CN110417784B - Authorization method and device of access control equipment - Google Patents
Authorization method and device of access control equipment Download PDFInfo
- Publication number
- CN110417784B CN110417784B CN201910696326.5A CN201910696326A CN110417784B CN 110417784 B CN110417784 B CN 110417784B CN 201910696326 A CN201910696326 A CN 201910696326A CN 110417784 B CN110417784 B CN 110417784B
- Authority
- CN
- China
- Prior art keywords
- access control
- authorization
- background server
- control equipment
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Abstract
The invention provides an authorization method and device of access control equipment; the method comprises the following steps: responding to an authorization request aiming at the access control equipment, and displaying a graphic code corresponding to the access control equipment, wherein the graphic code is used for authorizing the access control equipment to operate an application program in the access control equipment; when the graphic code obtains the scanning operation of the terminal equipment, obtaining authorization information aiming at the access control equipment; based on the authorization information, acquiring the configuration information corresponding to the application program to operate the application program based on the configuration information, so that the configuration information in the background server can be safely issued to the access control equipment, and the safety authorization of the access control equipment is realized.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an authorization method and an authorization apparatus for an access control device.
Background
The access control equipment in the market is usually provided with services by combining a hardware manufacturer and an algorithm service provider, the algorithm service provider generally provides license authorization files and an algorithm SDK to the hardware manufacturer, and the hardware manufacturer can use the algorithm as long as the hardware manufacturer owns the license equipment. The related technology generally adopts an off-line mode for local identification, however, a malicious hardware manufacturer cracks other applications to acquire license authorization files by using the technology, and loss is brought to an algorithm service provider.
Disclosure of Invention
The embodiment of the invention provides an authorization method and device for access control equipment, which can safely issue configuration information in a background server to the access control equipment, and realize the safety authorization of the access control equipment.
The technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides an authorization method of access control equipment, which comprises the following steps:
responding to an authorization request aiming at the access control equipment, and displaying a graphic code corresponding to the access control equipment, wherein the graphic code is used for authorizing the access control equipment to operate an application program in the access control equipment;
when the graphic code obtains the scanning operation of the terminal equipment, obtaining authorization information aiming at the access control equipment;
and acquiring configuration information corresponding to the application program based on the authorization information, and running the application program based on the configuration information.
The embodiment of the present invention further provides an authorization apparatus for an access control device, including:
the display unit is used for responding to an authorization request aiming at the access control equipment and displaying a graphic code corresponding to the access control equipment, wherein the graphic code is used for authorizing the access control equipment to operate an application program in the access control equipment;
the acquisition unit is used for acquiring authorization information aiming at the access control equipment when the graphic code acquires the scanning operation of the terminal equipment;
and the operation unit is used for acquiring the configuration information corresponding to the application program based on the authorization information and operating the application program based on the configuration information.
In the above scheme, the display unit is further configured to respond to an authorization instruction for the access control device, and send an authorization request for the access control device through session connection with a background server of the application, where the authorization request carries a device identifier of the access control device;
and receiving and displaying the graphic code which carries the user verification page address and is returned by the background server.
In the foregoing solution, the obtaining unit is further configured to:
and when the background server receives the user information sent by the terminal equipment after scanning the graphic code and passes the user information verification, obtaining the authorization information sent by the background server.
In the foregoing solution, the obtaining unit is further configured to:
and when the background server receives the user information sent by the terminal equipment after scanning the graphic code, the user information is verified and the entrance guard equipment is determined to be in a state to be authorized, the authorization information sent by the background server is obtained.
In the above scheme, the authorization information includes an authorization token and a communication key,
the operation unit is further configured to encrypt the authorization token based on the communication key to obtain an encrypted authorization token;
sending the encrypted authorization token through a session connection with a background server of the application;
and receiving the configuration information returned by the background server after the background server obtains the authorization token based on the decryption of the communication key.
In the above scheme, the apparatus further comprises a sending unit,
the sending unit is used for periodically sending a login request of the access control equipment corresponding to the application program to the background server;
and receiving status response information which is returned by the background server and indicates successful login, wherein the status response information is sent after the background server updates the login status of the access control equipment based on the login request.
In the above scheme, the sending unit is further configured to receive a notification message indicating that the device is offline, where the notification message is sent after the backend server receives a login request sent by a device with the same device identifier as the access control device.
In the above scheme, the device further comprises a collecting unit,
the acquisition unit is used for acquiring user information of a target user;
performing feature extraction on the collected user information to obtain user features for identifying the target user;
encrypting the user characteristics to obtain encrypted user characteristics;
sending the encrypted user characteristics through session connection with a background server of the application program;
and receiving a control instruction which is obtained by decrypting the user characteristics by the background server and returns to the user characteristic calibration, wherein the control instruction is used for controlling the access control equipment to execute opening operation or keep a closing state.
The embodiment of the invention provides an authorization device of access control equipment, which comprises:
a memory for storing executable instructions;
and the processor is used for realizing the authorization method of the access control equipment provided by the embodiment of the invention when the executable instruction stored in the memory is executed.
The embodiment of the invention also provides a storage medium, wherein the storage medium stores executable instructions and is used for causing the processor to execute so as to realize the authorization method of the access control equipment provided by the embodiment of the invention.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention displays the graphic code corresponding to the access control equipment based on the authorization request aiming at the access control equipment, obtains the authorization information aiming at the access control equipment when the graphic code obtains the scanning operation of the terminal equipment, obtains the configuration information corresponding to the application program based on the authorization information, and runs the application program based on the configuration information, so that the configuration information in the background server can be safely issued to the access control equipment by scanning the graphic code on line, and the safety authorization of the access control equipment is realized.
Drawings
Fig. 1 is a schematic structural diagram of an authorization system of an access control device according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an authorization apparatus of an access control device according to an embodiment of the present invention;
fig. 3 is a schematic flow chart illustrating an authorization method for an access control device according to an embodiment of the present invention;
fig. 4 is a schematic view of a display interface of the access control device according to the embodiment of the present invention;
fig. 5 is a schematic flow chart illustrating an authorization method for an access control device according to an embodiment of the present invention;
fig. 6 is a schematic flow chart illustrating an authorization method for an access control device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an authorization apparatus of an access control device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail with reference to the accompanying drawings, the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
First, an authorization system of an access control device according to an embodiment of the present invention is described, fig. 1 is a schematic structural diagram of an authorization system of an access control device according to an embodiment of the present invention, and referring to fig. 1, in order to support an exemplary application, an authorization system 100 of an access control device includes a terminal 500, an access control device 400, and a backend server 200, where the terminal 500 is connected to the access control device 400 through a network 300, the access control device 400 is connected to the backend server 200 through the network 300, and the network 300 may be a wide area network or a local area network, or a combination of the two, and uses a wireless link to implement data transmission.
The access control device 400 is configured to respond to a click operation for the access control device, and send an authorization request for the access control device to the backend server 200 through a session connection with the backend server of the application;
the background server 200 is configured to generate a graphic code carrying the user verification page address based on the device identifier, and return the graphic code to the access control device 400;
the access control device 400 is further configured to receive and display the graphic code returned by the background server 200;
the terminal 500 is configured to scan a graphic code displayed by the access control device 400, and input user information on the skipped check page;
the background server 200 is further configured to obtain authorization information for the access control device when receiving the user information sent by the terminal 500 after scanning the graphic code and passing the user information verification, and send the authorization information to the access control device 400;
the access control device 400 is further configured to obtain configuration information corresponding to the application program based on the authorization information sent by the backend server 200, and run the application program based on the configuration information.
Next, an authorization apparatus of an access control device provided by an embodiment of the present invention is described, fig. 2 is a schematic diagram illustrating a composition of the authorization apparatus of the access control device provided by the embodiment of the present invention, and the composition of the apparatus illustrated in fig. 2 is only an example, which should not bring any limitation to the function and the application range of the embodiment of the present invention.
As shown in fig. 2, an authorization apparatus 20 of an access control device provided in an embodiment of the present invention includes: at least one processor 201, memory 202, user interface 203, and at least one network interface 204. The various components in the processing device 20 of the task card are coupled together by a bus system 205. It will be appreciated that the bus system 205 is used to enable communications among the components. The bus system 205 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 205 in fig. 2.
The user interface 203 may include a display, a keyboard, a mouse, a trackball, a click wheel, a key, a button, a touch pad, a touch screen, or the like, among others.
It will be appreciated that the memory 202 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), a Flash Memory (Flash Memory), and the like. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM). The memory 202 described in connection with the embodiments of the invention is intended to comprise these and any other suitable types of memory.
The memory 202 in the embodiment of the present invention can store data to support the operation of the terminal. Examples of such data include: any computer program for operating on a terminal, such as an operating system and application programs. The operating system includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application program may include various application programs.
As an example that the authorization apparatus of the access control device provided by the embodiment of the present invention is implemented by combining software and hardware, the authorization apparatus of the access control device provided by the embodiment of the present invention may be directly embodied as a combination of software modules executed by the processor 201, where the software modules may be located in a storage medium, the storage medium is located in the memory 202, the processor 201 reads executable instructions included in the software modules in the memory 202, and the authorization method of the access control device provided by the embodiment of the present invention is completed by combining necessary hardware (for example, including the processor 201 and other components connected to the bus 205).
By way of example, the Processor 201 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor or the like.
As an example that the authorization apparatus of the access control Device provided in the embodiment of the present invention is implemented by hardware, the apparatus provided in the embodiment of the present invention may be implemented by directly using a processor 201 in the form of a hardware decoding processor, for example, the apparatus may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), or other electronic elements to implement the authorization method of the access control Device provided in the embodiment of the present invention.
The memory 202 in the embodiment of the present invention is used to store various types of data to support the operation of the authorization apparatus 20 of the access control device. Examples of such data include: any executable instructions for operating on the authorization apparatus 20 of the access control device, such as executable instructions, may be included in the executable instructions, and the program implementing the authorization method of the access control device according to the embodiment of the present invention may be included in the executable instructions.
Methods of implementing embodiments of the present invention will be described in connection with the foregoing exemplary application and practice of apparatus embodying embodiments of the present invention.
Fig. 3 is a schematic flow chart of an authorization method for an access control device according to an embodiment of the present invention, and referring to fig. 3, the authorization method for an access control device according to the embodiment of the present invention includes:
step 301: the access control equipment responds to an authorization request aiming at the access control equipment, and displays a graphic code corresponding to the access control equipment, wherein the graphic code is used for authorizing the access control equipment to operate an application program in the access control equipment.
In actual implementation, when an application program in the access control device is operated for the first time, the non-initialization authorization is prompted, and a graphic code is popped up, so that a user with authority adopts the code scanning device to scan the code. Here, the graphic code may be a two-dimensional code, a barcode, or other identification code.
In some embodiments, the access control device may obtain and display the graphical code as follows:
responding to an authorization instruction aiming at the access control equipment, and sending an authorization request aiming at the access control equipment through session connection with a background server of an application program, wherein the authorization request carries an equipment identifier of the access control equipment; and receiving and displaying a graphic code which carries the user verification page address and is returned by the background server.
In practical application, when a user uses an access control device for the first time, such as through a click operation of the user, a corresponding authorization instruction is triggered, the authorization instruction instructs the access control device to perform an initial authorization operation, the access control device sends an authorization request to a background server through a session connection with the background server of an application program in the access control device, the authorization request carries a device identifier of the access control device, the background server receives the authorization request, generates a graphic code containing a user verification page address through a graphic code generation interface based on the device identifier carried in the authorization request, and sends the generated graphic code to the access control device, the access control device receives and displays the graphic code returned by the background server, when the user scans the graphic code by using a scanning device (such as a mobile phone) with a code scanning function, a current page on a terminal device jumps to a corresponding verification page, and then user information verification is performed.
Step 302: and when the graphic code obtains the scanning operation of the terminal equipment, obtaining the authorization information aiming at the access control equipment.
In practical application, the graphic code carries a user verification page address, when a user scans the graphic code on the access control device through the terminal device, a current page on the terminal device jumps to a corresponding verification page, the user can verify user information on the verification page, and if the verification is passed, the user is proved to have authorization operation authority for obtaining the access control device, and authorization information for the access control device can be further obtained.
In some embodiments, when the graphic code obtains the scanning operation of the terminal device, the access control device may obtain the authorization information for the access control device by:
and when the background server receives the user information sent by the terminal equipment after scanning the graphic code and passes the user information verification, obtaining the authorization information sent by the background server.
In actual implementation, when a user scans a graphic code on the access control device through the terminal device, the user verification page address carried in the graphic code is obtained through analysis of the graphic code, and the user is jumped to a corresponding verification page based on the user verification page address, wherein the verification page is used for the user to input user information so as to verify the user information. In practical application, the user information can be a user name and a password, the terminal device sends the input user information to the background server for user information verification, the background server matches the received user information with the pre-stored user information, when the matching is successful, the verification of the user information is passed, and the background server generates authorization information and sends the authorization information to the access control device; and when the matching is unsuccessful, the verification of the user information is not passed, the background server does not generate the authorization information, and the prompt information that the verification is not passed is returned.
In some embodiments, when the graphic code obtains the scanning operation of the terminal device, the access control device may obtain the authorization information for the access control device by:
and when the background server receives the user information sent by the terminal equipment after scanning the graphic code, the user information is verified to be passed and the entrance guard equipment is determined to be in a state to be authorized, the authorization information sent by the background server is obtained.
In actual implementation, the terminal device sends the input user information to the background server for user information verification, and after the user information verification is passed, the background server also judges whether the corresponding access control device is authorized or not based on the device identifier of the access control device. In practical application, a background server stores an equipment identifier and a corresponding authorization state of an access control device, when a new authorization request is received, the background server analyzes the authorization request to obtain an equipment identifier of the current access control device, inquires the authorization state of the current access control device based on the obtained equipment identifier, and when the corresponding equipment identifier is not inquired or the stored authorization state of the corresponding equipment identifier is a to-be-authorized state, the current access control device is not authorized, the background server generates corresponding authorization information and sends the generated authorization information to the access control device; when the stored authorization state corresponding to the equipment identifier is an authorized state, the current access control equipment is authorized, and the background server does not generate new authorization information any more, so that the same manufacturer equipment can be prevented from using the same access control equipment identifier to perform repeated authorization.
Step 303: and acquiring configuration information corresponding to the application program based on the authorization information, and running the application program based on the configuration information.
In practical application, after the access control device passes the authorization, configuration information can be acquired from the background server through the authorization information, and an application program in the access control device is operated based on the configuration information, wherein the configuration information at least comprises one of the following information: computing models, feature libraries, and configuration keys.
In some embodiments, the authorization information includes an authorization token and a communication key, and the access control device may obtain configuration information corresponding to the application program in the following manner:
encrypting the authorization token based on the communication key to obtain an encrypted authorization token; sending the encrypted authorization token to a background server through session connection with the background server of the application program; and receiving configuration information returned by the background server after the background server obtains the authorization token based on the decryption of the communication key.
In practical application, after the access control device passes authorization, the access control device encrypts the authorization token by using the acquired communication key, sends the encrypted authorization token to the background server, decrypts the encrypted authorization token based on the communication key to obtain the decrypted authorization token, and sends configuration information corresponding to the application program to the access control device.
In some embodiments, the access control device further periodically sends a login request of an application program corresponding to the access control device to the background server; and receiving state response information which is returned by the background server and indicates successful login, wherein the state response information is sent after the background server updates the login state of the access control equipment based on the login request.
In practical applications, the communication token and the communication key are device-level, and different device identifications acquire different communication tokens and different communication keys. In actual implementation, after the access control device completes initialization authorization, a login request is periodically sent to a background server to inquire a login state, the background server judges whether a login request sent by other devices which are the same as the device identifier of the access control device is received or not based on the device identifier in the login request, and when the login request sent by other devices which are the same as the device identifier of the access control device is determined not to be received, the background server updates the login state of the access control device, generates and sends a corresponding message indicating that the login is successful to the access control device.
When the background server determines that the login request sent by other equipment with the same equipment identification as the access control equipment is received, in some embodiments, the access control device further receives a notification message indicating offline, where the notification message is sent by the backend server after the backend server determines that the login request sent by the device with the same device identifier as the access control device is received, that is, when the backend server receives the login request sent by the device with the same device identifier, the access control device with the same device identifier is kicked off offline, and thus, for a plurality of access control devices with the same device identification, the access control device with the authorization is ensured to have the authority of operating the application program in the access control device at most one access control device is authorized at the same time, this also prevents devices of the same device manufacturer from being re-registered with the same device identification.
In practical application, when the access control device is successfully initialized and authorized, user information, such as names, departments, photos and the like, can be entered into the access control device, so that the access control device can be used for managing access of a user, and in some embodiments, the access control device can manage access of the user in the following modes:
collecting user information of a target user; carrying out feature extraction on the collected user information to obtain user features for identifying a target user; encrypting the user characteristics to obtain the encrypted user characteristics; sending the encrypted user characteristics through session connection with a background server of the application program; and receiving a control instruction which is obtained by decrypting the user characteristics by the background server and returned after the user characteristics are verified, wherein the control instruction is used for controlling the access control equipment to execute opening operation or keep a closing state.
In practical implementation, the access control equipment acquires target user information, can further extract characteristics of the acquired target user information to obtain user characteristics capable of identifying the user characteristics, and encrypts the extracted user characteristics by adopting a certain encryption technology, for example, the acquired communication key can be used for encrypting the user characteristics, the encrypted user characteristics are sent to the background server, the background server firstly decrypts the encrypted user characteristics after receiving the encrypted user characteristics to obtain the user characteristics, matches the decrypted user characteristics with the prestored user characteristics, and when the matching is successful, indicates that the target user passes the verification, the background server generates a control instruction which passes the verification and sends the control instruction to the access control equipment, and the access control equipment executes opening operation to permit the target user to pass the door; and when the matching is unsuccessful, the verification of the target user information is failed, the background server generates a control instruction of the verification failure and sends the control instruction to the access control equipment, and the access control equipment stores the closing state and does not allow the target user to pass through the door.
Fig. 4 is a schematic view of a display interface of the access control device according to the embodiment of the present invention, and referring to fig. 4, when the target user information with the name of lie four is verified, a prompt of "lie four, the door is opened, and the user welcomes to enter" is displayed on the access control device, and then the lie four can pass through the door.
According to the embodiment of the invention, the configuration information in the background server can be safely issued to the access control equipment through online scanning of the graphic code, so that the safety authorization of the access control equipment is realized; the authorization token is encrypted, so that the authorization token is prevented from being attacked, obtained or tampered by others; and the obtained authorization token and the communication key are in a device level, and the authorization token and the communication key obtained by different device identifiers are different, so that the devices of the same device manufacturer are prevented from using the same device identifier to perform repeated registration authorization.
Continuing to describe the authorization method of the access control device provided by the embodiment of the present invention, referring to fig. 5, fig. 5 is a schematic flow chart of the authorization method of the access control device provided by the embodiment of the present invention, and with reference to fig. 5, the authorization method of the access control device provided by the embodiment of the present invention includes:
step 501: the access control equipment responds to the authorization instruction aiming at the access control equipment, and sends an authorization request of the access control equipment to the background server through session connection with the background server of the application program.
Here, the authorization instruction instructs the access control device to perform an initialization authorization operation, and the authorization request carries the device identifier of the access control device.
Step 502: and the background server generates a graphic code carrying the user verification page address based on the authorization request.
The background server analyzes the received authorization request to obtain an equipment identifier of the access control equipment, and generates a graphic code containing a user verification page address through a graphic code generation interface based on the equipment identifier of the access control equipment, wherein the graphic code is used for authorizing the access control equipment to operate an application program in the access control equipment.
Step 503: and the background server sends the generated graphic code to the access control equipment.
Step 504: and the access control equipment displays the graphic code returned by the background server.
Step 505: and the terminal equipment scans the graphic code displayed by the access control equipment.
Step 506: and displaying the verification page on the terminal equipment.
Step 507: and after the user inputs the user information on the verification page, the terminal equipment sends the user information to the background server.
Step 508: and the background server receives the user information, judges whether the user information passes the verification and judges whether the access control equipment is in an authorized state.
In practical application, a background server allocates an administrator to the access control equipment, a user logs in with the identity of the administrator and can acquire the authority of an application program in the access control equipment, and the background server determines whether user information verification passes or not by judging whether input user information is administrator identity information or not; since the authorization information is at the device level, the backend server may determine the authorization status of the corresponding access control device based on the device identifier of the access control device, and execute step 509 when it is determined that the user information passes the verification and it is determined that the access control device is in the to-be-authorized status.
It should be noted that, when it is determined that the user information check fails, the background server may not generate the authorization information without determining whether the access control device is in an authorization state; when the user information is verified to pass but the access control equipment is in the authorized state, the background server does not generate new authorization information any more, and therefore the situation that the same manufacturer equipment uses the same access control equipment identifier to perform repeated authorization can be avoided.
Step 509: the background server generates authorization information, wherein the authorization information comprises an authorization token and a communication key.
Step 510: and the background server sends the generated authorization information to the access control equipment.
Step 511: the access control equipment encrypts the authorization token based on the communication key to obtain the encrypted authorization token.
Step 512: and the access control equipment sends the encrypted authorization token to the background server through session connection with the background server of the application program.
Step 513: and the background server decrypts the received authorization token based on the communication key.
Step 514: and the background server sends the configuration information corresponding to the application program.
Through the steps 511-514, the authorization token is encrypted and transmitted based on the communication key, so that the authorization token can be prevented from being attacked, obtained or tampered by others.
Step 515: the access control equipment periodically sends a login request of an application program corresponding to the access control equipment.
Step 516: and the background server judges whether a login request sent by other equipment with the same equipment identification as the access control equipment is received.
In actual implementation, when the background server determines that the login request sent by the device with the same device identifier as the access control device is received, step 517 is executed; here, it is emphasized that, when it is determined that the login request sent by the other device having the same device identifier as the access control device is not received, the backend server updates the login state of the access control device, and generates and sends a state corresponding message indicating that the login is successful to the access control device.
517: the background server generates a notification message indicating the offline.
Step 518: and the background server sends notification information indicating offline to the access control equipment.
Step 519: and the access control equipment is offline based on the received notification message.
Through the steps 515 to 519, it is ensured that at most one access control device can be authorized at the same time for a plurality of access control devices with the same device identifier, and the authorized access control device has the authority to operate the application program in the access control device, so that the devices of the same device manufacturer are prevented from being repeatedly registered and authorized by using the same device identifier.
In the following, an exemplary application of the embodiments of the present invention in a practical application scenario will be described.
Taking a face access control device as an example, the authorization method of the access control device provided by the embodiment of the invention is mainly based on code scanning authorization to perform initialization authorization on a background server of the access control machine, and the authorization method of the access control device provided by the embodiment of the invention can be divided into three stages:
1. initialization authorization
Fig. 6 is a schematic flow diagram of an authorization method for an access control device according to an embodiment of the present invention, referring to fig. 6, in actual implementation, a background server is mainly used for providing an application program, such as an algorithm SDK, in a face access control device, which prompts that the application program is not initialized when being used for the first time, that is, when a user clicks the face access control device for the first time, the face access control device responds to a click operation for the access control device and sends an authorization request for the face access control device to the background server through a session connection with the background server of the application program, where the authorization request carries a device identifier of the access control device, the background server parses the received authorization request to obtain a device identifier of the access control device, generates a graphic code carrying a verification page address of the user based on the device identifier, and returns the graphic code to the face access control device, the face access control equipment receives and displays the graphic code returned by the background server, and the terminal scans the graphic code displayed by the face access control equipment to input user information on the skipped check page.
Here, in practical applications, the backend server may assign an administrator right to the face access control device, and when the face access control device is used for the first time, the administrator has a right to request to run an application program in the face access control device. When a user scans a graphic code on access control equipment through terminal equipment, a current page on the terminal equipment jumps to a corresponding verification page, the user can input user information such as a user name and a password on the verification page and send the user information to a background server for user information verification, the background server judges whether the user has administrator authority or not by matching the received user information with distributed administrator information, and if the input user information is successfully matched with the distributed administrator information, the user is proved to have the administrator authority, and the next operation can be executed; otherwise, the user does not have the administrator authority, and a warning prompt is sent out.
And after the user information is determined to pass the verification, the background server also judges whether the corresponding face access control equipment is authorized or not based on the equipment identifier and the manufacturer identifier of the face access control equipment.
In practical application, the background server stores the equipment identifier of the access control equipment and the corresponding authorization state, when a new authorization request is received, the background server analyzes the authorization request to obtain the equipment identifier of the current access control equipment, the authorization state of the current access control equipment is inquired based on the obtained equipment identifier, and when the corresponding equipment identifier is not inquired or the stored authorization state of the corresponding equipment identifier is inquired and obtained as a to-be-authorized state, the current access control equipment is not authorized; and when the stored authorization state of the corresponding equipment identifier is an authorized state, the current access control equipment is authorized.
When the background server passes the user information verification and determines that the face access control device is in a state to be authorized, corresponding authorization information can be generated, and the authorization information comprises: an authorization token and a communication key.
The background server sends the authorization information to the face access control device, and subsequently, the face access control device obtains configuration information such as a calculation model, face features and a configuration key from the background server based on the authorization token and runs an application program in the face access control device based on the obtained configuration information.
The authorization token and the communication key acquired in the above manner are at the device level, and the authorization token and the communication key acquired by different device identifiers are different.
2. Establishing a secure communication mechanism
After the face access control equipment passes the authorization, configuration information such as a calculation model, a face feature library, a configuration key and the like can be pulled from a background server through the authorization token, and the whole network request can be encrypted and signed through a communication key obtained by initializing the authorization.
3. Dynamically verifying device status
In practical application, after the face access control equipment completes initialization authorization, a login request of an application program corresponding to the face access control equipment is periodically sent to a background server, the background server judges whether the login request sent by other equipment with the same equipment identification as the access control equipment is received or not based on the equipment identification in the login request, and when the login request sent by other equipment with the same equipment identification as the access control equipment is determined not to be received, the background server updates the login state of the access control equipment, generates and sends a state message indicating successful login to the access control equipment; when the background server determines to receive the login request sent by the device with the same device identifier as the access control device, that is, when the background server receives the login request sent by the device with the same device identifier, the access control device with the same device identifier is kicked off.
Therefore, for a plurality of access control devices with the same device identification, the condition that only one access control device can be authorized at most at the same time is ensured, the authorized access control device has the authority of operating the application program in the access control device, and the repeated registration and authorization of the devices of the same device manufacturer by using the same device identification are also prevented.
According to the method, the manufacturer equipment identification and the face access control equipment identification are input in advance, authentication is carried out in an online initialization authorization mode of the face access control equipment, the authenticated face access control equipment obtains the calculation model and the face characteristics through a network, an encryption authentication technology is adopted in the network obtaining process, stealing prevention, replay prevention and repeated authentication prevention are guaranteed, and the safety of algorithm service in the background server is guaranteed.
Next, a description is given of an authorization apparatus for an access control device according to an embodiment of the present invention, in some embodiments, a training apparatus for a semantic segmentation model may be implemented in a software module, fig. 7 is a schematic structural diagram of a component of the authorization apparatus for an access control device according to an embodiment of the present invention, and referring to fig. 7, an authorization apparatus 70 for an access control device according to an embodiment of the present invention includes:
the display unit 71 is configured to display a graphic code corresponding to the access control device in response to an authorization request for the access control device, where the graphic code is used to authorize the access control device to run an application program in the access control device;
the obtaining unit 72 is configured to obtain authorization information for the access control device when the graphic code obtains a scanning operation of the terminal device;
and an operation unit 73, configured to obtain configuration information corresponding to the application program based on the authorization information, and operate the application program based on the configuration information.
In some embodiments, the display unit is further configured to send, in response to an authorization instruction for the access control device, an authorization request for the access control device through session connection with a background server of the application, where the authorization request carries a device identifier of the access control device;
and receiving and displaying the graphic code which carries the user verification page address and is returned by the background server.
In some embodiments, the obtaining unit is further configured to obtain the authorization information sent by the backend server when the backend server receives the user information sent by the terminal device after scanning the graphic code and verifies the user information.
In some embodiments, the obtaining unit is further configured to obtain the authorization information sent by the background server when the background server receives the user information sent by the terminal device after scanning the graphic code, passes the user information check, and determines that the access control device is in a to-be-authorized state.
In some embodiments, the authorization information includes an authorization token and a communication key,
the operation unit is further configured to encrypt the authorization token based on the communication key to obtain an encrypted authorization token;
sending the encrypted authorization token through a session connection with a background server of the application;
and receiving the configuration information returned by the background server after the background server obtains the authorization token based on the decryption of the communication key.
In some embodiments, the apparatus further comprises a transmitting unit,
the sending unit is used for periodically sending a login request of the access control equipment corresponding to the application program to the background server;
and receiving status response information which is returned by the background server and indicates successful login, wherein the status response information is sent after the background server updates the login status of the access control equipment based on the login request.
In some embodiments, the sending unit is further configured to receive a notification message indicating offline sent by the background server, where the notification message is sent after the background server receives a login request sent by a device with the same device identifier as the access control device.
In some embodiments, the apparatus further comprises an acquisition unit,
the acquisition unit is used for acquiring user information of a target user;
performing feature extraction on the collected user information to obtain user features for identifying the target user;
encrypting the user characteristics to obtain encrypted user characteristics;
sending the encrypted user characteristics through session connection with a background server of the application program;
and receiving a control instruction which is obtained by decrypting the user characteristics by the background server and returns to the user characteristic calibration, wherein the control instruction is used for controlling the access control equipment to execute opening operation or keep a closing state.
Here, it should be noted that: the above description related to the apparatus is similar to the above description of the method, and for the technical details not disclosed in the apparatus according to the embodiment of the present invention, please refer to the description of the method embodiment of the present invention.
The embodiment of the invention provides an authorization device of access control equipment, which comprises:
a memory for storing executable instructions;
and the processor is used for realizing the authorization method of the access control equipment provided by the embodiment of the invention when the executable instruction stored in the memory is executed.
The embodiment of the invention also provides a storage medium, wherein the storage medium stores executable instructions and is used for causing the processor to execute so as to realize the authorization method of the access control equipment provided by the embodiment of the invention.
In some embodiments, the storage medium may be a memory such as FRAM, ROM, PROM, EPROM, EE PROM, flash, magnetic surface memory, optical disk, or CD-ROM; or may be various devices including one or any combination of the above memories.
In some embodiments, executable instructions may be written in any form of programming language (including compiled or interpreted languages), in the form of programs, software modules, scripts or code, and may be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
By way of example, executable instructions may correspond, but do not necessarily have to correspond, to files in a file system, and may be stored in a portion of a file that holds other programs or data, such as in one or more scripts in a hypertext Markup Language (H TML) document, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code).
By way of example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices at one site or distributed across multiple sites and interconnected by a communication network.
The above description is only an example of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and scope of the present invention are included in the protection scope of the present invention.
Claims (10)
1. A method for authorizing an access control device, the method comprising:
responding to an authorization request aiming at the access control equipment, and displaying a graphic code corresponding to the access control equipment, wherein the graphic code is used for authorizing the access control equipment to operate an application program in the access control equipment;
when the graphic code obtains the scanning operation of the terminal equipment, obtaining authorization information aiming at the access control equipment;
acquiring configuration information corresponding to the application program based on the authorization information, and running the application program based on the configuration information;
in the process of running the application program, periodically sending a login request corresponding to the application program to a background server, wherein the login request is used for requesting the access control equipment to correspond to the login state of the application program;
and receiving a notification message which is returned by the background server and indicates off-line, wherein the notification message is sent after the background server determines that a login request sent by other equipment with the same equipment identification as the access control equipment is received.
2. The method of claim 1, wherein the displaying the graphic code corresponding to the access control device in response to the authorization request for the access control device comprises:
responding to an authorization instruction aiming at the access control equipment, and sending an authorization request aiming at the access control equipment through session connection with a background server of the application program, wherein the authorization request carries an equipment identifier of the access control equipment;
and receiving and displaying the graphic code which carries the user verification page address and is returned by the background server.
3. The method of claim 1, wherein obtaining the authorization information for the access control device when the graphic code obtains the scanning operation of the terminal device comprises:
and when the background server receives the user information sent by the terminal equipment after scanning the graphic code and passes the user information verification, obtaining the authorization information sent by the background server.
4. The method of claim 1, wherein obtaining the authorization information for the access control device when the graphic code obtains the scanning operation of the terminal device comprises:
and when the background server receives the user information sent by the terminal equipment after scanning the graphic code, the user information is verified and the entrance guard equipment is determined to be in a state to be authorized, the authorization information sent by the background server is obtained.
5. The method of claim 1, wherein the authorization information includes an authorization token and a communication key, and wherein obtaining the configuration information corresponding to the application based on the authorization information comprises:
encrypting the authorization token based on the communication key to obtain an encrypted authorization token;
sending the encrypted authorization token through a session connection with a background server of the application;
and receiving the configuration information returned by the background server after the background server obtains the authorization token based on the decryption of the communication key.
6. The method of claim 1, wherein the method further comprises:
and receiving status response information which is returned by the background server and indicates successful login, wherein the status response information is sent after the background server updates the login status of the access control equipment based on the login request.
7. The method of claim 1, wherein the method further comprises:
collecting user information of a target user;
performing feature extraction on the collected user information to obtain user features for identifying the target user;
encrypting the user characteristics to obtain encrypted user characteristics;
sending the encrypted user characteristics through session connection with a background server of the application program;
and receiving a control instruction which is obtained by decrypting the user characteristics by the background server and returned after verifying the user characteristics, wherein the control instruction is used for controlling the access control equipment to execute opening operation or keep a closing state.
8. An apparatus for authorizing an access control device, the apparatus comprising:
the display unit is used for responding to an authorization request aiming at the access control equipment and displaying a graphic code corresponding to the access control equipment, wherein the graphic code is used for authorizing the access control equipment to operate an application program in the access control equipment;
the acquisition unit is used for acquiring authorization information aiming at the access control equipment when the graphic code acquires the scanning operation of the terminal equipment;
the operation unit is used for acquiring configuration information corresponding to the application program based on the authorization information and operating the application program based on the configuration information;
the access control device comprises a sending unit, a receiving unit and a processing unit, wherein the sending unit is used for periodically sending a login request corresponding to the application program to a background server in the process of running the application program, and the login request is used for requesting the access control device to correspond to the login state of the application program;
and the receiving unit is used for receiving a notification message which is returned by the background server and indicates that the equipment is off-line, wherein the notification message is sent after the background server determines that a login request sent by other equipment with the same equipment identification as the access control equipment is received.
9. An apparatus for authorizing an access control device, the apparatus comprising:
a memory for storing executable instructions;
a processor, configured to execute the executable instructions stored in the memory to implement the method for authorizing a door access device according to any one of claims 1 to 7.
10. A computer-readable storage medium having stored thereon executable instructions for causing a processor to perform a method of authorizing a door access device according to any one of claims 1 to 7 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910696326.5A CN110417784B (en) | 2019-07-30 | 2019-07-30 | Authorization method and device of access control equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910696326.5A CN110417784B (en) | 2019-07-30 | 2019-07-30 | Authorization method and device of access control equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110417784A CN110417784A (en) | 2019-11-05 |
| CN110417784B true CN110417784B (en) | 2021-10-12 |
Family
ID=68364255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910696326.5A Active CN110417784B (en) | 2019-07-30 | 2019-07-30 | Authorization method and device of access control equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110417784B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112950833B (en) * | 2019-12-11 | 2022-08-30 | 浙江宇视科技有限公司 | Authorization method, device, equipment and storage medium of access control equipment |
| CN111629012B (en) * | 2020-07-28 | 2020-10-30 | 杭州海康威视数字技术股份有限公司 | Communication method, communication device, access control system, access control equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634294A (en) * | 2013-10-31 | 2014-03-12 | 小米科技有限责任公司 | Information verifying method and device |
| CN107404382A (en) * | 2016-05-18 | 2017-11-28 | 奥多比公司 | Use the licensable feature of access token control software |
| US10218695B1 (en) * | 2018-03-27 | 2019-02-26 | Capital One Services, Llc | Systems and methods for providing credentialless login using a random one-time passcode |
| CN109615757A (en) * | 2019-02-27 | 2019-04-12 | 西安艾润物联网技术服务有限责任公司 | Visitor's access control management method, system and storage medium |
-
2019
- 2019-07-30 CN CN201910696326.5A patent/CN110417784B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634294A (en) * | 2013-10-31 | 2014-03-12 | 小米科技有限责任公司 | Information verifying method and device |
| CN107404382A (en) * | 2016-05-18 | 2017-11-28 | 奥多比公司 | Use the licensable feature of access token control software |
| US10218695B1 (en) * | 2018-03-27 | 2019-02-26 | Capital One Services, Llc | Systems and methods for providing credentialless login using a random one-time passcode |
| CN109615757A (en) * | 2019-02-27 | 2019-04-12 | 西安艾润物联网技术服务有限责任公司 | Visitor's access control management method, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110417784A (en) | 2019-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107332808B (en) | Cloud desktop authentication method, server and terminal | |
| US20220209951A1 (en) | Authentication method, apparatus and device, and computer-readable storage medium | |
| EP3208732A1 (en) | Method and system for authentication | |
| CN1752887B (en) | Computer security system and method | |
| US9787672B1 (en) | Method and system for smartcard emulation | |
| CN109587162B (en) | Login verification method, device, terminal, password server and storage medium | |
| US20130023240A1 (en) | System and method for transaction security responsive to a signed authentication | |
| US20190182050A1 (en) | Method for authenticating a user based on an image relation rule and corresponding first user device, server and system | |
| CN112887340B (en) | Password resetting method and device, service management terminal and storage medium | |
| CN110365684A (en) | Access control method, device and the electronic equipment of application cluster | |
| CN101277192A (en) | Method and system for checking client terminal | |
| CN109815666B (en) | Identity authentication method and device based on FIDO protocol, storage medium and electronic equipment | |
| CN110417784B (en) | Authorization method and device of access control equipment | |
| CN111200593A (en) | Application login method and device and electronic equipment | |
| CN112559991A (en) | System secure login method, device, equipment and storage medium | |
| KR102012262B1 (en) | Key management method and fido authenticator software authenticator | |
| TWI465128B (en) | Method, system of server authentication, and a computer-readable medium | |
| CN113055182B (en) | Authentication method and system, terminal, server, computer system, and medium | |
| CN111600701B (en) | Private key storage method, device and storage medium based on blockchain | |
| CN112398787B (en) | Mailbox login verification method and device, computer equipment and storage medium | |
| EP2985712A1 (en) | Application encryption processing method, apparatus, and terminal | |
| CN112348998A (en) | Method and device for generating one-time password, intelligent door lock and storage medium | |
| CN103559430A (en) | Application account management method and device based on android system | |
| CN115941217B (en) | Method for secure communication and related products | |
| CN112583816A (en) | Login verification method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |