CN106875515A - Gate inhibition's checking system and its gate inhibition's verification method - Google Patents
Gate inhibition's checking system and its gate inhibition's verification method Download PDFInfo
- Publication number
- CN106875515A CN106875515A CN201510925232.2A CN201510925232A CN106875515A CN 106875515 A CN106875515 A CN 106875515A CN 201510925232 A CN201510925232 A CN 201510925232A CN 106875515 A CN106875515 A CN 106875515A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- access
- security server
- network
- dedicated network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000002401 inhibitory effect Effects 0.000 title claims abstract description 64
- 230000004044 response Effects 0.000 claims abstract description 62
- 230000002265 prevention Effects 0.000 claims description 13
- 238000005303 weighing Methods 0.000 claims description 4
- 230000000875 corresponding Effects 0.000 description 9
- 238000000034 method Methods 0.000 description 9
- 238000003860 storage Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 235000013399 edible fruits Nutrition 0.000 description 3
- 230000002123 temporal effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000001757 vomitory Effects 0.000 description 2
- 230000001413 cellular Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000001429 stepping Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/28—Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
Abstract
The present invention provides a kind of gate inhibition's checking system and its gate inhibition's verification method, and gate inhibition's checking system includes:Mobile terminal, access controller and security server;Access controller, is arranged on the entrance of zone of protection, for Dynamic Announce Quick Response Code;Mobile terminal, for obtaining scanning authority, scans the Quick Response Code of access controller Dynamic Announce;Based on scan obtain Quick Response Code, via public network to security server send access dedicated network access request;Dedicated network is accessed, the open request for opening zone of protection is sent to security server via dedicated network;Security server, authorizes mobile terminal to access dedicated network for being authenticated to the access request that mobile terminal sends, when authenticating successfully;Open request is authenticated, zone of protection is opened via dedicated network access control controller when authenticating successfully.Gate inhibition's checking system that the present invention is realized using dedicated network, can lift the safety and reliability of gate inhibition's checking.
Description
Technical field
The present invention relates to gate inhibition's verification technique of the communications field, more particularly to a kind of gate inhibition's checking system and its door
Prohibit verification method.
Background technology
Gate inhibition's verification technique based on mobile terminal, Quick Response Code is used widely;Prior art is based on dynamic
Quick Response Code gate control system Dynamic Announce Quick Response Code, the two dimension for scanning is sent by mobile terminal by public network
Code carries out checking application, there is problems with:The security of network is not considered, if mobile terminal checking Shen
Please during always using the public network communication environment such as internet, 2 D code information is easily trapped, leads
Gate inhibition's checking of Quick Response Code is caused security breaches occur.
The content of the invention
The embodiment of the present invention provides a kind of gate inhibition's checking system and its gate inhibition's verification method, can lift gate inhibition and test
The safety and reliability of card.
What the technical scheme of the embodiment of the present invention was realized in:
In a first aspect, the embodiment of the present invention provides a kind of gate inhibition's checking system, the system includes:It is mobile whole
End, access controller and security server;Wherein,
The access controller, is arranged on the entrance of zone of protection, for Dynamic Announce Quick Response Code;
The mobile terminal, for obtaining scanning authority, scans the two dimension of the access controller Dynamic Announce
Code;Based on scan obtain Quick Response Code, via public network to the security server send access it is special
The access request of network;The dedicated network is accessed, is sent out to the security server via the dedicated network
Send the open request of the opening zone of protection;
The security server, for being authenticated to the access request that the mobile terminal sends, mirror
The mobile terminal is authorized to access the dedicated network when weighing successfully;The open request is authenticated, is reflected
The access controller is controlled to open the zone of protection via the dedicated network when weighing successfully.
Second aspect, the embodiment of the present invention provides a kind of gate inhibition's verification method, and methods described includes:
Acquisition for mobile terminal scans authority, scans the Quick Response Code of access controller Dynamic Announce;Based on being scanned
The Quick Response Code for obtaining, the access request for sending access dedicated network to security server via public network;
The security server is authenticated to the access request that the mobile terminal sends, and is authenticated successfully
Mobile terminal described in Shi Shouquan accesses the dedicated network;
The mobile terminal sends to the security server via the dedicated network and opens the zone of protection
Open request;
The security server is authenticated to the open request, via the dedicated network when authenticating successfully
The access controller is controlled to open the zone of protection.
In gate inhibition's checking system provided in an embodiment of the present invention and its gate inhibition's verification method, used with prior art
Quick Response Code carries out gate inhibition's checking difference to mobile terminal, and private network is accessed to mobile terminal using dynamic two-dimension code
The authority of network is verified that mandate mobile terminal uses dedicated network, such mobile terminal when being verified
Can ask to open prevention and control region to security server by dedicated network, mobile terminal is authenticated with security service
The communication of process is carried by dedicated network, is prevented effectively from correlation technique and is used public communication network to carry authentication
The communication data of process and cause communication data by the risk of malicious intercepted, it is ensured that the peace of gate inhibition's checking system
Full property and reliability.
Brief description of the drawings
Fig. 1 is the structural representation of gate inhibition's checking system in the embodiment of the present invention;
Fig. 2 is that gate inhibition's checking system carries out the schematic flow sheet one of gate inhibition's checking in the embodiment of the present invention;
Fig. 3 is that gate inhibition's checking system carries out the logical schematic of gate inhibition's checking in the embodiment of the present invention;
Fig. 4 is that gate inhibition's checking system carries out the schematic flow sheet two of gate inhibition's checking in the embodiment of the present invention;
Fig. 5 is that gate inhibition's checking system carries out the schematic flow sheet three of gate inhibition's checking in the embodiment of the present invention.
Specific embodiment
Existing gate inhibition's verification technique is based on mobile terminal and is provided with the entrance guard device of Quick Response Code identification module, moves
Dynamic terminal is provided with Quick Response Code application module, by a key set in advance and time parameter, and movement
The international mobile device identification code (IMEI) of terminal is encrypted computing and obtains binary string code, then utilizes
The key that binary string code generation image in 2 D code is opened as gate inhibition;The scanning of Quick Response Code identification module is obtained
Image in 2 D code, after recognizing decoding, obtains the time of IMEI code and the key generation for being intended to opening gate,
By opening gate after checking, and abolish the key of this opening gate.
Existing gate inhibition's verification technique is primarily present problems with:
1st, the security of network is not considered, if using internet always during mobile terminal checking application
Network environment, 2 D code information is easily trapped;
2nd, it is identified only for mobile terminal IMEI code, differentiates that factor is less.Once mobile terminal is lost,
Cannot avoid being utilized and enter computer room, security is relatively low.
Following specific embodiment of the invention is proposed regarding to the issue above.
Embodiment one
The embodiment of the present invention provides a kind of gate inhibition's checking system, and referring to Fig. 1, gate inhibition's checking system includes:Move
Dynamic terminal 100, access controller 300 and security server 200.
Mobile terminal 1 00, the mark of mobile terminal 1 00 is registered by public network in security server 200
And Target Protection region (such as positional information of the computer room that the user of mobile terminal 1 00 needs enter, reality
The terminal of mobile terminal 100 can register multiple regions as Target Protection area in security server 200 during implementation
Domain, security server 200 can be using phone number, the integrated circuit card identification code of mobile terminal 1 00
(ICCID), IMEI etc. as mobile terminal 1 00 mark.
Security server 200, positional information and time factor based on zone of protection are encrypted to be moved
The Quick Response Code of state, dynamic Quick Response Code is sent to access controller 300 via dedicated network, for setting
Shown in the access controller 300 of the entrance of zone of protection (such as computer room), the granularity of time factor can be with
Set according to actual conditions, for example time factor can in seconds, that is, security server 200 is every
Second can be encrypted according to the positional information in current time factor (being accurate to the second) combinative prevention region and obtain
Quick Response Code, is sent to the Quick Response Code of generation access controller 300 and shows, shows access controller 300
Quick Response Code occurrence dynamics change in seconds, so as to realize making the Dynamic Announce of access controller 300 two dimension
Code.
Mobile terminal 1 00 obtains scanning authority in the following way:The scanning Dynamic Announce of access controller 300
Quick Response Code;Based on scan obtain Quick Response Code, via public network (such as cellular communications network of mobile phone
Network) access request for accessing dedicated network is sent to security server 200;Via dedicated network to safety clothes
Business device 200 sends the open request of open zone of protection, and dedicated network here refers to carry out gate inhibition's checking
And the closure communication network for setting can for example use WiFi network, dedicated network not external disclosure, only
Application is accessed by way of sending access request to security server 200.
Access request of the security server 200 in the following way to mobile terminal 1 00 is authenticated:To moving
Quick Response Code that the access request that the mark of dynamic terminal 100, mobile terminal 1 00 send is carried and time because
Son is authenticated;For example,
1) security server 200 is by the mark of mobile terminal 1 00 mobile terminal 1 00 of access request (send)
Knowledge is matched to determine mobile terminal with the mark of the mobile terminal 1 00 registered in security server 200
Whether 100 register in security server 200, judges if not registering to access request failed authentication;
Subsequent match is carried out if registration;2) mobile terminal 1 00 (is sent access request by security server 200
Mobile terminal 1 00) registration target prevention and control region the two dimension that sends of positional information and mobile terminal 1 00
The positional information that code is carried is matched, and the match is successful then carries out subsequent match, otherwise judges to access request
Failed authentication;3) time factor that security server 200 carries access request Quick Response Code is carried with it is current
Time match, such as time factor then judge with the difference of current time without departing from effective time limit please to access
Ask and authenticate successfully;
Mobile terminal 1 00 is authorized to access dedicated network when being authenticated to access request:Via public network to movement
Terminal 100 sends the access information of dedicated network, to authorize mobile terminal 1 00 to access dedicated network;Access
The access device identification (namely the access title at special networking) of information including dedicated network, access pin and
The access time limit of access pin;Sent to mobile terminal 1 00 via public network, and record access title,
The mark of mobile terminal 1 00 and the Time Of Release of access information;Wherein the access time limit is from access information
Time Of Release start timing.
After mobile terminal 1 00 accesses dedicated network, send open request to ask out to security server 200
Prevention and control region is put, security server 200 is authenticated to open request in the following way:1) security server
200 pairs of marks that will send the mobile terminal 1 00 of open request are entered with the mark of the mobile terminal 1 00 of record
Row matching, 2) access network device that the mobile terminal 1 00 of transmission open request is accessed is identified and record
The mark of access network device matched, and 3) time and the record of open request will be received
Access time limit matching and (receive the Time Of Release of time relative record of open request without departing from access generation in time limit
The match is successful for table);When above-mentioned matching succeeds, alternatively, security server 200 carries out safety problem checking,
When being proved to be successful prevention and control region is opened via dedicated network access control controller 300;If above-mentioned matching
1), 2) operation succeeds and 3) failure, then show that the access pin of mobile terminal 1 00 has failed, mobile
Terminal 100 send again access dedicated network prompt message so that mobile terminal 1 00 reacquire it is special
The access information of network;
When safety problem checking is carried out, by safety problem (the correspondence mobile terminal of correspondence mobile terminal 1 00
100 safety problem and answer can pass through public network in security server 200 by mobile terminal 1 00
Set during registration) sent to mobile terminal 1 00 via dedicated network, by mobile terminal 1 00 via private network
The answer that network sends is matched with the answer of registration.The match is successful then judges that safety problem is verified;Peace
Full problem checking further improves the reliability of gate inhibition's checking.
Embodiment two
Corresponding with gate inhibition's checking system that embodiment one is recorded, the present embodiment records a kind of gate inhibition's verification method,
Referring to Fig. 2, gate inhibition's verification method that the present embodiment is recorded is comprised the following steps:
Step 101, mobile terminal 1 00 registers mobile terminal 1 00 by public network in security server 200
Mark and Target Protection region positional information.
Step 102, the positional information and time factor that security server 200 is based on zone of protection is added
It is close to obtain dynamic Quick Response Code, by dynamic Quick Response Code via dedicated network send to access controller 300 with
Shown for access controller 300.
Step 103, mobile terminal 1 00 obtains scanning authority, the scanning Dynamic Announce of access controller 300
Quick Response Code;Based on scan obtain Quick Response Code, via public network to security server 200 send access
The access request of dedicated network.
Step 104, the Quick Response Code of the access request carrying that security server 200 sends to mobile terminal 1 00,
Mobile terminal 1 00 is authorized to access private network and the mark of mobile terminal 1 00 is authenticated, when authenticating successfully
Network.
Security server 200 carries out the mark of mobile terminal 1 00 with the mark of registered mobile terminal 1 00
Matching, the target that the positional information that the Quick Response Code that access request is carried is carried is registered with mobile terminal 1 00 is prevented
Control region positional information matched, and by access request carry Quick Response Code carry time factor with
Current time matches, send the access of dedicated network via public network to mobile terminal 1 00 when the match is successful
Information accesses dedicated network to authorize mobile terminal 1 00.
Step 105, mobile terminal 1 00 sends to security server 200 via dedicated network and opens guard plot
The open request in domain.
Step 106, security server 200 is authenticated to open request, via private network when authenticating successfully
Network access control controller 300 opens zone of protection.
Security server 200 will send the mark of the mobile terminal 1 00 of open request and the mobile terminal of record
100 mark is matched, the access network device that the mobile terminal 1 00 for sending open request is accessed
Mark is matched with the mark of access network device of record, and will receive open request time and
The access time limit matching of record;When the match is successful prevention and control are opened via dedicated network access control controller 300
Region;Alternatively, security server 200 is in the time that will receive open request and the access time limit of record
When it fails to match, the prompt message for accessing dedicated network again is sent to mobile terminal 1 00.
Alternatively, security server 200 carries out safety problem checking when the match is successful, when being proved to be successful via
Dedicated network access control controller 300 opens prevention and control region, strengthens the reliability and peace of gate inhibition's checking system
Quan Xing;For example, mobile terminal 1 00 registers mobile terminal 1 00 by public network in security server 200
Safety problem and answer that user is set;Security server 200 asks the safety of correspondence mobile terminal 1 00
Topic is sent to mobile terminal 1 00 via dedicated network, by mobile terminal 1 00 via answering that dedicated network sends
Case is matched with the answer of registration, and the match is successful then judges that safety problem is verified.
Embodiment three
Gate inhibition's checking of the present embodiment combination computer room is illustrated, and participates in Fig. 3, the gate inhibition that the present embodiment is recorded
Checking system is main by mobile terminal client terminal (mobile terminal 1 00 in corresponding diagram 3, mobile terminal client
Realized by running of mobile terminal at end), security server 200, the part of access controller 300 3 realize jointly,
Illustrate separately below.
Security server 200
1st, it is responsible for the examination & verification of computer room access right information.
2nd, control machine room door access control system (access controller 300) periodically shows dynamic two-dimension code, the dynamic two
Dimension code combines computer room positional information, time factor encryption generation by security server 200, with position characteristic,
Timeliness and uniqueness, only security server 200 can realize that information is changed to dynamic two-dimension code, by stepping on
After mobile terminal client terminal after record scans the Quick Response Code, can just be accessed to the application of security server 200 special
Use WiFi network.
3rd, mobile terminal client terminal (running realization by mobile terminal 1 00) logs in safety using the ID of registration
Server 200, security server 200 logs in the ID for using and authenticates to mobile terminal client terminal, inquires about
Whether the ID is to be reviewed the ID for passing through, and security server 200 allows the corresponding mobile terminals of the ID
Client is logged in;If the ID is not audit the ID for passing through, the corresponding mobile terminal client terminals of the ID will
Can not log in;Mobile terminal client terminal does not have the dynamic two-dimension code for scanning computer room entrance under the state that is not logged in
Authority.
4th, security server 200 pairs carries out authentication identification from the Quick Response Code that mobile terminal client terminal sends,
Judge Host equipment room information, Quick Response Code temporal information, if failed authentication, the Quick Response Code be probably forge or
Failure;If authenticated successfully, then the ID of mobile terminal client terminal is authenticated.
5th, security server 200 confirms that the ID has the corresponding computer room of positional information of carrying in Quick Response Code
After authority, to mobile terminal client terminal provide special WiFi network access information (including access title namely
The ID of the access device of special WiFi network, access pin and access the time limit), it is ensured that access safety;Safety
Server 200 records following information:Distribute to mobile terminal client terminal and access what special WiFi network was used
The ID of access device, the ID of mobile terminal client terminal, the time (authorizing the time) for providing access information;Such as
The authority of the positional information correspondence computer room that fruit mobile terminal client terminal ID is carried without Quick Response Code, authentication is by nothing
Method passes through, and security server 200 will not provide the access information of special WiFi network to mobile terminal client terminal
(including accessing title and access pin), so that refusing mobile terminal client terminal accesses special WiFi network.
6th, security server 200 receives request (the carrying request of the entrance computer room from mobile terminal client terminal
The WiFi equipment ID and access pin of access) when, compare the access device of the special WiFi network of record
ID, mobile terminal client terminal ID, access pin Time Of Release;If with record matching but password time-out (
Be exactly security server 200 access pin Time Of Release beyond access the time limit), security server 200
Refusal is accessed, prompting mobile terminal client applies entering again, improves security;If with record
With meeting and access pin has not timed out (Time Of Release of access information without departing from access time limit), security server
200 computer rooms for setting user enter on problem random display to mobile terminal client terminal, mobile terminal client
End the problem that user answers on mobile terminal client terminal is submitted into security server 200, if answer and
The answer matches for pre-setting, the access control controller 300 of security server 200 is opened, it is allowed to Yong Hujin
Enter computer room;If answer mistake, security server 200 is not notified that access controller 300 will not be opened,
Into being rejected.
Mobile terminal client terminal
1st, support that (operation of mobile terminal client terminal can be considered in embodiment three in running of mobile terminal use
Realization is run by mobile terminal 1 00), mobile terminal client terminal can be connected using the public network of mobile terminal
And the network environment of public network connection can be detected.
2nd, in addition to the application in the ID of the registration mobile terminal client terminal of security server 200, mobile terminal
The other functions of client need to use security server 200 to audit the ID for passing through and log in security server 200
Could use afterwards, cannot otherwise obtain associated rights.
3rd, the setting of the answer that the application for registration of gate inhibition's access entitlements and computer room enter.
4th, after being logined successfully using ID, security server 200 can control computer room to mobile terminal client terminal
Access controller 300 (being provided with two dimensional code display device) the display dynamic two-dimension code of entrance is for movement
Client terminals are scanned, after the completion of mobile terminal client terminal scanning, can log in use ID, scan
Quick Response Code sends to security server 200 and carries out authentication identification, the access authority of application-specific WiFi network.
5th, mobile terminal client terminal receives the access information of the special WiFi network from security server 200
(including access title, access pin and access the effective time of time limit namely access pin), mobile terminal visitor
Family end prompting user disconnects public network connection, and requires to access special WiFi network.Mobile terminal client terminal
After detecting already off public network and having connected special WiFi network, the ID for logging in is carried to security service
Device 200 sends the application into computer room.
6th, mobile terminal client terminal is communicated by special WiFi network with security server 200;Such as
Fruit password will be prompted to rescan Quick Response Code apply entering computer room beyond the time limit is accessed;If password does not surpass
Go out and access the time limit, security server 200 sends answer set in advance to mobile terminal client terminal, obtain and use
The answer that family is submitted in mobile terminal client terminal, treats that security server 200 confirms the answer submitted to and sets
When fixed answer is consistent, control machine room door prohibits the channel controller that controller 300 opens computer room, it is allowed to user
Into;Notify to move if security server 200 confirms that the answer submitted to is inconsistent with answer set in advance
Dynamic client terminals gate inhibition will not open, user enters the feedback result being rejected
Access controller 300
1st, access controller 300 controls the switch of Vomitory, is mainly accessed by channel controller, WiFi
Device, two dimensional code display device composition.
2nd, mobile terminal client terminal connects the WiFi access devices of access controller 300, with security server
200 carry out authentication.
3rd, access controller 300 (being provided with two dimensional code display device) is obtained and shown from security server 200
Show dynamic two-dimension code, the special WiFi network of access is scanned after being logged in for mobile terminal client terminal and is used.
4th, standby communication terminal client is by after checking, access controller 300 being notified by security server 200
(being provided with channel controller) opens the Vomitory switch of computer room, it is allowed to which user enters.
Multifactor gate inhibition checking recognition methods logic flow based on Quick Response Code, referring to Fig. 4, including following step
Suddenly:
Step 201, mobile terminal client terminal is registered on security server 200.
Mobile terminal client terminal is connected using phone number as ID in security server 200 by public network
On registered, registration application need enter computer room information (positional information of such as computer room), set machine
The safe question and answer information of the access controller 300 in room.
Step 202, security server 200 is stepped on the phone number of mobile terminal and safe question and answer information
Note registration.
After the examination & verification of security server 200 user profile passes through, security server 200 is by the phone number of user
Registered with safe question and answer information, and memory mobile phone number is used for follow-up shifting as the ID of mobile client
The identification authentication of dynamic client terminals.
Step 203, mobile terminal client terminal logs in security server 200.
Mobile terminal client terminal uses phone number to log in security server 200, security server 200 as ID
Authenticate whether whether the ID is audited by (namely the ID for having registered), if examination & verification by prompting to
Mobile terminal client terminal is logined successfully;If do not passed through, login failure is pointed out to mobile terminal client terminal;Such as
In state is not logged in, the access controller 300 that will be unable to scan computer room (is provided with fruit mobile terminal client terminal
Two dimensional code display device) display Quick Response Code.
Step 204, the mobile terminal client terminal after login scans the dynamic of the display of access controller 300 of computer room
(dynamic two-dimension code combines computer room positional information, time factor and encrypts state Quick Response Code by security server 200
Generation, with position characteristic, timeliness and uniqueness, only security server 200 can realize translation), will
ID (namely phone number), Quick Response Code send to security server 200 and are authenticated.
The Quick Response Code of the computer room entrance that security server 200 is scanned to mobile terminal client terminal is authenticated:Sentence
The computer room position whether disconnected Quick Response Code Host equipment room information, Quick Response Code temporal information are safeguarded with security server 200
Confidence ceases and temporal information matching, if information matches fail, failed authentication, the Quick Response Code may be pseudo-
Make or fail.
Step 205, security administration server is authenticated to the ID of mobile terminal client terminal.
If the ID is the ID for having passed through registration examination & verification, registration information (including the machine according to the ID
The corresponding relation of room information) judge whether the ID has the corresponding computer room of positional information of carrying in Quick Response Code
Authority, if it has, then security server 200 provides connecing for special WiFi network to mobile terminal client terminal
Enter information (including access title, access pin and access the time limit), it is ensured that access safety.
Security server 200 records the access device of the special WiFi network for distributing to mobile terminal client terminal
ID, mobile terminal client terminal ID, Time Of Release;If the registration information table that security management services are safeguarded
It is bright:The authority of the computer room corresponding to positional informations of the ID of mobile terminal client terminal without Quick Response Code, authentication
Will be unable to pass through, security server 200 will not provide the access information of special WiFi network, refusal is mobile eventually
End client is accessed.
Step 206, mobile terminal client terminal sends entrance using special WiFi network to security server 200
The application of computer room.
Mobile terminal client terminal receives the special WiFi from security server 200 and accesses title, access pin
With access the time limit, mobile terminal client terminal prompting user disconnect public network network connection, and require access it is special
WiFi network, mobile terminal client terminal detects already off public network and has connected after dedicated network using connecing
Enter the special WiFi network of information access, the ID for carrying mobile terminal client terminal sends to security server 200
Into the request of computer room.
Step 207, request of the security server 200 to mobile terminal client terminal into computer room is authenticated.
After security server 200 receives the request of the mobile terminal client terminal transmitted via special WiFi network,
Compare access device ID (namely accessing title), the movement of the special WiFi network provided of record eventually
End client id, (access information) Time Of Release (correspondence mandate time);If met with record matching
But access pin is overtime, security server 200 will be refused to access, prompting mobile terminal client Shen again
Please enter, improve security;If meeting with record matching and access pin having not timed out, security server 200
The computer room that user is set enters problem, and transmission to mobile terminal client terminal shows for mobile terminal client terminal at random,
If the answer of the answer of the user that mobile terminal client terminal is submitted to is consistent with answer set in advance, door is controlled
Prohibit controller 300 (being provided with channel controller) open, it is allowed to which user enters computer room;If mobile terminal
The answer that client is submitted to is inconsistent with answer set in advance, the access control controller of security server 200
300 (being provided with channel controller) lockings, refusal user enters computer room.
If the continuous errors number of answer that mobile terminal client terminal is submitted to is more than 3 times, security administration server
The mobile terminal client terminal is freezed, the mobile terminal client terminal can not subsequently log in security server
200, or can not apply entering computer room, prevent risk from occurring.
Illustrated so that subscriber phone number is 13912345678 as an example again below, referring to Fig. 5, including with
Lower step:
Step 301, mobile terminal client terminal according to user operate 4G networks using 13912345678 as shifting
The ID of dynamic client terminals is registered to security server 200, and the authority of application computer room A simultaneously sets 5 problems
And answer.
Problem A, answer ABC
Problem B, answer CBA
Problem C, answer BAC
Problem D, answer ACB
Problem E, answer CAB
Step 302,200 pairs 13912345678 applications into computer room A of security server are audited,
After examination & verification passes through, 13912345678 corresponding mobile terminal client terminal ID obtain the authority for entering computer room A.
Step 303, mobile terminal client terminal uses 1391234567 as login safety clothes under 4G networks
The ID of business device 200, scans the access controller of computer room A entrances using mobile terminal client terminal after logining successfully
300 dynamic two-dimension code, application enters computer room.
Step 304, security server 200 is authenticated to the ID of mobile terminal client terminal, is sent special
The access information of WiFi network is to mobile terminal client terminal.
After security server 200 receives the request from mobile client 13912345678, it is determined that should
13912345678 ID in the examination & verification of security server 200 by and with after the access entitlements of computer room A,
The connection name JFA0101 and password 123456 of special WiFi will be sent to the client of the ID, while notifying
WiFi network equipment, it is allowed to 13912345678 client access network.The record hair of security server 200
The number 13912345678 put, access device ID JFA0101 and issue the time 20150601120000;
Step 305, after mobile terminal client terminal receives the access information of the return of security server 200, carries
Show that user disconnects 4G networks, access special WiFi network JFA0101.
Step 306, mobile terminal client terminal disconnects 4G networks according to user's operation, using password 123456
Access special WiFi network JFA0101.
After the completion of the detection of mobile terminal client terminal network, by the special WiFi network, to security server
200 send the request into computer room.
Step 307, security server 200 is by after the request that special WiFi network takes in computer room, verifying
The ID of mobile terminal client terminal.
Security server 200 is received into after the request of computer room by special WiFi network, verifies mobile terminal
The ID of client namely 13912345678, the network equipment ID JFA0101 for accessing and turn-on time
The information of 20150601120115, the ID meets the safety regulation of security server 200, authenticate successfully, to
Number 13912345678 sends problem C at random, carries out last answer and compares examination & verification.
Step 308, mobile terminal client terminal submits to user to answer to security server 200, and answer is BAC.
Step 309, the answer of the check problem C of security server 200 confirms what is set during with user's registration
Answer BAC is consistent, and access control controller 300 opens computer room, it is allowed to which user enters.
In sum, the embodiment of the present invention has the advantages that:
The embodiment of the present invention uses dynamic two-dimension code, the special WiFi encrypted using positional information, time factor
Passage, safety problem checking and mobile terminal client terminal ID identification technologies, realize the control of access permission, should
Technology is verified layer by layer using multiple factors, even if being moved lost terminal, is also tested because being compared using answer
Card link, prevents the illegal acquisition of access permission.Private network access, the process tool of checking are employed simultaneously
Standby security very high;
Dynamic two-dimension code secure accessing and the technology of various verification factors are applied to gate inhibition's checking identification field,
Propose the thinking of gate inhibition's checking identification, using dynamic two-dimension code mode and special WiFi network Access Control,
The method of answer verification carries out the solution of gate inhibition's checking identification, i.e., the dynamic for being generated by security server
Quick Response Code realizes the access of special WiFi network, and answering user's setting problem carries out gate inhibition's checking of answer comparison
Identification technology;
Secure accessing, special WiFi network are realized containing positional information, the encryption dynamic two-dimension code of time factor
Improve line security, answer verification examination & verification multiple factors checking and solve the safety identification of gate inhibition.By this side
Method security is higher, and it is more careful to audit, so as to realize the safety management of gate inhibition's checking;What is more important,
Even if this is lost using mobile terminal after invention, the examination & verification link that can be still verified by answer is taken precautions against,
Improve the security of gate inhibition's checking.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can
To be completed by the related hardware of programmed instruction, foregoing program can be stored in an embodied on computer readable and deposit
In storage media, the program upon execution, performs the step of including above method embodiment;And foregoing storage
Medium includes:Movable storage device, random access memory (RAM, Random Access Memory),
Read-only storage (ROM, Read-Only Memory), magnetic disc or CD etc. are various can be with storage program
The medium of code.
Or, if the above-mentioned integrated unit of the present invention is using realization in the form of software function module and as independently
Production marketing or when using, it is also possible to storage is in a computer read/write memory medium.Based on so
Understanding, the part that the technical scheme of the embodiment of the present invention substantially contributes to correlation technique in other words can
Embodied with the form of software product, the computer software product is stored in a storage medium, bag
Some instructions are included to be used to so that a computer equipment (can be personal computer, server or network
Equipment etc.) perform all or part of each embodiment methods described of the invention.And foregoing storage medium bag
Include:Movable storage device, RAM, ROM, magnetic disc or CD etc. are various can be with Jie of store program codes
Matter.
The above, specific embodiment only of the invention, but protection scope of the present invention is not limited to
This, any one skilled in the art the invention discloses technical scope in, can readily occur in
Change or replacement, should all be included within the scope of the present invention.Therefore, protection scope of the present invention should
It is defined by the scope of the claims.
Claims (10)
1. a kind of gate inhibition's checking system, it is characterised in that the system includes:Mobile terminal, access control
Device and security server;Wherein,
The access controller, is arranged on the entrance of zone of protection, for Dynamic Announce Quick Response Code;
The mobile terminal, for obtaining scanning authority, scans the two dimension of the access controller Dynamic Announce
Code;Based on scan obtain Quick Response Code, via public network to the security server send access it is special
The access request of network;The dedicated network is accessed, is sent out to the security server via the dedicated network
Send the open request of the opening zone of protection;
The security server, for being authenticated to the access request that the mobile terminal sends, mirror
The mobile terminal is authorized to access the dedicated network when weighing successfully;The open request is authenticated, is reflected
The access controller is controlled to open the zone of protection via the dedicated network when weighing successfully.
2. gate inhibition's checking system as claimed in claim 1, it is characterised in that
The mobile terminal, is additionally operable to register the movement in the security server by the public network
The mark of terminal and the positional information in Target Protection region;
The security server, being additionally operable to positional information and time factor based on the zone of protection is carried out
Encryption obtains dynamic Quick Response Code, and the dynamic Quick Response Code is sent to the door via the dedicated network
Prohibit controller so that the access controller shows;
The security server, is additionally operable to the mark of the mark of the mobile terminal and registered mobile terminal
Matched, the positional information that the Quick Response Code that the access request is carried is carried is registered with the mobile terminal
The positional information in target prevention and control region matched, and the Quick Response Code that the access request is carried is carried
Time factor matched with current time;Via the public network to described mobile whole when the match is successful
End sends the access information of the dedicated network to authorize the mobile terminal to access the dedicated network.
3. gate inhibition's checking system as claimed in claim 2, it is characterised in that
The security server, be additionally operable to by the access device identification of the dedicated network, access pin and
The access time limit of the access pin is sent to the mobile terminal via the public network, and records described
Access the Time Of Release of title, the mark of the mobile terminal and the access information;
The security server, is additionally operable to identifying and record for the mobile terminal by the open request is sent
The mark of mobile terminal is matched, the access network that the mobile terminal for sending the open request is accessed
Device identification is matched with the mark of the access network device of record, and will receive the open request
Time with record the access time limit match;Safety problem checking is carried out when the match is successful, is passed through when being proved to be successful
The access controller is controlled to open the prevention and control region by the dedicated network.
4. gate inhibition's checking system as claimed in claim 3, it is characterised in that
The security server, is additionally operable to carry out safety problem checking when the match is successful, safety problem checking
The access controller is controlled to open the prevention and control region via the dedicated network during success;
The security server, is additionally operable to when will receive the time of the open request with the access for recording
Limit sends the prompt message for accessing the dedicated network again to the mobile terminal when it fails to match.
5. gate inhibition's checking system as claimed in claim 4, it is characterised in that
The mobile terminal, is additionally operable to register the movement in the security server by the public network
Safety problem and answer that terminal user is set;
The security server, is additionally operable to the safety problem by the correspondence mobile terminal via the private network
Network is sent to the mobile terminal, the answer and registration that the mobile terminal is sent via the dedicated network
Answer matched;The match is successful then judges that safety problem is verified.
6. a kind of gate inhibition's verification method, it is characterised in that methods described includes:
Acquisition for mobile terminal scans authority, scans the Quick Response Code of access controller Dynamic Announce;Based on being scanned
The Quick Response Code for obtaining, the access request for sending access dedicated network to security server via public network;
The security server is authenticated to the access request that the mobile terminal sends, and is authenticated successfully
Mobile terminal described in Shi Shouquan accesses the dedicated network;
The mobile terminal sends to the security server via the dedicated network and opens the zone of protection
Open request;
The security server is authenticated to the open request, via the dedicated network when authenticating successfully
The access controller is controlled to open the zone of protection.
7. gate inhibition's verification method as claimed in claim 6, it is characterised in that methods described also includes:
The mobile terminal registers the mark of the mobile terminal by the public network in the security server
Knowledge and the positional information in Target Protection region;
The positional information and time factor that the security server is based on the zone of protection are encrypted and obtain
Dynamic Quick Response Code, the dynamic Quick Response Code is sent to the access controller via the dedicated network
So that the access controller shows;
The security server is authenticated to the access request that the mobile terminal sends, and is authenticated successfully
Mobile terminal described in Shi Shouquan accesses the dedicated network, including:
The security server is matched the mark of the mobile terminal with the mark of registered mobile terminal,
The target prevention and control that the positional information that the Quick Response Code that the access request is carried is carried is registered with the mobile terminal
The positional information in region is matched, and the time factor that the Quick Response Code that the access request is carried is carried
With current time matches;Send described special to the mobile terminal via the public network when the match is successful
The access information of network accesses the dedicated network to authorize the mobile terminal.
8. gate inhibition's verification method as claimed in claim 6, it is characterised in that authorized during the authentication success
The mobile terminal accesses the dedicated network, including:
The security server is by the access device identification of the dedicated network, access pin and the access
The access time limit of password is sent to the mobile terminal via the public network, and record it is described access title,
The Time Of Release of the mark of the mobile terminal and the access information;
The security server is authenticated to the open request, via the dedicated network when authenticating successfully
The access controller is controlled to open the zone of protection, including:
The security server will send the mark of the mobile terminal of the open request and the mobile terminal of record
Mark matched, the access network device mark that the mobile terminal for sending the open request is accessed
The mark of access network device with record is matched, and will receive time of the open request with
The access time limit matching of record;The access controller is controlled to open via the dedicated network when the match is successful
The prevention and control region.
9. gate inhibition's verification method as claimed in claim 8, it is characterised in that methods described also includes:
Safety problem checking is carried out when the match is successful, via the dedicated network control when safety problem is proved to be successful
Make the access controller and open the prevention and control region;
The security server matches mistake in the time that will receive the open request with the access time limit of record
When losing, the prompt message for accessing the dedicated network again is sent to the mobile terminal.
10. gate inhibition's verification method as claimed in claim 9, it is characterised in that described to carry out safety problem
Checking, including:
The mobile terminal registers the mobile terminal user by the public network in the security server
The safety problem of setting and answer;
The security server will the correspondence mobile terminal safety problem via the dedicated network send to
The mobile terminal, the mobile terminal is entered via the answer that the dedicated network sends with the answer of registration
Row matching;The match is successful then judges that safety problem is verified.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510925232.2A CN106875515B (en) | 2015-12-11 | 2015-12-11 | Gate inhibition verifies system and its gate inhibition's verification method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510925232.2A CN106875515B (en) | 2015-12-11 | 2015-12-11 | Gate inhibition verifies system and its gate inhibition's verification method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106875515A true CN106875515A (en) | 2017-06-20 |
CN106875515B CN106875515B (en) | 2019-10-29 |
Family
ID=59178489
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510925232.2A Active CN106875515B (en) | 2015-12-11 | 2015-12-11 | Gate inhibition verifies system and its gate inhibition's verification method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106875515B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107256584A (en) * | 2017-08-08 | 2017-10-17 | 黎志瀛 | The door lock control system that a kind of dynamic code is shown |
CN107393091A (en) * | 2017-08-01 | 2017-11-24 | 黎志瀛 | The intelligent control device of door lock that a kind of having electronic ink is shown |
CN107437285A (en) * | 2017-08-01 | 2017-12-05 | 黎志瀛 | A kind of cloud hotel management and control system |
CN107798761A (en) * | 2017-11-28 | 2018-03-13 | 成都万云互联科技有限公司 | The intelligence system that a kind of barcode scanning is opened the door |
CN107967740A (en) * | 2017-12-12 | 2018-04-27 | 江苏飞视文化发展有限公司 | A kind of gate inhibition |
CN108230512A (en) * | 2018-01-22 | 2018-06-29 | 成都清轻信息技术有限公司 | Security certificate unlocking system and method based on sound wave Streaming Media |
CN108305364A (en) * | 2018-02-02 | 2018-07-20 | 万众科技有限公司 | One kind is self-service to move in method, mobile terminal and server |
CN108921988A (en) * | 2018-06-25 | 2018-11-30 | 西安石油大学 | A kind of door-locking system and control method |
CN109147204A (en) * | 2018-08-16 | 2019-01-04 | 青海华职康健康科技有限公司 | A kind of automatic distribution method of personal protective equipment and system |
CN109191616A (en) * | 2017-07-07 | 2019-01-11 | 安徽德诺科技股份公司 | intelligent lock system |
CN109859358A (en) * | 2019-01-31 | 2019-06-07 | 深圳市多度科技有限公司 | Door-access control method and device, electronic equipment, computer readable storage medium |
CN110992554A (en) * | 2019-12-10 | 2020-04-10 | 温州市美拉五金有限公司 | Enterprise access control management method, device, equipment and medium |
CN112687040A (en) * | 2020-12-31 | 2021-04-20 | 广州技象科技有限公司 | Access control method, device, equipment and storage medium based on narrow-band Internet of things |
CN112767577A (en) * | 2020-12-23 | 2021-05-07 | 广州技象科技有限公司 | Access control unlocking method and device based on narrowband Internet of things |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7380279B2 (en) * | 2001-07-16 | 2008-05-27 | Lenel Systems International, Inc. | System for integrating security and access for facilities and information systems |
CN101447907A (en) * | 2008-10-31 | 2009-06-03 | 北京东方中讯联合认证技术有限公司 | VPN secure access method and system thereof |
CN102215487A (en) * | 2010-04-09 | 2011-10-12 | 国际商业机器公司 | Method and system safely accessing to a private network through a public wireless network |
CN103903316A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | Intelligent access control system and access control method thereof |
CN104504767A (en) * | 2014-11-26 | 2015-04-08 | 广东安居宝数码科技股份有限公司 | Check-in information verification method and system |
CN104637121A (en) * | 2013-11-07 | 2015-05-20 | 南京中兴力维软件有限公司 | Base station access control management method and system based on two-dimension code application |
CN104966340A (en) * | 2015-06-19 | 2015-10-07 | 深圳市幸福立方科技有限公司 | Access control system, access control method and cloud service platform |
-
2015
- 2015-12-11 CN CN201510925232.2A patent/CN106875515B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7380279B2 (en) * | 2001-07-16 | 2008-05-27 | Lenel Systems International, Inc. | System for integrating security and access for facilities and information systems |
CN101447907A (en) * | 2008-10-31 | 2009-06-03 | 北京东方中讯联合认证技术有限公司 | VPN secure access method and system thereof |
CN102215487A (en) * | 2010-04-09 | 2011-10-12 | 国际商业机器公司 | Method and system safely accessing to a private network through a public wireless network |
CN103903316A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | Intelligent access control system and access control method thereof |
CN104637121A (en) * | 2013-11-07 | 2015-05-20 | 南京中兴力维软件有限公司 | Base station access control management method and system based on two-dimension code application |
CN104504767A (en) * | 2014-11-26 | 2015-04-08 | 广东安居宝数码科技股份有限公司 | Check-in information verification method and system |
CN104966340A (en) * | 2015-06-19 | 2015-10-07 | 深圳市幸福立方科技有限公司 | Access control system, access control method and cloud service platform |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109191616A (en) * | 2017-07-07 | 2019-01-11 | 安徽德诺科技股份公司 | intelligent lock system |
CN107393091A (en) * | 2017-08-01 | 2017-11-24 | 黎志瀛 | The intelligent control device of door lock that a kind of having electronic ink is shown |
CN107437285A (en) * | 2017-08-01 | 2017-12-05 | 黎志瀛 | A kind of cloud hotel management and control system |
CN107256584A (en) * | 2017-08-08 | 2017-10-17 | 黎志瀛 | The door lock control system that a kind of dynamic code is shown |
CN107798761A (en) * | 2017-11-28 | 2018-03-13 | 成都万云互联科技有限公司 | The intelligence system that a kind of barcode scanning is opened the door |
CN107967740A (en) * | 2017-12-12 | 2018-04-27 | 江苏飞视文化发展有限公司 | A kind of gate inhibition |
CN108230512A (en) * | 2018-01-22 | 2018-06-29 | 成都清轻信息技术有限公司 | Security certificate unlocking system and method based on sound wave Streaming Media |
CN108305364A (en) * | 2018-02-02 | 2018-07-20 | 万众科技有限公司 | One kind is self-service to move in method, mobile terminal and server |
CN108921988A (en) * | 2018-06-25 | 2018-11-30 | 西安石油大学 | A kind of door-locking system and control method |
CN109147204A (en) * | 2018-08-16 | 2019-01-04 | 青海华职康健康科技有限公司 | A kind of automatic distribution method of personal protective equipment and system |
CN109859358A (en) * | 2019-01-31 | 2019-06-07 | 深圳市多度科技有限公司 | Door-access control method and device, electronic equipment, computer readable storage medium |
CN110992554A (en) * | 2019-12-10 | 2020-04-10 | 温州市美拉五金有限公司 | Enterprise access control management method, device, equipment and medium |
CN112767577A (en) * | 2020-12-23 | 2021-05-07 | 广州技象科技有限公司 | Access control unlocking method and device based on narrowband Internet of things |
CN112767577B (en) * | 2020-12-23 | 2022-05-27 | 广州技象科技有限公司 | Access control unlocking method and device based on narrowband Internet of things |
CN112687040A (en) * | 2020-12-31 | 2021-04-20 | 广州技象科技有限公司 | Access control method, device, equipment and storage medium based on narrow-band Internet of things |
Also Published As
Publication number | Publication date |
---|---|
CN106875515B (en) | 2019-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106875515A (en) | Gate inhibition's checking system and its gate inhibition's verification method | |
AU2016273888B2 (en) | Controlling physical access to secure areas via client devices in a networked environment | |
US8896416B1 (en) | Utilizing a mobile device to operate an electronic locking mechanism | |
US9426653B2 (en) | Secure remote access using wireless network | |
US7043230B1 (en) | Method and system for multi-network authorization and authentication | |
US7559081B2 (en) | Method and apparatus for authenticating a user at an access terminal | |
CN103249045B (en) | A kind of methods, devices and systems of identification | |
US7142840B1 (en) | Method and system for multi-network authorization and authentication | |
US11288352B1 (en) | Efficient startup and logon | |
US8151328B1 (en) | Accessing secure network areas by utilizing mobile-device authentication | |
US9286741B2 (en) | Apparatus and method for access control | |
US20220318835A1 (en) | Using a wireless transmitter and receiver to prevent unauthorized access to restricted computer systems | |
CN107231346A (en) | A kind of method of cloud platform identification | |
KR101451359B1 (en) | User account recovery | |
EP2579220A1 (en) | Entrance guard control method and system thereof | |
CN101262669A (en) | A secure guarantee method for information stored in a mobile terminal | |
CN105868975B (en) | Management method, management system and the mobile terminal of electronic banking account | |
US20170011393A1 (en) | Personal identification and anti-theft system and method using disposable random key | |
US11363014B2 (en) | Method and system for securely authenticating a user by an identity and access service using a pictorial code and a one-time code | |
US9413533B1 (en) | System and method for authorizing a new authenticator | |
US20200311285A1 (en) | Methods and devices for user authorization | |
CN106817697B (en) | A kind of methods, devices and systems for equipment certification | |
CN105915557A (en) | Network authentication method, access control method and network access equipment | |
CN109450953B (en) | Authorization method and device, electronic equipment and computer readable storage medium | |
CN101098230B (en) | Method and system for checking user facility operation application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |