CN106875515B - Gate inhibition verifies system and its gate inhibition's verification method - Google Patents

Gate inhibition verifies system and its gate inhibition's verification method Download PDF

Info

Publication number
CN106875515B
CN106875515B CN201510925232.2A CN201510925232A CN106875515B CN 106875515 B CN106875515 B CN 106875515B CN 201510925232 A CN201510925232 A CN 201510925232A CN 106875515 B CN106875515 B CN 106875515B
Authority
CN
China
Prior art keywords
mobile terminal
access
security server
dedicated network
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510925232.2A
Other languages
Chinese (zh)
Other versions
CN106875515A (en
Inventor
邓为
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Liaoning Co Ltd
Original Assignee
China Mobile Group Liaoning Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Liaoning Co Ltd filed Critical China Mobile Group Liaoning Co Ltd
Priority to CN201510925232.2A priority Critical patent/CN106875515B/en
Publication of CN106875515A publication Critical patent/CN106875515A/en
Application granted granted Critical
Publication of CN106875515B publication Critical patent/CN106875515B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of gate inhibition and verifies system and its gate inhibition's verification method, and it includes: mobile terminal, access controller and security server that gate inhibition, which verifies system,;The entrance of zone of protection is arranged in access controller, is used for Dynamically Announce two dimensional code;Mobile terminal scans the two dimensional code of access controller Dynamically Announce for obtaining scanning permission;The access request of access dedicated network is sent to security server based on the two dimensional code scanned, via public network;Dedicated network is accessed, sends the open request for opening zone of protection to security server via dedicated network;Security server authorizes mobile terminal to access dedicated network for authenticating to the access request that mobile terminal is sent when authenticating successfully;Open request is authenticated, via the open zone of protection of dedicated network access control controller when authenticating successfully.The present invention verifies system using the gate inhibition that dedicated network is realized, is able to ascend the safety and reliability of gate inhibition's verifying.

Description

Gate inhibition verifies system and its gate inhibition's verification method
Technical field
The present invention relates to gate inhibition's verification techniques of the communications field more particularly to a kind of gate inhibition to verify system and its gate inhibition's verifying Method.
Background technique
Gate inhibition's verification technique based on mobile terminal, two dimensional code is used widely;The prior art is based on dynamic two-dimension code Access control system Dynamically Announce two dimensional code sends the two dimensional code scanned by public network by mobile terminal and carries out verifying application, It has the following problems: not considering the safety of network, if always using internet etc. during mobile terminal verifying application Public network communication environment, two-dimensional barcode information are easy to be trapped, and the gate inhibition for leading to two dimensional code, which verifies, security breaches occurs.
Summary of the invention
The embodiment of the present invention provides a kind of gate inhibition and verifies system and its gate inhibition's verification method, is able to ascend the peace of gate inhibition's verifying Full property and reliability.
The technical solution of the embodiment of the present invention is achieved in that
In a first aspect, the embodiment of the present invention provides a kind of gate inhibition's verifying system, and the system comprises: mobile terminal, gate inhibition Controller and security server;Wherein,
The entrance of zone of protection is arranged in the access controller, is used for Dynamically Announce two dimensional code;
The mobile terminal scans the two dimensional code of the access controller Dynamically Announce for obtaining scanning permission;It is based on The two dimensional code that scans, the access request for sending access dedicated network to the security server via public network;It connects Enter the dedicated network, opens opening for the zone of protection to security server transmission via the dedicated network and ask It asks;
The security server, the access request for sending to the mobile terminal are authenticated, are authenticated successfully Mobile terminal described in Shi Shouquan accesses the dedicated network;The open request is authenticated, via described when authenticating successfully Dedicated network controls the open zone of protection of the access controller.
Second aspect, the embodiment of the present invention provide a kind of gate inhibition's verification method, which comprises
Acquisition for mobile terminal scans permission, scans the two dimensional code of access controller Dynamically Announce;Based on what is scanned Two dimensional code, the access request for sending access dedicated network to security server via public network;
The security server authenticates the access request that the mobile terminal is sent, and authorizes when authenticating successfully The mobile terminal accesses the dedicated network;
The mobile terminal opens opening for the zone of protection to security server transmission via the dedicated network Put request;
The security server authenticates the open request, controls institute via the dedicated network when authenticating successfully State the open zone of protection of access controller.
Gate inhibition provided in an embodiment of the present invention verifies in system and its gate inhibition's verification method, uses two dimensional code with the prior art Gate inhibition is carried out to mobile terminal and verifies difference, is tested using permission of the dynamic two-dimension code to mobile terminal access dedicated network Card, authorizes mobile terminal to use dedicated network when being verified, and such mobile terminal can be by dedicated network to safety clothes Business device requests open prevention and control region, and the communication of mobile terminal and security service authentication process is carried by dedicated network, effectively kept away Exempt from the wind that the relevant technologies lead to communication data by malicious intercepted using the communication data of public communication network carrying authentication process Danger ensure that gate inhibition verifies the safety and reliability of system.
Detailed description of the invention
Fig. 1 is the structural schematic diagram that gate inhibition verifies system in the embodiment of the present invention;
Fig. 2 is that gate inhibition verifies the flow diagram one that system carries out gate inhibition's verifying in the embodiment of the present invention;
Fig. 3 is that gate inhibition verifies the logical schematic that system carries out gate inhibition's verifying in the embodiment of the present invention;
Fig. 4 is that gate inhibition verifies the flow diagram two that system carries out gate inhibition's verifying in the embodiment of the present invention;
Fig. 5 is that gate inhibition verifies the flow diagram three that system carries out gate inhibition's verifying in the embodiment of the present invention.
Specific embodiment
Existing gate inhibition's verification technique is based on mobile terminal and the entrance guard device for being provided with two dimensional code identification module, mobile terminal It is provided with two dimensional code application module, the world movement of a preset key and time parameter and mobile terminal is set Standby identification code (IMEI) carries out cryptographic calculation and obtains binary string code, then generates image in 2 D code using the binary string code and makees The key opened for gate inhibition;The scanning of two dimensional code identification module obtains image in 2 D code, after identification decoding, obtains door to be opened The time that the IMEI code and key of taboo generate by opening gate after verifying, and abolishes the key of this opening gate.
Existing gate inhibition's verification technique is primarily present following problems:
1, the safety of network is not considered, if using the network of internet during mobile terminal verifying application always Environment, two-dimensional barcode information are easy to be trapped;
2, it is identified only for mobile terminal IMEI code, it is less to identify factor.Once mobile terminal is lost, not can avoid It is utilized and enters computer room, safety is lower.
The following specific embodiment of the present invention is proposed regarding to the issue above.
Embodiment one
The embodiment of the present invention provides a kind of gate inhibition's verifying system, and referring to Fig. 1, it includes: mobile terminal that gate inhibition, which verifies system, 100, access controller 300 and security server 200.
Mobile terminal 100 registers the mark and target of mobile terminal 100 by public network in security server 200 (such as the location information of computer room that 100 user of mobile terminal needs to enter, mobile terminal 100 is eventually when actual implementation for zone of protection End can register multiple regions as Target Protection region in security server 200, and security server 200 can be using mobile whole The mark as mobile terminal 100 such as phone number, integrated circuit card identification code (ICCID), the IMEI at end 100.
Security server 200, location information and time factor based on zone of protection are encrypted to obtain dynamic two Code is tieed up, dynamic two dimensional code is sent to access controller 300 via dedicated network, so that setting is in zone of protection (such as machine Room) entrance access controller 300 show, the granularity of time factor can be arranged according to the actual situation, such as time factor Can in seconds, that is, security server 200 is per second can be according to current time factor (being accurate to the second) combinative prevention The location information in region is encrypted to obtain two dimensional code, is sent access controller 300 for the two dimensional code of generation and is shown, makes gate inhibition Dynamic change occurs in seconds for the two dimensional code that controller 300 is shown, so that realizing makes 300 Dynamically Announce two of access controller Tie up code.
Mobile terminal 100 obtains scanning permission: the two dimension of scanning 300 Dynamically Announce of access controller in the following way Code;Based on the two dimensional code scanned, via public network (such as cellular communications networks of mobile phone) to security server 200 Send the access request of access dedicated network;Opening for zone of protection is opened to the transmission of security server 200 via dedicated network Request, dedicated network here refer to that the closure communication network being arranged to carry out gate inhibition's verifying can for example use WiFi net Network, dedicated network not external disclosure, only application accesses by way of sending access request to security server 200.
Security server 200 in the following way authenticates the access request of mobile terminal 100: to mobile terminal The two dimensional code and time factor that 100 mark, the access request of the transmission of mobile terminal 100 carry are authenticated;For example,
1) security server 200 is by the mark of mobile terminal 100 (mobile terminal 100 for sending access request) and in safety Whether the mark for the mobile terminal 100 that server 200 is registered is matched to determine mobile terminal 100 in security server 200 Registration determines if not registering to access request failed authentication;Subsequent match is carried out if registration;2) security server The location information in the 200 target prevention and control regions for registering mobile terminal 100 (mobile terminal 100 for sending access request) and movement The location information for the two dimensional code carrying that terminal 100 is sent is matched, and successful match then carries out subsequent match, otherwise determines docking Enter to request failed authentication;3) time factor and current time for the two dimensional code carrying that security server 200 carries access request Matching, such as the difference of time factor and current time then determine to authenticate successfully access request without departing from effective time limit;
Authorization mobile terminal 100 accesses dedicated network when to access request authentication: via public network to mobile terminal 100 The access information of dedicated network is sent, to authorize mobile terminal 100 to access dedicated network;Access information includes connecing for dedicated network Enter the access time limit of device identification (namely the access title at dedicated network), access pin and access pin;Via public network Network is sent to mobile terminal 100, and records access title, the mark of mobile terminal 100 and the Time Of Release of access information; Wherein the access time limit is the timing since the Time Of Release of access information.
After mobile terminal 100 accesses dedicated network, open request is sent to request to open prevention and control area to security server 200 Domain, security server 200 in the following way authenticate open request: 1) will send open request for 200 pairs of security server The mark of mobile terminal 100 is matched with the mark of mobile terminal 100 recorded, 2) mobile terminal of open request will be sent The 100 access network device marks accessed are matched with the mark of the access network device of record and 3) will be received Match that (Time Of Release for receiving the time relative record of open request does not surpass the time of open request with the access time limit of record The access time limit represents successful match out);When above-mentioned matching is successful, optionally, security server 200 carries out safety problem and tests Card, via the open prevention and control region of dedicated network access control controller 300 when being proved to be successful;If above-mentioned matching operation 1), 2) success and 3) failure, then show that the access pin of mobile terminal 100 is no longer valid, it is special that mobile terminal 100 sends access again With the prompt information of network, so that mobile terminal 100 reacquires the access information of dedicated network;
When carrying out safety problem verifying, by the safety problem (peace of corresponding mobile terminal 100 of corresponding mobile terminal 100 Full problem and answer can set by public network when security server 200 is registered by mobile terminal 100) via dedicated Network is sent to mobile terminal 100, the answer progress of answer and registration that mobile terminal 100 is sent via dedicated network Match.Successful match then determines that safety problem is verified;Safety problem verifying further improves the reliability of gate inhibition's verifying.
Embodiment two
Corresponding with gate inhibition's verifying system that embodiment one is recorded, the present embodiment records a kind of gate inhibition's verification method, referring to figure 2, the present embodiment record gate inhibition's verification method the following steps are included:
Step 101, mobile terminal 100 by public network security server 200 register mobile terminal 100 mark with And the location information in Target Protection region.
Step 102, location information and time factor of the security server 200 based on zone of protection, which are encrypted, is moved Dynamic two dimensional code is sent to access controller 300 via dedicated network so that access controller 300 is shown by the two dimensional code of state Show.
Step 103, mobile terminal 100 obtains scanning permission, scans the two dimensional code of 300 Dynamically Announce of access controller;Base In the two dimensional code scanned, via public network to security server 200 send access dedicated network access request.
Step 104, the two dimensional code for the access request carrying that security server 200 sends mobile terminal 100 and movement The mark of terminal 100 is authenticated, and authorizes mobile terminal 100 to access dedicated network when authenticating successfully.
Security server 200 matches the mark of mobile terminal 100 with the mark of registered mobile terminal 100, will Access request carry two dimensional code carrying location information and mobile terminal 100 register target prevention and control region location information into Row matching, and the time factor and current time matches of two dimensional code carrying that access request is carried, when successful match via Public network sends the access information of dedicated network to mobile terminal 100 to authorize mobile terminal 100 to access dedicated network.
Step 105, mobile terminal 100 opens opening for zone of protection to the transmission of security server 200 via dedicated network Request.
Step 106, security server 200 authenticates open request, controls door via dedicated network when authenticating successfully Prohibit the open zone of protection of controller 300.
Security server 200 will send the mark and the mark of the mobile terminal 100 of record of the mobile terminal 100 of open request Knowledge is matched, the access net of access network device mark and record that the mobile terminal 100 for sending open request is accessed The mark of network equipment is matched, and the time for receiving open request is matched with the access time limit of record;Successful match When via the open prevention and control region of dedicated network access control controller 300;Optionally, security server 200 will receive open When the time and access time limit of record for putting request, it fails to match, is sent to mobile terminal 100 and access mentioning for dedicated network again Show information.
Optionally, safety problem verifying is carried out when 200 successful match of security server, via dedicated network when being proved to be successful Access control controller 300 opens prevention and control region, and enhancing gate inhibition verifies the reliability and safety of system;For example, mobile terminal 100 register the safety problem and answer of 100 user setting of mobile terminal by public network in security server 200;Safety The safety problem of corresponding mobile terminal 100 is sent to mobile terminal 100 via dedicated network by server 200, by mobile terminal 100 are matched via the answer that dedicated network is sent with the answer of registration, and successful match then determines that safety problem is verified.
Embodiment three
Gate inhibition's verifying of the present embodiment combination computer room is illustrated, and participates in Fig. 3, and the gate inhibition that the present embodiment is recorded verifies system Mainly by mobile terminal client terminal, (mobile terminal 100 in corresponding diagram 3, mobile terminal client terminal is by running of mobile terminal reality Now), security server 200,300 three parts of access controller are realized jointly, are illustrated separately below.
Security server 200
1, it is responsible for the audit of computer room access right information.
2, control computer room access control system (access controller 300) periodically shows dynamic two-dimension code, and the dynamic two-dimension code is by pacifying Full server 200 combines computer room location information, time factor encryption to generate, and has position characteristic, timeliness and uniqueness, only pacifies Full server 200 can realize information conversion to dynamic two-dimension code, scan the two dimension by the mobile terminal client terminal after logging in After code, it can just apply accessing dedicated WiFi network to security server 200.
3, mobile terminal client terminal (run and realized by mobile terminal 100) logs in security server 200 using the ID of registration, Security server 200 logs in the ID that uses to mobile terminal client terminal and authenticates, inquire the ID whether be reviewed it is logical The ID crossed, security server 200 allow the corresponding mobile terminal client terminal of the ID to log in;Pass through if the ID is not audited The corresponding mobile terminal client terminal of ID, the ID cannot log in;Mobile terminal client terminal does not have scanning machine under the state that is not logged in The permission of the dynamic two-dimension code of room entrance.
4, security server 200 carries out authentication identification to the two dimensional code sent from mobile terminal client terminal, judges machine Room location information, two dimensional code temporal information, if failed authentication, which may be forgery or failure;If authentication at Function, then the ID of mobile terminal client terminal is authenticated.
5, after security server 200 confirms the permission that the ID has the corresponding computer room of location information carried in two dimensional code, Access information (the access including access title namely dedicated WiFi network of dedicated WiFi network is provided to mobile terminal client terminal ID, access pin and the access time limit of equipment), it is ensured that access safety;Security server 200 records following information: distributing to shifting Dynamic client terminals access the ID of access device used in dedicated WiFi network, the ID of mobile terminal client terminal, granting access The time (authorization time) of information;If mobile terminal client terminal ID, which does not have the location information that two dimensional code carries, corresponds to computer room Permission, authentication will be unable to pass through, and security server 200 will not be believed to the access that mobile terminal client terminal provides dedicated WiFi network Breath (including access title and access pin), so that refusing mobile terminal client terminal accesses dedicated WiFi network.
6, security server 200 receives the request into computer room from mobile terminal client terminal and (carries request access WiFi equipment ID and access pin) when, compare the access device ID of the dedicated WiFi network of record, mobile terminal client terminal ID, Access pin Time Of Release;If with record matching but password time-out is (when namely the access pin of security server 200 is provided Between have exceeded the access time limit), security server 200 will refusal access, prompting mobile terminal client applies entering again, improves Safety;If meeting with record matching and access pin having not timed out (Time Of Release of access information is without departing from the access time limit), Security server 200 enters computer room set by user on problem random display to mobile terminal client terminal, mobile terminal client End by user on mobile terminal client terminal answer the problem of submit to security server 200, if answer with it is pre-set Answer matches, 200 access control controller 300 of security server is open, and user is allowed to enter computer room;If answer mistake, peace Full server 200 is not notified that access controller 300 will not open, into being rejected.
Mobile terminal client terminal
1, support that (operation of mobile terminal client terminal can be considered by moving in embodiment three in running of mobile terminal use The operation of terminal 100 is realized), the public network that mobile terminal can be used in mobile terminal client terminal connects and can detect public network The network environment of connection.
2, other than registering the application of ID of mobile terminal client terminal in security server 200, mobile terminal client terminal Other function, which needs to audit after the ID that passes through logs in security server 200 using security server 200, to be used, otherwise without Method obtains associated rights.
3, the setting for the answer that the application for registration of gate inhibition's access entitlements and computer room enter.
4, for mobile terminal client terminal after being logined successfully using ID, security server 200 can control the door of computer room entrance Prohibit controller 300 (being provided with two dimensional code display device) and shows that dynamic two-dimension code is scanned for mobile terminal client terminal, it is mobile After the completion of client terminals scanning, the ID used can will be logged in, the two dimensional code scanned is sent to security server 200 and reflects Power identification, the access authority of application-specific WiFi network.
5, the access information that mobile terminal client terminal receives the dedicated WiFi network from security server 200 (including connects Enter the effective time of title, access pin and access time limit namely access pin), it is public that mobile terminal client terminal prompts user to disconnect Network connection altogether, and require to access dedicated WiFi network.Mobile terminal client terminal detects already off public network and has connected After dedicated WiFi network, the ID for carrying login issues the application for entering computer room to security server 200.
6, mobile terminal client terminal is communicated by dedicated WiFi network with security server 200;If password exceeds The time limit is accessed, will be prompted to rescan two dimensional code to apply entering computer room;If password is without departing from access time limit, security server 200 send preset answer to mobile terminal client terminal, the answer that user submits in mobile terminal client terminal are obtained, wait pacify When the answer that the full confirmation of server 200 is submitted is consistent with the answer of default settings, control computer room access controller 300 opens computer room Channel controller, allow user enter;If the answer and preset answer that the confirmation of security server 200 is submitted are different It causes then to notify that mobile terminal client terminal gate inhibition will not open, user enters the feedback result being rejected
Access controller 300
1, access controller 300 controls the switch of Vomitory, mainly by channel controller, WiFi access device, two dimension Code display device composition.
2, the WiFi access device of mobile terminal client terminal connection access controller 300, is led to security server 200 Letter verifying.
3, access controller 300 (being provided with two dimensional code display device) obtains from security server 200 and shows dynamic two Code is tieed up, scanning accesses dedicated WiFi network and uses after logging in for mobile terminal client terminal.
4, after standby communication terminal client is by verifying, access controller 300 is notified (to be provided with by security server 200 Channel controller) open computer room Vomitory switch, allow user enter.
Multifactor gate inhibition based on two dimensional code verifies recognition methods logic flow, referring to fig. 4, comprising the following steps:
Step 201, mobile terminal client terminal is registered on security server 200.
Mobile terminal client terminal is connected using phone number as ID by public network and is infused on security server 200 Volume, the information (such as location information of computer room) for the computer room that registration application needs to enter, is arranged the access controller 300 of computer room Safe question and answer information.
Step 202, security server 200 registers the phone number of mobile terminal and safe question and answer information.
After the audit of security server 200 user information passes through, security server 200 asks the phone number of user and safety Information registration is answered, and memory mobile phone number is used for the identity of subsequent mobile terminal client terminal as the ID of mobile client Authentication.
Step 203, mobile terminal client terminal logs in security server 200.
Mobile terminal client terminal uses phone number to log in security server 200 as ID, and the authentication of security server 200 should Whether ID audits through (namely the ID whether registered), if audit is logged in by prompt to mobile terminal client terminal Success;If do not passed through, login failure is prompted to mobile terminal client terminal;If mobile terminal client terminal is in be not logged in state, It will be unable to the two dimensional code of access controller 300 (the being provided with two dimensional code display device) display of scanning computer room.
Step 204, the dynamic two-dimension code that the access controller 300 of the mobile terminal client terminal scanning computer room after login is shown (dynamic two-dimension code by security server 200 combine computer room location information, time factor encryption generate, have position characteristic, when Intersexuality and uniqueness, only security server 200 can be realized translation), ID (namely phone number), two dimensional code are sent to safety Server 200 is authenticated.
Security server 200 authenticates the two dimensional code for the computer room entrance that mobile terminal client terminal scans: judgement two dimension The Host equipment room information and time whether ink recorder room location information, two dimensional code temporal information are safeguarded with security server 200 are believed Breath matching, if information matches fail, failed authentication, the two dimensional code may be forged or be failed.
Step 205, security administration server authenticates the ID of mobile terminal client terminal.
If the ID is the ID for having passed through registration audit, according to the registration information of the ID (including computer room information Corresponding relationship) judge whether the ID has the permission of the corresponding computer room of the location information carried in two dimensional code, if it has, then pacifying Full server 200 provided to mobile terminal client terminal dedicated WiFi network access information (including access title, access pin and Access the time limit), it is ensured that access safety.
Security server 200 records the access device ID for the dedicated WiFi network for distributing to mobile terminal client terminal, movement Client terminals ID, Time Of Release;If the registration information of security management services maintenance shows: mobile terminal client terminal ID does not have the permission of computer room corresponding to the location information of two dimensional code, and authentication will be unable to pass through, and security server 200 will not be sent out Put the access information of dedicated WiFi network, refusal mobile terminal client terminal access.
Step 206, mobile terminal client terminal issues the Shen for entering computer room using dedicated WiFi network to security server 200 Please.
Mobile terminal client terminal receives dedicated WiFi access title, access pin and access from security server 200 Time limit, mobile terminal client terminal prompt user to disconnect public network network connection, and require to access dedicated WiFi network, mobile terminal visitor It detects already off public network and utilizes the dedicated WiFi network of access information access, carrying shifting after having connected dedicated network in family end The ID of dynamic client terminals issues the request for entering computer room to security server 200.
Step 207, the request that security server 200 enters computer room to mobile terminal client terminal authenticates.
After security server 200 receives the request via the mobile terminal client terminal of dedicated WiFi network transmission, note is compared Access device ID (namely access title), the mobile terminal client terminal ID, (access letter for the dedicated WiFi network of record provided Breath) Time Of Release (corresponding authorization time);If meeting still access pin time-out, security server 200 with record matching Refusal is accessed, prompting mobile terminal client applies entering again, improves safety;If meeting with record matching and accessing Password has not timed out, and computer room set by user is entered problem and is sent to mobile terminal client terminal at random for moving by security server 200 Dynamic client terminals are shown, if the answer and preset answer one of the answer for the user that mobile terminal client terminal is submitted It causes, access control controller 300 (being provided with channel controller) is open, and user is allowed to enter computer room;If mobile terminal client Hold the answer submitted and preset answer inconsistent, 200 access control controller 300 of security server (is provided with channel Controller) locking, refuse user and enters computer room.
If the continuous errors number of answer that mobile terminal client terminal is submitted is more than 3 times, security administration server is by the shifting Dynamic client terminals are freezed, and the mobile terminal client terminal is subsequent cannot to log in security server 200, or cannot apply into Enter computer room, prevents risk.
It is illustrated so that subscriber phone number is 13912345678 as an example again below, referring to Fig. 5, comprising the following steps:
Step 301, mobile terminal client terminal is objective as mobile terminal by 13912345678 in 4G network according to user's operation The ID at family end is registered to security server 200, applies for the permission of computer room A and 5 problems and answer is arranged.
Problem A, answer ABC
Problem B, answer CBA
Problem C, answer BAC
Problem D, answer ACB
Problem E, answer CAB
Step 302, the application that security server 200 enters computer room A to 13912345678 is audited, after the approval, 13912345678 corresponding mobile terminal client terminal ID obtain the permission for entering computer room A.
Step 303, mobile terminal client terminal is used under 4G network 1391234567 as logging in security server 200 ID uses the dynamic two-dimension code of the access controller 300 of mobile terminal client terminal scanning computer room A entrance, application after logining successfully Into computer room.
Step 304, security server 200 authenticates the ID of mobile terminal client terminal, sends dedicated WiFi network Access information is to mobile terminal client terminal.
After security server 200 receives the request from mobile client 13912345678, determine this 13912345678 ID security server 200 audit passed through and with computer room A access entitlements after, will to the client of the ID send it is dedicated The connection name JFA0101 and password 123456 of WiFi, while notifying WiFi network equipment, allow 13912345678 client Access network.Security server 200 records the number 13912345678 provided, access device ID JFA0101 and issues the time 20150601120000;
Step 305, after mobile terminal client terminal receives the access information that security server 200 returns, prompt user disconnected 4G network is opened, dedicated WiFi network JFA0101 is accessed.
Step 306, mobile terminal client terminal disconnects 4G network according to user's operation, is accessed using password 123456 dedicated WiFi network JFA0101.
After the completion of the detection of mobile terminal client terminal network, by the dedicated WiFi network, to security server 200 issue into Enter the request of computer room.
Step 307, after security server 200 takes in the request of computer room by dedicated WiFi network, mobile terminal is verified The ID of client.
Security server 200 is received by dedicated WiFi network into after the request of computer room, and mobile terminal client terminal is verified ID namely 13912345678, access network equipment ID JFA0101 and turn-on time 20150601120115, the letter of the ID Breath meets the safety regulation of security server 200, authenticates successfully, sends problem C at random to number 13912345678, carries out most Answer afterwards compares audit.
Step 308, mobile terminal client terminal submits user to answer to security server 200, answer BAC.
Step 309, the answer of 200 check problem C of security server, confirmation and the answer BAC mono- being arranged when user's registration It causes, access control controller 300 opens computer room, and user is allowed to enter.
In conclusion the embodiment of the present invention has the advantages that
The embodiment of the present invention uses dynamic two-dimension code, the dedicated channel WiFi, the peace encrypted using location information, time factor Full problem verifying and mobile terminal client terminal ID identification technology, realize the control of access permission, which uses multiple factors layer Layer verifying is lost even if mobile terminal occurs, and also because using answer comparison link, prevents illegally obtaining for access permission .It uses private network simultaneously to access, the process of verifying has very high safety;
The technical application of dynamic two-dimension code secure accessing and a variety of verification factors to gate inhibition is verified into identification field, is proposed Gate inhibition verify identification thinking, in the way of dynamic two-dimension code with dedicated WiFi network access control, answer verification method into Row gate inhibition verifies the solution of identification, i.e., realizes connecing for dedicated WiFi network by the dynamic two-dimension code that security server generates Enter, answers user and set gate inhibition's verifying identification technology that problem carries out answer comparison;
Encryption dynamic two-dimension code containing location information, time factor realizes that secure accessing, dedicated WiFi network improve line Road safety, answer verification audit multiple factors verifying solve the safety identification of gate inhibition.It is higher by the method safety, audit It is more careful, to realize the safety management of gate inhibition's verifying;More importantly even if this is lost using mobile terminal after invention It loses, can still be taken precautions against by the audit link that answer verifies, improve the safety of gate inhibition's verifying.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned include: movable storage device, it is random Access memory (RAM, Random Access Memory), read-only memory (ROM, Read-Only Memory), magnetic disk or The various media that can store program code such as person's CD.
If alternatively, the above-mentioned integrated unit of the present invention is realized in the form of software function module and as independent product When selling or using, it also can store in a computer readable storage medium.Based on this understanding, the present invention is implemented The technical solution of example substantially in other words can be embodied in the form of software products the part that the relevant technologies contribute, The computer software product is stored in a storage medium, including some instructions are used so that computer equipment (can be with It is personal computer, server or network equipment etc.) execute all or part of each embodiment the method for the present invention. And storage medium above-mentioned includes: that movable storage device, RAM, ROM, magnetic or disk etc. are various can store program code Medium.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (10)

1. a kind of gate inhibition verifies system, which is characterized in that the system comprises: mobile terminal, access controller and security service Device;Wherein,
The entrance of zone of protection is arranged in the access controller, is used for Dynamically Announce two dimensional code;Wherein, the two dimensional code base It encrypts to obtain in the location information and time factor of the zone of protection;
The mobile terminal scans the two dimensional code of the access controller Dynamically Announce for obtaining scanning permission;Based on being swept The two dimensional code retouched, the access request for sending access dedicated network to the security server via public network;Access institute Dedicated network is stated, sends the open request for opening the zone of protection to the security server via the dedicated network;
The security server, the access request for sending to the mobile terminal are authenticated, are awarded when authenticating successfully It weighs the mobile terminal and accesses the dedicated network;The open request is authenticated, via described dedicated when authenticating successfully The open zone of protection of access controller described in network-control;
Wherein, the security server is also used to send the mark and the movement of record of the mobile terminal of the open request The mark of terminal is matched, the access network device mark and record that the mobile terminal for sending the open request is accessed The mark of access network device matched, and the access time limit of the time and record of the open request will be received Match;The open zone of protection of the access controller is controlled via the dedicated network when successful match.
2. gate inhibition as described in claim 1 verifies system, which is characterized in that
The mobile terminal is also used to register the mark of the mobile terminal in the security server by the public network And the location information in Target Protection region;
The security server is also used to location information and time factor based on the zone of protection and is encrypted moved The dynamic two dimensional code is sent to the access controller via the dedicated network for the gate inhibition by the two dimensional code of state Controller is shown;
The security server is also used to match the mark of the mobile terminal with the mark of registered mobile terminal, The position in the Target Protection region of the location information and mobile terminal registration for the two dimensional code carrying that the access request is carried Confidence breath is matched, and the time factor and current time progress of the two dimensional code carrying that the access request is carried Match;The access information of the dedicated network is sent to authorize to the mobile terminal via the public network when successful match It states mobile terminal and accesses the dedicated network.
3. gate inhibition as claimed in claim 2 verifies system, which is characterized in that
The security server is also used to the access device identification of the dedicated network, access pin and the access is close The access time limit of code is sent to the mobile terminal via the public network, and records access title, the mobile terminal The Time Of Release of mark and the access information.
4. gate inhibition as claimed in claim 3 verifies system, which is characterized in that
The security server, be also used in successful match carry out safety problem verifying, when safety problem is proved to be successful via The dedicated network controls the open zone of protection of the access controller;
The security server, is also used to that it fails to match in the access time limit of the time and record that will receive the open request When, Xiang Suoshu mobile terminal sends the prompt information for accessing the dedicated network again.
5. gate inhibition as claimed in claim 4 verifies system, which is characterized in that
The mobile terminal is also used to set by the public network in the security server registration mobile terminal user The safety problem and answer set;
The security server is also used to correspond to the safety problem of mobile terminal user's setting via the dedicated network It is sent to the mobile terminal, the answer progress of answer and registration that the mobile terminal is sent via the dedicated network Match;Successful match then determines that safety problem is verified.
6. a kind of gate inhibition's verification method, which is characterized in that the described method includes:
Acquisition for mobile terminal scans permission, scans the two dimensional code of access controller Dynamically Announce, and the two dimensional code is based on guard plot The location information and time factor in domain obtain;Based on the two dimensional code scanned, via public network to security server Send the access request of access dedicated network;
The security server authenticates the access request that the mobile terminal is sent, when authenticating successfully described in authorization Mobile terminal accesses the dedicated network;
The mobile terminal opens opening for the zone of protection to security server transmission via the dedicated network and asks It asks;
The security server authenticates the open request, controls the door via the dedicated network when authenticating successfully Prohibit the open zone of protection of controller;
Wherein, the security server authenticates the open request, controls when authenticating successfully via the dedicated network The open zone of protection of the access controller, comprising:
The security server will send the mobile terminal of the open request mark with record mobile terminal mark into Row matching sets the access network of access network device mark and record that the mobile terminal for sending the open request is accessed Standby mark is matched, and the time for receiving the open request is matched with the access time limit of record;Successful match When via the dedicated network control the open zone of protection of the access controller.
7. gate inhibition's verification method as claimed in claim 6, which is characterized in that the method also includes:
The mobile terminal registers the mark and mesh of the mobile terminal by the public network in the security server Mark the location information of zone of protection;
Location information and time factor of the security server based on the zone of protection are encrypted to obtain dynamic two Code is tieed up, the dynamic two dimensional code is sent to the access controller via the dedicated network for the access controller Display;
The security server authenticates the access request that the mobile terminal is sent, when authenticating successfully described in authorization Mobile terminal accesses the dedicated network, comprising:
The security server matches the mark of the mobile terminal with the mark of registered mobile terminal, connects described Enter request carry two dimensional code carrying location information and the mobile terminal registration Target Protection region location information into Row matches, and the time factor and current time matches of the two dimensional code carrying that the access request is carried;When successful match The access information of the dedicated network is sent to authorize the mobile terminal to connect to the mobile terminal via the public network Enter the dedicated network.
8. gate inhibition's verification method as claimed in claim 6, which is characterized in that described to authorize the mobile terminal when authenticating successfully Access the dedicated network, comprising:
The security server is by the access device identification of the dedicated network, the access of access pin and the access pin Time limit is sent to the mobile terminal via the public network, and record access title, the mark of the mobile terminal and The Time Of Release of the access information.
9. gate inhibition's verification method as claimed in claim 8, which is characterized in that the method also includes:
Safety problem verifying is carried out when successful match, controls the gate inhibition via the dedicated network when safety problem is proved to be successful The open zone of protection of controller;
The security server is when the access time limit of the time and record that will receive the open request, it fails to match, to institute It states mobile terminal and sends the prompt information for accessing the dedicated network again.
10. gate inhibition's verification method as claimed in claim 9, which is characterized in that the progress safety problem verifying, comprising:
The mobile terminal registers the peace of mobile terminal user's setting by the public network in the security server Full problem and answer;
The safety problem of correspondence mobile terminal user's setting is sent to by the security server via the dedicated network The mobile terminal matches the answer that the mobile terminal is sent via the dedicated network with the answer of registration; Then determine that safety problem is verified with success.
CN201510925232.2A 2015-12-11 2015-12-11 Gate inhibition verifies system and its gate inhibition's verification method Active CN106875515B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510925232.2A CN106875515B (en) 2015-12-11 2015-12-11 Gate inhibition verifies system and its gate inhibition's verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510925232.2A CN106875515B (en) 2015-12-11 2015-12-11 Gate inhibition verifies system and its gate inhibition's verification method

Publications (2)

Publication Number Publication Date
CN106875515A CN106875515A (en) 2017-06-20
CN106875515B true CN106875515B (en) 2019-10-29

Family

ID=59178489

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510925232.2A Active CN106875515B (en) 2015-12-11 2015-12-11 Gate inhibition verifies system and its gate inhibition's verification method

Country Status (1)

Country Link
CN (1) CN106875515B (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109191616A (en) * 2017-07-07 2019-01-11 安徽德诺科技股份公司 intelligent lock system
CN107437285A (en) * 2017-08-01 2017-12-05 黎志瀛 A kind of cloud hotel management and control system
CN107393091A (en) * 2017-08-01 2017-11-24 黎志瀛 The intelligent control device of door lock that a kind of having electronic ink is shown
CN107256584A (en) * 2017-08-08 2017-10-17 黎志瀛 The door lock control system that a kind of dynamic code is shown
CN107798761A (en) * 2017-11-28 2018-03-13 成都万云互联科技有限公司 The intelligence system that a kind of barcode scanning is opened the door
CN107967740A (en) * 2017-12-12 2018-04-27 江苏飞视文化发展有限公司 A kind of gate inhibition
CN108053539A (en) * 2018-01-19 2018-05-18 南京西西科技有限公司 Access control method, access control system and access control mobile client
CN108230512A (en) * 2018-01-22 2018-06-29 成都清轻信息技术有限公司 Security certificate unlocking system and method based on sound wave Streaming Media
CN108305364A (en) * 2018-02-02 2018-07-20 万众科技有限公司 One kind is self-service to move in method, mobile terminal and server
CN108921988B (en) * 2018-06-25 2021-04-02 西安石油大学 Door lock system and control method
CN109147204B (en) * 2018-08-16 2020-10-23 青海华职康健康科技有限公司 Automatic personal protective product issuing method and system
CN109859358A (en) * 2019-01-31 2019-06-07 深圳市多度科技有限公司 Door-access control method and device, electronic equipment, computer readable storage medium
CN110992554A (en) * 2019-12-10 2020-04-10 温州市美拉五金有限公司 Enterprise access control management method, device, equipment and medium
CN112767577B (en) * 2020-12-23 2022-05-27 广州技象科技有限公司 Access control unlocking method and device based on narrowband Internet of things
CN112687040A (en) * 2020-12-31 2021-04-20 广州技象科技有限公司 Access control method, device, equipment and storage medium based on narrow-band Internet of things
CN114220206A (en) * 2021-12-08 2022-03-22 全民认证科技(杭州)有限公司 Intelligent access control method and system suitable for multiple scenes
CN114283511A (en) * 2021-12-27 2022-04-05 上海益邦智能技术股份有限公司 Wisdom garden discrepancy management equipment based on 5G and AI technique

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7380279B2 (en) * 2001-07-16 2008-05-27 Lenel Systems International, Inc. System for integrating security and access for facilities and information systems
CN102215487A (en) * 2010-04-09 2011-10-12 国际商业机器公司 Method and system safely accessing to a private network through a public wireless network
CN103903316A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 Intelligent access control system and access control method thereof
CN104637121A (en) * 2013-11-07 2015-05-20 南京中兴力维软件有限公司 Base station access control management method and system based on two-dimension code application
CN104966340A (en) * 2015-06-19 2015-10-07 深圳市幸福立方科技有限公司 Access control system, access control method and cloud service platform

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447907A (en) * 2008-10-31 2009-06-03 北京东方中讯联合认证技术有限公司 VPN secure access method and system thereof
CN104504767A (en) * 2014-11-26 2015-04-08 广东安居宝数码科技股份有限公司 Check-in information verification method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7380279B2 (en) * 2001-07-16 2008-05-27 Lenel Systems International, Inc. System for integrating security and access for facilities and information systems
CN102215487A (en) * 2010-04-09 2011-10-12 国际商业机器公司 Method and system safely accessing to a private network through a public wireless network
CN103903316A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 Intelligent access control system and access control method thereof
CN104637121A (en) * 2013-11-07 2015-05-20 南京中兴力维软件有限公司 Base station access control management method and system based on two-dimension code application
CN104966340A (en) * 2015-06-19 2015-10-07 深圳市幸福立方科技有限公司 Access control system, access control method and cloud service platform

Also Published As

Publication number Publication date
CN106875515A (en) 2017-06-20

Similar Documents

Publication Publication Date Title
CN106875515B (en) Gate inhibition verifies system and its gate inhibition's verification method
US9426653B2 (en) Secure remote access using wireless network
CN107231346A (en) A kind of method of cloud platform identification
US8896416B1 (en) Utilizing a mobile device to operate an electronic locking mechanism
CA2744971C (en) Secure transaction authentication
US20140189807A1 (en) Methods, systems and apparatus to facilitate client-based authentication
EP2579220A1 (en) Entrance guard control method and system thereof
CN101212296B (en) Certificate and SIM based WLAN access authentication method and system
CN108650212A (en) A kind of Internet of Things certification and access control method and Internet of Things security gateway system
CN105827573B (en) System, method and the relevant apparatus of internet of things equipment strong authentication
US20120144189A1 (en) Wlan authentication method, wlan authentication server, and terminal
KR101451359B1 (en) User account recovery
CN107211026A (en) It is intended to the method and apparatus of checking for the user authentication in mobile device and the mankind
CN105357186B (en) A kind of secondary authentication method based on out-of-band authentication and enhancing OTP mechanism
CN104994118A (en) WiFi authentication system and method based on dynamic password
CN105868975B (en) Management method, management system and the mobile terminal of electronic banking account
DK2924944T3 (en) Presence authentication
CN103201998A (en) Data processing for securing local resources in a mobile device
CN103856332A (en) Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication
CN104700479B (en) Guard method based on band authentication
CN105681259A (en) Open authorization method and apparatus and open platform
CN109920100A (en) A kind of smart lock method for unlocking and system
WO2017075450A1 (en) Preventing attacks from false base stations
CN107786978B (en) NFC authentication system based on quantum encryption
CN101854357B (en) Method and system for monitoring network authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant