CN110086809A - Permission operation is carried out to neighbouring target facility by mobile device - Google Patents

Permission operation is carried out to neighbouring target facility by mobile device Download PDF

Info

Publication number
CN110086809A
CN110086809A CN201910352716.0A CN201910352716A CN110086809A CN 110086809 A CN110086809 A CN 110086809A CN 201910352716 A CN201910352716 A CN 201910352716A CN 110086809 A CN110086809 A CN 110086809A
Authority
CN
China
Prior art keywords
permission
mobile device
target facility
server
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910352716.0A
Other languages
Chinese (zh)
Other versions
CN110086809B (en
Inventor
吴平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201910352716.0A priority Critical patent/CN110086809B/en
Publication of CN110086809A publication Critical patent/CN110086809A/en
Application granted granted Critical
Publication of CN110086809B publication Critical patent/CN110086809B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention discloses a kind of method for carrying out permission operation to neighbouring target facility by mobile device, comprising: target facility broadcasts the message about permission;When mobile device is close to the target facility, the message about permission from target facility is received;Based on the message about permission from target facility received, mobile device is sent to server by identity information and to the authority request of target facility;Server process identity information and authority request are sent to mobile device to generate permission response, by permission response;It is responded based on permission, mobile device is interacted with target facility, thus the permission of target facility verifying mobile device, so that mobile device can operate the target facility with corresponding authority.The present invention is suitable for multi-user's multiple target can change the short range communication purview certification of authority relation at any time, especially suitable for carrying out permission operation to failed cluster target facility.

Description

Permission operation is carried out to neighbouring target facility by mobile device
The application be the applying date be on July 13rd, 2016, application No. is 201610547626.3, entitled " pass through Mobile device to neighbouring target facility carry out permission operation " Chinese invention patent application divisional application.
Technical field
The present invention relates to the acquisition of permission and certification, it is more particularly to weigh neighbouring target facility by mobile device Limit operation.
Background technique
In the existing equipment for needing permission to operate, used if the equipment is not only disposed in one place, but It is distributed in many places to use, i.e. the more regional coverages of multiple spot, and needs to have permission relevant actual physics movement, then must join Net, to carry out purview certification to operator.
For example, if there is the gate inhibition of rights management function is multiple spot distribution, for example much being done in the scene using gate inhibition The gate inhibition of public room or building, cell gate inhibition etc. must be networkings, because its authority information is same by network from server Step.
Such as the knee of public good bicycle, barcode scanning purview certification is supported although having had, because its certification passes through Information, still knee is sent to by network, thus the networking (module) of knee be also it is essential.Similarly, also There are the timesharing lease management system of charging pile, class of swiping the card, electric vehicle timesharing lease etc..
In the above application, carry out permission operation in multiple spot if necessary to multi-user, then target device must network with With server interact to complete to each user the permission of each point certification.This for target device deployment and Say it is fairly cumbersome, and safeguard get up it is considerably complicated.Especially from far-off regions, condition of networking sometimes does not have or and bad It is good, very burden can be all generated in deployment and maintenance in this way, it is very poor to eventually lead to equipment usage experience.
In existing equipment, also there is the embodiment that do not network.Although such equipment is not networked, in memory In the identity information of multiple users has been stored in advance, to be authenticated at any time to user.It itself is not deposited there are also a kind of equipment Store up subscriber identity information but storage decipherment algorithm, the user by having permission operation sends the message of similar key, equipment according to The message runs decipherment algorithm, to identify whether user has permission operation.Above-mentioned mode is because be static certification, it is clear that exists Great risk.For example, third party can directly steal subscriber identity information, or the key of interception user from device memory Information.In short, the problem of current not networked devices not can solve safety, is actually also the same as traditional door lock, Even there is the bigger security risk of leakage subscriber identity information, is not particularly suitable for the application scenarios in multi-user's multi-section administration place.
Therefore, it is necessary to a kind of technologies, so that the short range communication permission that multi-user's multiple target can change authority relation at any time is recognized Card, especially suitable for carrying out permission operation to failed cluster target facility.
Summary of the invention
The object of the present invention is to provide a kind of technology, so that multi-user's multiple target can change the short of authority relation at any time Journey communication authority certification, especially suitable for carrying out permission operation to failed cluster target facility.
According to the first aspect of the invention, a kind of side obtaining the permission of target facility nearby by mobile device is provided Method, comprising: target facility broadcasts the message about permission;When mobile device is close to the target facility, receives and come from target The message about permission of facility;Based on the message about permission from target facility received, mobile device is by identity Information and server is sent to the authority request of target facility;Server process identity information and authority request are to generate power Permission response is sent to mobile device by limit response;It is responded based on permission, mobile device is interacted with target facility, thus Target facility verifies the permission of mobile device, so that mobile device can operate the target facility with corresponding authority.
Preferably, the interaction of the broadcast of the target facility, the mobile device and the target facility is all to pass through indigo plant Tooth communication protocol carries out.
Preferably, the identity information include it is following at least one: cell-phone number, IMEI code, the User ID of mobile device, net Stand or service ID.
Preferably, the target facility is following one: gate inhibition, bag storage cabinet, charging pile, automatic lock, receives automatic vending machine Take station, self-help bank.
It is preferably based on permission response, mobile device is interacted with target facility further comprises: being rung based on permission It answers, mobile device initiates the action message of encryption to the target facility;Target facility should using intrinsic Encryption Algorithm verifying Action message allows mobile device to operate the target facility with corresponding authority if be proved to be successful.
Be preferably based on permission response, mobile device is interacted with target facility further comprises: target facility is to institute It states mobile device and initiates re-authentication dynamic message;The re-authentication dynamic that the mobile device is initiated based on the target facility Message initiates re-authentication request to server;The server authentication re-authentication request, re-authentication response is sent to Mobile device;Re-authentication response is sent to the target facility to verify by the mobile device, if verifying Success, the target facility allow mobile device to operate the target facility with corresponding authority.
Preferably, the permission response is disposable message or the message for having entry-into-force time limitation.
Preferably, the re-authentication response is disposable message or the message for having entry-into-force time limitation.
Preferably, permission is responded and is passed to generate permission response by the server process identity information and authority request It send to mobile device and further comprises:
1) server receives identity information and authority request from the mobile device;
2) multiple identity informations for being stored in memory of the server based on the server and its with multiple targets Authority relation between facility, determines whether the mobile device has required by the authority request target facility Permission;
3) if it is determined that the mobile device has permission required by the authority request for the target facility, then Directly execute step 5);
4) if it is determined that the mobile device does not have permission required by the authority request for the target facility, The server sets up authority relation required by authority request between the identity information and the target facility, and will The authority relation storage is in memory;
5) license of corresponding permission is sent to mobile device as permission response by the server.
According to the second aspect of the invention, a kind of mobile device is provided, comprising: memory, for storing identity information;Control Device processed is used for so that the mobile device executes following operation: when mobile device is close to target facility, reception is set from target The message about permission applied;Based on the message about permission from target facility received, by what is stored in memory Identity information and server is sent to the authority request of target facility;Permission response is received from server, and is based on permission Response, interacts with target facility, so that permission obtains the verifying of target facility, so as to operate institute with corresponding authority State target facility.
According to the third aspect of the invention we, a kind of server is provided, comprising: memory, for storing multiple identity informations And its authority relation between multiple target facilities;Controller is used for so that the server executes following operation: 1) from shifting Dynamic equipment receives the authority request of identity information and its target facility close to its;2) based on the multiple bodies stored in memory Part information and its authority relation between multiple target facilities, determine whether the mobile device has the target facility Permission required by the standby authority request;3) if it is determined that the mobile device has the permission for the target facility The required permission of request, then directly execute step 5);4) if it is determined that the mobile device does not have the target facility Permission required by the standby authority request, the server set up power between the identity information and the target facility The required authority relation of limit request, and in memory by authority relation storage;5) corresponding permission is permitted to send To the mobile device, responded as permission, so that the mobile device can be interacted with the target facility, it is thus described Target facility verifies the permission of the mobile device, so that the mobile device can operate the target with corresponding authority Facility.
According to the fourth aspect of the invention, a kind of target facility is provided, comprising: memory stores the message about permission; Controller is used for so that the target facility executes following operation: broadcasting the message about permission stored in memory, with So that close mobile device carries out authority request to server according to the message and its identity information;It is handed over mobile device Mutually, the permission response obtained based on the mobile device from server, verifies the permission of the mobile device, so that described Mobile device can operate oneself with corresponding authority.
Present invention is especially suited for such application scenarios: target facility is distributed widely in multiple physical locations, multiple users Possess the operating right to the target facility at genera reason place, therefore, user and target facility have no any pre- before It the information that first sets or store and contacts, and some time somewhere, certain user can have disposable operation needs, example to somewhere facility Such as automatic vending machine, bag storage cabinet, charging pile are all such cases.
The present invention is suitable for carrying out permission operation to the target facility of failed cluster, it is only necessary to which target facility has short range communication Ability, such as bluetooth, near-field communication (NFC), infrared, WiFi or WLAN, so as to carry out information with the mobile device of user Interaction, thus can be achieved with multi-user's multiple target can authenticate the target of authority relation at any time.
Detailed description of the invention
Below with reference to the accompanying drawings it is described in conjunction with the embodiments the present invention.In the accompanying drawings:
Fig. 1 is the permission that target facility nearby is obtained by mobile device for illustrating embodiment according to the present invention The schematic diagram of scene.
Fig. 2 is the basic schematic diagram for illustrating mobile device according to the present invention.
Fig. 3 is the flow chart for illustrating method performed by the controller of mobile device according to the present invention.
Fig. 4 is the basic schematic diagram for illustrating server according to the present invention.
Fig. 5 is the flow chart for illustrating method performed by the controller of server according to the present invention.
Fig. 6 is the basic schematic diagram for illustrating target facility according to the present invention.
Fig. 7 is the flow chart for illustrating method performed by the controller of target facility according to the present invention.
Fig. 8 is the permission that target facility nearby is obtained by mobile device for illustrating embodiment according to the present invention The flow chart of method.
Fig. 9 is the method current from entrance guard facilities by mobile device illustrated according to a particular embodiment of the invention Signal flow diagram.
Figure 10 be illustrate according to a particular embodiment of the invention by mobile device from automatic vending machine picking Method signal flow diagram.
Specific embodiment
Specific embodiments of the present invention are explained in detail below in conjunction with attached drawing.
Fig. 1 is the permission that target facility nearby is obtained by mobile device for illustrating embodiment according to the present invention The schematic diagram of scene.
Need the operable target facility 300 of corresponding authority ability attached as shown in Figure 1, user holds mobile device 100 and is moved to Closely.In the present invention, target facility 300 can be gate inhibition, automatic vending machine, bag storage cabinet, charging pile, automatic lock, charge station, oneself The various unattended facilities of bank etc. are helped, and target facility 300 can be distributed in multiple places, to meet different regions The needs of user.The user for holding mobile device 100 may be close to some target facility 300.Mobile device 100 or user with it is specific Connection or information exchange in advance are had no before the target facility 300 in place, but user or mobile device 100 itself may have The permission of not specific (for example, any not locality) the target facility 300 of operation.Or user or mobile device 100 Body does not have a permission, but can by purchase, the multi-exchanges means such as exchange, grant and obtain permission immediately.Due to movement It has no and contacts in advance or information exchange before equipment 100 or user and target facility 300, therefore, not specific target facility 300 It is not aware that whether equally not specific mobile device 100 or user have the corresponding power operated to the target facility 300 Limit.In the case, the user of mobile device 100 is if it is intended to operation target facility 300, needs the verifying for carrying out permission or obtain It takes;And if target facility itself is there is no networking, verifying or acquisition about permission are needed through mobile device 100 to cloud End server 200 requests to carry out.Herein before the request, mobile device 100 receive target facility 300 broadcast message (if Distance is close enough).The broadcast message is the message about permission.Based on this message, mobile device 100 is to cloud server 200 carry out Authority Verification, to verify the permission of itself or obtain corresponding permission, and use the permission and target facility 300 Interaction, to achieve the purpose that operation.
Fig. 2 is the basic schematic diagram for illustrating mobile device according to the present invention.As shown in Fig. 2, mobile device 100 is wrapped Include memory 101 and controller 102.It should be appreciated by those skilled in the art that mobile device 100 further includes other function module, However, in order not to obscure the present invention with other prior arts, here just in mobile device with technical solution of the present invention phase Associated module and function are described.The memory 101 of mobile device 100 can store identity information.When the movement is set Standby 100 when being mobile phone, and identity information can be cell-phone number (for example, the mobile portable phone number of 11 bit digitals used in China Code).In addition, the identity information of mobile device 100 can be IMEI code.In addition, identity information can also be shifting in traditional sense Dynamic equipment User ID (for example, the number of identification card number, Bank Account Number or other certificates, ticket, such as discount coupon, accumulating card, Number of member card etc.).Nowadays, user is likely to also many virtual identities, such as number of site or the ID of service.Pass through These identity enumerated above, user may buy or obtain in advance the behaviour of the target facility of some not localities Make permission.And buying or obtaining the voucher of these permissions is exactly identity information.Or user or mobile device 100 do not have at present Permission, but can by purchase, the multi-exchanges means such as exchange, grant and obtain corresponding permission online immediately.Therefore, exist In the present invention, the identity information stored in the memory 101 of mobile device 100 is for verifying user or mobile device 100 Whether the corresponding authority that target facility 300 is operated is had or for obtaining the identity information of corresponding authority.
Fig. 3 is the flow chart for illustrating method performed by the controller of mobile device according to the present invention.Specifically It says, as shown in figure 3, the controller 102 of mobile device 100 makes the mobile device 100 execute following behaviour in method S100 Make.Method S100 starts from step S101, when mobile device 100 is close to target facility 300, receives and comes from target facility 300 The message about permission.It will be deposited in step S103 based on the message about permission from target facility 300 received The identity information that stores in reservoir 102 and server 200 is sent to the authority request of target facility 300.In step S105, Permission response is received from server 200, permission response is the permission to mobile device 100 or user's operation target facility 300 Verifying.The controller 102 of mobile device 100 is responded based on permission, so that mobile device 100 is handed over target facility 300 Mutually, so that permission obtains the verifying of target facility 300, so as to operate the target facility 300 with corresponding authority.With Afterwards, method S100 terminates.
Fig. 4 is the basic schematic diagram for illustrating server according to the present invention.As shown in figure 4, cloud server 200 wraps Include memory 201 and controller 202.It should be appreciated by those skilled in the art that server 200 further includes other function module, so And in order not to obscure the present invention and other prior arts, here just for associated with technical solution of the present invention in server Module and function be described.The memory 201 of server 200 can store multiple identity informations and its set with multiple targets Authority relation between applying.For example, multiple identity informations and its authority relation between multiple target facilities can be stored For a mapping table, wherein an identity information likely corresponds to multiple and different target facilities or upper corresponding to physics Multiple identical target facilities in different location.
Fig. 5 is the flow chart for illustrating method performed by the controller of server according to the present invention.Specifically, As shown in figure 5, the controller 202 of cloud server 200 makes the server 200 execute following operation in method S200. Method S200 starts from step S201, and slave mobile device 100 receives the power of identity information and its target facility 300 close to its Limit request.Permission in step S203, based on the multiple identity informations stored in memory and its between multiple target facilities Relationship, determines whether the mobile device 100 has permission required by the authority request for the target facility 300. If it is determined that the mobile device 100 has permission required by the authority request, i.e. step for the target facility 300 The judging result of S203 is "Yes", then directly executes step S207, and the license of corresponding permission is sent to the mobile device 100, it is responded as permission, so that the mobile device 100 can be interacted with the target facility 300, the thus target Facility 300 verifies the permission of the mobile device 100, so that the mobile device 100 can operate institute with corresponding authority State target facility.On the other hand, if it is determined that the mobile device 100 does not have the permission for the target facility 300 The required permission of request, the i.e. judging result of step S203 are "No", then follow the steps S205, the server is in the body Authority relation required by authority request is set up between part information and the target facility, and the authority relation is stored in In memory 201.Next, method S200 proceeds to step S207, as previously mentioned, the license of corresponding permission is sent to described Mobile device 100 is responded as permission, so that the mobile device 100 can be interacted with the target facility 300, thus The target facility 300 verifies the permission of the mobile device 100, so that the mobile device 100 can be accordingly to weigh Limit operates the target facility 300.
Fig. 6 is the basic schematic diagram for illustrating target facility according to the present invention.As shown in fig. 6, target facility 300 wraps Include memory 301 and controller 302.It should be appreciated by those skilled in the art that target facility 300 further includes other function module, However, in order not to obscure the present invention with other prior arts, here just in target facility with technical solution of the present invention phase Associated module and function are described.The memory 301 of target facility 300 can store the message about permission.Here, it closes Refer in the message of permission: firstly, target facility 300 is stated by this message, to operate to oneself, movement is set Standby 100 must have certain permission;Secondly, target facility 300 can provide specific identifier (such as the MAC of oneself in the message Address or other special ID) so that mobile device 100 itself judges, verifies or be by the judgement of server 200, verifying It is no to have operating right for the target facility with specific identifier;In addition, the message about permission further includes permissions list, why Sample obtains phase dutiable value or means of exchange of corresponding authority or each permission etc..For example, mobile device 100 will be about power The message (target facility mark) and identity information (user identity) of limit are all sent to server 200, and server 200 can be inquired User and target facility are with the presence or absence of mapping and there are what kind of authority relations, can be with if not existing authority relation Corresponding permission is obtained by modes of doing business such as purchases, then establishes such authority relation.
Fig. 7 is the flow chart for illustrating method performed by the controller of target facility according to the present invention.Specifically It says, as shown in fig. 7, the controller 302 of target facility 300 makes the target facility 300 execute following behaviour in method S300 Make.Method S300 starts from step S301, the message about permission stored in the memory 302 is broadcasted, so that close Mobile device 100 carries out authority request to server 200 according to the message and its identity information.In step S303, set with movement Standby 100 interact, and based on the permission response that the mobile device 100 is obtained from server 200, verify the mobile device 100 permission, so that the mobile device 100 can operate oneself with corresponding authority.Then, method S300 is tied Beam.
Come detailed description of the present invention method and preferred embodiment below with reference to Fig. 8 and Fig. 9.
Fig. 8 is the permission that target facility nearby is obtained by mobile device for illustrating embodiment according to the present invention The flow chart of method.
As shown in figure 8, step S801 is started from by the method S800 that mobile device obtains the permission of target facility nearby, In the step, target facility 300 broadcasts the message about permission.As described above, here, the message about permission refers to: firstly, Target facility 300 is stated by this message, and to operate to oneself, mobile device 100 must have certain permission; Secondly, target facility 300 can provide the specific identifier of oneself in the message, so that mobile device 100 itself judgement, verifying Or is judged by server 200, verifies whether have operating right for the target facility with specific identifier;In addition, closing Further include permissions list in the message of permission, how to obtain the phase dutiable value or means of exchange of corresponding authority or each permission Etc..
In a preferred embodiment of the invention, target facility 300 is equipped with bluetooth module, can with mobile device 100 into Row Bluetooth communication.Here, target facility 300 passes through message of the Bluetooth broadcast about permission.It will be appreciated by those skilled in the art that The broadcast of target facility 300 can also be completed by other short range wireless communication protocols, such as near-field communication (NFC), red Outside, WiFi or WLAN.
In step S803, when mobile device 100 is close to the target facility 300, the pass from target facility 300 is received In the message of permission.As described above, target facility 300 broadcasts the message about permission by bluetooth, when movement is set Standby 100 reach can receive the Bluetooth broadcast within the scope of when, i.e., close to the target facility 300 when, can receive to pass In the message of permission, mobile device 100, which is learnt nearby, as a result, a target facility 300, and the target facility 300 needs permission To operate.If the user of mobile device 100 needs to operate this target facility 300 really, which can manipulate movement Equipment 100 continues following process.Otherwise, if user loses interest in for such target facility 300, indigo plant can also be ignored Tooth broadcast.
In step S805, based on the message about permission from target facility 300 received, mobile device 100 will Identity information and server 200 is sent to the authority request of target facility 300.As described above, the identity information includes Below at least one: cell-phone number, IMEI code, the User ID of mobile device, website or service ID.
In step S807, server 200 handles identity information and authority request to generate permission response, and permission is responded and is passed It send to mobile device 100.Here, server 200 carries out Authority Verification by identity information and authority request.For example, as before Described, the memory 201 of server 200 can store multiple identity informations and its permission between multiple target facilities is closed System.For example, multiple identity informations and its authority relation between multiple target facilities can be stored as a mapping table, In, an identity information likely corresponds to multiple and different target facility or corresponding to being physically located at the multiple of different location Identical target facility.By being retrieved in memory 201, server 200 can complete the work of Authority Verification.
On the other hand, it is wanted if the mobile device 100 does not have the authority request for the target facility 300 The permission asked, the server 200 can set up authority request between the identity information and the target facility and be wanted The authority relation asked, and the authority relation is stored in the memory 201 of server 200.Then, the server 200 The license of corresponding permission is sent to mobile device 100 as permission response.
It in step S809, is responded based on permission, mobile device 100 is interacted with target facility 300, thus target facility The permission of 300 verifying mobile devices 100, so that mobile device 100 can operate the target facility with corresponding authority 300.Similarly, herein, the mobile device and the interaction of the target facility can be carried out by Bluetooth communication protocol, It can also be completed by other short range wireless communication protocols, such as near-field communication (NFC), infrared, WiFi or WLAN.
In addition, being responded about permission, it is preferable that permission response is disposable message or has what the entry-into-force time limited to disappear Breath.That is, the permission generated every time by server 200 responds, it is only limited to this authority request of mobile device 100;It moves Dynamic equipment 100 is also used only once after receiving permission response, i.e., no matter permission response is to have permission also with final permission It is no permission (or permission of different brackets or function), after interacting with target facility 300, permission response is just failed ?.Alternatively, the permission response have certain entry-into-force time, if mobile device 100 not as early as possible using and miss come into force when Between, it is invalid for permission response, and mobile device 100 must carry out permission to server 200 again for target facility 300 Request is to obtain new permission response.
Specifically, the interaction of mobile device 100 and the progress of target facility 300 may include: based on power in step S809 Limit response, mobile device 100 initiate the action message of encryption to the target facility 300;Target facility 300 is added using intrinsic The close proof of algorithm action message allows mobile device 100 to operate the target facility with corresponding authority if be proved to be successful 300。
For further safety, it is also contemplated that re-authentication.For example, target facility 300 is to the mobile device 100 Initiate re-authentication dynamic message.The mobile device 100 is disappeared based on the re-authentication dynamic that the target facility 300 is initiated Breath initiates re-authentication request to server 200.The server 200 verifies re-authentication request, and re-authentication is responded and is passed It send to mobile device 100.Re-authentication response is sent to the target facility 300 to carry out by the mobile device 100 Verifying.Only re-authentication is proved to be successful, and the target facility 300 just allows mobile device 100 to operate institute with corresponding authority State target facility 300.Similarly, the re-authentication response is also possible to disposable message or has disappearing for entry-into-force time limitation Breath.
In a preferred embodiment of the invention, the target facility 300 is entrance guard facilities, and therefore, mobile device 100 is with phase Answering permission to operate the entrance guard facilities 300 includes allowing the user of the mobile device 100 by the entrance guard facilities 300, with And the user of the mobile device 100 is forbidden to pass through the entrance guard facilities 300.It, will be to this in the description for combining Fig. 9 below Scape carries out more detailed explanation.
In a preferred embodiment of the invention, the target facility 300 can also be automatic vending machine, and therefore, movement is set Standby 100, which operate the user that the automatic vending machine 300 includes the permission mobile device 100 with corresponding authority, obtains automatic vending Cargo in machine, and forbid obtaining cargo.Below in conjunction in the description of Figure 10, more detailed solution will be carried out to this scene It releases.
After step S809, method S800 can terminate.
Fig. 9 is the method current from entrance guard facilities by mobile device illustrated according to a particular embodiment of the invention Signal flow diagram.
As shown in figure 9, mobile device can be mobile phone, target facility can be entrance guard facilities.It is mounted in entrance guard facilities Bluetooth communication, therefore, when in use, entrance guard facilities can incessantly, periodically, or with certain rule or be deferred to Certain principle, is broadcasted by bluetooth, as shown in the step S901 of method S900.
When user's carrying mobile phone is moved in the range of receiving of Bluetooth broadcast, mobile phone can be by itself bluetooth module The broadcast for receiving entrance guard facilities sending, thus knows the presence of entrance guard facilities and needs permission could be by this feelings of gate inhibition Condition.
In a preferred embodiment of the invention, since entrance guard facilities may be the facility that do not network, so it may not have Ability independently inquire want whether to have by the mobile phone (or its user) of gate inhibition by permission.Such inquiry and verifying It needs to realize by the information exchange of mobile phone and server.
In step S902, based on the Bluetooth broadcast received, mobile phone sends the identity information of itself together with request of letting pass To server.Judged and verified by the permission whether server corresponds to the pass the gate inhibition for the identity information.About This point, the operation on mobile phone can actually be completed by mobile phone application (app).For example, mobile phone app automatic identification is blue Tooth broadcast generates then for the message about permission and sends solicited message (identity information and authority request) to server.
Cloud server is retrieved the relationship between identity information and access permission in step S903, is judged, is tested Card.If the identity information that mobile phone is sent has the permission by the gate inhibition, server is sent in step S904 to mobile phone It lets pass and permits.As previously mentioned, the message that the clearance can be disposable message or have the entry-into-force time to limit.
Mobile phone sends gate inhibition for the clearance received license in step S905, to request to pass through.Gate inhibition is in step S906 For letting pass, license is verified, to verify its safety, integrality etc., to primarily determine that mobile phone has current permission. It for example, mobile phone can receive clearance license by app, and is also that will let pass to permit to be sent to gate inhibition by app.In other words It says, the interaction between mobile phone and gate inhibition, server can dispatch completion by mobile phone app.
However, in step S907, gate inhibition has issued re-authentication dynamic message to mobile phone for further safety.Hand Machine needs to verify to cloud server again to obtain re-authentication response.Specifically, according to re-authentication dynamic message, Mobile phone sends re-authentication request to server in step S908.In step S909, server requests to carry out to the re-authentication It calculates to obtain re-authentication response.Re-authentication response is received from server in step S910 mobile phone later.In step Re-authentication response is transmitted to gate inhibition by S911 mobile phone, so that gate inhibition is able to carry out verifying in step S912.Verify it is errorless it Afterwards, gate inhibition's official confirmation mobile phone (the actually user of mobile phone) has right of access, can pass through gate inhibition.
As a result, in step S913, gate inhibition clearly provides Rleasing Notice to mobile phone.And mobile phone (user) is in step S914 Gate inhibition can be passed through.That is, mobile phone operates gate inhibition with corresponding permission.For example, in embodiment, Yong Hu After interacting completion with gate inhibition with mobile phone and obtaining permission, gate inhibition can be made for oneself clearance, user is to pass through gate inhibition.This In, the interaction between mobile phone and gate inhibition, server still can dispatch completion by mobile phone app.
It is noted herein that although in the examples described above, re-authentication is in clearance request/clearance license message It is carried out after transmitting, but actually the two has no the sequencing in strict time.It is letting pass for example, re-authentication can be It is carried out while request/clearance license message transmission.Specifically, when carrying out Bluetooth broadcast, in addition to broadcast is closed In the message of permission, multidate information (re-authentication) can also be sent using bluetooth title.
Figure 10 be illustrate according to a particular embodiment of the invention by mobile device from automatic vending machine picking Method signal flow diagram.
As shown in Figure 10, mobile device can be mobile phone, and target facility can be automatic vending machine.Pacify in automatic vending machine Bluetooth communication is filled, therefore, when in use, automatic vending machine can incessantly, periodically, or with certain rule Or certain principle is deferred to, it is broadcasted by bluetooth, as shown in the step S1001 of method S1000.
When user's carrying mobile phone is moved in the range of receiving of Bluetooth broadcast, mobile phone can be by itself bluetooth module The broadcast for receiving automatic vending machine sending, thus knows the presence of automatic vending machine and needs permission could be from automatic vending In machine this case that picking.
In a preferred embodiment of the invention, since automatic vending machine may be the facility that do not network, so it may not have It is capable independently to inquire the permission whether mobile phone (or its user) of desired picking has picking.Such inquiry and verifying, It even trades, needs to realize by the information exchange of mobile phone and server.
In step S1002, based on the Bluetooth broadcast received, the identity information of itself is requested to send by mobile phone together with picking To server.The permission whether identity information corresponds to specific picking is judged and verified by server.About this A bit, the operation on mobile phone can actually be completed by mobile phone application (app).For example, mobile phone app automatic identification bluetooth Broadcast generates then for the message about permission and sends solicited message (identity information and authority request) to server.
Cloud server is retrieved the relationship between identity information and access permission in step S1003, is judged, is tested Card.
Here it is divided into two kinds of situations.The first situation is that the user of mobile phone has been obtained for the picking of some commodity before Permission, such as pass through the modes such as game link, businessman preferential, good friend gives, on-line purchase.Such picking permission can store Or it is recorded in the memory on cloud server, i.e., the power being stored on cloud server between identity information and picking permission Limit relationship, user can verify on the server with identity information, it is then online under (automatic vending machine) picking.Second Situation is that there is no picking permissions before the user of mobile phone.By the broadcast of automatic vending machine, the user of mobile phone recognizes automatically The list of commodity and phase dutiable value or acquisition pattern in vending machine.By using mobile phone app, the user of mobile phone can to commodity into Row purchase or other transaction, to obtain the picking permission obtained to specific commodity.Specifically, user can incite somebody to action oneself by mobile phone Oneself identity information is sent to server (such as by operating handset app) with to the purchases of specific commodity request;Server can To retrieve first to memory, there is no the permissions between identity information and the picking permission of specific commodity to close for discovery System, then server according to purchase request carries out purchase processing (for example, bank transaction etc., here and non-present invention is claimed Range, so details are not described herein), then set up authority relation in memory;Next, user, which is equal to, obtains phase Answer picking permission, it is possible to carry out verifying picking and operate.
That is, in the first case, if the identity information that mobile phone is sent has the permission of picking, servicing Device sends delivery license to mobile phone in step S1004.In second situation, handed over by the identity information that mobile phone is sent Easily, to obtain picking permission;Cloud server can be set up between identity information and picking permission pair in memory The authority relation of specific commodity, then server sends delivery license to mobile phone in step S1004.As previously mentioned, the delivery is permitted The message that disposable message can be can be or have the entry-into-force time to limit.
Mobile phone sends automatic vending machine for the delivery received license in step S1005, to wait deliver.Automatic vending Machine verifies delivery license in step S1006, to verify its safety, integrality etc., to primarily determine that mobile phone has It is on the waiting list the permission of goods.It for example, mobile phone can receive delivery license by app, and is also to be sent to delivery license by app Automatic vending machine.In other words, the interaction between mobile phone and automatic vending machine, server can be dispatched by mobile phone app It completes.
However, in step S1007, automatic vending machine has issued re-authentication dynamic to mobile phone for further safety Message.Mobile phone needs to verify to cloud server again to obtain re-authentication response.Specifically, dynamic according to re-authentication State message, mobile phone send re-authentication request to server in step S1008.In step S1009, server is to the re-authentication Request is calculated to obtain re-authentication response.Re-authentication response is received from server in step S1010 mobile phone later. Re-authentication response is transmitted to automatic vending machine in step S1011 mobile phone, so that automatic vending machine can in step S1012 It is verified.Verify it is errorless after, automatic vending machine official confirmation mobile phone (the actually user of mobile phone) have picking permission, Automatic vending machine picking can be passed through.
As a result, in step S1013, automatic vending machine is delivered to mobile phone user, it is, the user of mobile phone can operate certainly Dynamic vending machine obtains the commodity wanted.For example, user is interacting completion with mobile phone simultaneously with automatic vending machine in embodiment After obtaining permission, automatic vending machine can be made for oneself delivery, user is to obtain commodity.Here, mobile phone and automatic vending Interaction between machine, server still can dispatch completion by mobile phone app, can also pass through mobile phone app and automatic selling Both interactive tools of cargo aircraft are jointly completed.
It is noted herein that although in the examples described above, re-authentication is in picking request/delivery license message It is carried out after transmitting, but actually the two has no the sequencing in strict time.For example, re-authentication can be in picking It is carried out while request/delivery license message transmission.Specifically, when carrying out Bluetooth broadcast, in addition to broadcast is closed In the message of permission, multidate information (re-authentication) can also be sent using bluetooth title.
In the present invention, target facility can be the facility that do not network.Realize the present invention, it is only necessary to which target facility has Bluetooth communication or other short range communication modules or communication capacity.
The present invention is especially suitable for such application scenarios: target facility is distributed widely in multiple physical locations, Duo Geyong Family or identity possess the operating right to the target facility at genera reason place, therefore, before user and target facility simultaneously No any information for presetting or storing with contact, and some time somewhere, certain user can have disposable behaviour to somewhere facility It needs, such as gate inhibition, automatic vending machine, bag storage cabinet, charging pile, automatic lock, charge station (such as realize the highway of ETC Charge station), self-help bank (such as ATM (automatic teller machine) ATM realize without card withdraw the money without ATM machine networking, or even if Networking, can be used as other verification mode), it is all such case.Simultaneously as related tool is not stored in advance in target facility Body permission, the data of identity information, therefore a possibility that loss of data is not present or is stolen or is forged, be conducive to data with The safety of permission.
In addition, in the present invention, in interactively communicating between mobile device and target facility, in addition to broadcast at the beginning disappears Except breath, all it is the message of the message of encryption or dynamic generation, disposable message or time-effectiveness, prevents other equipment to communication Content is intercepted, to ensure that communication and the safety of permission.
Various embodiments of the present invention and implementation situation are described above.But the spirit and scope of the present invention are not It is limited to this.Those skilled in the art will it is according to the present invention introduction and make more applications, and these application all this Within the scope of invention.

Claims (10)

1. a kind of method for carrying out permission operation to neighbouring target facility by mobile device, comprising:
Target facility broadcasts the message about permission;
When mobile device is close to the target facility, the message about permission from target facility is received;
Based on the message about permission from target facility received, mobile device is by identity information and to target facility Authority request be sent to server;
Server process identity information and authority request are sent to mobile device to generate permission response, by permission response;
It being responded based on permission, mobile device is interacted with target facility, thus the permission of target facility verifying mobile device, from And mobile device is enabled to operate the target facility with corresponding authority.
2. the method for claim 1, wherein the broadcast of the target facility, the mobile device and the target are set The interaction applied is carried out by Bluetooth communication protocol.
3. the method for claim 1, wherein the identity information include it is following at least one: cell-phone number, IMEI code, User ID, website or the service ID of mobile device.
4. the method for claim 1, wherein the target facility is following one: gate inhibition, automatic vending machine, bag deposit Cabinet, charging pile, automatic lock, charge station, self-help bank.
5. the method for claim 1, wherein being responded based on permission, mobile device and target facility are interacted into one Step includes:
It is responded based on permission, mobile device initiates the action message of encryption to the target facility;
Target facility verifies the action message using intrinsic Encryption Algorithm, if be proved to be successful, allows mobile device with phase Permission is answered to operate the target facility.
6. the method for claim 1, wherein permission response is disposable message or has what the entry-into-force time limited to disappear Breath.
7. the method for claim 1, wherein the server process identity information and authority request are to generate permission Response, permission response, which is sent to mobile device, further comprises:
7.1) server receives identity information and authority request from the mobile device;
7.2) it multiple identity informations for being stored in memory of the server based on the server and its is set with multiple targets Authority relation between applying, determines whether the mobile device has required by the authority request target facility Permission;
7.3) if it is determined that the mobile device has permission required by the authority request for the target facility, then directly It connects and executes step 7.5);
7.4) if it is determined that the mobile device does not have permission required by the authority request, institute for the target facility It states server and sets up authority relation required by authority request between the identity information and the target facility, and by institute State authority relation storage in memory;
7.5) license of corresponding permission is sent to mobile device as permission response by the server.
8. a kind of mobile device, comprising:
Memory, for storing identity information;
Controller is used for so that the mobile device executes following operation:
When mobile device is close to target facility, the message about permission broadcasted by target facility is received;
Based on the message about permission broadcasted by target facility received, by the identity information stored in memory and right The authority request of target facility is sent to server;
Permission response is received from server, and is responded based on permission, is interacted with target facility, so that permission obtains mesh Facility verifying is marked, so as to operate the target facility with corresponding authority.
9. a kind of server, comprising:
Memory, for storing multiple identity informations and its authority relation between multiple target facilities;
Controller is used for so that the server executes following operation:
9.1) slave mobile device receives the authority request of identity information and its target facility close to its;
9.2) authority relation based on the multiple identity informations stored in memory and its between multiple target facilities, determines institute It states mobile device and whether has permission required by the authority request for the target facility;
9.3) if it is determined that the mobile device has permission required by the authority request for the target facility, then directly It connects and executes step 9.5);
9.4) if it is determined that the mobile device does not have permission required by the authority request, institute for the target facility It states server and sets up authority relation required by authority request between the identity information and the target facility, and by institute State authority relation storage in memory;
9.5) license of corresponding permission is sent to the mobile device, is responded as permission, so that the mobile device energy Enough to interact with the target facility, thus the target facility verifies the permission of the mobile device, so that the movement Equipment can operate the target facility with corresponding authority.
10. a kind of target facility, comprising:
Memory stores the message about permission;
Controller is used for so that the target facility executes following operation:
The message about permission stored in memory is broadcasted, so that close mobile device is according to the message and its identity Information carries out authority request to server;
It is interacted with mobile device, based on the permission response that the mobile device is obtained from server, verifies the movement and set Standby permission, so that the mobile device can operate oneself with corresponding authority.
CN201910352716.0A 2016-07-13 2016-07-13 Permission operation on nearby target facilities through mobile equipment Active CN110086809B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910352716.0A CN110086809B (en) 2016-07-13 2016-07-13 Permission operation on nearby target facilities through mobile equipment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610547626.3A CN106131015B (en) 2016-07-13 2016-07-13 Permission operation is carried out to neighbouring target facility by mobile device
CN201910352716.0A CN110086809B (en) 2016-07-13 2016-07-13 Permission operation on nearby target facilities through mobile equipment

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201610547626.3A Division CN106131015B (en) 2016-07-13 2016-07-13 Permission operation is carried out to neighbouring target facility by mobile device

Publications (2)

Publication Number Publication Date
CN110086809A true CN110086809A (en) 2019-08-02
CN110086809B CN110086809B (en) 2022-03-15

Family

ID=57283206

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201610547626.3A Active CN106131015B (en) 2016-07-13 2016-07-13 Permission operation is carried out to neighbouring target facility by mobile device
CN201910352716.0A Active CN110086809B (en) 2016-07-13 2016-07-13 Permission operation on nearby target facilities through mobile equipment

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201610547626.3A Active CN106131015B (en) 2016-07-13 2016-07-13 Permission operation is carried out to neighbouring target facility by mobile device

Country Status (1)

Country Link
CN (2) CN106131015B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110969738A (en) * 2020-01-16 2020-04-07 河南国立信息科技有限公司 Control system and method of intelligent security entrance guard based on 5G architecture

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108122307A (en) * 2016-11-29 2018-06-05 上海慧流云计算科技有限公司 Access control management method, apparatus and system
CN106506341B (en) * 2016-12-01 2019-11-05 特斯联(北京)科技有限公司 A kind of community's social contact method and system based on the current product in community
CN109410372A (en) * 2017-08-17 2019-03-01 深圳市德科物联技术有限公司 A kind of intelligent access control system and door opening method based on mobile phone NFC payment function
CN107508619B (en) * 2017-08-29 2018-11-09 重庆壹元电科技有限公司 Mobile power based on Bluetooth technology rents self-help serving system
CN107888310A (en) * 2017-11-30 2018-04-06 湖南康通电子股份有限公司 The control method and device of broadcast terminal
KR20220021466A (en) * 2019-05-21 2022-02-22 에이치아이디 글로벌 코포레이션 Physical Access Control Systems and Methods
CN110853157B (en) * 2019-11-12 2022-01-04 南京猫酷科技股份有限公司 Parking lot entrance and exit payment management system and method
CN112836538A (en) * 2021-02-02 2021-05-25 青岛海尔空调器有限总公司 Control method of household appliance and household appliance

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120150742A1 (en) * 2010-12-14 2012-06-14 Xtreme Mobility Inc. System and Method for Authenticating Transactions Through a Mobile Device
CN103679885A (en) * 2013-12-02 2014-03-26 大连智慧城科技有限公司 Door control identity recognition system and method based on mobile terminal
CN103971435A (en) * 2014-05-22 2014-08-06 广东欧珀移动通信有限公司 Unlocking method, server, mobile terminal, electronic lock and unlocking system
CN104063932A (en) * 2014-06-18 2014-09-24 大连智慧城科技有限公司 Non-networking access system based on mobile terminal and implementation method
CN105023334A (en) * 2015-08-10 2015-11-04 广东文城科技发展有限公司 Unlocking and locking control method based on cloud platform and mobile phone APP
US20160196705A1 (en) * 2014-02-12 2016-07-07 Viking Access Systems, Llc Movable barrier operator configured for remote actuation

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120150742A1 (en) * 2010-12-14 2012-06-14 Xtreme Mobility Inc. System and Method for Authenticating Transactions Through a Mobile Device
CN103679885A (en) * 2013-12-02 2014-03-26 大连智慧城科技有限公司 Door control identity recognition system and method based on mobile terminal
US20160196705A1 (en) * 2014-02-12 2016-07-07 Viking Access Systems, Llc Movable barrier operator configured for remote actuation
CN103971435A (en) * 2014-05-22 2014-08-06 广东欧珀移动通信有限公司 Unlocking method, server, mobile terminal, electronic lock and unlocking system
CN104063932A (en) * 2014-06-18 2014-09-24 大连智慧城科技有限公司 Non-networking access system based on mobile terminal and implementation method
CN105023334A (en) * 2015-08-10 2015-11-04 广东文城科技发展有限公司 Unlocking and locking control method based on cloud platform and mobile phone APP

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110969738A (en) * 2020-01-16 2020-04-07 河南国立信息科技有限公司 Control system and method of intelligent security entrance guard based on 5G architecture

Also Published As

Publication number Publication date
CN106131015A (en) 2016-11-16
CN110086809B (en) 2022-03-15
CN106131015B (en) 2019-04-30

Similar Documents

Publication Publication Date Title
CN106131015B (en) Permission operation is carried out to neighbouring target facility by mobile device
CN104936178A (en) Wireless power transmitting devices, methods for signaling access information for a wireless communication network and method for authorizing a wireless power receiving device
KR102010355B1 (en) Nfc transaction server
CN104767715B (en) Access control method and equipment
US20050101307A1 (en) Method for performing a voting by mobile terminals
CN108665337A (en) A kind of Vehicular system and its virtual key authentication method
EP0738058A2 (en) Method and apparatus for the secure distribution of encryption keys
CN105551120A (en) Building intercommunication method, near field communication (NFC) unlocking device and building intercommunication system
CN104904130A (en) Systems and methods for programming, controlling and monitoring wireless networks
WO2002073874A2 (en) Method and system for establishing a wireless communications link
CN103067914A (en) Mobile trusted platform (mtp) existing on wtru
WO2004092915A2 (en) Payment processing method and system using a peer-to-peer network
JP2004534306A (en) Payment authorization via beacon
WO2008103991A2 (en) Method and apparatus to deploy dynamic credential infrastructure based on proximity
CN110178161A (en) Using the access control system of safety
CN101309143A (en) Method and system for interactive sharing data between mobile terminals
JP2005504459A (en) Authentication method between portable article for telecommunication and public access terminal
CN1726519B (en) Method and device for providing convenience and authentication for trade
CN109639644A (en) Authority checking method, apparatus, storage medium and electronic equipment
CN105848092A (en) Vehicle control method and device without keys
CN109561429A (en) A kind of method for authenticating and equipment
CN106696749A (en) Charging method and system for electric automobile charging pile with Zigbee
CA2800939C (en) A method of authorizing a person, an authorizing architecture and a computer program product
WO2013102152A1 (en) Secure mechanisms to enable mobile device communication with a security panel
JP4716644B2 (en) Mobile communication system and apparatus constituting the system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant