WO2017071249A1 - Access management method and system - Google Patents

Access management method and system Download PDF

Info

Publication number
WO2017071249A1
WO2017071249A1 PCT/CN2016/086211 CN2016086211W WO2017071249A1 WO 2017071249 A1 WO2017071249 A1 WO 2017071249A1 CN 2016086211 W CN2016086211 W CN 2016086211W WO 2017071249 A1 WO2017071249 A1 WO 2017071249A1
Authority
WO
WIPO (PCT)
Prior art keywords
access control
administrator
virtual
key
access
Prior art date
Application number
PCT/CN2016/086211
Other languages
French (fr)
Chinese (zh)
Inventor
洪伟
Original Assignee
广州畅联信息科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 广州畅联信息科技有限公司 filed Critical 广州畅联信息科技有限公司
Publication of WO2017071249A1 publication Critical patent/WO2017071249A1/en

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/04Access control involving a hierarchy in access rights
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/40Indexing scheme relating to groups G07C9/20 - G07C9/29
    • G07C2209/41Indexing scheme relating to groups G07C9/20 - G07C9/29 with means for the generation of identity documents

Definitions

  • the invention relates to an access control management method and system.
  • the access control management system is mainly based on local stand-alone or C/S model.
  • the setting and management of access control is operated by main means such as induction card, wireless signal and online network.
  • the access control system focuses on the use and management of peripheral data, especially concentrated.
  • On the relevant data of the access control. Both access control and authorization are required to be implemented offline and personnel are required to participate.
  • the induction card lock and its access control system are commonly used.
  • the system is usually a localized stand-alone version of the windows exe software, which uses the induction card as the key to open the access control, usually called a room card.
  • the setting and management of the room card needs to use the USB interface to access the card writer, and update the data to the room card through the card writer.
  • the system does not pay attention to the roles and permissions of the people themselves, and the dynamic change of their data.
  • the management of access control relies heavily on the participation of personnel, and requires additional peripheral configuration, which cannot be updated online, real-time rights release, etc., and cannot adapt and adjust the dynamic changes of personnel roles and permissions in a timely manner. .
  • the present invention aims to provide an access control management method and system, realize mobile management and role level management, facilitate permission control, and generate virtual keys and share virtual keys online, thereby reducing management. cost.
  • An access control management method includes the following steps:
  • the backend processing center receives the registration request instruction of the creator, and allocates at least one cluster to the creator after the registration condition is met, and each cluster includes a virtual access control corresponding to the entity access control;
  • the backend processing center adds corresponding members in the corresponding cluster according to the received member addition instruction
  • the backend processing center allocates a corresponding role to the members in the corresponding cluster according to the received role setting instruction;
  • the back-end processing center sets the access control permission for the corresponding member in the corresponding cluster according to the received access control permission setting instruction, and the access control permission includes the virtual access control number information and the valid time information corresponding to the virtual access control number information;
  • the user communicates with the backend processing center through a mobile terminal or a PC terminal.
  • the role includes an administrator, a group administrator, and a normal member; wherein the administrator has the access permission of all the virtual access control and the authority of the management group administrator and the ordinary member; the access permission and the member management authority of the group administrator are Administrator settings; access rights for ordinary members are set by the administrator or the corresponding group administrator.
  • the method further comprises the following steps:
  • the backend processing center receives the key generation request instruction, determines whether the key generation request instruction is legal, and if so, generates a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise returns a failure information; and determines whether the key generation request is legal.
  • the rule is: whether the virtual access number information and the valid time information in the key generation request are initiated The key generates the access permission of the member of the request.
  • the method further comprises the following steps:
  • the back-end processing center receives the key sharing request command, and determines the role of the member who initiated the key generation request instruction. If the role is an administrator or a group administrator, the corresponding virtual key is generated and sent to the terminal of the sharing target; if the role is a normal member Then, the corresponding group administrator or administrator reviews the information of the sharing target, and the audit generates a corresponding virtual key to be sent to the terminal of the sharing target.
  • the virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.
  • An access control management system applied to a back-end processing center including the following modules:
  • a module is configured to receive a registration request instruction of the creator, and at least one cluster is allocated to the creator after the registration condition is met, and each cluster includes a virtual access control corresponding to the entity access control;
  • a member adding module configured to add a corresponding member in the corresponding cluster according to the received member adding instruction
  • a role assignment module configured to allocate a corresponding role to a member in the corresponding cluster according to the received role setting instruction
  • the access control permission setting module is configured to set the access control permission for the corresponding member in the corresponding cluster according to the received access control permission setting instruction, where the access control permission information includes the virtual access control number information and the valid time information corresponding to the virtual access control number information. ;
  • the role includes an administrator, a group administrator, and a normal member; wherein the administrator has the access permission of all the virtual access control and the authority of the management group administrator and the ordinary member; the access permission and the member management authority of the group administrator are Administrator settings; access rights for ordinary members are set by the administrator or the corresponding group administrator.
  • a key generation module configured to receive a key generation request, determine whether the key generation request is legal, and if yes, generate a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise return a failure information; determine whether the key generation request is legal
  • the rule is: whether the virtual door number information and the valid time information in the key generation request are in the access permission of the member who initiated the key generation request.
  • a key sharing module configured to receive a key sharing request, determine a role of a member that initiates the key generation request, and if the role is an administrator or a group administrator, generate a corresponding virtual key to send to the terminal of the sharing target; if the role is a normal member Then, the corresponding group administrator or administrator reviews the information of the sharing target, and the audit generates a corresponding virtual key to be sent to the terminal of the sharing target.
  • the virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.
  • the beneficial effects of the present invention are as follows: 1. Implementing mobility management of the access control and role level management, facilitating the administrator to control the rights of the members in the cluster; 2. Members in the cluster can generate the access control online. Use the virtual key within the permission, And the ability to share virtual keys with great flexibility and real-time, no longer relying on physical keys. 3.
  • the virtual key can be obtained through the mobile terminal to realize the way the mobile phone opens the access control. 4, using the QR code as a virtual key, can share the key through SMS, WeChat, email, etc., improving the convenience of access control.
  • FIG. 1 is a flow chart of a method for managing access control according to the present invention.
  • FIG. 2 is a flow chart of a method for generating a virtual key based on two-dimensional code data according to the present invention.
  • FIG. 3 is a block diagram showing the structure of an access control management system of the present invention.
  • an access control management method is mainly applied to a backend processing center, wherein a user communicates with the backend processing center through a mobile terminal or a PC terminal, and the user may be a creator, a member in the cluster, or Visitors can easily communicate with the back-end processing center through terminals with network communication functions, especially portable mobile terminals such as smart phones and smart tablets, and users can use different clients through the open interfaces corresponding to the back-end processing center.
  • the third party application accesses the backend processing center for data communication. The method includes the following steps:
  • the backend processing center receives the registration request instruction of the creator, and allocates at least one cluster to the creator after the registration condition is met, and each cluster includes a virtual access control corresponding to the physical access control.
  • the creator needs to satisfy the registration condition by real-name authentication, etc., and the allocated cluster is determined according to different physical scenarios, such as a hotel, an office building, or An apartment determines the structure in the cluster according to the structure in different entity scenarios, that is, the entity access control in the entity scenario corresponds to the virtual access control in the cluster, and the creator can be allocated multiple times according to the request when the creator registers.
  • Different clusters each cluster corresponds to a different entity scenario.
  • the backend processing center adds corresponding members in the corresponding cluster according to the received member addition instruction. Among them, the added members first need to be registered as a registered member to be added to the cluster.
  • S3 The backend processing center allocates a corresponding role to the members in the corresponding cluster according to the received role setting instruction.
  • the role includes the administrator, the group administrator and the ordinary member; the administrator has the access permission of all virtual access control and the authority of the management group administrator and the ordinary member; the access permission and member management authority of the group administrator are set by the administrator.
  • the access rights of ordinary members are set by the administrator or the corresponding group administrator.
  • For rights management it uses the RBAC model for horizontal and vertical expansion of roles and permissions.
  • the creator is also a member of the cluster. It has the highest access control rights and member management rights. It can also disband the cluster and modify the virtual access control in the cluster. It can be understood as the role of the super administrator.
  • the creator is assigned according to the members in the cluster, which can be one or more, and the administrator's permissions are second only to the creator's permissions.
  • the group administrator's access control rights and member management rights can also be set by the creator. For example, in an office building scenario, a company's administrator needs to rent 101 of them to work, and the company has 9 Employees, after the company’s administrators and employees are registered, the company’s administrators can be assigned as group administrators and are set up. In order to have the access control permission of virtual access number 101 and the management rights of members managing 9 ordinary members, the group administrator can also assign the access control permission of virtual access number 101 to the nine ordinary members managed by the group. .
  • the back-end processing center sets the access control permission for the corresponding member in the corresponding cluster according to the received access permission setting instruction.
  • the access permission includes the virtual access number information and the valid time information corresponding to the virtual access number information.
  • the virtual access control number information refers to the number of the virtual access control in the cluster
  • the valid time information refers to the start time and the end time of the corresponding access control.
  • the backend processing center receives the key generation request instruction, determines whether the key generation request instruction is legal, and if yes, generates a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise returns a failure information; and determines the key generation request instruction.
  • Whether the rule is legal is whether the virtual door number information and the valid time information in the key generation request instruction are in the access permission of the member who initiated the key generation request.
  • any member in the cluster can set the corresponding access control permission, but different members may have different access control permissions, so when receiving the key generation request command, it is necessary to determine whether the request is legal, mainly in the verification request. Whether the virtual access number information is included in the virtual access number information of the access permission of the member initiating the request, and whether the time information is within the valid time information of the access permission of the member initiating the request.
  • the backend processing center receives the key sharing request command, and determines the role of the member that initiates the key generation request instruction. If the role is an administrator or a group administrator, the corresponding virtual key is generated and sent to the sharing target terminal; if the role is Ordinary member The group administrator or the administrator reviews the information of the sharing target, and the auditing generates a corresponding virtual key to be sent to the terminal of the sharing target.
  • members with access control rights or personnel management rights can share virtual keys within their rights.
  • Members can share the corresponding virtual key.
  • the corresponding group administrator or administrator needs to perform the review.
  • the visitor can register the visitor identity information to the backend processing center through the mobile terminal, and then the ordinary member targets the The visitor identity information initiates a key sharing request command, and the corresponding group administrator or administrator receives the visitor identity information and the key sharing request command, and then performs an audit.
  • the corresponding virtual key is generated and sent to the sharing target terminal.
  • the corresponding virtual key is generated according to the information in the key sharing request and the identity information of the visitor.
  • the above-mentioned virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.
  • two-dimensional code data it is sent to the display module of the corresponding terminal to display the two-dimensional code picture, and the corresponding physical access control also needs to have a two-dimensional code reading function; if it is signal data, the signal data is sent.
  • the corresponding physical access control also needs to have a signal reading function, such as Bluetooth signal data, radio frequency signal data and the like.
  • the access control management method can be widely applied to hotel access control management, office building access control, and apartment access control management, for example, based on a hotel to generate a corresponding cluster.
  • the staff member is a normal member, and add the registered member to the ordinary member.
  • the manager of the hotel can set the corresponding access control permission for the ordinary member. For some, there is no registration.
  • the customer can also obtain the corresponding virtual key by registering the visitor identity information and then sharing the virtual key by the staff member.
  • the present invention also discloses a preferred virtual key generation method based on two-dimensional code data, and the specific virtual key method includes the following steps:
  • Step 1 Receive a data request for generating a virtual key, and generate basic data of the virtual key according to the data request.
  • Step 2 Verify the valid time information in the basic data. If the verification passes, go to step 3. If the verification fails, return the verification failure message and end the process.
  • Step 3 The basic data is compressed into consecutive bytes according to a preset format to generate formatted data.
  • Step 4 Convert the encrypted data according to the specified hexadecimal to generate hexadecimal conversion data.
  • Step 5 Generate the corresponding two-dimensional code data by using the hexadecimal conversion data as the final data of the virtual key.
  • step 1 the data request is initiated by a user who needs to apply for a virtual key corresponding to the access control, and the virtual key needs to be input when the virtual key is applied, and the user's identity information, virtual access control number information, and valid information are included in the data request.
  • Time information and then obtain the corresponding number in the database according to the identity information and the virtual access number information respectively According to the data obtained from the database combined with the effective time information, the basic data of the virtual key is generated.
  • the step of verifying the legitimacy may be included to ensure that the user has the right to apply for the virtual key, and the target access control exists.
  • the data request may include other key information, and finally combine various data to generate basic data of the virtual key.
  • the valid time data in the check basic data includes the following check condition: whether the format of the valid time data is valid, and whether the start time in the valid time data is greater than Or equal to the current time; if all the check conditions are yes, the check passes, otherwise the check fails. For example, if the length of the valid time data is invalid, the verification fails. If the month occurs, the verification fails.
  • Basic data may include operators, identifiers, time, access control, etc., each of which has a separate byte space, but some data does not fill the space in the byte, for example, the operator may only occupy one word.
  • the 4 bits in the section have the remaining space in the byte.
  • the data in the basic data is pre-predicted.
  • the format is compressed in consecutive bytes, there is no waste of space, and the generated formatted data takes up less space.
  • step 4 the partial data specified in the formatted data is dynamized, and the dynamization process is specifically: performing a reserved format encryption operation, that is, transforming the original data to obtain data of the same format and length, but the data value is changed.
  • the CRC check is performed, for example, the identity information, the virtual access control number information, and the valid
  • the time information is verified by the key information.
  • the check code is generated and the check code is stored in a field for later verification of data integrity. In the subsequent decoding, the data in the field is verified. Verify the integrity of the data.
  • the cryptographically processed formatted data is encrypted, and the encryption algorithm can use an existing encryption algorithm to generate encrypted data after encryption.
  • step 5 the encrypted data is converted according to the specified hexadecimal to generate hexadecimal conversion data, and specifically, binary conversion can be performed.
  • step S3 the data is first transformed by the reserved format encryption operation, and then the encryption process is performed, so that the data has good security and finally converted into binary data, so that non-plain data is obtained, which further Increased data security.
  • the present invention also discloses an access control management system, which is applied to a backend processing center, and includes the following modules:
  • the creating module is configured to receive a registration request instruction of the creator, and allocate a cluster to the creator after the registration condition is met, where the cluster includes a virtual access control corresponding to the entity access control;
  • a member adding module configured to add a corresponding member in the cluster according to the received member adding instruction
  • a role assignment module configured to allocate a corresponding role to a member in the cluster according to the received role setting instruction
  • the access permission setting module is configured to set the access permission for the corresponding member in the cluster according to the received access permission setting instruction, where the access permission includes virtual access number information and valid time information corresponding to the virtual access number information;
  • the role includes an administrator, a group administrator, and a normal member; wherein the administrator has the access permission of all the virtual access control and the authority of the management group administrator and the ordinary member; the access permission and the member management authority of the group administrator are Administrator settings; access rights for ordinary members are set by the administrator or the corresponding group administrator.
  • a key generation module configured to receive a key generation request, determine whether the key generation request is legal, and if yes, generate a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise return a failure information; determine whether the key generation request is legal
  • the rule is: whether the virtual door number information and the valid time information in the key generation request are in the access permission of the member who initiated the key generation request.
  • a key sharing module configured to receive a key sharing request, determine a role of a member that initiates the key generation request, and if the role is an administrator or a group administrator, generate a corresponding virtual key to send to the terminal of the sharing target; if the role is a normal member Then, the corresponding group administrator or administrator reviews the information of the sharing target, and the audit generates a corresponding virtual key to be sent to the terminal of the sharing target.
  • the virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

An access management method and system, the method comprising: a back-end processing centre receives a creator registration request command, and after registration conditions are satisfied, assigns a cluster to the creator (S1); the back-end processing centre, on the basis of a received member addition command, adds the corresponding member to the cluster (S2); the back-end processing centre, on the basis of a received role setup command, assigns corresponding roles to the members in the cluster (S3); and the back-end processing centre, on the basis of a received access usage permission setup command, sets up access usage permission for the corresponding members of the cluster (S4), the access usage permission comprising virtual access serial number information and validity time information corresponding to the virtual access serial number information. The present method and system implement access mobile management and role hierarchy management, facilitating permissions management of the members in the cluster by a manager, the members in the cluster being able to generate online a virtual key in the access usage permission, and also being able to share the virtual key, having great flexibility and real-time performance.

Description

一种门禁管理方法和系统Access control management method and system 技术领域Technical field
本发明涉及一种门禁管理方法和系统。The invention relates to an access control management method and system.
背景技术Background technique
目前,门禁管理系统以本地单机或C/S模型为主,门禁的设置与管理通过感应卡片、无线信号、在线网络等主要手段进行操作,门禁系统关注的是外围数据的使用和管理,特别集中于门禁开启的相关数据上。对门禁权限控制以及授权都需要线下实施,并要求人员参与。例如:在酒店场景中,普遍采用了感应卡锁及其门禁系统,该系统通常为本地化的单机版windows exe软件,使用感应卡片作为开启门禁的钥匙,通常称为房卡。房卡的设置与管理需要使用USB接口接入写卡器,通过写卡器向房卡上更新数据。系统并没有关注人员本身的角色与权限,及其数据的动态变更性。在此过程中,门禁的管理重度依赖人员的参与,并且需要额外的外设配置,无法做到在线更新,实时权限发放等操作,对于人员角色与权限的动态变更无法做出及时的适应和调整。At present, the access control management system is mainly based on local stand-alone or C/S model. The setting and management of access control is operated by main means such as induction card, wireless signal and online network. The access control system focuses on the use and management of peripheral data, especially concentrated. On the relevant data of the access control. Both access control and authorization are required to be implemented offline and personnel are required to participate. For example, in the hotel scene, the induction card lock and its access control system are commonly used. The system is usually a localized stand-alone version of the windows exe software, which uses the induction card as the key to open the access control, usually called a room card. The setting and management of the room card needs to use the USB interface to access the card writer, and update the data to the room card through the card writer. The system does not pay attention to the roles and permissions of the people themselves, and the dynamic change of their data. In this process, the management of access control relies heavily on the participation of personnel, and requires additional peripheral configuration, which cannot be updated online, real-time rights release, etc., and cannot adapt and adjust the dynamic changes of personnel roles and permissions in a timely manner. .
发明内容Summary of the invention
为了克服现有技术的不足,本发明的目的在于提供一种门禁管理方法和系统,实现移动化管理以及角色层级管理,方便进行权限控制,还能在线生成虚拟钥匙以及分享虚拟钥匙,降低了管理成本。In order to overcome the deficiencies of the prior art, the present invention aims to provide an access control management method and system, realize mobile management and role level management, facilitate permission control, and generate virtual keys and share virtual keys online, thereby reducing management. cost.
为解决上述问题,本发明所采用的技术方案如下:In order to solve the above problems, the technical solution adopted by the present invention is as follows:
方案一: Option One:
一种门禁管理方法,包括以下步骤:An access control management method includes the following steps:
后端处理中心接收创建者的注册请求指令,满足注册条件后为该创建者分配至少一个集群,每个集群中分别包括与实体门禁对应的虚拟门禁;The backend processing center receives the registration request instruction of the creator, and allocates at least one cluster to the creator after the registration condition is met, and each cluster includes a virtual access control corresponding to the entity access control;
后端处理中心根据接收到的成员添加指令在对应的集群中添加相应的成员;The backend processing center adds corresponding members in the corresponding cluster according to the received member addition instruction;
后端处理中心根据接收到的角色设置指令为对应的集群中的成员分配对应的角色;The backend processing center allocates a corresponding role to the members in the corresponding cluster according to the received role setting instruction;
后端处理中心根据接收到的门禁使用权限设置指令为对应的集群中对应的成员设置门禁使用权限,门禁使用权限中包括虚拟门禁编号信息和对应于虚拟门禁编号信息的有效时间信息;The back-end processing center sets the access control permission for the corresponding member in the corresponding cluster according to the received access control permission setting instruction, and the access control permission includes the virtual access control number information and the valid time information corresponding to the virtual access control number information;
其中,用户通过移动终端或者PC终端与所述后端处理中心进行通信。The user communicates with the backend processing center through a mobile terminal or a PC terminal.
优选的,角色包括管理员、组管理员和普通成员;其中,管理员具有所有虚拟门禁的门禁使用权限以及管理组管理员和普通成员的权限;组管理员的门禁使用权限和成员管理权限由管理员设置;普通成员的门禁使用权限由管理员或者对应的组管理员设置。Preferably, the role includes an administrator, a group administrator, and a normal member; wherein the administrator has the access permission of all the virtual access control and the authority of the management group administrator and the ordinary member; the access permission and the member management authority of the group administrator are Administrator settings; access rights for ordinary members are set by the administrator or the corresponding group administrator.
优选的,还包括以下步骤:Preferably, the method further comprises the following steps:
后端处理中心接收钥匙生成请求指令,判断该钥匙生成请求指令是否合法,若是,则生成相应的虚拟钥匙发送至发起钥匙生成请求的终端中,否则返回失败信息;判断该钥匙生成请求是否合法的规则为:该钥匙生成请求中的虚拟门禁编号信息和有效时间信息是否在发起 该钥匙生成请求的成员的门禁使用权限中。The backend processing center receives the key generation request instruction, determines whether the key generation request instruction is legal, and if so, generates a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise returns a failure information; and determines whether the key generation request is legal. The rule is: whether the virtual access number information and the valid time information in the key generation request are initiated The key generates the access permission of the member of the request.
优选的,还包括以下步骤:Preferably, the method further comprises the following steps:
后端处理中心接收钥匙分享请求指令,判断发起该钥匙生成请求指令的成员的角色,若角色为管理员或者组管理员,则生成对应的虚拟钥匙发送至分享目标的终端;若角色为普通成员,则由对应的组管理员或者管理员对分享目标的信息进行审核,审核通过则生成对应的虚拟钥匙发送至分享目标的终端。The back-end processing center receives the key sharing request command, and determines the role of the member who initiated the key generation request instruction. If the role is an administrator or a group administrator, the corresponding virtual key is generated and sent to the terminal of the sharing target; if the role is a normal member Then, the corresponding group administrator or administrator reviews the information of the sharing target, and the audit generates a corresponding virtual key to be sent to the terminal of the sharing target.
优选的,所述虚拟钥匙中包括用于打开对应的实体门禁的二维码数据或者信号数据。Preferably, the virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.
方案二:Option II:
一种门禁管理系统,应用于后端处理中心,包括以下模块:An access control management system applied to a back-end processing center, including the following modules:
创建模块,用于接收创建者的注册请求指令,满足注册条件后为该创建者分配至少一个集群,每个集群中分别包括与实体门禁对应的虚拟门禁;a module is configured to receive a registration request instruction of the creator, and at least one cluster is allocated to the creator after the registration condition is met, and each cluster includes a virtual access control corresponding to the entity access control;
成员添加模块,用于根据接收到的成员添加指令在对应的集群中添加相应的成员;a member adding module, configured to add a corresponding member in the corresponding cluster according to the received member adding instruction;
角色分配模块,用于根据接收到的角色设置指令为对应的集群中的成员分配对应的角色;a role assignment module, configured to allocate a corresponding role to a member in the corresponding cluster according to the received role setting instruction;
门禁使用权限设置模块,用于根据接收到的门禁使用权限设置指令为对应的集群中对应的成员设置门禁使用权限,门禁使用权限中包括虚拟门禁编号信息和对应于虚拟门禁编号信息的有效时间信息;The access control permission setting module is configured to set the access control permission for the corresponding member in the corresponding cluster according to the received access control permission setting instruction, where the access control permission information includes the virtual access control number information and the valid time information corresponding to the virtual access control number information. ;
其中,用于通过移动终端或者PC终端与所述后端处理中心进行 通信。Wherein, it is used to perform with the backend processing center through a mobile terminal or a PC terminal. Communication.
优选的,角色包括管理员、组管理员和普通成员;其中,管理员具有所有虚拟门禁的门禁使用权限以及管理组管理员和普通成员的权限;组管理员的门禁使用权限和成员管理权限由管理员设置;普通成员的门禁使用权限由管理员或者对应的组管理员设置。Preferably, the role includes an administrator, a group administrator, and a normal member; wherein the administrator has the access permission of all the virtual access control and the authority of the management group administrator and the ordinary member; the access permission and the member management authority of the group administrator are Administrator settings; access rights for ordinary members are set by the administrator or the corresponding group administrator.
优选的,还包括以下模块:Preferably, the following modules are also included:
钥匙生成模块,用于接收钥匙生成请求,判断该钥匙生成请求是否合法,若是,则生成相应的虚拟钥匙发送至发起钥匙生成请求的终端中,否则返回失败信息;判断该钥匙生成请求是否合法的规则为:该钥匙生成请求中的虚拟门禁编号信息和有效时间信息是否在发起该钥匙生成请求的成员的门禁使用权限中。a key generation module, configured to receive a key generation request, determine whether the key generation request is legal, and if yes, generate a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise return a failure information; determine whether the key generation request is legal The rule is: whether the virtual door number information and the valid time information in the key generation request are in the access permission of the member who initiated the key generation request.
优选的,还包括以下模块:Preferably, the following modules are also included:
钥匙分享模块,用于接收钥匙分享请求,判断发起该钥匙生成请求的成员的角色,若角色为管理员或者组管理员,则生成对应的虚拟钥匙发送至分享目标的终端;若角色为普通成员,则由对应的组管理员或者管理员对分享目标的信息进行审核,审核通过则生成对应的虚拟钥匙发送至分享目标的终端。a key sharing module, configured to receive a key sharing request, determine a role of a member that initiates the key generation request, and if the role is an administrator or a group administrator, generate a corresponding virtual key to send to the terminal of the sharing target; if the role is a normal member Then, the corresponding group administrator or administrator reviews the information of the sharing target, and the audit generates a corresponding virtual key to be sent to the terminal of the sharing target.
优选的,所述虚拟钥匙中包括用于打开对应的实体门禁的二维码数据或者信号数据。Preferably, the virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.
相比现有技术,本发明的有益效果在于:1、实现了门禁的移动化管理以及角色层级管理,方便管理者对集群中的成员进行权限控制;2、集群中的成员能够在线生成其门禁使用权限内的虚拟钥匙, 以及能够将虚拟钥匙进行分享,具有很大的灵活性和实时性,不再依赖于实体钥匙。3、通过移动终端即可获取虚拟钥匙,实现手机打开门禁的方式。4、采用二维码作为虚拟钥匙,能够通过短信、微信、邮件等多种方式进行钥匙分享,提高了门禁使用的便捷性。Compared with the prior art, the beneficial effects of the present invention are as follows: 1. Implementing mobility management of the access control and role level management, facilitating the administrator to control the rights of the members in the cluster; 2. Members in the cluster can generate the access control online. Use the virtual key within the permission, And the ability to share virtual keys with great flexibility and real-time, no longer relying on physical keys. 3. The virtual key can be obtained through the mobile terminal to realize the way the mobile phone opens the access control. 4, using the QR code as a virtual key, can share the key through SMS, WeChat, email, etc., improving the convenience of access control.
附图说明DRAWINGS
图1为本发明的门禁管理方法的流程图。1 is a flow chart of a method for managing access control according to the present invention.
图2为本发明的基于二维码数据的虚拟钥匙生成方法的流程图。2 is a flow chart of a method for generating a virtual key based on two-dimensional code data according to the present invention.
图3为本发明的门禁管理系统的模块结构图。3 is a block diagram showing the structure of an access control management system of the present invention.
具体实施方式detailed description
下面,结合附图以及具体实施方式,对本发明做进一步描述:The present invention will be further described below in conjunction with the drawings and specific embodiments.
参考图1,一种门禁管理方法,主要应用于后端处理中心中,其中,用户通过移动终端或者PC终端与所述后端处理中心进行通信,用户可以是创建者、集群中的成员或者是来访者,通过具有网络通信功能的终端,特别是智能手机、智能平板等便携式移动终端可以方便地与后端处理中心进行数据通信,而且用户可通过后端处理中心对应的开放接口使用不同的客户端,即第三方应用接入后端处理中心进行数据通信。方法包括以下步骤:Referring to FIG. 1, an access control management method is mainly applied to a backend processing center, wherein a user communicates with the backend processing center through a mobile terminal or a PC terminal, and the user may be a creator, a member in the cluster, or Visitors can easily communicate with the back-end processing center through terminals with network communication functions, especially portable mobile terminals such as smart phones and smart tablets, and users can use different clients through the open interfaces corresponding to the back-end processing center. The third party application accesses the backend processing center for data communication. The method includes the following steps:
S1:后端处理中心接收创建者的注册请求指令,满足注册条件后为该创建者分配至少一个集群,每个集群中分别包括与实体门禁对应的虚拟门禁。其中,创建者需要通过实名认证等满足注册条件,分配的集群根据不同的实体场景决定,例如一间酒店、一栋办公楼或者 一栋公寓,根据不同的实体场景中的结构决定集群中的结构,即实体场景中的实体门禁对应于集群中的虚拟门禁,而且,根据创建者注册时的请求可以为该创建者分配多个不同的集群,每个集群对应不同的实体场景。S1: The backend processing center receives the registration request instruction of the creator, and allocates at least one cluster to the creator after the registration condition is met, and each cluster includes a virtual access control corresponding to the physical access control. The creator needs to satisfy the registration condition by real-name authentication, etc., and the allocated cluster is determined according to different physical scenarios, such as a hotel, an office building, or An apartment determines the structure in the cluster according to the structure in different entity scenarios, that is, the entity access control in the entity scenario corresponds to the virtual access control in the cluster, and the creator can be allocated multiple times according to the request when the creator registers. Different clusters, each cluster corresponds to a different entity scenario.
S2:后端处理中心根据接收到的成员添加指令在对应的集群中添加相应的成员。其中,添加的成员首先需要通过注册成为注册会员才能被添加至集群中。S2: The backend processing center adds corresponding members in the corresponding cluster according to the received member addition instruction. Among them, the added members first need to be registered as a registered member to be added to the cluster.
S3:后端处理中心根据接收到的角色设置指令为对应的集群中的成员分配对应的角色。S3: The backend processing center allocates a corresponding role to the members in the corresponding cluster according to the received role setting instruction.
其中,角色包括管理员、组管理员和普通成员;管理员具有所有虚拟门禁的门禁使用权限以及管理组管理员和普通成员的权限;组管理员的门禁使用权限和成员管理权限由管理员设置;普通成员的门禁使用权限由管理员或者对应的组管理员设置。对于权限管理,其采用RBAC模型,可针对角色和权限进行横向和纵向的拓展。需要说明的是,创建者也是集群中的成员,其拥有最高的门禁使用权限和成员管理权限,还可以解散集群,修改集群中的虚拟门禁等,可以理解为超级管理员的角色;管理员由创建者根据集群中的成员进行分配,可以是一个或多个,管理员的权限仅次于创建者的权限。Among them, the role includes the administrator, the group administrator and the ordinary member; the administrator has the access permission of all virtual access control and the authority of the management group administrator and the ordinary member; the access permission and member management authority of the group administrator are set by the administrator. The access rights of ordinary members are set by the administrator or the corresponding group administrator. For rights management, it uses the RBAC model for horizontal and vertical expansion of roles and permissions. It should be noted that the creator is also a member of the cluster. It has the highest access control rights and member management rights. It can also disband the cluster and modify the virtual access control in the cluster. It can be understood as the role of the super administrator. The creator is assigned according to the members in the cluster, which can be one or more, and the administrator's permissions are second only to the creator's permissions.
组管理员的门禁使用权限和成员管理权限还可以是由创建者设置,例如,在一个办公楼的场景中,某个公司的管理人需要租赁其中的101房间进行办公,并且该公司有9个员工,则该公司的管理人和员工注册后,该公司的管理人可以被分配为组管理员,并且被设置 为拥有虚拟门禁编号为101的门禁使用权限,以及拥有管理9个普通成员的成员管理权限,则该组管理员还可以为受其管理的9个普通成员分配虚拟门禁编号为101的门禁使用权限。The group administrator's access control rights and member management rights can also be set by the creator. For example, in an office building scenario, a company's administrator needs to rent 101 of them to work, and the company has 9 Employees, after the company’s administrators and employees are registered, the company’s administrators can be assigned as group administrators and are set up. In order to have the access control permission of virtual access number 101 and the management rights of members managing 9 ordinary members, the group administrator can also assign the access control permission of virtual access number 101 to the nine ordinary members managed by the group. .
S4:后端处理中心根据接收到的门禁使用权限设置指令为对应的集群中对应的成员设置门禁使用权限,门禁使用权限中包括虚拟门禁编号信息和对应于虚拟门禁编号信息的有效时间信息。其中,虚拟门禁编号信息指集群中的虚拟门禁的编号,有效时间信息指可以打开对应门禁的起始时间和结束时间。S4: The back-end processing center sets the access control permission for the corresponding member in the corresponding cluster according to the received access permission setting instruction. The access permission includes the virtual access number information and the valid time information corresponding to the virtual access number information. The virtual access control number information refers to the number of the virtual access control in the cluster, and the valid time information refers to the start time and the end time of the corresponding access control.
S5:后端处理中心接收钥匙生成请求指令,判断该钥匙生成请求指令是否合法,若是,则生成相应的虚拟钥匙发送至发起钥匙生成请求的终端中,否则返回失败信息;判断该钥匙生成请求指令是否合法的规则为:该钥匙生成请求指令中的虚拟门禁编号信息和有效时间信息是否在发起该钥匙生成请求的成员的门禁使用权限中。S5: The backend processing center receives the key generation request instruction, determines whether the key generation request instruction is legal, and if yes, generates a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise returns a failure information; and determines the key generation request instruction. Whether the rule is legal is whether the virtual door number information and the valid time information in the key generation request instruction are in the access permission of the member who initiated the key generation request.
其中,任何在集群内的成员均可设置相应的门禁使用权限,但是不同的成员可能具有不同的门禁使用权限,因此在收到钥匙生成请求指令时需要判断该请求是否合法,主要是验证请求中的虚拟门禁编号信息是否包含在发起请求的成员的门禁使用权限的虚拟门禁编号信息中,以及时间信息是否在发起请求的成员的门禁使用权限的有效时间信息范围内。Among them, any member in the cluster can set the corresponding access control permission, but different members may have different access control permissions, so when receiving the key generation request command, it is necessary to determine whether the request is legal, mainly in the verification request. Whether the virtual access number information is included in the virtual access number information of the access permission of the member initiating the request, and whether the time information is within the valid time information of the access permission of the member initiating the request.
S6:后端处理中心接收钥匙分享请求指令,判断发起该钥匙生成请求指令的成员的角色,若角色为管理员或者组管理员,则生成对应的虚拟钥匙发送至分享目标的终端;若角色为普通成员,则由对应 的组管理员或者管理员对分享目标的信息进行审核,审核通过则生成对应的虚拟钥匙发送至分享目标的终端。S6: The backend processing center receives the key sharing request command, and determines the role of the member that initiates the key generation request instruction. If the role is an administrator or a group administrator, the corresponding virtual key is generated and sent to the sharing target terminal; if the role is Ordinary member The group administrator or the administrator reviews the information of the sharing target, and the auditing generates a corresponding virtual key to be sent to the terminal of the sharing target.
其中,拥有门禁使用权限或者人员管理权限的成员均可将在其权限内的虚拟钥匙进行分享,例如,在办公楼的场景中,经常有来访者需要进行业务来往,此时拥有相应门禁使用权限的成员均可将相应的虚拟钥匙进行分享,对于拥有人员管理权限的成员来说,其属于能为成员分配门禁使用权限的管理员,则其必然具有相应的门禁使用权限。而且,如果是普通成员进行虚拟钥匙分享,则需要有对应的组管理员或者管理员进行审核,具体的可以是来访者通过移动终端向后端处理中心登记来访者身份信息,然后普通成员针对该来访者身份信息发起钥匙分享请求指令,对应的组管理员或者管理员会收到来访者身份信息和钥匙分享请求指令,然后进行审核,审核通过后就生成对应的虚拟钥匙发送至分享目标的终端中,具体是根据钥匙分享请求中的信息和来访者身份信息生成对应的虚拟钥匙。Among them, members with access control rights or personnel management rights can share virtual keys within their rights. For example, in the office building scenario, there are often visitors who need to conduct business contacts. Members can share the corresponding virtual key. For members who have administrative rights, they belong to the administrator who can assign access rights to members, and they must have corresponding access rights. Moreover, if the ordinary member performs virtual key sharing, the corresponding group administrator or administrator needs to perform the review. Specifically, the visitor can register the visitor identity information to the backend processing center through the mobile terminal, and then the ordinary member targets the The visitor identity information initiates a key sharing request command, and the corresponding group administrator or administrator receives the visitor identity information and the key sharing request command, and then performs an audit. After the audit is passed, the corresponding virtual key is generated and sent to the sharing target terminal. Specifically, the corresponding virtual key is generated according to the information in the key sharing request and the identity information of the visitor.
上述的虚拟钥匙中包括用于打开对应的实体门禁的二维码数据或者信号数据。例如,如果是二维码数据,则发送至对应终端的显示模块上进行二维码图片显示,对应的实体门禁也需要具有二维码读取功能;如果是信号数据,则把该信号数据发送至对应的信号载体上,对应的实体门禁也需要具有信号读取功能,例如蓝牙信号数据、射频信号数据等。The above-mentioned virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control. For example, if it is two-dimensional code data, it is sent to the display module of the corresponding terminal to display the two-dimensional code picture, and the corresponding physical access control also needs to have a two-dimensional code reading function; if it is signal data, the signal data is sent. To the corresponding signal carrier, the corresponding physical access control also needs to have a signal reading function, such as Bluetooth signal data, radio frequency signal data and the like.
基于上述的门禁管理方法,可以广泛应用于酒店门禁管理、办公楼门禁管理和公寓门禁管理中,例如基于一间酒店生成对应的集群, 在集群中添加该酒店的管理人员为管理员,工作人员为普通成员,以及添加已经注册登记的会员为普通成员,则酒店的管理人员可以为普通成员设置相应的门禁使用权限,对于一些没有注册的顾客还可以通过登记来访者身份信息,然后由工作人员以分享虚拟钥匙的形式使该顾客获得相应的虚拟钥匙。Based on the above-mentioned access control management method, it can be widely applied to hotel access control management, office building access control, and apartment access control management, for example, based on a hotel to generate a corresponding cluster. Add the manager of the hotel to the administrator in the cluster, the staff member is a normal member, and add the registered member to the ordinary member. The manager of the hotel can set the corresponding access control permission for the ordinary member. For some, there is no registration. The customer can also obtain the corresponding virtual key by registering the visitor identity information and then sharing the virtual key by the staff member.
对于上述的虚拟钥匙,如果该虚拟钥匙为二维码数据,则本发明还公开了一种优选的基于二维码数据的虚拟钥匙生成方法,具体的虚拟钥匙方法包括以下步骤:For the above virtual key, if the virtual key is two-dimensional code data, the present invention also discloses a preferred virtual key generation method based on two-dimensional code data, and the specific virtual key method includes the following steps:
步骤1:接收生成虚拟钥匙的数据请求,并根据数据请求生成虚拟钥匙的基本数据。Step 1: Receive a data request for generating a virtual key, and generate basic data of the virtual key according to the data request.
步骤2:校验基本数据中的有效时间信息,若校验通过,则执行步骤3,若校验不通过,则返回校验失败信息并结束流程。Step 2: Verify the valid time information in the basic data. If the verification passes, go to step 3. If the verification fails, return the verification failure message and end the process.
步骤3:将所述基本数据按照预设的格式压缩在连续的字节内,生成格式化数据。Step 3: The basic data is compressed into consecutive bytes according to a preset format to generate formatted data.
步骤4:将加密数据按照指定的进制进行转换,生成进制转换数据。Step 4: Convert the encrypted data according to the specified hexadecimal to generate hexadecimal conversion data.
步骤5:将进制转换数据作为虚拟钥匙的最终数据生成对应的二维码数据。Step 5: Generate the corresponding two-dimensional code data by using the hexadecimal conversion data as the final data of the virtual key.
在步骤1中,数据请求由需要申请相应门禁的虚拟钥匙的用户发起,而且申请虚拟钥匙时需要输入该虚拟钥匙的有效时间,在数据请求中包括了用户的身份信息、虚拟门禁编号信息和有效时间信息,然后分别根据身份信息和虚拟门禁编号信息在数据库中获取对应的数 据,将从数据库中获取的数据与有效时间信息结合生成虚拟钥匙的基本数据。另外,在接收身份信息和虚拟门禁编号信息后还可以包括验证其合法性的步骤,保证该用户具有申请虚拟钥匙的权限,以及目标门禁是存在的。当然,除了身份信息和虚拟门禁编号信息之外,数据请求中还可以包括其他的关键信息,最终将多种数据结合生成虚拟钥匙的基本数据。In step 1, the data request is initiated by a user who needs to apply for a virtual key corresponding to the access control, and the virtual key needs to be input when the virtual key is applied, and the user's identity information, virtual access control number information, and valid information are included in the data request. Time information, and then obtain the corresponding number in the database according to the identity information and the virtual access number information respectively According to the data obtained from the database combined with the effective time information, the basic data of the virtual key is generated. In addition, after receiving the identity information and the virtual access control number information, the step of verifying the legitimacy may be included to ensure that the user has the right to apply for the virtual key, and the target access control exists. Of course, in addition to the identity information and the virtual access number information, the data request may include other key information, and finally combine various data to generate basic data of the virtual key.
在步骤2中,具体的,在所述校验基本数据中的有效时间数据中包括如下的校验条件:校验有效时间数据的格式是否合法,校验有效时间数据中的起始时间是否大于或等于当前时间;若全部校验条件均为是,则校验通过,否则校验不通过。例如,如果有效时间数据的长度不合法,则校验不通过,如果月份出现13,则也是校验不通过。In step 2, specifically, the valid time data in the check basic data includes the following check condition: whether the format of the valid time data is valid, and whether the start time in the valid time data is greater than Or equal to the current time; if all the check conditions are yes, the check passes, otherwise the check fails. For example, if the length of the valid time data is invalid, the verification fails. If the month occurs, the verification fails.
基本数据可能会包括操作符、标识符、时间、门禁等数据,这些数据各自拥有独立的字节空间,但是有一些数据并没有把字节里的空间占满,例如操作符可能只占一个字节中的4位,在该字节中还有剩余的空间,为了尽可能地使基本数据占用更少内存和增加数据读取效率,因此在步骤3中把该基本数据中的各个数据按照预设的格式压缩在连续的字节内,没有空间的浪费,生成的格式化数据占用更少的空间。Basic data may include operators, identifiers, time, access control, etc., each of which has a separate byte space, but some data does not fill the space in the byte, for example, the operator may only occupy one word. The 4 bits in the section have the remaining space in the byte. In order to make the basic data occupy less memory and increase the data reading efficiency as much as possible, in step 3, the data in the basic data is pre-predicted. The format is compressed in consecutive bytes, there is no waste of space, and the generated formatted data takes up less space.
在步骤4中,对格式化数据中指定的部分数据进行动态化处理,动态化处理具体为:进行保留格式加密运算,即对原数据进行变换后得到同样格式和长度的数据,但是数据值改变了,经过保留格式加密运算后进行CRC校验,例如对身份信息、虚拟门禁编号信息和有效 时间信息这些关键信息进行校验,校验后会生成校验码并将校验码保存在一个字段中作为后期的校验数据完整性使用,在之后的解码中会根据该字段中的数据校验数据的完整性。将动态化处理后的格式化数据进行加密处理,加密算法可以利用现有的加密算法,加密后生成加密数据。在步骤5中,将加密数据按照指定的进制进行转换,生成进制转换数据,具体可以进行二进制转换。经过步骤S3的处理,首先利用保留格式加密运算将数据进行变换,然后再进行加密处理,使数据具有很好的安全性,最后转换为成进制数据,因此,得到的是非明文数据,这进一步增加了数据的安全性。In step 4, the partial data specified in the formatted data is dynamized, and the dynamization process is specifically: performing a reserved format encryption operation, that is, transforming the original data to obtain data of the same format and length, but the data value is changed. After the reserved format encryption operation, the CRC check is performed, for example, the identity information, the virtual access control number information, and the valid The time information is verified by the key information. After verification, the check code is generated and the check code is stored in a field for later verification of data integrity. In the subsequent decoding, the data in the field is verified. Verify the integrity of the data. The cryptographically processed formatted data is encrypted, and the encryption algorithm can use an existing encryption algorithm to generate encrypted data after encryption. In step 5, the encrypted data is converted according to the specified hexadecimal to generate hexadecimal conversion data, and specifically, binary conversion can be performed. After the processing of step S3, the data is first transformed by the reserved format encryption operation, and then the encryption process is performed, so that the data has good security and finally converted into binary data, so that non-plain data is obtained, which further Increased data security.
对应于上述实施例中的门禁管理方法,本发明还公开了一种门禁管理系统,应用于后端处理中心,包括以下模块:Corresponding to the access control management method in the above embodiment, the present invention also discloses an access control management system, which is applied to a backend processing center, and includes the following modules:
创建模块,用于接收创建者的注册请求指令,满足注册条件后为该创建者分配一个集群,该集群中包括与实体门禁对应的虚拟门禁;The creating module is configured to receive a registration request instruction of the creator, and allocate a cluster to the creator after the registration condition is met, where the cluster includes a virtual access control corresponding to the entity access control;
成员添加模块,用于根据接收到的成员添加指令在集群中添加相应的成员;a member adding module, configured to add a corresponding member in the cluster according to the received member adding instruction;
角色分配模块,用于根据接收到的角色设置指令为集群中的成员分配对应的角色;a role assignment module, configured to allocate a corresponding role to a member in the cluster according to the received role setting instruction;
门禁使用权限设置模块,用于根据接收到的门禁使用权限设置指令为集群中对应的成员设置门禁使用权限,门禁使用权限中包括虚拟门禁编号信息和对应于虚拟门禁编号信息的有效时间信息;The access permission setting module is configured to set the access permission for the corresponding member in the cluster according to the received access permission setting instruction, where the access permission includes virtual access number information and valid time information corresponding to the virtual access number information;
其中,用于通过移动终端或者PC终端与所述后端处理中心进行通信。 Wherein, it is used for communicating with the backend processing center through a mobile terminal or a PC terminal.
优选的,角色包括管理员、组管理员和普通成员;其中,管理员具有所有虚拟门禁的门禁使用权限以及管理组管理员和普通成员的权限;组管理员的门禁使用权限和成员管理权限由管理员设置;普通成员的门禁使用权限由管理员或者对应的组管理员设置。Preferably, the role includes an administrator, a group administrator, and a normal member; wherein the administrator has the access permission of all the virtual access control and the authority of the management group administrator and the ordinary member; the access permission and the member management authority of the group administrator are Administrator settings; access rights for ordinary members are set by the administrator or the corresponding group administrator.
优选的,还包括以下模块:Preferably, the following modules are also included:
钥匙生成模块,用于接收钥匙生成请求,判断该钥匙生成请求是否合法,若是,则生成相应的虚拟钥匙发送至发起钥匙生成请求的终端中,否则返回失败信息;判断该钥匙生成请求是否合法的规则为:该钥匙生成请求中的虚拟门禁编号信息和有效时间信息是否在发起该钥匙生成请求的成员的门禁使用权限中。a key generation module, configured to receive a key generation request, determine whether the key generation request is legal, and if yes, generate a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise return a failure information; determine whether the key generation request is legal The rule is: whether the virtual door number information and the valid time information in the key generation request are in the access permission of the member who initiated the key generation request.
优选的,还包括以下模块:Preferably, the following modules are also included:
钥匙分享模块,用于接收钥匙分享请求,判断发起该钥匙生成请求的成员的角色,若角色为管理员或者组管理员,则生成对应的虚拟钥匙发送至分享目标的终端;若角色为普通成员,则由对应的组管理员或者管理员对分享目标的信息进行审核,审核通过则生成对应的虚拟钥匙发送至分享目标的终端。a key sharing module, configured to receive a key sharing request, determine a role of a member that initiates the key generation request, and if the role is an administrator or a group administrator, generate a corresponding virtual key to send to the terminal of the sharing target; if the role is a normal member Then, the corresponding group administrator or administrator reviews the information of the sharing target, and the audit generates a corresponding virtual key to be sent to the terminal of the sharing target.
优选的,所述虚拟钥匙中包括用于打开对应的实体门禁的二维码数据或者信号数据。Preferably, the virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.
对本领域的技术人员来说,可根据以上描述的技术方案以及构思,做出其它各种相应的改变以及形变,而所有的这些改变以及形变都应该属于本发明权利要求的保护范围之内。 Various other changes and modifications may be made by those skilled in the art in light of the above-described technical solutions and concepts, and all such changes and modifications are intended to fall within the scope of the appended claims.

Claims (10)

  1. 一种门禁管理方法,其特征在于,包括以下步骤:An access control management method, comprising the steps of:
    后端处理中心接收创建者的注册请求指令,满足注册条件后为该创建者分配至少一个集群,每个集群中分别包括与实体门禁对应的虚拟门禁;The backend processing center receives the registration request instruction of the creator, and allocates at least one cluster to the creator after the registration condition is met, and each cluster includes a virtual access control corresponding to the entity access control;
    后端处理中心根据接收到的成员添加指令在对应的集群中添加相应的成员;The backend processing center adds corresponding members in the corresponding cluster according to the received member addition instruction;
    后端处理中心根据接收到的角色设置指令为对应的集群中的成员分配对应的角色;The backend processing center allocates a corresponding role to the members in the corresponding cluster according to the received role setting instruction;
    后端处理中心根据接收到的门禁使用权限设置指令为对应的集群中对应的成员设置门禁使用权限,门禁使用权限中包括虚拟门禁编号信息和对应于虚拟门禁编号信息的有效时间信息;The back-end processing center sets the access control permission for the corresponding member in the corresponding cluster according to the received access control permission setting instruction, and the access control permission includes the virtual access control number information and the valid time information corresponding to the virtual access control number information;
    其中,用户通过移动终端或者PC终端与所述后端处理中心进行通信。The user communicates with the backend processing center through a mobile terminal or a PC terminal.
  2. 根据权利要求1所述的门禁管理方法,其特征在于,角色包括管理员、组管理员和普通成员;其中,管理员具有所有虚拟门禁的门禁使用权限以及管理组管理员和普通成员的权限;组管理员的门禁使用权限和成员管理权限由管理员设置;普通成员的门禁使用权限由管理员或者对应的组管理员设置。The access control management method according to claim 1, wherein the role includes an administrator, a group administrator, and a normal member; wherein the administrator has the access permission of all the virtual access control and the authority of the management group administrator and the ordinary member; The access permission and member management rights of the group administrator are set by the administrator; the access rights of the ordinary members are set by the administrator or the corresponding group administrator.
  3. 根据权利要求2所述的门禁管理方法,其特征在于,还包括以下步骤:The access control management method according to claim 2, further comprising the following steps:
    后端处理中心接收钥匙生成请求指令,判断该钥匙生成请求指令是否合法,若是,则生成相应的虚拟钥匙发送至发起钥匙生成请求的 终端中,否则返回失败信息;判断该钥匙生成请求指令是否合法的规则为:该钥匙生成请求中的虚拟门禁编号信息和有效时间信息是否在发起该钥匙生成请求指令的成员的门禁使用权限中。The backend processing center receives the key generation request instruction, determines whether the key generation request instruction is legal, and if so, generates a corresponding virtual key to be sent to the initiation key generation request. In the terminal, otherwise, the failure information is returned; the rule for determining whether the key generation request instruction is legal is: whether the virtual door number information and the valid time information in the key generation request are in the access permission of the member who initiated the key generation request instruction.
  4. 根据权利要求3所述的门禁管理方法,其特征在于,还包括以下步骤:The access control management method according to claim 3, further comprising the following steps:
    后端处理中心接收钥匙分享请求指令,判断发起该钥匙生成请求指令的成员的角色,若角色为管理员或者组管理员,则生成对应的虚拟钥匙发送至分享目标的终端;若角色为普通成员,则由对应的组管理员或者管理员对分享目标的信息进行审核,审核通过则生成对应的虚拟钥匙发送至分享目标的终端。The back-end processing center receives the key sharing request command, and determines the role of the member who initiated the key generation request instruction. If the role is an administrator or a group administrator, the corresponding virtual key is generated and sent to the terminal of the sharing target; if the role is a normal member Then, the corresponding group administrator or administrator reviews the information of the sharing target, and the audit generates a corresponding virtual key to be sent to the terminal of the sharing target.
  5. 根据权利要求3或4所述的门禁管理方法,其特征在于,所述虚拟钥匙中包括用于打开对应的实体门禁的二维码数据或者信号数据。The access control management method according to claim 3 or 4, wherein the virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.
  6. 一种门禁管理系统,其特征在于,应用于后端处理中心,包括以下模块:An access control management system is characterized in that it is applied to a backend processing center, and includes the following modules:
    创建模块,用于接收创建者的注册请求指令,满足注册条件后为该创建者分配至少一个集群,每个集群中分别包括与实体门禁对应的虚拟门禁;a module is configured to receive a registration request instruction of the creator, and at least one cluster is allocated to the creator after the registration condition is met, and each cluster includes a virtual access control corresponding to the entity access control;
    成员添加模块,用于根据接收到的成员添加指令在对应的集群中添加相应的成员;a member adding module, configured to add a corresponding member in the corresponding cluster according to the received member adding instruction;
    角色分配模块,用于根据接收到的角色设置指令为对应的集群中的成员分配对应的角色; a role assignment module, configured to allocate a corresponding role to a member in the corresponding cluster according to the received role setting instruction;
    门禁使用权限设置模块,用于根据接收到的门禁使用权限设置指令为对应的集群中对应的成员设置门禁使用权限,门禁使用权限中包括虚拟门禁编号信息和对应于虚拟门禁编号信息的有效时间信息;The access control permission setting module is configured to set the access control permission for the corresponding member in the corresponding cluster according to the received access control permission setting instruction, where the access control permission information includes the virtual access control number information and the valid time information corresponding to the virtual access control number information. ;
    其中,用于通过移动终端或者PC终端与所述后端处理中心进行通信。Wherein, it is used for communicating with the backend processing center through a mobile terminal or a PC terminal.
  7. 根据权利要求6所述的门禁管理系统,其特征在于,角色包括管理员、组管理员和普通成员;其中,管理员具有所有虚拟门禁的门禁使用权限以及管理组管理员和普通成员的权限;组管理员的门禁使用权限和成员管理权限由管理员设置;普通成员的门禁使用权限由管理员或者对应的组管理员设置。The access control management system according to claim 6, wherein the role comprises an administrator, a group administrator, and a general member; wherein the administrator has the access permission of all the virtual access control and the authority of the management group administrator and the ordinary member; The access permission and member management rights of the group administrator are set by the administrator; the access rights of the ordinary members are set by the administrator or the corresponding group administrator.
  8. 根据权利要求7所述的门禁管理系统,其特征在于,还包括以下模块:The access control management system according to claim 7, further comprising the following modules:
    钥匙生成模块,用于接收钥匙生成请求指令,判断该钥匙生成请求指令是否合法,若是,则生成相应的虚拟钥匙发送至发起钥匙生成请求的终端中,否则返回失败信息;判断该钥匙生成请求指令是否合法的规则为:该钥匙生成请求指令中的虚拟门禁编号信息和有效时间信息是否在发起该钥匙生成请求指令的成员的门禁使用权限中。a key generation module, configured to receive a key generation request instruction, determine whether the key generation request instruction is legal, and if yes, generate a corresponding virtual key to be sent to the terminal that initiates the key generation request, otherwise return a failure information; and determine the key generation request instruction Whether the rule is legal is whether the virtual door number information and the valid time information in the key generation request instruction are in the access permission of the member who initiated the key generation request instruction.
  9. 根据权利要求8所述的门禁管理系统,其特征在于,还包括以下模块:The access control management system according to claim 8, further comprising the following modules:
    钥匙分享模块,用于接收钥匙分享请求指令,判断发起该钥匙生成请求指令的成员的角色,若角色为管理员或者组管理员,则生成对应的虚拟钥匙发送至分享目标的终端;若角色为普通成员,则由对应 的组管理员或者管理员对分享目标的信息进行审核,审核通过则生成对应的虚拟钥匙发送至分享目标的终端。a key sharing module, configured to receive a key sharing request command, determine a role of a member that initiates the key generation request instruction, and if the role is an administrator or a group administrator, generate a corresponding virtual key to send to the terminal of the sharing target; Ordinary member The group administrator or the administrator reviews the information of the sharing target, and the auditing generates a corresponding virtual key to be sent to the terminal of the sharing target.
  10. 根据权利要求8或9所述的门禁管理系统,其特征在于,所述虚拟钥匙中包括用于打开对应的实体门禁的二维码数据或者信号数据。 The access control management system according to claim 8 or 9, wherein the virtual key includes two-dimensional code data or signal data for opening a corresponding physical access control.
PCT/CN2016/086211 2015-10-28 2016-06-17 Access management method and system WO2017071249A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510719093.8 2015-10-28
CN201510719093.8A CN105389870A (en) 2015-10-28 2015-10-28 Entrance guard management method and system

Publications (1)

Publication Number Publication Date
WO2017071249A1 true WO2017071249A1 (en) 2017-05-04

Family

ID=55422114

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/086211 WO2017071249A1 (en) 2015-10-28 2016-06-17 Access management method and system

Country Status (2)

Country Link
CN (1) CN105389870A (en)
WO (1) WO2017071249A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110858331A (en) * 2018-08-16 2020-03-03 上海磐森文化传媒有限公司 WeChat-based hotel check-in management system and method
CN111797955A (en) * 2020-06-30 2020-10-20 福州市蔬菜科学研究所 Digital crop breeding information management system and application thereof
CN112182651A (en) * 2020-09-25 2021-01-05 合肥工业大学 Authority control method and device
CN113112662A (en) * 2021-04-15 2021-07-13 广州爽游网络科技有限公司 Method for realizing access control electronic key and access control authority management in mobile phone chat software group
CN113379952A (en) * 2021-06-15 2021-09-10 北京房江湖科技有限公司 Sharing management method and sharing management device for house key
CN114416751A (en) * 2022-03-29 2022-04-29 中建电子商务有限责任公司 RBAC optimization algorithm based on multiplication bitmap
CN116011797A (en) * 2023-03-28 2023-04-25 济南市莱芜颐和信息科技有限公司 Decentralized financial supervision and management system

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105389870A (en) * 2015-10-28 2016-03-09 广州畅联信息科技有限公司 Entrance guard management method and system
CN110677436A (en) * 2016-10-20 2020-01-10 张桂兰 Object access authority management background system, device and user terminal
CN111478918B (en) * 2016-10-25 2022-04-12 中用科技有限公司 Device with access control function
CN106530460A (en) * 2016-11-01 2017-03-22 张涛 Access control authority distribution method and system
CN106780923A (en) * 2017-01-24 2017-05-31 柳州得实科技有限公司 A kind of access permission management system
CN107483899A (en) * 2017-09-22 2017-12-15 深圳思瓦科技有限公司 A kind of intelligent doorbell and its implementation, intelligent doorbell system
CN107967732A (en) * 2017-10-31 2018-04-27 美的智慧家居科技有限公司 Intelligent door lock and voice method for burn-recording
CN109727340A (en) * 2017-10-31 2019-05-07 朱铭赫 Access control system method for running, apparatus and system
CN108023956B (en) * 2017-12-07 2020-08-14 厦门狄耐克智能科技股份有限公司 Access control cloud service system and method for registering access control equipment in access control cloud service system
CN108156000A (en) * 2018-02-01 2018-06-12 谢春旺 A kind of multifunctional conference management method, electronic equipment and storage medium
CN110136302A (en) * 2018-02-02 2019-08-16 新世界发展有限公司 For remotely accessing the disengaging control system and its control method of closure element
CN108416454B (en) * 2018-02-02 2021-08-20 深圳市鹰硕技术有限公司 Control method and system for intelligent campus
CN110827457B (en) * 2018-07-23 2022-12-09 宁波欧依安盾安全科技有限公司 Virtual access control system based on safety competence identification
CN109598831A (en) * 2018-11-20 2019-04-09 北京千丁互联科技有限公司 A kind of visitor's access control system control method and its device based on image recognition
CN109615738A (en) * 2018-11-30 2019-04-12 深圳绿米联创科技有限公司 Door lock management method, device, electronic equipment and storage medium
CN110580757B (en) * 2019-08-01 2021-12-17 深圳左邻永佳科技有限公司 Access control equipment opening method and device based on graphic code and storage medium
CN110570559A (en) * 2019-08-21 2019-12-13 杭州享钥科技有限公司 Electronic key sharing method in access control system based on mobile terminal
CN112562138B (en) * 2020-11-24 2022-11-22 北京百度网讯科技有限公司 Method, device, equipment and storage medium for managing gate
CN113888779A (en) * 2021-09-29 2022-01-04 广东好太太智能家居有限公司 User authority management method, system and device based on intelligent lock and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104464064A (en) * 2014-12-23 2015-03-25 韶关市英诺维科技设备有限公司 Application of two-dimensional code lock to home furnishing
CN104537736A (en) * 2014-12-23 2015-04-22 韶关市英诺维科技设备有限公司 Application of two-dimension code lock in business management
US20150129657A1 (en) * 2013-06-04 2015-05-14 April Elizabeth Rogers System and method for controlling locks
CN104851171A (en) * 2015-06-05 2015-08-19 成都生长线科技有限公司 Intelligent access control method, device and system
CN105389870A (en) * 2015-10-28 2016-03-09 广州畅联信息科技有限公司 Entrance guard management method and system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DK1336937T3 (en) * 2002-02-13 2004-09-27 Swisscom Ag Access control system, access control method and suitable devices therefor
CN101630422A (en) * 2009-08-31 2010-01-20 天津工业大学 Intelligent electronic access control system
CN102262793B (en) * 2010-05-26 2013-08-21 中兴通讯股份有限公司 Entrance guard control method and entrance guard control system
CN102646295B (en) * 2011-02-21 2014-12-10 中国移动通信集团江苏有限公司 Intelligent residential community security system and customizing service realizing method thereof
CN202838471U (en) * 2011-12-23 2013-03-27 广州格罗博信息技术有限公司 Access control system
CN103248484B (en) * 2013-04-03 2015-09-09 张泽 Access control system and method
CN104217473A (en) * 2013-06-03 2014-12-17 李万君 Intelligent access control system and apparatus based on plane code and NFC
CN103593891A (en) * 2013-11-06 2014-02-19 周良文 Intelligent access system with instant messaging function and method
CN103679884B (en) * 2013-12-02 2016-07-06 大连智慧城科技有限公司 The Internet gate inhibition casual user's authorization device and method
CN104732626B (en) * 2015-01-22 2017-12-12 西安酷派软件科技有限公司 Gate inhibition's authorization management method and system
CN104700479B (en) * 2015-03-10 2017-06-13 上海金融云服务集团安全技术有限公司 Guard method based on band authentication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150129657A1 (en) * 2013-06-04 2015-05-14 April Elizabeth Rogers System and method for controlling locks
CN104464064A (en) * 2014-12-23 2015-03-25 韶关市英诺维科技设备有限公司 Application of two-dimensional code lock to home furnishing
CN104537736A (en) * 2014-12-23 2015-04-22 韶关市英诺维科技设备有限公司 Application of two-dimension code lock in business management
CN104851171A (en) * 2015-06-05 2015-08-19 成都生长线科技有限公司 Intelligent access control method, device and system
CN105389870A (en) * 2015-10-28 2016-03-09 广州畅联信息科技有限公司 Entrance guard management method and system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110858331A (en) * 2018-08-16 2020-03-03 上海磐森文化传媒有限公司 WeChat-based hotel check-in management system and method
CN111797955A (en) * 2020-06-30 2020-10-20 福州市蔬菜科学研究所 Digital crop breeding information management system and application thereof
CN112182651A (en) * 2020-09-25 2021-01-05 合肥工业大学 Authority control method and device
CN112182651B (en) * 2020-09-25 2023-06-02 合肥工业大学 Authority control method and device
CN113112662A (en) * 2021-04-15 2021-07-13 广州爽游网络科技有限公司 Method for realizing access control electronic key and access control authority management in mobile phone chat software group
CN113379952A (en) * 2021-06-15 2021-09-10 北京房江湖科技有限公司 Sharing management method and sharing management device for house key
CN113379952B (en) * 2021-06-15 2023-02-28 北京房江湖科技有限公司 Sharing management method and sharing management device for house key
CN114416751A (en) * 2022-03-29 2022-04-29 中建电子商务有限责任公司 RBAC optimization algorithm based on multiplication bitmap
CN116011797A (en) * 2023-03-28 2023-04-25 济南市莱芜颐和信息科技有限公司 Decentralized financial supervision and management system
CN116011797B (en) * 2023-03-28 2023-07-07 济南市莱芜颐和信息科技有限公司 Decentralized financial supervision and management system

Also Published As

Publication number Publication date
CN105389870A (en) 2016-03-09

Similar Documents

Publication Publication Date Title
WO2017071249A1 (en) Access management method and system
US11350279B2 (en) Dynamic policy-based on-boarding of devices in enterprise environments
CN111970129B (en) Data processing method and device based on block chain and readable storage medium
CN110958118B (en) Certificate authentication management method, device, equipment and computer readable storage medium
US9197639B2 (en) Method for sharing data of device in M2M communication and system therefor
CN107579958B (en) Data management method, device and system
KR101418799B1 (en) System for providing mobile OTP service
CN112257110B (en) Electronic signature management method, management system and computer readable storage medium
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
CN102420690A (en) Fusion and authentication method and system of identity and authority in industrial control system
CN103152179A (en) Uniform identity authentication method suitable for multiple application systems
WO2020223918A1 (en) Temporary identity authentication method, apparatus and system
CN106600775A (en) Non-networking dynamic password generation method used for intelligent access control system
CN108966216B (en) Mobile communication method and system applied to power distribution network
KR20120046376A (en) System and method for providing payment means management sertvice, apparatus and device for payment means management service
CN104424676A (en) Identity information sending method, identity information sending device, access control card reader and access control system
CN113255014B (en) Data processing method based on block chain and related equipment
TWI829219B (en) De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device
CN104579687A (en) CSP implementation based on USBKEY
CN114500082A (en) Access authentication method and device, equipment, server, storage medium and system
CN112383401B (en) User name generation method and system for providing identity authentication service
US9232078B1 (en) Method and system for data usage accounting across multiple communication networks
US11902451B2 (en) Cross-blockchain identity and key management
CN111954882A (en) Communicating service provider access data to a service provider server
TWI829218B (en) De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16858692

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16858692

Country of ref document: EP

Kind code of ref document: A1