CN109147101A - The reader device and card-reading system of access control system and the control method of access control system - Google Patents
The reader device and card-reading system of access control system and the control method of access control system Download PDFInfo
- Publication number
- CN109147101A CN109147101A CN201810585691.4A CN201810585691A CN109147101A CN 109147101 A CN109147101 A CN 109147101A CN 201810585691 A CN201810585691 A CN 201810585691A CN 109147101 A CN109147101 A CN 109147101A
- Authority
- CN
- China
- Prior art keywords
- card
- reader device
- data information
- access control
- control system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00182—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
Abstract
The present invention provides a kind of reader device of access control system and the control method of card-reading system and access control system, belongs to access control system technical field.The reader device of access control system of the invention includes: the first card image acquiring unit for obtaining the signed data information in the first external card;For carrying out the control unit of validity judgement to the signed data information;And the data deciphering compression unit of data interaction is carried out with described control unit, it is used to carry out asymmetric decryption to the signed data information.The present invention, which can be realized, to be used as access card with the card of signed data information.
Description
Technical field
The invention belongs to access control system technical field, it is related to a kind of reader device of access control system and including the card reading
The card-reading system and access control system of device and the control method of access control system.
Background technique
It is well known that access control system provides nearest security protection guarantee for the work and life of people.But in recent years, with
Internet high speed development and people to life convenience requirement it is higher and higher, traditional access control system gradually with this not
It is adapted.On the one hand, for traditional access control system, different application scenarios use different gate inhibitions, lead to access card
It cannot be general;On the other hand, traditional access card uses entity card, to increase the cost of enterprise's production, operation and maintenance;
In another aspect, traditional access card function is single, it is not able to satisfy the development of Enterprise Mobile Internet era.
Summary of the invention
The present invention is completed to solve the one or more aspects of above-mentioned the deficiencies in the prior art.This hair
It is bright that the technical solutions adopted are as follows.
It is according to the invention in a first aspect, providing a kind of reader device of access control system comprising:
For obtaining the first card image acquiring unit of the signed data information in the first external card;
It is coupled to the control unit of the first card image acquiring unit, it is legal to be used to carry out the signed data information
Property judgement;And
It is coupled to described control unit and carries out the data deciphering compression unit of data interaction with it, be used for the number of signature
It is believed that breath carries out asymmetric decryption.
The reader device of access control system according to an embodiment of the invention, wherein the reader device further include:
Output unit, be used to export it is described first card card number at least part to gate inhibition control controller.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein the control
Unit processed is coupled by SPI interface and the first card image acquiring unit, and described control unit passes through UART hardware interface
It is coupled with the data deciphering compression unit.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include:
Wireless communication unit, wherein the wireless communication unit and described control unit carry out serial communication and the application with outside
Carry out data interaction.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include:
Power supply unit is coupled to the first card image acquiring unit, the data deciphering compression unit, output list
The first and described wireless communication unit.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein the number
It is RSA-SHA1 special chip according to decryption compression unit.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include:
It is coupled to the card recognition unit of the first card image acquiring unit, whether the card being read for identification has
The signed data information;And
It is coupled to the second card image acquiring unit of the card recognition unit, is used for through contact or non-contacting side
Formula obtains the user identity information in the second card.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein the number
Number of signature after being also used to be judged as described control unit based on Secure Hash Algorithm legal decryption according to decryption compression unit
It is believed that breath carries out compression processing;
Described control unit is also used to carry out the data deciphering compression unit signed data information after compression processing
Carry out offline authentication processing.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein the control
Adaptation module is provided in unit processed, the adaptation module is according to whether in the presence of the background management system for capableing of online verification
To adaptively determine using online authentication mode or authenticate mode offline;
Wherein, in the online authentication mode, by the background management system with reader device on-line joining process to the signature
Data information carries out on-line authentication processing;In the offline authentication mode, by the control unit of the reader device to institute
It states signed data information and carries out offline authentication processing.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein it is described from
It adapts to module and is configured to send online sense command to the background management system.
The reader device of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein it is described from
It adapts to module to be configured as: receiving the case where background management system is directed to the response of the on-line checking order
It is lower determining into the online authentication mode, otherwise, it determines into the offline authentication mode.
Second aspect according to the invention provides a kind of card-reading system of access control system comprising:
The reader device of any description above;And
At least one first card with signed data information, is coupled in the reader device.
The card-reading system of access control system according to an embodiment of the invention, wherein first card is that had storage
State the financial payment card of the memory of signed data information.
The card-reading system of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include:
At least one second card with identification information, is coupled in the card reading by contact or non-contacting mode
Device.
The third aspect according to the invention provides a kind of access control system comprising:
The reader device of any description above;And
With the access controller of reader device coupling.
Access control system according to an embodiment of the invention, wherein further include:
Background management system is used to carry out on-line authentication processing to the signed data information.
Fourth aspect according to the invention provides a kind of control method of access control system comprising step:
Pass through the signed data information in the first card outside the reader device acquisition of access control system;
Asymmetric decryption is carried out to the signed data information by the reader device of access control system;And
Validity judgement is carried out to the signed data information by the reader device of access control system.
Control method according to an embodiment of the invention, wherein further comprise the steps of:
By the reader device of access control system based on Secure Hash Algorithm to the signed data information after the decryption for being judged as legal
Carry out compression processing;
Offline authentication processing is carried out to the signed data information after compression processing by the reader device of access control system.
The control method of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include
Step:
At least part of the signed data information is exported by the reader device of access control system;
At least part of the signed data information is received by the background management system of access control system and it is carried out
On-line authentication processing.
The control method of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein further include
Step:
According to whether being adaptively determined in the presence of the background management system for the access control system for capableing of online verification using online mirror
Power mode authenticates mode offline;
Wherein, in the online authentication mode, by the background management system with the reader device on-line joining process to described
Signed data information carries out on-line authentication processing;In the offline authentication mode, by the reader device to the signature
Data information carries out offline authentication processing.
The control method of the access control system of another embodiment or any of the above embodiment according to the present invention, wherein adaptive
It determines with answering using online authentication mode or in offline the step of authenticating mode:
Online sense command is sent to the background management system by the reader device;
It is determined in the case where receiving the background management system and being directed to the response of the on-line checking order and enters institute
Online authentication mode is stated, otherwise, it determines into the offline authentication mode.
Compared with the existing technology, the entity/electronics that will have signed data information may be implemented in reader device of the invention
The cards such as card are used as access card, facilitate user to carry out gate inhibition's operation using such as financial payment card, safety is good, easy to accomplish.
Detailed description of the invention
From the following detailed description in conjunction with attached drawing, it will keep above and other purpose and advantage of the invention more complete
It is clear, wherein the same or similar element, which is adopted, to be indicated by the same numeral.
Fig. 1 is the structural schematic diagram of the card-reading system of access control system according to an embodiment of the invention.
Fig. 2 is the structural schematic diagram of the reader device of the access control system of an embodiment shown in Fig. 1.
Fig. 3 is the structural schematic block diagram of the card-reading system of the access control system of another embodiment according to the present invention.
Fig. 4 is the structural schematic diagram of the reader device of the access control system of another embodiment shown in Fig. 3.
Fig. 5 is the structural schematic diagram of access control system according to an embodiment of the invention.
Specific embodiment
For succinct and illustrative purpose, this paper Primary Reference its example embodiment describes the principle of the present invention.But
Those skilled in the art will readily recognize that identical principle can be equally applied to the card reading of all types of access control systems
Device and card-reading system, and these identical principles can be implemented within, any such variation is without departing substantially from present patent application
True spirit and range.Moreover, in the following description, with reference to attached drawing, the specific example embodiment of these drawing illustrations.?
These embodiments can be carried out in electricity, mechanical, logic and structure more under the premise of without departing substantially from the spirit and scope of the present invention
Change.Although in addition, the invention is characterized in that being such as directed in conjunction with disclosed in only one of them of several implementation/embodiments
Any given or identifiable function may be expectation and/or advantageous, can be by this feature and other implementation/embodiments one
Other a or multiple features are combined.Therefore, it is described below and is not construed as in a limiting sense, and the scope of the present invention
It is defined by appended claims and its equivalent.
Although illustrate of broad scope numberical range and parameter of the invention be it is suitable, described in particular example
Numerical value is reported as accurately as possible.However, any numerical value inherently includes because common in its corresponding test measurement
Certain errors caused by standard deviation certainty.Moreover, all ranges disclosed herein be interpreted as covering including it is any
And all subranges.In the case of being used, term " first ", " second " etc. not necessarily indicate any sequence or priority
Relationship, and can be used for that more clearly element or time interval being distinguished from each other.
Fig. 1 show the structural schematic diagram of the card-reading system of access control system according to an embodiment of the invention, wherein has used this
Invent the reader device of the access control system as shown in Figure 2 of an embodiment.
As shown in Figure 1, the reader device 101 of the card-reading system 100 of the access control system including access control system and there is signature
First card 102 of data information, wherein there is the first card 102 of signed data information to pass through contact or non-contacting side for this
Formula is coupled in the reader device 101 of the access control system.
In one embodiment, above-mentioned the first card 102 with signed data information can be the finance of entity card form
Payment Card, for example, Unionpay's IC card.In this case, the reader device 101 of above-mentioned access control system by contact or non-can connect
The mode of touching reads the signed data information in Unionpay's IC card to realize access control.
In another embodiment, above-mentioned the first card 102 with signed data information is also possible to electronic card form
Financial payment card, for example, the Unionpay's cloud being set in the portable mobile termianl of such as mobile phone etc, which dodges, pays card.In the situation
Under, the reader device 101 of above-mentioned access control system reads (for example, NFC is read) Unionpay's cloud by non-contacting mode and dodges pair card
Signed data information realizes access control.
It should be noted that in the card-reading system 100 of access control system as shown in Figure 1, the reader device of access control system
The number of 101 the first cards 102 with signed data information that can be read is not limited, and can be one has signed data
First card of information is also possible to multiple the first cards with signed data information.
The specific internal structure of the reader device 101 of the access control system of one embodiment is illustrated in Fig. 2.Such as Fig. 2 institute
Show, the reader device 101 of access control system may include the first card image acquiring unit 101A, control unit 101B and data
Decryption compression unit 101C.
First card image acquiring unit 101A can be obtained in the first card 102 by contact or non-contacting mode
Data signature information.In one embodiment, the first card image acquiring unit 101A can be realized by RFID circuit, and
And optionally, NXP RC663 radio frequency chip is used in the RFID circuit, supports ISO14443A, ISO14443B etc. a variety of
Iso standard.In addition, in another embodiment, the first card image acquiring unit 101A is in addition to obtaining the data in the first card 102
Except signing messages, the card number of the first card 102 can also be obtained, is numbered based on the card, can also be used to identification user.
Specifically, control unit 101B is coupled to the first card image acquiring unit 101A by first interface, also, controls
Unit 101B processed is configured to sentence signed data information (such as signed data information after asymmetric decryption) progress legitimacy
Disconnected and certification, for example, receive above-mentioned signed data information from the first card image acquiring unit 101A, to above-mentioned number of signature it is believed that
Breath carries out validity judgement, and authenticates in the case where being judged as legal to above-mentioned signed data information.Implement one
In example, control unit 101B can have such as validity judgement component and certification component, they specifically can be by microcontroller
Unit (Micro Control Unit, MCU) is realized, moreover, optionally, the micro-control unit is using following configuration: NXP's
Cortex M3 core piece, the dominant frequency of 100MHz, the flash memory of 512KB, 64KB RAM.
Specifically, data deciphering compression unit 101C is coupled to control unit 101B by second interface and can control
Unit 101B carries out data interaction, and data deciphering compression unit 101C may be constructed such that non-to the progress of above-mentioned signed data information
Symmetry decryption and compression, wherein the signed data information after decryption is sent to control list by data deciphering compression unit 101C
First 101B, control unit 101B will return to data deciphering compression unit 101C by the signed data information after validity judgement
Carry out the compression processing for example based on Secure Hash Algorithm (SHA1).In one embodiment, data deciphering compression unit 101C can
To have for example asymmetric decryption section and compression member to be separately operable RSA Algorithm and SHA1 algorithm, specifically, the data solution
Close compression unit 101C can be realized by RSA-SHA1 special chip, it is further preferred that the RSA-SHA1 special chip is using such as
Lower configuration: interface meets ISO7816 specification, meets the whole world EAL+5 highest security level, supports to be up to 2048 rsa encryption solutions
Close algorithm (time for carrying out 2048 RSA operations is less than 150ms) and SHA1 data compression algorithm, have the function of hardware protection with
Ensure data safety, there is metallic shield protective layer the internal data after detecting external attack will be automatically destroyed.
In the above-described embodiments, first interface for example can be SPI interface, and second interface for example can be UART hardware and connect
Mouthful, that is, micro-control unit MCU is coupled to the RFID circuit of the first card image acquiring unit 101A by SPI interface to obtain
Signed data information in first card 102, also, micro-control unit MCU passes through UART hardware interface and the dedicated core of RSA-SHA1
Piece coupling is communicated with the communication speed between carrying out up to the UART of 1.25Mbps.Specifically, for example, in access control system
When 101 card reading of reader device, micro-control unit MCU sends out the signed data information in the first card 102 read by RFID circuit
The RSA-SHA1 special chip as data deciphering compression unit 101C is given, to be based on by the RSA-SHA1 special chip
RSA data deciphering algorithm carries out RSA decryption to read signed data information, which will be after decryption
Signed data information return to the micro-control unit MCU as control unit 101B so as to by micro-control unit MCU to its into
Row validity judgement, in the case where being judged as legal, micro-control unit MCU sends back to the signed data information after the decryption
To the RSA-SHA1 special chip of data deciphering compression unit 101C, to carry out SHA1(peace based on SHA1 data compression algorithm
Full hash algorithm) calculate, the RSA-SHA1 special chip to micro-control unit MCU return 20 bytes SHA1 data so as to by
Micro-control unit MCU is judged in the SHA1 data recalculated using the RSA-SHA1 special chip and signed data information
Whether the original SHA1 data for being included are consistent, if unanimously, being determined as that the signed data authentification of message in the second card 101 is logical
It crosses.
Optionally, the reader device 101 of access control system can also include output unit (not shown), output unit coupling
In control unit 101B, also, it is configured in the case where control unit 101B passes through above-mentioned signed data authentification of message
By from the first card image acquiring unit 101A, received above-mentioned card is numbered together with above-mentioned signed data information at least one
Part is exported by third interface.In one embodiment, which is Wiegand interface, that is, the card reading of access control system fills
It sets 101 to couple by Wiegand interface and access controller and background management system, determines the label in card in control unit 101B
In the case that name data information certification passes through, output unit compiles the card of above-mentioned the first card 102 with signed data information
Number at least part (such as, last 9 card numbers) access controller realization access control is sent to by Wiegand interface, certainly,
Background management system can also be sent to carries out online user authentication at least part of the card number of first card 102 in turn
Operation.In addition, in one embodiment, which may include the components such as indicator light, buzzer.
Optionally, the reader device 101 of access control system can also include wireless communication unit (not shown), the channel radio
Letter unit is coupled to control unit 101B, serial communication is carried out with control unit 101B and carries out data friendship with external application
Mutually.In one embodiment, which can be realized by bluetooth module, it is further preferred that using the indigo plant of BLE4.0
Tooth module carries out serial communication with control unit 101B and carries out data interaction with external APP.
Optionally, the reader device 101 of access control system can also include power supply unit (not shown), be coupled to the first card
Piece information acquisition unit 101A, data deciphering compression unit 101C, above-mentioned output unit and above-mentioned wireless communication unit.?
In one embodiment, power supply unit can be by DC-DC switching power supply and low pressure difference linear voltage regulator (low dropout
regulator;LDO it) realizes, moreover, the input voltage range of the power supply unit is 7-16V DC voltage and the power supply unit
With reversal connection protection function, specifically, for example, providing 5V DC voltage from DC-DC switching power supply and to above-mentioned output list
On the other hand member supply becomes the 5V DC voltage provided from DC-DC switching power supply by low pressure difference linear voltage regulator
It is supplied after 3.3V to data deciphering compression unit 101C, above-mentioned wireless communication unit etc..
Optionally, the reader device 101 of access control system can also include antenna element (not shown), be coupled to the first card
Piece information acquisition unit 101A.In one embodiment, which can drive PCB antenna to realize by both-end, moreover, excellent
Selection of land adjusts and assists capacitor that antenna is made to carry out resonance with the center 13.56MHz frequency.
The card-reading system 100 of access control system off line can be completed to signed data information or off-line data authenticates, and
In embodiment, at least part of the card number of interception can be transferred to access controller and backstage for example, by Wiegand protocol
Management system can be, but not limited to carry out subsequent processing according to original mode by access controller and background management system, thus
Realize access control.
Although merely illustrating the Payment Card for supporting that there is signed data information in figure 1 above and the embodiment of Fig. 2
The structure of the card-reading system of access control system, still, the structure of the card-reading system of access control system according to the present invention are without being limited thereto,
Both the Payment Card with signed data information and traditional access card can be supported simultaneously.
Fig. 3 show the structural schematic block diagram of the card-reading system of the access control system of another embodiment according to the present invention, wherein
The reader device of the access control system as shown in Figure 4 of further embodiment of this invention is used.
As shown in figure 3, the card-reading system 200 of the access control system includes the reader device 201 of access control system, has number of signature
It is believed that breath first card 202 and have UID(User Identification, user identifier) information second card 203.Its
In, the first card 202 with signed data information and the first card 102 with signed data information in Fig. 1 are essentially identical,
This is repeated no more;In addition, with UID information second card 203 with signed data information first card 202 similarly by
Contact or non-contacting mode are coupled in the reader device 201 of access control system.
In one embodiment, above-mentioned the second card 203 with UID information can be traditional gate inhibition of entity card form
Card.In this case, the reader device 201 of above-mentioned access control system reads traditional access card by contact or non-contacting mode
In UID information realize access control.
The specific internal structure of the reader device 201 of access control system in present embodiment is illustrated in Fig. 4.Such as figure
Shown in 4, the reader device 201 of access control system includes the first card image acquiring unit 201A, control unit 201B, data deciphering
Compression unit 201C, card recognition unit 201D and the second card image acquiring unit 201E.
First card image acquiring unit 201A, control unit 201B, data deciphering compression unit 201C with it is shown in Fig. 2
First card image acquiring unit 101A, control unit 101B, data deciphering compression unit 101C difference are identical, no longer superfluous herein
It states.
Card recognition unit 201D is coupled to the first card image acquiring unit 201A and the second card image acquiring unit
201B, also, it is configured in the card that identification is for example currently read whether there is signed data information.Card recognition unit
Whether there is signed data information in the card that 201D is read before can determining for example, by the mode of poll.
Second card image acquiring unit 201E is also coupled to card recognition unit 201D, also, is configured to by connecing
Touching or non-contacting mode obtain the UID information in card (such as second card 203).In one embodiment, second card
Piece information acquisition unit 201E can be realized by RFID circuit, it is further preferred that using NXP RC663 in the RFID circuit
Radio frequency chip, because it supports a variety of iso standards such as ISO14443A, ISO14443B.
Identify in card (such as first card 202) that there is the case where signed data information in card recognition unit 201D
Under, so that the first card image acquiring unit 201A is read the signed data information of the first card 202, the reader device of the access control system
The operation of control unit 201B, data deciphering compression unit 201C in 201 and above-described control unit 101B, data solution
The operation difference of close compression unit 101C is identical, therefore, repeats no more.
On the other hand, identify in card (such as second card 203) do not have signed data in card recognition unit 201D
In the case where information, the second card image acquiring unit 201E is made to read the UID information of card, in one embodiment, the gate inhibition
Acquired UID information can be transferred to access controller and background management system by the reader device 202 of system, be controlled by gate inhibition
Device and background management system processed carry out subsequent processing according to original mode to realize access control.
Although figure 1 above is to carry out offline authentication based on reader device 101 or 201 pair of first card 102 or 202 to be to Fig. 4
What example was illustrated, it is to be understood that in another alternative embodiment, reader device 101 or 201 can also block to first
102 or 202 carry out online authentication to realize the access control system of the application.It can be in online licensing mode, in access control system
Background management system is set, can be with access controller on-line joining process, therefore, access controller can receive essentially in real time
The information that access controller transmits, the information can be the information transmitted from reader device 101 or 201, for example, the
At least part, UID of the second card 203 of the card number of one card 102 or 202 etc..Accordingly, control unit 101B or 201B
It may be constructed such that and validity judgement is carried out to signed data information (such as signed data information after asymmetric decryption), in turn
Control unit 101B or 201B are optionally without above-described verification process;Block 102 or 202 if necessary to the first of output
Card number at least part of length fall short of if, optionally, data deciphering compression unit 101C or 201C can also
To be configured to carry out asymmetry decryption to above-mentioned signed data information, and then data deciphering compression unit 101C or 201C can
Selection of land is without above-described compression process;Accordingly, output unit (not shown) is also possible to not to above-mentioned signed data
Information carries out at least part that above-mentioned card number is exported in the case where offline authentication, that is, output unit is optionally by structure
It makes as will received above-mentioned card is compiled together with above-mentioned signed data information from the first card image acquiring unit 101A or 201A
Number at least part exported by third interface.
Certainly, at least part of length if necessary to the card number of the first card 102 or 202 of output is too long, can
Selection of land, data deciphering compression unit 101C or 201C also may be constructed such that the card number to the above-mentioned signed data information of correspondence
At least part carry out compression processing, output unit be alternatively configured to by after compression processing card number at least one
Part is exported by third interface.
The reader device 101 or 201 of above embodiments may be implemented the entity that will have signed data information/electronic card and use
Make access card, user is facilitated to carry out gate inhibition's operation using such as financial payment card.It can also specifically have the following effects that at least
On the one hand:
1) reader device and card-reading system according to the present invention can use the entity with signed data information/electronic card
Make access card, in turn, (Offline Data Authentication is authenticated by offline data;ODA) true to verify card
Puppet, to improve convenience;
2) reader device and card-reading system according to the present invention can be right by control unit and data decryption compression unit
Entity/electronic card signed data information carries out offline data certification, it is thereby achieved that access controller under offline mode
It is controlled, and safety is good, is easy to be achieved at low cost;
3) reader device and card-reading system according to the present invention will can only support the access control system of traditional access card to upgrade to
The access control system of the various ways such as traditional access card, financial payment card is supported simultaneously;
4) reader device and card-reading system according to the present invention are multiplexed the management system of traditional access controller and backstage, only
Reader device part is transformed, so as to which transformation difficulty and cost is effectively reduced, is conducive to promote and replicate;
5) reader device and card-reading system according to the present invention, it is only necessary to verify the card true and false, not need as non-contact
Terminal in IC card transaction saves the sensitive transactions data such as ARQC like that.
Fig. 5 show the structural schematic diagram of access control system according to an embodiment of the invention.In this embodiment, entry/exit
Door card reader can for example be realized by above-mentioned reader device 200 shown in Fig. 3, it is thereby achieved that both having supported traditional gate inhibition
Card also supports Unionpay's IC card and Unionpay's cloud are dodged to pay card.In this way, the card-reading system in the access control system of one embodiment of the invention
In, use the reader device 200 of embodiment as shown in Figure 3, also the first card using at least one with signed data information
Unionpay's IC card shown in 202, i.e., such as Fig. 5 or Unionpay's cloud, which dodge, pays card, or even also using as shown in Figure 3 there is UID to believe
The second of breath blocks 203, i.e. tradition access card shown in Fig. 5.By reader device 200, in the first card 202 or the second card 203
When being coupled in reader device 200 in a manner of contacting or is non-contacting, it can be carried out based on the card image read out related
Operation.Therefore, it can be compatible with using any one in traditional access card, Unionpay's IC card and Unionpay's cloud sudden strain of a muscle pair card etc. as gate inhibition
Card.
Continue as shown in figure 5, access control system further includes the access controller coupled with reader device 201, access controller
It can control the electric lock being arranged on door to be unlocked and lock operation.Access controller can also specifically couple exit button,
And receive the unlock instruction from exit button.
Continue as shown in figure 5, access control system further includes the background management system connecting with access controller, back-stage management system
System can realize that background management system can run corresponding management system by modes such as one or more computers, clouds,
On-line authentication is realized in help.When carrying out swiping card using second card such as traditional access card 203, background management system is recognized online
Card mode can be identical as traditional mode, herein no longer detailed example explanation.
In another embodiment, if authenticated online using background management system to the first card 102 or 202, first
At least part of the card number (such as by after compression processing) of card 102 or 202 can also be sent to back-stage management in turn
System carries out online user authentication operation, at this point, background management system can accordingly store legitimate user's list, deposits
The user identifier corresponded to from signed data acquisition of information is contained, such as the with signed data information first card 102 or 202
At least part of card number.
In the exemplary access control system of figure 5 above or card-reading system, gate inhibition's swiping card can be carried out, and by the first card or second
Information in card is transferred to access controller by Wiegand protocol, by the management system on access controller and backstage according to original side
Formula carries out subsequent processing, to realize access control, and gate inhibition's interaction time is less than 500 milliseconds.
In another alternative embodiment, the entry/exit door card reader shown in Fig. 5 can for example pass through above-mentioned reading shown in FIG. 1
Card device 200 is realized.
In another embodiment, online authentication mode had both been supported in view of the access control system of above example, also support offline mirror
Adaptation module (not shown) can also be arranged in above-mentioned control unit 101B or 201B in power mode, and adaptation module can
To be used to according to whether adaptively determine in the presence of the background management system for capableing of online verification using online authentication mode or
Offline authentication mode.Illustratively, adaptation module can send online sense command to background management system, such as via gate inhibition
Controller is sent to the background management system of distal end, and background management system is configured as in the feelings for receiving the on-line checking order
Under condition response can be returned to adaptation module.Illustratively, it if background management system networking is online, will can receive
The on-line checking order, to return to response to adaptation module, adaptation module naturally also can receive the response, adaptive
Answer module that can determine that online authentication mode can be used in conditions present, hence into online authentication mode, for example, passing through backstage
Management system carries out on-line authentication;If background management system networking is offline, it is impossible to enough receive on-line checking life
It enabling, background management system will not return to response to adaptation module, and adaptation module will not naturally also receive the response, from
Adapting to module can determine that offline authentication mode can be used in conditions present, hence into offline authentication mode, for example, passing through control
Unit 101B or 201B processed is authenticated, carried out by data deciphering compression unit 101C or 201C to legal number of signature it is believed that
Breath carries out compression processing based on Secure Hash Algorithm (SHA1), and return treated data for control unit 101B or 201B into
The row certification.
Technical scope of the invention is not limited solely to the content of the implementation described above, those skilled in the art
Various changes and modifications can be carried out to above embodiment under the premise of without departing from technical idea and spirit of the invention,
And these deformations and modification should all be fallen within the scope of the present invention.
Claims (20)
1. a kind of reader device of access control system characterized by comprising
For obtaining the first card image acquiring unit of the signed data information in the first external card;
For carrying out the control unit of validity judgement to the signed data information;And
The data deciphering compression unit that data interaction is carried out with described control unit is used to carry out the signed data information
Asymmetric decryption.
2. reader device as described in claim 1, which is characterized in that the reader device further include:
Output unit, be used to export it is described first card card number at least part to gate inhibition control controller.
3. reader device as claimed in claim 1 or 2, which is characterized in that described control unit passes through SPI interface and described the
The coupling of one card image acquiring unit, described control unit pass through UART hardware interface and the data deciphering compression unit coupling
Even.
4. reader device as claimed in claim 2, which is characterized in that further include: wireless communication unit, wherein described wireless
Communication unit and described control unit carry out serial communication and carry out data interaction with external application.
5. reader device as described in claim 1, which is characterized in that the data deciphering compression unit is that RSA-SHA1 is dedicated
Chip.
6. reader device as described in claim 1, which is characterized in that further include:
It is coupled to the card recognition unit of the first card image acquiring unit, whether the card being read for identification has
The signed data information;And
It is coupled to the second card image acquiring unit of the card recognition unit, is used for through contact or non-contacting side
Formula obtains the user identity information in the second card.
7. reader device as described in claim 1, which is characterized in that the data deciphering compression unit is also used to based on safety
Hash algorithm is judged as that the signed data information after legal decryption carries out compression processing to described control unit;
Described control unit is also used to carry out the data deciphering compression unit signed data information after compression processing
Carry out offline authentication processing.
8. reader device as described in claim 1, which is characterized in that be provided with adaptation module in described control unit, institute
Adaptation module is stated according to whether being adaptively determined in the presence of the background management system for capableing of online verification using online authentication
Mode authenticates mode offline;
Wherein, in the online authentication mode, by the background management system with reader device on-line joining process to the signature
Data information carries out on-line authentication processing;In the offline authentication mode, by the control unit of the reader device to institute
It states signed data information and carries out offline authentication processing.
9. reader device as claimed in claim 8, which is characterized in that the adaptation module is configured to send online
Sense command is to the background management system.
10. reader device as claimed in claim 9, which is characterized in that the adaptation module is configured as: receiving
State background management system for the on-line checking order response in the case where determine enter the online authentication mode,
Otherwise, it determines into the offline authentication mode.
11. a kind of card-reading system of access control system characterized by comprising
Reader device as described in any one of claim 1 to 10;And
At least one first card with signed data information, is coupled in the reader device.
12. card-reading system as claimed in claim 11, which is characterized in that first card is that have to be stored with the number of signature
It is believed that the financial payment card of the memory of breath.
13. card-reading system as claimed in claim 11, which is characterized in that further include:
At least one second card with identification information, is coupled in the card reading by contact or non-contacting mode
Device.
14. a kind of access control system characterized by comprising
Reader device as described in any one of claim 1 to 10;And
With the access controller of reader device coupling.
15. access control system as claimed in claim 14, which is characterized in that further include:
Background management system is used to carry out on-line authentication processing to the signed data information.
16. a kind of control method of access control system, which is characterized in that comprising steps of
Pass through the signed data information in the first card outside the reader device acquisition of access control system;
Asymmetric decryption is carried out to the signed data information by the reader device of access control system;And
Validity judgement is carried out to the signed data information by the reader device of access control system.
17. control method as claimed in claim 16, which is characterized in that further comprise the steps of:
By the reader device of access control system based on Secure Hash Algorithm to the signed data information after the decryption for being judged as legal
Carry out compression processing;
Offline authentication processing is carried out to the signed data information after compression processing by the reader device of access control system.
18. control method as claimed in claim 16, which is characterized in that further comprise the steps of:
At least part of the signed data information is exported by the reader device of access control system;
At least part of the signed data information is received by the background management system of access control system and it is carried out
On-line authentication processing.
19. control method as claimed in claim 16, which is characterized in that further comprise the steps of:
According to whether being adaptively determined in the presence of the background management system for the access control system for capableing of online verification using online mirror
Power mode authenticates mode offline;
Wherein, in the online authentication mode, by the background management system with the reader device on-line joining process to described
Signed data information carries out on-line authentication processing;In the offline authentication mode, by the reader device to the signature
Data information carries out offline authentication processing.
20. control method as claimed in claim 19, which is characterized in that adaptively determining using online authentication mode or
In the step of offline authentication mode:
Online sense command is sent to the background management system by the reader device;
It is determined in the case where receiving the background management system and being directed to the response of the on-line checking order and enters institute
Online authentication mode is stated, otherwise, it determines into the offline authentication mode.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2017207110196 | 2017-06-19 | ||
| CN201720711019 | 2017-06-19 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109147101A true CN109147101A (en) | 2019-01-04 |
Family
ID=64802015
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201820884738.2U Active CN208985227U (en) | 2017-06-19 | 2018-06-08 | The reader device and card-reading system of access control system, access control system |
| CN201810585691.4A Pending CN109147101A (en) | 2017-06-19 | 2018-06-08 | The reader device and card-reading system of access control system and the control method of access control system |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201820884738.2U Active CN208985227U (en) | 2017-06-19 | 2018-06-08 | The reader device and card-reading system of access control system, access control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN208985227U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109685960A (en) * | 2019-02-28 | 2019-04-26 | 北京中金国信科技有限公司 | A kind of method for unlocking, device and equipment |
| CN111009060A (en) * | 2019-12-18 | 2020-04-14 | 宁波博太科智能科技股份有限公司 | Method and system for area real-time control of entrance guard |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112598830B (en) * | 2020-12-10 | 2022-12-27 | 厦门四信通信科技有限公司 | Intelligent terminal of gate |
-
2018
- 2018-06-08 CN CN201820884738.2U patent/CN208985227U/en active Active
- 2018-06-08 CN CN201810585691.4A patent/CN109147101A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109685960A (en) * | 2019-02-28 | 2019-04-26 | 北京中金国信科技有限公司 | A kind of method for unlocking, device and equipment |
| CN111009060A (en) * | 2019-12-18 | 2020-04-14 | 宁波博太科智能科技股份有限公司 | Method and system for area real-time control of entrance guard |
Also Published As
| Publication number | Publication date |
|---|---|
| CN208985227U (en) | 2019-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9607189B2 (en) | Smart card system comprising a card and a carrier | |
| CN208985227U (en) | The reader device and card-reading system of access control system, access control system | |
| US20190236321A1 (en) | Voltage regulation | |
| CN107111774A (en) | Electric power acquisition in passive RFID device | |
| CN102932333A (en) | Safety equipment with mobile payment function, system and method | |
| JP5480817B2 (en) | Method for permitting communication such as access to memory zone of portable electronic device, corresponding electronic device and system | |
| CN105354706A (en) | NFC secure payment method and system | |
| CN108701383A (en) | Attack resistance bio-identification authorization device | |
| CN107689871A (en) | The Internet of Things mobile terminal veritified with identity and testimony of a witness unification checking method | |
| CN104410968A (en) | Portable universal integrated circuit card (UICC) subscriber terminal equipment and identity authentication system thereof | |
| CN102118250A (en) | System and method for indentifying dynamic password based on double-interface intelligent card | |
| CN110210855A (en) | Hardware wallet illegal method and system based on biological identification technology | |
| CN101783040A (en) | Smart card swipe machine and information exchange method | |
| CN105913109A (en) | Fingerprint encrypted EID financial card and realization method | |
| KR20240013148A (en) | Transaction authorization using biometric identity verification | |
| CN106709534A (en) | Anti-counterfeit verification system of electronic certificate | |
| CN205015906U (en) | Anti -fake verification system of electron certificate | |
| CN105989497A (en) | Payment method and system | |
| CN107316074A (en) | A kind of multi-protocols smart card and implementation method | |
| CN208737494U (en) | Fingerprint mould group and its Fingerprint Lock System | |
| CN208014051U (en) | A kind of lockset authentication means | |
| KR200401587Y1 (en) | Smart Card leader system for the one time password creation | |
| CN106295289A (en) | A kind of message processing module | |
| CN109977643A (en) | User authen method, device and electronic equipment | |
| US20230169293A1 (en) | Transaction Card Assembly |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |