CN107578517A - High-level security access control system and system - Google Patents
High-level security access control system and system Download PDFInfo
- Publication number
- CN107578517A CN107578517A CN201710905402.XA CN201710905402A CN107578517A CN 107578517 A CN107578517 A CN 107578517A CN 201710905402 A CN201710905402 A CN 201710905402A CN 107578517 A CN107578517 A CN 107578517A
- Authority
- CN
- China
- Prior art keywords
- access control
- authentication
- current
- control module
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention relates to a kind of high-level security access control system, including current handheld terminal, certificate server, security protection server, re-authentication server, access control module, it is described current to be suitable to first establish incidence relation with access control module with handheld terminal wherein when current;Then, described pass through is suitable to complete initial authentication by certificate server again with handheld terminal, and sends current ask to security protection server by certificate server;Then, the re-authentication server carries out re-authentication to current request by the access control module, and in re-authentication by rear, then clearance is carried out by the security protection server controls access control module and operated.
Description
Technical field
The present invention relates to a kind of safety means, more particularly to a kind of high-level security access control system applied to mobile terminal
And its method of work.
Background technology
At present, safety-protection system is often arranged for enterprises and institutions, traditional safety-protection system is carried out by an IC-card
Read, authentication can be either carried out by way of fingerprint or password.
But for high level security protection, there is very big leak in above-mentioned authentication mode, easily by illegal invasion.
The content of the invention
In order to solve the above problems, it is an object of the invention to provide a kind of high-level security access control system and system, to carry
The security that high gate inhibition passes through.
The technical solution adopted for the present invention to solve the technical problems is:
Present embodiments provide a kind of high-level security access control system, including current handheld terminal, certificate server, security protection clothes
Business device, re-authentication server, access control module, wherein
It is described current to be suitable to first establish incidence relation with access control module with handheld terminal when current;
Then, described pass through is suitable to complete initial authentication by certificate server again with handheld terminal, and passes through certificate server
Current request is sent to security protection server;Then, the re-authentication server is asked by the access control module to current
Seek carry out re-authentication, and in re-authentication by rear, then let pass by the security protection server controls access control module
Operation.
Further, when current, it is described it is current be suitable to first establish incidence relation with access control module with handheld terminal, i.e.,
The access control module is suitable to be associated by near-field communication with handheld terminal with current, and sets association effective
Phase, receive the current random number for dummy authentication sent with handheld terminal;Then, the access control module and current hand
Hold terminal to disconnect so that both are in different network environments.
Further, the current request generates for certificate server according to the personal information of current handheld terminal.
Further, when current, the re-authentication server is carried out by the access control module to current request
Re-authentication, i.e.,
Judge whether in the term of validity, when in the term of validity, access control module receives and comes from re-authentication server
Re-authentication request, wherein, the re-authentication request for re-authentication server according to intercept and capture certificate server be sent to security protection
The current request generation of server.
Further, the current use handheld terminal is communicated with certificate server based on first network;And
The access control module is communicated with re-authentication server using the second network, and wherein second network is security protection
The designated lane of server.
Further, when current, the access control module is suitable to select authentication mode according to user's request, and gives birth to automatically
Re-authentication server is sent into the data for certification, and by itself and authentication mode, random number;
The re-authentication server is suitable to secondary to the progress of gate inhibition's control module according to the data and authentication mode for being used for certification
Certification, and to random number without operation;Wherein
Data and random number for certification are separate.
Further, in re-authentication by rear, then clearance behaviour carried out by the security protection server controls access control module
Make, i.e.,
When re-authentication by after, the current request is forwarded to security protection server by the re-authentication server, then by institute
State security protection server controls access control module and carry out clearance operation.
Further, the access control module is suitable to be associated by near-field communication with handheld terminal with current, is
It is current to establish binary channels using near-field communication with handheld terminal and access control module and be mutually authenticated, wherein, incidence relation
Only it is stored in access control module.
Another aspect, the present embodiment additionally provide a kind of method of work of high-level security access control system.
Wherein, the high-level security access control system include current handheld terminal, certificate server, security protection server,
Re-authentication server, and access control module.
Further, it is described current to be suitable to first establish incidence relation with access control module with handheld terminal when current;
Then, described pass through is suitable to complete initial authentication by certificate server again with handheld terminal, and passes through certificate server
Current request is sent to security protection server;Then, the re-authentication server is asked by the access control module to current
Seek carry out re-authentication, and in re-authentication by rear, then let pass by the security protection server controls access control module
Operation.
The invention has the advantages that high-level security access control system provided by the invention and its method of work, current
During, being mutually authenticated between distinct device is realized based on three kinds of communication protocols, that is, has used different passages to be authenticated,
It is effectively prevented safety problem existing for same passage;It is proposed to carry out dummy authentication using random number simultaneously, can be effectively right
Hacker is disturbed, and improves the security of certification.
Brief description of the drawings
The present invention is further described with reference to the accompanying drawings and examples.
Fig. 1 is the theory diagram of the preferred embodiments of the present invention.
Embodiment
In conjunction with the accompanying drawings, the present invention is further explained in detail.These accompanying drawings are simplified schematic diagram, only with
Illustration illustrates the basic structure of the present invention, therefore it only shows the composition relevant with the present invention.
Embodiment 1
As shown in figure 1, the theory diagram of the preferred embodiments of the present invention.
In daily life, the invention provides a kind of high-level security access control system, it includes:It is current whole with holding
End, certificate server, security protection server, re-authentication server, access control module.
It is described current to be suitable to first establish incidence relation with access control module with handheld terminal when current;Then, it is described
It is current to be suitable to complete initial authentication by certificate server again with handheld terminal, and sent out by certificate server to security protection server
Send current request;Then, the re-authentication server carries out re-authentication by the access control module to current request,
And in re-authentication by rear, then clearance is carried out by the security protection server controls access control module and operated.
The access control module is connected with gate inhibition's motor drive mechanism, for being turned on and off for access control.
Specifically, when current, access control module is associated with current with handheld terminal by near-field communication, and is set
Be set effective the phase, and receive the current random number for dummy authentication sent with handheld terminal, then access control module at once with
It is current to be disconnected with handheld terminal so that both are in different network environments;Now, although the random number sent,
It is in follow-up verification process, user can not select random number to be authenticated as needed, but still send random number,
So that in current handheld terminal when by attacking, attack can be interfered, improve security.Wherein, it is described
Be associated as it is current establish binary channels using near-field communication with handheld terminal and access control module and be mutually authenticated, near-field communication
Bluetooth or radio-frequency communication mode can be used.
When current, judge whether in the term of validity, when in the term of validity, access control module, which receives, comes from two
The re-authentication request of secondary certificate server, wherein, re-authentication request takes for re-authentication server according to certification is intercepted and captured
Business device is sent to the current request generation of security protection server;Of the current request for certificate server according to current handheld terminal
People's information generates, and it with handheld terminal is terminal that authenticated service device initial authentication passes through that this is current;If not before the deadline,
Access control module is then alarmed, it may be necessary to is associated again, the term of validity, which is user, to be configured according to being actually needed.And
And the incidence relation of foundation is only stored in access control module, current handheld terminal is effectively prevented without preserving
Hacker ensure that the independence of interchannel by the current information that access control module is obtained with handheld terminal.
The setting time of the above-mentioned term of validity can be shorter, improves the traffic efficiency of personnel.
Access control module receives the re-authentication request from re-authentication server, wherein, re-authentication request
The current request for being sent to security protection server according to intercepting and capturing certificate server for re-authentication server generates;The current request is to recognize
Demonstrate,prove server to be generated according to the personal information of current handheld terminal, it is that authenticated service device is recognized for the first time that this, which passes through with handheld terminal,
Demonstrate,prove the terminal passed through.Wherein, initial authentication can be but not limited to authentication modes such as static password, dynamic password, fingerprint etc. and recognize
One of card mode.
Wherein, the current use handheld terminal is communicated with certificate server based on first network, access control module and two
Secondary certificate server is communicated using the second network, and wherein second network is the designated lane of security protection server, is specially
Company's internal network, and it is different from first network;So that current handheld terminal, access control module are in different nets
In network environment, the isolation of network is realized, improves security.First network can be that current handheld terminal passes through WiFi etc.
Mode connects certificate server.
Access control module selects authentication mode according to user's request, and is automatically generated for the data of certification, and should
Data are sent to re-authentication server with authentication mode, the random number for dummy authentication, and re-authentication server is according to certification
Data and authentication mode carry out re-authentication to gate inhibition's control module, to random number without operation, wherein, the number for certification
According to unrelated with random number;Authentication mode is selected by user, can prevent hacker from obtaining authentication mode by other approach and causing to attack
Hit.Wherein, access control module can support the authentication modes such as static password, dynamic password, fingerprint, and user can select a variety of
Authentication mode.Moreover, in this process, user only needs to select authentication mode, and the information for certification is by access control module
Automatically generate, improve the convenience of operation.
Embodiment 2
On the basis of embodiment 1, the present embodiment 2 provides a kind of method of work of high-level security access control system.
The high-level security access control system includes current handheld terminal, certificate server, security protection server, secondary recognized
Demonstrate,prove server, and access control module;
It is described current to be suitable to first establish incidence relation with access control module with handheld terminal when current;
Then, described pass through is suitable to complete initial authentication by certificate server again with handheld terminal, and passes through certificate server
Current request is sent to security protection server;Then, the re-authentication server is asked by the access control module to current
Seek carry out re-authentication, and in re-authentication by rear, then let pass by the security protection server controls access control module
Operation.
Wherein, operation principle, method of work and the course of work of the high-level security access control system described in the present embodiment
Identical with the middle-and-high-ranking other security access control system of embodiment 1, here is omitted.
The invention has the advantages that high-level security access control system provided by the invention and its method of work, current
During, being mutually authenticated between distinct device is realized based on three kinds of communication protocols, that is, has used different passages to be authenticated,
It is effectively prevented safety problem existing for same passage;It is proposed to carry out dummy authentication using random number simultaneously, can be effectively right
Hacker is disturbed, and improves the security of certification, and during re-authentication, user only needs to select authentication mode, improves
The convenience of operation.
It is complete by above-mentioned description, relevant staff using the above-mentioned desirable embodiment according to the present invention as enlightenment
Various changes and amendments can be carried out without departing from the scope of the technological thought of the present invention' entirely.The technology of this invention
Property scope is not limited to the content on specification, it is necessary to determines its technical scope according to right.
Claims (10)
1. a kind of high-level security access control system, it is characterised in that including current handheld terminal, certificate server, security protection clothes
Business device, re-authentication server, access control module, wherein
It is described current to be suitable to first establish incidence relation with access control module with handheld terminal when current;
Then, described pass through is suitable to complete initial authentication by certificate server again with handheld terminal, and passes through certificate server
Current request is sent to security protection server;Then, the re-authentication server is asked by the access control module to current
Seek carry out re-authentication, and in re-authentication by rear, then let pass by the security protection server controls access control module
Operation.
2. high-level security access control system according to claim 1, it is characterised in that
When current, it is described it is current be suitable to first establish incidence relation with access control module with handheld terminal, i.e.,
The access control module is suitable to be associated by near-field communication with handheld terminal with current, and sets association effective
Phase, receive the current random number for dummy authentication sent with handheld terminal;Then, the access control module and current hand
Hold terminal to disconnect so that both are in different network environments.
3. high-level security access control system according to claim 2, it is characterised in that
The current request generates for certificate server according to the personal information of current handheld terminal.
4. high-level security access control system according to claim 3, it is characterised in that
When current, the re-authentication server carries out re-authentication by the access control module to current request, i.e.,
Judge whether in the term of validity, when in the term of validity, access control module receives and comes from re-authentication server
Re-authentication request, wherein, the re-authentication request for re-authentication server according to intercept and capture certificate server be sent to security protection
The current request generation of server.
5. high-level security access control system according to claim 4, it is characterised in that
The current use handheld terminal is communicated with certificate server based on first network;And
The access control module is communicated with re-authentication server using the second network, and wherein second network is security protection
The designated lane of server.
6. high-level security access control system according to claim 5, it is characterised in that
When current, the access control module is suitable to select authentication mode according to user's request, and is automatically generated for certification
Data, and itself and authentication mode, random number are sent to re-authentication server;
The re-authentication server is suitable to secondary to the progress of gate inhibition's control module according to the data and authentication mode for being used for certification
Certification, and to random number without operation;Wherein
Data and random number for certification are separate.
7. high-level security access control system according to claim 6, it is characterised in that
In re-authentication by rear, then clearance is carried out by the security protection server controls access control module and operated, i.e.,
When re-authentication by after, the current request is forwarded to security protection server by the re-authentication server, then by institute
State security protection server controls access control module and carry out clearance operation.
8. high-level security access control system according to claim 7, it is characterised in that
The access control module is suitable to be associated by near-field communication with handheld terminal with current, and as current use holds eventually
End and access control module are established binary channels using near-field communication and are mutually authenticated, wherein, incidence relation is only stored in gate inhibition
In control module.
9. a kind of method of work of high-level security access control system, it is characterised in that the high-level security access control system includes
Current handheld terminal, certificate server, security protection server, re-authentication server, and access control module.
10. method of work according to claim 1, it is characterised in that
It is described current to be suitable to first establish incidence relation with access control module with handheld terminal when current;
Then, described pass through is suitable to complete initial authentication by certificate server again with handheld terminal, and passes through certificate server
Current request is sent to security protection server;Then, the re-authentication server is asked by the access control module to current
Seek carry out re-authentication, and in re-authentication by rear, then let pass by the security protection server controls access control module
Operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710905402.XA CN107578517A (en) | 2017-09-29 | 2017-09-29 | High-level security access control system and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710905402.XA CN107578517A (en) | 2017-09-29 | 2017-09-29 | High-level security access control system and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107578517A true CN107578517A (en) | 2018-01-12 |
Family
ID=61038846
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710905402.XA Pending CN107578517A (en) | 2017-09-29 | 2017-09-29 | High-level security access control system and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107578517A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111815822A (en) * | 2020-07-20 | 2020-10-23 | 中国联合网络通信集团有限公司 | Unlocking method, terminal and intelligent door lock |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070226495A1 (en) * | 2006-03-22 | 2007-09-27 | Kim Sung H | Settlement method using a mobile terminal and system thereof |
CN101114901A (en) * | 2006-07-26 | 2008-01-30 | 联想(北京)有限公司 | Safety authentication system, apparatus and method for non-contact type wireless data transmission |
CN102571803A (en) * | 2012-01-19 | 2012-07-11 | 时代亿宝(北京)科技有限公司 | Method and system for protecting account, preventing order from being tampered and preventing fishing attack based on graphical two-dimensional code |
CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
-
2017
- 2017-09-29 CN CN201710905402.XA patent/CN107578517A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070226495A1 (en) * | 2006-03-22 | 2007-09-27 | Kim Sung H | Settlement method using a mobile terminal and system thereof |
CN101114901A (en) * | 2006-07-26 | 2008-01-30 | 联想(北京)有限公司 | Safety authentication system, apparatus and method for non-contact type wireless data transmission |
CN102571803A (en) * | 2012-01-19 | 2012-07-11 | 时代亿宝(北京)科技有限公司 | Method and system for protecting account, preventing order from being tampered and preventing fishing attack based on graphical two-dimensional code |
CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111815822A (en) * | 2020-07-20 | 2020-10-23 | 中国联合网络通信集团有限公司 | Unlocking method, terminal and intelligent door lock |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104641669B (en) | The device and method of control switching for the electronic access client in the case where not requiring network to access | |
US9762567B2 (en) | Wireless communication of a user identifier and encrypted time-sensitive data | |
CN109286932A (en) | Networking authentication method, apparatus and system | |
CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
CN104123506B (en) | Data access method, device, data encryption, storage and access method, device | |
CN205121680U (en) | Bluetooth lock system based on intelligent terminal | |
CN101741565A (en) | Method and system for transmitting IC (integrated circuit)-card application data | |
CN104202338A (en) | Secure access method applicable to enterprise-level mobile applications | |
WO2015162127A1 (en) | Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device | |
CN101488111A (en) | Identification authentication method and system | |
CN101807994A (en) | Method and system for application data transmission of IC card | |
CN108171831A (en) | A kind of bidirectional safe authentication method based on NFC mobile phone and smart lock | |
US20160381011A1 (en) | Network security method and network security system | |
CN101772024A (en) | User identification method, device and system | |
CN110932951B (en) | Intelligent household control method and device | |
CN102413146B (en) | Client authorized logon method based on dynamic codes | |
CN103596175A (en) | Mobile intelligent terminal certification system and method based on near field communication technology | |
CN105787319A (en) | Iris recognition-based portable terminal and method for same | |
CN107104968A (en) | Safety certifying method, system, terminal and the storage medium of portable finance device | |
CN104955043B (en) | A kind of intelligent terminal security protection system | |
CN102857913A (en) | Method and device for authenticating in safety channel establishing process as well as intelligent card and terminal | |
CN107578517A (en) | High-level security access control system and system | |
EP2965488B1 (en) | Method and system for preparing a communication between a user device and a server | |
CN103699853B (en) | A kind of intelligent SD card and control system thereof and method | |
CN102393886B (en) | Safety control method of mobile terminal, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180112 |