CN114155639A - Access control method based on Internet of things, access control system and storage medium - Google Patents
Access control method based on Internet of things, access control system and storage medium Download PDFInfo
- Publication number
- CN114155639A CN114155639A CN202111500398.1A CN202111500398A CN114155639A CN 114155639 A CN114155639 A CN 114155639A CN 202111500398 A CN202111500398 A CN 202111500398A CN 114155639 A CN114155639 A CN 114155639A
- Authority
- CN
- China
- Prior art keywords
- random number
- access control
- signature
- user
- management server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000004590 computer program Methods 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 15
- 238000001514 detection method Methods 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 6
- 230000006855 networking Effects 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 206010052428 Wound Diseases 0.000 description 2
- 208000027418 Wounds and injury Diseases 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/23—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses an access control method based on the Internet of things, an access control system and a storage medium. The method belongs to the technical field of the Internet of things, and comprises the following steps: the terminal receives the random number issued by the management server, and encrypts the random number, the current timestamp and the user ID of the login terminal through the management public key to generate a two-dimensional code image; the entrance guard device identifies the two-dimensional code image and carries out signature through an entrance guard private key to obtain a signature binary code; the management server checks the signature of the signature binary code through the access control public key to obtain a binary code, decrypts the binary code through the management private key to obtain a random number, a user ID and a timestamp, and detects whether preset conditions are met; if so, the management server signs the preset door opening instruction through the management private key to obtain a signature door opening instruction; the access control device checks the signature of the signature door opening instruction through the management public key to obtain a preset door opening instruction so as to open the access control. The embodiment of the application can improve the safety of entrance guard.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to an access control method, an access control system and a storage medium based on the Internet of things.
Background
At present, most of intelligent entrance guards are based on radio frequency card technology, fingerprint technology or facial recognition technology, and the radio frequency card technology requires a user to carry a door card, so that the door card is inconvenient and easy to lose; the fingerprint technology has poor identification accuracy, and sometimes dirt or wounds exist on hands, the dirt or wounds are difficult to identify; face recognition technology is expensive and difficult to popularize. Along with the popularization of smart phones, two-dimensional codes gradually become a new identification mode, and although the two-dimensional code identification mode is convenient to use and low in cost, static two-dimensional codes are also easy to copy through modes such as photographing, and the security of entrance guards is low.
Disclosure of Invention
The embodiment of the invention provides an access control method, an access control system and a storage medium based on the Internet of things, and aims to improve the safety of the existing access control.
In a first aspect, an embodiment of the present invention provides an access control method based on the internet of things, including:
the terminal receives a random number issued by a management server, and encrypts the random number, a current timestamp and a user ID (identity) logging in the terminal through a management public key to generate a two-dimensional code image;
the entrance guard device identifies the two-dimensional code image and carries out signature through an entrance guard private key to obtain a signature binary code;
the management server receives the signature binary code sent by the access control device, and checks the signature of the signature binary code through an access control public key to obtain a binary code;
the management server decrypts the binary code through a management private key to obtain the random number, the user ID and the timestamp, and detects whether the random number, the user ID and the timestamp meet preset conditions;
if the random number, the user ID and the timestamp meet the preset condition, the management server signs a preset door opening instruction through the management private key to obtain a signature door opening instruction;
the entrance guard device receives the signature door opening instruction sent by the management server, and the management public key is used for verifying the signature door opening instruction to obtain the preset door opening instruction, and the entrance guard is opened through the preset door opening instruction.
In a second aspect, an embodiment of the present invention further provides an access control system based on the internet of things, which includes: a generating unit configured in the terminal, a first signature unit and a second signature verification unit configured in the entrance guard device, and a first signature verification unit, a detection unit and a second signature verification unit configured in the management server, wherein,
the generation unit is used for receiving the random number issued by the management server by the terminal and encrypting the random number, the current timestamp and the user ID for logging in the terminal through a management public key to generate a two-dimensional code image;
the first signature unit is used for the access control device to identify the two-dimensional code image and carry out signature through an access control private key to obtain a signature binary code;
the first signature verification unit is used for receiving the signature binary code sent by the access control device by the management server and verifying the signature of the signature binary code through an access control public key to obtain a binary code;
the detection unit is used for the management server to decrypt the binary code through a management private key to obtain the random number, the user ID and the timestamp, and to detect whether the random number, the user ID and the timestamp meet preset conditions;
the second signature unit is used for signing a preset door opening instruction through the management private key by the management server to obtain a signature door opening instruction if the random number, the user ID and the timestamp meet the preset condition;
the second signature checking unit is used for the access control device to receive the signature door opening instruction sent by the management server, and the management public key is right the signature door opening instruction is checked and signed to obtain the preset door opening instruction, and the access control is opened through the preset door opening instruction.
In a third aspect, an embodiment of the present invention further provides an access control system based on the internet of things, which includes a terminal, an access control device, and a management server, where the terminal, the access control device, and the management server all include a memory and a processor, where the memory stores a computer program, and the processors of the terminal, the access control device, and the management server implement the above method when executing the computer program.
In a fourth aspect, the present invention also provides a computer-readable storage medium, which stores a computer program, and the computer program can implement the above method when being executed by a processor.
The embodiment of the invention provides an access control method based on the Internet of things, an access control system and a storage medium. Wherein the method comprises the following steps: the terminal receives a random number issued by a management server, and encrypts the random number, a current timestamp and a user ID (identity) logging in the terminal through a management public key to generate a two-dimensional code image; the entrance guard device identifies the two-dimensional code image and carries out signature through an entrance guard private key to obtain a signature binary code; the management server receives the signature binary code sent by the access control device, and checks the signature of the signature binary code through an access control public key to obtain a binary code; the management server decrypts the binary code through a management private key to obtain the random number, the user ID and the timestamp, and detects whether the random number, the user ID and the timestamp meet preset conditions; if the random number, the user ID and the timestamp meet the preset condition, the management server signs a preset door opening instruction through the management private key to obtain a signature door opening instruction; the entrance guard device receives the signature door opening instruction sent by the management server, and the management public key is used for verifying the signature door opening instruction to obtain the preset door opening instruction, and the entrance guard is opened through the preset door opening instruction. According to the technical scheme of the embodiment of the invention, the terminal encrypts and generates the dynamic two-dimensional code image according to the random number, the timestamp and the user ID, and the image is difficult to crack and cannot be copied; the door is opened after the door access device and the service manager sign and check the signs twice, so that the safety of the door access can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a timing diagram of an access control method based on the internet of things according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an access control method based on the internet of things according to an embodiment of the present invention;
fig. 3 is a sub-flow schematic diagram of an access control method based on the internet of things according to an embodiment of the present invention;
fig. 4 is a sub-flow schematic diagram of an access control method based on the internet of things according to an embodiment of the present invention;
fig. 5 is a schematic flow chart of an access control method based on the internet of things according to another embodiment of the present invention;
fig. 6 is a schematic block diagram of an access control system based on the internet of things according to an embodiment of the present invention; and
fig. 7 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Referring to fig. 1, fig. 1 is a timing diagram of a physical network-based access control system according to an embodiment of the present invention. The physical network-based access control system includes a terminal 10, an access control device 20, and a management server 30. The terminal includes, but is not limited to, an electronic device with a communication function, such as a smart phone and a tablet computer. In the present embodiment, the terminal 10 communicates with the management server 30 to transmit a random number request and receive a random number transmitted by the management server 30; the access control device 20 communicates with the management server to transmit the signature binary to the management server 30 and receive the signature door open command.
Fig. 2 is a schematic flow chart of an access control method based on the internet of things according to an embodiment of the present invention. The access control method based on the internet of things can be applied to an access control system, for example, the access control method based on the internet of things can be realized through a software program configured on the access control system, so that the security of access control is improved. As shown in fig. 2, the method comprises the following steps S100-S150.
S100, the terminal receives the random number issued by the management server, and encrypts the random number, the current timestamp and the user ID logged in the terminal through the management public key to generate a two-dimensional code image.
In the embodiment of the invention, a user logs in a mobile phone APP and clicks a button for generating a two-dimensional code image in the APP, the APP is triggered to send a random number request to a management server, the random number request is received by the management server and then issued to the APP, the APP receives the random number, and the random number, a current timestamp and a user ID for logging in the terminal are encrypted through a management public key to generate the two-dimensional code image. It should be noted that, in the embodiment of the present invention, a management public key and an application private key are stored in a cache corresponding to the APP, an access control public key, an application public key and a management private key are stored in a database corresponding to the management server, an access control private key and a management public key are stored in a database corresponding to the access control device, the application public key and the application private key are public and private keys of the APP, the management public key and the management private key are public and private keys of the management server, and the access control public key and the access control private key are public and private keys of the access control device.
In some embodiments, such as this embodiment, as shown in FIG. 3, the step S100 may include steps S101-S102.
S101, splicing the random number, the timestamp and the user ID for logging in the terminal to obtain a plaintext to be encrypted;
s102, encrypting the plaintext to be encrypted through a preset encryption algorithm according to the management public key to generate a binary code, and generating a two-dimensional code image according to the binary code.
In the embodiment of the invention, the random number, the current timestamp and the user ID for logging in the terminal are encrypted through the management public key to generate the two-dimensional code image. Specifically, the random number, the timestamp and the user ID for logging in the terminal are spliced to obtain a plaintext to be encrypted, and understandably, the plaintext to be encrypted is dynamic, so that copying in modes such as photographing can be avoided; and then encrypting the plaintext to be encrypted by a preset encryption algorithm according to the management public key to generate a binary code, and generating a two-dimensional code image according to the binary code, wherein the preset encryption algorithm is an asymmetric encryption algorithm, such as an RSA algorithm. It should be noted that, in the embodiment of the present invention, two different keys, that is, a public key and a private key, are used for encryption and decryption, and the public key is public, so that it is not necessary to transmit the key through an image symmetric encryption algorithm, and after the key is encrypted, only the private key paired with the public key can be decrypted, which is difficult to decrypt, and the security of the two-dimensional code image can be improved.
And S110, the entrance guard device identifies the two-dimensional code image and signs through an entrance guard private key to obtain a signature binary code.
In the embodiment of the invention, after the APP generates the two-dimensional code image, an identification module, such as a camera, in the access control device identifies the two-dimensional code image through scanning, and after the binary code is obtained through identification, the signature is carried out through the access control private key to obtain the signature binary code. It should be noted that, in the embodiment of the present invention, the signature verification algorithm is also an asymmetric algorithm, for example, an RSA algorithm.
And S120, the management server receives the signature binary code sent by the access control device, and checks the signature of the signature binary code through an access control public key to obtain the binary code.
In the embodiment of the invention, after the access control device signs through the access control private key to obtain the signature binary code, the access control device sends the signature binary code to the management server, and the management server receives the signature binary code and checks the signature of the signature binary code through the access control public key to obtain the binary code. Understandably, the binary code is signed and checked, so that the management server can accurately identify that the binary code is sent by the access control device.
S130, the management server decrypts the binary code through a management private key to obtain the random number, the user ID and the timestamp, and detects whether the random number, the user ID and the timestamp meet preset conditions.
In the embodiment of the invention, after the management server checks the signature binary code through the access control public key to obtain the binary code, the management server decrypts the binary code through the management private key to obtain the random number, the user ID and the timestamp, and detects whether the random number, the user ID and the timestamp meet preset conditions, wherein the preset conditions are that the random number exists in a database, the user ID exists in a preset authority table and the timestamp meets preset time conditions.
In some embodiments, such as this embodiment, as shown in FIG. 4, the step S130 may include steps S131-S134.
S131, searching whether the random number exists in a database;
s132, if the random number exists in the database, searching whether the user ID exists in a preset authority table;
s133, if the user ID exists in the preset authority mapping table, acquiring a current timestamp, and calculating a time interval value between the current timestamp and the timestamp;
and S134, if the time interval value is smaller than a set time value, judging that the random number, the user ID and the timestamp meet preset conditions.
In the embodiment of the present invention, it is detected whether the random number, the user ID, and the timestamp satisfy a preset condition, and specifically, whether the random number exists is searched in a database; if the random number exists in the database and indicates that the random number is issued by the management server, whether the user ID exists is searched in a preset authority table; if the user ID exists in the preset authority mapping table and indicates that the user ID has the authority of opening the entrance guard, acquiring a current timestamp and calculating a time interval value between the current timestamp and the timestamp; and if the time interval value is smaller than the set time value, indicating that the time for opening the access control is within the set time limit, judging that the random number, the user ID and the timestamp meet preset conditions. Understandably, if the random number is not stored in the database, or the user ID is not present in the preset authority mapping table, or the time interval value is not less than a set time value, it is determined that the random number, the user ID and the timestamp do not meet a preset condition, and the service manager sends an alarm instruction to the access control device; and the entrance guard device receives the alarm instruction and sends out alarm prompt.
S140, if the random number, the user ID and the timestamp meet the preset conditions, the management server signs a preset door opening instruction through the management private key to obtain a signed door opening instruction.
S150, the entrance guard device receives the signature door opening instruction sent by the management server, checks the signature for the signature door opening instruction through the management public key to obtain the preset door opening instruction, and opens the entrance guard through the preset door opening instruction.
In the embodiment of the invention, if the random number, the user ID and the timestamp meet the preset condition, the management server signs a preset door opening instruction through the management private key to obtain a signature door opening instruction, sends the signature door opening instruction to the access control device, the access control device receives the signature door opening instruction, checks the signature door opening instruction through the management public key to obtain the preset door opening instruction, and then opens the access control through the preset door opening instruction. Understandably, the signature verification is carried out on the preset door opening instruction, so that the access control device can accurately identify that the preset door opening instruction is sent by the management server. It should be noted that, in the embodiment of the present invention, an algorithm for signing and verifying the preset door opening instruction is also an asymmetric encryption algorithm, for example, an RSA algorithm.
Fig. 5 is a schematic flow chart of an access control method based on the internet of things according to another embodiment of the present invention, and as shown in fig. 5, in this embodiment, the method includes steps S100 to S190. That is, in the present embodiment, the method further includes steps S160-S190 before step S100 of the above embodiment.
S160, the terminal sends a random number request to the management server;
s170, the management server receives the random number request, generates a random number according to the random number request, and stores the random number in a database;
s180, the management server searches whether the user ID carried in the random number request exists in a database;
and S190, if the user ID exists in the database, the management server issues the random number to the terminal.
In the embodiment of the invention, before a terminal receives a random number issued by a management server, the terminal sends a random number request to the management server, the management server receives the random number request and generates the random number according to the random number request, specifically, the random number is generated through a random function rand, and the random number is stored in a database after being generated; the management server searches whether the user ID carried in the random number request exists in a database; and if the user ID exists in the database and indicates that the user ID has the authority of opening the entrance guard, the management server issues the random number to the terminal. Understandably, if the user ID does not exist in the database, the user ID is indicated to have no authority of opening the entrance guard, and the management server sends a prompt that the user ID authentication fails to pass to the terminal.
Fig. 6 is a schematic block diagram of an access control system 200 based on the internet of things according to an embodiment of the present invention. As shown in fig. 6, the internet of things-based access control system 200 includes units for performing the above-described internet of things-based access control method, corresponding to the above-described internet of things-based access control method applied to the terminal 10, the access control device 20, and the management server 30. Specifically, referring to fig. 6, the internet of things-based access control system 200 includes a generating unit 101 disposed in the terminal 10, a first signature unit 201 and a second signature verification unit 202 disposed in the access control device 20, and a first signature verification unit 301, a detecting unit 302 and a second signature verification unit 303 disposed in the management server 30.
The generation unit 101 is configured to receive, by a terminal, a random number issued by the management server, and encrypt, by a management public key, the random number, a current timestamp, and a user ID that logs in the terminal to generate a two-dimensional code image; the first signature unit 201 is configured to identify the two-dimensional code image by the access control device, and perform signature by using an access control private key to obtain a signature binary code; the first signature verification unit 301 is configured to receive the signature binary code sent by the access control device by the management server, and verify the signature of the signature binary code through an access control public key to obtain a binary code; the detection unit 302 is configured to decrypt the binary code with a management private key by the management server to obtain the random number, the user ID, and the timestamp, and detect whether the random number, the user ID, and the timestamp satisfy a preset condition; the second signature unit 303 is configured to, if the random number, the user ID, and the timestamp meet the preset condition, sign a preset door opening instruction by the management server through the management private key to obtain a signature door opening instruction; the second signature verification unit 202 is used for the access control device to receive the signature door opening instruction sent by the management server, and the management public key is used for verifying the signature door opening instruction to obtain the preset door opening instruction, and the access control is opened through the preset door opening instruction.
In some embodiments, for example, in this embodiment, the generating unit 101 includes a splicing unit 1011 and a generating subunit 1012.
The splicing unit 1011 is configured to splice the random number, the timestamp, and the user ID logged in the terminal to obtain a plaintext to be encrypted; the generating subunit 1012 is configured to encrypt the plaintext to be encrypted by using a preset encryption algorithm according to the management public key to generate a binary code, and generate a two-dimensional code image according to the binary code.
In some embodiments, for example, in the present embodiment, the detecting unit 302 includes a first lookup unit 3021, a second lookup unit 3022, a calculating unit 3023, and a determining unit 3024.
Wherein, the first searching unit 3021 is configured to search whether the random number exists in a database; the second searching unit 3022 is configured to search whether the user ID exists in a preset authority table if the random number exists in the database; the calculating unit 3023 is configured to obtain a current timestamp if the user ID exists in the preset permission mapping table, and calculate a time interval value between the current timestamp and the timestamp; the determining unit 3024 is configured to determine that the random number, the user ID, and the timestamp satisfy a preset condition if the time interval value is smaller than a set time value.
In the access control system 200 based on the physical network according to another embodiment of the present invention, the first sending unit 102 disposed in the terminal 10 and the storing unit 304, the third searching unit 305 and the second sending unit 306 disposed in the management server 30 are added to the above embodiment.
The first sending unit 102 is configured to send a random number request to a management server by a terminal; the storage unit 304 is configured to receive the random number request, generate a random number according to the random number request, and store the random number in a database; the third searching unit 305 is configured to search, by the management server, in a database, whether a user ID carried in the random number request exists; the second sending unit 306 is configured to, if the user ID exists in the database, send the random number to the terminal by the management server.
It should be noted that, as can be clearly understood by those skilled in the art, the detailed implementation process of the access control system 200 and each unit based on the internet of things may refer to the corresponding description in the foregoing method embodiment, and for convenience and brevity of description, no further description is provided herein.
The access control system based on the internet of things can be implemented in the form of a computer program, and the computer program can be run on a computer device as shown in fig. 7.
Referring to fig. 7, fig. 7 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 900 is a server on which an access control system is built.
Referring to fig. 7, the computer device 900 includes a processor 902, a memory, and an interface 907 connected by a system bus 901, wherein the memory may include a storage medium 903 and an internal memory 904.
The storage medium 903 may store an operating system 9031 and a computer program 9032. The computer program 9032, when executed, causes the processor 902 to perform a method for internet-of-things based access control.
The processor 902 is used to provide computing and control capabilities to support the operation of the overall computer device 900.
The internal memory 904 provides an environment for running a computer program 9032 in the storage medium 903, and when the computer program 9032 is executed by the processor 902, the processor 902 can execute an access control method based on the internet of things.
The interface 905 is used for communication with other devices. Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing device 900 to which the disclosed aspects apply, as a particular computing device 900 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
The respective processors 902 of the terminal, the access control device, and the management server are configured to run a computer program 9032 stored in a memory, so as to implement the following steps: the terminal receives a random number issued by a management server, and encrypts the random number, a current timestamp and a user ID (identity) logging in the terminal through a management public key to generate a two-dimensional code image; the entrance guard device identifies the two-dimensional code image and carries out signature through an entrance guard private key to obtain a signature binary code; the management server receives the signature binary code sent by the access control device, and checks the signature of the signature binary code through an access control public key to obtain a binary code; the management server decrypts the binary code through a management private key to obtain the random number, the user ID and the timestamp, and detects whether the random number, the user ID and the timestamp meet preset conditions; if the random number, the user ID and the timestamp meet the preset condition, the management server signs a preset door opening instruction through the management private key to obtain a signature door opening instruction; the entrance guard device receives the signature door opening instruction sent by the management server, and the management public key is used for verifying the signature door opening instruction to obtain the preset door opening instruction, and the entrance guard is opened through the preset door opening instruction.
In some embodiments, for example, in this embodiment, when the processor 902 implements the step of encrypting the random number, the current timestamp, and the user ID logged in the terminal by using the management public key to generate the two-dimensional code image, the following steps are specifically implemented: splicing the random number, the timestamp and the user ID for logging in the terminal to obtain a plaintext to be encrypted; and encrypting the plaintext to be encrypted by a preset encryption algorithm according to the management public key to generate a binary code, and generating a two-dimensional code image according to the binary code.
In some embodiments, for example, in this embodiment, when the processor 902 implements the step of detecting whether the random number, the user ID, and the timestamp satisfy the preset condition, the following steps are implemented: searching whether the random number exists in a database; if the random number exists in the database, searching whether the user ID exists in a preset authority table; if the user ID exists in the preset authority mapping table, acquiring a current timestamp, and calculating a time interval value between the current timestamp and the timestamp; and if the time interval value is smaller than a set time value, judging that the random number, the user ID and the timestamp meet preset conditions.
In some embodiments, for example, in this embodiment, after the step of implementing the detection whether the random number, the user ID, and the timestamp satisfy the preset condition, the processor 902 further specifically implements the following steps: if the random number, the user ID and the timestamp do not meet the preset conditions, the service manager sends an alarm instruction to the access control device; and the entrance guard device receives the alarm instruction and sends out alarm prompt.
In some embodiments, for example, in this embodiment, before implementing the step of the terminal receiving the random number issued by the management server, and encrypting the random number, the current timestamp, and the user ID logging in the terminal through the management public key to generate the two-dimensional code image, the processor 902 further specifically implements the following steps: the terminal sends a random number request to the management server; the management server receives the random number request, generates a random number according to the random number request, and stores the random number in a database; the management server searches whether the user ID carried in the random number request exists in a database; if the user ID exists in the database, the management server issues the random number to the terminal; and if the user ID does not exist in the database, the management server sends a prompt that the user ID authentication fails to pass to the terminal.
It should be understood that, in the embodiment of the present application, the Processor 902 may be a Central Processing Unit (CPU), and the Processor 902 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable gate arrays (FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will be understood by those skilled in the art that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program instructing associated hardware. The computer program may be stored in a storage medium, which is a computer-readable storage medium. The computer program is executed by at least one processor in the wireless communication system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer-readable storage medium. The storage medium stores a computer program. The computer program, when executed by the processor, causes the processor to perform any of the embodiments of the internet of things based access control method described above.
The storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, which can store various computer readable storage media.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, wireless communication software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed system and method can be implemented in other ways. For example, the system embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the system of the embodiment of the invention can be merged, divided and deleted according to actual needs. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal wireless communication device, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, while the invention has been described with respect to the above-described embodiments, it will be understood that the invention is not limited thereto but may be embodied with various modifications and changes.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. An entrance guard control method based on the Internet of things is characterized by comprising the following steps:
the terminal receives a random number issued by a management server, and encrypts the random number, a current timestamp and a user ID (identity) logging in the terminal through a management public key to generate a two-dimensional code image;
the entrance guard device identifies the two-dimensional code image and carries out signature through an entrance guard private key to obtain a signature binary code;
the management server receives the signature binary code sent by the access control device, and checks the signature of the signature binary code through an access control public key to obtain a binary code;
the management server decrypts the binary code through a management private key to obtain the random number, the user ID and the timestamp, and detects whether the random number, the user ID and the timestamp meet preset conditions;
if the random number, the user ID and the timestamp meet the preset condition, the management server signs a preset door opening instruction through the management private key to obtain a signature door opening instruction;
the entrance guard device receives the signature door opening instruction sent by the management server, and the management public key is used for verifying the signature door opening instruction to obtain the preset door opening instruction, and the entrance guard is opened through the preset door opening instruction.
2. The internet of things-based access control method according to claim 1, wherein the encrypting the random number, the current timestamp, and the user ID logged in the terminal by the management public key to generate a two-dimensional code image comprises:
splicing the random number, the timestamp and the user ID for logging in the terminal to obtain a plaintext to be encrypted;
and encrypting the plaintext to be encrypted by a preset encryption algorithm according to the management public key to generate a binary code, and generating a two-dimensional code image according to the binary code.
3. The internet of things-based access control method according to claim 1, wherein the detecting whether the random number, the user ID and the timestamp satisfy a preset condition comprises:
and if the random number exists in the database, the user ID exists in a preset authority table, and the timestamp meets a preset time condition, judging that the random number, the user ID and the timestamp meet the preset condition.
4. The Internet of things-based access control method according to claim 3, wherein the detecting whether the random number, the user ID and the timestamp meet preset conditions comprises:
searching whether the random number exists in a database;
if the random number exists in the database, searching whether the user ID exists in a preset authority table;
if the user ID exists in the preset authority mapping table, acquiring a current timestamp, and calculating a time interval value between the current timestamp and the timestamp;
and if the time interval value is smaller than a set time value, judging that the random number, the user ID and the timestamp meet preset conditions.
5. The internet of things-based access control method according to claim 1, wherein after detecting whether the random number, the user ID and the timestamp meet a preset condition, the method further comprises:
if the random number, the user ID and the timestamp do not meet the preset conditions, the service manager sends an alarm instruction to the access control device;
and the entrance guard device receives the alarm instruction and sends out alarm prompt.
6. The internet of things-based access control method according to claim 1, wherein before the terminal receives the random number issued by the management server and encrypts the random number, the current timestamp and the user ID logged in the terminal through the management public key to generate the two-dimensional code image, the method further comprises:
the terminal sends a random number request to the management server;
the management server receives the random number request, generates a random number according to the random number request, and stores the random number in a database;
the management server searches whether the user ID carried in the random number request exists in a database;
and if the user ID exists in the database, the management server issues the random number to the terminal.
7. The internet of things-based access control method according to claim 6, wherein after the management server searches whether the user ID carried in the random number request exists in a database, the method further comprises:
and if the user ID does not exist in the database, the management server sends a prompt that the user ID authentication fails to pass to the terminal.
8. The utility model provides an access control system based on thing networking is applied to access control system, its characterized in that includes: a generating unit configured in the terminal, a first signature unit and a second signature verification unit configured in the entrance guard device, and a first signature verification unit, a detection unit and a second signature verification unit configured in the management server, wherein,
the generation unit is used for receiving the random number issued by the management server by the terminal and encrypting the random number, the current timestamp and the user ID for logging in the terminal through a management public key to generate a two-dimensional code image;
the first signature unit is used for the access control device to identify the two-dimensional code image and carry out signature through an access control private key to obtain a signature binary code;
the first signature verification unit is used for receiving the signature binary code sent by the access control device by the management server and verifying the signature of the signature binary code through an access control public key to obtain a binary code;
the detection unit is used for the management server to decrypt the binary code through a management private key to obtain the random number, the user ID and the timestamp, and to detect whether the random number, the user ID and the timestamp meet preset conditions;
the second signature unit is used for signing a preset door opening instruction through the management private key by the management server to obtain a signature door opening instruction if the random number, the user ID and the timestamp meet the preset condition;
the second signature checking unit is used for the access control device to receive the signature door opening instruction sent by the management server, and the management public key is right the signature door opening instruction is checked and signed to obtain the preset door opening instruction, and the access control is opened through the preset door opening instruction.
9. An access control system based on the Internet of things is characterized by comprising a terminal, an access control device and a management server, wherein the terminal, the access control device and the management server all comprise a memory and a processor, a computer program is stored on the memory, and the processor of the terminal, the access control device and the management server realizes the method according to any one of claims 1-7 when executing the computer program.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111500398.1A CN114155639A (en) | 2021-12-09 | 2021-12-09 | Access control method based on Internet of things, access control system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111500398.1A CN114155639A (en) | 2021-12-09 | 2021-12-09 | Access control method based on Internet of things, access control system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114155639A true CN114155639A (en) | 2022-03-08 |
Family
ID=80454184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111500398.1A Pending CN114155639A (en) | 2021-12-09 | 2021-12-09 | Access control method based on Internet of things, access control system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114155639A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114999017A (en) * | 2022-06-06 | 2022-09-02 | 重庆酉辰戌智能科技有限公司 | Campus face identification enabling system |
| CN115359595A (en) * | 2022-07-15 | 2022-11-18 | 广东城启科技有限公司 | Guangdong residential code access control method based on two-dimensional code as carrier |
| CN115376231A (en) * | 2022-07-28 | 2022-11-22 | 中国建设银行股份有限公司 | Encryption verification method and device, computer equipment and storage medium |
| CN116471310A (en) * | 2023-03-01 | 2023-07-21 | 智慧云联信息技术(北京)有限公司 | Remote control method, internet of things equipment, user equipment and storage medium |
| CN117749509A (en) * | 2023-12-27 | 2024-03-22 | 上海全应科技有限公司 | Instruction transmission method and device based on graphic code under network isolation |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102014110540A1 (en) * | 2014-07-25 | 2016-01-28 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Delegable access control |
| CN108460876A (en) * | 2018-03-20 | 2018-08-28 | 中电科(天津)网络信息安全有限公司 | A kind of time sync-type Quick Response Code guard method and system |
| CN110620780A (en) * | 2019-09-26 | 2019-12-27 | 如般量子科技有限公司 | Anti-quantum computation two-dimensional code authentication method and system based on asymmetric key pool and timestamp |
| CN111540093A (en) * | 2020-04-29 | 2020-08-14 | 三仟(杭州)数字科技有限公司 | Access control system and control method thereof |
| CN112200949A (en) * | 2020-12-02 | 2021-01-08 | 北京紫光青藤微系统有限公司 | Entrance guard starting method and device and identity verification system |
-
2021
- 2021-12-09 CN CN202111500398.1A patent/CN114155639A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102014110540A1 (en) * | 2014-07-25 | 2016-01-28 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Delegable access control |
| CN108460876A (en) * | 2018-03-20 | 2018-08-28 | 中电科(天津)网络信息安全有限公司 | A kind of time sync-type Quick Response Code guard method and system |
| CN110620780A (en) * | 2019-09-26 | 2019-12-27 | 如般量子科技有限公司 | Anti-quantum computation two-dimensional code authentication method and system based on asymmetric key pool and timestamp |
| CN111540093A (en) * | 2020-04-29 | 2020-08-14 | 三仟(杭州)数字科技有限公司 | Access control system and control method thereof |
| CN112200949A (en) * | 2020-12-02 | 2021-01-08 | 北京紫光青藤微系统有限公司 | Entrance guard starting method and device and identity verification system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114999017A (en) * | 2022-06-06 | 2022-09-02 | 重庆酉辰戌智能科技有限公司 | Campus face identification enabling system |
| CN115359595A (en) * | 2022-07-15 | 2022-11-18 | 广东城启科技有限公司 | Guangdong residential code access control method based on two-dimensional code as carrier |
| CN115376231A (en) * | 2022-07-28 | 2022-11-22 | 中国建设银行股份有限公司 | Encryption verification method and device, computer equipment and storage medium |
| CN116471310A (en) * | 2023-03-01 | 2023-07-21 | 智慧云联信息技术(北京)有限公司 | Remote control method, internet of things equipment, user equipment and storage medium |
| CN117749509A (en) * | 2023-12-27 | 2024-03-22 | 上海全应科技有限公司 | Instruction transmission method and device based on graphic code under network isolation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10892896B2 (en) | Using biometric features for user authentication | |
| US11522848B2 (en) | Systems and methods for providing digital identity records to verify identities of users | |
| CN114155639A (en) | Access control method based on Internet of things, access control system and storage medium | |
| US9871783B2 (en) | Universal enrollment using biometric PKI | |
| US11030287B2 (en) | User-behavior-based adaptive authentication | |
| CN106612259B (en) | Identity recognition, business processing and biological characteristic information processing method and equipment | |
| WO2020073513A1 (en) | Blockchain-based user authentication method and terminal device | |
| CA2813855C (en) | Methods and systems for conducting smart card transactions | |
| WO2020215568A1 (en) | Communication number changing method, apparatus and system, computer device and storage medium | |
| AU2020260457B2 (en) | Verifying user interactions on a content platform | |
| CN107196901B (en) | Identity registration and authentication method and device | |
| EP2782037A2 (en) | Method and apparatus for performing authentication between applications | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| CN108335105B (en) | Data processing method and related equipment | |
| CN113221128B (en) | Account and password storage method and registration management system | |
| WO2020093722A1 (en) | Block chain-based prescription data verification method and device, and server | |
| CN114444134A (en) | Data use authorization method, system and device | |
| US9043890B1 (en) | Distributed authentication against stored user identifiers and user templates via pseudonym association | |
| CN113127818A (en) | Block chain-based data authorization method and device and readable storage medium | |
| US20230396612A1 (en) | Authentication system for a multiuser device | |
| KR102448625B1 (en) | Method and system for detecting fraudulent transaction using homomorphic encrypted data | |
| CN106533685B (en) | Identity authentication method, device and system | |
| CN113536367A (en) | Registration method, privacy server, service information server and registration system | |
| US11949772B2 (en) | Optimized authentication system for a multiuser device | |
| CN112182628B (en) | Privacy information security access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |