority can pass through current gate inhibition, then authentication module
The identity that can be combined with the right of access scope object to verify current request and pass through gate inhibition is legal
Property, it is specifically as follows: the second identity is sent to authentication module by identification module
Meanwhile, the right of access scope obtaining current gate inhibition sends to authentication module, authentication mould
Block exists in verifying the identity of request for data that described examination & approval are passed through and leads to described current request
During the consistent request for data of the second identity of the object crossing gate inhibition, the Shen passed through from described examination & approval
Data please obtain the capability identification that current request passes through the object of gate inhibition;Judge described current request
By the capability identification of the object of gate inhibition whether in the range of described right of access, the most then generate
Checking valid result;Otherwise, the illegal result of checking is generated.
Step 305, described checking valid result is transferred to gate inhibition's opening module by authentication module;
Concrete, after authentication module generates checking valid result or verifies illegal result, can
With by this checking valid result or verify that illegal result all sends to gate inhibition's opening module.
In actual applications, authentication module generates checking valid result or verifies illegal result
After, it is also possible to directly will verify that illegal result filters, only checking valid result be sent to gate inhibition
Opening module, to reduce the pressure of data transmission.
Step 306, gate inhibition's opening module is legal in the checking receiving the transmission of described authentication module
During result, opening gate;
Concrete, gate inhibition's opening module is after receiving checking valid result, and opening gate, letting pass should
Ask the object by gate inhibition.On the other hand, if gate inhibition's opening module be not received by verifying legal
Result or receive checking illegal result, the most do not do the process of opening gate, now, gate inhibition
Opening module can be generated prompting message and remind current request not made by the current gate inhibition of object of gate inhibition
The reason opened.
Step 307, traffic information transfer module generates traffic information, and described traffic information is sent
To data management module;
Traffic information can include currently by the identity information of the object of gate inhibition and by gate inhibition's
Time and the channel information etc. of current gate inhibition.Specifically, traffic information transfer module is supervised in real time
Control gate inhibition's opening module, when monitoring gate inhibition's opening module opening gate, from identification module
Middle acquisition is currently by the second identity of the object of gate inhibition, and record is current by gate inhibition's
The object time by gate inhibition, organize the second identity of the described current object by gate inhibition with
And described current time by the object of gate inhibition by gate inhibition, generate traffic information, and will be current
Information is transferred to data management module.
Step 308, after data management module receives traffic information, in the application that described examination & approval are passed through
When data find the request for data that the identity with described traffic information is mated, to described
The request for data joined carries out checking and writing off process according to preset rules;
Being applied to the embodiment of the present invention, data management module can also carry out checking and writing off process.In the present invention
A kind of preferred embodiment in, the concrete processing procedure checked and write off can be: data management module receive
After traffic information, the request for data passed through in the examination & approval being previously stored mates the body with traffic information
Part consistent request for data of mark, if matching, then illustrate this pass through gate inhibition to as if for submitting to
Cross request for data and request for data audits the object passed through, then remember in this request for data matched
Record this traffic information, and check whether this request for data matched has specific markers, if having specific
Labelling, then illustrate that this is that request is gone out by the object of gate inhibition, and existing request backs into the right of gate inhibition
As;If there is no specific markers, then illustrate that this is the object asking to go out by the object of gate inhibition.Make
For a kind of example, described specific markers can be labelling of going out.
If this request for data matched is the request for data not having specific markers, then data management module
For this coupling request for data add specific markers, with indicate this object for doing well outward, and this
In request for data, record is current passes through the time of gate inhibition as the time of going out by the object of gate inhibition.
If this request for data matched is the request for data having specific markers, then data management module enters
One step judge currently by the object of gate inhibition by the time of gate inhibition whether when described application is gone out
Between in the range of section, if in the range of the time period that application is gone out, then illustrate that this object is in agreement
Time in normally return, then this application data can be checked and write off by data management module normally
Processing, the means checking and writing off process can include at least one in following means: deletes this coupling
The capability identification of request for data, the request for data for this coupling adds " checking and writing off " labelling etc..Further,
In this request for data, record is current passes through the time of gate inhibition as when returning by the object of gate inhibition
Between.
On the other hand, if this request for data matched is the request for data having specific markers, but described
The scope of the time period currently do not gone out in described application by the time of gate inhibition by the object of gate inhibition
Time interior, then illustrate that this object did not return within the time of agreement, i.e. the object of overtime return,
Then this application data can not be checked and write off place according to checking and writing off flow process normally by data management module
Reason, now, the request data of this coupling can be added to default violation note by data management module
In record list, administration section's laggard pedestrian's work of going and finding out what's going on check and write off, and will situation remarks in violation of rules and regulations,
Situation can include the object currently the passing through gate inhibition time by gate inhibition, reason etc. in violation of rules and regulations in violation of rules and regulations.
It addition, also having a kind of situation is that application object and/or vehicle are gone out beyond application after going out
(situation that i.e. time-out is not returned), now, data management is not the most returned in the Preset Time of time period
Module does not receive traffic information, for this situation, the data pipe in the embodiment of the present invention
In the request for data that examination & approval can periodically be passed through by reason module, the request for data with specific markers is carried out
Cleaning detection, adds to the request for data outside the preset time period exceeding the time period that application is gone out
In the violation record list preset, administration section's inquiry concrete condition do concrete process.
The embodiment of the present invention reminds administration section to carry out object in violation of rules and regulations of going out by record list in violation of rules and regulations
Management, improve the work efficiency of administration section and ensured enterprise security.
In the embodiment of the present invention, the situation that object application can also be gone out by data management module is converged
Always, can include asking virtual degree, outer outdegree, normal recycle time, in violation of rules and regulations recycle time etc.,
With the department of strengthening management to any personnel who go out or the management of vehicle of going out.
Step 309, enquiry module initiates inquiry request to described data management module, it is thus achieved that with look into
Inquiry condition coupling request for data and represented.
In the embodiment of the present invention, the request for data passed through when examination & approval with the addition of traffic information, checks and writes off mark
After the information such as note, summary information, administration section can be with input inquiry condition with to data management mould
The request for data passed through of examining safeguarded in block is inquired about, and querying condition can be that application is gone out
Time period, the second identity, place etc. of going out.Enquiry module obtains and mates with querying condition
Request for data after, the described request for data mated with querying condition is represented.
It should be noted that the embodiment of the present invention is for passing in and out the vehicle of gate inhibition, it is also possible to carry out car
The real-time display of two information, including turnover time, license board information etc..
In order to make art technology object be more fully understood that the embodiment of the present invention, concrete with one below
The embodiment of the present invention is illustrated by application scenarios:
1) certain unit personnel first needs to ask for leave to be on home leave, and goes out, under 9 days during its plan morning 8 on the 2nd
Returning during noon 17, then on 1st, to second (department ask for leave management personnel), proposed to ask for leave application;
2) the information reporting registration of asking for leave of first (is considered as gate inhibition to control by second by online management system herein
Device processed has comprised the identity of first), Human Resources Department supervisor third carried out batch and asks for leave when 1 day 17
Management, have approved asking for leave of first, and this approval of jurisdiction is carried out upload process by online management system;
3) if first punctual brush finger stricture of vagina when the morning 8 on the 2nd is gone out, after gate inhibition obtains the finger print information of first,
From the first default data base, mating this finger print information, if matching, then obtaining the first data base
The name of the first corresponding with finger print information of middle storage, and the name of first is sent to online management system
System;
4) online management system searches the name of first in examination & approval data, if finding, then returns checking
Valid result;
5) opening gate after access control device receives checking valid result.
In embodiments of the present invention, by access control device is permeated with online management system
Individual device, it is achieved that the centralized management of record and the synchronization of authentication are checked and write off in the application of application personnel,
Can verify current after i.e. having reached the approval of application personnel instant request for data at once, application personnel or vehicle
Automatically check and write off the effect of process after return, meet the demand of modern management.
With reference to Fig. 3, it is shown that the access control method embodiment of a kind of identity-based of present invention checking
Flow chart of steps, described access control method is applied in access control device, described access control
Device associates with the online management system preset, and described method specifically may include steps of:
Step 401, access control device gathers the identity information of the current request object by gate inhibition,
Described identity information includes the first identity;
Step 402, access control device judges whether have in the first data base preset and described the
The identity of one identity coupling, the most then obtain the second identity, and by described the
Two identity send in real time to described online management system, described in described first database purchase
One identity and the incidence relation of the second identity;
Step 403, access control device is legal in the checking receiving the return of described online management system
After result, opening gate;Described checking valid result is that described online management system is receiving
After stating the second identity, find from the second default data base and described second identity
The information generated after common identity mark.
In one preferred embodiment of the invention, described method can also include:
Access control device generates traffic information, and described traffic information is transferred to described online management
System.
In one preferred embodiment of the invention, described access control device generates traffic information, and
The step that described traffic information is transferred to described online management system is included:
When monitoring gate inhibition and opening, the record current time by the object of gate inhibition by gate inhibition;
Second identity of the current object by gate inhibition of tissue and described current by gate inhibition's
The object time by gate inhibition, generate traffic information;
Described traffic information is transferred to described online management system.
In one preferred embodiment of the invention, described access control device has gate inhibition's mark, institute
Method of stating also includes:
Described gate inhibition is identified transmission to described online management system.
As a kind of preferred exemplary of the embodiment of the present invention, the described current request object by gate inhibition
Including at least one of the vehicle asking the personnel gone out and request to be gone out.It should be noted that
For embodiment of the method, in order to be briefly described, therefore it is all expressed as a series of combination of actions,
But art technology object should be known, the embodiment of the present invention is not by described sequence of movement
Restriction because according to the embodiment of the present invention, some step can use other orders or simultaneously
Carry out.Secondly, art technology object also should be known, embodiment described in this description is equal
Belong to preferred embodiment, necessary to the involved action not necessarily embodiment of the present invention.
For the embodiment of the method described in Fig. 3, due to its phase basic with said apparatus embodiment
Seemingly, so describe is fairly simple, relevant part sees the part of embodiment of the method and illustrates.
Each embodiment in this specification all uses the mode gone forward one by one to describe, each embodiment emphasis
Illustrate is all the difference with other embodiments, identical similar part between each embodiment
See mutually.
Technical object in this area it should be appreciated that the embodiment of the embodiment of the present invention can be provided as method,
Device or computer program.Therefore, the embodiment of the present invention can use complete hardware embodiment,
Completely software implementation or the form of the embodiment in terms of combining software and hardware.And, this
Bright embodiment can use at one or more computers wherein including computer usable program code
Usable storage medium (including but not limited to disk memory, CD-ROM, optical memory etc.) is upper real
The form of the computer program executed.
In a typical configuration, described computer equipment includes one or more processor
(CPU), input/output interface, network interface and internal memory.Internal memory potentially includes computer-readable medium
In volatile memory, the shape such as random access memory (RAM) and/or Nonvolatile memory
Formula, such as read only memory (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.Computer-readable medium includes removable media permanent and non-permanent, removable and non-
Information storage can be realized by any method or technology.Information can be computer-readable instruction,
Data structure, the module of program or other data.The example of the storage medium of computer includes, but
Be not limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic random are deposited
Access to memory (DRAM), other kinds of random access memory (RAM), read only memory
(ROM), Electrically Erasable Read Only Memory (EEPROM), fast flash memory bank or other in
Deposit technology, read-only optical disc read only memory (CD-ROM), digital versatile disc (DVD) or other
Optical storage, magnetic cassette tape, tape magnetic rigid disk storage other magnetic storage apparatus or any its
His non-transmission medium, can be used for the information that storage can be accessed by a computing device.According to herein
Defining, computer-readable medium does not include the computer readable media (transitory media) of non-standing,
Data signal and carrier wave such as modulation.
The embodiment of the present invention be with reference to according to embodiments of the present invention method, terminal unit (system) and
The flow chart of computer program and/or block diagram describe.It should be understood that can be by computer journey
Sequence instructs each flow process in flowchart and/or block diagram and/or square frame and flow chart
And/or the flow process in block diagram and/or the combination of square frame.These computer program instructions can be provided
To general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing terminals
The processor of equipment is to produce a machine so that processed by computer or other programmable datas
The instruction that the processor of terminal unit performs produces for realizing at one flow process of flow chart or multiple stream
The device of the function specified in journey and/or one square frame of block diagram or multiple square frame.
These computer program instructions may be alternatively stored in and can guide at computer or other programmable datas
In the computer-readable memory that reason terminal unit works in a specific way so that be stored in this calculating
Instruction in machine readable memory produces the manufacture including command device, and this command device realizes
One flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame are specified
Function.
These computer program instructions also can be loaded into computer or other programmable data processing terminals
On equipment so that on computer or other programmable terminal equipment perform sequence of operations step with
Produce computer implemented process, thus perform on computer or other programmable terminal equipment
Instruction provides for realizing at one flow process of flow chart or multiple flow process and/or one square frame of block diagram
Or the step of the function specified in multiple square frame.
Although have been described for the preferred embodiment of the embodiment of the present invention, but the technical object in this area
Once know basic creative concept, then these embodiments can be made other change and amendment.
So, claims are intended to be construed to include preferred embodiment and fall into the embodiment of the present invention
All changes of scope and amendment.
Finally, in addition it is also necessary to explanation, in this article, the relation of such as first and second or the like
Term is used merely to separate an entity or operation with another entity or operating space, and not
Necessarily require or imply and there is the relation of any this reality or suitable between these entities or operation
Sequence.And, term " includes ", " comprising " or its any other variant are intended to nonexcludability
Comprise, so that include the process of a series of key element, method, article or terminal unit not only
Including those key elements, but also include other key elements being not expressly set out, or also include for
The key element that this process, method, article or terminal unit are intrinsic.There is no more restriction
In the case of, statement " including ... " key element limited, it is not excluded that including described key element
Process, method, article or terminal unit there is also other identical element.
Access control method and a kind of base to a kind of identity-based provided by the present invention checking above
In the access control device of authentication, it is described in detail, specific case used herein
Principle and embodiment to the present invention are set forth, and the explanation of above example is only intended to side
Assistant solves method and the core concept thereof of the present invention;Simultaneously for one of ordinary skill in the art,
According to the thought of the present invention, the most all will change, combine
Upper described, this specification content should not be construed as limitation of the present invention.
Claims (6)
1. the access control device of an identity-based checking, it is characterised in that described access control
Device associates with the online management system preset, and described access control device includes:
Information acquisition module, for gathering the identity information of the current request object by gate inhibition, institute
State identity information and include the first identity;
Identification module, for judging whether have and described first in the first data base preset
The identity of identity coupling, the most then obtain the second identity, and by described second
Identity sends in real time to described online management system, described in described first database purchase first
Identity and the incidence relation of the second identity;
Gate inhibition's opening module, for receiving the legal knot of checking that described online management system returns
After Guo, opening gate;Described checking valid result be described online management system receive described
After second identity, find from the second default data base and described second identity phase
With the information generated after identity;
Traffic information transfer module, is used for generating traffic information, and described traffic information is transferred to institute
State online management system;
Wherein, described traffic information transfer module includes:
Monitoring submodule, for being monitored described gate inhibition's opening module;
Data acquisition submodule, for when monitoring described gate inhibition's opening module opening gate, from institute
State the second identity obtaining the current object by gate inhibition in identification module;
Time record sub module, for recording the current time by the object of gate inhibition by gate inhibition;
Information generates submodule, for organizing the second identity of the described current object by gate inhibition
And described current time by the object of gate inhibition by gate inhibition, generate traffic information;
Transmission submodule, for being transferred to described online management system by described traffic information.
Device the most according to claim 1, it is characterised in that described access control device has
Having gate inhibition to identify, it is the most described online that described identification module is additionally operable to that described gate inhibition identifies transmission
Management system, described online management system is used for combining described gate inhibition and identifies described second identity mark
Know and verify.
Device the most according to claim 1 and 2, it is characterised in that described current request is led to
Cross at least one of the vehicle that the object of gate inhibition includes that the personnel asking to go out and request go out.
4. the access control method of an identity-based checking, it is characterised in that described access control
Method is applied in access control device, described access control device and the online management system preset
Association, described method includes:
Access control device gathers the identity information of the current request object by gate inhibition, and described identity is believed
Breath includes the first identity;
Access control device judges whether have and described first identity mark in the first data base preset
Know the identity of coupling, the most then obtain the second identity, and by described second identity mark
Know and send extremely described online management system in real time, the first identity mark described in described first database purchase
Know the incidence relation with the second identity;
Access control device, after receiving the checking valid result that described online management system returns, is opened
Open gate inhibition;Described checking valid result is that described online management system is receiving described second identity
After mark, find from the second default data base and described second identity common identity mark
The information generated after knowledge;
Access control device generates traffic information, and described traffic information is transferred to described online management
System, including:
When monitoring gate inhibition and opening, the record current time by the object of gate inhibition by gate inhibition;
Second identity of the current object by gate inhibition of tissue and described current by gate inhibition's
The object time by gate inhibition, generate traffic information;
Described traffic information is transferred to described online management system.
Method the most according to claim 4, it is characterised in that described access control device has
Having gate inhibition to identify, described method also includes:
Described gate inhibition is identified transmission to described online management system.
6. according to the method described in claim 4 or 5, it is characterised in that described current request is led to
Cross at least one of the vehicle that the object of gate inhibition includes that the personnel asking to go out and request go out.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410422030.1A CN104240342B (en) | 2014-08-25 | 2014-08-25 | Access control method and device based on identity authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410422030.1A CN104240342B (en) | 2014-08-25 | 2014-08-25 | Access control method and device based on identity authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104240342A CN104240342A (en) | 2014-12-24 |
| CN104240342B true CN104240342B (en) | 2017-01-11 |
Family
ID=52228339
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410422030.1A Active CN104240342B (en) | 2014-08-25 | 2014-08-25 | Access control method and device based on identity authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104240342B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487762B (en) * | 2015-08-31 | 2019-12-13 | 腾讯科技(深圳)有限公司 | user identity recognition method, identity recognition application client and server |
| CN105894622A (en) * | 2015-12-14 | 2016-08-24 | 乐视移动智能信息技术(北京)有限公司 | Access control identification method, device and system and terminal |
| CN107045684B (en) * | 2016-02-06 | 2022-11-15 | 戴见霖 | Identity recognition system and recognition method thereof |
| CN105825642A (en) * | 2016-05-25 | 2016-08-03 | 安徽远东网络科技有限公司 | Community security information processing system |
| CN106453220A (en) * | 2016-06-17 | 2017-02-22 | 四川师范大学 | Butt joint type safety protection identification method |
| CN106373228B (en) * | 2016-08-29 | 2019-02-19 | 杭州巴玺电子科技有限公司 | A kind of passive lock system of intelligent and safe and its method for unlocking |
| US11094153B2 (en) | 2016-09-30 | 2021-08-17 | Assa Abloy Ab | Controlling access to a physical space using a fingerprint sensor |
| CN108022334A (en) * | 2016-11-04 | 2018-05-11 | 法乐第(北京)网络科技有限公司 | Garage access control system and garage door control method |
| CN108021851A (en) * | 2016-11-04 | 2018-05-11 | 法乐第(北京)网络科技有限公司 | Garage door control system and garage fingerprint base update method |
| CN106981119A (en) * | 2017-05-05 | 2017-07-25 | 江苏速度信息科技股份有限公司 | Entrance guard management system and method based on body shape |
| CN107330601A (en) * | 2017-06-23 | 2017-11-07 | 深圳市盛路物联通讯技术有限公司 | A kind of intelligent gun management method and device |
| CN108335387A (en) * | 2018-01-23 | 2018-07-27 | 阿里巴巴集团控股有限公司 | Face recognition door control system and access control method |
| CN110580754A (en) * | 2018-06-11 | 2019-12-17 | 杭州海康威视系统技术有限公司 | Face authentication method, device and system |
| CN109360301A (en) * | 2018-09-05 | 2019-02-19 | 深圳中兴力维技术有限公司 | Access control system and its control method |
| CN110021088B (en) * | 2018-10-29 | 2021-06-29 | 深圳市微开互联科技有限公司 | Page control door opening system and method of distributed authorization architecture |
| CN109712290A (en) * | 2018-12-26 | 2019-05-03 | 广东中安金狮科创有限公司 | Security system |
| CN113132106B (en) * | 2019-12-30 | 2023-08-18 | 中国移动通信集团山西有限公司 | User identity recognition system |
| CN112489282A (en) * | 2020-12-02 | 2021-03-12 | 杭州国辰机器人科技有限公司 | Entrance guard attendance checking method, system, computer equipment and storage medium |
| CN114724292B (en) * | 2022-03-31 | 2023-08-22 | 合肥指南针电子科技有限责任公司 | Prison management method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101114338A (en) * | 2007-08-21 | 2008-01-30 | 深圳市杰特电信控股有限公司 | Work attendance method based on finger print mobile phones |
| CN101587607A (en) * | 2008-05-23 | 2009-11-25 | 上海科识通信息科技有限公司 | Opening type radio frequency automatic identification gate control system |
| CN101661586A (en) * | 2009-09-29 | 2010-03-03 | 金蝶软件(中国)有限公司 | Method of optimized data processing procedure and device thereof |
| CN103986772A (en) * | 2014-05-23 | 2014-08-13 | 南京洛尧智慧信息技术有限公司 | Army management system based on internet of things and cloud computing |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7775429B2 (en) * | 2006-08-16 | 2010-08-17 | Isonas Security Systems | Method and system for controlling access to an enclosed area |
-
2014
- 2014-08-25 CN CN201410422030.1A patent/CN104240342B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101114338A (en) * | 2007-08-21 | 2008-01-30 | 深圳市杰特电信控股有限公司 | Work attendance method based on finger print mobile phones |
| CN101587607A (en) * | 2008-05-23 | 2009-11-25 | 上海科识通信息科技有限公司 | Opening type radio frequency automatic identification gate control system |
| CN101661586A (en) * | 2009-09-29 | 2010-03-03 | 金蝶软件(中国)有限公司 | Method of optimized data processing procedure and device thereof |
| CN103986772A (en) * | 2014-05-23 | 2014-08-13 | 南京洛尧智慧信息技术有限公司 | Army management system based on internet of things and cloud computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104240342A (en) | 2014-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104240342B (en) | Access control method and device based on identity authentication | |
| US11276131B2 (en) | Property management system utilizing a blockchain network | |
| CN105678872B (en) | A kind of access control system and its authorization method and access control terminal equipment | |
| CN104240013B (en) | A kind of access control method and access control platform | |
| CN104240014B (en) | A kind of online access control method and platform | |
| CN105703907B (en) | For the devices, systems, and methods registered and verified handwritten signature and achieved to hand-written information | |
| CN111553767B (en) | Shared house leasing system, method and storage medium based on block chain | |
| CN110148232A (en) | Visitor management system, method, equipment and storage medium | |
| CN109768983A (en) | Dynamic and Multi dimensional personal identification method, apparatus and system based on block chain | |
| CN110276872B (en) | Automatic access control authorization method based on face recognition | |
| CN108269331A (en) | A kind of intelligent video big data processing system | |
| CN110164012A (en) | A kind of community's access control system and working method thereof | |
| CN112328995B (en) | Social management system based on TOF image sensor verification | |
| CN108140152A (en) | Computer implemented tracking mechanism and data management | |
| CN110245940A (en) | Digital asset voucher inherits the information processing method and relevant apparatus in transfer | |
| CN109117668A (en) | A kind of identification authorization safety access method based on block chain building | |
| CN111934881B (en) | Data right determining method and device, storage medium and electronic device | |
| CN107689019A (en) | A kind of source of houses checking method and system | |
| CN109558918A (en) | A kind of certificate chain real estate electronics license system and its application method | |
| CN109446259A (en) | Data processing method and device, processor and storage medium | |
| CN104704521B (en) | Multifactor profile and security fingerprint analysis | |
| CN109831310A (en) | A kind of auth method, system and relevant apparatus | |
| Singh et al. | Designing a blockchain-enabled methodology for secure online voting system | |
| CN110825776A (en) | Air quality detection report processing method and device, computing equipment and storage medium | |
| CN112699418A (en) | Floating population management method and system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190116 Address after: Room 1101, No. 7 Building, 98 Lianshi Lake West Road, Mentougou District, Beijing 102300 Patentee after: Beijing spaceflight morning letter Technology Co., Ltd. Address before: 102308 No. 1 Yongan Road, Shilong Economic Development Zone, Mentougou District, Beijing Patentee before: China Aerospace Ke Gong group the 4th research institute's command automation technical research and application center |