TW201349133A - Cloud control the access control management system and the authentication method - Google Patents

Abstract

A cloud control the access control management system and the authentication method used with one or a plurality of C-Lock connection management, the system includes at least: a system program and provide the management interface for programming operations, which contain five functional modules: a user module, a permission system module, a device management module, a virtual computing module and an event processing module combination; a database for storing the management information and function of identification information. Certification Department of the present invention is the use of multi-functional identification of cloud control lock mechanism through the encryption of network traffic and Cloud control the access control management system connection; it is close and remote two ways to achieve the purpose of certification.

Description

Cloud control access control management system and its authentication method

The invention relates to a cloud control access control management system and an authentication method thereof, which utilizes a multi-function identification mechanism of a cloud control lock to transmit to an access control management system through an encrypted network, and provides a management method for close and remote authentication to a manager. Or user.

The conventional access control system is shown in Figure 1. The user inputs the identification data through the access controller and then connects to the access control management system for verification. If the access control controller is enabled, the user will be allowed to pass, and the access control is controlled. There will also be a notification service management program in the management system that can send messages to the notification receiving device. Traditionally known access control management systems are either stand-alone or network-based, but all have the following disadvantages:

(1) Must rely on part of the physical line. Some are access control controllers (access control devices) that need physical connections to home computers, and access control systems are installed at home computers; some are physical line connections between access control controllers (access control devices) and access control systems, and access control The system is a control host box, which needs to specify a specific network address (fixed IP), and then uses a network connection (such as: ADSL) for access control; all of the above have high wiring cost, no aesthetics, and are easily destroyed. A specific network address (IP) or transmission distance is required.

(2) The interface for providing administrator management is mostly computer analysis screens, which cannot keep up with the trend of mobile mobile devices (such as smart phones, i-PADs...) in recent years, so that managers need to use desktop computers or notes. The type of computer can be managed at first, and it can't achieve the purpose of monitoring and management anytime and anywhere, which makes it not convenient.

(3) Although the access control record can be provided to provide managers and users with inquiries, but the notification mode situation is mostly fixed, which makes it impossible for managers and users to set according to the notification method required by themselves, which is not humanized and causes Troubled.

(4) The identification methods provided are not diversified, mostly in the form of close-up authentication (such as RFID, magnetic card, magnetic buckle...), even if there is a remote mode, it is a way for users to send text messages or make calls. It is inconvenient to use and has considerations for communication costs.

In summary, in view of the lack of the prior art, the present invention can effectively improve the cost, aesthetics, safety, convenience, and humanization, and at the same time consider mobile handheld devices (eg, smart phones, i-PAD.. .) In the future, the development will be more mature and popularized. Therefore, the wireless communication integrated access control device management system and the authentication method are important core technologies of the present invention, and the details are as follows.

A first object of the present invention is to provide a cloud control access control management system, which is a combination of five functional modules and a database. The five functional modules are: user module, which is responsible for storing the basic data of the manager and the user, the function identification data and the effective list set by the administrator; and then the authority system module, responsible for the manager or user and the cloud Control the relevance of the lock and the setting of each authority; then use the device management module to manage the basic data description and description of the cloud control lock; then use the virtual computing module to input the data of the administrator or user or from the cloud control The information received by the lock is used as the operation judgment, and the operation result is transmitted back to the cloud control lock update information or the corresponding action (such as opening the door), and then the encrypted network transmission is used to retrieve the access control record from the cloud control lock. (including: text records, images, etc.) are written into the database; then the event processing module is used to analyze the access control records of the cloud control lock according to the notification settings of the administrator or the user, and determine whether the notification needs to be performed (including : newsletter, email, voice, MSN, SKYPE...etc.). In view of this, the present invention has developed a cloud control access control management system.

The second object of the present invention is to provide a cloud-based access control management system authentication method, which includes close-range and remote-end function identification data as comparisons (including: magnetic card, retina, palm print, fingerprint, sound, non-contact sensing) , image analysis, mobile phone). The short-range authentication method includes at least the following steps: First, the administrator establishes a valid list of function identification data in the cloud control access control management system, and transmits the encrypted network transmission (eg, general network VPN, telecommunication network MDVPN, etc.) The data is updated to the cloud control lock, so that the administrator or the user directly compares the function identification data with the valid list through the cloud control lock, and compares the passer cloud control lock to accept the control command to perform corresponding actions (for example, opening the door ),vice versa. The remote authentication method includes at least the following steps: First, the administrator or user uses a mobile device with network connection function (including: smart phone, i-PAD, notebook computer, desktop computer, etc.) After the authentication, the control command is issued in the cloud control access control management system, and then the control command is transmitted through the encrypted network transmission (eg, general network VPN, telecommunication network MDVPN, etc.). Return to the cloud control lock to make the corresponding action (such as: open the door).

In summary, the present invention has significantly improved the various deficiencies of the conventional access control management system to achieve the following advantages:

(1) The cloud control lock itself has the function of network connection, so there is no need to connect the network line or other physical lines in the manager or the user's home, and there is no external control host box, and the cloud control access control management system can be connected. Linked; therefore, it is not limited to network address (IP), transmission distance, physical line and time, etc., and is not easily damaged, reducing installation costs (because it does not need wiring), and enhances its aesthetics.

(2) In addition to the management system of the traditional webpage version, the present invention has been developed in response to the rapid development of technology in recent years, such as the rise of mobile devices (including smart phones, i-PADs, etc.) and digital television. A variety of media interface versions allow administrators or users to save time and convenience in their applications.

(3) The system of the present invention actively reads and stores the access control record of the cloud control lock, so that the administrator and the user can inquire at any time, and will actively inform the message, so that the manager can control the status of the cloud control lock at any time, and more Let managers and users customize the notification situation, notification method and notification content they need, so that their notification setting methods are diversified and humanized, so that it is not easy to make mistakes.

(4) The present invention provides multiple functional identification methods, which are not limited to specific tools, and can accept multiple authentication methods such as short-range or remote, while the remote system uses encrypted network transmission technologies (eg, general network VPN, telecommunications). The network MDVPN...etc.) does not require the administrator and the user to bear the cost of the call; the invention can directly expand other functions by the system, provide a more diversified management mode, and can effectively reduce the cost.

The above objects, features and advantages will be more apparent and obvious, as described in the detailed description.

An embodiment of the present invention, first, referring to FIG. 2, the architecture diagram of the cloud control access control management system and the authentication method thereof includes: a mobile device 101 having a network connection function (including: a smart phone, i -PAD, notebook computer, desktop computer, etc.), which is a tool for the administrator 10 or the user 20 to operate the cloud control access control management system 50; A communication device 102 can be a device for receiving a notification message (including: SMS, email, voice, MSN, SKYPE, etc.) for a mobile phone, PDA, NB or PC, for notifying the designated administrator 10 or using 20; a function identification data 201 refers to the identification data of the manager 10 or the user 20, and the functions include biometrics (such as retina, palm print, fingerprint, sound, image analysis), or an identifier for the portable ( For example, a non-contact sensor, a mobile phone, a magnetic card, and the like; a cloud lock 30 includes: a function identification data receiving component 301 for receiving the function identification data 201 input by the manager 10 or the user 20, The function identification data valid list 302 is used for comparing whether the received function identification data 201 is valid, and the identification result is stored in an access control record 303; an encrypted network transmission 40, such as: general network VPN, telecommunication network MDVPN. A cloud control access control management system 50 includes a system program 501 and a database 502. The system program 501 includes an authentication method 5011, which includes four functional modules: a user module a. It is composed of (a1) basic data management functions of managers and users, (a2) multi-function identification data management function, and (a3) effective list management function. This module is mainly responsible for storage manager 10 and use. The basic information of the user 20, the function identification data 201, and the valid list set by the administrator 10; and after a permission system module b, respectively, (b1) the user and the cloud control lock association management function and (b2) the authority setting Management module, etc., this module is responsible for the association between the administrator 10 or the user 20 and the cloud control lock 30 and the setting of each authority; and then a device management module c, which is respectively (c1) cloud control lock Basic data management function and (c2) cloud control lock setting data management function, etc. This module is responsible for managing the basic data description and description of cloud control lock 30 (such as: MACID, installation location, hardware specification, configuration file... And then a virtual computing module d, which is composed of (d1) control command computing function, (d2) cloud lock data exchange function and (d3) access control record analysis management function, etc., this module is responsible for Manager 10 or user 20 input data or from cloud control 30 The received information is judged by the operation, and the operation result is transmitted back to the cloud control lock 30 to update the information or make a corresponding action (for example, opening the door), and then the encrypted access network 40 is used to retrieve the access control record from the cloud control lock 30. 303 (including: text record, image, etc.) is written into the database 502; and an event processing module 5012 is further composed of (1) an event analysis function and (2) a message transmission function. This module is responsible for analyzing the access control record 303 of the cloud control lock 30 according to the notification setting of the administrator 10 or the user 20 to see if the notification needs to be performed (including: newsletter, email, voice, MSN, SKYPE, etc.) Then, as shown in FIG. 3, the cloud control access control management system updates the active list operation flowchart. In step S1, the administrator 10 connects the mobile device 101 to the cloud control access control management system 50 via the encrypted network transmission 40. , input its function identification data 201 (including: magnetic card, retina, palm print, fingerprint, sound, non-contact sensing, image analysis, mobile phone). Then, in step S2, the cloud control access control management system 50 receives the data input by the administrator 10 from the user module a, and connects to the database 502 to verify whether the manager 10 has the management authority; if not, the The operation authority is terminated and the process is terminated. If yes, step S3 is performed. Next, the device management module b is activated and connected to the database 502 to obtain a list of controllable cloud locks 30. Then, proceeding to step S4, the manager 10 selects a plurality of cloud locks 30 (e.g., 1, 2, 3, ... N) to be controlled. Next, in step S5, the manager 10 further edits the valid list of each cloud lock 30 and stores the result in the database 502. Then, in step S6, the virtual operation module d is used to update the effective list of each cloud lock 30 to the corresponding cloud lock 30 in the encrypted network transmission 40. Finally, in step S7, after receiving the transmitted data, the cloud control lock 30 performs a function identification data update valid list 302 for subsequent user identification, and ends the process. Then, as shown in FIG. 4, the cloud control access control system close-up authentication method operation flowchart, in step S1, the cloud control lock 30 receives the function identification data 201 input by the manager 10 or the user 20 by the function identification data receiving component 301. (Including: magnetic card, retina, palm print, fingerprint, sound, non-contact sensing, image analysis, mobile phone). Then, proceeding to step S2, the cloud control lock 30 compares the received function identification data 201 with the function identification data valid list 302; if not, returns to step S3, and locks the cloud control lock 30 to prohibit the user. Enter and end the process. If 〝 is 〞, step S4 can be performed, and the cloud control lock 30 executes a control command to perform a corresponding action (eg, opening a door). Next, to step S5, after the cloud control lock 30 executes the control command, the access control record 303 is generated and transmitted to the cloud control access control management system 50 via the encrypted network transmission 40. Then, proceeding to step S6, the cloud control access control management system 50 receives the access control record 303, and enters the virtual operation module d, and determines whether it is normal through operation; if yes, YES, step S7 is performed, and the access control record 303 is stored in the normal event record. , If yes, if step S8 is executed, the access control record 303 is stored in the abnormal event record, and the process proceeds to step S9. Next, in step S9, the event processing module 5012 is started to determine whether the event needs to be notified; if not, the process is ended. If yes, then step S10 is executed, and the cloud control access control system is executed. 50 Send a message (such as: newsletter, email, voice, MSN, SKYPE, etc.) to the manager 10 according to the mode and content set by the manager 10 or the user 20, and finally end the process. Next, in FIG. 5, a flow chart of the operation of the remote authentication method of the cloud control access control management system is shown. First, in step S1, the administrator 10 or the user 20 uses the mobile device 101 to connect to the cloud control access control management system 50 through the encrypted network transmission 40, and the function identification data 201 (including: magnetic card, retina, palm print, fingerprint, Sound, non-contact sensing, image analysis, mobile phone) input. Then, in step S2, the cloud control access control management system 50 activates the user module a to connect to the database 502, and verifies whether the input function identification data 201 is valid; if not, step S3 is performed to lock the cloud control. The lock 30 prohibits the user 20 from entering, and ends the process operation. If yes, the process proceeds to step S4, the permission system module b is activated, and the data is connected to the database 502, and the read manager 10 or the user 20 is provided. Control authority; if not, return to step S3, lock the cloud lock 30 to prohibit the user 20 from entering, and end the process operation. If yes, proceed to step S5, and the device management module c is connected to the database 502 to obtain a plurality of controllable cloud control locks 30 (eg, 1, 2, 3...N data). The manager 10 or user 20 selects which cloud lock 30 to control. Next, proceeding to step S6, the manager 10 or the user 20 selects the cloud lock 30 to be controlled, and then issues a control command. Then, step S7 is executed to enter the virtual operation module d, and the result is valid after the operation comparison; if not, step S8 is performed, and the abnormal event record is stored; and if yes, the step is executed. S9, stored in the normal event record. Next, proceeding to step S10, the information operated by the administrator 10 or the user 20 is transmitted 40 to the cloud control lock 30 through the encrypted network. Then, the process proceeds to step S11, and the cloud control lock 30 performs the action (such as opening the door) according to the information transmitted by the cloud control access control management system 50. Then, step S12 is performed to start the event processing module 5012 to determine whether the event needs to be performed. If the message is not 〞, the process is terminated; if yes, step S13 is performed, and the cloud control access control system 50 sends a message according to the mode and content set by the manager 10 or the user 20 (eg: Newsletter, email, voice, MSN, SKYPE...etc) to manager 10, most After this process ends. Then, referring to FIG. 6, the cloud control access control management system updates the effective list. The operation mode of the embodiment is: the administrator 10 connects the mobile device 101 through the encrypted network transmission 40 to the cloud control access control. The management system 50 manages the data to the system program, and then receives the information from the user module a and links the database 502 to verify the identity of the identity; if the system fails to notify the authentication failure message, the administrator cannot Management; if passed, the permission system module b is linked to the database 502 to verify whether it has management rights. If the authorization verification is not passed, the system will notify the permission verification failure message, and the administrator cannot manage it; if the authorization verification is passed, the device management module c is connected to the database 502 to read a plurality of operable cloud control locks 30. (For example, 1, 2, 3...N) provides management 10 control, allowing the administrator 10 to edit the effective list of function identifications, then perform operations with the virtual computing module d, and store the data back to the database 502. At the same time, the encrypted network transmission 40 is connected to the cloud control lock 30, and the data is returned, and the function identification effective list 302 is updated to assist the administrator 10 to effectively manage. Next, in FIG. 7, a schematic diagram of an embodiment of a cloud-based access control management system proximity authentication method is shown. The operation mode of the embodiment is: the administrator 10 or the user 20 directly passes the function identification data 201 (including: magnetic card, retina, palm print, fingerprint, sound, non-contact sensing, image analysis, mobile phone) directly through the cloud control lock 30 Input, the cloud control lock 30 is received by the function identification data receiving component 301. Then, the cloud control lock 30 compares the received function identification data 201 with the valid list 302; if not, the cloud control lock 30 maintains the locked state (eg, : the door has no action), so that the manager 10 or the user 20 cannot enter; and if so, the cloud lock 30 executes a control command to perform a corresponding action (eg, opening the door); then, the cloud lock 30 generates an access control record 303. And transmitting the encrypted network transmission 40 back to the cloud control access control management system 50, and the cloud control access control management system 50 receives the access control record 303 by using the virtual operation module d, and parses and calculates whether the content is normal, and then stores the data in the database. 502. Then, the event processing module 5012 is restarted, and whether the access control record 303 needs to be notified according to the manner set by the administrator 10 or the user 20 (eg, newsletter, email, voice) MSN, SKYPE ..., etc.), if necessary automatically sent a message to inform the user manager 10 or 20. Finally, in FIG. 8, a schematic diagram of an embodiment of a remote authentication method for the cloud control access control management system is shown. The operation mode of this embodiment is: the administrator 10 or the user 20 takes the mobile device 101 The encrypted network transmission 40 is connected to the cloud control access control management system 50, and its function identification data 201 (including: magnetic card, retina, palm print, fingerprint, sound, non-contact sensing, image analysis, mobile phone) is input; then, The cloud control access control management system 50 receives the input function identification data 201 from the user module a, and connects to the data base 502 to verify whether it is legal; if not, the system informs that the identity identification is illegal, and the administrator 10 Or the user 20 cannot pass the identity authentication, so the cloud control lock 30 remains locked (eg, the door has no action), so that the administrator 10 or the user 20 cannot enter; if the authentication is performed, the permission system module b is activated, and Connect to the database 502 to verify whether there is control authority; if the authority verification is not passed, the system informs that the authority verification is illegal, and the administrator 10 or the user 20 cannot pass the authority authentication, so the cloud control lock 30 remains locked (eg, the door is not Action), the administrator 10 or the user 20 cannot enter; if the pass authority is verified, the device management module c is restarted and connected to the database 502 to obtain a plurality of controllable clouds. The lock 30 list data (eg, 1, 2, 3...N pen data), provides the manager 10 or the user 20 to select which cloud lock 30 to control; then, the manager 10 or the user 20 issues a control command Then, the virtual computing module d is entered, and the result is normal after the operation comparison, and the event record is stored in the database 502; if it is an invalid abnormal event, the system does not transmit the control command to the cloud lock 30. Therefore, the cloud control lock 30 will be locked, so that the administrator 10 or the user 20 cannot enter; if it is a normally valid event, the virtual computing module d will transmit the data back to the cloud control lock 30 through the encrypted network transmission 40. The cloud control lock 30 immediately responds (for example, opens the door) and generates the access control record 303; the access control record 303 is also automatically returned and parsed through the virtual computing module d; finally, the event processing module is connected. 5012 determines whether there is a need to notify the message according to the mode set by the administrator 10 or the user 20 (eg, newsletter, email, voice, MSN, SKYPE, etc.), and automatically sends a message to notify the management if necessary. 10 or user 20.

In summary, the present invention has clearly disclosed embodiments of the cloud control access control management system and its authentication method. As long as the function identification data is stored in the database of the system or in the cloud lock, and the system and the cloud lock can be authenticated by the wireless network transmission, the technical scope of the present invention is not deviated from It is not intended to limit the invention. A person skilled in the art can make various changes and modifications without departing from the spirit and scope of the invention. Therefore, the scope of the invention is defined by the scope of the appended claims.

10‧‧‧Manager

101‧‧‧Mobile equipment

102‧‧‧Communication equipment

20‧‧‧Users

201‧‧‧Function identification data

30‧‧‧Cloud lock

301‧‧‧Function identification data receiving component

302‧‧‧Valid list of functional identification data

303‧‧‧Access records

40‧‧‧Encrypted network transmission

50‧‧‧Cloud Control Access Control Management System

501‧‧‧ system program

5011‧‧‧ Certification method

A‧‧‧user module

b‧‧‧Permission System Module

c‧‧‧Device Management Module

D‧‧‧Virtual Computing Module

5012‧‧‧Event Processing Module

502‧‧‧Database

Figure 1 Schematic diagram of the conventional access control management system

Figure 2 Architecture diagram of cloud-controlled access control management system and its authentication method

Figure III Operation flow chart of the cloud-controlled access control management system update effective list

Figure 4 Operation flow chart of the proximity authentication method of the cloud control access control management system

Figure 5 Operation flow chart of the remote authentication method of the cloud control access control management system

Figure 6 Schematic diagram of an example of a valid list of cloud-controlled access control management systems

Figure 7 Schematic diagram of an embodiment of the proximity authentication method for the cloud-controlled access control management system

Figure 8 Schematic diagram of an embodiment of a remote authentication method for a cloud-controlled access control management system

10‧‧‧Manager

101‧‧‧Mobile equipment

102‧‧‧Communication equipment

20‧‧‧Users

201‧‧‧Function identification data

30‧‧‧Cloud lock

301‧‧‧Function identification data receiving component

302‧‧‧Valid list of functional identification data

303‧‧‧Access records

40‧‧‧Encrypted network transmission

50‧‧‧Cloud Control Access Control Management System

501‧‧‧ system program

5011‧‧‧ Certification method

A‧‧‧user module

b‧‧‧Permission System Module

c‧‧‧Device Management Module

D‧‧‧Virtual Computing Module

5012‧‧‧Event Processing Module

502‧‧‧Database

Claims (4)

A cloud-controlled access control management system includes at least: a system program for performing program operations and providing a multi-function management interface, comprising five functional modules: a user module a having at least: (a1) management The basic data management function of the user and the user, (a2) multi-function identification data management function and (a3) effective list management function are combined. This module is mainly responsible for storing basic data and function identification data of managers and users. And a valid list set by the administrator; a permission system module b has at least: (b1) user and cloud control lock management function and (b2) authority setting management function, the module is mainly responsible for controlling the manager or using Correlation between the owner and the cloud control lock and various permission settings; a device management module c has at least: (c1) cloud control lock basic data management function and (c2) cloud control lock setting data management function, the model The group is mainly responsible for managing the basic data description and description of the cloud control lock; a virtual operation module d has at least: (d1) control command operation function, (d2) cloud lock data exchange function and (d3) access control Analysis management function, this module is mainly responsible for calculating the information input by the administrator or the user or the information received from at least one or a plurality of cloud control locks, and transmitting the operation result back to at least one or a plurality of cloud control lock updates. The information or the corresponding action, and then using an encrypted network transmission to retrieve the access control record retrieved from at least one or more cloud control locks into the database; an event processing module has at least: (1) The event analysis function and (2) the message sending function, the module is mainly responsible for analyzing the notification setting of the manager or the user and an access control record of at least one or a plurality of cloud control locks, and determining whether the notification needs to be performed. For example, the cloud control access control management system described in claim 1 includes at least one database for storing various management information and multifunctional identification data, and each function module needs to judge verification data or read At the time of storage, the information can be exchanged at any time with the database. A cloud-controlled access control proximity authentication method, which provides a manager or a user directly through the cloud The lock input function identifies the data for authentication, and provides the manager to update the valid list for authentication. The method includes at least: a function identification data, which is an identification data of a manager or a user, which may have its own Biological characteristics (such as: retina, palm print, fingerprint, sound, image analysis), or portable identification (such as: non-contact sensing, mobile phones, magnetic cards); a cloud lock, for access control devices with communication functions The method further comprises: a function identification data receiving component, a function identification data effective list and an access control record; a cloud control access control management system, providing a management effective list, and transmitting the valid list to the cloud control lock for updating, and Retrieve the access control record of the cloud control lock for the purpose of message notification and judgment, and the content thereof includes the first and second items of the patent application scope. A cloud-controlled access control remote authentication method for providing a method for a manager or a user to input a multi-function identification data by using a mobile device, and then transmitting it to a cloud-controlled access control management system through an encrypted network, thereby controlling the cloud control lock. The device includes at least: a communication device, which is a communication device with a network connection function (including: a smart phone, an i-PAD, a notebook computer, a desktop computer, etc.); a function identification data is provided Identification data of the administrator or user, which can be biological features (such as: retina, palm print, fingerprint, sound, image analysis), or portable identification (such as non-contact sensing, mobile phone, magnetic card) a cloud control lock, which is a communication control access control device, which further includes: a function identification data receiving component, a function identification data effective list and an access control record; a cloud control access control management system, providing a manager or The user inputs the function identification data and the control command, and performs calculations, and is connected with the cloud control lock to make corresponding actions (eg, opening the door), and the content package thereof Contains the first and second items of the patent application scope.