CN107978034B - Access control method and system, controller and terminal - Google Patents
Access control method and system, controller and terminal Download PDFInfo
- Publication number
- CN107978034B CN107978034B CN201610938406.3A CN201610938406A CN107978034B CN 107978034 B CN107978034 B CN 107978034B CN 201610938406 A CN201610938406 A CN 201610938406A CN 107978034 B CN107978034 B CN 107978034B
- Authority
- CN
- China
- Prior art keywords
- terminal
- route
- positioning information
- information
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
Abstract
The embodiment of the invention discloses an access control method and system, a controller and a terminal, wherein the controller acquires a current route of the terminal after receiving an access request sent by the terminal, judges whether the current route is legal or not, if the current route is legal, the possibility that the terminal is stolen is low, at the moment, the access control is carried out by using a verification method with low complexity, if the current route is illegal, the possibility that the terminal is stolen is high, at the moment, the access control is carried out by using the verification method with high complexity, and the security of the access control is improved.
Description
Technical Field
The invention relates to the technical field of security and protection, in particular to an access control method and system, a controller and a terminal.
Background
In the field of security technology, access control systems have been widely used. Generally, an access control system generally includes: a controller and a user information reading device. The user information reading device reads the user information and sends the read user information to the controller, the controller verifies whether the user information is legal or not, and if the user information is legal, the controller opens the door.
Generally, the user information may include various types, such as fingerprint information, voice information, password information, or access card information, etc. Correspondingly, there are various verification methods for the controller to verify whether the user information is legal, for example, a verification method for verifying whether the fingerprint information is legal, a verification method for verifying whether the voice information is legal, and the like. The more types of user information the controller authenticates, the more complex the authentication method becomes. For example, an authentication method that authenticates both fingerprint information and voice information is more complex than an authentication method that authenticates only fingerprint information.
With the increasing functions of the intelligent terminal, the user information reading device can read the user information by identifying the intelligent terminal. By applying the scheme, the user does not need to input fingerprints or voice or carry an access control card, and great convenience is brought to the user. However, if the intelligent terminal of the user is stolen by an illegal person, and the intelligent terminal obtained by the illegal person through stealing passes the verification of the access control system, the consequences are very serious. Therefore, this scheme is less secure.
Disclosure of Invention
The embodiment of the invention aims to provide an access control method and system, a controller and a terminal, and improve the security of access control.
In order to achieve the above object, an embodiment of the present invention discloses an access control method, which is applied to a controller in an access control system, and the method includes:
after receiving an access request sent by a terminal, acquiring a current route of the terminal;
judging whether the current route is legal or not;
if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
Optionally, the step of obtaining the current route of the terminal includes:
reading a current route stored in the terminal;
or reading the current route of the terminal stored in the server.
Optionally, before receiving an entry request sent by a terminal, the method may further include:
receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information comprises the current position information of the terminal;
the step of acquiring the current route of the terminal comprises:
and determining the current route of the terminal according to the N positioning information.
Optionally, the step of judging whether the current route is legal may include:
judging whether a historical route matched with the current route exists in historical routes stored in a database;
if yes, the current route is legal, and if not, the current route is illegal.
Optionally, the positioning information further includes a time corresponding to the current position information;
the database also stores the time corresponding to each historical position information in the historical route;
the step of determining whether there is a historical route matching the current route in the historical routes stored in the database may include:
determining each piece of current position information contained in the current route and corresponding time thereof;
determining each historical position information contained in each historical route and corresponding time thereof aiming at each historical route stored in the database;
matching the current position information and the corresponding time with each historical position information and the corresponding time;
and when the matching is successful, determining that the historical route is matched with the current route.
Optionally, the process of storing the historical route in the database may include:
and after the door corresponding to the access request is opened, storing the current route as a historical route in a database.
Optionally, the database further stores priorities corresponding to historical routes, and the step of performing access control by using the first type of verification method may include:
determining the priority corresponding to the historical route matched with the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
Optionally, the process of storing the priority corresponding to the historical route in the database may include:
determining each route group in the stored historical routes, wherein each historical route contained in the route group is matched with each other;
for each route group, determining the number of historical routes in the group;
and determining the priority of the group according to the determined number, and determining the priority of the group as the priority corresponding to each historical route in the group.
Optionally, the step of performing access control by using the first type of verification method may include:
outputting first prompt information, wherein the first prompt information comprises X types of user information;
after X types of user information respectively corresponding to the types of the X types of user information are received, verifying whether the received X types of user information are legal or not;
if the access request is legal, opening a door corresponding to the access request;
the step of performing access control by using the second type verification method may include:
outputting second prompt information, wherein the second prompt information comprises Y types of user information; wherein said Y is greater than said X;
after Y types of user information respectively corresponding to the types of the Y types of user information are received, verifying whether the received Y types of user information are legal or not;
and if the access request is legal, opening the door corresponding to the access request.
Optionally, the step of performing access control by using the first type of verification method may include:
and directly opening the door corresponding to the access request.
In order to achieve the above object, an embodiment of the present invention further discloses an access control method, which is applied to a terminal in an access control system, and the method includes:
sending an entry request to a controller in the system so that the controller acquires a current route of the terminal; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
Optionally, before the step of sending an entry request to a controller in the system, the method further includes:
recording positioning information according to a first preset rule; the positioning information comprises the current position information of the terminal, or the current position information of the terminal and the corresponding time; determining and storing the current route of the user according to the positioning information;
or sending the positioning information to a server according to a second preset rule, so that the server determines and stores the current route of the terminal according to the received positioning information.
Or sending positioning information to the controller according to a third preset rule; the positioning information includes the current position information of the terminal, or the current position information of the terminal and the corresponding time, so that the controller determines the current route of the terminal according to the received positioning information.
Optionally, the step of recording the positioning information according to the first preset rule may include:
when a positioning starting instruction is received or a preset moment is reached, recording a first piece of positioning information; after recording the first piece of positioning information, recording the positioning information according to a first preset sub-rule;
the step of sending the positioning information to the server according to the second preset rule comprises:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to a server; after the first piece of positioning information is sent, sending the positioning information to the server according to a second preset sub-rule;
the step of sending the positioning information to the controller according to a third preset rule includes:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to the controller; and after the first piece of positioning information is sent, sending the positioning information to the controller according to a third preset sub-rule.
Optionally, the step of sending the positioning information to the controller according to the first preset sub-rule may include:
recording positioning information according to a preset interval time period;
or, after receiving the positioning instruction, recording the positioning information;
the step of sending the positioning information to the server according to the second preset sub-rule comprises:
sending positioning information to the server according to a preset interval time period;
or after receiving a positioning instruction, sending positioning information to the server;
the step of sending the positioning information to the controller according to a third preset sub-rule comprises:
sending positioning information to the controller according to a preset interval time period;
or after receiving the positioning instruction, sending positioning information to the controller.
In order to achieve the above object, an embodiment of the present invention further discloses a controller in an access control system, where the controller includes: a communication unit and a processor, wherein,
the communication unit is used for receiving an access request sent by a terminal and acquiring a current route of the terminal;
the processor is used for judging whether the current route is legal or not; and is used for carrying on the entrance guard control with the first kind of verification method;
the system is also used for carrying out access control by utilizing a second type verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
Optionally, the processor includes: a judging module, a first control module and a second control module, wherein,
the judging module is used for judging whether the current route is legal or not; if yes, triggering the first control module, and if not, triggering the second control module;
the first control module is used for performing access control by using the first type of verification method;
and the second control module is used for controlling the entrance guard by using the second type verification method.
Optionally, the communication unit may be specifically configured to:
receiving an access request sent by a terminal; and reading the current route stored in the terminal, or reading the current route of the terminal stored in a server.
Optionally, the communication unit may be further configured to:
receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information comprises the current position information of the terminal;
and receiving an access request sent by the terminal, and determining the current route of the terminal according to the N positioning information.
Optionally, the determining module may be specifically configured to:
judging whether a historical route matched with the current route exists in historical routes stored in a database;
if yes, the current route is legal, and if not, the current route is illegal.
Optionally, the positioning information further includes a time corresponding to the current position information;
the database also stores the time corresponding to each historical position information in the historical route;
the determining module may be specifically configured to:
determining each piece of current position information contained in the current route and corresponding time thereof;
determining each historical position information contained in each historical route and corresponding time thereof aiming at each historical route stored in the database;
matching the current position information and the corresponding time with each historical position information and the corresponding time;
when the matching is successful, determining that the historical route is matched with the current route, and indicating that the current route is legal; if all historical routes stored in the database do not match the current route, the current route is not legal.
Optionally, the processor may further include:
and the storage module is used for storing the current route as a historical route into a database after the door corresponding to the access request is opened.
Optionally, the database further stores priorities corresponding to historical routes, and the first control module may be specifically configured to:
determining the priority corresponding to the historical route matched with the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
Optionally, the processor may further include:
the first determining module is used for determining each route group in the stored historical routes, wherein the historical routes contained in the route groups are matched with each other;
a second determining module, configured to determine, for each route group, a number of historical routes in the group;
and the third determining module is used for determining the priority of the group according to the determined number and determining the priority of the group as the priority corresponding to each historical route in the group.
Optionally, the first control module may be specifically configured to:
outputting first prompt information, wherein the first prompt information comprises X types of user information;
after X types of user information respectively corresponding to the types of the X types of user information are received, verifying whether the received X types of user information are legal or not;
if the access request is legal, opening a door corresponding to the access request;
the second control module may specifically be configured to:
outputting second prompt information, wherein the second prompt information comprises Y types of user information; wherein said Y is greater than said X;
after Y types of user information respectively corresponding to the types of the Y types of user information are received, verifying whether the received Y types of user information are legal or not;
and if the access request is legal, opening the door corresponding to the access request.
Optionally, the first control module may be specifically configured to:
and directly opening the door corresponding to the access request.
In order to achieve the above object, an embodiment of the present invention further discloses a terminal in an access control system, where the terminal includes:
the first sending module is used for sending an entering request to a controller in the system so that the controller can obtain the current route of the terminal; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
Optionally, the terminal may further include:
the recording module is used for recording the positioning information according to a first preset rule; the positioning information comprises the current position information of the terminal, or the current position information of the terminal and the corresponding time; determining and storing the current route of the user according to the positioning information;
or, the second sending module is configured to send the positioning information to a server according to a second preset rule, so that the server determines and stores the current route of the terminal according to the received positioning information;
or, the third sending module is configured to send the positioning information to the controller according to a third preset rule; the positioning information includes the current position information of the terminal, or the current position information of the terminal and the corresponding time, so that the controller determines the current route of the terminal according to the received positioning information.
Optionally, the first sending module may be specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, recording a first piece of positioning information; after recording the first piece of positioning information, recording the positioning information according to a first preset sub-rule;
the second sending module may be specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to a server; after the first piece of positioning information is sent, sending the positioning information to the server according to a second preset sub-rule;
the third sending module may be specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to the controller; and after the first piece of positioning information is sent, sending the positioning information to the controller according to a third preset sub-rule.
Optionally, the first sending module may be specifically configured to:
recording positioning information according to a preset interval time period;
or, after receiving the positioning instruction, recording the positioning information;
the second sending module may be specifically configured to:
sending positioning information to the server according to a preset interval time period;
or after receiving a positioning instruction, sending positioning information to the server;
the third sending module is specifically configured to:
sending positioning information to the controller according to a preset interval time period;
or after receiving the positioning instruction, sending positioning information to the controller.
In order to achieve the above object, an embodiment of the present invention further discloses an access control system, including: a terminal and a controller, wherein,
the terminal is used for sending an entering request to the controller;
the controller is used for acquiring the current route of the terminal after receiving the access request; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
Optionally, the controller reads a current route stored in the terminal;
or the controller receives N pieces of positioning information sent by the terminal, wherein N is greater than 1, and each piece of positioning information contains current position information of the terminal; and determining the current route of the terminal according to the N positioning information.
Optionally, the system further includes:
the server is used for receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information contains the current position information of the terminal; determining the current route of the terminal according to the N positioning information;
the controller reads a current route of the terminal stored in the server;
the server comprises a local server and/or a cloud server.
Alternatively, the controller may be provided in the server.
By applying the embodiment of the invention, the controller acquires the current route of the terminal after receiving the access request sent by the terminal, judges whether the current route is legal or not, if the current route is legal, the possibility that the terminal is stolen is low, at the moment, the access control is carried out by using the verification method with lower complexity, if the current route is illegal, the possibility that the terminal is stolen is high, at the moment, the access control is carried out by using the verification method with higher complexity, and the safety of the access control is improved.
Of course, it is not necessary for any product or method of practicing the invention to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of an access control method applied to a controller according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a first structure of a controller according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a second structure of a controller according to an embodiment of the present invention
Fig. 4 is a schematic view of an application scenario provided in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to solve the technical problem, embodiments of the present invention provide an access control method and system, a controller, and a terminal, where the access control method may be applied to the access control system. First, the access control method applied to the controller according to the embodiment of the present invention is described in detail below.
Fig. 1 is a schematic flow chart of an access control method applied to a controller according to an embodiment of the present invention, including:
s101: and after receiving an access request sent by a terminal, acquiring the current route of the terminal.
As an embodiment, the step of the controller acquiring the current route of the terminal may include: and reading the current route stored in the terminal. That is, the terminal may locally store its own current route, and the controller may directly read the current route stored in the terminal after receiving the entry request.
As another embodiment, the step of the controller acquiring the current route of the terminal may include: and reading the current route of the terminal stored in the server. That is, the terminal may transmit its own location information to the server, the server stores the current route of the terminal according to the location information of the terminal, and the controller may read the current route of the terminal stored in the server after receiving the entry request.
As another embodiment, before receiving an entry request sent by a terminal, a controller may receive N pieces of positioning information sent by the terminal, where N is greater than 1, and each piece of positioning information includes current location information of the terminal; and the controller determines the current route of the terminal according to the N pieces of positioning information.
That is, the terminal transmits its own location information to the controller, and the controller determines the current route of the terminal according to the received multiple location information of the terminal.
S102: and judging whether the current route is legal or not, if so, executing S103, and if not, executing S104.
Specifically, it may be determined whether a historical route matching the current route exists in the historical routes stored in the database; if yes, the current route is legal, and if not, the current route is illegal.
The database may be stored in the controller, in a server, or in another device communicatively coupled to the controller. Each time the controller opens the door corresponding to an access request, the current route of the terminal that sent the access request may be stored as a historical route in a database.
The controller opens the door corresponding to the access request, which indicates that the user corresponding to the terminal sending the access request is a legal user (because in the scheme, other verification methods are also used for access control, it is ensured that the door is opened only when the user corresponding to the terminal is a legal user), and the stored route is the route of the legal user, that is, the historical routes stored in the database are all routes of the legal user.
Therefore, if there is a history route matching the acquired current route of the terminal among the history routes stored in the database, it indicates that the acquired current route of the terminal is a route of a legitimate user, that is, indicates that the current route is legitimate; on the contrary, if the acquired current route of the terminal does not match all the historical routes stored in the database, the current route is not legal.
The historical route stored in the database matches the current route, and it is understood that the location information contained in the two routes is the same or similar. Such as: the current route is a-B-C-D-E, where A, B, C, D and E respectively represent a piece of location information, and the location information may be longitude and latitude, coordinate values in a map, or other, and is not limited herein. A historical route A-B-F-D-E is stored in the database, wherein F also represents position information, and the distance between C and F is within a preset threshold value, namely C and F are similar position information, in this case, the current route A-B-C-D-E is considered to be matched with the historical route A-B-F-D-E, namely, the historical route matched with the current route exists in the historical routes stored in the database.
In one embodiment, the positioning information may further include a time corresponding to the current position information;
correspondingly, the database also stores the time corresponding to each historical position information in the historical route;
in this embodiment, the determining whether there is a historical route matching the current route in the historical routes stored in the database may include:
determining each piece of current position information contained in the current route and corresponding time thereof;
determining each historical position information contained in each historical route and corresponding time thereof aiming at each historical route stored in the database;
matching the current position information and the corresponding time with each historical position information and the corresponding time;
and when the matching is successful, determining that the historical route is matched with the current route.
For example, suppose that the controller receives 5 pieces of positioning information sequentially sent by the terminal, which are: (a, a1), (B, B1), (C, C1), (D, D1) and (E, E1), wherein A, B, C, D and E respectively represent one piece of location information, the location information may be latitude and longitude, or may be coordinate values in a map, or may be other, and is not limited herein, and a1, B1, C1, D1 and E1 respectively represent time corresponding to the location information. That is, the user using the terminal is located at time a1, B at time B1, C at time C1, D at time D1, and E at time E1. The controller determines that the current route of the terminal is (a, a1) - (B, B1) - (C, C1) - (D, D1) - (E, E1). The time interval between A1 and B1 was 2 minutes, the time interval between B1 and C1 was 3 minutes, the time interval between C1 and D1 was 1 minute, and the time interval between D1 and E1 was 5 minutes.
A historical route of (A, A2) - (B, B2) - (F, F2) - (D, D2) - (E, E2) is stored in the database. Wherein, F also represents a position information, and the distance between C and F is within the preset threshold, that is, C and F are close position information. The time interval between A2 and B2 is 2 minutes and 2 seconds, the time interval between B2 and F2 is 3 minutes and 4 seconds, the time interval between F2 and D2 is 59 seconds, and the time interval between D2 and E2 is 5 minutes and 1 second.
When the historical route and the current route meet the following two requirements, the historical route is considered to be matched with the current route: 1. the position information contained in the historical route is the same as or similar to the position information contained in the current route; 2. the difference value between the time interval contained in the historical route and the corresponding time interval in the current route is smaller than the set threshold value.
Assuming that the set threshold is 30 seconds, the difference between the time interval between a1 and B1 (2 minutes) and the time interval between a2 and B2 (2 minutes and 2 seconds) is less than 30 seconds, the difference between the time interval between B1 and C1 (3 minutes) and the time interval between B2 and F2 (3 minutes and 4 seconds) is less than 30 seconds, the difference between the time interval between C1 and D1 (1 minute) and the time interval between F2 and D2 (59 seconds) is less than 30 seconds, and the difference between the time interval between D1 and E1 (5 minutes) and the time interval between D2 and E2 (5 minutes and 1 second) is less than 30 seconds.
Therefore, the current route (a, a1) - (B, B1) - (C, C1) - (D, D1) - (E, E1) and the historical routes (a, a2) - (B, B2) - (F, F2) - (D, D2) - (E, E2) satisfy the two requirements, and the two routes match, that is, there is a historical route matching the current route in the historical routes stored in the database.
S103: and performing access control by using a first type of verification method.
S104: and performing access control by using a second type verification method. Wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
As an implementation manner, the door corresponding to the access request can be directly opened by performing access control by using the first-type authentication method. That is, when the current route is judged to be legal, the door corresponding to the access request can be directly opened. It can be understood that if the current route of the terminal is judged to be legal, the terminal is indicated to be a legal user, the door can be directly opened, and other simpler verification methods can be used for access control.
Specifically, S103 may include:
outputting first prompt information, wherein the first prompt information comprises X types of user information;
after X types of user information respectively corresponding to the types of the X types of user information are received, verifying whether the received X types of user information are legal or not;
if the access request is legal, opening a door corresponding to the access request;
s104 may include:
outputting second prompt information, wherein the second prompt information comprises Y types of user information; wherein said Y is greater than said X;
after Y types of user information respectively corresponding to the types of the Y types of user information are received, verifying whether the received Y types of user information are legal or not;
and if the access request is legal, opening the door corresponding to the access request.
It can be understood that, when the controller performs access control, the controller first outputs prompt information, which may be voice information, text information, or other information. For example, the voice "please enter the fingerprint" or "please enter the fingerprint and input the password" is output. The words "please enter fingerprint" or "please enter fingerprint and enter password" etc. may also be displayed.
The prompt information includes the type of the user information, and the types of the user information, such as "fingerprint" and "password", are all types of the user information. Further, the more types of user information included in the prompt information, the higher the complexity of the authentication method. It will be appreciated that authentication methods that authenticate both fingerprint information and voice information are more complex than authentication methods that authenticate only fingerprint information.
The first type of authentication method is less complex than the second type of authentication method, and therefore the type of user information contained in the first prompt is less than the type of user information contained in the second prompt.
And after the user identifies the prompt information output by the controller, inputting user information corresponding to the prompt information into the controller. For example, after hearing the voice "please enter a fingerprint", the user inputs his fingerprint in the fingerprint entry area, or after seeing the displayed text "please enter a fingerprint and input a password", the user inputs his fingerprint in the fingerprint entry area and inputs a password in the password entry area.
And after receiving all the user information, the controller verifies whether the received user information is legal or not. Specifically, if the prompt information output by the controller is 'please enter a fingerprint', the controller receives the fingerprint input by the user and then judges whether the fingerprint is legal; if the prompt information output by the controller is 'please input a fingerprint and input a password', the controller receives the fingerprint and the password input by the user and then judges whether the fingerprint and the password are legal.
If all the user information is legal, the controller opens the door.
By applying the embodiment shown in fig. 1 of the invention, after receiving an access request sent by a terminal, a controller acquires a current route of the terminal, judges whether the current route is legal, if the current route is legal, the possibility that the terminal is stolen is low, at the moment, the access control is performed by using a verification method with low complexity, if the current route is illegal, the possibility that the terminal is stolen is high, at the moment, the access control is performed by using a verification method with high complexity, and the security of the access control is improved.
As an embodiment of the present invention, the database may further store priorities corresponding to historical routes, and there are a plurality of first-type verification methods, and the correspondence between the priorities and the first-type verification methods is preset, and the higher the priority is, the simpler the corresponding first-type verification method may be.
In this embodiment, the performing access control by using the first type of verification method may include:
determining the priority corresponding to the historical route matched with the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
It will be appreciated that a plurality of historical routes are stored in the database, some historical routes being commonly used by users, such as routes that users have traveled to and from work, and some historical routes being non-commonly used by users, such as routes that users have occasionally taken.
If the obtained current route of the terminal is matched with the common route of the user, the probability that the user using the terminal is a legal user is high, and the access control is performed by using a simpler first-class verification method. On the contrary, if the acquired current route of the terminal is matched with the route which is not commonly used by the user, the probability that the user using the terminal is a legal user is not very high, and a first-class complicated verification method is utilized for access control.
Specifically, the process of storing the priority corresponding to the historical route in the database may include:
determining each route group in the stored historical routes, wherein each historical route contained in the route group is matched with each other;
for each route group, determining the number of historical routes in the group;
and determining the priority of the group according to the determined number, and determining the priority of the group as the priority corresponding to each historical route in the group.
It can be understood that the user common route is a route with a higher user usage frequency, that is, the number of the user common routes in the database is higher. Therefore, in the history routes stored in the database, history routes matching with each other can be divided into a route group, and matching with each other indicates that the routes are the same or close. The greater the number of historical routes contained in the route group, the higher the frequency of use of the route, and therefore, the higher the priority of the route group should be.
For example, assume that 3 route groups are determined, where route group 1 includes 15 historical routes, all A-B-C-D, route group 2 includes 7 historical routes, all A-E-F-D, and route group 3 includes 3 historical routes, all A-G-D. The priority in route group 1 is set to be the highest (assumed to be priority 1), the priority of route group 2 is the next (assumed to be priority 2), and the priority of route group 3 is the lowest (assumed to be priority 3). That is, historical route A-B-C-D has the highest priority, historical route A-E-F-D has the second highest priority, and historical route A-G-D has the lowest priority.
The first type of authentication method corresponding to priority 1 is the simplest, for example, direct door opening. The first type of authentication method corresponding to priority 2 may be: the door is opened after the user enters the correct password. The first type of authentication method corresponding to priority 3 may be: and opening the door after the user inputs the correct password and the correct fingerprint.
By applying the embodiment, the first type verification method is further subdivided based on the use frequency of the current route of the terminal, and the safety of access control is more reasonably improved.
The embodiment of the invention also provides an access control method applied to the terminal, which comprises the following steps:
sending an entry request to a controller in the system so that the controller acquires a current route of the terminal; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
As an embodiment, before sending the entry request to the controller, the terminal may record positioning information according to a first preset rule, where the positioning information includes current location information of the terminal, or current location information of the terminal and a time corresponding to the current location information. Then, the terminal determines and stores the current route of the terminal according to the recorded positioning information, so that after the terminal sends an entering request to the controller, the controller can read the current route stored in the terminal and perform the subsequent steps.
Specifically, the step of recording, by the terminal, the positioning information according to the first preset rule may include:
when a positioning starting instruction is received or a preset moment is reached, recording a first piece of positioning information; after recording the first piece of positioning information, recording the positioning information according to a first preset sub-rule.
For example, suppose that a user using the terminal sends a positioning starting instruction to the terminal after going off the work, and the terminal records the first piece of positioning information after receiving the positioning starting instruction, as described above, the positioning information may only include the current position information of the terminal, and may also include the current position information of the terminal and the time corresponding to the current position information.
Or, when the preset time is reached, the terminal records the first piece of positioning information. For example, a user using the terminal is in the afternoon at 5 pm, and the terminal records the first piece of positioning information at 5 pm.
After recording the first piece of positioning information, the terminal may record the positioning information according to a preset interval time period, where the preset interval time periods may be the same or different. For example, the terminal may record the positioning information every 2 minutes, or may record the positioning information every 2 minutes, every 3 minutes for the first time, every 5 minutes for the third time, and so on, and the interval time period may be set according to the actual situation.
Or, after the terminal records the first piece of positioning information, that is, after the user using the terminal goes home from work, the terminal may trigger the positioning instruction according to the actual situation, and after receiving the positioning instruction, the terminal records the positioning information.
As another embodiment, before sending the entry request to the controller, the terminal may send, according to a second preset rule, positioning information to the server, where the positioning information includes current location information of the terminal, or current location information of the terminal and a time corresponding to the current location information. And the server determines and stores the current route of the terminal according to the received positioning information. Thus, after the terminal sends an entry request to the controller, the controller can read the current route stored in the server and perform the subsequent steps.
Specifically, the step of sending, by the terminal, the positioning information to the server according to the second preset rule may include:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to a server; and after the first piece of positioning information is sent, sending the positioning information to the server according to a second preset sub-rule.
For example, suppose that a user using the terminal sends a positioning starting instruction to the terminal after going off the work, and the terminal sends a first piece of positioning information to the server after receiving the positioning starting instruction, as described above, the positioning information may only include the current position information of the terminal, and may also include the current position information of the terminal and its corresponding time.
Or, when the preset time is reached, the terminal sends the first piece of positioning information to the server. For example, a user using the terminal is in the afternoon 5 o 'clock, and the terminal sends the first piece of positioning information to the server at the afternoon 5 o' clock.
After sending the first piece of positioning information to the server, the terminal may send the positioning information to the server according to a preset interval time period, where the preset interval time periods may be the same or different. For example, the terminal may send the positioning information to the server every 2 minutes, or may send the positioning information every 2 minutes, every 3 minutes for the first time, every 5 minutes for the third time, or the like, where the interval time period may be set according to an actual situation.
Or, after the terminal sends the first piece of positioning information, that is, after the user using the terminal goes home from work, the terminal may trigger a positioning instruction according to the actual situation, and after receiving the positioning instruction, the terminal sends the positioning information to the server.
As another embodiment, before sending the entry request to the controller, the terminal may send positioning information to the controller according to a third preset rule, where the positioning information includes current location information of the terminal, or current location information of the terminal and a time corresponding to the current location information. Thus, after the terminal sends an entry request to the controller, the controller can determine the current route of the terminal according to the received positioning information and perform the subsequent steps.
Specifically, the step of sending, by the terminal, the positioning information to the controller according to the third preset rule may include:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to the controller; and after the first piece of positioning information is sent, sending the positioning information to the controller according to a third preset sub-rule.
For example, suppose that a user using the terminal sends a positioning starting instruction to the terminal after going off the work, and the terminal sends a first piece of positioning information to the controller after receiving the positioning starting instruction, as described above, the positioning information may only include the current position information of the terminal, or may include the current position information of the terminal and its corresponding time.
Or, when the preset time is reached, the terminal sends the first piece of positioning information to the controller. Such as a user using the terminal at 5 pm, the terminal sends a first piece of location information to the controller at 5 pm.
After sending the first piece of positioning information to the controller, the terminal may send the positioning information to the controller according to a preset interval time period, where the preset interval time periods may be the same or different. For example, the terminal may send the positioning information to the controller every 2 minutes, or may send the positioning information for 2 minutes for the first time, 3 minutes for the second time, 5 minutes for the third time, and the like, and the interval time period may be set according to the actual situation.
Or, after the terminal sends the first piece of positioning information, that is, after the user using the terminal goes home from work, the terminal may trigger a positioning instruction according to the actual situation, and after receiving the positioning instruction, the terminal sends the positioning information to the controller.
By applying the embodiment of the invention, the terminal sends the access request to the controller, the controller acquires the current route of the terminal, judges whether the current route is legal or not, if the current route is legal, the possibility that the terminal is stolen is low, at the moment, the access control is carried out by using the verification method with low complexity, if the current route is illegal, the possibility that the terminal is stolen is high, at the moment, the access control is carried out by using the verification method with high complexity, and the safety of the access control is improved.
Corresponding to the method embodiment, the invention also provides a controller, a terminal and an access control system.
Fig. 2 is a schematic structural diagram of a first controller according to an embodiment of the present invention, including: a communication unit 201 and a processor 202, wherein,
a communication unit 201, configured to receive an entry request sent by a terminal, and obtain a current route of the terminal;
a processor 202, configured to determine whether the current route is legal; and is used for carrying on the entrance guard control with the first kind of verification method;
the system is also used for carrying out access control by utilizing a second type verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
On the basis of the embodiment shown in fig. 2 of the present invention, a controller provided in the embodiment of the present invention may also be shown in fig. 3, where in fig. 3, the processor 202 includes: a decision block 2021, a first control block 2022, and a second control block 2023, wherein,
a judging module 2021, configured to judge whether the current route is legal; if so, the first control module 2022 is triggered, and if not, the second control module 2023 is triggered;
the first control module 2022 is configured to perform access control by using a first type of verification method;
a second control module 2023, configured to perform access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
In this embodiment, the communication unit 201 may specifically be configured to:
receiving an access request sent by a terminal; and reading the current route stored in the terminal, or reading the current route of the terminal stored in a server.
In this embodiment, the communication unit 201 may further be configured to:
receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information comprises the current position information of the terminal;
and receiving an access request sent by the terminal, and determining the current route of the terminal according to the N positioning information.
In this embodiment, the determining module 2021 may specifically be configured to:
judging whether a historical route matched with the current route exists in historical routes stored in a database;
if yes, the current route is legal, and if not, the current route is illegal.
In this embodiment, the positioning information further includes a time corresponding to the current position information;
the database also stores the time corresponding to each historical position information in the historical route;
the determining module 2021 may specifically be configured to:
determining each piece of current position information contained in the current route and corresponding time thereof;
determining each historical position information contained in each historical route and corresponding time thereof aiming at each historical route stored in the database;
matching the current position information and the corresponding time with each historical position information and the corresponding time;
when the matching is successful, determining that the historical route is matched with the current route, and indicating that the current route is legal; if all historical routes stored in the database do not match the current route, the current route is not legal.
In this embodiment, the processor may further include:
and a storage module (not shown in the figure) for storing the current route as a historical route in a database after the door corresponding to the access request is opened.
In this embodiment, the database further stores priorities corresponding to historical routes, and the first control module 2022 may specifically be configured to:
determining the priority corresponding to the historical route matched with the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
In this embodiment, the processor further includes: a first determination module, a second determination module, and a third determination module (not shown in the figures), wherein,
the first determining module is used for determining each route group in the stored historical routes, wherein the historical routes contained in the route groups are matched with each other;
a second determining module, configured to determine, for each route group, a number of historical routes in the group;
and the third determining module is used for determining the priority of the group according to the determined number and determining the priority of the group as the priority corresponding to each historical route in the group.
In this embodiment, the first control module 2022 may specifically be configured to:
outputting first prompt information, wherein the first prompt information comprises X types of user information;
after X types of user information respectively corresponding to the types of the X types of user information are received, verifying whether the received X types of user information are legal or not;
if the access request is legal, opening a door corresponding to the access request;
the second control module 2023 may be specifically configured to:
outputting second prompt information, wherein the second prompt information comprises Y types of user information; wherein said Y is greater than said X;
after Y types of user information respectively corresponding to the types of the Y types of user information are received, verifying whether the received Y types of user information are legal or not;
and if the access request is legal, opening the door corresponding to the access request.
In this embodiment, the first control module 2022 may specifically be configured to:
and directly opening the door corresponding to the access request.
By applying the embodiment shown in fig. 3 of the invention, after receiving an access request sent by a terminal, a controller acquires a current route of the terminal, judges whether the current route is legal, if the current route is legal, the possibility that the terminal is stolen is low, at the moment, the access control is performed by using a verification method with low complexity, if the current route is illegal, the possibility that the terminal is stolen is high, at the moment, the access control is performed by using a verification method with high complexity, and the security of the access control is improved.
An embodiment of the present invention further provides a terminal in an access control system, including:
the first sending module is used for sending an entering request to a controller in the system so that the controller can obtain the current route of the terminal; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
In this embodiment, the terminal may further include:
the recording module is used for recording the positioning information according to a first preset rule; the positioning information comprises the current position information of the terminal, or the current position information of the terminal and the corresponding time; determining and storing the current route of the user according to the positioning information;
or, the second sending module is configured to send the positioning information to a server according to a second preset rule, so that the server determines and stores the current route of the terminal according to the received positioning information.
Or, the third sending module is configured to send the positioning information to the controller according to a third preset rule; the positioning information includes the current position information of the terminal, or the current position information of the terminal and the corresponding time, so that the controller determines the current route of the terminal according to the received positioning information.
In this embodiment, the first sending module may be specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, recording a first piece of positioning information; after recording the first piece of positioning information, recording the positioning information according to a first preset sub-rule;
the second sending module may be specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to a server; after the first piece of positioning information is sent, sending the positioning information to the server according to a second preset sub-rule;
the third sending module may be specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to the controller; and after the first piece of positioning information is sent, sending the positioning information to the controller according to a third preset sub-rule.
In this embodiment, the first sending module may be specifically configured to:
recording positioning information according to a preset interval time period;
or, after receiving the positioning instruction, recording the positioning information;
the second sending module may be specifically configured to:
sending positioning information to the server according to a preset interval time period;
or after receiving a positioning instruction, sending positioning information to the server;
the third sending module may be specifically configured to:
sending positioning information to the controller according to a preset interval time period;
or after receiving the positioning instruction, sending positioning information to the controller.
By applying the embodiment of the invention, the terminal sends the access request to the controller, the controller acquires the current route of the terminal, judges whether the current route is legal or not, if the current route is legal, the possibility that the terminal is stolen is low, at the moment, the access control is carried out by using the verification method with low complexity, if the current route is illegal, the possibility that the terminal is stolen is high, at the moment, the access control is carried out by using the verification method with high complexity, and the safety of the access control is improved.
An embodiment of the present invention further provides an access control system, including: a terminal and a controller, wherein,
the terminal is used for sending an entering request to the controller;
the controller is used for acquiring the current route of the terminal after receiving the access request; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
The application scenario may be as shown in fig. 4, where a user using a terminal may start positioning from a home starting point to obtain multiple pieces of positioning information. When the user arrives at home, the user uses the terminal to send an access request to the controller, the controller obtains the current route of the user according to each piece of positioning information and judges whether the current route is legal or not, if so, the first type of verification method is used for controlling access, and if not, the second type of verification method is used for controlling access; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method.
As an embodiment, the controller reads a current route stored in the terminal;
or the controller receives N pieces of positioning information sent by the terminal, wherein N is greater than 1, and each piece of positioning information contains current position information of the terminal; and determining the current route of the terminal according to the N positioning information.
As an embodiment, the system may further include:
the server is used for receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information contains the current position information of the terminal; determining the current route of the terminal according to the N positioning information;
the controller reads a current route of the terminal stored in the server;
the server may include a local server and/or a cloud server.
In the present embodiment, the controller may be provided in the server, or may be provided separately.
It should be noted that, when the server includes a local server and a cloud server, the local server may be integrated with the controller, and the cloud server may store the current route and the historical route of the terminal, that is, the database in the embodiment of the present invention may be stored in the cloud server, and may also be stored in the local server, which is not limited herein.
In this embodiment, the controller may be further configured to:
reading a current route stored in the terminal;
or reading the current route of the terminal stored in the server.
In this embodiment, the controller may be further configured to:
receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information comprises the current position information of the terminal;
the step of acquiring the current route of the terminal comprises:
and determining the current route of the terminal according to the N positioning information.
In this embodiment, the controller may be further configured to:
judging whether a historical route matched with the current route exists in historical routes stored in a database;
if yes, the current route is legal, and if not, the current route is illegal.
In this embodiment, the positioning information further includes a time corresponding to the current position information;
the database also stores the time corresponding to each historical position information in the historical route;
the controller may be further configured to:
determining each piece of current position information contained in the current route and corresponding time thereof;
determining each historical position information contained in each historical route and corresponding time thereof aiming at each historical route stored in the database;
matching the current position information and the corresponding time with each historical position information and the corresponding time;
and when the matching is successful, determining that the historical route is matched with the current route.
In this embodiment, the controller may be further configured to:
and after the door corresponding to the access request is opened, storing the current route as a historical route in a database.
In this embodiment, the database further stores priorities corresponding to historical routes, and the controller may be further configured to:
determining the priority corresponding to the historical route matched with the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
In this embodiment, the controller may be further configured to:
determining each route group in the stored historical routes, wherein each historical route contained in the route group is matched with each other;
for each route group, determining the number of historical routes in the group;
and determining the priority of the group according to the determined number, and determining the priority of the group as the priority corresponding to each historical route in the group.
In this embodiment, the controller may be further configured to:
under the condition that the current route is judged to be legal:
outputting first prompt information, wherein the first prompt information comprises X types of user information;
after X types of user information respectively corresponding to the types of the X types of user information are received, verifying whether the received X types of user information are legal or not;
if the access request is legal, opening a door corresponding to the access request;
under the condition that the current route is judged to be illegal:
outputting second prompt information, wherein the second prompt information comprises Y types of user information; wherein said Y is greater than said X;
after Y types of user information respectively corresponding to the types of the Y types of user information are received, verifying whether the received Y types of user information are legal or not;
and if the access request is legal, opening the door corresponding to the access request.
In this embodiment, the controller may be further configured to:
and under the condition that the current route is judged to be legal, directly opening the door corresponding to the access request.
In this embodiment, the terminal may further be configured to:
recording positioning information according to a first preset rule; the positioning information comprises the current position information of the terminal, or the current position information of the terminal and the corresponding time; determining and storing the current route of the user according to the positioning information;
or sending the positioning information to a server according to a second preset rule, so that the server determines and stores the current route of the terminal according to the received positioning information.
Or sending positioning information to the controller according to a third preset rule; the positioning information includes the current position information of the terminal, or the current position information of the terminal and the corresponding time, so that the controller determines the current route of the terminal according to the received positioning information.
In this embodiment, the terminal may further be configured to:
when a positioning starting instruction is received or a preset moment is reached, recording a first piece of positioning information; after recording the first piece of positioning information, recording the positioning information according to a first preset sub-rule;
or when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to the server; after the first piece of positioning information is sent, sending the positioning information to the server according to a second preset sub-rule;
or when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to the controller; and after the first piece of positioning information is sent, sending the positioning information to the controller according to a third preset sub-rule.
In this embodiment, the terminal may further be configured to:
recording positioning information according to a preset interval time period;
or, after receiving the positioning instruction, recording the positioning information;
or sending positioning information to the server according to a preset interval time period;
or after receiving a positioning instruction, sending positioning information to the server;
or sending positioning information to the controller according to a preset interval time period;
or after receiving the positioning instruction, sending positioning information to the controller.
By applying the embodiment of the invention, the controller acquires the current route of the terminal after receiving the access request sent by the terminal, judges whether the current route is legal or not, if the current route is legal, the possibility that the terminal is stolen is low, at the moment, the access control is carried out by using the verification method with lower complexity, if the current route is illegal, the possibility that the terminal is stolen is high, at the moment, the access control is carried out by using the verification method with higher complexity, and the safety of the access control is improved.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Those skilled in the art will appreciate that all or part of the steps in the above method embodiments may be implemented by a program to instruct relevant hardware to perform the steps, and the program may be stored in a computer-readable storage medium, which is referred to herein as a storage medium, such as: ROM/RAM, magnetic disk, optical disk, etc.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (31)
1. The access control method is applied to a controller in an access control system, and comprises the following steps:
after receiving an access request sent by a terminal, acquiring a current route of the terminal;
judging whether the current route is legal or not;
if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method;
the step of performing access control by using the first type of verification method comprises the following steps:
determining a priority corresponding to a historical route matching the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
2. The method of claim 1, wherein the step of obtaining the current route of the terminal comprises:
reading a current route stored in the terminal;
or reading the current route of the terminal stored in the server.
3. The method of claim 1, wherein before receiving the access request sent by the terminal, the method further comprises:
receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information comprises the current position information of the terminal;
the step of acquiring the current route of the terminal comprises:
and determining the current route of the terminal according to the N positioning information.
4. The method of claim 3, wherein the step of determining whether the current route is legitimate comprises:
judging whether a historical route matched with the current route exists in historical routes stored in a database;
if yes, the current route is legal, and if not, the current route is illegal.
5. The method according to claim 4, wherein the positioning information further includes a time corresponding to the current position information;
the database also stores the time corresponding to each historical position information in the historical route;
the step of judging whether a historical route matched with the current route exists in the historical routes stored in the database comprises the following steps:
determining each piece of current position information contained in the current route and corresponding time thereof;
determining each historical position information contained in each historical route and corresponding time thereof aiming at each historical route stored in the database;
matching the current position information and the corresponding time with each historical position information and the corresponding time;
and when the matching is successful, determining that the historical route is matched with the current route.
6. The method of claim 5, wherein storing historical routes in a database comprises:
and after the door corresponding to the access request is opened, storing the current route as a historical route in a database.
7. The method of claim 6, wherein storing the priorities corresponding to the historical routes in the database comprises:
determining each route group in the stored historical routes, wherein each historical route contained in the route group is matched with each other;
for each route group, determining the number of historical routes in the group;
and determining the priority of the group according to the determined number, and determining the priority of the group as the priority corresponding to each historical route in the group.
8. The method of claim 1, wherein the step of using the first type of authentication method for access control comprises:
outputting first prompt information, wherein the first prompt information comprises X types of user information;
after X types of user information respectively corresponding to the types of the X types of user information are received, verifying whether the received X types of user information are legal or not;
if the access request is legal, opening a door corresponding to the access request;
the step of performing access control by using the second type of verification method comprises the following steps:
outputting second prompt information, wherein the second prompt information comprises Y types of user information; wherein said Y is greater than said X;
after Y types of user information respectively corresponding to the types of the Y types of user information are received, verifying whether the received Y types of user information are legal or not;
and if the access request is legal, opening the door corresponding to the access request.
9. The method of claim 1, wherein the step of using the first type of authentication method for access control comprises:
and directly opening the door corresponding to the access request.
10. The access control method is characterized by being applied to a terminal in an access control system, and comprises the following steps:
sending an entry request to a controller in the system to cause the controller to:
acquiring a current route of the terminal; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method;
the access control by using the first type of verification method comprises the following steps:
determining a priority corresponding to a historical route matching the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
11. The method of claim 10, further comprising, prior to the step of sending an entry request to a controller in the system:
recording positioning information according to a first preset rule; the positioning information comprises the current position information of the terminal, or the current position information of the terminal and the corresponding time; determining and storing the current route of the user according to the positioning information;
or sending the positioning information to a server according to a second preset rule, so that the server determines and stores the current route of the terminal according to the received positioning information;
or sending positioning information to the controller according to a third preset rule; the positioning information includes the current position information of the terminal, or the current position information of the terminal and the corresponding time, so that the controller determines the current route of the terminal according to the received positioning information.
12. The method according to claim 11, wherein the step of recording the positioning information according to the first predetermined rule comprises:
when a positioning starting instruction is received or a preset moment is reached, recording a first piece of positioning information; after recording the first piece of positioning information, recording the positioning information according to a first preset sub-rule;
the step of sending the positioning information to the server according to the second preset rule comprises:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to a server; after the first piece of positioning information is sent, sending the positioning information to the server according to a second preset sub-rule;
the step of sending the positioning information to the controller according to a third preset rule includes:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to the controller; and after the first piece of positioning information is sent, sending the positioning information to the controller according to a third preset sub-rule.
13. The method according to claim 12, wherein the recording the positioning information according to the first predetermined sub-rule comprises:
recording positioning information according to a preset interval time period;
or, after receiving the positioning instruction, recording the positioning information;
the step of sending the positioning information to the server according to the second preset sub-rule comprises:
sending positioning information to the server according to a preset interval time period;
or after receiving a positioning instruction, sending positioning information to the server;
the step of sending the positioning information to the controller according to a third preset sub-rule comprises:
sending positioning information to the controller according to a preset interval time period;
or after receiving the positioning instruction, sending positioning information to the controller.
14. A controller in an access control system, the controller comprising: a communication unit and a processor, wherein,
the communication unit is used for receiving an access request sent by a terminal and acquiring a current route of the terminal;
the processor is used for judging whether the current route is legal or not; and is used for carrying on the entrance guard control with the first kind of verification method;
the system is also used for carrying out access control by utilizing a second type verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method;
the access control by using the first type of verification method comprises the following steps:
determining a priority corresponding to a historical route matching the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
15. The controller of claim 14, wherein the processor comprises: a judging module, a first control module and a second control module, wherein,
the judging module is used for judging whether the current route is legal or not; if yes, triggering the first control module, and if not, triggering the second control module;
the first control module is used for performing access control by using the first type of verification method;
and the second control module is used for controlling the entrance guard by using the second type verification method.
16. The controller according to claim 15, wherein the communication unit is specifically configured to:
receiving an access request sent by a terminal; and reading the current route stored in the terminal, or reading the current route of the terminal stored in a server.
17. The controller according to claim 15, wherein the communication unit is further configured to:
receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information comprises the current position information of the terminal;
and receiving an access request sent by the terminal, and determining the current route of the terminal according to the N positioning information.
18. The controller according to claim 17, wherein the determining module is specifically configured to:
judging whether a historical route matched with the current route exists in historical routes stored in a database;
if yes, the current route is legal, and if not, the current route is illegal.
19. The controller according to claim 18, wherein the positioning information further includes a time corresponding to the current position information;
the database also stores the time corresponding to each historical position information in the historical route;
the judgment module is specifically configured to:
determining each piece of current position information contained in the current route and corresponding time thereof;
determining each historical position information contained in each historical route and corresponding time thereof aiming at each historical route stored in the database;
matching the current position information and the corresponding time with each historical position information and the corresponding time;
when the matching is successful, determining that the historical route is matched with the current route, and indicating that the current route is legal; if all historical routes stored in the database do not match the current route, the current route is not legal.
20. The controller of claim 19, wherein the processor further comprises:
and the storage module is used for storing the current route as a historical route into a database after the door corresponding to the access request is opened.
21. The controller of claim 20, wherein the processor further comprises:
the first determining module is used for determining each route group in the stored historical routes, wherein the historical routes contained in the route groups are matched with each other;
a second determining module, configured to determine, for each route group, a number of historical routes in the group;
and the third determining module is used for determining the priority of the group according to the determined number and determining the priority of the group as the priority corresponding to each historical route in the group.
22. The controller of claim 15, wherein the first control module is specifically configured to:
outputting first prompt information, wherein the first prompt information comprises X types of user information;
after X types of user information respectively corresponding to the types of the X types of user information are received, verifying whether the received X types of user information are legal or not;
if the access request is legal, opening a door corresponding to the access request;
the second control module is specifically configured to:
outputting second prompt information, wherein the second prompt information comprises Y types of user information; wherein said Y is greater than said X;
after Y types of user information respectively corresponding to the types of the Y types of user information are received, verifying whether the received Y types of user information are legal or not;
and if the access request is legal, opening the door corresponding to the access request.
23. The controller of claim 15, wherein the first control module is specifically configured to:
and directly opening the door corresponding to the access request.
24. A terminal in an access control system, the terminal comprising:
a first sending module, configured to send an entry request to a controller in the system, so that the controller performs the following operations:
acquiring a current route of the terminal; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method;
the access control by using the first type of verification method comprises the following steps:
determining a priority corresponding to a historical route matching the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
25. The terminal of claim 24, wherein the terminal further comprises:
the recording module is used for recording the positioning information according to a first preset rule; the positioning information comprises the current position information of the terminal, or the current position information of the terminal and the corresponding time; determining and storing the current route of the user according to the positioning information;
or, the second sending module is configured to send the positioning information to a server according to a second preset rule, so that the server determines and stores the current route of the terminal according to the received positioning information;
or, the third sending module is configured to send the positioning information to the controller according to a third preset rule; the positioning information includes the current position information of the terminal, or the current position information of the terminal and the corresponding time, so that the controller determines the current route of the terminal according to the received positioning information.
26. The terminal according to claim 25, wherein the recording module is specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, recording a first piece of positioning information; after recording the first piece of positioning information, recording the positioning information according to a first preset sub-rule;
the second sending module is specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to a server; after the first piece of positioning information is sent, sending the positioning information to the server according to a second preset sub-rule;
the third sending module is specifically configured to:
when a positioning starting instruction is received or a preset moment is reached, sending a first piece of positioning information to the controller; and after the first piece of positioning information is sent, sending the positioning information to the controller according to a third preset sub-rule.
27. The terminal according to claim 26, wherein the recording module is specifically configured to:
recording positioning information according to a preset interval time period;
or, after receiving the positioning instruction, recording the positioning information;
the second sending module is specifically configured to:
sending positioning information to the server according to a preset interval time period;
or after receiving a positioning instruction, sending positioning information to the server;
the third sending module is specifically configured to:
sending positioning information to the controller according to a preset interval time period;
or after receiving the positioning instruction, sending positioning information to the controller.
28. An access control system, comprising: a terminal and a controller, wherein,
the terminal is used for sending an entering request to the controller;
the controller is used for acquiring the current route of the terminal after receiving the access request; judging whether the current route is legal or not; if yes, performing access control by using a first type of verification method, and if not, performing access control by using a second type of verification method; wherein the complexity of the first type of verification method is lower than the complexity of the second type of verification method;
the access control by using the first type of verification method comprises the following steps:
determining a priority corresponding to a historical route matching the current route;
determining a first type verification method corresponding to the current route from a plurality of preset first type verification methods according to the corresponding relation between the preset priority and the first type verification methods;
and performing access control by using the determined first type of verification method.
29. The system of claim 28,
the controller reads a current route stored in the terminal;
or the controller receives N pieces of positioning information sent by the terminal, wherein N is greater than 1, and each piece of positioning information contains current position information of the terminal; and determining the current route of the terminal according to the N positioning information.
30. The system of claim 28, further comprising:
the server is used for receiving N positioning information sent by the terminal, wherein N is greater than 1, and each positioning information contains the current position information of the terminal; determining the current route of the terminal according to the N positioning information;
the controller reads a current route of the terminal stored in the server;
the server comprises a local server and/or a cloud server.
31. The system of claim 30, wherein the controller is disposed in the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610938406.3A CN107978034B (en) | 2016-10-25 | 2016-10-25 | Access control method and system, controller and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610938406.3A CN107978034B (en) | 2016-10-25 | 2016-10-25 | Access control method and system, controller and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107978034A CN107978034A (en) | 2018-05-01 |
| CN107978034B true CN107978034B (en) | 2020-05-22 |
Family
ID=62005061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610938406.3A Active CN107978034B (en) | 2016-10-25 | 2016-10-25 | Access control method and system, controller and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107978034B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110164019B (en) * | 2019-07-16 | 2019-09-27 | 江苏金恒信息科技股份有限公司 | A kind of access control system and control method |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4574335B2 (en) * | 2004-11-19 | 2010-11-04 | 株式会社日立製作所 | Security system, authentication server, authentication method, and program |
| JP3946243B2 (en) * | 2005-03-23 | 2007-07-18 | 株式会社Ihc | Authentication system |
| US8364120B2 (en) * | 2006-08-02 | 2013-01-29 | Motorola Mobility Llc | Identity verification using location over time information |
| US20110148633A1 (en) * | 2009-12-21 | 2011-06-23 | Kohlenberg Tobias M | Using trajectory for authentication |
| CN102722929B (en) * | 2012-06-18 | 2015-02-11 | 重庆大学 | Motion sensor-based access control system |
| JP2016162382A (en) * | 2015-03-05 | 2016-09-05 | 株式会社 日立産業制御ソリューションズ | Entrance and exit management system including function for guiding visitor to visit destination |
| CN105632000B (en) * | 2016-03-07 | 2017-12-19 | 上海斐讯数据通信技术有限公司 | A kind of control method for door lock and door lock control system based on mobile terminal |
-
2016
- 2016-10-25 CN CN201610938406.3A patent/CN107978034B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN107978034A (en) | 2018-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7279973B2 (en) | Identification method, device and server in designated point authorization | |
| US10715520B2 (en) | Systems and methods for decentralized biometric enrollment | |
| CN104796857B (en) | Location-based security system for portable electronic device | |
| CN109711133A (en) | Authentication method, device and the server of identity information | |
| CN110178179B (en) | Voice signature for authenticating to electronic device users | |
| EP2055130B1 (en) | Identity verification using location over time information | |
| CN110758322B (en) | Vehicle starting method, device, equipment and storage medium | |
| US11487860B2 (en) | Biometric authentication method, system, and computer program | |
| CN110489415B (en) | Data updating method and related equipment | |
| CN106899409A (en) | Identity identifying method and device | |
| CN110874541A (en) | Electronic ticket entrance verification anti-counterfeiting system and method | |
| EP3248188B1 (en) | Authentication method | |
| CN107392178B (en) | Monitoring method and system | |
| CN103419790A (en) | Hierarchical recognition of vehicle driver and select activation of vehicle settings based on the recognition | |
| CN106355684B (en) | Control method, the device and system of controlled plant | |
| CN107978034B (en) | Access control method and system, controller and terminal | |
| KR102317656B1 (en) | Electronic vote record management system based on blockchain | |
| CN110084947B (en) | Access control information updating method and device | |
| JP5422326B2 (en) | Biometric authentication device | |
| CN110768942B (en) | Identity authentication system | |
| US20160342996A1 (en) | Two-factor authentication method | |
| CN106067198A (en) | A kind of method and system verifying gate inhibition's password | |
| CN111754655A (en) | Regional access management method, system and computer readable storage medium | |
| CN110335379A (en) | Intelligent door lock control method based on recognition of face | |
| CN107104922B (en) | Method and device for authority management and resource control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |