CN106875515A - Gate inhibition's checking system and its gate inhibition's verification method - Google Patents

Gate inhibition's checking system and its gate inhibition's verification method Download PDF

Info

Publication number
CN106875515A
CN106875515A CN201510925232.2A CN201510925232A CN106875515A CN 106875515 A CN106875515 A CN 106875515A CN 201510925232 A CN201510925232 A CN 201510925232A CN 106875515 A CN106875515 A CN 106875515A
Authority
CN
China
Prior art keywords
mobile terminal
access
security server
network
dedicated network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510925232.2A
Other languages
Chinese (zh)
Other versions
CN106875515B (en
Inventor
邓为
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Liaoning Co Ltd
Original Assignee
China Mobile Group Liaoning Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Liaoning Co Ltd filed Critical China Mobile Group Liaoning Co Ltd
Priority to CN201510925232.2A priority Critical patent/CN106875515B/en
Publication of CN106875515A publication Critical patent/CN106875515A/en
Application granted granted Critical
Publication of CN106875515B publication Critical patent/CN106875515B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of gate inhibition's checking system and its gate inhibition's verification method, and gate inhibition's checking system includes:Mobile terminal, access controller and security server;Access controller, is arranged on the entrance of zone of protection, for Dynamic Announce Quick Response Code;Mobile terminal, for obtaining scanning authority, scans the Quick Response Code of access controller Dynamic Announce;Based on scan obtain Quick Response Code, via public network to security server send access dedicated network access request;Dedicated network is accessed, the open request for opening zone of protection is sent to security server via dedicated network;Security server, authorizes mobile terminal to access dedicated network for being authenticated to the access request that mobile terminal sends, when authenticating successfully;Open request is authenticated, zone of protection is opened via dedicated network access control controller when authenticating successfully.Gate inhibition's checking system that the present invention is realized using dedicated network, can lift the safety and reliability of gate inhibition's checking.

Description

Gate inhibition's checking system and its gate inhibition's verification method
Technical field
The present invention relates to gate inhibition's verification technique of the communications field, more particularly to a kind of gate inhibition's checking system and its door Prohibit verification method.
Background technology
Gate inhibition's verification technique based on mobile terminal, Quick Response Code is used widely;Prior art is based on dynamic Quick Response Code gate control system Dynamic Announce Quick Response Code, the two dimension for scanning is sent by mobile terminal by public network Code carries out checking application, there is problems with:The security of network is not considered, if mobile terminal checking Shen Please during always using the public network communication environment such as internet, 2 D code information is easily trapped, leads Gate inhibition's checking of Quick Response Code is caused security breaches occur.
The content of the invention
The embodiment of the present invention provides a kind of gate inhibition's checking system and its gate inhibition's verification method, can lift gate inhibition and test The safety and reliability of card.
What the technical scheme of the embodiment of the present invention was realized in:
In a first aspect, the embodiment of the present invention provides a kind of gate inhibition's checking system, the system includes:It is mobile whole End, access controller and security server;Wherein,
The access controller, is arranged on the entrance of zone of protection, for Dynamic Announce Quick Response Code;
The mobile terminal, for obtaining scanning authority, scans the two dimension of the access controller Dynamic Announce Code;Based on scan obtain Quick Response Code, via public network to the security server send access it is special The access request of network;The dedicated network is accessed, is sent out to the security server via the dedicated network Send the open request of the opening zone of protection;
The security server, for being authenticated to the access request that the mobile terminal sends, mirror The mobile terminal is authorized to access the dedicated network when weighing successfully;The open request is authenticated, is reflected The access controller is controlled to open the zone of protection via the dedicated network when weighing successfully.
Second aspect, the embodiment of the present invention provides a kind of gate inhibition's verification method, and methods described includes:
Acquisition for mobile terminal scans authority, scans the Quick Response Code of access controller Dynamic Announce;Based on being scanned The Quick Response Code for obtaining, the access request for sending access dedicated network to security server via public network;
The security server is authenticated to the access request that the mobile terminal sends, and is authenticated successfully Mobile terminal described in Shi Shouquan accesses the dedicated network;
The mobile terminal sends to the security server via the dedicated network and opens the zone of protection Open request;
The security server is authenticated to the open request, via the dedicated network when authenticating successfully The access controller is controlled to open the zone of protection.
In gate inhibition's checking system provided in an embodiment of the present invention and its gate inhibition's verification method, used with prior art Quick Response Code carries out gate inhibition's checking difference to mobile terminal, and private network is accessed to mobile terminal using dynamic two-dimension code The authority of network is verified that mandate mobile terminal uses dedicated network, such mobile terminal when being verified Can ask to open prevention and control region to security server by dedicated network, mobile terminal is authenticated with security service The communication of process is carried by dedicated network, is prevented effectively from correlation technique and is used public communication network to carry authentication The communication data of process and cause communication data by the risk of malicious intercepted, it is ensured that the peace of gate inhibition's checking system Full property and reliability.
Brief description of the drawings
Fig. 1 is the structural representation of gate inhibition's checking system in the embodiment of the present invention;
Fig. 2 is that gate inhibition's checking system carries out the schematic flow sheet one of gate inhibition's checking in the embodiment of the present invention;
Fig. 3 is that gate inhibition's checking system carries out the logical schematic of gate inhibition's checking in the embodiment of the present invention;
Fig. 4 is that gate inhibition's checking system carries out the schematic flow sheet two of gate inhibition's checking in the embodiment of the present invention;
Fig. 5 is that gate inhibition's checking system carries out the schematic flow sheet three of gate inhibition's checking in the embodiment of the present invention.
Specific embodiment
Existing gate inhibition's verification technique is based on mobile terminal and is provided with the entrance guard device of Quick Response Code identification module, moves Dynamic terminal is provided with Quick Response Code application module, by a key set in advance and time parameter, and movement The international mobile device identification code (IMEI) of terminal is encrypted computing and obtains binary string code, then utilizes The key that binary string code generation image in 2 D code is opened as gate inhibition;The scanning of Quick Response Code identification module is obtained Image in 2 D code, after recognizing decoding, obtains the time of IMEI code and the key generation for being intended to opening gate, By opening gate after checking, and abolish the key of this opening gate.
Existing gate inhibition's verification technique is primarily present problems with:
1st, the security of network is not considered, if using internet always during mobile terminal checking application Network environment, 2 D code information is easily trapped;
2nd, it is identified only for mobile terminal IMEI code, differentiates that factor is less.Once mobile terminal is lost, Cannot avoid being utilized and enter computer room, security is relatively low.
Following specific embodiment of the invention is proposed regarding to the issue above.
Embodiment one
The embodiment of the present invention provides a kind of gate inhibition's checking system, and referring to Fig. 1, gate inhibition's checking system includes:Move Dynamic terminal 100, access controller 300 and security server 200.
Mobile terminal 1 00, the mark of mobile terminal 1 00 is registered by public network in security server 200 And Target Protection region (such as positional information of the computer room that the user of mobile terminal 1 00 needs enter, reality The terminal of mobile terminal 100 can register multiple regions as Target Protection area in security server 200 during implementation Domain, security server 200 can be using phone number, the integrated circuit card identification code of mobile terminal 1 00 (ICCID), IMEI etc. as mobile terminal 1 00 mark.
Security server 200, positional information and time factor based on zone of protection are encrypted to be moved The Quick Response Code of state, dynamic Quick Response Code is sent to access controller 300 via dedicated network, for setting Shown in the access controller 300 of the entrance of zone of protection (such as computer room), the granularity of time factor can be with Set according to actual conditions, for example time factor can in seconds, that is, security server 200 is every Second can be encrypted according to the positional information in current time factor (being accurate to the second) combinative prevention region and obtain Quick Response Code, is sent to the Quick Response Code of generation access controller 300 and shows, shows access controller 300 Quick Response Code occurrence dynamics change in seconds, so as to realize making the Dynamic Announce of access controller 300 two dimension Code.
Mobile terminal 1 00 obtains scanning authority in the following way:The scanning Dynamic Announce of access controller 300 Quick Response Code;Based on scan obtain Quick Response Code, via public network (such as cellular communications network of mobile phone Network) access request for accessing dedicated network is sent to security server 200;Via dedicated network to safety clothes Business device 200 sends the open request of open zone of protection, and dedicated network here refers to carry out gate inhibition's checking And the closure communication network for setting can for example use WiFi network, dedicated network not external disclosure, only Application is accessed by way of sending access request to security server 200.
Access request of the security server 200 in the following way to mobile terminal 1 00 is authenticated:To moving Quick Response Code that the access request that the mark of dynamic terminal 100, mobile terminal 1 00 send is carried and time because Son is authenticated;For example,
1) security server 200 is by the mark of mobile terminal 1 00 mobile terminal 1 00 of access request (send) Knowledge is matched to determine mobile terminal with the mark of the mobile terminal 1 00 registered in security server 200 Whether 100 register in security server 200, judges if not registering to access request failed authentication; Subsequent match is carried out if registration;2) mobile terminal 1 00 (is sent access request by security server 200 Mobile terminal 1 00) registration target prevention and control region the two dimension that sends of positional information and mobile terminal 1 00 The positional information that code is carried is matched, and the match is successful then carries out subsequent match, otherwise judges to access request Failed authentication;3) time factor that security server 200 carries access request Quick Response Code is carried with it is current Time match, such as time factor then judge with the difference of current time without departing from effective time limit please to access Ask and authenticate successfully;
Mobile terminal 1 00 is authorized to access dedicated network when being authenticated to access request:Via public network to movement Terminal 100 sends the access information of dedicated network, to authorize mobile terminal 1 00 to access dedicated network;Access The access device identification (namely the access title at special networking) of information including dedicated network, access pin and The access time limit of access pin;Sent to mobile terminal 1 00 via public network, and record access title, The mark of mobile terminal 1 00 and the Time Of Release of access information;Wherein the access time limit is from access information Time Of Release start timing.
After mobile terminal 1 00 accesses dedicated network, send open request to ask out to security server 200 Prevention and control region is put, security server 200 is authenticated to open request in the following way:1) security server 200 pairs of marks that will send the mobile terminal 1 00 of open request are entered with the mark of the mobile terminal 1 00 of record Row matching, 2) access network device that the mobile terminal 1 00 of transmission open request is accessed is identified and record The mark of access network device matched, and 3) time and the record of open request will be received Access time limit matching and (receive the Time Of Release of time relative record of open request without departing from access generation in time limit The match is successful for table);When above-mentioned matching succeeds, alternatively, security server 200 carries out safety problem checking, When being proved to be successful prevention and control region is opened via dedicated network access control controller 300;If above-mentioned matching 1), 2) operation succeeds and 3) failure, then show that the access pin of mobile terminal 1 00 has failed, mobile Terminal 100 send again access dedicated network prompt message so that mobile terminal 1 00 reacquire it is special The access information of network;
When safety problem checking is carried out, by safety problem (the correspondence mobile terminal of correspondence mobile terminal 1 00 100 safety problem and answer can pass through public network in security server 200 by mobile terminal 1 00 Set during registration) sent to mobile terminal 1 00 via dedicated network, by mobile terminal 1 00 via private network The answer that network sends is matched with the answer of registration.The match is successful then judges that safety problem is verified;Peace Full problem checking further improves the reliability of gate inhibition's checking.
Embodiment two
Corresponding with gate inhibition's checking system that embodiment one is recorded, the present embodiment records a kind of gate inhibition's verification method, Referring to Fig. 2, gate inhibition's verification method that the present embodiment is recorded is comprised the following steps:
Step 101, mobile terminal 1 00 registers mobile terminal 1 00 by public network in security server 200 Mark and Target Protection region positional information.
Step 102, the positional information and time factor that security server 200 is based on zone of protection is added It is close to obtain dynamic Quick Response Code, by dynamic Quick Response Code via dedicated network send to access controller 300 with Shown for access controller 300.
Step 103, mobile terminal 1 00 obtains scanning authority, the scanning Dynamic Announce of access controller 300 Quick Response Code;Based on scan obtain Quick Response Code, via public network to security server 200 send access The access request of dedicated network.
Step 104, the Quick Response Code of the access request carrying that security server 200 sends to mobile terminal 1 00, Mobile terminal 1 00 is authorized to access private network and the mark of mobile terminal 1 00 is authenticated, when authenticating successfully Network.
Security server 200 carries out the mark of mobile terminal 1 00 with the mark of registered mobile terminal 1 00 Matching, the target that the positional information that the Quick Response Code that access request is carried is carried is registered with mobile terminal 1 00 is prevented Control region positional information matched, and by access request carry Quick Response Code carry time factor with Current time matches, send the access of dedicated network via public network to mobile terminal 1 00 when the match is successful Information accesses dedicated network to authorize mobile terminal 1 00.
Step 105, mobile terminal 1 00 sends to security server 200 via dedicated network and opens guard plot The open request in domain.
Step 106, security server 200 is authenticated to open request, via private network when authenticating successfully Network access control controller 300 opens zone of protection.
Security server 200 will send the mark of the mobile terminal 1 00 of open request and the mobile terminal of record 100 mark is matched, the access network device that the mobile terminal 1 00 for sending open request is accessed Mark is matched with the mark of access network device of record, and will receive open request time and The access time limit matching of record;When the match is successful prevention and control are opened via dedicated network access control controller 300 Region;Alternatively, security server 200 is in the time that will receive open request and the access time limit of record When it fails to match, the prompt message for accessing dedicated network again is sent to mobile terminal 1 00.
Alternatively, security server 200 carries out safety problem checking when the match is successful, when being proved to be successful via Dedicated network access control controller 300 opens prevention and control region, strengthens the reliability and peace of gate inhibition's checking system Quan Xing;For example, mobile terminal 1 00 registers mobile terminal 1 00 by public network in security server 200 Safety problem and answer that user is set;Security server 200 asks the safety of correspondence mobile terminal 1 00 Topic is sent to mobile terminal 1 00 via dedicated network, by mobile terminal 1 00 via answering that dedicated network sends Case is matched with the answer of registration, and the match is successful then judges that safety problem is verified.
Embodiment three
Gate inhibition's checking of the present embodiment combination computer room is illustrated, and participates in Fig. 3, the gate inhibition that the present embodiment is recorded Checking system is main by mobile terminal client terminal (mobile terminal 1 00 in corresponding diagram 3, mobile terminal client Realized by running of mobile terminal at end), security server 200, the part of access controller 300 3 realize jointly, Illustrate separately below.
Security server 200
1st, it is responsible for the examination & verification of computer room access right information.
2nd, control machine room door access control system (access controller 300) periodically shows dynamic two-dimension code, the dynamic two Dimension code combines computer room positional information, time factor encryption generation by security server 200, with position characteristic, Timeliness and uniqueness, only security server 200 can realize that information is changed to dynamic two-dimension code, by stepping on After mobile terminal client terminal after record scans the Quick Response Code, can just be accessed to the application of security server 200 special Use WiFi network.
3rd, mobile terminal client terminal (running realization by mobile terminal 1 00) logs in safety using the ID of registration Server 200, security server 200 logs in the ID for using and authenticates to mobile terminal client terminal, inquires about Whether the ID is to be reviewed the ID for passing through, and security server 200 allows the corresponding mobile terminals of the ID Client is logged in;If the ID is not audit the ID for passing through, the corresponding mobile terminal client terminals of the ID will Can not log in;Mobile terminal client terminal does not have the dynamic two-dimension code for scanning computer room entrance under the state that is not logged in Authority.
4th, security server 200 pairs carries out authentication identification from the Quick Response Code that mobile terminal client terminal sends, Judge Host equipment room information, Quick Response Code temporal information, if failed authentication, the Quick Response Code be probably forge or Failure;If authenticated successfully, then the ID of mobile terminal client terminal is authenticated.
5th, security server 200 confirms that the ID has the corresponding computer room of positional information of carrying in Quick Response Code After authority, to mobile terminal client terminal provide special WiFi network access information (including access title namely The ID of the access device of special WiFi network, access pin and access the time limit), it is ensured that access safety;Safety Server 200 records following information:Distribute to mobile terminal client terminal and access what special WiFi network was used The ID of access device, the ID of mobile terminal client terminal, the time (authorizing the time) for providing access information;Such as The authority of the positional information correspondence computer room that fruit mobile terminal client terminal ID is carried without Quick Response Code, authentication is by nothing Method passes through, and security server 200 will not provide the access information of special WiFi network to mobile terminal client terminal (including accessing title and access pin), so that refusing mobile terminal client terminal accesses special WiFi network.
6th, security server 200 receives request (the carrying request of the entrance computer room from mobile terminal client terminal The WiFi equipment ID and access pin of access) when, compare the access device of the special WiFi network of record ID, mobile terminal client terminal ID, access pin Time Of Release;If with record matching but password time-out ( Be exactly security server 200 access pin Time Of Release beyond access the time limit), security server 200 Refusal is accessed, prompting mobile terminal client applies entering again, improves security;If with record With meeting and access pin has not timed out (Time Of Release of access information without departing from access time limit), security server 200 computer rooms for setting user enter on problem random display to mobile terminal client terminal, mobile terminal client End the problem that user answers on mobile terminal client terminal is submitted into security server 200, if answer and The answer matches for pre-setting, the access control controller 300 of security server 200 is opened, it is allowed to Yong Hujin Enter computer room;If answer mistake, security server 200 is not notified that access controller 300 will not be opened, Into being rejected.
Mobile terminal client terminal
1st, support that (operation of mobile terminal client terminal can be considered in embodiment three in running of mobile terminal use Realization is run by mobile terminal 1 00), mobile terminal client terminal can be connected using the public network of mobile terminal And the network environment of public network connection can be detected.
2nd, in addition to the application in the ID of the registration mobile terminal client terminal of security server 200, mobile terminal The other functions of client need to use security server 200 to audit the ID for passing through and log in security server 200 Could use afterwards, cannot otherwise obtain associated rights.
3rd, the setting of the answer that the application for registration of gate inhibition's access entitlements and computer room enter.
4th, after being logined successfully using ID, security server 200 can control computer room to mobile terminal client terminal Access controller 300 (being provided with two dimensional code display device) the display dynamic two-dimension code of entrance is for movement Client terminals are scanned, after the completion of mobile terminal client terminal scanning, can log in use ID, scan Quick Response Code sends to security server 200 and carries out authentication identification, the access authority of application-specific WiFi network.
5th, mobile terminal client terminal receives the access information of the special WiFi network from security server 200 (including access title, access pin and access the effective time of time limit namely access pin), mobile terminal visitor Family end prompting user disconnects public network connection, and requires to access special WiFi network.Mobile terminal client terminal After detecting already off public network and having connected special WiFi network, the ID for logging in is carried to security service Device 200 sends the application into computer room.
6th, mobile terminal client terminal is communicated by special WiFi network with security server 200;Such as Fruit password will be prompted to rescan Quick Response Code apply entering computer room beyond the time limit is accessed;If password does not surpass Go out and access the time limit, security server 200 sends answer set in advance to mobile terminal client terminal, obtain and use The answer that family is submitted in mobile terminal client terminal, treats that security server 200 confirms the answer submitted to and sets When fixed answer is consistent, control machine room door prohibits the channel controller that controller 300 opens computer room, it is allowed to user Into;Notify to move if security server 200 confirms that the answer submitted to is inconsistent with answer set in advance Dynamic client terminals gate inhibition will not open, user enters the feedback result being rejected
Access controller 300
1st, access controller 300 controls the switch of Vomitory, is mainly accessed by channel controller, WiFi Device, two dimensional code display device composition.
2nd, mobile terminal client terminal connects the WiFi access devices of access controller 300, with security server 200 carry out authentication.
3rd, access controller 300 (being provided with two dimensional code display device) is obtained and shown from security server 200 Show dynamic two-dimension code, the special WiFi network of access is scanned after being logged in for mobile terminal client terminal and is used.
4th, standby communication terminal client is by after checking, access controller 300 being notified by security server 200 (being provided with channel controller) opens the Vomitory switch of computer room, it is allowed to which user enters.
Multifactor gate inhibition checking recognition methods logic flow based on Quick Response Code, referring to Fig. 4, including following step Suddenly:
Step 201, mobile terminal client terminal is registered on security server 200.
Mobile terminal client terminal is connected using phone number as ID in security server 200 by public network On registered, registration application need enter computer room information (positional information of such as computer room), set machine The safe question and answer information of the access controller 300 in room.
Step 202, security server 200 is stepped on the phone number of mobile terminal and safe question and answer information Note registration.
After the examination & verification of security server 200 user profile passes through, security server 200 is by the phone number of user Registered with safe question and answer information, and memory mobile phone number is used for follow-up shifting as the ID of mobile client The identification authentication of dynamic client terminals.
Step 203, mobile terminal client terminal logs in security server 200.
Mobile terminal client terminal uses phone number to log in security server 200, security server 200 as ID Authenticate whether whether the ID is audited by (namely the ID for having registered), if examination & verification by prompting to Mobile terminal client terminal is logined successfully;If do not passed through, login failure is pointed out to mobile terminal client terminal;Such as In state is not logged in, the access controller 300 that will be unable to scan computer room (is provided with fruit mobile terminal client terminal Two dimensional code display device) display Quick Response Code.
Step 204, the mobile terminal client terminal after login scans the dynamic of the display of access controller 300 of computer room (dynamic two-dimension code combines computer room positional information, time factor and encrypts state Quick Response Code by security server 200 Generation, with position characteristic, timeliness and uniqueness, only security server 200 can realize translation), will ID (namely phone number), Quick Response Code send to security server 200 and are authenticated.
The Quick Response Code of the computer room entrance that security server 200 is scanned to mobile terminal client terminal is authenticated:Sentence The computer room position whether disconnected Quick Response Code Host equipment room information, Quick Response Code temporal information are safeguarded with security server 200 Confidence ceases and temporal information matching, if information matches fail, failed authentication, the Quick Response Code may be pseudo- Make or fail.
Step 205, security administration server is authenticated to the ID of mobile terminal client terminal.
If the ID is the ID for having passed through registration examination & verification, registration information (including the machine according to the ID The corresponding relation of room information) judge whether the ID has the corresponding computer room of positional information of carrying in Quick Response Code Authority, if it has, then security server 200 provides connecing for special WiFi network to mobile terminal client terminal Enter information (including access title, access pin and access the time limit), it is ensured that access safety.
Security server 200 records the access device of the special WiFi network for distributing to mobile terminal client terminal ID, mobile terminal client terminal ID, Time Of Release;If the registration information table that security management services are safeguarded It is bright:The authority of the computer room corresponding to positional informations of the ID of mobile terminal client terminal without Quick Response Code, authentication Will be unable to pass through, security server 200 will not provide the access information of special WiFi network, refusal is mobile eventually End client is accessed.
Step 206, mobile terminal client terminal sends entrance using special WiFi network to security server 200 The application of computer room.
Mobile terminal client terminal receives the special WiFi from security server 200 and accesses title, access pin With access the time limit, mobile terminal client terminal prompting user disconnect public network network connection, and require access it is special WiFi network, mobile terminal client terminal detects already off public network and has connected after dedicated network using connecing Enter the special WiFi network of information access, the ID for carrying mobile terminal client terminal sends to security server 200 Into the request of computer room.
Step 207, request of the security server 200 to mobile terminal client terminal into computer room is authenticated.
After security server 200 receives the request of the mobile terminal client terminal transmitted via special WiFi network, Compare access device ID (namely accessing title), the movement of the special WiFi network provided of record eventually End client id, (access information) Time Of Release (correspondence mandate time);If met with record matching But access pin is overtime, security server 200 will be refused to access, prompting mobile terminal client Shen again Please enter, improve security;If meeting with record matching and access pin having not timed out, security server 200 The computer room that user is set enters problem, and transmission to mobile terminal client terminal shows for mobile terminal client terminal at random, If the answer of the answer of the user that mobile terminal client terminal is submitted to is consistent with answer set in advance, door is controlled Prohibit controller 300 (being provided with channel controller) open, it is allowed to which user enters computer room;If mobile terminal The answer that client is submitted to is inconsistent with answer set in advance, the access control controller of security server 200 300 (being provided with channel controller) lockings, refusal user enters computer room.
If the continuous errors number of answer that mobile terminal client terminal is submitted to is more than 3 times, security administration server The mobile terminal client terminal is freezed, the mobile terminal client terminal can not subsequently log in security server 200, or can not apply entering computer room, prevent risk from occurring.
Illustrated so that subscriber phone number is 13912345678 as an example again below, referring to Fig. 5, including with Lower step:
Step 301, mobile terminal client terminal according to user operate 4G networks using 13912345678 as shifting The ID of dynamic client terminals is registered to security server 200, and the authority of application computer room A simultaneously sets 5 problems And answer.
Problem A, answer ABC
Problem B, answer CBA
Problem C, answer BAC
Problem D, answer ACB
Problem E, answer CAB
Step 302,200 pairs 13912345678 applications into computer room A of security server are audited, After examination & verification passes through, 13912345678 corresponding mobile terminal client terminal ID obtain the authority for entering computer room A.
Step 303, mobile terminal client terminal uses 1391234567 as login safety clothes under 4G networks The ID of business device 200, scans the access controller of computer room A entrances using mobile terminal client terminal after logining successfully 300 dynamic two-dimension code, application enters computer room.
Step 304, security server 200 is authenticated to the ID of mobile terminal client terminal, is sent special The access information of WiFi network is to mobile terminal client terminal.
After security server 200 receives the request from mobile client 13912345678, it is determined that should 13912345678 ID in the examination & verification of security server 200 by and with after the access entitlements of computer room A, The connection name JFA0101 and password 123456 of special WiFi will be sent to the client of the ID, while notifying WiFi network equipment, it is allowed to 13912345678 client access network.The record hair of security server 200 The number 13912345678 put, access device ID JFA0101 and issue the time 20150601120000;
Step 305, after mobile terminal client terminal receives the access information of the return of security server 200, carries Show that user disconnects 4G networks, access special WiFi network JFA0101.
Step 306, mobile terminal client terminal disconnects 4G networks according to user's operation, using password 123456 Access special WiFi network JFA0101.
After the completion of the detection of mobile terminal client terminal network, by the special WiFi network, to security server 200 send the request into computer room.
Step 307, security server 200 is by after the request that special WiFi network takes in computer room, verifying The ID of mobile terminal client terminal.
Security server 200 is received into after the request of computer room by special WiFi network, verifies mobile terminal The ID of client namely 13912345678, the network equipment ID JFA0101 for accessing and turn-on time The information of 20150601120115, the ID meets the safety regulation of security server 200, authenticate successfully, to Number 13912345678 sends problem C at random, carries out last answer and compares examination & verification.
Step 308, mobile terminal client terminal submits to user to answer to security server 200, and answer is BAC.
Step 309, the answer of the check problem C of security server 200 confirms what is set during with user's registration Answer BAC is consistent, and access control controller 300 opens computer room, it is allowed to which user enters.
In sum, the embodiment of the present invention has the advantages that:
The embodiment of the present invention uses dynamic two-dimension code, the special WiFi encrypted using positional information, time factor Passage, safety problem checking and mobile terminal client terminal ID identification technologies, realize the control of access permission, should Technology is verified layer by layer using multiple factors, even if being moved lost terminal, is also tested because being compared using answer Card link, prevents the illegal acquisition of access permission.Private network access, the process tool of checking are employed simultaneously Standby security very high;
Dynamic two-dimension code secure accessing and the technology of various verification factors are applied to gate inhibition's checking identification field, Propose the thinking of gate inhibition's checking identification, using dynamic two-dimension code mode and special WiFi network Access Control, The method of answer verification carries out the solution of gate inhibition's checking identification, i.e., the dynamic for being generated by security server Quick Response Code realizes the access of special WiFi network, and answering user's setting problem carries out gate inhibition's checking of answer comparison Identification technology;
Secure accessing, special WiFi network are realized containing positional information, the encryption dynamic two-dimension code of time factor Improve line security, answer verification examination & verification multiple factors checking and solve the safety identification of gate inhibition.By this side Method security is higher, and it is more careful to audit, so as to realize the safety management of gate inhibition's checking;What is more important, Even if this is lost using mobile terminal after invention, the examination & verification link that can be still verified by answer is taken precautions against, Improve the security of gate inhibition's checking.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can To be completed by the related hardware of programmed instruction, foregoing program can be stored in an embodied on computer readable and deposit In storage media, the program upon execution, performs the step of including above method embodiment;And foregoing storage Medium includes:Movable storage device, random access memory (RAM, Random Access Memory), Read-only storage (ROM, Read-Only Memory), magnetic disc or CD etc. are various can be with storage program The medium of code.
Or, if the above-mentioned integrated unit of the present invention is using realization in the form of software function module and as independently Production marketing or when using, it is also possible to storage is in a computer read/write memory medium.Based on so Understanding, the part that the technical scheme of the embodiment of the present invention substantially contributes to correlation technique in other words can Embodied with the form of software product, the computer software product is stored in a storage medium, bag Some instructions are included to be used to so that a computer equipment (can be personal computer, server or network Equipment etc.) perform all or part of each embodiment methods described of the invention.And foregoing storage medium bag Include:Movable storage device, RAM, ROM, magnetic disc or CD etc. are various can be with Jie of store program codes Matter.
The above, specific embodiment only of the invention, but protection scope of the present invention is not limited to This, any one skilled in the art the invention discloses technical scope in, can readily occur in Change or replacement, should all be included within the scope of the present invention.Therefore, protection scope of the present invention should It is defined by the scope of the claims.

Claims (10)

1. a kind of gate inhibition's checking system, it is characterised in that the system includes:Mobile terminal, access control Device and security server;Wherein,
The access controller, is arranged on the entrance of zone of protection, for Dynamic Announce Quick Response Code;
The mobile terminal, for obtaining scanning authority, scans the two dimension of the access controller Dynamic Announce Code;Based on scan obtain Quick Response Code, via public network to the security server send access it is special The access request of network;The dedicated network is accessed, is sent out to the security server via the dedicated network Send the open request of the opening zone of protection;
The security server, for being authenticated to the access request that the mobile terminal sends, mirror The mobile terminal is authorized to access the dedicated network when weighing successfully;The open request is authenticated, is reflected The access controller is controlled to open the zone of protection via the dedicated network when weighing successfully.
2. gate inhibition's checking system as claimed in claim 1, it is characterised in that
The mobile terminal, is additionally operable to register the movement in the security server by the public network The mark of terminal and the positional information in Target Protection region;
The security server, being additionally operable to positional information and time factor based on the zone of protection is carried out Encryption obtains dynamic Quick Response Code, and the dynamic Quick Response Code is sent to the door via the dedicated network Prohibit controller so that the access controller shows;
The security server, is additionally operable to the mark of the mark of the mobile terminal and registered mobile terminal Matched, the positional information that the Quick Response Code that the access request is carried is carried is registered with the mobile terminal The positional information in target prevention and control region matched, and the Quick Response Code that the access request is carried is carried Time factor matched with current time;Via the public network to described mobile whole when the match is successful End sends the access information of the dedicated network to authorize the mobile terminal to access the dedicated network.
3. gate inhibition's checking system as claimed in claim 2, it is characterised in that
The security server, be additionally operable to by the access device identification of the dedicated network, access pin and The access time limit of the access pin is sent to the mobile terminal via the public network, and records described Access the Time Of Release of title, the mark of the mobile terminal and the access information;
The security server, is additionally operable to identifying and record for the mobile terminal by the open request is sent The mark of mobile terminal is matched, the access network that the mobile terminal for sending the open request is accessed Device identification is matched with the mark of the access network device of record, and will receive the open request Time with record the access time limit match;Safety problem checking is carried out when the match is successful, is passed through when being proved to be successful The access controller is controlled to open the prevention and control region by the dedicated network.
4. gate inhibition's checking system as claimed in claim 3, it is characterised in that
The security server, is additionally operable to carry out safety problem checking when the match is successful, safety problem checking The access controller is controlled to open the prevention and control region via the dedicated network during success;
The security server, is additionally operable to when will receive the time of the open request with the access for recording Limit sends the prompt message for accessing the dedicated network again to the mobile terminal when it fails to match.
5. gate inhibition's checking system as claimed in claim 4, it is characterised in that
The mobile terminal, is additionally operable to register the movement in the security server by the public network Safety problem and answer that terminal user is set;
The security server, is additionally operable to the safety problem by the correspondence mobile terminal via the private network Network is sent to the mobile terminal, the answer and registration that the mobile terminal is sent via the dedicated network Answer matched;The match is successful then judges that safety problem is verified.
6. a kind of gate inhibition's verification method, it is characterised in that methods described includes:
Acquisition for mobile terminal scans authority, scans the Quick Response Code of access controller Dynamic Announce;Based on being scanned The Quick Response Code for obtaining, the access request for sending access dedicated network to security server via public network;
The security server is authenticated to the access request that the mobile terminal sends, and is authenticated successfully Mobile terminal described in Shi Shouquan accesses the dedicated network;
The mobile terminal sends to the security server via the dedicated network and opens the zone of protection Open request;
The security server is authenticated to the open request, via the dedicated network when authenticating successfully The access controller is controlled to open the zone of protection.
7. gate inhibition's verification method as claimed in claim 6, it is characterised in that methods described also includes:
The mobile terminal registers the mark of the mobile terminal by the public network in the security server Knowledge and the positional information in Target Protection region;
The positional information and time factor that the security server is based on the zone of protection are encrypted and obtain Dynamic Quick Response Code, the dynamic Quick Response Code is sent to the access controller via the dedicated network So that the access controller shows;
The security server is authenticated to the access request that the mobile terminal sends, and is authenticated successfully Mobile terminal described in Shi Shouquan accesses the dedicated network, including:
The security server is matched the mark of the mobile terminal with the mark of registered mobile terminal, The target prevention and control that the positional information that the Quick Response Code that the access request is carried is carried is registered with the mobile terminal The positional information in region is matched, and the time factor that the Quick Response Code that the access request is carried is carried With current time matches;Send described special to the mobile terminal via the public network when the match is successful The access information of network accesses the dedicated network to authorize the mobile terminal.
8. gate inhibition's verification method as claimed in claim 6, it is characterised in that authorized during the authentication success The mobile terminal accesses the dedicated network, including:
The security server is by the access device identification of the dedicated network, access pin and the access The access time limit of password is sent to the mobile terminal via the public network, and record it is described access title, The Time Of Release of the mark of the mobile terminal and the access information;
The security server is authenticated to the open request, via the dedicated network when authenticating successfully The access controller is controlled to open the zone of protection, including:
The security server will send the mark of the mobile terminal of the open request and the mobile terminal of record Mark matched, the access network device mark that the mobile terminal for sending the open request is accessed The mark of access network device with record is matched, and will receive time of the open request with The access time limit matching of record;The access controller is controlled to open via the dedicated network when the match is successful The prevention and control region.
9. gate inhibition's verification method as claimed in claim 8, it is characterised in that methods described also includes:
Safety problem checking is carried out when the match is successful, via the dedicated network control when safety problem is proved to be successful Make the access controller and open the prevention and control region;
The security server matches mistake in the time that will receive the open request with the access time limit of record When losing, the prompt message for accessing the dedicated network again is sent to the mobile terminal.
10. gate inhibition's verification method as claimed in claim 9, it is characterised in that described to carry out safety problem Checking, including:
The mobile terminal registers the mobile terminal user by the public network in the security server The safety problem of setting and answer;
The security server will the correspondence mobile terminal safety problem via the dedicated network send to The mobile terminal, the mobile terminal is entered via the answer that the dedicated network sends with the answer of registration Row matching;The match is successful then judges that safety problem is verified.
CN201510925232.2A 2015-12-11 2015-12-11 Gate inhibition verifies system and its gate inhibition's verification method Active CN106875515B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510925232.2A CN106875515B (en) 2015-12-11 2015-12-11 Gate inhibition verifies system and its gate inhibition's verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510925232.2A CN106875515B (en) 2015-12-11 2015-12-11 Gate inhibition verifies system and its gate inhibition's verification method

Publications (2)

Publication Number Publication Date
CN106875515A true CN106875515A (en) 2017-06-20
CN106875515B CN106875515B (en) 2019-10-29

Family

ID=59178489

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510925232.2A Active CN106875515B (en) 2015-12-11 2015-12-11 Gate inhibition verifies system and its gate inhibition's verification method

Country Status (1)

Country Link
CN (1) CN106875515B (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107256584A (en) * 2017-08-08 2017-10-17 黎志瀛 The door lock control system that a kind of dynamic code is shown
CN107393091A (en) * 2017-08-01 2017-11-24 黎志瀛 The intelligent control device of door lock that a kind of having electronic ink is shown
CN107437285A (en) * 2017-08-01 2017-12-05 黎志瀛 A kind of cloud hotel management and control system
CN107798761A (en) * 2017-11-28 2018-03-13 成都万云互联科技有限公司 The intelligence system that a kind of barcode scanning is opened the door
CN107967740A (en) * 2017-12-12 2018-04-27 江苏飞视文化发展有限公司 A kind of gate inhibition
CN108053539A (en) * 2018-01-19 2018-05-18 南京西西科技有限公司 Access control method, access control system and access control mobile client
CN108230512A (en) * 2018-01-22 2018-06-29 成都清轻信息技术有限公司 Security certificate unlocking system and method based on sound wave Streaming Media
CN108305364A (en) * 2018-02-02 2018-07-20 万众科技有限公司 One kind is self-service to move in method, mobile terminal and server
CN108921988A (en) * 2018-06-25 2018-11-30 西安石油大学 A kind of door-locking system and control method
CN109147204A (en) * 2018-08-16 2019-01-04 青海华职康健康科技有限公司 A kind of automatic distribution method of personal protective equipment and system
CN109191616A (en) * 2017-07-07 2019-01-11 安徽德诺科技股份公司 intelligent lock system
CN109859358A (en) * 2019-01-31 2019-06-07 深圳市多度科技有限公司 Door-access control method and device, electronic equipment, computer readable storage medium
CN110992554A (en) * 2019-12-10 2020-04-10 温州市美拉五金有限公司 Enterprise access control management method, device, equipment and medium
CN112687040A (en) * 2020-12-31 2021-04-20 广州技象科技有限公司 Access control method, device, equipment and storage medium based on narrow-band Internet of things
CN112767577A (en) * 2020-12-23 2021-05-07 广州技象科技有限公司 Access control unlocking method and device based on narrowband Internet of things
CN114283511A (en) * 2021-12-27 2022-04-05 上海益邦智能技术股份有限公司 Wisdom garden discrepancy management equipment based on 5G and AI technique
CN115050123A (en) * 2021-12-08 2022-09-13 全民认证科技(杭州)有限公司 Intelligent access control method and system suitable for multiple scenes

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7380279B2 (en) * 2001-07-16 2008-05-27 Lenel Systems International, Inc. System for integrating security and access for facilities and information systems
CN101447907A (en) * 2008-10-31 2009-06-03 北京东方中讯联合认证技术有限公司 VPN secure access method and system thereof
CN102215487A (en) * 2010-04-09 2011-10-12 国际商业机器公司 Method and system safely accessing to a private network through a public wireless network
CN103903316A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 Intelligent access control system and access control method thereof
CN104504767A (en) * 2014-11-26 2015-04-08 广东安居宝数码科技股份有限公司 Check-in information verification method and system
CN104637121A (en) * 2013-11-07 2015-05-20 南京中兴力维软件有限公司 Base station access control management method and system based on two-dimension code application
CN104966340A (en) * 2015-06-19 2015-10-07 深圳市幸福立方科技有限公司 Access control system, access control method and cloud service platform

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7380279B2 (en) * 2001-07-16 2008-05-27 Lenel Systems International, Inc. System for integrating security and access for facilities and information systems
CN101447907A (en) * 2008-10-31 2009-06-03 北京东方中讯联合认证技术有限公司 VPN secure access method and system thereof
CN102215487A (en) * 2010-04-09 2011-10-12 国际商业机器公司 Method and system safely accessing to a private network through a public wireless network
CN103903316A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 Intelligent access control system and access control method thereof
CN104637121A (en) * 2013-11-07 2015-05-20 南京中兴力维软件有限公司 Base station access control management method and system based on two-dimension code application
CN104504767A (en) * 2014-11-26 2015-04-08 广东安居宝数码科技股份有限公司 Check-in information verification method and system
CN104966340A (en) * 2015-06-19 2015-10-07 深圳市幸福立方科技有限公司 Access control system, access control method and cloud service platform

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109191616A (en) * 2017-07-07 2019-01-11 安徽德诺科技股份公司 intelligent lock system
CN107393091A (en) * 2017-08-01 2017-11-24 黎志瀛 The intelligent control device of door lock that a kind of having electronic ink is shown
CN107437285A (en) * 2017-08-01 2017-12-05 黎志瀛 A kind of cloud hotel management and control system
CN107256584A (en) * 2017-08-08 2017-10-17 黎志瀛 The door lock control system that a kind of dynamic code is shown
CN107798761A (en) * 2017-11-28 2018-03-13 成都万云互联科技有限公司 The intelligence system that a kind of barcode scanning is opened the door
CN107967740A (en) * 2017-12-12 2018-04-27 江苏飞视文化发展有限公司 A kind of gate inhibition
CN108053539A (en) * 2018-01-19 2018-05-18 南京西西科技有限公司 Access control method, access control system and access control mobile client
CN108230512A (en) * 2018-01-22 2018-06-29 成都清轻信息技术有限公司 Security certificate unlocking system and method based on sound wave Streaming Media
CN108305364A (en) * 2018-02-02 2018-07-20 万众科技有限公司 One kind is self-service to move in method, mobile terminal and server
CN108921988A (en) * 2018-06-25 2018-11-30 西安石油大学 A kind of door-locking system and control method
CN109147204A (en) * 2018-08-16 2019-01-04 青海华职康健康科技有限公司 A kind of automatic distribution method of personal protective equipment and system
CN109859358A (en) * 2019-01-31 2019-06-07 深圳市多度科技有限公司 Door-access control method and device, electronic equipment, computer readable storage medium
CN110992554A (en) * 2019-12-10 2020-04-10 温州市美拉五金有限公司 Enterprise access control management method, device, equipment and medium
CN112767577A (en) * 2020-12-23 2021-05-07 广州技象科技有限公司 Access control unlocking method and device based on narrowband Internet of things
CN112767577B (en) * 2020-12-23 2022-05-27 广州技象科技有限公司 Access control unlocking method and device based on narrowband Internet of things
CN112687040A (en) * 2020-12-31 2021-04-20 广州技象科技有限公司 Access control method, device, equipment and storage medium based on narrow-band Internet of things
CN115050123A (en) * 2021-12-08 2022-09-13 全民认证科技(杭州)有限公司 Intelligent access control method and system suitable for multiple scenes
CN115050123B (en) * 2021-12-08 2024-02-27 全民认证科技(杭州)有限公司 Intelligent access control method and system suitable for multiple scenes
CN114283511A (en) * 2021-12-27 2022-04-05 上海益邦智能技术股份有限公司 Wisdom garden discrepancy management equipment based on 5G and AI technique

Also Published As

Publication number Publication date
CN106875515B (en) 2019-10-29

Similar Documents

Publication Publication Date Title
CN106875515A (en) Gate inhibition's checking system and its gate inhibition's verification method
AU2016273888B2 (en) Controlling physical access to secure areas via client devices in a networked environment
US20220318835A1 (en) Using a wireless transmitter and receiver to prevent unauthorized access to restricted computer systems
US11783020B1 (en) Efficient startup and logon
US8896416B1 (en) Utilizing a mobile device to operate an electronic locking mechanism
US7043230B1 (en) Method and system for multi-network authorization and authentication
US9426653B2 (en) Secure remote access using wireless network
US7559081B2 (en) Method and apparatus for authenticating a user at an access terminal
US7142840B1 (en) Method and system for multi-network authorization and authentication
CN103249045B (en) A kind of methods, devices and systems of identification
US10219154B1 (en) Frictionless or near-frictionless 3 factor user authentication method and system by use of triad network
US8151328B1 (en) Accessing secure network areas by utilizing mobile-device authentication
CN107231346A (en) A kind of method of cloud platform identification
US20130093563A1 (en) Apparatus and method for access control
KR101451359B1 (en) User account recovery
CN105278337A (en) Access control method and apparatus of intelligent household system
US20200311285A1 (en) Methods and devices for user authorization
WO2020210737A1 (en) Method and apparatus for facial verification
US9413533B1 (en) System and method for authorizing a new authenticator
CN105915557A (en) Network authentication method, access control method and network access equipment
KR102016976B1 (en) Unified login method and system based on single sign on service
CN106817697B (en) A kind of methods, devices and systems for equipment certification
CN109450953B (en) Authorization method and device, electronic equipment and computer readable storage medium
CN106790002A (en) The method and system of the User logs in of many certification approach of plug-in type
Hastings et al. Considerations for identity management in public safety mobile networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant