CN110677436A - Object access authority management background system, device and user terminal - Google Patents
Object access authority management background system, device and user terminal Download PDFInfo
- Publication number
- CN110677436A CN110677436A CN201911060616.7A CN201911060616A CN110677436A CN 110677436 A CN110677436 A CN 110677436A CN 201911060616 A CN201911060616 A CN 201911060616A CN 110677436 A CN110677436 A CN 110677436A
- Authority
- CN
- China
- Prior art keywords
- virtual key
- user
- access control
- information
- control device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
- Storage Device Security (AREA)
Abstract
Provided are an object access right management background system, device and user terminal. The background system comprises: the system comprises an object access authority table, a user service module and an item domain management module; the project domain management module serves different project domains and comprises a background management interface for managers in the project domain to input object information, object owner information and access control device information; the object access authority table is formed by automatically summarizing object owner information and object information in all project domain management modules by a background system, and comprises object owner identification information and corresponding object numbers; the user service module processes the request from the user terminal. The invention realizes a convenient, flexible, reliable and extensible universal virtual key technology basic framework.
Description
The application is a divisional application of a patent with the application date of 2016, 10 and 20, the application number of 201610914471.2, and the name of the invention, namely an object access authority management method, a corresponding background system, a device and a user terminal.
Technical Field
The present invention relates to a technology for operating an access control device, and more particularly, to a technology for operating an intelligent access control device having a networking function, a background system, and a terminal.
Background
Techniques used by currently available access control devices include: entity key, password input, ID/IC card identification, RFID card identification, magnetic card identification, two-dimensional code identification, Bluetooth identification, NFC identification, biological characteristic identification (such as human face, fingerprint, iris, palm print and the like) and the like. Besides biological characteristic identification, several technologies of entity key, password input, ID/IC card identification, RFID card identification and magnetic card identification are applied for many years, but the defects of troublesome management (particularly when personnel mobility is high) and difficult invalidation after loss exist; two-dimensional codes, bluetooth and NFC are popularized along with popularization of smart phones in recent years, but products or technologies for realizing operation of an access control device by using the smart phones in the prior art are insufficient in safety, reliability, flexibility, expandability, scaleability and universality.
Disclosure of Invention
The invention aims to provide a virtual key operation access control device unlocking method which is wide in application range and flexible, and a background system, an access control device and a user terminal which use the method.
The method specifically comprises the following steps:
the background system receives a new user registration request from a user terminal, after the registration is verified successfully, a virtual key package and a virtual key for the object associated access control device are created for each object which can be accessed by a new user according to an object access authority table, a corresponding virtual key updating message is sent to each associated access control device, and if no accessible object exists, an empty virtual key package is created for the new user, wherein the object access authority table comprises object owner identification information and a corresponding object number;
the background system receives a member adding request from a user terminal, and adds a new member with a designated role in a virtual key package of a logged-in user of the user terminal according to request parameters;
the background system receives a virtual key adding request from the user terminal, adds a virtual key record for associating the access control devices in the appointed virtual key packet according to the request parameters, and sends a corresponding virtual key updating message to each associated access control device;
and the background system receives a virtual key package data acquisition request from the user terminal and returns all or appointed virtual key package data of the login user to the user terminal.
The technical scheme adopts the virtual key and the virtual key packet to enable a user to realize the access authority control of the object on the access control device through the user terminal. A virtual key package corresponds to an accessible object in which there may be a plurality of virtual keys of the access control device associated with the accessible object. The user can access different objects or access an object controlled by a plurality of access control devices by using one user terminal.
The method is not only suitable for common intelligent access control devices (including buildings, units, floors, districts, areas, garages, villas and other object types in fixed or movable spaces), but also suitable for intelligent lock devices and access devices with networking functions. In some embodiments, the access control device can be connected and communicated with a vehicle control system to realize the control of opening the door and unlocking the door, thereby realizing safe, flexible and convenient vehicle renting management. The same is true for other movable objects, such as smart lock devices on objects such as safe deposit boxes, safes, etc.
The access control device receives the virtual key updating message from the background system only when the background system has the virtual key aiming at the device to be updated so as to keep the consistency of the data in the device and the background system data. When the virtual key in the virtual key packet of the user changes, the background system sends a virtual key update message to the corresponding access control device, and the virtual key record comprises: authorizers, authorized persons, authorization validity periods, authorization types and access control device information for authorized access; the access control device updates the virtual key data stored in the device after receiving the virtual key update message.
In different embodiments, the user terminal may be an intelligent device with different communication modules, display modes, and interaction modes, such as a smart phone, a tablet computer, a smart watch, a vehicle-mounted device, smart glasses, a smart robot, and the like.
The second purpose of the present invention is to provide a general (cross-domain, cross-region) object access right management method based on virtual key technology, and a background system, an access control device and a user terminal applying the method. The specific method further comprises the following steps:
the background system comprises a project domain management module, a background management interface and an access control device, wherein the project domain management module is used for serving different project domains and comprises a background management interface for a manager to input object information and object owner information and to access the installation and arrangement information of the control device;
the object access authority table of the background system is formed by automatically summarizing object owner information and object information in all project domains served by the project domain management module by the background system, and comprises object owner identification information and corresponding object numbers.
The novel technical scheme solves the defect of management and control capacity of the cross-domain and cross-region access control device in the prior technical scheme. Thus, the application area of the virtual key spans different products, different real estate items in different regions, hotels, apartments, transportation vehicles, safe deposit boxes, and the like. For the user, only one user terminal can control the access control device of the place where the user frequently enters and exits.
The third purpose of the present invention is to provide a method for managing the access rights of an object, which is friendly to the management service personnel of the object, and a background system, an access control device and a user terminal applying the method. The specific method further comprises the following steps: the object access right table in the background system further comprises: and the project domain manager identification information and the project domain object partition number list.
The scheme allows the manager of the project domain to use the user terminal to conveniently and administratively access (such as patrol management, maintenance, presence service and the like) the objects in the project domain. And this is by the newly added project domain manager identification information and project domain object partition number list. In some specific embodiments, after the property service personnel in the cell can use the user terminal to register in the background system, the virtual key data of the entrance guard device related to the building in the area authorized to be accessed by the property service personnel is obtained, and then the user terminal can be used for passing through the entrance guard device authorized to be accessed.
The fourth purpose of the present invention is to provide an object access right management method with multi-level grouping right management capability, and a background system, an access control device and a user terminal applying the method. The specific method further comprises that the member roles comprise: administrator, group administrator, common member, visitor; the administrator can create and manage virtual key records of the administrator, the common members and the visitors; the group administrator can create and manage virtual key records of the group administrator, common members and visitors; the common member can create a virtual key record of the common member and the visitor; the guest can only passively receive virtual key records assigned to it from other personas.
The new technical scheme can be used for different objects, and the owner of the object and other managers authorized by the owner can define the accessable person of the object, the access right, the access times and the access validity period by themselves, and all the access right, the access times and the access validity period are realized by virtual key technology.
In a specific embodiment, for example, a home owner may add a tenant into a key package of the owner to become a group administrator, and authorize a tenant to use the virtual key during a lease period, and the tenant may also authorize a family of the owner of the.
The fifth purpose of the present invention is to provide an object access right management method, which can use a wearable accessory device to realize the object access capability through an access control device, and a background system, an access control device and a user terminal applying the method. The specific method further comprises the following steps that the virtual key record comprises: authorizer, authorizee, authorization validity period, authorization type, access control device information of authorized access. When the authorizer is the virtual key user, the authorizer information in the virtual key record includes identification information of the short-range wireless accessory device bound by the user at the user terminal.
The novel technical scheme solves the problem that some users do not carry the user terminal in some cases, wear or wear the wearable accessory device and want to access objects through the access control device. The user can bind the wearable accessory device on the user terminal in advance, and then authorize the accessory device to be linked with a certain virtual key record of the user terminal through the background system.
The mainstream wearable accessory devices in the market at present support the Bluetooth low energy communication technology, and through the new technical scheme, the accessory devices can also use the virtual key technology.
In summary, the present invention generally implements a convenient, flexible, reliable, and extensible universal virtual key technology infrastructure.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a system block diagram of a backend system in one embodiment;
FIG. 2 is a system block diagram of an access control device in one embodiment;
FIG. 3 is a system block diagram of a user terminal in one embodiment;
FIG. 4 is a flow diagram that illustrates the processing of the backend system to process a new user after verifying that registration is successful, under an embodiment;
FIG. 5 is a flow diagram that illustrates a background system processing a request to add a virtual key, in one embodiment;
FIG. 6 is a flow diagram that illustrates the processing of a backend system to process an add member request, in one embodiment;
FIG. 7 is a flow diagram that illustrates processing of authorization checks when a backend system makes an add virtual key request, according to an embodiment.
Detailed Description
The following description is presented to enable any person skilled in the art to make and use the embodiments, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present disclosure. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
The data structures and code described in the detailed description are typically stored on a computer-readable storage medium, which can be any device or medium that can store code and/or data for use by a computer system. Computer-readable storage media include, but are not limited to, volatile memory, non-volatile memory, magnetic storage devices, and optical storage devices (e.g., disk drives, magnetic tape, CDs (compact discs), DVDs (digital versatile discs or digital video discs), or other media capable of storing code and/or data now known or later developed.
The methods and processes described in the detailed description section can be implemented as code and/or data, which can be stored in a computer-readable storage medium as described above. When a computer system reads and executes the code and/or data stored on the computer-readable storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the computer-readable storage medium.
Also, the methods and processes described herein can be embodied within hardware modules or devices. These modules or devices may include, but are not limited to, an Application Specific Integrated Circuit (ASIC) chip, a Field Programmable Gate Array (FPGA), a dedicated or shared processor that executes a particular software module or piece of code at a particular time, and/or other programmable logic devices now known or later developed. When activated, the hardware modules or devices perform the methods and processes contained within them.
FIG. 1 illustrates a backend system 100 according to one embodiment. The background system 100 may correspond to a server, a cluster, a service program running on a virtual machine, and a service program running in a cloud system container, where each module may also be a server, a cluster, a service program running on a virtual machine, and a service program running in a cloud system container. Referring to fig. 1, the user service module 101 processes a request from a user terminal 300 by: registration request processing 133, registration request processing 132, and virtual key-related request processing 131. When the virtual key data is updated, the message processing module 105 sends a virtual key update message to the access control device 200, and the new virtual key data is also returned to the user terminal 300. The user service module 101 accesses the access control device table 122 through the global object access service 111 interface access object access authority table 125 and the project domain information access service 110 interface access control device table. The user's virtual key package and virtual key data are stored in the user key package 126 database, while the user account database 127 only stores data relevant for user login; all operations for the user account and virtual key package, virtual key, are recorded in the database user access log 128. The system management module 104 manages and monitors the system-wide running status of the backend system 100, and particularly, the system management module 104 manages the starting and running of a plurality of instances of the project domain management module 102, wherein the instances are isolated and independent from each other without interference and influence, and the database between the instances is also isolated and independent. Each project domain manager logs in the background management 130 of the project domain through the project domain manager terminal 199 to complete the entry and editing management of the object owner information 120, the object information 121, and the access control device table 122. The information in the access control device table includes: area number, device hardware identification, device type, associated device list, device installation information, which should be entered when installing and configuring the access control device. The global project domain information summarization 136 service is used to automatically summarize data in different instances of the project domain management module 102, and the summarized results are stored in the object access permission table 125.
In the embodiment shown in fig. 1, a system administrator of the backend system 100 uses a system administrator terminal 198 to log in the system management module 104 for system level management and maintenance.
In some embodiments, the manager of the community property service company inputs the house information, owner information, building information, and entrance guard equipment information of the community into the corresponding background management operation interface of the community.
In some embodiments, the manager serving the apartment enters the house information, the floor information and the intelligent lock device information of the apartment in the background management operation interface corresponding to the apartment project.
In some embodiments, a manager of a car rental company inputs car information and intelligent car lock device information in a corresponding background management operation interface of the company.
In some embodiments, the project domain management module also implements device, manager monitoring 137. Each project domain manager can complete the entry and editing management of the manager identification information 123 and the object partition number list 124 by the project domain manager logging in the background management 130 of the project domain through the terminal 199. This information is also automatically summarized into the object access rights table 125.
In some embodiments, the manager of the community property service company also inputs property service personnel information, building partition information and property service personnel partition service information of the community into the corresponding background management operation interface of the community.
In some embodiments, a manager serving an apartment enters information such as management and service personnel information, partition authority and the like of the apartment in a background management operation interface corresponding to an apartment project.
In some embodiments, the virtual key record includes: authorizer, authorizee, authorization validity period, authorization type, access control device information of authorized access. According to the embodiment of different application scenes, richer virtual key record information can be designed to meet the requirements of the application scenes. For example, in some embodiments, a single access control device may manage and control a group of multiple safe deposit boxes, in which case the opening of a particular sub-safe deposit box may be controlled by simply adding the number of the sub-box to the virtual key record for verification.
In some embodiments, the user may use the user terminal 300 to bind his or her own accessory device (e.g., a bluetooth bracelet or a watch) to his or her own virtual key, so that the user may use the accessory device to unlock the access control device. In this case, the authorizer in the virtual key record is the virtual key user himself, and the information of the authorized person includes identification information of the short-range wireless accessory device bound by the user at the user terminal.
Fig. 2 illustrates an access control device 200 according to an embodiment. The access control device 200 may be implemented as various access devices, various smart locks, and various entry and exit gates. Referring to fig. 2, the central processing unit 212 is responsible for controlling and managing the operation of all the processing units of the processor 201. The network module 204 is used for connecting the access control device 200 to the backend system 100, and after the login to the backend system 100 is completed through the login registration processing unit 204, the service of the backend system 100 can be accessed, and the virtual key update message from the backend system 100 is received. If the virtual key update message from the background system 100 is received, the message processing unit 213 delivers the message to the virtual key processing unit 210 for processing, and the virtual key processing unit 210 verifies the message first and updates the message to the virtual key library encrypted and stored in the device local storage 202 after the verification is successful. The input module 203 receives the virtual key data from the user terminal 300, the received virtual key data is sent to the input identification processing unit 211 for processing, and the virtual key processing unit 210 performs further checksum processing after identification and processing are completed. If the received virtual key data passes the verification, the central processing unit 212 sends an unlocking command to the electric lock control interface 205 to drive the electric lock 299 to perform an unlocking operation.
In some embodiments, the input module comprises: NFC near field communication unit, low-power consumption bluetooth communication unit, two-dimensional code scanning unit.
Fig. 3 illustrates a user terminal 300 according to an embodiment. The user terminal 300 may be various mobile terminals, smart phones, tablet computers, notebook computers, smart watches, smart glasses, vehicle-mounted computers, and the like. Referring to fig. 3, the central processing unit 313 is responsible for controlling and managing the operation of all the processing units of the processor 301. The network module 303 is used for the user terminal 300 to connect to the backend system 100, and after completing the login to the backend system 100 through the login registration processing unit 316, the user terminal can access the service of the backend system 100 and receive the virtual key update message from the backend system 100. If the virtual key update message from the background system 100 is received, the message processing unit 314 delivers the message to the virtual key processing unit 311 for processing, and the virtual key processing unit 311 verifies the message first, and updates the message to the virtual key library encrypted and stored in the device local storage 302 after the verification is successful. The input module 305 receives an operation input of a user, the output module 304 outputs a feedback to the user, the user interaction processing unit 315 completes interaction with the user through the input module 305 and the output module 304, such as interaction operations of selection and viewing of a virtual key package, member management, management and addition authorization of a virtual key, and then sends a virtual key request to the background system 100 through the virtual key processing unit 311, the virtual key request unit 312, the network connection processing unit 317, and the network module 303. After logging in to the background system 100, the saved virtual key package data is decrypted from the local storage 302, and if not found, a request for obtaining the virtual key package is sent to the background system 100. The short-range communication module 306 can transmit the virtual key data to the access control device 200 to perform an unlocking operation.
In some embodiments, the short-range communication module 306 includes an NFC near-field communication unit, a bluetooth low energy communication unit. The short-range communication processing unit 319 is responsible for processing the connection and communication of these short-range communications.
In some embodiments, the binding with the short-range wireless accessory device 399 may be accomplished via the user interaction processing unit 315, the accessory processing unit 310, and the short-range communication module 306, and then the add virtual key request may be sent to the background system 100 via the virtual key unit 311, the virtual key request unit 312, authorizing the short-range wireless accessory device to perform a virtual key unlock operation.
In some embodiments, the virtual key may be output to the display screen through the output module 304 in the form of a two-dimensional code for recognition by the two-dimensional code recognition unit of the access control device 200 or after being photographed by the camera unit.
FIG. 4 sets forth a flow chart illustrating processing by the back-office system after successful verification of new user registration according to one embodiment.
First, a list of objects accessible to the user is retrieved in the object access rights table 125 (step 400). It is then determined whether the resulting list is empty (step 402). If it is empty, a new empty virtual key package is created for the user (step 432), and then the virtual key package data is returned to the user terminal (step 430), and the process ends. If the list is not empty, a record of the object is taken from the list (step 404), whether the reading is successful or not is judged (step 406), if the reading is not successful, the virtual key package data is returned to the user terminal (step 430), and the process is ended. If the reading is successful, a new empty virtual key package is created for the user (step 408), and the virtual key package is then associated with the object (step 410). Next, the access control device table 122 is queried to obtain an object-associated access control device list (step 412), a device information is obtained from the object-associated access control device list (step 414), whether the reading is successful or not is judged (step 416), and if the reading is failed, the reading is finished, the process returns to step 404 to process the next object. Otherwise, a successful read creates a virtual key for the access control device associated with the object to the user (step 418), places the new virtual key in the current virtual key package (step 420), sends a virtual key update message to the access control device associated with the object in an asynchronous manner (step 422), and returns to step 414 to process the next access control device in the list.
In some embodiments, the retrieval of the object access rights table 125 is accomplished through the global object access service 111, rather than directly accessing the database.
In some embodiments, the query to the access control device table 122 is done through the project domain information access service 110, rather than directly accessing the database.
FIG. 5 sets forth a process flow diagram illustrating a background system processing an add virtual key request according to one embodiment.
First, it is checked whether the request parameters are valid (step 500), and if there are invalid parameters, a parameter error response is returned (step 534), and the process ends. If the parameter check is passed, then determine whether the parameter of the authorization right is valid (step 502), if the authorization check fails, return an authorization failure error response (step 532), and the process ends. If the authorization check passes, the user's virtual key fob is first searched for an object that matches the parameters (step 504). At step 506, a determination is made as to whether a match is found, and if not, a parameter error response is returned (step 534) and the process ends. If the virtual key is found, the access control device table is inquired to obtain an access device list associated with the object (step 508), one device information is taken from the access device list (step 510), whether the reading is successful or not is judged (step 512), if the reading is failed, the new virtual key data is returned (step 530), and the processing is finished. If not, step 514 is entered where the user is created a virtual key for the access control device associated with the object. The parameters of the new virtual key are then set according to the requested parameters (step 516). Once set, a virtual key update message is sent asynchronously to the access control device and the authorized person (step 518). The new virtual key is then placed in the virtual key fob (step 520). Then returning to step 510, processing continues with the next device in the list.
FIG. 6 sets forth a process flow diagram illustrating the background system processing an add member request according to one embodiment.
First, whether a member to be added exists in the virtual key package is checked (step 600), a return result is judged in step 602, if the member exists, the result is returned (626), and the process is ended. If the user is not present, a determination is made as to whether the role parameters are correct (step 604). If the determination result is negative, a result that the character parameter is incorrect is returned (step 622), and the process ends. If the role parameter is correct, then determine if the user role authority is higher than the role authority of the specified new member (step 606), if not, return the result of role parameter error (step 622), and the process ends. If yes, then determine if the user's role is a guest role (step 608), if so, return a result without such permission (step 624), and the process ends. If not, a new member of the designated role is created according to the request parameters (step 610), and the newly created new member is then added to the user's virtual key package (step 612). Finally, a success result is returned (step 620), and the process ends.
FIG. 7 sets forth a process flow diagram illustrating a backend system performing authorization checks (see step 502) according to one embodiment.
First, from the information of the authorizer and the authorized user in the user virtual key package (step 700), it is determined whether the query or the reading fails in step 702, if no record of any authorizer or authorized user is found, step 710 is entered, it is determined whether the authorized user is an accessory device, if yes, step 706 is entered, otherwise, the checking result is returned as no user (step 724). Otherwise, it is determined whether the authority of the authorizer is higher than the authorized one (step 704), and if not, the checking result is returned without the authority (step 722). If yes, then determine if the authorizer is a guest role (step 706), and if yes, return to check if the result is no such permission (step 722). Otherwise, go to step 708 to determine if the authorizer key package is not associated with an object, and if not, go to step 722 to return the checking result without such permission. If there is an association, the check result is returned as a success (step 720).
Generally, the user terminal 300 will ensure that the sent request parameters are correct and normative, but the background system 100 will perform various parameter validity and authority checks on the sent request based on the security considerations, so as to prevent an attacker or a destructor from sending an illegal request by using fake data, which affects the normal use of the system and causes unnecessary loss of the user.
It will be appreciated by those skilled in the art that the components of the apparatus and steps of the method provided in the embodiments of the invention described above may be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented in program code executable by a computing device. Thus, they may be stored in a memory device for execution by a computing device, or they may be separately fabricated as individual integrated circuit modules, or multiple modules or steps thereof may be fabricated as a single integrated circuit module for implementation. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention, but should not be taken as limiting the scope of the invention, which is defined by the appended claims.
Claims (10)
1. A back-end system for providing services to an access control device and a user terminal, comprising: the system comprises an object access authority table, a user service module and an item domain management module; the project domain management module serves different project domains and comprises a background management interface for managers in the project domain to input object information, object owner information and access control device information; the object access authority table is formed by automatically summarizing object owner information and object information in all project domain management modules by a background system, and comprises object owner identification information and corresponding object numbers; the user service module processes requests from the user terminals, including,
new user registration request: after the verification and registration are successful, a virtual key packet and a virtual key for the object-associated access control device are created for each object which can be accessed by the new user according to the object access authority table, and if no accessible object exists, an empty virtual key packet is created for the new user;
adding member request: adding a new member of the designated role in the virtual key packet of the designated user according to the request parameter;
add virtual key request: adding a virtual key record for associating the access control devices in the appointed virtual key packet according to the request parameters, and sending a corresponding virtual key updating message to each associated access control device; acquiring a virtual key package data request: and returning all or appointed virtual key packet data of the login user according to the request parameters.
2. The back-office system of claim 1, wherein the project domain management module further comprises a back-office management interface for use by a manager for entering and managing project domain manager identification information and a project domain object partition number list.
3. The backend system of claim 1, wherein the member roles comprise: administrator, group administrator, common member, visitor; the administrator can create and manage virtual key records of the administrator, the common members and the visitors; the group administrator can create and manage virtual key records of the group administrator, common members and visitors; the common member can create a virtual key record of the common member and the visitor; the guest can only passively receive virtual key records assigned to him from other characters.
4. The backend system according to claim 1, 2 or 3, wherein the virtual key record comprises: authorizer, authorizee, authorization validity period, authorization type, access control device information of authorized access.
5. The backend system of claim 4, wherein when the authorizer is the virtual key user's own, the authorizer information in the virtual key record includes identification information of the short-range wireless accessory device bound by the user at the user terminal.
6. An access control device, comprising: the device comprises a processor, a memory, an electric lock control interface, a network module and an input module; the network module is used for connecting and accessing the background system; the input module is used for receiving virtual key data from the user terminal; the processor is configured to:
connecting and logging in a background system;
receiving a virtual key updating message from a background system, and updating the virtual key updating message into a virtual key library stored in a local memory in an encrypted manner after verification is successful;
and receiving an unlocking request from the user terminal, verifying whether the virtual key in the request parameter has a corresponding record in a virtual key library of the local memory, if so, checking, and if the checking result is correct, sending an unlocking command to the electric lock control interface.
7. The access control device of claim 6, wherein the input module comprises a short-range wireless communication unit and a two-dimension code identification unit, and the short-range wireless communication comprises Bluetooth low energy communication and NFC near field communication.
8. A user terminal, comprising:
means for registering a new user through a backend system;
the device is used for receiving all the virtual key packet data of the user from the background system, then encrypting and storing the virtual key packet data locally and displaying the encrypted virtual key packet data to the user for selection and viewing;
a device for managing members and member roles in the virtual key package and the virtual key by a user through an interactive operation interface and a background system;
means for logging into a backend system;
a device for decrypting the locally stored virtual key package data after the background system is successfully logged in, and sending a request for acquiring the virtual key package data to the background system if the locally stored virtual key package data does not exist;
the device is used for receiving the virtual key data from the background system by the user and encrypting and storing the virtual key data in local;
means for the user to send the virtual key data to the access control device for an unlocking operation.
9. The user terminal of claim 8, wherein the member roles include: administrator, group administrator, common member, visitor; the administrator can create and manage virtual key records of the administrator, the common members and the visitors; the group administrator can create and manage virtual key records of the group administrator, common members and visitors; the common member can create a virtual key record of the common member and the visitor; the guest can only passively receive virtual key records assigned to it from other personas.
10. The user terminal according to claim 8 or 9, wherein the virtual key record comprises: authorizer, authorizee, authorization validity period, authorization type, access control device information of authorized access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911060616.7A CN110677436A (en) | 2016-10-20 | 2016-10-20 | Object access authority management background system, device and user terminal |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911060616.7A CN110677436A (en) | 2016-10-20 | 2016-10-20 | Object access authority management background system, device and user terminal |
| CN201610914471.2A CN106534080B (en) | 2016-10-20 | 2016-10-20 | Object access right management method, corresponding background system, device and user terminal |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610914471.2A Division CN106534080B (en) | 2016-10-20 | 2016-10-20 | Object access right management method, corresponding background system, device and user terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110677436A true CN110677436A (en) | 2020-01-10 |
Family
ID=58332709
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610914471.2A Active CN106534080B (en) | 2016-10-20 | 2016-10-20 | Object access right management method, corresponding background system, device and user terminal |
| CN201911060616.7A Pending CN110677436A (en) | 2016-10-20 | 2016-10-20 | Object access authority management background system, device and user terminal |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610914471.2A Active CN106534080B (en) | 2016-10-20 | 2016-10-20 | Object access right management method, corresponding background system, device and user terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN106534080B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113362510A (en) * | 2021-05-10 | 2021-09-07 | 华翔翔能科技股份有限公司 | Cell visitor management method and system |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107492174B (en) * | 2017-08-24 | 2018-07-27 | 东峡大通(北京)管理咨询有限公司 | Enabled code introduction method, client and the shared vehicle server of shared vehicle |
| CN108109232A (en) * | 2017-12-06 | 2018-06-01 | 链家网(北京)科技有限公司 | Key management system and method |
| CN110580757B (en) * | 2019-08-01 | 2021-12-17 | 深圳左邻永佳科技有限公司 | Access control equipment opening method and device based on graphic code and storage medium |
| CN111260833A (en) * | 2020-01-16 | 2020-06-09 | 广州康行信息技术有限公司 | Binding and management method and device for access control card |
| CN111476925A (en) * | 2020-02-21 | 2020-07-31 | 珠海格力电器股份有限公司 | Authority management method, device, equipment and computer readable medium |
| CN112340555A (en) * | 2020-10-22 | 2021-02-09 | 日立楼宇技术(广州)有限公司 | Elevator authorization method, elevator calling method, system, device and storage medium |
| CN116527435A (en) * | 2022-11-30 | 2023-08-01 | 深圳开鸿数字产业发展有限公司 | Control method of storage system, storage system and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014008228A1 (en) * | 2012-07-02 | 2014-01-09 | Validity Sensors, Inc. | Credential quality assessment engine systems and methods |
| CN104192227A (en) * | 2014-09-01 | 2014-12-10 | 录可系统公司 | Bicycle management system and method |
| CN104574593A (en) * | 2014-12-24 | 2015-04-29 | 浙江银江研究院有限公司 | Virtual key based on Bluetooth communication as well as anti-theft lock system and application method thereof |
| CN105389870A (en) * | 2015-10-28 | 2016-03-09 | 广州畅联信息科技有限公司 | Entrance guard management method and system |
| WO2016156681A1 (en) * | 2015-04-01 | 2016-10-06 | Valeo Comfort And Driving Assistance | Method for loading a virtual key and associated user terminal |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150228135A1 (en) * | 2014-02-12 | 2015-08-13 | Viking Access Systems, Llc | Movable barrier operator configured for remote actuation |
| CN104464064A (en) * | 2014-12-23 | 2015-03-25 | 韶关市英诺维科技设备有限公司 | Application of two-dimensional code lock to home furnishing |
| CN104463546A (en) * | 2014-12-23 | 2015-03-25 | 韶关市英诺维科技设备有限公司 | Application of two-dimension code lock in Internet of things management |
| CN104691657A (en) * | 2015-03-26 | 2015-06-10 | 苏州大学 | Virtual key-based vehicle lock control system and smart vehicle lock comprising same |
| CN105262752A (en) * | 2015-10-26 | 2016-01-20 | 广州畅联信息科技有限公司 | Data processing method and device of virtual key, mobile terminal and server |
-
2016
- 2016-10-20 CN CN201610914471.2A patent/CN106534080B/en active Active
- 2016-10-20 CN CN201911060616.7A patent/CN110677436A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014008228A1 (en) * | 2012-07-02 | 2014-01-09 | Validity Sensors, Inc. | Credential quality assessment engine systems and methods |
| CN104192227A (en) * | 2014-09-01 | 2014-12-10 | 录可系统公司 | Bicycle management system and method |
| CN104574593A (en) * | 2014-12-24 | 2015-04-29 | 浙江银江研究院有限公司 | Virtual key based on Bluetooth communication as well as anti-theft lock system and application method thereof |
| WO2016156681A1 (en) * | 2015-04-01 | 2016-10-06 | Valeo Comfort And Driving Assistance | Method for loading a virtual key and associated user terminal |
| CN105389870A (en) * | 2015-10-28 | 2016-03-09 | 广州畅联信息科技有限公司 | Entrance guard management method and system |
Non-Patent Citations (1)
| Title |
|---|
| 信息推介: "《黑莓可用 iCLASS 数码钥匙和》", 《金卡工程》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113362510A (en) * | 2021-05-10 | 2021-09-07 | 华翔翔能科技股份有限公司 | Cell visitor management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106534080B (en) | 2019-12-10 |
| CN106534080A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106534080B (en) | Object access right management method, corresponding background system, device and user terminal | |
| US11049345B2 (en) | Systems and methods for controlling access to a secured space | |
| CN111478918B (en) | Device with access control function | |
| US10565809B2 (en) | Method, system and device for securing and managing access to a lock and providing surveillance | |
| CN103248484B (en) | Access control system and method | |
| US9437063B2 (en) | Methods and systems for multi-unit real estate management | |
| US20180262891A1 (en) | Electronic access control systems and methods using near-field communications, mobile devices and cloud computing | |
| CN108091011A (en) | Method and system of the verification technique to equipment progress permission control is unified by the testimony of a witness | |
| EP1810093B1 (en) | Actuating a security system using a wireless device | |
| CN104966336A (en) | Intelligent lock, intelligent lock authorization management method, and intelligent lock authorization management apparatus | |
| CN110111501B (en) | Mobile house management platform | |
| US20150264037A1 (en) | Trusted vendor access | |
| CN110570559A (en) | Electronic key sharing method in access control system based on mobile terminal | |
| CN110570560A (en) | access control system based on identity recognition | |
| CN110570557A (en) | access control system based on wireless communication network | |
| TW201741991A (en) | Intelligent warehouse sharing management system and its operation method having rights control and management of biometric characteristic information to enhance the convenience, flexibility and safety of warehouse leasing | |
| US10181229B2 (en) | Method and system for implementing a universal key card | |
| JP2008045349A (en) | Key managing unit server, key managing unit, and key managing system | |
| CN108171835B (en) | Intelligent lock control application method and system based on personal information communication processing system (PICA) | |
| CN110648435A (en) | Access control management method based on identity recognition | |
| KR102678877B1 (en) | Method for delivery storage service and system thereof | |
| TWI724572B (en) | Safe deposit box micro-positioning identity confirmation system and method | |
| WO2020261622A1 (en) | Use control system, use permit issuance device, use control method, and computer-readable program | |
| JP2023066608A (en) | Building gate management system, gate management method and program | |
| JP2024061091A (en) | Gate management system for building, communication terminal of management system, and program for communication terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200110 |