CN109300211A - A kind of access control method, apparatus and system - Google Patents
A kind of access control method, apparatus and system Download PDFInfo
- Publication number
- CN109300211A CN109300211A CN201811109744.1A CN201811109744A CN109300211A CN 109300211 A CN109300211 A CN 109300211A CN 201811109744 A CN201811109744 A CN 201811109744A CN 109300211 A CN109300211 A CN 109300211A
- Authority
- CN
- China
- Prior art keywords
- data information
- door
- control terminal
- information
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention discloses a kind of access control method, apparatus and system, this method is applied to access control system, which includes client, server-side and door control terminal.Client sends the gate inhibition's unlatching request for carrying user identifier to server-side;Server-side obtains class of subscriber according to user identifier;Ciphertext data create-rule is determined according to class of subscriber;Ciphertext data information is generated based on ciphertext data create-rule;The ciphertext data information is sent to client;Client generates identification code according to ciphertext data information;Door control terminal, which identifies the identification code and decrypts ciphertext data information, obtains the data information for verifying;Access control operation is executed according to the verification result to the data information for verifying.The present invention reduces management difficulty and cost, enhances the convenience of user while ensuring the safety of gate inhibition's identification.
Description
Technical field
The present invention relates to gate inhibition's technical field, in particular to a kind of access control method, apparatus and system.
Background technique
Currently with universal, the enhancing cell safety precaution of intelligence community, the access control system of automatic identification is gradually wide
General use.Gate inhibition can be controlled when being verified, opening gate by the authentication and management to user, allow user
It is current;When verifying does not pass through, gate inhibition is maintained to close, does not allow user current.
In the implementation of the present invention, the inventor finds that the existing technology has at least the following problems:
In the related art, the owner of cell is typically just directed to for the automatic identification of gate inhibition, for example, to cell owner
Registered access card is provided, by access card being turned on or off come access control, and for the visitor of cell, is still needed
The artificial registration for wanting cell security personnel, by the way that manually come the opening and closing of access control, this not only adds on cell management
Cost and difficulty, but also big inconvenience can be brought to user.
Accordingly, it is desirable to provide more reliable or more effective scheme, to drop while ensuring the safety of gate inhibition's identification
Low management difficulty and cost enhance the convenience of user.
Summary of the invention
In order to solve problems in the prior art, the embodiment of the invention provides a kind of access control methods, apparatus and system.
The technical solution is as follows:
On the one hand, a kind of access control method is provided, the method is applied to access control system, the access control
System includes client, server-side and door control terminal, which comprises
The client sends gate inhibition to the server-side and opens request;The gate inhibition opens request and carries the client
User identifier;
The server-side receives the gate inhibition that the client is sent and opens request;User class is obtained according to the user identifier
Not;Ciphertext data create-rule is determined according to the class of subscriber;Ciphertext data are generated based on the ciphertext data create-rule
Information;The ciphertext data information is sent to the client;
The client receives the ciphertext data information;Corresponding identification code is generated according to the ciphertext data information;
The door control terminal identifies the identification code, obtains the ciphertext data information;Decrypt the ciphertext data information
Obtain the data information for verifying;Access control behaviour is executed according to the verification result to the data information for verifying
Make.
On the other hand, a kind of access control method is provided, the method is applied to access control system, gate inhibition's control
System processed includes client, server-side and door control terminal, which comprises
It receives the gate inhibition that the client is sent and opens request;The gate inhibition opens the user that request carries the client
Mark;
Class of subscriber is obtained according to the user identifier;
Ciphertext data create-rule is determined according to the class of subscriber;
Ciphertext data information is generated based on the ciphertext data create-rule;
The ciphertext data information is sent to the client, so that the client receives the ciphertext data letter
Breath generates corresponding identification code according to the ciphertext data information;The door control terminal identification code for identification, obtains institute
Ciphertext data information is stated, the ciphertext data information is decrypted and obtains the data information for verifying, is used to verify according to described
Data information verification result execute access control operation.
On the other hand, a kind of access control system, including client, server-side and door control terminal are provided;
The client, for opening request to server-side transmission gate inhibition, the gate inhibition is opened described in request carrying
The user identifier of client;Receive the ciphertext data information that the server-side is sent;According to ciphertext data information generation pair
The identification code answered;
The server-side opens request for receiving the gate inhibition that the client is sent;It is obtained according to the user identifier
Class of subscriber;Ciphertext data create-rule is determined according to the class of subscriber;It is generated based on the ciphertext data create-rule close
Literary data information;The ciphertext data information is sent to the client;
The door control terminal, the identification code, obtains the ciphertext data information for identification;Decrypt the ciphertext data
Information obtains the data information for verifying;Access control is executed according to the verification result to the data information for verifying
Operation.
On the other hand, a kind of access control device is provided, access control system, the access control system packet are applied to
Client, server-side and door control terminal are included, described device includes:
Receiving module opens request for receiving the gate inhibition that the client is sent;The gate inhibition opens request and carries institute
State the user identifier of client;
Module is obtained, for obtaining class of subscriber according to the user identifier;
Determining module, for determining ciphertext data create-rule according to the class of subscriber;
Generation module, for generating ciphertext data information based on the ciphertext data create-rule;
Sending module, for the ciphertext data information to be sent to the client, so that the client receives
The ciphertext data information generates corresponding identification code according to the ciphertext data information;Door control terminal institute for identification
Identification code is stated, the ciphertext data information is obtained, the ciphertext data information is decrypted and obtains the data information for verifying, according to
Access control operation is executed to the verification result of the data information for verifying.
Technical solution provided in an embodiment of the present invention has the benefit that
The present invention determines ciphertext data create-rule according to class of subscriber by server-side, raw according to determining ciphertext data
The ciphertext data information of corresponding class of subscriber is generated at rule, which is generated as identification code through client, passes through
Door control terminal carries out access control operation after identifying the identification code, so that the visitor of even cell also can be very good to realize certainly
Dynamic access control, and different access control modes can be taken for different user classification, in the peace for ensuring gate inhibition's identification
While full property, management difficulty and cost are reduced, enhances the convenience of user.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the architecture diagram of access control system provided in an embodiment of the present invention;
Fig. 2 is a kind of timing diagram of access control method provided in an embodiment of the present invention;
Fig. 3 is provided in an embodiment of the present invention when the class of subscriber is owner, and server-side passes through the first ciphertext data
A kind of flow diagram of create-rule generation ciphertext data information;
Fig. 4 is provided in an embodiment of the present invention when the class of subscriber is visitor, and server-side passes through the second ciphertext data
A kind of flow diagram of create-rule generation ciphertext data information;
Fig. 5 is door control terminal provided in an embodiment of the present invention according to the verification result to the data information for verifying
Execute a kind of flow diagram of the access control operation;
Fig. 6 is door control terminal provided in an embodiment of the present invention according to the verification result to the data information for verifying
Execute another flow diagram of the access control operation;
Fig. 7 is the timing diagram of another access control method provided in an embodiment of the present invention;
Fig. 8 is that a kind of information that class of subscriber provided in an embodiment of the present invention is visitor registers the schematic diagram of the page;
Fig. 9 is the flow diagram of another access control method provided in an embodiment of the present invention;
Figure 10 is a kind of structural block diagram of access control device provided in an embodiment of the present invention;
Figure 11 is a kind of structural schematic diagram of server provided in an embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
Referring to Fig. 1, its architecture diagram for showing access control system provided in an embodiment of the present invention.As shown in Figure 1, door
Prohibiting control system includes client 100, server-side 200 and door control terminal 300.Wherein, client 100 can be to be installed on movement
An application program in terminal operating system, certainly, the client 100 can also be installed on answering in operating system to rely on
With the small routine of program, for example, client 100 can be instant messaging application program (such as wechat), or support is
When messaging application small routine.Mobile terminal can be mobile phone, IPAD etc..
Server-side 200 can be the estate management platform of cell, be also possible to the associated server of estate management platform,
When the server-side 200 is server, it can be a server, be also possible to the server consisted of several servers
Cluster or a cloud computing service center.Server-side 200 can be established by network and client 100 and be communicated to connect, should
Network can be cable network, be also possible to wireless network.
Door control terminal 300 is that the access control equipment that cell is entered is arranged in, which can build with server-side 200
It is vertical to communicate to connect, identification device, such as pattern recognition device can be configured in the door control terminal 300, which can
To include image collecting device, which can acquire image, for pattern recognition device pair
The image of acquisition is identified, corresponding data information is obtained.
Referring to Fig. 2, its timing diagram for showing a kind of access control method provided in an embodiment of the present invention, gate inhibition control
Method processed can be applied in implementation environment shown in FIG. 1.
It should be noted that present description provides the method operating procedures as described in embodiment or flow chart, but it is based on
Routine may include more or less operating procedure without creative labor.The step of enumerating in embodiment sequence is only
Only one of numerous step execution sequence mode does not represent and unique executes sequence.System or product in practice is held
When row, can be executed according to embodiment or method shown in the drawings sequence or it is parallel execute (such as parallel processor or
The environment of multiple threads).It is specific as shown in Fig. 2, the method may include:
S202, client send gate inhibition to server-side and open request, and the gate inhibition opens request and carries the client
User identifier.
In this specification embodiment, when user needs opening gate to enter cell or unit building, it can use
User information through having registered logs in the client in mobile terminal, sends gate inhibition's unlatching to server-side by the client and asks
It asks.The gate inhibition opens the user identifier that client is carried in request, which can be in server-side unique identification and client
The corresponding user registration information of the user at end, the user identifier can be the user account of login client, or other
It is capable of the information of unique identification user.
It should be noted that user can directly run this when the client is the small routine for relying on application program
Small routine, small routine can automatically be accessed operation with the user information of its application program relied at this time.For example, when should
When small routine is wechat small routine, when running the wechat small routine, which can call directly the login account letter of wechat
Breath carries out subsequent access operation.
Correspondingly, server-side, which receives the gate inhibition that the client is sent, opens request.
S204, the server-side obtain corresponding user registration information, the user registration letter according to the user identifier
Breath includes class of subscriber.
In this specification embodiment, user registration information may include class of subscriber, such as class of subscriber is cell
Owner or visitor for cell.In addition, the user registration information of different user classification can also be different, for example, for cell
Owner, user registration information may include cell name, address name, user contact details and lived unit floor letter
Breath;For the visitor of cell, user registration information may include cell name, address name, and user contact details are accessed
Unit floor information, access type of service (can preset access type of service for selection by the user, such as be on home leave, fit up, send
Goods etc.), residence time segment information etc..
In this specification embodiment, server-side can will be used according to the corresponding relationship of user identifier and user registration information
Family register information is stored in local, user registration information can also be stored on other associated servers, when service terminates
After the gate inhibition's unlatching request for receiving client transmission, corresponding relationship can be searched according to the user identifier carried in the request, obtained
Corresponding user registration information is got, and then gets corresponding class of subscriber.
S206, the server-side determine ciphertext data create-rule according to the class of subscriber.
It can in advance be different user to realize effective entrance guard management for visitor in this specification embodiment
Classification configures different ciphertext data create-rules.It can be owner's class of subscriber when class of subscriber includes owner and visitor
The first ciphertext data create-rule is configured, configures the second ciphertext data create-rule for Guest User's classification.Therefore, server-side can
To determine that active user is owner or visitor according to class of subscriber, so that it is determined that also using the first ciphertext data create-rule
It is the second ciphertext data create-rule.
S208, server-side are based on the user registration information, generate ciphertext data by the ciphertext data create-rule
Information.
In this specification embodiment, when the class of subscriber is owner, server-side is generated by the first ciphertext data
The method that rule generates ciphertext data can be as shown in figure 3, this method may include:
S302, the server-side determine door control terminal corresponding with the cell name according to the cell name information
Mark and cell door number.
Cell name and corresponding with cell name unique is previously stored in this specification embodiment, in server-side
Door control terminal mark and multiple cell doors number.Wherein, gate inhibition of the door control terminal mark in unique identification cell is whole
It holds, i.e., the mark of door control terminal corresponding to different cell names is entirely different.General cell has multiple into cell
Door, such as east gate, west gate, south gate and north gate, each door into cell is respectively provided with corresponding cell door number, for example, eastern
Door number is D1D1, west gate number is D1D2, south gate number is D1D3, north gate number is D1D4, and each door into cell is equal
It is provided with door control terminal, and the door control terminal mark of each door control terminal of same cell name is identical.
When class of subscriber is owner, due to including cell name in user registration information, server-side can be according to cell
Name information gets corresponding door control terminal mark and cell door number.
S304, the server-side is according to the lived unit floor information, determination unit building door number.
In this specification embodiment, each unit building also is provided with the unit building door into unit building, Mei Gedan inside cell
First building door is equipped with unit building door number, and such as the number that 1-01 is 1 No. 1 door of unit building, 1-02 is the number of 1 No. 2 doors of unit, respectively
Unit building door is provided with door control terminal.It should be noted that the gate inhibition being arranged at the cell door and unit building door of same cell
The door control terminal mark of terminal is identical.
When class of subscriber is owner, by including lived unit floor information in user registration information, server-side can be with
According to lived unit floor information, corresponding unit building door number is determined.For example, lived unit floor information is 1 unit 1101
Room, it is determined that corresponding unit building door number can be 1-01.Certainly, if corresponding unit building be provided with it is multiple can enter should
The door of unit building, in order to facilitate user's entrance, determining unit building door number can be it is multiple, such as 1-01 and 1-02.
S306, server-side is numbered according to the user identifier, door control terminal mark, cell door number and unit building door, raw
At the first clear data information.
In this specification embodiment, server-side can be according to user identifier, door control terminal mark, cell door number and list
First building door number generates the first clear data information, and the structure of first clear data can be expressed as follows: user identifier | gate inhibition
Terminal iidentification | cell door number, unit building door number, such as a | 12345 | D1D1, D1D2, D1D3, D1D4,1-01,1-02.
It should be noted that server-side, which before generating the first clear data information, can also obtain, will generate in plain text
The generation timestamp of data information, and the generation timestamp is generated to together in the first clear data information, for example, when generating
Between stamp for No. 19 12 when 58 divide 11 seconds, then can be expressed as a at the first clear data information of timestamp comprising this | 12345 |
D1D1、D1D2、D1D3、D1D4,1-01、1-02|19125811。
S308, the server-side are based on default first Encryption Algorithm and encrypt to the first clear data information, obtain
To the first ciphertext data information.
In this specification embodiment, presetting the first Encryption Algorithm can be symmetric encipherment algorithm, or asymmetric
Encryption Algorithm, when for symmetric encipherment algorithm, the stream cipher algorithm that can be can be changed for key length, the algorithm is given birth to by pseudo random number
It grows up to be a useful person and is formed with XOR operation, the key length of stream cipher algorithm is variable, and range is [1,255].For example, in plain text to above-mentioned first
Data information a | 12345 | D1D1, D1D2, D1D3, D1D4,1-01,1-02 | it is obtained after 19125811 progress stream cipher algorithms
First ciphertext data information is " q1DEM2tuJ3e4zVAtOZ2faFRMinIH3vObrlpBptLqHyH4+VFYp5ES ", can be with
The first ciphertext data information is directly denoted as ciphertext data information.
It should be noted that for the safety during improve data transfer, obtain the first ciphertext data information it
Afterwards, encryption again can also be carried out to the first ciphertext data information using default second Encryption Algorithm, obtains third
Ciphertext data information, and the third ciphertext data information is denoted as ciphertext data information.Default second Encryption Algorithm herein can
With identical as default first Encryption Algorithm, can also be different.For example, default first Encryption Algorithm can be stream cipher algorithm, in advance
If the second Encryption Algorithm can be able to be for the algorithm of the addition symbol logo before the first ciphertext data information, the symbol logo
"#*".Such as, above-mentioned first ciphertext data information is " #*q1DEM2tuJ3e4zVAtO after default second Encryption Algorithm processing
Z2faFRMinIH3vObrlpBptLqHyH4+VFYp5ES”。
In this specification embodiment, when the class of subscriber is visitor, server-side is generated by the second ciphertext data
The method that rule generates ciphertext data information can be as shown in figure 4, this method may include:
S402, the server-side determine door control terminal corresponding with the cell name according to the cell name information
Mark and cell door number.
Cell name and corresponding with cell name unique is previously stored in this specification embodiment, in server-side
Door control terminal mark and multiple cell doors number.Wherein, gate inhibition of the door control terminal mark in unique identification cell is whole
It holds, i.e., the mark of door control terminal corresponding to different cell names is entirely different.General cell has multiple into cell
Door, such as east gate, west gate, south gate and north gate, each door into cell is respectively provided with corresponding cell door number, for example, eastern
Door number is D1D1, west gate number is D1D2, south gate number is D1D3, north gate number is D1D4, and each door into cell is equal
It is provided with door control terminal, and the door control terminal mark of each door control terminal of same cell name is identical.
When class of subscriber is visitor, due to including cell name in user registration information, server-side can be according to cell
Name information gets corresponding door control terminal mark and cell door number.
S404, the server-side is according to the accessed unit floor information, determination unit building door number.
In this specification embodiment, each unit building also is provided with the unit building door into unit building, Mei Gedan inside cell
First building door is equipped with unit building door number, and such as the number that 1-01 is 1 No. 1 door of unit building, 1-02 is the number of 1 No. 2 doors of unit, respectively
Unit building door is provided with door control terminal.It should be noted that the gate inhibition being arranged at the cell door and unit building door of same cell
The door control terminal mark of terminal is identical.
When class of subscriber is visitor, by including accessed unit floor information, server-side in user registration information
Corresponding unit building door number can be determined according to the unit floor information accessed.For example, the unit floor information accessed
For the Room 1101 of Unit 1, it is determined that corresponding unit building door number can be 1-01.Certainly, if corresponding unit building be provided with it is more
A door that can enter the unit building, in order to facilitate user's entrance, determining unit building door number can be it is multiple, such as 1-01 and
1-02。
S406, the server-side determine the effective period of time of the user identifier according to the residence time segment information.
In this specification embodiment, when class of subscriber is visitor, user registration information can also include the residence time
Segment information, the residence time segment information are the residence time in cell of user registration.Specifically, the residence time segment information
It can be embodied by the timestamp information for entering cell with the timestamp information for leaving cell, or the specific time of setting
Section such as 1 day, the times segment information such as 3 days.Server-side can determine the effective of corresponding user identifier according to the residence time segment information
Period, the effective period of time of the user identifier for indicating during this period of time, user identifier be it is effective, beyond the period
Afterwards, which fails.
S408, the server-side determine the effective using secondary of the user identifier according to the access service type information
Number.
In this specification embodiment, when class of subscriber is visitor, user registration information can also include access business
Type information, which is used to indicate that user to access the purpose of cell, for example, the access service type information
Can be on home leave, fit up, delivery etc..Server-side is that the setting of different access service type information is corresponding effective using secondary in advance
Number, effective access times are that user identifier can be with the number of opening gate in effective period of time.For example, server-side is in advance
Access type of service is that the effective access times for the setting being on home leave are 2 times, is the effective of the setting fitted up for access type of service
Access times are 10 times, and effective access times for the setting that access type of service is delivery are 4 times etc..
S410, the server-side are numbered according to the user identifier, door control terminal mark, cell door number, unit building door,
The effective period of time of the user identifier and effective access times generate second plaintext data information.
In this specification embodiment, server-side can be with user identifier, door control terminal mark, cell door number, unit building
Door number, the effective period of time of the user identifier and effective access times generate second plaintext data information, the second plaintext
The structure of data can be expressed as follows: user identifier | door control terminal mark | cell door number, and unit building door number | effectively use
Number | effective period of time, such as a | 12345 | D1D1, D1D2, D1D3, D1D4,1-01,1-02 | 2 times | 1 day.
It should be noted that server-side, which before generating second plaintext data information, can also obtain, will generate in plain text
The generation timestamp of data information, and the open-birth is generated in second plaintext data information together at timestamp, for example, generating
58 divide 11 seconds when timestamp is No. 19 12, then the second plaintext data information comprising the generation timestamp can indicate are as follows: user
Mark | door control terminal mark | cell door number, unit building door number | effective access times | effective period of time | 19125811.
S412, the server-side are based on default first Encryption Algorithm and encrypt to the second plaintext data information, obtain
To the second ciphertext data information.
In this specification embodiment, presetting the first Encryption Algorithm can be symmetric encipherment algorithm, or asymmetric
Encryption Algorithm, when for symmetric encipherment algorithm, the stream cipher algorithm that can be can be changed for key length, the algorithm is given birth to by pseudo random number
It grows up to be a useful person and is formed with XOR operation, the key length of stream cipher algorithm is variable, and range is [1,255].
It should be noted that for the safety during improve data transfer, obtain the second ciphertext data information it
Afterwards, encryption again can also be carried out to the second ciphertext data information using default second Encryption Algorithm, obtains the 4th
Ciphertext data information, and the 4th ciphertext data information is denoted as ciphertext data information.Default second Encryption Algorithm herein can
With identical as default first Encryption Algorithm, can also be different.For example, default first Encryption Algorithm can be stream cipher algorithm, in advance
If the second Encryption Algorithm can be able to be for the algorithm of the addition symbol logo before the second ciphertext data information, the symbol logo
“#*”。
The ciphertext data information is sent to the client by S210, server-side.
Correspondingly, client receives the ciphertext data information that server-side is sent.
S212, client generate corresponding identification code according to the ciphertext data information.
In this specification embodiment, identification code can be image code, and data information can be carried by being also possible to others
Identification code, which can be two dimensional code.Client can will be connect using identification code generator such as figure code generator
The ciphertext data information of receipts is generated as corresponding identification code, for example, can be raw by ciphertext data information using two-dimension code generator
As corresponding two dimensional code.If the identification code generated is displayable identification code such as graphic code, client is generating the graphic code
Later, which can be shown, in this way, the graphic code can be placed in the image collecting device of door control terminal by user
Before, so that the door control terminal scanning recognition graphic code.
In this specification embodiment, in order to ensure the safety of gate inhibition's identification, client is after generating identification code, also
The identification code can be refreshed according to prefixed time interval;Specifically, client can monitor the operation of the identification to identification code, if
In prefixed time interval (such as in 5 seconds), the client does not monitor the operation of the identification to identification code or to identification code
Identification operation does not complete, then client can retransmit gate inhibition to server-side and open request, in this way, server-side can be according to the door
Prohibit to open and request to regenerate corresponding ciphertext data information, and the ciphertext data information that this is regenerated is sent to client
End after client receives the ciphertext data information, generates corresponding identification code based on the ciphertext data information again;If client
The identification operation to identification code is monitored within a preset time interval or the identification operation of identification code is completed, then is grasped in identification
After work, identification code failure is can be set in client.
S214, door control terminal identify the identification code, obtain the ciphertext data information.
In this specification embodiment, identification device, such as pattern recognition device can be configured in door control terminal, the image
Identification device may include image collecting device, which can acquire image, for image
Identification device identifies the image of acquisition, obtains corresponding data information.
S216, door control terminal decrypt the ciphertext data information and obtain the data information for verifying.
In this specification embodiment, door control terminal can be decrypted the ciphertext data information of acquisition to obtain and be used for
The data information of verifying.Specifically, the decipherment algorithm that uses of door control terminal can according to the Encryption Algorithm of ciphertext data information into
Row determines.
S218, door control terminal execute the access control according to the verification result to the data information for verifying and grasp
Make.
In this specification embodiment, ciphertext data information is decrypted to obtain corresponding clear data letter by decipherment algorithm
Breath, the clear data information are data information of the door control terminal for verifying, therefore, the data for verifying decrypted
Information can be the first clear data information above-mentioned or second plaintext data information.When the data information for verifying is the
When one clear data information, which may include user identifier, door control terminal mark, cell door number and unit building door
Number information can also include generating timestamp;When the data information for verifying is second plaintext data information, the data
Information may include user identifier, door control terminal mark, cell door number, unit building door number, the user identifier it is effective
Period and effective access times can also include generating timestamp.
Specifically, door control terminal is according to the use when the data information for verifying is the first clear data information
Method shown in fig. 5 can be used by executing the access control operation in the verification result of the data information of verifying, and this method can
To include:
S502, the door control terminal obtain local door control terminal mark and when front door is numbered.
S504, the door control terminal judge that the door control terminal identifies whether as local door control terminal mark.
Door control terminal can obtain local door control terminal mark with decryption after getting local door control terminal mark
Door control terminal mark in clear data information is compared, and judges to decrypt the door control terminal mark in obtained clear data information
Whether know is local door control terminal mark.
It is local door control terminal mark when judging result is door control terminal mark in the obtained clear data information of decryption
When, execute step S506;It is not local door when judging result is door control terminal mark in the obtained clear data information of decryption
When prohibiting terminal iidentification, step S510 is executed.
S506, when the door control terminal is identified as local door control terminal mark, the door control terminal judges the cell
Whether comprising being numbered with the door to match when front door number in door number and unit building door number.
In this specification embodiment, the door control terminal be identified as local door control terminal mark when, door control terminal into
Whether one step judges to decrypt in obtained clear data information comprising when front door number, that is, judging cell door number and unit building door
Whether comprising being numbered with the door to match when front door number in number.When judging result is cell door number and unit building door
Comprising, when the door number to match is numbered at front door, executing step S508 with described in number;When judging result is cell door volume
Number and unit building door number in do not include with it is described when front door number match door number when, execution step S510.For example, solution
Cell door number and unit building door number in close obtained clear data information are D1D1, D1D2, D1D3, D1D4,1-01,1-
02, when front door, number is D1D5, then cell door number and unit building door number can execute step not comprising numbering when front door
S510。
S508, by verifying, the gate inhibition is opened in the door control terminal control.
For example, the cell door number and unit building door number in the obtained clear data information of decryption be D1D1, D1D2,
D1D3, D1D4,1-01,1-02, numbering when front door is 1-02, then cell door number and unit building door number include and work as front door volume
Number door to match number, by verifying, door control terminal can control open when front door number be 1-02 gate inhibition.
S510, unverified, door control terminal, which can control, remains off the gate inhibition.
It should be noted that door control terminal is when being verified in order to improve the safety of gate inhibition's identification, it is also contemplated that
The timeliness of clear data information, specifically, when the clear data information that decryption obtains includes to generate timestamp, door control terminal
Comprising after the door number to match is numbered at front door, being gone back with described in determining the cell door number and unit building door number
It can further be verified according to timestamp is generated, specific as follows:
S512, door control terminal, which obtains current time stamp information and presets, uses duration.
Wherein, it presets and is used to indicate that the effective of clear data information to use duration (such as 1 minute) using duration, this is default
It can be locally located, can also be arranged in advance in server-side, door control terminal can be from local in door control terminal in advance using duration
It directly acquires, can also be obtained from server-side.
S514, door control terminal is according to the generation timestamp and presets using duration, judges that the current time stamp is
It is no effective.
Door control terminal get it is default using duration after, can according to this it is default decrypted using duration calculation it is bright
The out-of-service time point of literary data information, specifically, can be determined plus default using duration on the basis of generating timestamp.?
The time point generated between timestamp and out-of-service time point may be considered effective time point.
After out-of-service time point has been determined, door control terminal may determine that whether current time stamp is effective, specifically, if current
Timestamp is generating between timestamp and out-of-service time point, then shows that the current time stamp is effective time point, i.e., when current
Between stab effectively, step S508 can be executed;If current time stamp is after out-of-service time point or is the out-of-service time point, table
The bright current time stamp is invalid, correspondingly, the clear data information failure that decryption obtains, can execute step S510.
In this specification embodiment, when the data information for verifying is second plaintext data information, door control terminal
Side shown in fig. 6 can be used by executing the access control operation according to the verification result to the data information for verifying
Method, this method may include:
S602, the door control terminal obtain local door control terminal mark and when front door is numbered.
S604, the door control terminal judge that the door control terminal identifies whether as local door control terminal mark.
Door control terminal can obtain local door control terminal mark with decryption bright after getting local door control terminal mark
Door control terminal mark in literary data information is compared, and judges that decryption obtains the door control terminal mark in clear data information and is
It is no to be identified for local door control terminal.
When judging result be decryption obtain in clear data information door control terminal mark be local door control terminal mark when,
Execute step S606;When judging result be decryption obtain in clear data information door control terminal mark be not local door control terminal
When mark, step S616 is executed.
S606, when the door control terminal is identified as local door control terminal mark, the door control terminal judges the cell
Whether comprising being numbered with the door to match when front door number in door number and unit building door number.
In this specification embodiment, the door control terminal be identified as local door control terminal mark when, door control terminal into
Whether one step judges to decrypt in obtained clear data information comprising when front door number, that is, judging cell door number and unit building door
Whether comprising being numbered with the door to match when front door number in number.When judging result is cell door number and unit building door
Comprising, when the door number to match is numbered at front door, executing step S608 with described in number;When judging result is cell door volume
Number and unit building door number in do not include with it is described when front door number match door number when, execution step S616.For example, solution
Cell door number and unit building door number in close obtained clear data information are D1D1, D1D2, D1D3, D1D4,1-01,1-
02, when front door, number is D1D5, then cell door number and unit building door number can execute step not comprising numbering when front door
S616。
S608, comprising being compiled with the door to match when front door number in cell door number and unit building door number
Number when, the door control terminal judges whether effective access times are greater than zero.When effective access times are greater than zero, hold
Row step S610;When effective access times are zero, step S616 is executed.
S610, when effective access times are greater than zero, the door control terminal obtains current time stamp information.
S612, the door control terminal judges the current time stamp whether in the effective period of time, when described current
When timestamp is in the effective period of time, step S614 is executed.When the current time stamp is not in the effective period of time
When, execute step S616.
For example, the effective period of time of user identifier is 20180702, this day in as on July 2nd, 2018, door control terminal is obtained
The current time stamp information taken is 201807020945, i.e., 45 divide when current time is 2 days 9 July in 2018, shows current time
Information is stabbed in effective period of time, user identifier is still effective.
S614, by verifying, the gate inhibition is opened in the door control terminal control.
S616, unverified, door control terminal control remains off the gate inhibition.
It should be noted that door control terminal is when being verified in order to improve the safety of gate inhibition's identification, it is also contemplated that
The timeliness of clear data information, specifically, when the clear data information that decryption obtains includes to generate timestamp, by testing
Card before the gate inhibition is opened in door control terminal control, can also further be verified, specifically such as according to timestamp is generated
Under:
S618, door control terminal, which obtains current time stamp information and presets, uses duration.
Wherein, it presets and is used to indicate that the effective of clear data information to use duration (such as 1 minute) using duration, this is default
It can be locally located, can also be arranged in advance in server-side, door control terminal can be from local in door control terminal in advance using duration
It directly acquires, can also be obtained from server-side.
S620, door control terminal is according to the generation timestamp and presets using duration, judges that the current time stamp is
It is no effective.
Door control terminal get it is default using duration after, can according to this it is default decrypted using duration calculation it is bright
The out-of-service time point of literary data information, specifically, can be determined plus default using duration on the basis of generating timestamp.?
The time point generated between timestamp and out-of-service time point may be considered effective time point.
After out-of-service time point has been determined, door control terminal may determine that whether current time stamp is effective, specifically, if current
Timestamp is generating between timestamp and out-of-service time point, then shows that the current time stamp is effective, can execute step S614;If
Current time stamp is after out-of-service time point or is the out-of-service time point, then shows that the current time stamp is invalid, correspondingly, solution
Close obtained clear data information failure, can execute step S616.
In this specification embodiment, after door control terminal controls opening gate, it can also be sent to server-side corresponding
Opening gate message, in order to which server-side records and manages.Specifically, after door control terminal controls opening gate, it can be from solution
User identifier is obtained in close obtained clear data information, opening gate message is generated according to the user identifier, and by the unlatching
Gate inhibition's message is sent to server-side;Server-side receives the opening gate message, and gets the user identifier carried in the message,
Judge whether corresponding class of subscriber is visitor according to the user identifier, when it is visitor that judging result, which is class of subscriber, service
Effective access times of the corresponding user identifier can be subtracted one by end.
To sum up, the embodiment of the present invention determines ciphertext data create-rule according to class of subscriber by server-side, according to determination
Ciphertext data create-rule generate the ciphertext data information of corresponding class of subscriber, which is generated as through client
Identification code identified by door control terminal and carries out access control operation after the identification code, so that the visitor of even cell can also be with
Automatic access control is realized well, and can take different access control modes for different user classification, is being ensured
While the safety of gate inhibition's identification, management difficulty and cost are reduced, the convenience of user is enhanced.
Refer to Fig. 7 which shows the timing diagram of another kind access control method provided in an embodiment of the present invention, the gate inhibition
Control method can be applied in implementation environment shown in FIG. 1.It is specific as shown in Figure 7, which comprises
S702, the client send logging request to the server-side, and the logging request carries the client
User identifier.
In this specification embodiment, when user needs opening gate, can by the client in mobile terminal to
Server-side sends logging request, and the user identifier of the client is carried in the logging request.It should be noted that the client can
To be the application program being pre-installed in mobile terminal operating system, it is also possible to rely on the small routine of the application program,
The small routine can be run parallel without downloading installation in the terminal with the application program of support.User identifier can be
Log in the user account of client, or other information for capableing of unique identification client user.For example, working as the small routine
When for wechat small routine, when running the wechat small routine, the login account information which can call directly wechat is carried out
It logs in.
Correspondingly, server-side receives the logging request that client is sent.
S704, the server-side judge whether to be stored with user registration information corresponding with the user identifier.
After server-side receives the logging request of client transmission, user's mark of the client carried in logging request is obtained
Know, and judges whether be stored with user login information corresponding with the user identifier on local or other associated servers.
When the result judged stores use corresponding with the user identifier to be no on local or other associated servers
When the log-on message of family, step S706 can be executed;When the result judged is is stored on local or other associated servers
When user login information corresponding with the user identifier, then it can return and login successfully or directly in client to the client
End display logins successfully interface.
S706, the server-side is to the client return information registration message.
When the result judged stores use corresponding with the user identifier to be no on local or other associated servers
When the log-on message of family, server-side can be to client return information registration message, so that client disappears according to information registration
Breath, instruction user carry out user information registration.
Correspondingly, client receives the information registration message that server-side is sent.
S708, client show that information registers the page according to the information registration message, step on so that user completes user
Remember the registration of information.
Client is shown to user after receiving information registration message, by the information registration page, so that user can be into
The registration of row user registration information.Specifically, user registration information may include class of subscriber, and can be according to different users
Classification includes the different information content.For example, user registration information can also include cell name when class of subscriber is owner
Claim, address name, user contact details and lived unit floor information;When class of subscriber is visitor, user registration information is also
It may include cell name, address name, user contact details, the unit floor information accessed, access type of service is (as visited
Parent, finishing, delivery etc.), residence time segment information etc., as shown in figure 8, it is class of subscriber provided in an embodiment of the present invention
The schematic diagram of the page is registered for a kind of information of visitor, wherein access type of service and residence time segment information can exist in advance
Corresponding content is configured in client, so that user selects in the information registration page.
The user registration information is sent to the server-side by S710, the client.
Client can be registrated successfully signal based on the received, and the user registration information that user completes registration is sent to clothes
Business end.
Correspondingly, server-side receives the user registration information that client is sent.
S712, server-side store the user registration information after audit is by the user registration information.
After server-side receives user registration information, user registration information can be audited, it, can be with when audit passes through
The user registration information is stored on local or other associated servers, and after the completion of storage, it can also be to client
End returns to the instruction message of confirmation registration;When the audit fails, server-side can return to the instruction of registration failure to client
Message.
Specifically, in order to improve the safety of access control, when audit, if the corresponding class of subscriber of user registration information is
Visitor can then be associated with the owner of the visitor institute access unit floor information, the relevant information of the visitor is sent to the industry
Main, when owner is identified through the relevant information of the visitor, audit passes through;The relevant information of the visitor is not passed through in owner's confirmation
When, the audit fails.
After client receives the instruction message of confirmation registration of server-side transmission, step S714 can be executed.
S714, client send gate inhibition to server-side and open request;The gate inhibition opens request and carries the client
User identifier.
S716, the server-side obtain corresponding user registration information, the user registration letter according to the user identifier
Breath includes class of subscriber.
S718, the server-side determine ciphertext data create-rule according to the class of subscriber.
S720, server-side are based on the user registration information, generate ciphertext data by the ciphertext data create-rule
Information.
The ciphertext data information is sent to the client by S722, server-side.
Correspondingly, client receives the ciphertext data information that server-side is sent.
S724, client generate corresponding identification code according to the ciphertext data information.
S726, door control terminal identify the identification code, obtain the ciphertext data information.
S728, door control terminal decrypt the ciphertext data information and obtain the data information for verifying.
S730, door control terminal execute the access control according to the verification result to the data information for verifying and grasp
Make.
Wherein, step S714 to step S730 may refer to aforementioned embodiment of the method shown in Fig. 2, and details are not described herein.
To sum up, the embodiment of the present invention determines ciphertext data create-rule according to class of subscriber by server-side, according to determination
Ciphertext data create-rule generate the ciphertext data information of corresponding class of subscriber, which is generated as through client
Identification code identified by door control terminal and carries out access control operation after the identification code, so that the visitor of even cell can also be with
Automatic access control is realized well, and can take different access control modes for different user classification, is being ensured
While the safety of gate inhibition's identification, management difficulty and cost are reduced, the convenience of user is enhanced.
Refer to Fig. 9 which shows the flow diagram of another kind access control method provided in an embodiment of the present invention, it should
Access control method can be applied to the service end side in implementation environment shown in FIG. 1, specifically as shown in figure 9, the method
Include:
S902 receives the gate inhibition that the client is sent and opens request;The gate inhibition opens the use for carrying the client
Family mark.
In this specification embodiment, when user needs opening gate to enter cell or unit building, visitor can be passed through
Family end sends gate inhibition to server-side and opens request.The gate inhibition opens the user identifier that client is carried in request, the user identifier
It can be login client in server-side unique identification user registration information corresponding with the user of client, the user identifier
The user account at end, or other information for capableing of unique identification user.
S904 obtains corresponding user registration information according to the user identifier, and the user registration information includes user
Classification.
In this specification embodiment, user registration information may include class of subscriber, such as user is the owner of cell
Or the visitor for cell.In addition, the user registration information of different user classification can also be different, for example, for the industry of cell
Main, user registration information may include cell name, address name, user contact details and lived unit floor information;It is right
In the visitor of cell, user registration information may include cell name, address name, user contact details, the unit accessed
Floor information, access type of service (are such as on home leave, fit up, delivery etc.), residence time segment information etc..
In this specification embodiment, server-side can will be used according to the corresponding relationship of user identifier and user registration information
Family register information is stored in local, user registration information can also be stored on other associated servers, when service terminates
After the ciphertext data acquisition request for receiving client transmission, corresponding close can be searched according to the user identifier carried in the request
System, and then get corresponding user registration information.
S906 determines ciphertext data create-rule according to the class of subscriber.
It can in advance be different user to realize effective entrance guard management for visitor in this specification embodiment
Classification configures different ciphertext data create-rules.It can be owner's class of subscriber when class of subscriber includes owner and visitor
The first ciphertext data create-rule is configured, configures the second ciphertext data create-rule for Guest User's classification.Therefore, server-side can
To determine that active user is owner or visitor according to class of subscriber, so that it is determined that also using the first ciphertext data create-rule
It is the second ciphertext data create-rule.
S908 is based on the user registration information, generates ciphertext data information by the ciphertext data create-rule.
Specifically, the detailed content of the step may refer to abovementioned steps S208, details are not described herein.
The ciphertext data information is sent to the client by S910.
Correspondingly, client receives the ciphertext data information that server-side is sent, according to ciphertext data information generation pair
The identification code answered;The door control terminal identification code for identification, obtains the ciphertext data information, decrypts the ciphertext number
It is believed that breath is verified information, the access control is executed according to the verification result to the verification information and is operated.
To sum up, the embodiment of the present invention determines ciphertext data create-rule according to class of subscriber by server-side, according to determination
Ciphertext data create-rule generate the ciphertext data information of corresponding class of subscriber, which is generated as through client
Identification code identified by door control terminal and carries out access control operation after the identification code, so that the visitor of even cell can also be with
Automatic access control is realized well, and can take different access control modes for different user classification, is being ensured
While the safety of gate inhibition's identification, management difficulty and cost are reduced, the convenience of user is enhanced.
Following is apparatus of the present invention embodiment, can be used for executing embodiment of the present invention method.For apparatus of the present invention reality
Undisclosed details in example is applied, embodiment of the present invention method is please referred to.
As shown in Figure 1, the embodiment of the invention provides a kind of access control system, the system may include client 100,
Server-side 200 and door control terminal 300, wherein
Client 100 opens request for sending gate inhibition to the server-side, and the gate inhibition opens request and carries the visitor
The user identifier at family end;Receive the ciphertext data information that the server-side is sent;It is generated and is corresponded to according to the ciphertext data information
Identification code;
Server-side 200 opens request for receiving the gate inhibition that the client is sent;It is obtained and is used according to the user identifier
Family classification;Ciphertext data create-rule is determined according to the class of subscriber;Ciphertext is generated based on the ciphertext data create-rule
Data information;The ciphertext data information is sent to the client;
Door control terminal 300, the identification code, obtains the ciphertext data information for identification;Decrypt the ciphertext data
Information obtains the data information for verifying;Access control is executed according to the verification result to the data information for verifying
Operation.
In one embodiment of the invention, class of subscriber may include owner and visitor, and the ciphertext data generate rule
It then may include the first ciphertext data create-rule corresponding with the owner, and the second ciphertext number corresponding with the visitor
According to create-rule.
Optionally, when the class of subscriber is owner, the user registration information further includes cell name information and institute
Firmly unit floor information.Server-side 200 is being based on the user registration information, raw by the first ciphertext data create-rule
When at ciphertext data information, according to the cell name information, determine door control terminal corresponding with the cell name identify and
Cell door number;According to the lived unit floor information, determination unit building door number;It is whole according to the user identifier, gate inhibition
End mark, cell door number and unit building door number, generate the first clear data information;Based on default first Encryption Algorithm to institute
It states the first clear data information to be encrypted, obtains the first ciphertext data information, the first ciphertext data information is denoted as described
Ciphertext data information.
Optionally, when the class of subscriber is visitor, the user registration information further includes cell name information, is visited
Unit floor information, residence time segment information and the service type information asked.Server-side 200 is believed based on the user registration
Breath, when generating ciphertext data information by the second ciphertext data create-rule, according to the cell name information, determine with
The corresponding door control terminal mark of the cell name and cell door number;According to the accessed unit floor information, determine
Unit building door number;According to the residence time segment information, the effective period of time of the user identifier is determined;According to the business
Type information determines effective access times of the user identifier;According to the user identifier, door control terminal mark, cell door
Number, unit building door number, the effective period of time of the user identifier and effective access times, generate second plaintext data letter
Breath;The second plaintext data information is encrypted based on default first Encryption Algorithm, obtains the second ciphertext data information, institute
It states the second ciphertext data information and is denoted as the ciphertext data information.
In one embodiment of the invention, server-side 200 is also used to after obtaining ciphertext data information based on default
Second Encryption Algorithm encrypts the ciphertext data information.
In one embodiment of the invention, the clear data information can also include generating timestamp.
In one embodiment of the invention, client 100 is generating corresponding identification according to the ciphertext data information
After code, it is also used to refresh the identification code according to prefixed time interval.
In one embodiment of the invention, when the data information for verifying is the first clear data information,
Door control terminal 300 is obtained when executing access control operation according to the verification result to the data information for verifying
Local door control terminal is taken to identify and when front door is numbered;Judge that the door control terminal identifies whether as local door control terminal mark;?
When the door control terminal is identified as local door control terminal mark, judge whether wrap in the cell door number and unit building door number
Containing with described when the front door door that matches of number is numbered;Comprising working as with described in cell door number and unit building door number
When the door number to match is numbered at front door, by verifying, the gate inhibition is opened in control.
In one embodiment of the invention, when the data information for verifying is second plaintext data information,
Door control terminal 300 is obtained when executing access control operation according to the verification result to the data information for verifying
Local door control terminal is taken to identify and when front door is numbered;Judge that the door control terminal identifies whether as local door control terminal mark;?
When the door control terminal is identified as local door control terminal mark, judge whether wrap in the cell door number and unit building door number
Containing with described when the front door door that matches of number is numbered;Comprising working as with described in cell door number and unit building door number
When the door number to match is numbered at front door, judge whether effective access times are greater than zero;It is big in effective access times
When zero, current time stamp information is obtained;The current time stamp is judged whether in the effective period of time, when described current
When timestamp is in the effective period of time, by verifying, the gate inhibition is opened in control.
In one embodiment of the invention, the first clear data information and the second plaintext data information be also
Including generating timestamp.Door control terminal 300 is being also used to obtain current time by verifying before the gate inhibition is opened in control
It stabs information and presets and use duration;It according to the generation timestamp and presets using duration, judges the current time stamp
Whether effectively;When the current time stamp is effective, executes through verifying, control the step of opening the gate inhibition.
In one embodiment of the invention, it after the gate inhibition is opened in the control of door control terminal 300, is also used to obtain described
User identifier;According to the user identifier, opening gate message is generated, and the opening gate message is sent to the service
End;Correspondingly, server-side 200 is also used to receive the opening gate message;Judge the corresponding class of subscriber of the user identifier
It whether is visitor;When the corresponding class of subscriber of the user identifier is visitor, corresponding effective access times are subtracted one.
In one embodiment of the invention, it before client 200 sends gate inhibition's unlatching request to the server-side, also uses
In sending logging request to the server-side 200, the logging request carries the user identifier of the client;Receive server-side
The 200 information registration messages sent, display information registers the page, so that user completes the registration of user registration information;By institute
It states user registration information and is sent to the server-side 200;Correspondingly, server-side 200 is also used to receive the institute of the transmission of client 100
Logging request is stated, judges whether to be stored with user registration information corresponding with the user identifier, if the not stored and user
Corresponding user registration information is identified, then sends information registration message to the client 100;Receive what client 100 was sent
User registration information stores the user registration information after audit is by the user registration information, to the client 100
Return to the instruction message of confirmation registration.
Referring to Fig. 10, its structural block diagram for showing a kind of access control device provided in an embodiment of the present invention, the door
Prohibit control device and be configured in server-side, is applied to access control system above-mentioned, the apparatus may include:
Receiving module 1010 opens request for receiving the gate inhibition that the client is sent;The gate inhibition opens request and takes
User identifier with the client;
Module 1020 is obtained, for obtaining class of subscriber according to the user identifier;
Determining module 1030, for determining ciphertext data create-rule according to the class of subscriber;
Generation module 1040, for generating ciphertext data information based on the ciphertext data create-rule;
Sending module 1050, for the ciphertext data information to be sent to the client, so that the client
The ciphertext data information is received, corresponding identification code is generated according to the ciphertext data information;The door control terminal is for knowing
The not described identification code obtains the ciphertext data information, decrypts the ciphertext data information and obtains the data information for verifying,
Access control operation is executed according to the verification result to the data information for verifying.
It should be noted that device provided by the above embodiment, when realizing its function, only with above-mentioned each functional module
It divides and carries out for example, can according to need in practical application and be completed by different functional modules above-mentioned function distribution,
The internal structure of equipment is divided into different functional modules, to complete all or part of the functions described above.
Please refer to Figure 11 which shows a kind of structural schematic diagram of server provided in an embodiment of the present invention, the server
The access control method for the service end side that can be used for implementing providing in above-described embodiment.Specifically, the server architecture
It may include above-mentioned access control device, which can generate bigger difference because configuration or performance are different, can
To include central processing unit (CPU) 1201 including random access memory (RAM) 1202 and read-only memory (ROM) 1203
System storage 1204, and connection system storage 1204 and central processing unit 1201 system bus 1205.It is described
Server 1200 further includes basic input/output (the I/O system that information is transmitted between each device helped in computer
System) 1206, and for the mass-memory unit of storage program area 1213, application program 1214 and other program modules 1215
1207。
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instruction, example are additionally provided
It such as include the memory of instruction, above-metioned instruction can be executed by the processor of terminal to complete client-side in above method embodiment
Perhaps each step or above-metioned instruction of door control terminal side are executed by the processor of server to complete above method embodiment
Each step of middle service end side.For example, the non-transitorycomputer readable storage medium can be ROM, arbitrary access is deposited
Reservoir (RAM), CD-ROM, tape, floppy disk and optical data storage devices etc..
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that process, method, article or device including a series of elements are not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or device
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or device including the element.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (14)
1. a kind of access control method, which is characterized in that be applied to access control system, the access control system includes client
End, server-side and door control terminal, which comprises
The client sends gate inhibition to the server-side and opens request;The gate inhibition opens the use that request carries the client
Family mark;
The server-side receives the gate inhibition that the client is sent and opens request;Class of subscriber is obtained according to the user identifier;
Ciphertext data create-rule is determined according to the class of subscriber;Ciphertext data letter is generated based on the ciphertext data create-rule
Breath;The ciphertext data information is sent to the client;
The client receives the ciphertext data information, generates corresponding identification code according to the ciphertext data information;
The door control terminal identifies the identification code, obtains the ciphertext data information;The ciphertext data information is decrypted to obtain
Data information for verifying;Access control operation is executed according to the verification result to the data information for verifying.
2. access control method according to claim 1, which is characterized in that the server-side is raw based on the ciphertext data
Generating ciphertext data information at rule includes:
The server-side obtains user registration information corresponding with the class of subscriber;
The server-side generates clear data information according to the user registration information;
The server-side is based on default first Encryption Algorithm and encrypts to the clear data information, obtains the ciphertext data
Information.
3. access control method according to claim 2, which is characterized in that the class of subscriber includes owner, correspondingly,
The user registration information includes cell name information and lived unit floor information;
The server-side generates clear data information according to the user registration information
The server-side determines gate inhibition corresponding with cell name according to the cell name information and lived unit floor information
Terminal iidentification, cell door number and unit building door number;
The server-side is numbered according to the user identifier, door control terminal mark, cell door number and unit building door, is generated in plain text
Data information.
4. access control method according to claim 2, which is characterized in that the class of subscriber includes visitor, correspondingly,
Unit floor information, residence time segment information and the service class that the user registration information includes cell name information, accessed
Type information;
The server-side generates clear data information according to the user registration information
For the server-side according to the cell name information, the unit floor information accessed, determination is corresponding with cell name
Door control terminal mark, cell door number and unit building door number;
The server-side determines the effective period of time of the user identifier according to the residence time segment information;
The server-side determines effective access times of the user identifier according to the service type information;
The server-side is according to the user identifier, door control terminal mark, cell door number, unit building door number, the user
The effective period of time of mark and effective access times generate clear data information.
5. access control method according to claim 2, which is characterized in that the server-side is based on default first encryption and calculates
Method encrypts the clear data information, after obtaining the ciphertext data information, the method also includes:
The server-side is based on default second Encryption Algorithm and encrypts to the ciphertext data information.
6. according to the described in any item access control methods of claim 2 to 4, which is characterized in that in the server-side according to institute
Before stating user registration information generation clear data information, the method also includes:
The server-side, which obtains, generates timestamp information;
When executing step of the server-side according to user registration information generation clear data information, the server-side root
According to the user registration information and generate timestamp information generation clear data information.
7. access control method according to claim 3, which is characterized in that the door control terminal is used to test according to described
The verification result of the data information of card executes access control operation
The door control terminal obtains local door control terminal mark and when front door is numbered;
The door control terminal judges that the door control terminal identifies whether as local door control terminal mark;
When the door control terminal is identified as local door control terminal mark, the door control terminal judges the cell door number and list
Whether comprising being numbered with the door to match when front door number in first building door number;
Comprising, when the door number to match is numbered at front door, passing through with described in cell door number and unit building door number
The gate inhibition is opened in verifying, the door control terminal control.
8. access control method according to claim 4, which is characterized in that the door control terminal is used to test according to described
The verification result of the data information of card executes the access control operation
The door control terminal obtains local door control terminal mark and when front door is numbered;
The door control terminal judges that the door control terminal identifies whether as local door control terminal mark;
When the door control terminal is identified as local door control terminal mark, the door control terminal judges the cell door number and list
Whether comprising being numbered with the door to match when front door number in first building door number;
It is described when in cell door number and unit building door number comprising with the door number to match when front door number
Door control terminal judges whether effective access times are greater than zero;
When effective access times are greater than zero, the door control terminal obtains current time stamp information;
The door control terminal judges the current time stamp whether in the effective period of time, when the current time stamp is in institute
When stating in effective period of time, by verifying, the gate inhibition is opened in the door control terminal control.
9. access control method according to claim 6, which is characterized in that
By verifying, the door control terminal is controlled before opening the gate inhibition, the method also includes:
The door control terminal, which obtains current time stamp information and presets, uses duration;
The door control terminal is according to the generation timestamp and presets using duration, judges whether the current time stamp has
Effect;
When the current time stamp is effective, execute through verifying, the door control terminal controls the step of opening the gate inhibition.
10. access control method according to claim 9, which is characterized in that the door is opened in the door control terminal control
After taboo, the method also includes:
The door control terminal obtains the user identifier;
The door control terminal generates opening gate message according to the user identifier, and the opening gate message is sent to
The server-side;
The server-side receives the opening gate message;Judge whether the corresponding class of subscriber of the user identifier is visitor;
When the corresponding class of subscriber of the user identifier is visitor, corresponding effective access times are subtracted one.
11. access control method according to claim 1, which is characterized in that sent out in the client to the server-side
Before sending gate inhibition to open request, the method also includes:
The client sends logging request to the server-side, and the logging request carries the user identifier of the client;
The server-side judges whether to be stored with user registration information corresponding with the user identifier;
If not stored user registration information corresponding with the user identifier, to the client return information registration message;
User registration information is sent to the server-side by the client;
The server-side stores the user registration information after audit is by the user registration information, returns to the client
Return the instruction message of confirmation registration.
12. a kind of access control method, which is characterized in that be applied to access control system, the access control system includes visitor
Family end, server-side and door control terminal, which comprises
It receives the gate inhibition that the client is sent and opens request;The gate inhibition opens user's mark that request carries the client
Know;
Class of subscriber is obtained according to the user identifier;
Ciphertext data create-rule is determined according to the class of subscriber;
Ciphertext data information is generated based on the ciphertext data create-rule;
The ciphertext data information is sent to the client, so that the client receives the ciphertext data information,
Corresponding identification code is generated according to the ciphertext data information;The door control terminal identification code for identification obtains described
Ciphertext data information decrypts the ciphertext data information and obtains the data information for verifying, according to it is described for verifying
The verification result of data information executes access control operation.
13. a kind of access control system, which is characterized in that including client, server-side and door control terminal;
The client opens request for sending gate inhibition to the server-side, and the gate inhibition opens request and carries the client
The user identifier at end;Receive the ciphertext data information that the server-side is sent;It is generated according to the ciphertext data information corresponding
Identification code;
The server-side opens request for receiving the gate inhibition that the client is sent;User is obtained according to the user identifier
Classification;Ciphertext data create-rule is determined according to the class of subscriber;Ciphertext number is generated based on the ciphertext data create-rule
It is believed that breath;The ciphertext data information is sent to the client;
The door control terminal, the identification code, obtains the ciphertext data information for identification;Decrypt the ciphertext data information
Obtain the data information for verifying;Access control behaviour is executed according to the verification result to the data information for verifying
Make.
14. a kind of access control device, which is characterized in that be applied to access control system, the access control system includes visitor
Family end, server-side and door control terminal, described device include:
Receiving module opens request for receiving the gate inhibition that the client is sent;The gate inhibition opens request and carries the visitor
The user identifier at family end;
Module is obtained, for obtaining class of subscriber according to the user identifier;
Determining module, for determining ciphertext data create-rule according to the class of subscriber;
Generation module, for generating ciphertext data information based on the ciphertext data create-rule;
Sending module, for the ciphertext data information to be sent to the client, so that described in client reception
Ciphertext data information generates corresponding identification code according to the ciphertext data information;The door control terminal knowledge for identification
Other code obtains the ciphertext data information, decrypts the ciphertext data information and obtains the data information for verifying, according to institute
The verification result for stating the data information for verifying executes access control operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811109744.1A CN109300211A (en) | 2018-09-21 | 2018-09-21 | A kind of access control method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811109744.1A CN109300211A (en) | 2018-09-21 | 2018-09-21 | A kind of access control method, apparatus and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109300211A true CN109300211A (en) | 2019-02-01 |
Family
ID=65163853
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811109744.1A Pending CN109300211A (en) | 2018-09-21 | 2018-09-21 | A kind of access control method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109300211A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111199601A (en) * | 2019-09-02 | 2020-05-26 | 腾讯科技(深圳)有限公司 | Access control method and device, intelligent terminal, server and storage medium |
| CN111652781A (en) * | 2020-06-01 | 2020-09-11 | 阿里巴巴集团控股有限公司 | Service processing method, device, equipment and storage medium based on community codes |
| CN111815812A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Third-party unlocking control method and system for electronic lock |
| CN112598827A (en) * | 2020-12-25 | 2021-04-02 | 北京智芯微电子科技有限公司 | Intelligent lock authentication method, security chip, intelligent lock and management system thereof |
| CN113223224A (en) * | 2021-05-12 | 2021-08-06 | 支付宝(杭州)信息技术有限公司 | Traffic processing method and device |
| CN113746931A (en) * | 2021-09-10 | 2021-12-03 | 联想(北京)有限公司 | Data synchronization method and device |
| CN113936371A (en) * | 2021-09-18 | 2022-01-14 | 青岛海信智慧生活科技股份有限公司 | Authority management method and device |
| CN114639188A (en) * | 2022-03-15 | 2022-06-17 | 云屏数字科技(云南)有限公司 | Visitor access control system based on WeChat and visitor door opening method |
| CN115147960A (en) * | 2022-05-18 | 2022-10-04 | 阿里云计算有限公司 | Electronic lock processing method and device |
| CN116071860A (en) * | 2023-03-07 | 2023-05-05 | 雷图志悦(北京)科技发展有限公司 | Access control data management method and system |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101996430A (en) * | 2009-08-28 | 2011-03-30 | 中国移动通信集团公司 | Method, system and device for swiping entrance guard card through short message service reservation |
| CN102779323A (en) * | 2012-07-23 | 2012-11-14 | 概念家(中国)有限公司 | Network remotely-control door lock integrated system |
| CN103903316A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | Intelligent access control system and access control method thereof |
| CN104063935A (en) * | 2014-06-30 | 2014-09-24 | 深圳市同创新佳科技有限公司 | Hotel guest room management method and system based on electronic key management server |
| CN104809773A (en) * | 2014-01-23 | 2015-07-29 | 中国移动通信集团公司 | Entrance guard control method, entrance guard control apparatus, and entrance guard system |
| CN105069876A (en) * | 2015-08-04 | 2015-11-18 | 珠海格力电器股份有限公司 | Intelligent access control method and system |
| CN105118127A (en) * | 2015-09-17 | 2015-12-02 | 慧锐通智能科技股份有限公司 | Visiting system and control method thereof |
| CN105427416A (en) * | 2015-11-04 | 2016-03-23 | 广东安居宝数码科技股份有限公司 | Two-dimension code unlocking method and system |
| CN106327637A (en) * | 2016-08-25 | 2017-01-11 | 青岛亿联信息科技股份有限公司 | Bluetooth door opening system based on community management and method |
| CN106651676A (en) * | 2016-11-25 | 2017-05-10 | 深圳市保臻社区服务科技有限公司 | Community business management method and apparatus |
| CN107016754A (en) * | 2017-03-09 | 2017-08-04 | 武汉邮电科学研究院 | A kind of intelligent community management system analyzed based on big data and method |
| CN107067518A (en) * | 2017-05-08 | 2017-08-18 | 重庆中商科技股份有限公司 | Intelligent positioning enabling control system and method |
| KR20170108293A (en) * | 2016-03-17 | 2017-09-27 | 신현미 | Entry and exit record management system and method thereof |
| CN108171851A (en) * | 2018-01-15 | 2018-06-15 | 广安众道电子商务有限公司 | A kind of intelligent door lock system and control method with scanning function |
-
2018
- 2018-09-21 CN CN201811109744.1A patent/CN109300211A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101996430A (en) * | 2009-08-28 | 2011-03-30 | 中国移动通信集团公司 | Method, system and device for swiping entrance guard card through short message service reservation |
| CN102779323A (en) * | 2012-07-23 | 2012-11-14 | 概念家(中国)有限公司 | Network remotely-control door lock integrated system |
| CN103903316A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | Intelligent access control system and access control method thereof |
| CN104809773A (en) * | 2014-01-23 | 2015-07-29 | 中国移动通信集团公司 | Entrance guard control method, entrance guard control apparatus, and entrance guard system |
| CN104063935A (en) * | 2014-06-30 | 2014-09-24 | 深圳市同创新佳科技有限公司 | Hotel guest room management method and system based on electronic key management server |
| CN105069876A (en) * | 2015-08-04 | 2015-11-18 | 珠海格力电器股份有限公司 | Intelligent access control method and system |
| CN105118127A (en) * | 2015-09-17 | 2015-12-02 | 慧锐通智能科技股份有限公司 | Visiting system and control method thereof |
| CN105427416A (en) * | 2015-11-04 | 2016-03-23 | 广东安居宝数码科技股份有限公司 | Two-dimension code unlocking method and system |
| KR20170108293A (en) * | 2016-03-17 | 2017-09-27 | 신현미 | Entry and exit record management system and method thereof |
| CN106327637A (en) * | 2016-08-25 | 2017-01-11 | 青岛亿联信息科技股份有限公司 | Bluetooth door opening system based on community management and method |
| CN106651676A (en) * | 2016-11-25 | 2017-05-10 | 深圳市保臻社区服务科技有限公司 | Community business management method and apparatus |
| CN107016754A (en) * | 2017-03-09 | 2017-08-04 | 武汉邮电科学研究院 | A kind of intelligent community management system analyzed based on big data and method |
| CN107067518A (en) * | 2017-05-08 | 2017-08-18 | 重庆中商科技股份有限公司 | Intelligent positioning enabling control system and method |
| CN108171851A (en) * | 2018-01-15 | 2018-06-15 | 广安众道电子商务有限公司 | A kind of intelligent door lock system and control method with scanning function |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111199601A (en) * | 2019-09-02 | 2020-05-26 | 腾讯科技(深圳)有限公司 | Access control method and device, intelligent terminal, server and storage medium |
| CN111199601B (en) * | 2019-09-02 | 2022-06-14 | 腾讯科技(深圳)有限公司 | Access control method and device, intelligent terminal, server and storage medium |
| CN111652781A (en) * | 2020-06-01 | 2020-09-11 | 阿里巴巴集团控股有限公司 | Service processing method, device, equipment and storage medium based on community codes |
| CN111815812A (en) * | 2020-06-22 | 2020-10-23 | 北京智辉空间科技有限责任公司 | Third-party unlocking control method and system for electronic lock |
| CN111815812B (en) * | 2020-06-22 | 2022-06-14 | 合肥智辉空间科技有限责任公司 | Third-party unlocking control method and system for electronic lock |
| CN112598827A (en) * | 2020-12-25 | 2021-04-02 | 北京智芯微电子科技有限公司 | Intelligent lock authentication method, security chip, intelligent lock and management system thereof |
| CN113223224B (en) * | 2021-05-12 | 2023-10-24 | 支付宝(杭州)信息技术有限公司 | Traffic processing method and device |
| CN113223224A (en) * | 2021-05-12 | 2021-08-06 | 支付宝(杭州)信息技术有限公司 | Traffic processing method and device |
| CN113746931A (en) * | 2021-09-10 | 2021-12-03 | 联想(北京)有限公司 | Data synchronization method and device |
| CN113936371A (en) * | 2021-09-18 | 2022-01-14 | 青岛海信智慧生活科技股份有限公司 | Authority management method and device |
| CN114639188A (en) * | 2022-03-15 | 2022-06-17 | 云屏数字科技(云南)有限公司 | Visitor access control system based on WeChat and visitor door opening method |
| CN115147960A (en) * | 2022-05-18 | 2022-10-04 | 阿里云计算有限公司 | Electronic lock processing method and device |
| CN116071860A (en) * | 2023-03-07 | 2023-05-05 | 雷图志悦(北京)科技发展有限公司 | Access control data management method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109300211A (en) | A kind of access control method, apparatus and system | |
| CN107026824B (en) | A kind of message encryption, decryption method and device | |
| KR100211426B1 (en) | Method and apparatus for secure identification of a mobile user in a communication network | |
| CN104756458B (en) | For protecting the method and apparatus of the connection in communication network | |
| CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
| WO2014058166A1 (en) | Data transmitting apparatus and method, and recording medium having program recorded thereon for executing said method on computer | |
| CN104378379B (en) | A kind of digital content encrypted transmission method, equipment and system | |
| JPH08227397A (en) | Method and apparatus for remote certification for public circuit | |
| CN107454079A (en) | Lightweight device authentication and shared key machinery of consultation based on platform of internet of things | |
| CN105656859A (en) | Secure online upgrade method and system for tax control equipment software | |
| CN109951513A (en) | Anti- quantum calculation wired home quantum cloud storage method and system based on quantum key card | |
| CN108174151A (en) | Video monitoring system and control method, the call method of video information | |
| CN110597836A (en) | Information query request response method and device based on block chain network | |
| CN109257416A (en) | A kind of block chain cloud service network information management system | |
| CN104135471B (en) | The anti-abduction communication means of DNS | |
| WO2007036763A1 (en) | Biometric authentication system | |
| JP2006217446A (en) | Remote conference system | |
| Chen et al. | Enhanced authentication protocol for the Internet of Things environment | |
| Zhang et al. | Is Today's End-to-End Communication Security Enough for 5G and Its Beyond? | |
| CN103595619A (en) | Method, device and system for adding friend | |
| US11265298B2 (en) | Method for end-to-end transmission of a piece of encrypted digital information, application of this method and object implementing this method | |
| US20230370430A1 (en) | Personalized secure communication session management | |
| US20060129815A1 (en) | Generation of identities and authentication thereof | |
| KR20130039745A (en) | System and method for authentication interworking | |
| CN111698203A (en) | Cloud data encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |