CN109147101A - The reader device and card-reading system of access control system and the control method of access control system - Google Patents

The reader device and card-reading system of access control system and the control method of access control system Download PDF

Info

Publication number
CN109147101A
CN109147101A CN201810585691.4A CN201810585691A CN109147101A CN 109147101 A CN109147101 A CN 109147101A CN 201810585691 A CN201810585691 A CN 201810585691A CN 109147101 A CN109147101 A CN 109147101A
Authority
CN
China
Prior art keywords
card
reader device
data information
access control
control system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810585691.4A
Other languages
Chinese (zh)
Inventor
蒋海俭
俞志刚
刘刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Publication of CN109147101A publication Critical patent/CN109147101A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of reader device of access control system and the control method of card-reading system and access control system, belongs to access control system technical field.The reader device of access control system of the invention includes: the first card image acquiring unit for obtaining the signed data information in the first external card;For carrying out the control unit of validity judgement to the signed data information;And the data deciphering compression unit of data interaction is carried out with described control unit, it is used to carry out asymmetric decryption to the signed data information.The present invention, which can be realized, to be used as access card with the card of signed data information.

Description

The reader device and card-reading system of access control system and the control method of access control system
Technical field
The invention belongs to access control system technical field, it is related to a kind of reader device of access control system and including the card reading The card-reading system and access control system of device and the control method of access control system.
Background technique
It is well known that access control system provides nearest security protection guarantee for the work and life of people.But in recent years, with Internet high speed development and people to life convenience requirement it is higher and higher, traditional access control system gradually with this not It is adapted.On the one hand, for traditional access control system, different application scenarios use different gate inhibitions, lead to access card It cannot be general;On the other hand, traditional access card uses entity card, to increase the cost of enterprise's production, operation and maintenance; In another aspect, traditional access card function is single, it is not able to satisfy the development of Enterprise Mobile Internet era.
Summary of the invention
The present invention is completed to solve the one or more aspects of above-mentioned the deficiencies in the prior art.This hair It is bright that the technical solutions adopted are as follows.
It is according to the invention in a first aspect, providing a kind of reader device of access control system comprising:
For obtaining the first card image acquiring unit of the signed data information in the first external card;
It is coupled to the control unit of the first card image acquiring unit, it is legal to be used to carry out the signed data information Property judgement;And
It is coupled to described control unit and carries out the data deciphering compression unit of data interaction with it, be used for the number of signature It is believed that breath carries out asymmetric decryption.
The reader device of access control system according to an embodiment of the invention, wherein the reader device further include:
Output unit, be used to export it is described first card card number at least part to gate inhibition control controller.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein the control Unit processed is coupled by SPI interface and the first card image acquiring unit, and described control unit passes through UART hardware interface It is coupled with the data deciphering compression unit.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include: Wireless communication unit, wherein the wireless communication unit and described control unit carry out serial communication and the application with outside Carry out data interaction.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include:
Power supply unit is coupled to the first card image acquiring unit, the data deciphering compression unit, output list The first and described wireless communication unit.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein the number It is RSA-SHA1 special chip according to decryption compression unit.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include:
It is coupled to the card recognition unit of the first card image acquiring unit, whether the card being read for identification has The signed data information;And
It is coupled to the second card image acquiring unit of the card recognition unit, is used for through contact or non-contacting side Formula obtains the user identity information in the second card.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein the number Number of signature after being also used to be judged as described control unit based on Secure Hash Algorithm legal decryption according to decryption compression unit It is believed that breath carries out compression processing;
Described control unit is also used to carry out the data deciphering compression unit signed data information after compression processing Carry out offline authentication processing.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein the control Adaptation module is provided in unit processed, the adaptation module is according to whether in the presence of the background management system for capableing of online verification To adaptively determine using online authentication mode or authenticate mode offline;
Wherein, in the online authentication mode, by the background management system with reader device on-line joining process to the signature Data information carries out on-line authentication processing;In the offline authentication mode, by the control unit of the reader device to institute It states signed data information and carries out offline authentication processing.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein it is described from It adapts to module and is configured to send online sense command to the background management system.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein it is described from It adapts to module to be configured as: receiving the case where background management system is directed to the response of the on-line checking order It is lower determining into the online authentication mode, otherwise, it determines into the offline authentication mode.
Second aspect according to the invention provides a kind of card-reading system of access control system comprising:
The reader device of any description above;And
At least one first card with signed data information, is coupled in the reader device.
The card-reading system of access control system according to an embodiment of the invention, wherein first card is that had storage State the financial payment card of the memory of signed data information.
The card-reading system of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include:
At least one second card with identification information, is coupled in the card reading by contact or non-contacting mode Device.
The third aspect according to the invention provides a kind of access control system comprising:
The reader device of any description above;And
With the access controller of reader device coupling.
Access control system according to an embodiment of the invention, wherein further include:
Background management system is used to carry out on-line authentication processing to the signed data information.
Fourth aspect according to the invention provides a kind of control method of access control system comprising step:
Pass through the signed data information in the first card outside the reader device acquisition of access control system;
Asymmetric decryption is carried out to the signed data information by the reader device of access control system;And
Validity judgement is carried out to the signed data information by the reader device of access control system.
Control method according to an embodiment of the invention, wherein further comprise the steps of:
By the reader device of access control system based on Secure Hash Algorithm to the signed data information after the decryption for being judged as legal Carry out compression processing;
Offline authentication processing is carried out to the signed data information after compression processing by the reader device of access control system.
The control method of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include Step:
At least part of the signed data information is exported by the reader device of access control system;
At least part of the signed data information is received by the background management system of access control system and it is carried out On-line authentication processing.
The control method of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include Step:
According to whether being adaptively determined in the presence of the background management system for the access control system for capableing of online verification using online mirror Power mode authenticates mode offline;
Wherein, in the online authentication mode, by the background management system with the reader device on-line joining process to described Signed data information carries out on-line authentication processing;In the offline authentication mode, by the reader device to the signature Data information carries out offline authentication processing.
The control method of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein adaptive It determines with answering using online authentication mode or in offline the step of authenticating mode:
Online sense command is sent to the background management system by the reader device;
It is determined in the case where receiving the background management system and being directed to the response of the on-line checking order and enters institute Online authentication mode is stated, otherwise, it determines into the offline authentication mode.
Compared with the existing technology, the entity/electronics that will have signed data information may be implemented in reader device of the invention The cards such as card are used as access card, facilitate user to carry out gate inhibition's operation using such as financial payment card, safety is good, easy to accomplish.
Detailed description of the invention
From the following detailed description in conjunction with attached drawing, it will keep above and other purpose and advantage of the invention more complete It is clear, wherein the same or similar element, which is adopted, to be indicated by the same numeral.
Fig. 1 is the structural schematic diagram of the card-reading system of access control system according to an embodiment of the invention.
Fig. 2 is the structural schematic diagram of the reader device of the access control system of an embodiment shown in Fig. 1.
Fig. 3 is the structural schematic block diagram of the card-reading system of the access control system of another embodiment according to the present invention.
Fig. 4 is the structural schematic diagram of the reader device of the access control system of another embodiment shown in Fig. 3.
Fig. 5 is the structural schematic diagram of access control system according to an embodiment of the invention.
Specific embodiment
For succinct and illustrative purpose, this paper Primary Reference its example embodiment describes the principle of the present invention.But Those skilled in the art will readily recognize that identical principle can be equally applied to the card reading of all types of access control systems Device and card-reading system, and these identical principles can be implemented within, any such variation is without departing substantially from present patent application True spirit and range.Moreover, in the following description, with reference to attached drawing, the specific example embodiment of these drawing illustrations.? These embodiments can be carried out in electricity, mechanical, logic and structure more under the premise of without departing substantially from the spirit and scope of the present invention Change.Although in addition, the invention is characterized in that being such as directed in conjunction with disclosed in only one of them of several implementation/embodiments Any given or identifiable function may be expectation and/or advantageous, can be by this feature and other implementation/embodiments one Other a or multiple features are combined.Therefore, it is described below and is not construed as in a limiting sense, and the scope of the present invention It is defined by appended claims and its equivalent.
Although illustrate of broad scope numberical range and parameter of the invention be it is suitable, described in particular example Numerical value is reported as accurately as possible.However, any numerical value inherently includes because common in its corresponding test measurement Certain errors caused by standard deviation certainty.Moreover, all ranges disclosed herein be interpreted as covering including it is any And all subranges.In the case of being used, term " first ", " second " etc. not necessarily indicate any sequence or priority Relationship, and can be used for that more clearly element or time interval being distinguished from each other.
Fig. 1 show the structural schematic diagram of the card-reading system of access control system according to an embodiment of the invention, wherein has used this Invent the reader device of the access control system as shown in Figure 2 of an embodiment.
As shown in Figure 1, the reader device 101 of the card-reading system 100 of the access control system including access control system and there is signature First card 102 of data information, wherein there is the first card 102 of signed data information to pass through contact or non-contacting side for this Formula is coupled in the reader device 101 of the access control system.
In one embodiment, above-mentioned the first card 102 with signed data information can be the finance of entity card form Payment Card, for example, Unionpay's IC card.In this case, the reader device 101 of above-mentioned access control system by contact or non-can connect The mode of touching reads the signed data information in Unionpay's IC card to realize access control.
In another embodiment, above-mentioned the first card 102 with signed data information is also possible to electronic card form Financial payment card, for example, the Unionpay's cloud being set in the portable mobile termianl of such as mobile phone etc, which dodges, pays card.In the situation Under, the reader device 101 of above-mentioned access control system reads (for example, NFC is read) Unionpay's cloud by non-contacting mode and dodges pair card Signed data information realizes access control.
It should be noted that in the card-reading system 100 of access control system as shown in Figure 1, the reader device of access control system The number of 101 the first cards 102 with signed data information that can be read is not limited, and can be one has signed data First card of information is also possible to multiple the first cards with signed data information.
The specific internal structure of the reader device 101 of the access control system of one embodiment is illustrated in Fig. 2.Such as Fig. 2 institute Show, the reader device 101 of access control system may include the first card image acquiring unit 101A, control unit 101B and data Decryption compression unit 101C.
First card image acquiring unit 101A can be obtained in the first card 102 by contact or non-contacting mode Data signature information.In one embodiment, the first card image acquiring unit 101A can be realized by RFID circuit, and And optionally, NXP RC663 radio frequency chip is used in the RFID circuit, supports ISO14443A, ISO14443B etc. a variety of Iso standard.In addition, in another embodiment, the first card image acquiring unit 101A is in addition to obtaining the data in the first card 102 Except signing messages, the card number of the first card 102 can also be obtained, is numbered based on the card, can also be used to identification user.
Specifically, control unit 101B is coupled to the first card image acquiring unit 101A by first interface, also, controls Unit 101B processed is configured to sentence signed data information (such as signed data information after asymmetric decryption) progress legitimacy Disconnected and certification, for example, receive above-mentioned signed data information from the first card image acquiring unit 101A, to above-mentioned number of signature it is believed that Breath carries out validity judgement, and authenticates in the case where being judged as legal to above-mentioned signed data information.Implement one In example, control unit 101B can have such as validity judgement component and certification component, they specifically can be by microcontroller Unit (Micro Control Unit, MCU) is realized, moreover, optionally, the micro-control unit is using following configuration: NXP's Cortex M3 core piece, the dominant frequency of 100MHz, the flash memory of 512KB, 64KB RAM.
Specifically, data deciphering compression unit 101C is coupled to control unit 101B by second interface and can control Unit 101B carries out data interaction, and data deciphering compression unit 101C may be constructed such that non-to the progress of above-mentioned signed data information Symmetry decryption and compression, wherein the signed data information after decryption is sent to control list by data deciphering compression unit 101C First 101B, control unit 101B will return to data deciphering compression unit 101C by the signed data information after validity judgement Carry out the compression processing for example based on Secure Hash Algorithm (SHA1).In one embodiment, data deciphering compression unit 101C can To have for example asymmetric decryption section and compression member to be separately operable RSA Algorithm and SHA1 algorithm, specifically, the data solution Close compression unit 101C can be realized by RSA-SHA1 special chip, it is further preferred that the RSA-SHA1 special chip is using such as Lower configuration: interface meets ISO7816 specification, meets the whole world EAL+5 highest security level, supports to be up to 2048 rsa encryption solutions Close algorithm (time for carrying out 2048 RSA operations is less than 150ms) and SHA1 data compression algorithm, have the function of hardware protection with Ensure data safety, there is metallic shield protective layer the internal data after detecting external attack will be automatically destroyed.
In the above-described embodiments, first interface for example can be SPI interface, and second interface for example can be UART hardware and connect Mouthful, that is, micro-control unit MCU is coupled to the RFID circuit of the first card image acquiring unit 101A by SPI interface to obtain Signed data information in first card 102, also, micro-control unit MCU passes through UART hardware interface and the dedicated core of RSA-SHA1 Piece coupling is communicated with the communication speed between carrying out up to the UART of 1.25Mbps.Specifically, for example, in access control system When 101 card reading of reader device, micro-control unit MCU sends out the signed data information in the first card 102 read by RFID circuit The RSA-SHA1 special chip as data deciphering compression unit 101C is given, to be based on by the RSA-SHA1 special chip RSA data deciphering algorithm carries out RSA decryption to read signed data information, which will be after decryption Signed data information return to the micro-control unit MCU as control unit 101B so as to by micro-control unit MCU to its into Row validity judgement, in the case where being judged as legal, micro-control unit MCU sends back to the signed data information after the decryption To the RSA-SHA1 special chip of data deciphering compression unit 101C, to carry out SHA1(peace based on SHA1 data compression algorithm Full hash algorithm) calculate, the RSA-SHA1 special chip to micro-control unit MCU return 20 bytes SHA1 data so as to by Micro-control unit MCU is judged in the SHA1 data recalculated using the RSA-SHA1 special chip and signed data information Whether the original SHA1 data for being included are consistent, if unanimously, being determined as that the signed data authentification of message in the second card 101 is logical It crosses.
Optionally, the reader device 101 of access control system can also include output unit (not shown), output unit coupling In control unit 101B, also, it is configured in the case where control unit 101B passes through above-mentioned signed data authentification of message By from the first card image acquiring unit 101A, received above-mentioned card is numbered together with above-mentioned signed data information at least one Part is exported by third interface.In one embodiment, which is Wiegand interface, that is, the card reading of access control system fills It sets 101 to couple by Wiegand interface and access controller and background management system, determines the label in card in control unit 101B In the case that name data information certification passes through, output unit compiles the card of above-mentioned the first card 102 with signed data information Number at least part (such as, last 9 card numbers) access controller realization access control is sent to by Wiegand interface, certainly, Background management system can also be sent to carries out online user authentication at least part of the card number of first card 102 in turn Operation.In addition, in one embodiment, which may include the components such as indicator light, buzzer.
Optionally, the reader device 101 of access control system can also include wireless communication unit (not shown), the channel radio Letter unit is coupled to control unit 101B, serial communication is carried out with control unit 101B and carries out data friendship with external application Mutually.In one embodiment, which can be realized by bluetooth module, it is further preferred that using the indigo plant of BLE4.0 Tooth module carries out serial communication with control unit 101B and carries out data interaction with external APP.
Optionally, the reader device 101 of access control system can also include power supply unit (not shown), be coupled to the first card Piece information acquisition unit 101A, data deciphering compression unit 101C, above-mentioned output unit and above-mentioned wireless communication unit.? In one embodiment, power supply unit can be by DC-DC switching power supply and low pressure difference linear voltage regulator (low dropout regulator;LDO it) realizes, moreover, the input voltage range of the power supply unit is 7-16V DC voltage and the power supply unit With reversal connection protection function, specifically, for example, providing 5V DC voltage from DC-DC switching power supply and to above-mentioned output list On the other hand member supply becomes the 5V DC voltage provided from DC-DC switching power supply by low pressure difference linear voltage regulator It is supplied after 3.3V to data deciphering compression unit 101C, above-mentioned wireless communication unit etc..
Optionally, the reader device 101 of access control system can also include antenna element (not shown), be coupled to the first card Piece information acquisition unit 101A.In one embodiment, which can drive PCB antenna to realize by both-end, moreover, excellent Selection of land adjusts and assists capacitor that antenna is made to carry out resonance with the center 13.56MHz frequency.
The card-reading system 100 of access control system off line can be completed to signed data information or off-line data authenticates, and In embodiment, at least part of the card number of interception can be transferred to access controller and backstage for example, by Wiegand protocol Management system can be, but not limited to carry out subsequent processing according to original mode by access controller and background management system, thus Realize access control.
Although merely illustrating the Payment Card for supporting that there is signed data information in figure 1 above and the embodiment of Fig. 2 The structure of the card-reading system of access control system, still, the structure of the card-reading system of access control system according to the present invention are without being limited thereto, Both the Payment Card with signed data information and traditional access card can be supported simultaneously.
Fig. 3 show the structural schematic block diagram of the card-reading system of the access control system of another embodiment according to the present invention, wherein The reader device of the access control system as shown in Figure 4 of further embodiment of this invention is used.
As shown in figure 3, the card-reading system 200 of the access control system includes the reader device 201 of access control system, has number of signature It is believed that breath first card 202 and have UID(User Identification, user identifier) information second card 203.Its In, the first card 202 with signed data information and the first card 102 with signed data information in Fig. 1 are essentially identical, This is repeated no more;In addition, with UID information second card 203 with signed data information first card 202 similarly by Contact or non-contacting mode are coupled in the reader device 201 of access control system.
In one embodiment, above-mentioned the second card 203 with UID information can be traditional gate inhibition of entity card form Card.In this case, the reader device 201 of above-mentioned access control system reads traditional access card by contact or non-contacting mode In UID information realize access control.
The specific internal structure of the reader device 201 of access control system in present embodiment is illustrated in Fig. 4.Such as figure Shown in 4, the reader device 201 of access control system includes the first card image acquiring unit 201A, control unit 201B, data deciphering Compression unit 201C, card recognition unit 201D and the second card image acquiring unit 201E.
First card image acquiring unit 201A, control unit 201B, data deciphering compression unit 201C with it is shown in Fig. 2 First card image acquiring unit 101A, control unit 101B, data deciphering compression unit 101C difference are identical, no longer superfluous herein It states.
Card recognition unit 201D is coupled to the first card image acquiring unit 201A and the second card image acquiring unit 201B, also, it is configured in the card that identification is for example currently read whether there is signed data information.Card recognition unit Whether there is signed data information in the card that 201D is read before can determining for example, by the mode of poll.
Second card image acquiring unit 201E is also coupled to card recognition unit 201D, also, is configured to by connecing Touching or non-contacting mode obtain the UID information in card (such as second card 203).In one embodiment, second card Piece information acquisition unit 201E can be realized by RFID circuit, it is further preferred that using NXP RC663 in the RFID circuit Radio frequency chip, because it supports a variety of iso standards such as ISO14443A, ISO14443B.
Identify in card (such as first card 202) that there is the case where signed data information in card recognition unit 201D Under, so that the first card image acquiring unit 201A is read the signed data information of the first card 202, the reader device of the access control system The operation of control unit 201B, data deciphering compression unit 201C in 201 and above-described control unit 101B, data solution The operation difference of close compression unit 101C is identical, therefore, repeats no more.
On the other hand, identify in card (such as second card 203) do not have signed data in card recognition unit 201D In the case where information, the second card image acquiring unit 201E is made to read the UID information of card, in one embodiment, the gate inhibition Acquired UID information can be transferred to access controller and background management system by the reader device 202 of system, be controlled by gate inhibition Device and background management system processed carry out subsequent processing according to original mode to realize access control.
Although figure 1 above is to carry out offline authentication based on reader device 101 or 201 pair of first card 102 or 202 to be to Fig. 4 What example was illustrated, it is to be understood that in another alternative embodiment, reader device 101 or 201 can also block to first 102 or 202 carry out online authentication to realize the access control system of the application.It can be in online licensing mode, in access control system Background management system is set, can be with access controller on-line joining process, therefore, access controller can receive essentially in real time The information that access controller transmits, the information can be the information transmitted from reader device 101 or 201, for example, the At least part, UID of the second card 203 of the card number of one card 102 or 202 etc..Accordingly, control unit 101B or 201B It may be constructed such that and validity judgement is carried out to signed data information (such as signed data information after asymmetric decryption), in turn Control unit 101B or 201B are optionally without above-described verification process;Block 102 or 202 if necessary to the first of output Card number at least part of length fall short of if, optionally, data deciphering compression unit 101C or 201C can also To be configured to carry out asymmetry decryption to above-mentioned signed data information, and then data deciphering compression unit 101C or 201C can Selection of land is without above-described compression process;Accordingly, output unit (not shown) is also possible to not to above-mentioned signed data Information carries out at least part that above-mentioned card number is exported in the case where offline authentication, that is, output unit is optionally by structure It makes as will received above-mentioned card is compiled together with above-mentioned signed data information from the first card image acquiring unit 101A or 201A Number at least part exported by third interface.
Certainly, at least part of length if necessary to the card number of the first card 102 or 202 of output is too long, can Selection of land, data deciphering compression unit 101C or 201C also may be constructed such that the card number to the above-mentioned signed data information of correspondence At least part carry out compression processing, output unit be alternatively configured to by after compression processing card number at least one Part is exported by third interface.
The reader device 101 or 201 of above embodiments may be implemented the entity that will have signed data information/electronic card and use Make access card, user is facilitated to carry out gate inhibition's operation using such as financial payment card.It can also specifically have the following effects that at least On the one hand:
1) reader device and card-reading system according to the present invention can use the entity with signed data information/electronic card Make access card, in turn, (Offline Data Authentication is authenticated by offline data;ODA) true to verify card Puppet, to improve convenience;
2) reader device and card-reading system according to the present invention can be right by control unit and data decryption compression unit Entity/electronic card signed data information carries out offline data certification, it is thereby achieved that access controller under offline mode It is controlled, and safety is good, is easy to be achieved at low cost;
3) reader device and card-reading system according to the present invention will can only support the access control system of traditional access card to upgrade to The access control system of the various ways such as traditional access card, financial payment card is supported simultaneously;
4) reader device and card-reading system according to the present invention are multiplexed the management system of traditional access controller and backstage, only Reader device part is transformed, so as to which transformation difficulty and cost is effectively reduced, is conducive to promote and replicate;
5) reader device and card-reading system according to the present invention, it is only necessary to verify the card true and false, not need as non-contact Terminal in IC card transaction saves the sensitive transactions data such as ARQC like that.
Fig. 5 show the structural schematic diagram of access control system according to an embodiment of the invention.In this embodiment, entry/exit Door card reader can for example be realized by above-mentioned reader device 200 shown in Fig. 3, it is thereby achieved that both having supported traditional gate inhibition Card also supports Unionpay's IC card and Unionpay's cloud are dodged to pay card.In this way, the card-reading system in the access control system of one embodiment of the invention In, use the reader device 200 of embodiment as shown in Figure 3, also the first card using at least one with signed data information Unionpay's IC card shown in 202, i.e., such as Fig. 5 or Unionpay's cloud, which dodge, pays card, or even also using as shown in Figure 3 there is UID to believe The second of breath blocks 203, i.e. tradition access card shown in Fig. 5.By reader device 200, in the first card 202 or the second card 203 When being coupled in reader device 200 in a manner of contacting or is non-contacting, it can be carried out based on the card image read out related Operation.Therefore, it can be compatible with using any one in traditional access card, Unionpay's IC card and Unionpay's cloud sudden strain of a muscle pair card etc. as gate inhibition Card.
Continue as shown in figure 5, access control system further includes the access controller coupled with reader device 201, access controller It can control the electric lock being arranged on door to be unlocked and lock operation.Access controller can also specifically couple exit button, And receive the unlock instruction from exit button.
Continue as shown in figure 5, access control system further includes the background management system connecting with access controller, back-stage management system System can realize that background management system can run corresponding management system by modes such as one or more computers, clouds, On-line authentication is realized in help.When carrying out swiping card using second card such as traditional access card 203, background management system is recognized online Card mode can be identical as traditional mode, herein no longer detailed example explanation.
In another embodiment, if authenticated online using background management system to the first card 102 or 202, first At least part of the card number (such as by after compression processing) of card 102 or 202 can also be sent to back-stage management in turn System carries out online user authentication operation, at this point, background management system can accordingly store legitimate user's list, deposits The user identifier corresponded to from signed data acquisition of information is contained, such as the with signed data information first card 102 or 202 At least part of card number.
In the exemplary access control system of figure 5 above or card-reading system, gate inhibition's swiping card can be carried out, and by the first card or second Information in card is transferred to access controller by Wiegand protocol, by the management system on access controller and backstage according to original side Formula carries out subsequent processing, to realize access control, and gate inhibition's interaction time is less than 500 milliseconds.
In another alternative embodiment, the entry/exit door card reader shown in Fig. 5 can for example pass through above-mentioned reading shown in FIG. 1 Card device 200 is realized.
In another embodiment, online authentication mode had both been supported in view of the access control system of above example, also support offline mirror Adaptation module (not shown) can also be arranged in above-mentioned control unit 101B or 201B in power mode, and adaptation module can To be used to according to whether adaptively determine in the presence of the background management system for capableing of online verification using online authentication mode or Offline authentication mode.Illustratively, adaptation module can send online sense command to background management system, such as via gate inhibition Controller is sent to the background management system of distal end, and background management system is configured as in the feelings for receiving the on-line checking order Under condition response can be returned to adaptation module.Illustratively, it if background management system networking is online, will can receive The on-line checking order, to return to response to adaptation module, adaptation module naturally also can receive the response, adaptive Answer module that can determine that online authentication mode can be used in conditions present, hence into online authentication mode, for example, passing through backstage Management system carries out on-line authentication;If background management system networking is offline, it is impossible to enough receive on-line checking life It enabling, background management system will not return to response to adaptation module, and adaptation module will not naturally also receive the response, from Adapting to module can determine that offline authentication mode can be used in conditions present, hence into offline authentication mode, for example, passing through control Unit 101B or 201B processed is authenticated, carried out by data deciphering compression unit 101C or 201C to legal number of signature it is believed that Breath carries out compression processing based on Secure Hash Algorithm (SHA1), and return treated data for control unit 101B or 201B into The row certification.
Technical scope of the invention is not limited solely to the content of the implementation described above, those skilled in the art Various changes and modifications can be carried out to above embodiment under the premise of without departing from technical idea and spirit of the invention, And these deformations and modification should all be fallen within the scope of the present invention.

Claims (20)

1. a kind of reader device of access control system characterized by comprising
For obtaining the first card image acquiring unit of the signed data information in the first external card;
For carrying out the control unit of validity judgement to the signed data information;And
The data deciphering compression unit that data interaction is carried out with described control unit is used to carry out the signed data information Asymmetric decryption.
2. reader device as described in claim 1, which is characterized in that the reader device further include:
Output unit, be used to export it is described first card card number at least part to gate inhibition control controller.
3. reader device as claimed in claim 1 or 2, which is characterized in that described control unit passes through SPI interface and described the The coupling of one card image acquiring unit, described control unit pass through UART hardware interface and the data deciphering compression unit coupling Even.
4. reader device as claimed in claim 2, which is characterized in that further include: wireless communication unit, wherein described wireless Communication unit and described control unit carry out serial communication and carry out data interaction with external application.
5. reader device as described in claim 1, which is characterized in that the data deciphering compression unit is that RSA-SHA1 is dedicated Chip.
6. reader device as described in claim 1, which is characterized in that further include:
It is coupled to the card recognition unit of the first card image acquiring unit, whether the card being read for identification has The signed data information;And
It is coupled to the second card image acquiring unit of the card recognition unit, is used for through contact or non-contacting side Formula obtains the user identity information in the second card.
7. reader device as described in claim 1, which is characterized in that the data deciphering compression unit is also used to based on safety Hash algorithm is judged as that the signed data information after legal decryption carries out compression processing to described control unit;
Described control unit is also used to carry out the data deciphering compression unit signed data information after compression processing Carry out offline authentication processing.
8. reader device as described in claim 1, which is characterized in that be provided with adaptation module in described control unit, institute Adaptation module is stated according to whether being adaptively determined in the presence of the background management system for capableing of online verification using online authentication Mode authenticates mode offline;
Wherein, in the online authentication mode, by the background management system with reader device on-line joining process to the signature Data information carries out on-line authentication processing;In the offline authentication mode, by the control unit of the reader device to institute It states signed data information and carries out offline authentication processing.
9. reader device as claimed in claim 8, which is characterized in that the adaptation module is configured to send online Sense command is to the background management system.
10. reader device as claimed in claim 9, which is characterized in that the adaptation module is configured as: receiving State background management system for the on-line checking order response in the case where determine enter the online authentication mode, Otherwise, it determines into the offline authentication mode.
11. a kind of card-reading system of access control system characterized by comprising
Reader device as described in any one of claim 1 to 10;And
At least one first card with signed data information, is coupled in the reader device.
12. card-reading system as claimed in claim 11, which is characterized in that first card is that have to be stored with the number of signature It is believed that the financial payment card of the memory of breath.
13. card-reading system as claimed in claim 11, which is characterized in that further include:
At least one second card with identification information, is coupled in the card reading by contact or non-contacting mode Device.
14. a kind of access control system characterized by comprising
Reader device as described in any one of claim 1 to 10;And
With the access controller of reader device coupling.
15. access control system as claimed in claim 14, which is characterized in that further include:
Background management system is used to carry out on-line authentication processing to the signed data information.
16. a kind of control method of access control system, which is characterized in that comprising steps of
Pass through the signed data information in the first card outside the reader device acquisition of access control system;
Asymmetric decryption is carried out to the signed data information by the reader device of access control system;And
Validity judgement is carried out to the signed data information by the reader device of access control system.
17. control method as claimed in claim 16, which is characterized in that further comprise the steps of:
By the reader device of access control system based on Secure Hash Algorithm to the signed data information after the decryption for being judged as legal Carry out compression processing;
Offline authentication processing is carried out to the signed data information after compression processing by the reader device of access control system.
18. control method as claimed in claim 16, which is characterized in that further comprise the steps of:
At least part of the signed data information is exported by the reader device of access control system;
At least part of the signed data information is received by the background management system of access control system and it is carried out On-line authentication processing.
19. control method as claimed in claim 16, which is characterized in that further comprise the steps of:
According to whether being adaptively determined in the presence of the background management system for the access control system for capableing of online verification using online mirror Power mode authenticates mode offline;
Wherein, in the online authentication mode, by the background management system with the reader device on-line joining process to described Signed data information carries out on-line authentication processing;In the offline authentication mode, by the reader device to the signature Data information carries out offline authentication processing.
20. control method as claimed in claim 19, which is characterized in that adaptively determining using online authentication mode or In the step of offline authentication mode:
Online sense command is sent to the background management system by the reader device;
It is determined in the case where receiving the background management system and being directed to the response of the on-line checking order and enters institute Online authentication mode is stated, otherwise, it determines into the offline authentication mode.
CN201810585691.4A 2017-06-19 2018-06-08 The reader device and card-reading system of access control system and the control method of access control system Pending CN109147101A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2017207110196 2017-06-19
CN201720711019 2017-06-19

Publications (1)

Publication Number Publication Date
CN109147101A true CN109147101A (en) 2019-01-04

Family

ID=64802015

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201810585691.4A Pending CN109147101A (en) 2017-06-19 2018-06-08 The reader device and card-reading system of access control system and the control method of access control system
CN201820884738.2U Active CN208985227U (en) 2017-06-19 2018-06-08 The reader device and card-reading system of access control system, access control system

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201820884738.2U Active CN208985227U (en) 2017-06-19 2018-06-08 The reader device and card-reading system of access control system, access control system

Country Status (1)

Country Link
CN (2) CN109147101A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109685960A (en) * 2019-02-28 2019-04-26 北京中金国信科技有限公司 A kind of method for unlocking, device and equipment
CN111009060A (en) * 2019-12-18 2020-04-14 宁波博太科智能科技股份有限公司 Method and system for area real-time control of entrance guard

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112598830B (en) * 2020-12-10 2022-12-27 厦门四信通信科技有限公司 Intelligent terminal of gate

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109685960A (en) * 2019-02-28 2019-04-26 北京中金国信科技有限公司 A kind of method for unlocking, device and equipment
CN111009060A (en) * 2019-12-18 2020-04-14 宁波博太科智能科技股份有限公司 Method and system for area real-time control of entrance guard

Also Published As

Publication number Publication date
CN208985227U (en) 2019-06-14

Similar Documents

Publication Publication Date Title
US20190205575A1 (en) Smart card system comprising a card and a carrier
CN100533490C (en) Method and device for starting intelligent card fingerprint identification through condition judging
CN208985227U (en) The reader device and card-reading system of access control system, access control system
CN102932333A (en) Safety equipment with mobile payment function, system and method
CN104933797A (en) Intelligent card access control system and method based on dynamic token
CN101783040B (en) Smart card swipe machine and information exchange method
CN108701383A (en) Attack resistance bio-identification authorization device
CN108604306A (en) a kind of device
JP2011507118A (en) Method for permitting communication such as access to memory zone of portable electronic device, corresponding electronic device and system
CN104410968A (en) Portable universal integrated circuit card (UICC) subscriber terminal equipment and identity authentication system thereof
CN102118250A (en) System and method for indentifying dynamic password based on double-interface intelligent card
CN107689871A (en) The Internet of Things mobile terminal veritified with identity and testimony of a witness unification checking method
CN105913252A (en) Fingerprint encrypted EID financial card and realization method
CN110210855A (en) Hardware wallet illegal method and system based on biological identification technology
CN105913109A (en) Fingerprint encrypted EID financial card and realization method
CN106709534A (en) Anti-counterfeit verification system of electronic certificate
KR20240013148A (en) Transaction authorization using biometric identity verification
CN103902860A (en) Double authentication method and system
CN208737494U (en) Fingerprint mould group and its Fingerprint Lock System
CN106295289A (en) A kind of message processing module
CN208014051U (en) A kind of lockset authentication means
Huizinga et al. Using NFC enabled Android devices to attack RFID systems
CN109034789A (en) Method for online payment, computer program product and mobile payment card thereof
CN110135547A (en) A kind of fingerprint IC card for supporting eID identification
CN110532749A (en) Fingerprint recognition processing unit, method and smart card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination