CN107231340B - Data interaction method and system - Google Patents
Data interaction method and system Download PDFInfo
- Publication number
- CN107231340B CN107231340B CN201611059517.3A CN201611059517A CN107231340B CN 107231340 B CN107231340 B CN 107231340B CN 201611059517 A CN201611059517 A CN 201611059517A CN 107231340 B CN107231340 B CN 107231340B
- Authority
- CN
- China
- Prior art keywords
- information
- authenticated
- control device
- authentication
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Abstract
The invention provides a data interaction method and a system, wherein the method comprises the following steps: the method comprises the steps that a first server receives first information sent by a client; the first server distributes a target user for the position information, determines the identity information of the target user, and sends second information to the second server; the second server receives the second information and stores the second information; the authority control device detects that the first information carrier to be authenticated enters a detection range, and reads the first information to be authenticated from the first information carrier to be authenticated; the authority control device acquires the position information to be authenticated and sends an authentication request to the second server; the second server receives the authentication request, performs first authentication on the identity information to be authenticated by using the stored identity information of the target user, performs second authentication on the position information to be authenticated by using the stored position information, and sends an authentication passing response to the authority control device after the first authentication and the second authentication pass; and the authorization control device receives the authentication passing response and executes authorization operation.
Description
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to a data interaction method and system.
Background
At present, in order to improve the security of a community, entrance doors of gates of some communities and entrances of buildings in the community are generally provided with entrance guards. The owner who lives in the district uses the entrance guard card issued by the district to normally go in and out the district and the building, and the personnel without the entrance guard card can not enter the district.
With the rapid development of the internet, more and more users choose to purchase goods through the internet, make an online reservation for takeout, or apply for electrical equipment maintenance on the internet, and when a service person, such as a courier or a repairman, needs to provide service at a location in a cell with a door, the service person usually cannot enter the cell. How to enable a service person without access authority to enter a cell when providing services for users is an urgent problem to be solved, and meanwhile, the security of the management of the cell is not affected.
Disclosure of Invention
The present invention is directed to solving the above problems.
The invention mainly aims to provide a data interaction method;
another object of the present invention is to provide a data interaction system.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
in the aspect of the present invention, the scheme 1 provides a data interaction method, including: the method comprises the steps that a first server receives first information sent by a client, wherein the first information comprises position information; the first server distributes a target user for the position information, determines identity information of the target user, and sends second information to a second server, wherein the second information comprises: the location information and the identity information of the target user; the second server receives the second information and stores the second information; the authority control device detects that a first information carrier to be authenticated enters a detection range, and reads first information to be authenticated from the first information carrier to be authenticated, wherein the first information to be authenticated comprises: identity information to be authenticated; the authority control device acquires the position information to be authenticated and sends an authentication request to the second server, wherein the authentication request comprises: the position information to be authenticated and the identity information to be authenticated; the second server receives the authentication request, performs first authentication on the identity information to be authenticated by using the stored identity information of the target user, performs second authentication on the position information to be authenticated by using the stored position information, and sends an authentication passing response to the authority control device after the first authentication and the second authentication pass; and the authority control device receives the authentication passing response and executes authorization operation.
Scheme 2 the method of scheme 1, further comprising: after the authority control device executes authorization operation, sending a security processing instruction to the second server; the second server receives the safety processing instruction, deletes the stored second information or sets the state of the second information as a failure state; or the second server deletes the stored second information or sets the state of the second information to be a failure state after the first authentication and the second authentication pass.
Scheme 3, according to the method of scheme 1, the method for acquiring location information to be authenticated by the authority control device includes: the authority control device acquires the position information of the authority control device, and the position information of the authority control device is the position information to be authenticated.
Scheme 4, the method according to scheme 1, where the permission control device obtains location information to be authenticated, includes: the authority control device detects that a second information carrier to be authenticated enters a detection range, and reads second information to be authenticated from the second information carrier to be authenticated, wherein the second information to be authenticated comprises: location information to be authenticated.
Scheme 5, the method according to any of schemes 1 to 4, where the authorization control device receives the authentication pass response, and performs an authorization operation, including: and after receiving the authentication passing response, the authority control device judges whether the time reached by timing exceeds a specified time or not, and if not, the authority control device executes authorization operation, wherein the timing is started after the authority control device sends an authentication request to the second server.
Scheme 6 shows that according to the method of any one of schemes 1 to 4, the first information carrier to be authenticated is an identity card, a graphic code carrying identity information, a bar code carrying identity information, or a biological characteristic.
Scheme 7, the method of any of schemes 1-4, further comprising: and after receiving the authentication passing response, the authority control device sends the identity information to be authenticated to the client.
In the aspect of the present invention, in scheme 8, a data interaction system is provided, which includes: the first server is used for receiving first information sent by a client, wherein the first information comprises position information; allocating a target user to the position information, determining identity information of the target user, and sending second information to a second server, wherein the second information comprises: the location information and the identity information of the target user; the second server is used for receiving the second information and storing the second information; the authority control device is used for detecting that the first information carrier to be authenticated enters a detection range, and reading the first information to be authenticated from the first information carrier to be authenticated, wherein the first information to be authenticated comprises: identity information to be authenticated; obtaining the position information to be authenticated, and sending an authentication request to the second server, wherein the authentication request comprises: the position information to be authenticated and the identity information to be authenticated; the second server is further configured to receive the authentication request, perform first authentication on the identity information to be authenticated by using the stored identity information of the target user, perform second authentication on the location information to be authenticated by using the stored location information, and send an authentication passing response to the permission control device after both the first authentication and the second authentication pass; and the authority control device is also used for receiving the authentication passing response and executing the authorization operation.
Scheme 9, the system according to scheme 8, the authority control device, further configured to send a security processing instruction to the second server after performing an authorization operation; the second server is further configured to receive the security processing instruction, delete the stored second information, or set the state of the second information to a failure state; or the second server is further configured to delete the stored second information or set the state of the second information to be a failure state after the first authentication and the second authentication pass.
The system according to claim 10 and 8, wherein the authority control device is specifically configured to obtain location information of the authority control device itself, and the location information of the authority control device itself is the location information to be authenticated.
Scheme 11, the system according to scheme 8, the authority control device is specifically configured to detect that a second information carrier to be authenticated enters a detection range, and read second information to be authenticated from the second information carrier to be authenticated, where the second information to be authenticated includes: location information to be authenticated.
The system according to claim 12 or any one of claims 8 to 11, wherein the authorization control device is specifically configured to determine whether a time when a time count is reached exceeds a predetermined time after receiving the authentication pass response, and if not, execute an authorization operation, where the time count is started after the authorization control device sends an authentication request to the second server.
Scheme 13 and the system according to any one of schemes 8 to 11, wherein the first information carrier to be authenticated is an identity card, a graphic code carrying identity information, a bar code carrying identity information, or a biometric feature.
The system according to any one of claims 14 and 8 to 11, wherein the authorization control device is further configured to send the identity information to be authenticated to the client after receiving the authentication pass response.
It can be seen from the above technical solutions that, after receiving the location information sent by the client, the first server allocates a target user and sends the identity information of the target user to the second server, where the target user is a person (e.g., a delivery person or a meal delivery person) who provides service for a client located in the location information, and after the target user arrives at the location of the authority control device, the first information carrier to be authenticated is placed in the detection area of the authority control device, and the authority control device detects and reads the identity information to be authenticated, acquires the location information to be authenticated, and requests the second server to authenticate the target user, and if the authentication is passed, performs an authorization operation. Therefore, in a cell provided with an access control (the access control is an access control device), even if a target user (such as a delivery person or a food delivery person and the like) does not have an access card of the cell, the scheme of the invention can be adopted to send the identity information of the target user to the second server through the first server, and the access control requests the second server to authenticate the target user, if the authentication is passed, the target user obtains authorization to enter the cell, on one hand, a client enjoying the service provided by the target user does not need to go out to open the access control for the target user, convenience is provided for the client, on the other hand, the target user obtains authorization to enter after the client enters the cell through the authentication of the second server, and the security is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of a data interaction method provided in embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of a data interaction system provided in embodiment 2 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
For the convenience of understanding the present invention, the following briefly introduces possible application scenarios in the present embodiment:
scenarios to which the present embodiment is applicable include, but are not limited to: the system comprises a client, a first server, a second server and a permission control device; a customer purchases a service (e.g., online shopping, online ordering, etc.) online via a client, the client sends location information (e.g., a shipping address) to a first server, the first server assigns a target user (e.g., a courier) to the location information, and sends the identity information and the position information of the target user to a second server, the target user holds a first information carrier to be authenticated, when the target user reaches the position of the authority control device, the authority control device sends an authentication request for authenticating the identity of the target user to the second server, the second server authenticates the target user by using the identity information and the position information of the target user, and returns an authentication pass response to the rights control unit, which authorizes the target user (e.g., opens a door lock so that the target user may enter).
Example 1
The present embodiment provides a data interaction method, as shown in fig. 1, the method includes the following steps:
101. the method comprises the steps that a first server receives first information sent by a client, wherein the first information comprises position information;
the first server in this embodiment may communicate with the client. The first server may be a server providing online services such as online supermarkets and online food ordering, the client may be an application program for realizing online ordering, shopping or food ordering, and the client may be installed on a device (e.g., a PC, a mobile phone, a palmtop computer, etc.) held by a user.
In this embodiment, the first information may be order information, and the location information may be an order address; for example, when shopping online, the location information is specifically a delivery address, when ordering online, the location information is specifically a delivery address, and the like. In different application scenarios, the location information may represent address information with different meanings, and is not limited herein.
In addition, the first information may further include information such as an order number, order details, an order amount, an order date, a user name for placing an order, and the like, which is not limited herein.
102. The first server distributes a target user for the position information, determines identity information of the target user, and sends second information to a second server, wherein the second information comprises: the location information and the identity information of the target user;
in this embodiment, the target user is a person who provides corresponding service for the customer located in the location information, for example, when shopping online, the target user is specifically a deliverer, when ordering online, the location information is specifically a deliverer, and the like. The target user may represent a person providing different services for different application scenarios, which is not limited herein.
The identity information of the target user in this embodiment may be identity card information or may be any kind of biometric information such as fingerprint information, palm print information, or iris information. The identity card information at least comprises an identity card number, and the identity card information can be read from an identity card, or can be read from an order graphic code or an order single linear code carrying the identity card information.
In this embodiment, the second server may be configured to manage the access control device, for example, in a cell with an access control, the access control device may be an access control, and the second server may be a server that can implement data interaction and management for the access control.
In this embodiment, the first server and the second server are independent servers, and the respective functions are different. The first server is used for providing network services such as online shopping and online ordering, the second server is used for performing data interaction and management on the authority control device, and the first server and the second server can be communicated through a wireless network or a wired network.
103. The second server receives the second information and stores the second information;
in this embodiment, the second server stores the received location information and the identity information of the target user, so that when the subsequent permission control device requests to authenticate the target user, the location information and the identity information of the target user are used to authenticate the identity of the target user.
104. The authority control device detects that a first information carrier to be authenticated enters a detection range, and reads first information to be authenticated from the first information carrier to be authenticated, wherein the first information to be authenticated comprises: identity information to be authenticated;
in this embodiment, the access control device may be an access control device.
The authority control device is provided with a module supporting an information reading function, for example, the module can be an identity card reading module reading identity card information, correspondingly, the first information carrier to be authenticated is an identity card, and the read first information to be authenticated is identity card information; for example, the module is a code scanning module, correspondingly, the first information carrier to be authenticated can be an order graphic code or an order bar code or the like carrying identity information, and the read first information to be authenticated can be identity information of a target user read from the order graphic code or the order bar code; for another example, the module may be a biometric reading module that reads a biometric, and accordingly, the first information carrier to be authenticated is a biometric, and the read first information to be authenticated is biometric information. The biological characteristics can be fingers, and the corresponding biological characteristic information can be fingerprints; or, the biological characteristic may be a palm, and the corresponding biological characteristic information may be a palm print; alternatively, the biometric characteristic may be an eye, and the corresponding biometric information may be an iris, etc., without limitation.
105. The authority control device acquires the position information to be authenticated and sends an authentication request to the second server, wherein the authentication request comprises: the position information to be authenticated and the identity information to be authenticated;
in this embodiment, there are many ways for the authority control device to acquire the location information to be authenticated, and refer to the following description specifically.
In this embodiment, the authorization control device and the second server may communicate through a wired connection, such as a network connection, or may communicate through a wireless network, such as a mobile network, an intra-cell local area network, and the like.
106. The second server receives the authentication request, performs first authentication on the identity information to be authenticated by using the stored identity information of the target user, performs second authentication on the position information to be authenticated by using the stored position information, and sends an authentication passing response to the authority control device after the first authentication and the second authentication pass;
in this embodiment, the stored identity information of the target user is used to perform the first authentication on the identity information to be authenticated, which may be implemented as follows: and judging whether the stored identity information of the target user is consistent with the identity information to be authenticated, if so, passing the first authentication, and if not, failing to pass the first authentication.
In this embodiment, the second authentication of the location information to be authenticated by using the stored location information may be implemented as follows: and judging whether the stored position information is consistent with the position information to be authenticated, if so, passing the second authentication, and if not, failing to pass the second authentication.
107. And the authority control device receives the authentication passing response and executes authorization operation.
In this embodiment, when the access control device is an access control device, the authorization execution operation may be as follows: and (5) unlocking the door lock.
In this embodiment, after receiving the location information sent by the client, the first server allocates a target user and sends the identity information of the target user to the second server, where the target user is a person (for example, a delivery person or a meal delivery person) who provides service for a client located in the location information, and when the target user arrives at a location where the authority control device is located, the authority control device places the first information carrier to be authenticated in a detection area of the authority control device, detects and reads the identity information to be authenticated, obtains the location information to be authenticated, and requests the second server to authenticate the target user, and if the authentication passes, performs an authorization operation. Therefore, in a cell provided with an access control (the access control is an authority control device), even if a target user (such as a delivery person or a food delivery person and the like) does not have an access card of the cell, identity information of the target user can be sent to a second server through a first server, the second server is requested by the access control to authenticate the target user, and if the authentication is passed, the target user is authorized to enter the cell.
As an optional implementation manner of this embodiment, to improve the security of the authorization operation, for example, after the authorization control device performs the authorization operation, the method further includes the following steps: sending a security processing instruction to the second server; the second server receives the safety processing instruction, deletes the stored second information or sets the state of the second information as a failure state; or, for example, after the first authentication and the second authentication pass, the method further includes the following steps: and the second server deletes the stored second information or sets the state of the second information as a failure state.
In the embodiment, after the current authentication or authorization operation is executed, the stored second information is deleted, so that the second information cannot be used any more for the next authentication or authorization in the subsequent process, or the state of the second information is set to be a failure state, that is, the second information is failed after being used for the operation of one authentication and authorization, and then the second information cannot be used again for the next authentication or authorization, thereby preventing the second information from being illegally used again for the authentication and authorization in the subsequent process.
As an optional implementation manner of this embodiment, to further ensure the security of the authorization operation, and also to set a time limit for the authorization operation, the authorization control device receives the authentication pass response, and executes the authorization operation, specifically implemented by the following manner: and after receiving the authentication passing response, the authority control device judges whether the time reached by timing exceeds a specified time or not, and if not, the authority control device executes authorization operation, wherein the timing is started after the authority control device sends an authentication request to the second server.
For example, the time when the authorization control device sends the authentication request to the second server is 9 am, the time measurement is started at this time, the predetermined time may be set to 12 am, if the time when the authorization control device measures the time does not exceed 12 am when the authentication passing response sent by the second server is received, the authorization operation is allowed to be executed, and if the time exceeds 12 am, the authorization operation is not executed even if the authentication passing response is received.
As an optional implementation manner of this embodiment, the authority control device may acquire the to-be-authenticated location information by using the following manner: the authority control device acquires the position information of the authority control device, and the position information of the authority control device is the position information to be authenticated. In the embodiment, the authority control device does not need to acquire the position information to be authenticated from the outside, and the scheme is simple. After the authority control device reads the identity information, the target user is shown to reach the position of the authority control device, so that the position information of the authority control device can be used for representing the position of the target user, namely being used as the position information to be authenticated, and the position information is sent to a second server by the authority control device for second authentication.
As an optional implementation manner of this embodiment, the permission control device may acquire the location information to be authenticated, and may further adopt the following manner: the authority control device detects that a second information carrier to be authenticated enters a detection range, and reads second information to be authenticated from the second information carrier to be authenticated, wherein the second information to be authenticated comprises: location information to be authenticated.
In this embodiment, the second information carrier to be authenticated includes an order graphic code or an order barcode carrying position information (such as a delivery address), and the right control device may read the delivery address from the order graphic code or the order barcode, where the delivery address is equivalent to the position information to be authenticated. In this embodiment, the authorization control device obtains the location information to be authenticated by reading the second information carrier to be authenticated, which carries the location information externally. It should be noted that, in this embodiment, when both the first information carrier to be authenticated and the second information carrier to be authenticated carry the identity information and the location information of the target user, the first information carrier to be authenticated and the second information carrier to be authenticated may be the same carrier, for example, both the first information carrier to be authenticated and the second information carrier to be authenticated are order graphic codes or order bar codes, and when the order graphic codes or the order bar codes carry the identity information and the location information of the target user, the authority control device may obtain the identity information of the target user and may also obtain the location information by scanning the codes. Of course, the first information carrier to be authenticated and the second information carrier to be authenticated may be different carriers, for example, the first information carrier to be authenticated is an identity card of a target user, the second information carrier to be authenticated is an order graphic code or an order barcode, and the order graphic code or the order barcode carries location information.
As an optional implementation manner of this embodiment, after the authorization control device receives the authentication passing response, the method further includes the following steps: and sending the identity information to be authenticated to the client. In this embodiment, the authorization control device receives the authentication pass response, which indicates that the to-be-authenticated identity information is consistent with the identity information of the target user, at this time, the authorization control device sends the to-be-authenticated identity information (that is, the identity information of the target user) to the client, so that the client can prompt the client that the target user passes the authorization, for example, after the entrance guard receives the authentication pass response, the entrance guard sends the identity information of the courier to the client, so that the client can prompt the courier that the courier passes the authentication, and delivery of goods is to be performed.
Example 2
This embodiment provides a data interaction system, which can be used to execute the data interaction method in embodiment 1, as shown in fig. 2, the system includes: a first server 11, a second server 12 and a right control device 13;
wherein: the first server 11 is configured to receive first information sent by a client, where the first information includes location information; allocating a target user to the position information, determining identity information of the target user, and sending second information to a second server, wherein the second information comprises: the location information and the identity information of the target user;
the second server 12 is configured to receive the second information and store the second information;
an authority control device 13, configured to detect that the first information carrier to be authenticated enters the detection range, and read the first information to be authenticated from the first information carrier to be authenticated, where the first information to be authenticated includes: identity information to be authenticated; acquiring the location information to be authenticated, and sending an authentication request to the second server 12, where the authentication request includes: the position information to be authenticated and the identity information to be authenticated;
the second server 12 is further configured to receive the authentication request, perform first authentication on the to-be-authenticated identity information by using the stored identity information of the target user, perform second authentication on the to-be-authenticated location information by using the stored location information, and send an authentication passing response to the authorization control device 13 after both the first authentication and the second authentication pass;
the authority control device 13 is further configured to receive the authentication passing response and perform an authorization operation.
The first server in this embodiment may communicate with the client. The first server may be a server providing online services such as online supermarkets and online food ordering, the client may be an application program for realizing online ordering, shopping or food ordering, and the client may be installed on a device (e.g., a PC, a mobile phone, a palmtop computer, etc.) held by a user.
In this embodiment, the first information may be order information, and the location information may be an order address; for example, when shopping online, the location information is specifically a delivery address, when ordering online, the location information is specifically a delivery address, and the like. In different application scenarios, the location information may represent address information with different meanings, and is not limited herein.
In addition, the first information may further include information such as an order number, order details, an order amount, an order date, a user name for placing an order, and the like, which is not limited herein.
In this embodiment, the target user is a person who provides corresponding service for the customer located in the location information, for example, when shopping online, the target user is specifically a deliverer, when ordering online, the location information is specifically a deliverer, and the like. The target user may represent a person providing different services for different application scenarios, which is not limited herein.
The identity information of the target user in this embodiment may be identity card information or may be any kind of biometric information such as fingerprint information, palm print information, or iris information.
In this embodiment, the second server may be configured to manage the access control device, for example, in a cell with an access control, the access control device may be an access control, and the second server may be a server that can implement data interaction and management for the access control.
In this embodiment, the first server and the second server are independent servers, and the respective functions are different. The first server is used for providing network services such as online shopping and online ordering, the second server is used for performing data interaction and management on the authority control device, and the first server and the second server can be communicated through a wireless network or a wired network.
In this embodiment, the second server stores the received location information and the identity information of the target user, so that when the subsequent permission control device requests to authenticate the target user, the location information and the identity information of the target user are used to authenticate the identity of the target user.
In this embodiment, the access control device may be an access control device.
The authority control device is provided with a module supporting an information reading function, for example, the module can be an identity card reading module reading identity card information, correspondingly, the first information carrier to be authenticated is an identity card, and the read first information to be authenticated is identity card information; for example, the module is a code scanning module, correspondingly, the first information carrier to be authenticated may be an order graphic code or an order barcode carrying order information, and the read first information to be authenticated may be identity information of a target user read from the order graphic code or the order barcode; for another example, the module may be a biometric reading module that reads a biometric, and accordingly, the first information carrier to be authenticated is a biometric, and the read first information to be authenticated is biometric information. The biological characteristics can be fingers, and the corresponding biological characteristic information can be fingerprints; or, the biological characteristic may be a palm, and the corresponding biological characteristic information may be a palm print; alternatively, the biometric characteristic may be an eye, and the corresponding biometric information may be an iris, etc., without limitation.
In this embodiment, there are many ways for the authority control device to acquire the location information to be authenticated, and refer to the following description specifically.
In this embodiment, the authorization control device and the second server may communicate through a wired connection, such as a network connection, or may communicate through a wireless network, such as a mobile network, an intra-cell local area network, and the like.
In this embodiment, the stored identity information of the target user is used to perform the first authentication on the identity information to be authenticated, which may be implemented as follows: and judging whether the stored identity information of the target user is consistent with the identity information to be authenticated, if so, passing the first authentication, and if not, failing to pass the first authentication.
In this embodiment, the second authentication of the location information to be authenticated by using the stored location information may be implemented as follows: and judging whether the stored position information is consistent with the position information to be authenticated, if so, passing the second authentication, and if not, failing to pass the second authentication.
In this embodiment, when the access control device is an access control device, the authorization execution operation may be as follows: and (5) unlocking the door lock.
In this embodiment, after receiving the location information sent by the client, the first server allocates a target user and sends the identity information of the target user to the second server, where the target user is a person (for example, a delivery person or a meal delivery person) who provides service for a client located in the location information, and when the target user arrives at a location where the authority control device is located, the authority control device places the first information carrier to be authenticated in a detection area of the authority control device, detects and reads the identity information to be authenticated, obtains the location information to be authenticated, and requests the second server to authenticate the target user, and if the authentication passes, performs an authorization operation. Therefore, in a cell provided with an access control (the access control is an access control device), even if a target user (such as a delivery person or a food delivery person and the like) does not have an access card of the cell, the scheme of the invention can be adopted to send the identity information of the target user to the second server through the first server, and the access control requests the second server to authenticate the target user, if the authentication is passed, the target user obtains authorization to enter the cell, on one hand, a client enjoying the service provided by the target user does not need to go out to open the access control for the target user, convenience is provided for the client, on the other hand, the target user obtains authorization to enter after the client enters the cell through the authentication of the second server, and the security is ensured.
As an optional implementation manner of this embodiment, to improve the security of the authorization operation, for example, the authorization control device is further configured to send a security processing instruction to the second server after the authorization operation is performed; the second server is further configured to receive the security processing instruction, delete the stored second information, or set the state of the second information to a failure state;
or, for example, the second server is further configured to delete the stored second information or set the state of the second information to be a failure state after the first authentication and the second authentication pass.
In the embodiment, after the current authentication or authorization operation is executed, the stored second information is deleted, so that the second information cannot be used any more for the next authentication or authorization in the subsequent process, or the state of the second information is set to be a failure state, that is, the second information is failed after being used for the operation of one authentication and authorization, and then the second information cannot be used again for the next authentication or authorization, thereby preventing the second information from being illegally used again for the authentication and authorization in the subsequent process.
As an optional implementation manner of this embodiment, to further ensure the security of the authorization operation, and may further set an age for the authorization operation, for example, the authorization control device is specifically configured to determine whether a time when a time count arrives exceeds a specified time after receiving the authentication pass response, and if not, execute the authorization operation, where the time count is started after the authorization control device sends an authentication request to the second server. For example, the time when the authorization control device sends the authentication request to the second server is 9 am, the time measurement is started at this time, the predetermined time may be set to 12 am, if the time when the authorization control device measures the time does not exceed 12 am when the authentication passing response sent by the second server is received, the authorization operation is allowed to be executed, and if the time exceeds 12 am, the authorization operation is not executed even if the authentication passing response is received.
As an optional implementation manner of this embodiment, the authority control device is specifically configured to obtain location information of the authority control device itself, where the location information of the authority control device itself is the location information to be authenticated. In the embodiment, the authority control device does not need to acquire the position information to be authenticated from the outside, and the scheme is simple. After the authority control device reads the identity information, the target user is shown to reach the position of the authority control device, so that the position information of the authority control device can be used for representing the position of the target user, namely being used as the position information to be authenticated, and the position information is sent to a second server by the authority control device for second authentication.
As an optional implementation manner of this embodiment, the authority control device is specifically configured to detect that a second information carrier to be authenticated enters a detection range, and read second information to be authenticated from the second information carrier to be authenticated, where the second information to be authenticated includes: location information to be authenticated. In this embodiment, the authorization control device obtains the location information to be authenticated by reading the second information carrier to be authenticated, which carries the location information externally. It should be noted that, in this embodiment, when both the first information carrier to be authenticated and the second information carrier to be authenticated carry the identity information and the location information of the target user, the first information carrier to be authenticated and the second information carrier to be authenticated may be the same carrier, for example, both the first information carrier to be authenticated and the second information carrier to be authenticated are order graphic codes or order bar codes, and when the order graphic codes or the order bar codes carry the identity information and the location information of the target user, the authority control device may obtain the identity information of the target user and may also obtain the location information by scanning the codes. Of course, the first information carrier to be authenticated and the second information carrier to be authenticated may be different carriers, for example, the first information carrier to be authenticated is an identity card of a target user, the second information carrier to be authenticated is an order graphic code or an order barcode, and the order graphic code or the order barcode carries location information.
As an optional implementation manner of this embodiment, the authority control device is further configured to send the identity information to be authenticated to the client after receiving the authentication pass response. In this embodiment, the authorization control device receives the authentication pass response, which indicates that the to-be-authenticated identity information is consistent with the identity information of the target user, at this time, the authorization control device sends the to-be-authenticated identity information (that is, the identity information of the target user) to the client, so that the client can prompt the client that the target user passes the authorization, for example, after the entrance guard receives the authentication pass response, the entrance guard sends the identity information of the courier to the client, so that the client can prompt the courier that the courier passes the authentication, and delivery of goods is to be performed.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (14)
1. A method for data interaction, comprising:
the method comprises the steps that a first server receives first information sent by a client, wherein the first information comprises position information;
the first server allocates a target user for the position information, and determines identity information of the target user, wherein the identity information of the target user comprises: identity card information or biometric information, wherein the identity card information is read from an identity card of the target user, and second information is sent to a second server, and the second information comprises: the location information and the identity information of the target user;
the second server receives the second information and stores the second information;
the authority control device detects that a first information carrier to be authenticated enters a detection range, and reads first information to be authenticated from the first information carrier to be authenticated, wherein the first information to be authenticated comprises: identity information to be authenticated, wherein the identity information to be authenticated comprises identity card information under the condition that the first information carrier to be authenticated is an identity card; under the condition that the first information carrier to be authenticated is biological characteristics, the identity information to be authenticated comprises biological characteristic information;
the authority control device acquires the position information to be authenticated and sends an authentication request to the second server, wherein the authentication request comprises: the position information to be authenticated and the identity information to be authenticated;
the second server receives the authentication request, performs first authentication on the identity information to be authenticated by using the stored identity information of the target user, performs second authentication on the position information to be authenticated by using the stored position information, and sends an authentication passing response to the authority control device after the first authentication and the second authentication pass;
and the authority control device receives the authentication passing response and executes authorization operation.
2. The method of claim 1, further comprising: after the authority control device executes authorization operation, sending a security processing instruction to the second server; the second server receives the safety processing instruction, deletes the stored second information or sets the state of the second information as a failure state;
or the second server deletes the stored second information or sets the state of the second information to be a failure state after the first authentication and the second authentication pass.
3. The method according to claim 1, wherein the right control device acquires the location information to be authenticated, and comprises:
the authority control device acquires the position information of the authority control device, and the position information of the authority control device is the position information to be authenticated.
4. The method according to claim 1, wherein the right control device acquires the location information to be authenticated, and comprises:
the authority control device detects that a second information carrier to be authenticated enters a detection range, and reads second information to be authenticated from the second information carrier to be authenticated, wherein the second information to be authenticated comprises: location information to be authenticated.
5. The method according to any one of claims 1-4, wherein the authorization control device receives the authentication pass response and performs an authorization operation, comprising: and after receiving the authentication passing response, the authority control device judges whether the time reached by timing exceeds a specified time or not, and if not, the authority control device executes authorization operation, wherein the timing is started after the authority control device sends an authentication request to the second server.
6. The method according to any one of claims 1 to 4, wherein the first information carrier to be authenticated is an identity card, a graphic code carrying identity information, a bar code carrying identity information, or a biometric feature.
7. The method according to any one of claims 1-4, further comprising: and after receiving the authentication passing response, the authority control device sends the identity information to be authenticated to the client.
8. A data interaction system, comprising:
the first server is used for receiving first information sent by a client, wherein the first information comprises position information; allocating a target user to the position information, and determining the identity information of the target user, wherein the identity information of the target user comprises: identity card information or biometric information, wherein the identity card information is read from an identity card of the target user, and second information is sent to a second server, and the second information comprises: the location information and the identity information of the target user;
the second server is used for receiving the second information and storing the second information;
the authority control device is used for detecting that the first information carrier to be authenticated enters a detection range, and reading the first information to be authenticated from the first information carrier to be authenticated, wherein the first information to be authenticated comprises: identity information to be authenticated, wherein the identity information to be authenticated comprises identity card information under the condition that the first information carrier to be authenticated is an identity card; under the condition that the first information carrier to be authenticated is biological characteristics, the identity information to be authenticated comprises biological characteristic information; obtaining the position information to be authenticated, and sending an authentication request to the second server, wherein the authentication request comprises: the position information to be authenticated and the identity information to be authenticated;
the second server is further configured to receive the authentication request, perform first authentication on the identity information to be authenticated by using the stored identity information of the target user, perform second authentication on the location information to be authenticated by using the stored location information, and send an authentication passing response to the permission control device after both the first authentication and the second authentication pass;
and the authority control device is also used for receiving the authentication passing response and executing the authorization operation.
9. The system of claim 8, wherein the authorization control device is further configured to send a security processing instruction to the second server after performing the authorization operation; the second server is further configured to receive the security processing instruction, delete the stored second information, or set the state of the second information to a failure state;
or the second server is further configured to delete the stored second information or set the state of the second information to be a failure state after the first authentication and the second authentication pass.
10. The system of claim 8,
the authority control device is specifically configured to obtain position information of the authority control device itself, where the position information of the authority control device itself is the to-be-authenticated position information.
11. The system of claim 8,
the authority control device is specifically configured to detect that a second information carrier to be authenticated enters a detection range, and read second information to be authenticated from the second information carrier to be authenticated, where the second information to be authenticated includes: location information to be authenticated.
12. The system according to any one of claims 8 to 11, wherein the authorization control device is specifically configured to determine whether a time that is reached after receiving the authentication pass response exceeds a predetermined time, and if not, perform an authorization operation, wherein the time is started after the authorization control device sends an authentication request to the second server.
13. The system according to any one of claims 8 to 11, wherein the first information carrier to be authenticated is an identity card, a graphic code carrying identity information, a bar code carrying identity information, or a biometric feature.
14. The system according to any one of claims 8 to 11, wherein the right control device is further configured to send the identity information to be authenticated to the client after receiving the authentication pass response.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611059517.3A CN107231340B (en) | 2016-11-25 | 2016-11-25 | Data interaction method and system |
| PCT/CN2017/107611 WO2018095184A1 (en) | 2016-11-25 | 2017-10-25 | Data interaction method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611059517.3A CN107231340B (en) | 2016-11-25 | 2016-11-25 | Data interaction method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107231340A CN107231340A (en) | 2017-10-03 |
| CN107231340B true CN107231340B (en) | 2020-05-15 |
Family
ID=59932925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611059517.3A Active CN107231340B (en) | 2016-11-25 | 2016-11-25 | Data interaction method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107231340B (en) |
| WO (1) | WO2018095184A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107231340B (en) * | 2016-11-25 | 2020-05-15 | 天地融科技股份有限公司 | Data interaction method and system |
| CN111859324B (en) * | 2020-07-16 | 2024-03-15 | 北京百度网讯科技有限公司 | Authorization method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103810552A (en) * | 2012-11-09 | 2014-05-21 | 西安景行数创信息科技有限公司 | Snack industry meal serving scheduling system |
| CN105095978A (en) * | 2015-09-30 | 2015-11-25 | 张华� | Ordering method and device based on two-dimension code and door control system |
| CN105528816A (en) * | 2014-09-28 | 2016-04-27 | 中国移动通信集团辽宁有限公司 | Intelligent gate inhibition realization method, terminal, gate inhibition identification apparatus and user authorization service center |
| CN105741395A (en) * | 2016-02-03 | 2016-07-06 | 慧锐通智能科技股份有限公司 | Entrance guard access method and system based on two-dimension code and face identification |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102137077A (en) * | 2010-01-26 | 2011-07-27 | 凹凸电子(武汉)有限公司 | Access control system and method for controlling access right by using computer system |
| CN103281223B (en) * | 2013-05-15 | 2016-05-25 | 五邑大学 | A kind of modern intelligent household security system |
| CN104637131B (en) * | 2013-11-15 | 2019-02-26 | 腾讯科技(深圳)有限公司 | A kind of access control system authorization method, device and access control system |
| CN103886666A (en) * | 2014-04-17 | 2014-06-25 | 深圳智慧物业科技开发有限公司 | Property management system |
| CN104217478B (en) * | 2014-08-13 | 2016-06-08 | 重庆特斯联智慧科技股份有限公司 | Hotel's control of bluetooth access intelligent management |
| CN105516060A (en) * | 2014-09-25 | 2016-04-20 | 宇龙计算机通信科技(深圳)有限公司 | Entrance guard system, terminal, cloud server and safety strategy setting method |
| CN104732626B (en) * | 2015-01-22 | 2017-12-12 | 西安酷派软件科技有限公司 | Gate inhibition's authorization management method and system |
| CN104732668B (en) * | 2015-04-14 | 2019-06-11 | 胥达 | A kind of express delivery SRU sending-receiving unit and receiving-transmitting method |
| CN105225319A (en) * | 2015-10-13 | 2016-01-06 | 贵州朗盛科技股份有限公司 | A kind of gate control system with information collection function |
| CN105427409B (en) * | 2015-10-29 | 2018-08-24 | 东莞酷派软件技术有限公司 | A kind of gate inhibition's unlocking method and mobile terminal |
| CN107231340B (en) * | 2016-11-25 | 2020-05-15 | 天地融科技股份有限公司 | Data interaction method and system |
-
2016
- 2016-11-25 CN CN201611059517.3A patent/CN107231340B/en active Active
-
2017
- 2017-10-25 WO PCT/CN2017/107611 patent/WO2018095184A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103810552A (en) * | 2012-11-09 | 2014-05-21 | 西安景行数创信息科技有限公司 | Snack industry meal serving scheduling system |
| CN105528816A (en) * | 2014-09-28 | 2016-04-27 | 中国移动通信集团辽宁有限公司 | Intelligent gate inhibition realization method, terminal, gate inhibition identification apparatus and user authorization service center |
| CN105095978A (en) * | 2015-09-30 | 2015-11-25 | 张华� | Ordering method and device based on two-dimension code and door control system |
| CN105741395A (en) * | 2016-02-03 | 2016-07-06 | 慧锐通智能科技股份有限公司 | Entrance guard access method and system based on two-dimension code and face identification |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018095184A1 (en) | 2018-05-31 |
| CN107231340A (en) | 2017-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107230265B (en) | Data interaction method and system | |
| AU2016273888B2 (en) | Controlling physical access to secure areas via client devices in a networked environment | |
| CA2924381C (en) | Access control using portable electronic devices | |
| US9286741B2 (en) | Apparatus and method for access control | |
| US10163288B2 (en) | Access control using portable electronic devices | |
| US11205312B2 (en) | Applying image analytics and machine learning to lock systems in hotels | |
| CN109074693B (en) | Virtual panel for access control system | |
| EP3659123A1 (en) | Remote access authentication and authorization | |
| AU2017362156A1 (en) | System, methods and software for user authentication | |
| CN109360314A (en) | Reserve access method, system, computer equipment and storage medium | |
| US10115243B2 (en) | Near field communication system | |
| KR102387126B1 (en) | Security Control System for Granting Access and Security Control Method Thereof | |
| CN108694760B (en) | Access control card issuing method, access control card management method, visitor system and self-service terminal | |
| US10867290B2 (en) | Automated transaction machine with associated beacon | |
| CN107231404B (en) | Data interaction method and system | |
| CN103971039B (en) | Access control system and method with GPS location verification | |
| CN109887134A (en) | A kind of cell legal power safety control system | |
| JP2002041469A (en) | System and method for managing electronic equipment | |
| CN107231340B (en) | Data interaction method and system | |
| US20190084794A1 (en) | Elevator request authorization system | |
| WO2021019508A1 (en) | Property management systems | |
| JP2020115247A (en) | Unlocking system for auto-locking door | |
| JP2011002918A (en) | Security management system | |
| JP5937276B1 (en) | Visitor authentication system and visitor authentication method | |
| US20180114005A1 (en) | System and method for managing identity information stored in a cloud server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |