CN116844266B - Access control method, access control system and storage medium - Google Patents
Access control method, access control system and storage medium Download PDFInfo
- Publication number
- CN116844266B CN116844266B CN202311121654.5A CN202311121654A CN116844266B CN 116844266 B CN116844266 B CN 116844266B CN 202311121654 A CN202311121654 A CN 202311121654A CN 116844266 B CN116844266 B CN 116844266B
- Authority
- CN
- China
- Prior art keywords
- identified
- card
- information
- identity
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000007726 management method Methods 0.000 claims abstract description 89
- 230000003993 interaction Effects 0.000 claims abstract description 38
- 230000009471 action Effects 0.000 claims abstract description 12
- 239000006185 dispersion Substances 0.000 claims description 77
- 238000005516 engineering process Methods 0.000 abstract description 8
- 230000008569 process Effects 0.000 description 33
- 238000004422 calculation algorithm Methods 0.000 description 23
- 230000006870 function Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 230000036541 health Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000007500 overflow downdraw method Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000002829 reductive effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 102000003745 Hepatocyte Growth Factor Human genes 0.000 description 1
- 108090000100 Hepatocyte Growth Factor Proteins 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/21—Individual registration on entry or exit involving the use of a pass having a variable access code
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
Abstract
The application provides an access control management method, an access control management system and a storage medium, and relates to the technical field of identity authentication. The method is applied to an access control system, and comprises the following steps: dynamic two-dimensional code information is obtained through dynamic two-dimensional code reading performed by the electronic sentry device, and identity information is obtained through access card reading performed by the access card reader; the identity authentication information is obtained through the identity authentication interaction between the entrance guard card reader and the entrance guard card associated with the object to be identified; the background management device performs identity recognition on the object to be recognized according to the dynamic two-dimensional code information and the identity identification information to obtain identity recognition information, and determines whether the object to be recognized passes identity authentication according to the identity recognition information and the identity authentication information; and under the condition that the object to be identified passes the identity authentication, controlling the electronic sentinel device to execute the door opening action for the object to be identified. The application solves the problem of low safety of the access control system in the related technology.
Description
Technical Field
The application relates to the technical field of identity authentication, in particular to an access control management method, an access control management system and a storage medium.
Background
Currently, there are a lot of idle electronic sentry devices, a small part of which are used in access control systems. The entrance guard management systems refitted by the electronic sentry devices can have one or more identity recognition modes such as face recognition, entrance guard cards, fingerprints and the like, but because the refitted entrance guard management systems do not use password technology or national security technology, the security of the entrance guard management systems in the field of high confidentiality fields and security protection can not be fully ensured in the identity authentication process, and counterfeit molecules are easy to enter illegally.
Disclosure of Invention
The application provides an access control method, an access control system and a storage medium, which can solve the problem that the security of the access control system refitted by an electronic sentry device is not high in the related technology. The technical scheme is as follows:
according to one aspect of the application, an access control method is applied to an access control system, the system comprises an electronic sentry device, an access control card reader, an access control card and a background management device, and the method comprises the following steps: the dynamic two-dimensional code information of the object to be identified is obtained through the dynamic two-dimensional code reading by the electronic sentry device, and the identity information of the object to be identified in the associated access card is obtained through the access card reading by the access card reader; the identity authentication interaction is carried out on the object to be identified between the access control card reader and the access control card related to the object to be identified, so that the identity authentication information of the object to be identified is obtained; the background management device performs identity recognition on the object to be recognized according to the dynamic two-dimensional code information and the identity identification information to obtain the identity identification information of the object to be recognized, and determines whether the object to be recognized passes identity authentication according to the identity identification information and the identity identification information; and under the condition that the object to be identified passes the identity authentication, controlling the electronic sentinel device to execute the door opening action for the object to be identified.
According to one aspect of the application, an access control device is applied to an access control system, the system comprises an electronic sentry device, an access control card reader, an access control card and a background management device, and the device comprises: the information acquisition module is used for obtaining dynamic two-dimensional code information of the object to be identified through dynamic two-dimensional code reading performed by the electronic sentry device, and obtaining identity information of the object to be identified in the associated access card through access card reading performed by the access card reader; the authentication interaction module is used for carrying out identity authentication interaction on the object to be identified between the access control card reader and the access control card associated with the object to be identified, so as to obtain the identity authentication information of the object to be identified; the background management device is used for carrying out identity recognition on the object to be recognized according to the dynamic two-dimensional code information and the identity identification information to obtain the identity identification information of the object to be recognized, and determining whether the object to be recognized passes the identity authentication according to the identity identification information and the identity identification information; and the control passing module is used for controlling the electronic sentry device to execute the door opening action for the object to be identified under the condition that the object to be identified passes the identity authentication.
In an exemplary embodiment, the system further comprises a card issuer; the apparatus further comprises: and the binding module is used for binding the object to be identified with the access card through the card sender.
In an exemplary embodiment, the binding module is further to: responding to a card issuing instruction aiming at an object to be identified, and acquiring a root key and identity information distributed for the object to be identified by a card sender; performing multistage key dispersion on the identity information according to the root key to obtain a card authentication key; and storing the card authentication key and the identity identification information in the access card, and realizing the association of the object to be identified and the access card through the binding relationship established between the stored object to be identified and the access card.
In an exemplary embodiment, the binding module is further to: taking the identity information as a dispersion factor of primary dispersion, and carrying out primary dispersion on the identity information through a root key to obtain a primary dispersion key; fusing the identity information and the dynamic two-dimensional code information of the object to be identified, and calculating a corresponding hash value; and taking the hash value as a dispersion factor of the secondary dispersion, and performing the secondary dispersion on the hash value through the primary dispersion key to obtain the card authentication key.
In an exemplary embodiment, the authentication interaction module is further configured to: the entrance guard card reader generates initial authentication information for an object to be identified and sends the initial authentication information to the entrance guard card; based on the binding relation established between the object to be identified and the access control card, the access control card acquires a card authentication key, and performs encryption operation on the received initial authentication information according to the card authentication key to obtain identity authentication information of the object to be identified; the entrance guard card sends the identity authentication information of the object to be identified to the entrance guard card reader.
In an exemplary embodiment, the system further comprises a card issuer; the identity authentication module is also used for: acquiring a primary scattered key corresponding to the identity information generated by a card sender and initial authentication information generated by an access control card reader for an object to be identified; obtaining a second-level scattered factor according to the dynamic two-dimensional code information and the identity identification information, and carrying out second-level scattering on the second-level scattered factor through a first-level scattered key to obtain a card authentication key; and carrying out encryption operation on the initial authentication information according to the card authentication key to obtain the identity recognition information of the object to be recognized.
In an exemplary embodiment, the identity authentication module is further configured to: if the identity identification information is consistent with the identity authentication information, determining that the object to be identified passes the identity authentication.
In an exemplary embodiment, the apparatus further comprises: the background management device is used for detecting whether the identification information exists in the set blacklist; if not, continuing to identify the object to be identified.
According to another aspect of the present application, an access control system, the system comprises: the electronic sentry device is configured to acquire dynamic two-dimensional code information of the object to be identified and execute a door opening action for the object to be identified under the condition that the object to be identified passes identity authentication; the access control card reader is configured to read an access control card associated with the object to be identified, obtain the identity identification information of the object to be identified, and perform identity authentication interaction with the access control card; the access control card is configured to perform identity authentication interaction with the access control card reader to obtain identity authentication information of an object to be identified; the background management device is configured to identify the object to be identified according to the dynamic two-dimensional code information and the identity identification information, obtain the identity identification information of the object to be identified, and determine whether the object to be identified passes identity authentication according to the identity identification information and the identity authentication information.
In an exemplary embodiment, the system further comprises: the card sender is configured to establish a binding relation between the object to be identified and the access card, and realize association of the object to be identified and the access card.
According to another aspect of the application, an electronic device includes a background management apparatus disposed in an access control system, the electronic device including at least one processor and at least one memory, wherein the memory has computer readable instructions stored thereon; the computer readable instructions are executed by the one or more processors to cause the electronic device to implement the access control method as described above.
According to another aspect of the application, a storage medium has stored thereon computer readable instructions that are executed by one or more processors to implement the access control method as described above.
According to another aspect of the application, a computer program product comprises computer readable instructions stored in a storage medium, one or more processors of an electronic device reading the computer readable instructions from the storage medium, loading and executing the computer readable instructions, causing the electronic device to implement an access control method as described above.
The technical scheme provided by the application has the beneficial effects that:
according to the technical scheme, the entrance guard management system refitted by the electronic sentry device comprises the electronic sentry device, the entrance guard card reader, the entrance guard card and the background management device, based on the entrance guard management system, the background management device can read dynamic two-dimensional codes of the objects to be identified through the dynamic two-dimensional codes of the electronic sentry device to obtain dynamic two-dimensional code information of the objects to be identified, the entrance guard card of the entrance guard card reader can read identity identification information of the objects to be identified in the associated entrance guard card, identity authentication interaction of the objects to be identified can be carried out between the entrance guard card reader and the entrance guard card of the objects to be identified, identity authentication information of the objects to be identified can be obtained, then the background management device can carry out identity identification on the objects to be identified according to the dynamic two-dimensional code information and the identity authentication information, and whether the objects to be identified pass identity authentication can be determined according to the identity authentication information, so that the entrance guard device can control the electronic sentry device to execute door opening action for the objects to be identified through the identity authentication, that is based on the functions of the health codes and the place sentry codes, the dynamic two-dimensional codes can be introduced into the identity authentication process, unique identity authentication information can be used, identity authentication characteristics and dynamic variable characteristics can be used, and the fact that the identity recognition information can be unique to fake the identity codes can be fake the identity codes, and the identity recognition information can not be carried out by the electronic sentry persons, and the relevant security devices can not effectively enter the entrance guard system, and the technical system. In addition, the sensitive information is not stored in the access card, but is bound with the access card in a key form, and the identity authentication interaction between the access card reader and the access card is needed to be rebind again to obtain the identity authentication information of the object to be identified, so that the risk of leakage of the sensitive information in the storage process is avoided, and the security of the access management system is further improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that are required to be used in the description of the embodiments of the present application will be briefly described below. It is evident that the drawings in the following description are only some embodiments of the application and that other drawings may be obtained from these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic illustration of an implementation environment in accordance with the present application;
FIG. 2 is a flow chart illustrating a method of door access management according to an exemplary embodiment;
FIG. 3 is a flow chart of step 330 in one embodiment of the corresponding embodiment of FIG. 2;
FIG. 4 is a flow chart illustrating another method of access control management according to an exemplary embodiment;
FIG. 5 is a flow chart of step 430 in one embodiment of the corresponding embodiment of FIG. 4;
FIG. 6 is a flow chart of step 350 in one embodiment of the corresponding embodiment of FIG. 2;
FIG. 7 is a block diagram of a particular implementation of an access control system in an application scenario;
FIG. 8 is a timing diagram of an entrance guard management method based on an entrance guard management system in an application scenario;
fig. 9 is a block diagram illustrating a structure of an access control device according to an exemplary embodiment;
FIG. 10 is a hardware block diagram of an electronic device shown in accordance with an exemplary embodiment;
fig. 11 is a block diagram illustrating a structure of an electronic device according to an exemplary embodiment.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification of this disclosure, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein includes all or any element and all combination of one or more of the associated listed items.
As described above, in most electronic sentinel devices that are idle, a small portion is used for the access control system.
On the one hand, the entrance guard management system refitted by the electronic sentry device does not use a password technology or a national security technology, so that the security of the identity authentication process cannot be fully ensured, and counterfeit molecules are easy to enter illegally.
On the other hand, the conventional access control card often stores sensitive information, and the sensitive information has a leakage risk in the transmission or storage process, so that the security in the identity authentication process is not improved by the access control management system refitted by the electronic sentry device.
From the above, the related art still has the defect of low security of the access control system.
Therefore, the access control method provided by the application can effectively improve the safety of the access control system refitted by the electronic sentry device, and is correspondingly suitable for the access control device which can be deployed in electronic equipment, wherein the electronic equipment can be computer equipment configured with a von neumann system structure, and the computer equipment comprises a desktop computer, a notebook computer, a server and the like.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of an implementation environment related to an access control method. The implementation environment includes an access control system including card issuer 100, access card 200, access card reader 300, background management device 400, and electronic sentinel device 500.
Specifically, the card sender 100 is configured to establish a binding relationship between the object to be identified and the access card 200, so as to achieve association between the object to be identified and the access card 200.
The access card reader 300 is configured to read the access card 200 with which the object to be identified is associated, and is also configured to perform identity authentication interaction with the access card 200.
The background management device 400 is configured to identify an object to be identified, so as to determine whether the object to be identified passes the identity authentication. The background management device 400 may be an electronic device such as a desktop computer, a notebook computer, or a server, and it should be noted that the server may be an independent physical server, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and an artificial intelligence platform. The server is an electronic device for providing background services, for example, in the present implementation environment, the server provides an identification service for an object to be identified.
The electronic sentinel device 500 has a component with an image capturing function, and the component includes a camera 501 configured to read a dynamic two-dimensional code of an object to be identified, and also configured to perform a door opening action for the object to be identified if the object to be identified passes identity authentication. The dynamic two-dimensional code 700 of the object to be identified is generated by the terminal 600, and the terminal 600 may be used for running a client for generating the dynamic two-dimensional code 700, which may be a smart phone, a tablet computer, a smart watch, a smart bracelet, or other portable electronic devices, which are not limited herein. The client provides a dynamic two-dimension code generating function, for example, an instant messaging client, a payment client and the like, which can be in the form of an application program or a webpage, and correspondingly, an interface for generating the dynamic two-dimension code by the client can be in the form of a program window or a webpage, and the interface is not limited herein.
The background management device 400 is respectively connected with the card sender 100, the access card 200, the access card reader 300 and the electronic sentry device 500 in a wired or wireless mode in advance, so that the linkage among the parts in the access management system is realized through the communication connection. The linkage relates to an identity authentication process based on an access control management system, and specifically comprises the following steps: the card sender 100 establishes a binding relationship between the object to be identified and the entrance guard card 200, so that the object to be identified can pass through the electronic sentinel device 500 based on the entrance guard card 200; the camera 501 of the electronic sentry device 500 reads the dynamic two-dimensional code through interaction with the terminal 600 to obtain dynamic two-dimensional code information of an object to be identified, and sends the dynamic two-dimensional code information to the background management device 400 through interaction with the background management device 400; the entrance guard card reader 300 not only reads the entrance guard card 200 to obtain the identity information of the object to be identified in the entrance guard card 200 through interaction with the entrance guard card 200, but also performs identity authentication on the object to be identified to obtain the identity authentication information of the object to be identified, and simultaneously sends the identity information and the identity authentication information of the object to be identified to the background management device 400 through interaction with the background management device 400; the background management device 400 performs identity recognition on the object to be recognized based on the received related information after receiving the dynamic two-dimensional code information, the identity identification information and the identity authentication information of the object to be recognized, so as to determine whether the object to be recognized passes the identity authentication, and finally, under the condition that the object to be recognized passes the identity authentication, the electronic sentry device 500 is controlled to perform an opening action on the object to be recognized through interaction with the electronic sentry device 500, so that the identity authentication process about the object to be recognized is completed.
Referring to fig. 2, an embodiment of the present application provides a method for managing an access control, where the method is applied to an access control system modified by an electronic sentinel device, and the access control system may be an access control system in an implementation environment shown in fig. 1, and in fig. 1, the access control system may include the electronic sentinel device, a card issuer, an access control card reader, an access control card, and a background management device.
In the following method embodiments, for convenience of description, the execution subject of each step of the method is taken as each part in the access control system as an example, but this is not particularly limited to this configuration.
As shown in fig. 2, the method may include the steps of:
the dynamic two-dimensional code information of the object to be identified is obtained through the dynamic two-dimensional code reading performed by the electronic sentry device, and the identity information of the object to be identified in the associated access card is obtained through the access card reading performed by the access card reader.
Firstly, based on the entrance guard management system refitted by the electronic sentry device, the function of collecting the health code and the place code by the electronic sentry device is utilized, so that the entrance guard management system can read the dynamic two-dimensional code by the electronic sentry device, introduce the dynamic two-dimensional code into an identity authentication process, fully utilize the unique identity identification and dynamic variation characteristics of the two-dimensional code, and reduce the probability of illegal entry of counterfeit molecules. Specifically, in fig. 1, the object to be identified generates a dynamic two-dimensional code for uniquely identifying the identity of the object to be identified by means of a client terminal generating the dynamic two-dimensional code 700 running in the terminal 600, so that the camera 501 of the electronic sentinel device 500 reads the dynamic two-dimensional code through interaction with the terminal 600 to obtain dynamic two-dimensional code information of the object to be identified, and then sends the dynamic two-dimensional code information to the background management device 400 through interaction with the background management device 400. The dynamic two-dimensional code information comprises a dynamic two-dimensional code for uniquely identifying the identity of the object to be identified, and can also be considered as the dynamic two-dimensional code information is used for uniquely identifying the identity of the object to be identified.
It should be noted that the object to be identified may be a legal user who has registered the access card, or may be a counterfeit molecule which counterfeits the access card, and accordingly, both the legal user and the counterfeit molecule have the access card associated with them. In other words, the object to be identified with the associated access card may be a legal user, which can pass the identity authentication of the access control system later, or may be a fake molecule, which cannot pass the identity authentication based on the access control system provided by the application.
Secondly, the entrance guard card registration means that binding between an object to be identified and an entrance guard card is carried out by using a card sender of an entrance guard management system, so that the object to be identified can be used as a legal user and based on the entrance guard card electronic sentry device. In the registration process of the access card, the identity information of the legal user is stored in the access card so as to establish a binding relationship between the legal user and the access card, and the association between the legal user and the access card is realized. Of course, for a counterfeit molecule, in order to obtain the access card associated therewith, counterfeit identification information is also stored in the access card.
Based on the identification information, the identification information of the object to be identified stored in the associated access card can be obtained by the access card reader reading the access card along with the interaction of the access card reader and the access card.
In one possible implementation, the identification information is distributed by an access control system or a third party (e.g., a key management and card issuing system) for the object to be identified, and is data for uniquely identifying the identity of the object to be identified. That is, the identification information is also identification for uniquely identifying the object to be identified, but is different from the dynamic two-dimensional code information generated by the terminal, and is distributed by the access control system or a third party. It should be noted that the identification information distributed by the access control system or the third party does not relate to sensitive information, and the risk of leakage does not exist when the identification information is stored in the access control card.
And 330, obtaining the identity authentication information of the object to be identified through the identity authentication interaction between the access control card reader and the access control card with which the object to be identified is associated.
As mentioned above, the conventional access card often stores sensitive information, for example, information closely related to the identity of the user, where the sensitive information has a risk of leakage during transmission or storage, so that the security of the access control system cannot be ensured. Therefore, in this embodiment, the access card does not store the sensitive information, but binds the sensitive information with the access card in a key form, and the identity authentication information of the object to be identified can be obtained by rebinding through the identity authentication interaction between the access card reader and the access card, so that the access management system can perform subsequent identity authentication.
In one possible implementation, the sensitive information includes dynamic two-dimensional code information of the object to be identified. Then, the dynamic two-dimensional code information of the object to be identified is not directly stored in the access card, but is stored in the access card in a key form, so that confidentiality of the dynamic two-dimensional code information is ensured.
Based on the identity authentication interaction, the identity of the object to be identified can be authenticated through data transmission between the access control card reader and the access control card, so as to obtain the identity authentication information of the object to be identified. Wherein the transmitted data includes, but is not limited to: the access card reader is a key which is stored in the access card and used for replacing the sensitive information and is used for generating non-sensitive information of the object to be identified.
In one possible implementation, the non-sensitive information generated by the access card reader for the object to be identified includes initial authentication information, which may be, for example, a random number generated using a random number generator.
In one possible implementation, the key stored in the access card that is used to replace the sensitive information includes a card authentication key. The card authentication key may be obtained by performing encryption operation on the sensitive information by using an encryption algorithm in the access card registration process, for example, the encryption algorithm includes, but is not limited to, a symmetric cryptographic algorithm, a stream cryptographic algorithm, and the like, in other words, the card authentication key may be obtained based on binding between the object to be identified and the access card.
Specifically, as shown in fig. 3, the authentication interaction process may include the following steps: the entrance guard card reader generates initial authentication information for an object to be identified; the entrance guard card reader sends the initial authentication information to the entrance guard card; based on the binding relation established between the object to be identified and the access card, the access card acquires a card authentication key, and performs encryption operation on initial authentication information according to the card authentication key to obtain identity authentication information of the object to be identified; the entrance guard card sends the identity authentication information of the object to be identified to the entrance guard card reader.
In the mode, sensitive information is not involved in the whole data transmission process, and the risk of leakage of the sensitive information in the transmission or storage process is avoided, so that the safety of the access control management system is improved.
In step 350, the background management device performs identity recognition on the object to be recognized according to the dynamic two-dimensional code information and the identity identification information to obtain the identity identification information of the object to be recognized, and determines whether the object to be recognized passes identity authentication according to the identity identification information and the identity authentication information.
For the background management device, dynamic two-dimensional code information, identity identification information and identity authentication information of an object to be identified can be received through dynamic two-dimensional code reading performed by the electronic sentry device, access card reading performed by the access card reader and identity authentication interaction performed between the access card reader and the access card about the object to be identified.
After receiving the information of the object to be identified, the background management device firstly carries out identity identification on the object to be identified according to the dynamic two-dimensional code information and the identity identification information so as to obtain the identity identification information of the object to be identified, and then the background management device can determine whether the object to be identified passes identity authentication or not based on the identity identification information and the identity authentication information.
In one possible implementation, the criterion that the object to be identified passes the identity authentication may mean that the identity information is consistent with the identity authentication information, that is, if the identity information is consistent with the identity authentication information, it is determined that the object to be identified passes the identity authentication. That is, the object to be identified not only performs one-time identity authentication through the identity authentication interaction between the access control card reader and the access control card, but also performs one-time identity authentication based on the background management device, and only two times of identity authentication are matched, namely, the identity authentication information is consistent with the identity authentication information, the object to be identified can be considered to pass through the identity authentication, so that the accuracy of the identity authentication process is fully ensured.
If the object to be identified passes the identity authentication, that is, the identity authentication of the object to be identified is successful, which means that the object to be identified belongs to a legal user, step 370 is executed.
Otherwise, if the object to be identified fails the identity authentication, that is, if the identity authentication of the object to be identified fails, it indicates that the object to be identified may be a counterfeit molecule, which may, of course, be caused by other external factors, for example, unclear dynamic two-dimensional codes of the object to be identified due to insufficient light, etc., the step returns to step 310 to continue to read the dynamic two-dimensional codes of the object to be identified.
It should be noted that although some users register the entrance guard card and do not belong to the fake molecule, the entrance guard card may exist in a blacklist preset by the entrance guard management system, and the blacklist stores the identity information of some users who are not allowed to pass through the electronic sentry device. Of course, in other embodiments, the enabling of the blacklist may also be that, before the electronic sentry device performs the door opening action, specifically, if the object to be identified passes the identity authentication, the background management device detects whether the identity information of the object to be identified passing the identity authentication exists in the set blacklist, if not, it indicates that the object to be identified is allowed to pass the electronic sentry device, and then controls the electronic sentry device to open the door for the object to be identified, where the method is not limited specifically.
And step 370, controlling the electronic sentry device to execute a door opening action for the object to be identified under the condition that the object to be identified passes the identity authentication.
That is, for an object to be recognized that passes identity authentication, it will be considered as a legitimate user and an electronic sentinel device can be smoothly passed through.
Through the process, based on the entrance guard management system refitted by the electronic sentry device, on one hand, based on the function that the electronic sentry device can read the health code and the place code, the dynamic two-dimensional code is introduced into the identity authentication process, the unique identity and dynamic variation characteristics of the two-dimensional code are fully utilized, so that the probability of illegal entry of counterfeit molecules is reduced, the problem that the entrance guard management system refitted by the electronic sentry device is not high in safety in the related art can be effectively solved, on the other hand, the entrance guard card is not used for storing sensitive information, but the sensitive information is bound with the entrance guard card in a key form, the identity authentication information of an object to be identified can be obtained by rebinding through identity authentication interaction between the entrance guard card reader and the entrance guard card, the risk of leakage of the sensitive information in the storage process is avoided, and the entrance guard management system safety is further improved.
In an exemplary embodiment, prior to step 310, the method may further comprise the steps of: binding between the object to be identified and the access card is carried out through the card sender.
That is, the entrance guard card is registered, and the object to be identified is bound with the entrance guard card by the card sender, so that the object to be identified becomes a legal user, and the electronic sentry device can be operated based on the entrance guard card.
Specifically, as shown in fig. 4, the access card registration process may include the steps of:
in step 410, in response to the card issuing instruction for the object to be identified, the card issuer obtains the root key and the identification information distributed for the object to be identified.
The identity information is used for uniquely identifying the identity of the object to be identified, and can be distributed by an access control system or a third party (such as a key management and card issuing system).
The root key may then be generated by the card issuer, e.g., by a random bit generator configured by the card issuer.
Then, for the card sender, after receiving the card sending instruction for the object to be identified, on one hand, the identity information of the object to be identified, which is distributed by the access control system or the third party, is obtained, and on the other hand, a corresponding root key is generated for the object to be identified. It should be noted that, the card issuing instruction may be sent to the card issuer by the access control system or a third party, for example, when the object to be identified requests to register the access card, the background management device may issue the card issuing instruction for the object to be identified to the card issuer.
Step 430, performing multi-level key dispersion on the identity information according to the root key to obtain a card authentication key.
As described above, the access control card does not store the sensitive information, but binds the sensitive information with the access control card in a key form, so as to avoid the risk of leakage of the sensitive information in the transmission or storage process, thereby further improving the security of the access control system.
In this embodiment, the card authentication key used to replace the sensitive information and stored in the access card is obtained by performing encryption operation on the sensitive information by using an encryption algorithm in the registration process of the access card.
Specifically, taking a symmetric cryptographic algorithm as an example, as shown in fig. 5, the sensitive information at least includes dynamic two-dimensional code information of the object to be identified, and the encryption process of the sensitive information may include the following steps:
in step 431, the first-level dispersion key is obtained by taking the identity information as the dispersion factor of the first-level dispersion and performing the first-level dispersion on the identity information through the root key.
Step 433, fusing the identification information and the dynamic two-dimensional code information of the object to be identified, and calculating a corresponding hash value.
The fusion method may be to splice the identity information and the dynamic two-dimensional code information, or to add the identity information and the dynamic two-dimensional code information, which is not limited herein.
In step 435, the hash value is used as a dispersion factor of the second dispersion, and the second dispersion is performed on the hash value by the first dispersion key to obtain the card authentication key.
Therefore, through two-stage key dispersion of a symmetric cryptographic algorithm, the dynamic two-dimensional code information is converted into a card authentication key by taking the corresponding hash value as a key dispersion factor, so that the subsequent dynamic two-dimensional code information can be stored in an access card in a key form, and the confidentiality of the dynamic two-dimensional code information is ensured.
In addition, the hash algorithm is unidirectional and irreversible, so that the validity of the dynamic two-dimensional code is judged by utilizing the hash value under the condition that the dynamic two-dimensional code is not stored in the access control card, the password technology is fully utilized, and the safety of the access control management system is improved.
And 450, storing the card authentication key and the identity identification information in the access card, and establishing a binding relationship between the object to be identified and the access card through storage, so as to realize the association of the object to be identified and the access card.
That is, the dynamic two-dimensional code information is not stored in the access card, but the card authentication key obtained by converting the dynamic two-dimensional code information is stored in the access card, so that the sensitive information is bound with the access card in a key form.
Of course, in some embodiments, the card sender may update the relevant information such as the validity period and the passing authority of the access card, so as to fully ensure the security of the access card, and further fully ensure the security of the access management system.
Under the cooperation of the embodiment, the binding between the object to be identified and the access card, namely the access card registration, is realized, and the sensitive information is converted into the key by utilizing the two-stage key dispersion of the symmetric cryptographic algorithm, so that the access card does not store the sensitive information any more, but the binding between the sensitive information and the access card in the form of the key is realized, the confidentiality of the sensitive information is fully ensured, the risk of leakage of the sensitive information in the storage process is avoided, and the security of an access control system is further improved.
Referring to fig. 6, in an exemplary embodiment, step 350 may include the steps of:
step 351, obtaining a primary scattered key corresponding to the identity information and generated by the card sender, and initial authentication information generated by the entrance guard card reader for the object to be identified.
As described above, in the access card registration process, after receiving the card issuing instruction, the card issuer firstly obtains the root key and the identity information distributed for the object to be identified, and then uses the identity information as the dispersion factor of the first-level dispersion, and the first-level dispersion key can be obtained by performing the first-level dispersion on the identity information through the root key.
In addition, in the identity authentication interaction process of the access card reader and the access card about the object to be identified, the access card reader firstly generates initial authentication information for the object to be identified.
Based on the above, for the background management device, in the process of identifying the object to be identified, the primary scattered key uploaded by the card sender and the initial authentication information uploaded by the access control card reader can be obtained.
The primary scattered key and the initial authentication information may be stored in the background management device in advance, so that the background management device can read in the process of identity identification, or the background management device can inform the card sender and the access card reader to upload the primary scattered key and the initial authentication information respectively in the process of identity identification, which is not limited herein.
And 353, obtaining a second-level scattered factor according to the dynamic two-dimensional code information and the identity identification information, and performing second-level scattering on the second-level scattered factor through the first-level scattered key to obtain the card authentication key.
In this embodiment, the card authentication key is obtained by performing encryption operation on the dynamic two-dimensional code information and the identity information by using an encryption algorithm.
In one possible implementation, the encryption algorithm comprises a two-level dispersion of a symmetric cryptographic algorithm. The first-level dispersion is used for obtaining a first-level dispersion key, and the second-level dispersion is used for obtaining a card authentication key.
In one possible implementation, the scatter factor of the second level scatter comprises a hash value.
Specifically, fusing dynamic two-dimensional code information and identity information, and calculating a corresponding hash value; and taking the hash value as a dispersion factor of the secondary dispersion, and performing the secondary dispersion on the hash value through the primary dispersion key to obtain the card authentication key. The fusion method may be to splice the identity information and the dynamic two-dimensional code information, or to add the identity information and the dynamic two-dimensional code information, which is not limited herein.
Step 355, performing encryption operation on the initial authentication information according to the card authentication key to obtain the identity information of the object to be identified.
Among the encryption algorithms employed by the encryption operations include, but are not limited to: symmetric cryptographic algorithms, stream cryptographic algorithms.
In the process, the identification based on the background management device is realized, and the identification process is consistent with the principle based on the identification process between the access control card reader and the access control card, so that the consistency of the identification information and the identification information is ensured, and whether the object to be identified is realized through the identification is determined.
Fig. 7 is a block diagram of a specific implementation of an access control system in an application scenario, and fig. 8 is a specific time sequence interaction diagram of an access control method based on the access control system in an application scenario.
As shown in fig. 7, in this application scenario, the access control system modified by the electronic sentinel device and the terminal providing the dynamic two-dimensional code are involved. The entrance guard management system comprises an issuer 100, an entrance guard card 200, an entrance guard card reader 300, a background management device 400 and an electronic sentry device 500 provided with a camera 501; the terminal 600 includes a smart phone that can be operated by a client that generates the dynamic two-dimensional code 700.
As shown in fig. 8, the access control method based on the access control system shown in fig. 7 includes a card issuing process and an identity authentication process.
Card issuing flow:
the first step: when an object to be identified requests access card registration, a key management and card issuing system generates an identification information UID of the object to be identified, the identification information UID is used as a first-level scattered scattering factor, and simultaneously, a card issuing instruction is issued to a card issuer, wherein the card issuing instruction carries the UID;
and a second step of: the card sender generates a root key through a random bit generator;
and a third step of: the card sender extracts a UID from the card sending instruction, and performs primary dispersion on the UID through a root key by adopting a symmetric cryptographic algorithm to obtain a primary dispersion key Key;
Fourth step: the card sender splices the UID and the dynamic two-dimensional code provided by the object to be identified, calculates a corresponding hash value hash, and then performs secondary dispersion on the hash value hash through a primary dispersion key Keyr by adopting a symmetric cryptographic algorithm to obtain a card authentication key Keyc, namely keyc=enc (Keyr, hash).
Fifth step: the card sender stores the Keyc and the UID in the access card.
Therefore, the entrance guard card registration is completed, namely, a binding relation is established between the object to be identified and the entrance guard card, and the object to be identified becomes a legal user.
Identity authentication flow:
the first step: the camera of the electronic sentry device scans the dynamic two-dimensional code of the object to be identified to obtain dynamic two-dimensional code information Bi, and meanwhile, the access control card reader reads the UID in the access control card associated with the object to be identified;
and a second step of: an internal password module (such as a random number generator) of the access card reader generates a random number Ra as initial authentication information of an object to be identified, and sends the random number Ra to the access card in the form of sending an internal authentication instruction;
and a third step of: the entrance guard card extracts a random number Ra from the internal authentication instruction, carries out encryption operation on the random number Ra by adopting a symmetric cryptographic algorithm according to a card authentication key Key c to obtain identity authentication information Ra ' of the legal user, namely Ra ' =enc (Key c, ra), and returns Ra ' to the entrance guard card reader;
Fourth step: uploading Ra', bi and UID to a background management device;
fifth step: after receiving the information, the background management device performs identity recognition on the object to be recognized, and specifically comprises the following steps: splicing Bi and UID, carrying out hash calculation on spliced information (Bi+UID) by adopting a hash algorithm to obtain a corresponding hash value hash, namely a hash=hash algorithm (Bi+UID), and taking the hash value hash as a secondary dispersion factor; secondly, performing secondary dispersion on the hash value by using a primary dispersion key Keyr uploaded by the card sender and adopting a symmetric cryptographic algorithm to obtain a card authentication key Keyc, namely keyc=enc (Keyr, hash); and then, carrying out encryption operation on the random number Ra uploaded by the access card reader by adopting a symmetric cryptographic algorithm according to the card authentication key Key c to obtain identity authentication information Ra ', namely Ra' =Enc (Key c, ra).
Sixth step: if Ra '=Ra', the object to be identified passes identity authentication, otherwise, the identity authentication of the object to be identified fails, the first step of the identity authentication flow is returned, and the dynamic two-dimensional code of the object to be identified is continuously read;
seventh step: for the object to be identified passing the identity authentication, the background management device compares whether the UID of the object to be identified exists in the blacklist, if not, the object to be identified passing the identity authentication belongs to a legal user, and the associated access control card is a registered legal access control card.
At this time, the background management device sends a door opening instruction to the electronic sentry device to control the electronic sentry device to open the door for the legal user.
In the application scene, the idle electronic sentry device is fully utilized, the entrance guard management system refitted by the electronic sentry device is constructed, the combination mode of the dynamic two-dimensional code and the entrance guard card is adopted, the characteristics of dynamic change and unique identification of the two-dimensional code are utilized, meanwhile, the symmetrical cryptographic algorithm is fully utilized to convert the sensitive information into a key form, the risk that counterfeit molecules illegally enter a high confidentiality place is reduced, the confidentiality of the sensitive information is fully ensured, the risk of leakage of the sensitive information in the storage process is avoided, and compared with the traditional combination mode of a biological feature recognition technology (such as fingerprints, faces and the like) and the entrance guard card, no additional personnel are needed to collect the biological feature of an object to be recognized, and the method is beneficial to reducing the labor cost.
The following is an embodiment of the device of the present application, which may be used to execute the access control method related to the present application. For details not disclosed in the embodiment of the apparatus of the present application, please refer to a method embodiment of the door control method according to the present application.
Referring to fig. 9, an embodiment of the application provides an access control device 900, which is applied to an access control system, wherein the access control system comprises an electronic sentry device, an access control card reader, an access control card and a background management device.
The access control device 900 includes, but is not limited to: an information acquisition module 910, an authentication interaction module 930, an identity authentication module 950, and a control pass module 970.
The information obtaining module 910 is configured to obtain dynamic two-dimensional code information of an object to be identified by reading a dynamic two-dimensional code through the electronic sentinel device, and obtain identity information of the object to be identified in an associated access card by reading an access card through the access card reader.
And the authentication interaction module 930 is used for carrying out identity authentication interaction on the object to be identified between the access control card reader and the access control card associated with the object to be identified, so as to obtain the identity authentication information of the object to be identified.
The identity authentication module 950 is configured to perform identity recognition on the object to be recognized according to the dynamic two-dimensional code information and the identity identification information by using the background management device, obtain identity identification information of the object to be recognized, and determine whether the object to be recognized passes identity authentication according to the identity identification information and the identity authentication information.
The control passing module 970 is configured to control the electronic sentry device to perform a door opening action for the object to be identified if the object to be identified passes the identity authentication.
In an exemplary embodiment, the access control system further comprises a card issuer. The apparatus 900 further comprises: and the binding module is used for binding the object to be identified with the access card through the card sender.
In an exemplary embodiment, the binding module is further to: and responding to the card issuing instruction aiming at the object to be identified, and acquiring the root key and the identity information distributed for the object to be identified by the card issuer. And carrying out multistage key dispersion on the identity information according to the root key to obtain a card authentication key. And storing the card authentication key and the identity identification information in the access card, and establishing a binding relationship between the object to be identified and the access card through storage, so as to realize the association of the object to be identified and the access card.
In an exemplary embodiment, the binding module is further to: and taking the identity information as a dispersion factor of the primary dispersion, and carrying out the primary dispersion on the identity information through the root key to obtain a primary dispersion key. And fusing the identity identification information and the dynamic two-dimensional code information of the object to be identified, and calculating a corresponding hash value. And taking the hash value as a dispersion factor of the secondary dispersion, and performing the secondary dispersion on the hash value through the primary dispersion key to obtain the card authentication key.
In an exemplary embodiment, the authentication interaction module 930 is further configured to: the entrance guard card reader generates initial authentication information for the object to be identified and sends the initial authentication information to the entrance guard card. Based on the binding relation established between the object to be identified and the access card, the access card acquires a card authentication key, and performs encryption operation on the received initial authentication information according to the card authentication key to obtain the identity authentication information of the object to be identified. The entrance guard card sends the identity authentication information of the object to be identified to the entrance guard card reader.
In an exemplary embodiment, the access control system further comprises a card issuer. The identity authentication module 950 is also configured to: and acquiring a primary scattered key corresponding to the identity identification information and generated by the card sender and initial authentication information generated by the entrance guard card reader for the object to be identified. And obtaining a second-level scattered factor according to the dynamic two-dimensional code information and the identity identification information, and carrying out second-level scattering on the second-level scattered factor through the first-level scattered key to obtain the card authentication key. And carrying out encryption operation on the initial authentication information according to the card authentication key to obtain the identity recognition information of the object to be recognized.
In an exemplary embodiment, the identity authentication module 950 is further configured to: if the identity identification information is consistent with the identity authentication information, determining that the object to be identified passes the identity authentication.
In an exemplary embodiment, the apparatus 900 further comprises: the background management device is used for detecting whether the identity information exists in the set blacklist. If not, continuing to identify the object to be identified.
It should be noted that, when the access control device provided in the foregoing embodiment performs identity recognition, only the division of the functional modules is used for illustration, in practical application, the allocation of the functions may be performed by different functional modules according to needs, that is, the internal structure of the access control device is divided into different functional modules to complete all or part of the functions described above.
In addition, the embodiments of the access control device and the access control method provided in the foregoing embodiments belong to the same concept, and the specific manner in which each module performs the operation has been described in detail in the method embodiments, which is not described herein again.
Fig. 10 shows a schematic structure of an electronic device according to an exemplary embodiment. The electronic device is suitable for the background management device 400 deployed in the entrance guard management system in the implementation environment shown in fig. 1.
It should be noted that the electronic device is only an example adapted to the present application, and should not be construed as providing any limitation on the scope of use of the present application. Nor should the electronic device be construed as necessarily relying on or necessarily having one or more of the components of the exemplary electronic device 2000 illustrated in fig. 10.
The hardware structure of the electronic device 2000 may vary widely depending on the configuration or performance, as shown in fig. 10, the electronic device 2000 includes: a power supply 210, an interface 230, at least one memory 250, and at least one central processing unit (CPU, central Processing Units) 270.
Specifically, the power supply 210 is configured to provide an operating voltage for each hardware device on the electronic device 2000.
The interface 230 includes at least one wired or wireless network interface 231 for interacting with external devices. For example, interactions between electronic sentinel device 500 and background management device 400 in the implementation environment shown in FIG. 1 are performed.
Of course, in other examples of the adaptation of the present application, the interface 230 may further include at least one serial-parallel conversion interface 233, at least one input-output interface 235, at least one USB interface 237, and the like, as shown in fig. 10, which is not particularly limited herein.
The memory 250 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, where the resources stored include an operating system 251, application programs 253, and data 255, and the storage mode may be transient storage or permanent storage.
The operating system 251 is used for managing and controlling various hardware devices and applications 253 on the electronic device 2000, so as to implement the operation and processing of the cpu 270 on the mass data 255 in the memory 250, which may be Windows server, mac OS XTM, unixTM, linuxTM, freeBSDTM, etc.
The application 253 is based on computer readable instructions on the operating system 251 to perform at least one specific task, which may include at least one module (not shown in fig. 10), each of which may include computer readable instructions for the electronic device 2000, respectively. For example, the access control device may be considered as an application 253 deployed on the electronic device 2000.
The data 255 may be a photograph, a picture, etc. stored in a disk, or may be related information (such as identification information, authentication information, and identification information) of an object to be identified, etc. stored in the memory 250.
The central processor 270 may include one or more of the above processors and is configured to communicate with the memory 250 via at least one communication bus to read computer readable instructions stored in the memory 250, thereby implementing operations and processing of the bulk data 255 in the memory 250. The access control method is accomplished, for example, by the central processor 270 reading a series of computer readable instructions stored in the memory 250.
Furthermore, the present application can be realized by hardware circuitry or by a combination of hardware circuitry and software, and thus, the implementation of the present application is not limited to any specific hardware circuitry, software, or combination of the two.
Referring to fig. 11, in an embodiment of the present application, an electronic device 4000 is provided, where the electronic device 4000 may include: the background management device deployed in the access control management system may include, for example, a desktop computer, a notebook computer, a server, and the like.
In fig. 11, the electronic device 4000 includes at least one processor 4001 and at least one memory 4003.
Among other things, data interaction between the processor 4001 and the memory 4003 may be achieved by at least one communication bus 4002. The communication bus 4002 may include a path for transferring data between the processor 4001 and the memory 4003. The communication bus 4002 may be a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus or an EISA (Extended Industry Standard Architecture ) bus, or the like. The communication bus 4002 can be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 11, but not only one bus or one type of bus.
Optionally, the electronic device 4000 may further comprise a transceiver 4004, the transceiver 4004 may be used for data interaction between the electronic device and other electronic devices, such as transmission of data and/or reception of data, etc. It should be noted that, in practical applications, the transceiver 4004 is not limited to one, and the structure of the electronic device 4000 is not limited to the embodiment of the present application.
The processor 4001 may be a CPU (Central Processing Unit ), general purpose processor, DSP (Digital Signal Processor, data signal processor), ASIC (Application Specific Integrated Circuit ), FPGA (Field Programmable Gate Array, field programmable gate array) or other programmable logic device, transistor logic device, hardware components, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. The processor 4001 may also be a combination that implements computing functionality, e.g., comprising one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.
The Memory 4003 may be, but is not limited to, ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, RAM (Random Access Memory ) or other type of dynamic storage device that can store information and instructions, EEPROM (Electrically Erasable Programmable Read Only Memory ), CD-ROM (Compact Disc Read Only Memory, compact disc Read Only Memory) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program instructions or code in the form of instructions or data structures and that can be accessed by the electronic device 4000.
The memory 4003 has computer readable instructions stored thereon, and the processor 4001 can read the computer readable instructions stored in the memory 4003 through the communication bus 4002.
The computer readable instructions are executed by the one or more processors 4001 to implement the access control method in the above embodiments.
In addition, in an embodiment of the present application, a storage medium is provided, on which computer readable instructions are stored, the computer readable instructions being executed by one or more processors to implement the entrance guard management method as described above.
In an embodiment of the present application, a computer program product is provided, where the computer program product includes computer readable instructions, where the computer readable instructions are stored in a storage medium, and where one or more processors of an electronic device read the computer readable instructions from the storage medium, load and execute the computer readable instructions, so that the electronic device implements an access control method as described above.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present application, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present application, and such modifications and adaptations are intended to be comprehended within the scope of the present application.
Claims (6)
1. The utility model provides a entrance guard management method which is characterized in that is applied to entrance guard management system, the system includes electron sentry device, card sender, entrance guard card reader, entrance guard card and backstage management device, the method includes:
the dynamic two-dimensional code of the object to be identified is read through the dynamic two-dimensional code of the electronic sentry device, and the identity information of the object to be identified in the associated access card is obtained through access card reading of the access card reader;
the identity authentication interaction is carried out on the object to be identified between the entrance guard card reader and the entrance guard card associated with the object to be identified, so that the identity authentication information of the object to be identified is obtained;
the background management device carries out identity recognition on the object to be recognized according to the dynamic two-dimensional code information and the identity identification information to obtain the identity identification information of the object to be recognized, and determines whether the object to be recognized passes identity authentication according to the identity identification information and the identity authentication information; the step of identity identification comprises the following steps: acquiring a primary scattered key corresponding to the identity information and generated by the card sender and initial authentication information generated by the access control card reader for the object to be identified; fusing the dynamic two-dimensional code information and the identity information and calculating a corresponding hash value; taking the hash value as a secondary dispersion factor, and carrying out secondary dispersion on the secondary dispersion factor through the primary dispersion key to obtain a card authentication key; performing encryption operation on the initial authentication information according to the card authentication key to obtain the identity recognition information of the object to be recognized;
Under the condition that the object to be identified passes identity authentication, controlling the electronic sentry device to execute a door opening action for the object to be identified;
the method further comprises the steps of: binding the object to be identified and the access card through the card sender;
the binding between the object to be identified and the access card is performed by the card sender, which comprises the following steps: responding to a card issuing instruction aiming at the object to be identified, and acquiring a root key and identity information distributed for the object to be identified by the card issuer; performing multistage key dispersion on the identity information according to the root key to obtain a card authentication key; storing a card authentication key and the identity identification information in the access card, and realizing the association of the object to be identified and the access card through the stored binding relationship between the object to be identified and the access card; the step of performing multistage key dispersion on the identity information according to the root key to obtain a card authentication key comprises the following steps: taking the identity information as a dispersion factor of primary dispersion, and carrying out primary dispersion on the identity information through the root key to obtain a primary dispersion key; fusing the identity information and the dynamic two-dimensional code information of the object to be identified, and calculating a corresponding hash value; and taking the hash value as a dispersion factor of the secondary dispersion, and performing the secondary dispersion on the hash value through the primary dispersion key to obtain the card authentication key.
2. The method according to claim 1, wherein the step of performing an authentication interaction between the access card reader and the access card to which the object to be identified is associated to obtain the authentication information of the object to be identified includes:
the entrance guard card reader generates initial authentication information for the object to be identified and sends the initial authentication information to the entrance guard card;
based on the binding relation established between the object to be identified and the access card, the access card acquires a card authentication key, and performs encryption operation on the received initial authentication information according to the card authentication key to obtain identity authentication information of the object to be identified;
and the entrance guard card sends the identity authentication information of the object to be identified to the entrance guard card reader.
3. The method according to any one of claims 1 to 2, wherein said determining whether the object to be identified is authenticated based on the identification information and the authentication information comprises:
and if the identity identification information is consistent with the identity identification information, determining that the object to be identified passes the identity identification.
4. The method according to any one of claims 1 to 2, wherein after the access card reading by the access card reader obtains the identity information of the object to be identified in the associated access card, the method further comprises:
the background management device detects whether the identity information exists in a set blacklist or not;
if not, continuing to identify the object to be identified.
5. An access control system, the system comprising:
the electronic sentry device is configured to acquire dynamic two-dimensional code information of an object to be identified and execute a door opening action for the object to be identified under the condition that the object to be identified passes identity authentication;
the entrance guard card reader is configured to read an entrance guard card associated with the object to be identified, obtain the identity information of the object to be identified, and perform identity authentication interaction with the entrance guard card;
the entrance guard card is configured to perform identity authentication interaction with the entrance guard card reader to obtain identity authentication information of the object to be identified;
the background management device is configured to identify the object to be identified according to the dynamic two-dimensional code information and the identity identification information, obtain the identity identification information of the object to be identified, and determine whether the object to be identified passes identity authentication according to the identity identification information and the identity authentication information; the step of identity identification comprises the following steps: acquiring a primary scattered key corresponding to the identity information and generated by a card sender and initial authentication information generated by the access control card reader for the object to be identified; fusing the dynamic two-dimensional code information and the identity information and calculating a corresponding hash value; taking the hash value as a secondary dispersion factor, and carrying out secondary dispersion on the secondary dispersion factor through the primary dispersion key to obtain a card authentication key; performing encryption operation on the initial authentication information according to the card authentication key to obtain the identity recognition information of the object to be recognized;
The card sender is configured to establish a binding relationship between the object to be identified and the access card so as to realize the association of the object to be identified and the access card; the establishing a binding relation between the object to be identified and the access card comprises the following steps: responding to a card issuing instruction aiming at the object to be identified, and acquiring a root key and identity information distributed for the object to be identified by the card issuer; performing multistage key dispersion on the identity information according to the root key to obtain a card authentication key; storing a card authentication key and the identity identification information in the access card, and realizing the association of the object to be identified and the access card through the stored binding relationship between the object to be identified and the access card; the step of performing multistage key dispersion on the identity information according to the root key to obtain a card authentication key comprises the following steps: taking the identity information as a dispersion factor of primary dispersion, and carrying out primary dispersion on the identity information through the root key to obtain a primary dispersion key; fusing the identity information and the dynamic two-dimensional code information of the object to be identified, and calculating a corresponding hash value; and taking the hash value as a dispersion factor of the secondary dispersion, and performing the secondary dispersion on the hash value through the primary dispersion key to obtain the card authentication key.
6. A storage medium having stored thereon computer readable instructions that are executed by one or more processors to implement the access control method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311121654.5A CN116844266B (en) | 2023-09-01 | 2023-09-01 | Access control method, access control system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311121654.5A CN116844266B (en) | 2023-09-01 | 2023-09-01 | Access control method, access control system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116844266A CN116844266A (en) | 2023-10-03 |
| CN116844266B true CN116844266B (en) | 2023-11-24 |
Family
ID=88172881
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311121654.5A Active CN116844266B (en) | 2023-09-01 | 2023-09-01 | Access control method, access control system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116844266B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101826227A (en) * | 2010-04-30 | 2010-09-08 | 广州合立正通信息网络集成有限公司 | Triple-authentication gate control system and control method |
| CN104376631A (en) * | 2014-12-09 | 2015-02-25 | 天津光电安辰信息技术有限公司 | Commercial cipher algorithm based security access control system and implementation method thereof |
| CN106127906A (en) * | 2016-07-13 | 2016-11-16 | 尹博实 | The unlocking method of a kind of door-control lock, Apparatus and system |
| CN106780908A (en) * | 2016-12-30 | 2017-05-31 | 广州卡趴网络科技有限公司 | A kind of gate inhibition's generation objective reservation system |
| CN109272609A (en) * | 2018-08-19 | 2019-01-25 | 天津新泰基业电子股份有限公司 | A kind of CPU safety door inhibition control method and system |
| CN210428593U (en) * | 2019-08-02 | 2020-04-28 | 杭州泛在物联网科技有限公司 | Intelligent access control management system |
| CN112820007A (en) * | 2020-12-30 | 2021-05-18 | 广东赛诺科技股份有限公司 | Method and system for distinguishing two-dimensional code and IC card signal based on Wiegand protocol |
| CN115758398A (en) * | 2022-10-31 | 2023-03-07 | 鼎铉商用密码测评技术(深圳)有限公司 | Access control data processing method and device, access control system and storage medium |
| CN116580489A (en) * | 2023-07-13 | 2023-08-11 | 鼎铉商用密码测评技术(深圳)有限公司 | Access control equipment, access control card and card sender control method, equipment and medium |
-
2023
- 2023-09-01 CN CN202311121654.5A patent/CN116844266B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101826227A (en) * | 2010-04-30 | 2010-09-08 | 广州合立正通信息网络集成有限公司 | Triple-authentication gate control system and control method |
| CN104376631A (en) * | 2014-12-09 | 2015-02-25 | 天津光电安辰信息技术有限公司 | Commercial cipher algorithm based security access control system and implementation method thereof |
| CN106127906A (en) * | 2016-07-13 | 2016-11-16 | 尹博实 | The unlocking method of a kind of door-control lock, Apparatus and system |
| CN106780908A (en) * | 2016-12-30 | 2017-05-31 | 广州卡趴网络科技有限公司 | A kind of gate inhibition's generation objective reservation system |
| CN109272609A (en) * | 2018-08-19 | 2019-01-25 | 天津新泰基业电子股份有限公司 | A kind of CPU safety door inhibition control method and system |
| CN210428593U (en) * | 2019-08-02 | 2020-04-28 | 杭州泛在物联网科技有限公司 | Intelligent access control management system |
| CN112820007A (en) * | 2020-12-30 | 2021-05-18 | 广东赛诺科技股份有限公司 | Method and system for distinguishing two-dimensional code and IC card signal based on Wiegand protocol |
| CN115758398A (en) * | 2022-10-31 | 2023-03-07 | 鼎铉商用密码测评技术(深圳)有限公司 | Access control data processing method and device, access control system and storage medium |
| CN116580489A (en) * | 2023-07-13 | 2023-08-11 | 鼎铉商用密码测评技术(深圳)有限公司 | Access control equipment, access control card and card sender control method, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116844266A (en) | 2023-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10652018B2 (en) | Methods and apparatus for providing attestation of information using a centralized or distributed ledger | |
| CN112383519A (en) | Enterprise authentication and authentication tracing method, device and equipment based on block chain | |
| CN108964925B (en) | File authentication equipment method, device, equipment and readable medium | |
| CN112100594B (en) | Service processing method, device and equipment based on block chain | |
| US20210014064A1 (en) | Method and apparatus for managing user authentication in a blockchain network | |
| CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
| CN113239335A (en) | Block chain personnel information management system and method based on Baas | |
| CN110032846A (en) | The anti-misuse method and device of identity data, electronic equipment | |
| CN116844266B (en) | Access control method, access control system and storage medium | |
| Sanchez‐Reillo et al. | Developing standardised network‐based biometric services | |
| CN114743033A (en) | Identity verification method, device and equipment | |
| KR20210017308A (en) | Method for providing secondary authentication service using device registration and distributed storage of data | |
| US12126715B2 (en) | Methods and systems of providing verification of information using a centralized or distributed ledger | |
| CN115484065B (en) | Identity verification method, device and equipment based on blockchain | |
| Pete et al. | A novel approach for verifying selective user identity attributes online using open banking APIs | |
| US20230254309A1 (en) | Decentralized secure true digital id for communication | |
| CN113259340B (en) | Block chain data processing method and device and electronic equipment | |
| US20240333708A1 (en) | Multi-factor enabled access using randomly selected digital identity authentication factors | |
| FR3062501A1 (en) | METHOD FOR SECURING ELECTRONIC OPERATION | |
| CN113971275A (en) | Event parallel computing method and device based on server development | |
| CN116980482A (en) | Data processing method, device, equipment and readable storage medium | |
| CN112308060A (en) | Identity certificate generation and identification method, system, computer equipment and storage medium | |
| CN116305074A (en) | Enterprise information management method based on authority configuration and related equipment thereof | |
| KR20210017968A (en) | Method for obtaining data through searching and merging distributed data stored using blockchain | |
| WO2024221057A1 (en) | Digital identity system and methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |