CN110417784A - The authorization method and device of access control equipment - Google Patents

The authorization method and device of access control equipment Download PDF

Info

Publication number
CN110417784A
CN110417784A CN201910696326.5A CN201910696326A CN110417784A CN 110417784 A CN110417784 A CN 110417784A CN 201910696326 A CN201910696326 A CN 201910696326A CN 110417784 A CN110417784 A CN 110417784A
Authority
CN
China
Prior art keywords
access control
control equipment
authorization
background server
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910696326.5A
Other languages
Chinese (zh)
Other versions
CN110417784B (en
Inventor
段克晓
王松健
赵伟
李火荣
杨程
邓攀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201910696326.5A priority Critical patent/CN110417784B/en
Publication of CN110417784A publication Critical patent/CN110417784A/en
Application granted granted Critical
Publication of CN110417784B publication Critical patent/CN110417784B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides a kind of authorization method of access control equipment and devices;Method includes: the authorization requests in response to being directed to access control equipment, shows the graphic code of the corresponding access control equipment, the graphic code is for authorizing the access control equipment to run the application program in the access control equipment;When the graphic code obtains the scan operation of terminal device, the authorization message for being directed to the access control equipment is obtained;Based on the authorization message, the corresponding configuration information of the application program is obtained, to run the application program based on the configuration information, so, it is capable of safety the configuration information in background server is issued in access control equipment, realizes the security certificate of access control equipment.

Description

The authorization method and device of access control equipment
Technical field
The present invention relates to field of communication technology more particularly to the authorization methods and device of a kind of access control equipment.
Background technique
Access control equipment in the market is usually to be combined external offer service, algorithm by hardware vendor and algorithm service quotient Service provider can generally provide license authority and algorithm SDK to hardware vendor, as long as hardware vendor possesses license's Equipment can use the algorithm.The relevant technologies can generally carry out local identification using off-line mode, however, using such technology Other application is cracked there are despiteful hardware vendor and obtains license authority, brings loss to algorithm service quotient.
Summary of the invention
The embodiment of the present invention provides the authorization method and device of a kind of access control equipment, be capable of safety will be in background server Configuration information be issued in access control equipment, realize the security certificate of access control equipment.
The technical solution of the embodiment of the present invention is achieved in that
The embodiment of the present invention provides a kind of authorization method of access control equipment, comprising:
In response to being directed to the authorization requests of access control equipment, the graphic code of the corresponding access control equipment, the graphic code are shown For authorizing the access control equipment to run the application program in the access control equipment;
When the graphic code obtains the scan operation of terminal device, the authorization message for being directed to the access control equipment is obtained;
Based on the authorization message, the corresponding configuration information of the application program is obtained, and is transported based on the configuration information The row application program.
The embodiment of the present invention also provides a kind of authorization device of access control equipment, comprising:
Display unit shows the figure of the corresponding access control equipment for the authorization requests in response to being directed to access control equipment Code, the graphic code is for authorizing the access control equipment to run the application program in the access control equipment;
Acquiring unit is obtained and is set for the gate inhibition when for obtaining the scan operation of terminal device when the graphic code Standby authorization message;
Running unit obtains the corresponding configuration information of the application program, and be based on institute for being based on the authorization message It states configuration information and runs the application program.
In above scheme, the display unit, be also used in response to be directed to the access control equipment authorized order, by with The session connection of the background server of the application program, sends the authorization requests for being directed to the access control equipment, and the authorization is asked Ask the device identification for carrying the access control equipment;
Receive and show the graphic code for carrying user and verifying page address that the background server returns.
In above scheme, the acquiring unit is also used to:
When the background server receives the user information that the terminal device is sent after scanning the graphic code, and When passing through to user information verification, the authorization message that the background server is sent is obtained.
In above scheme, the acquiring unit is also used to:
It is right when the background server receives the user information that the terminal device is sent after scanning the graphic code The user information verification passes through and determines that the access control equipment is in when licensing status, obtains the background server and sends The authorization message.
In above scheme, the authorization message includes authorization token and communication key,
The running unit is also used to that the authorization token is encrypted based on the communication key, is added Authorization token after close;
By the session connection of the background server with the application program, the encrypted authorization token is sent;
Receive the background server decrypt to obtain based on the communication key return after the authorization token described in match Confidence breath.
In above scheme, described device further includes transmission unit,
The transmission unit corresponds to the logging request of the application program extremely for periodically sending the access control equipment The background server;
The condition responsive information that the instruction that the background server returns logins successfully is received, the condition responsive information is The background server is based on the logging request, sends after updating the logging state of the access control equipment.
In above scheme, the transmission unit is also used to receive the offline notice of the instruction of the background server transmission Message, the notification message are that the background server receives equipment transmission identical with the device identification of the access control equipment Logging request after send.
In above scheme, described device further includes acquisition unit,
The acquisition unit, for acquiring the user information of target user;
Feature extraction is carried out to the user information of acquisition, obtains the user characteristics for identifying the target user;
The user characteristics are encrypted, encrypted user characteristics are obtained;
By the session connection of the background server with the application program, the encrypted user characteristics are sent;
It receives the background server and decrypts the control for obtaining the user characteristics and returning to user characteristics calibration Instruction, the control instruction is for controlling the access control equipment execution opening operation or remaining off.
The embodiment of the present invention provides a kind of authorization device of access control equipment, comprising:
Memory, for storing executable instruction;
Processor when for executing the executable instruction stored in the memory, is realized provided in an embodiment of the present invention The authorization method of access control equipment.
The embodiment of the present invention also provides a kind of storage medium, and the storage medium is stored with executable instruction, for causing When processor executes, the authorization method of access control equipment provided in an embodiment of the present invention is realized.
The embodiment of the present invention has the advantages that
The embodiment of the present invention is shown the graphic code of corresponding access control equipment, is worked as figure based on the authorization requests for being directed to access control equipment When shape code obtains the scan operation of terminal device, the authorization message for being directed to access control equipment is obtained, is based on authorization message, obtains application The corresponding configuration information of program, and application program is run based on configuration information, in this way, by online scanning figure shape code, Neng Gouan Complete is issued to the configuration information in background server in access control equipment, realizes the security certificate of access control equipment.
Detailed description of the invention
Fig. 1 is the configuration diagram of the authoring system of access control equipment provided in an embodiment of the present invention;
Fig. 2 is the composed structure schematic diagram of the authorization device of access control equipment provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention;
Fig. 4 is the display interface schematic diagram of access control equipment provided in an embodiment of the present invention;
Fig. 5 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention;
Fig. 6 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention;
Fig. 7 is the composed structure schematic diagram of the authorization device of access control equipment provided in an embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into It is described in detail to one step, described embodiment is not construed as limitation of the present invention, and those of ordinary skill in the art are not having All other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
In the following description, it is related to " some embodiments ", which depict the subsets of all possible embodiments, but can To understand, " some embodiments " can be the same subsets or different subsets of all possible embodiments, and can not conflict In the case where be combined with each other.
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention The normally understood meaning of technical staff is identical.Term used herein is intended merely to the purpose of the description embodiment of the present invention, It is not intended to limit the present invention.
The authoring system of the access control equipment of the embodiment of the present invention is illustrated first, Fig. 1 provides for the embodiment of the present invention The configuration diagram of authoring system of access control equipment support an exemplary application to realize referring to Fig. 1, access control equipment Authoring system 100 includes terminal 500, access control equipment 400 and background server 200, and terminal 500 connects gate inhibition by network 300 Equipment 400, access control equipment 400 connect background server 200 by network 300, and network 300 can be wide area network or local Net, or be combination, realize that data are transmitted using Radio Link.
Access control equipment 400 passes through the background service with application program for the clicking operation in response to being directed to access control equipment The session connection of device sends the authorization requests for access control equipment to background server 200;
Background server 200, for generating the graphic code for carrying user and verifying page address based on device identification, and will figure Shape code returns to access control equipment 400;
Access control equipment 400 is also used to receive and show the graphic code that background server 200 returns;
Terminal 500 inputs user for scanning the graphic code of the displaying of access control equipment 400, and in the verification page jumped to Information;
Background server 200 is also used to the user information sent after receiving terminal 500 in scanning figure shape code, and right When user information verification passes through, the authorization message for being directed to access control equipment is obtained, and authorization message is sent to access control equipment 400;
Access control equipment 400 is also used to the authorization message sent based on background server 200, and it is corresponding to obtain application program Configuration information, and application program is run based on configuration information.
Next the authorization device of access control equipment provided in an embodiment of the present invention is illustrated, Fig. 2 is that the present invention is implemented Example provide access control equipment authorization device composition schematic diagram, Fig. 2 shows device composition be only an example, should not be right The function and use scope of the embodiment of the present invention bring any restrictions.
As shown in Fig. 2, the authorization device 20 of access control equipment provided in an embodiment of the present invention includes: at least one processor 201, memory 202, user interface 203 and at least one network interface 204.Each group in the processing unit 20 of task cards Part is coupled by bus system 205.It is appreciated that bus system 205 is logical for realizing the connection between these components Letter.Bus system 205 further includes power bus, control bus and status signal bus in addition in addition to including data/address bus.But it is For the sake of clear explanation, in Fig. 2 various buses are all designated as bus system 205.
Wherein, user interface 203 may include display, keyboard, mouse, trace ball, click wheel, key, key, sense of touch Plate or touch screen etc..
It is appreciated that memory 202 can be volatile memory or nonvolatile memory, may also comprise volatibility and Both nonvolatile memories.Wherein, nonvolatile memory can be read-only memory (ROM, Read Only Memory), Programmable read only memory (PROM, Programmable Read-Only Memory), Erasable Programmable Read Only Memory EPROM (EPROM, Erasable Programmable Read-Only Memory), flash memory (Flash Memory) etc..Volatibility is deposited Reservoir can be random access memory (RAM, Random Access Memory), be used as External Cache.By showing Example property but be not restricted explanation, the RAM of many forms is available, such as static random access memory (SRAM, Static Random Access Memory), synchronous static random access memory (SSRAM, Synchronous Static Random Access Memory).The memory 202 of description of the embodiment of the present invention is intended to include depositing for these and any other suitable type Reservoir.
Memory 202 in the embodiment of the present invention can storing data to support the operation of terminal.The example of these data It include: any computer program for operating at the terminal, such as operating system and application program.Wherein, operating system includes Various system programs, such as ccf layer, core library layer, driving layer etc., for realizing various basic businesses and processing based on hard The task of part.Application program may include various application programs.
The example that authorization device as access control equipment provided in an embodiment of the present invention uses software and hardware combining to implement, this hair The authorization device of access control equipment provided by bright embodiment can be embodied directly in the software module group executed by processor 201 It closes, software module can be located in storage medium, and storage medium is located at memory 202, and processor 201 is read in memory 202 The executable instruction that software module includes, in conjunction with necessary hardware (e.g., including processor 201 and be connected to bus 205 Other assemblies) complete the authorization method of access control equipment provided in an embodiment of the present invention.
As an example, processor 201 can be a kind of IC chip, and the processing capacity with signal, for example, it is general Processor, digital signal processor (DSP, Digital Signal Processor) or other programmable logic device are divided Vertical door or transistor logic, discrete hardware components etc., wherein general processor can be microprocessor or any normal The processor etc. of rule.
The example that authorization device as access control equipment provided in an embodiment of the present invention uses hardware to implement, the present invention are implemented The processor 201 of hardware decoding processor form can be directly used to execute completion in device provided by example, for example, by one Or multiple application specific integrated circuits (ASIC, Application Specif ic Integrated Circuit), DSP, can Programmed logic device (PLD, Programmable Logic De vice), Complex Programmable Logic Devices (CPLD, Complex Programmable Logic Device), field programmable gate array (FPGA, Field-Programmable Gate Array) or other electronic components execute the authorization method for realizing access control equipment provided in an embodiment of the present invention.
Memory 202 in the embodiment of the present invention is for storing various types of data to support the authorization of access control equipment to fill Set 20 operation.The example of these data includes: any executable finger for operating on the authorization device 20 of access control equipment It enables, such as executable instruction realizes that the program of the authorization method of the access control equipment of the embodiment of the present invention may be embodied in executable finger In order.
The exemplary application and implementation of the device above-mentioned for realizing the embodiment of the present invention will be combined, illustrates to realize of the invention real The method for applying example.
Fig. 3 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention, referring to Fig. 3, the present invention The authorization method of access control equipment that embodiment provides includes:
Step 301: access control equipment shows the figure of corresponding access control equipment in response to the authorization requests for access control equipment Code, graphic code are used to authorize the application program in access control equipment operation access control equipment.
In actual implementation, when running the application program in access control equipment for the first time, no initializtion authorization, and bullet can be prompted Graphic code out makes the user having permission carry out barcode scanning using barcode scanning equipment.Here, graphic code can for two dimensional code, bar code or its His identification code.
In some embodiments, access control equipment can obtain simultaneously display diagram shape code in the following way:
In response to being directed to the authorized order of access control equipment, pass through the session connection of the background server with application program, hair The authorization requests for access control equipment are sent, authorization requests carry the device identification of access control equipment;It receives and shows background server The graphic code for carrying user and verifying page address of return.
In practical applications, it when user uses access control equipment for the first time, such as by the clicking operation of user, can trigger corresponding Authorized order, authorized order instruction access control equipment carries out initialization Authorized operation, access control equipment by in access control equipment The session connection of the background server of application program sends authorization requests to background server, and authorization requests carry gate inhibition and set Standby device identification, background server receive authorization requests, based on the device identification carried in authorization requests, pass through graphic code It generates interface and generates the graphic code comprising user's verification page address, and the graphic code of generation is sent to access control equipment, Access control equipment receives and shows the graphic code that background server returns, when user uses the scanning device with barcode scanning function (such as Mobile phone) scanning figure shape code when, the current page on terminal device can jump to the corresponding verification page, and then execute user information Verification.
Step 302: when graphic code obtains the scan operation of terminal device, obtaining the authorization message for being directed to access control equipment.
In practical applications, graphic code carries user and verifies page address, when user is set by terminal device scans gate inhibition When standby upper graphic code, the current page on terminal device can jump to the corresponding verification page, and user can be on the verification page User information verification is carried out, if verification passes through, illustrates that the user has the Authorized operation permission for obtaining access control equipment, it can be further Obtain the authorization message for being directed to access control equipment.
In some embodiments, when graphic code obtains the scan operation of terminal device, access control equipment can pass through such as lower section Formula obtains the authorization message for being directed to access control equipment:
The user information sent after background server receives terminal device in scanning figure shape code, and to user information school Test by when, obtain background server send the authorization message.
In actual implementation, when user passes through the graphic code on terminal device scans access control equipment, by graphic code Parsing obtains the user carried in graphic code and verifies page address, verifies page address based on user and jumps to corresponding verification page Face, the verification page input user information for user to carry out user information verification.In practical applications, user information can be The user information of input is sent to background server and carries out user information verification by username and password, terminal device, and backstage takes Business device matches received user information with the user information prestored, when successful match, illustrates that user information verification is logical It crosses, background server generates authorization message and authorization message is sent to access control equipment;When matching unsuccessful, illustrate that user believes Breath verification does not pass through, and background server does not generate authorization message, and the unsanctioned prompt information of back-checking.
In some embodiments, when graphic code obtains the scan operation of terminal device, access control equipment can pass through such as lower section Formula obtains the authorization message for being directed to access control equipment:
The user information sent after background server receives terminal device in scanning figure shape code verifies user information By and determine access control equipment be in when licensing status, obtain background server send authorization message.
In actual implementation, the user information of input is sent to background server and carries out user information school by terminal device It tests, after user information verification passes through, the background server also device identification based on access control equipment judges corresponding access control equipment Whether authorized.In practical applications, background server can be stored with access control equipment device identification and corresponding licensing status, When receiving new authorization requests, background server parses authorization requests, obtains the equipment mark of current access control equipment Know, the licensing status of current access control equipment is inquired based on obtained device identification, when not inquiring corresponding device identification, or looks into The licensing status for asking the correspondence device identification stored is then to illustrate that current access control equipment is not yet awarded when licensing status Power, background server can generate corresponding authorization message, and the authorization message of generation is sent currently to access control equipment;Work as inquiry The licensing status of the correspondence device identification stored be licensing status when, illustrate that current access control equipment has been authorized to, backstage Server does not regenerate new authorization message, carries out weight using same access control equipment mark in this way, can avoid same vendor equipment Multiple authorization.
Step 303: being based on authorization message, obtain the corresponding configuration information of application program, and answer based on configuration information operation Use program.
In practical applications, after entrance guard equipment authorization passes through, it can be obtained and be configured from background server by authorization message Information, and based on the application program in configuration information operation access control equipment, configuration information includes at least following one: calculating mould Type, feature database and configuring cipher key.
In some embodiments, authorization message includes authorization token and communication key, and access control equipment can be in the following way Obtain the corresponding configuration information of application program:
Authorization token is encrypted based on communication key, obtains encrypted authorization token;By with apply journey The session connection of the background server of sequence sends encrypted authorization token to background server;Background server is received to be based on Communication key decrypts the configuration information returned after authorized token.
In practical applications, after entrance guard equipment authorization passes through, access control equipment is using the communication key obtained to warrant Board is encrypted, and encrypted authorization token is sent to background server, and background server is based on communication key to adding Authorization token after close is decrypted, the authorization token decrypted, and the corresponding configuration information of application program is sent to gate inhibition Equipment can prevent authorization token from being attacked, obtain or distorting by other people in this way, authorization token is encrypted.
In some embodiments, access control equipment also periodically sends access control equipment and corresponds to the logging request of application program extremely Background server;The condition responsive information that the instruction that background server returns logins successfully is received, condition responsive information is backstage Server is based on logging request, sends after updating the logging state of access control equipment.
In practical applications, communicated tokens and communication key are device level, the communicated tokens that distinct device mark obtains It is different with communication key.In actual implementation, access control equipment, can be periodically to background service after completing initialization authorization Device sends logging request to inquire logging state, background server based on the device identification in logging request judge whether to receive with The logging request that the identical other equipment of the device identification of the access control equipment are sent, when determination does not receive and access control equipment When the logging request that the identical other equipment of device identification are sent, background server updates the logging state of access control equipment, generates And the state corresponding message that logins successfully of instruction is sent to access control equipment.
When background server determines that receiving the login that the identical other equipment of device identification with the access control equipment are sent asks When asking, in some embodiments, access control equipment also receives the offline notification message of instruction of background server transmission, notification message It determines for background server and is sent after receiving the logging request that equipment identical with the device identification of the access control equipment is sent, That is, background server when receiving the logging request that the equipment with same device identification is sent, will can have before There is the access control equipment of this same device identification to kick out of offline, in this way, protecting for multiple access control equipments with same device identification Demonstrate,proving the same time at most can only have an access control equipment authorized, and authorized access control equipment just has in operation access control equipment The permission of application program, the equipment for also preventing same device manufacturer in this way carry out repeated registration using same device identification and award Power.
In practical applications, it is authorized successfully when access control equipment initializes, it can be by user information, for example, name, department, photograph In the typings access control equipment such as piece, the disengaging of user is managed using access control equipment in this way, in some embodiments, door Can in the following way the disengaging of user be managed by prohibiting equipment:
Acquire the user information of target user;Feature extraction is carried out to the user information of acquisition, obtains marked targeted customer User characteristics;User characteristics are encrypted, encrypted user characteristics are obtained;By with after the application program The session connection of platform server sends encrypted user characteristics;Receive background server decrypt to obtain user characteristics and to The control instruction returned after the verification of family feature, control instruction execute opening operation for access control equipment or remain turned-off shape State.
In actual implementation, access control equipment acquire target user's information, and target user's information of acquisition can be carried out into One step feature extraction obtains the user characteristics that can be identified for that user characteristics, and using certain encryption technology to the use extracted Family feature is encrypted, for example, encrypting using the above-mentioned communication key got to user characteristics, by encrypted use Family feature is sent to background server, and background server is after receiving encrypted user characteristics, and decryption is used first Family feature, and the user characteristics that decryption obtains are matched with the user characteristics prestored, when successful match, illustrate that target is used Family verification passes through, and background server generates the control instruction that verification passes through and is sent to access control equipment, and access control equipment executes unlatching Operation permits target user and passes through this door;When matching unsuccessful, illustrate that target user's information checking fails, background server It generates the control instruction of verification failure and is sent to access control equipment, access control equipment saves closed state, does not allow target user logical Cross this door.
Fig. 4 is the display interface schematic diagram of access control equipment provided in an embodiment of the present invention, referring to fig. 4, when name is Li Si Target user's Information Authentication when passing through, the prompt of display " Li Si, Men Yikai welcome to enter ", Li Si on access control equipment Pass through this door.
The embodiment of the present invention is capable of the issuing the configuration information in background server of safety by online scanning figure shape code Into access control equipment, the security certificate of access control equipment is realized;Authorization token is encrypted, prevents authorization token by him People's attack is obtained or is distorted;And the authorization token and communication key obtained is device level, and what distinct device mark obtained awards Token and communication key difference are weighed, prevents the equipment of same device manufacturer from carrying out repeated registration authorization using same device identification.
Continue to be illustrated the authorization method of access control equipment provided in an embodiment of the present invention, is this hair referring to Fig. 5, Fig. 5 The flow diagram of the authorization method for the access control equipment that bright embodiment provides, in conjunction with Fig. 5, gate inhibition provided in an embodiment of the present invention is set Standby authorization method includes:
Step 501: access control equipment passes through the background service with application program in response to the authorized order for access control equipment The session connection of device sends the authorization requests of access control equipment to background server.
Here, authorized order instruction access control equipment carries out initialization Authorized operation, and authorization requests carry access control equipment Device identification.
Step 502: background server generates the graphic code for carrying user and verifying page address based on authorization requests.
Here, background server parses the authorization requests received, obtains the device identification of access control equipment, and be based on gate inhibition The device identification of equipment generates interface by graphic code and generates the graphic code comprising user's verification page address, graphic code For authorizing the application program in access control equipment operation access control equipment.
Step 503: the graphic code that background server transmission generates to access control equipment.
Step 504: access control equipment shows the graphic code that background server returns.
Step 505: the graphic code that terminal device scans access control equipment is shown.
Step 506: the verification page is shown on terminal device.
Step 507: after user inputs user information on verifying the page, terminal device sends user information to backstage and takes Business device.
Step 508: background server receives user information, judges whether user information verification passes through and judge access control equipment Whether licensing status is in.
In practical applications, background server can distribute administrator to access control equipment, and user, can with administrator's identity logs To obtain the permission with application program in access control equipment, background server passes through judge whether the user information of input is management Whether member's identity information passes through to determine that user information verifies;Since authorization message is device level, background server can be based on The device identification of access control equipment judges the licensing status of corresponding access control equipment, when determining that user information verification passes through and determine Access control equipment is in when licensing status, executes step 509.
It should be noted that can be awarded without judging whether access control equipment is in when determining that user information verification does not pass through Power state, background server can not generate authorization message;When determine user information verification pass through but access control equipment be in awarded When power state, background server does not regenerate new authorization message, is set in this way, can avoid same vendor equipment using same gate inhibition Standby mark carries out repetitive endowment.
Step 509: background server generates authorization message, and authorization message includes authorization token and communication key.
Step 510: the authorization message that background server transmission generates to access control equipment.
Step 511: access control equipment is based on communication key and encrypts to authorization token, obtains encrypted authorization token.
Step 512: access control equipment sends encrypted authorization by the session connection of the background server with application program Token is to background server.
Step 513: background server is based on communication key and decrypts authorized token.
Step 514: the corresponding configuration information of background server sending application program.
511- step 514 through the above steps, based on communication key authorization token transmits after being encrypted, and can prevent from awarding Power token is attacked by other people, obtains or is distorted.
Step 515: access control equipment periodically sends the logging request that access control equipment corresponds to application program.
Step 516: background server judges whether to receive other equipment identical with the device identification of the access control equipment The logging request of transmission.
In actual implementation, when background server judgement determine have received it is identical as the device identification of the access control equipment Equipment send logging request when, execute step 517;Here, demand is not, it is emphasized that when determination receives and the gate inhibition When the logging request that the identical other equipment of the device identification of equipment are sent, background server updates the login shape of access control equipment State generates and sends the state corresponding message that logins successfully of instruction to access control equipment.
Step 517: background server, which generates, indicates offline notification message.
Step 518: background server, which is sent, indicates offline notification information to access control equipment.
Step 519: access control equipment is offline based on the notification message received.
515- step 519 through the above steps guarantees with for the moment multiple access control equipments with same device identification Between can only at most have an access control equipment authorized, authorized access control equipment just have operation access control equipment in application program Permission, also prevent the equipment of same device manufacturer in this way using same device identification and carry out repeated registration authorization.
In the following, will illustrate exemplary application of the embodiment of the present invention in an actual application scenarios.
By taking face access control equipment as an example, the authorization method of access control equipment provided in an embodiment of the present invention is mainly based upon barcode scanning The mode of authorization carries out initialization authorization, the authorized party of access control equipment provided in an embodiment of the present invention to door access machine background server Method can be divided into three phases:
1, initialization authorization
Fig. 6 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention, referring to Fig. 6, in reality When implementation, background server is mainly used for providing the application program in face access control equipment, for example, algorithm SDK, face gate inhibition is set Algorithm SDK in standby prompts no initializtion when using first time, i.e., when user clicks face access control equipment for the first time, face door Prohibit equipment and is sent in response to being directed to the clicking operation of access control equipment by the session connection of the background server with application program For face access control equipment authorization requests to background server, wherein authorization requests carry access control equipment device identification, after Platform server parses the authorization requests received, obtains the device identification of access control equipment, is generated based on device identification and carries user The graphic code of page address is verified, and graphic code is returned into face access control equipment, face access control equipment receives and shows backstage The graphic code that server returns, terminal scan the graphic code of face access control equipment displaying to input on the verification page jumped to User information.
Here, in practical applications, background server can distribute administrator right to face access control equipment, use for the first time When face access control equipment, administrator just has the permission of application program in request operation face access control equipment.Pass through end in user When end equipment scans the graphic code on access control equipment, the current page on terminal device can jump to the corresponding verification page, use Family can input the user informations such as username and password on the verification page, and user information is sent to background server and is used Family information checking, background server is by matching the user information received with the administrator information of distribution, to judge Whether user has administrator right, if the administrator information successful match of the user information of input and distribution, illustrates the use Family has administrator right, can be performed and operates in next step;Otherwise, illustrate that user does not have administrator right, give a warning prompt.
After determining that user information verification passes through, device identification and manufacturer of the background server also based on face access control equipment Mark judges whether corresponding face access control equipment authorized.
In practical applications, background server can be stored with access control equipment device identification and corresponding licensing status, In When receiving new authorization requests, background server parses authorization requests, obtains the equipment mark of current access control equipment Know, the licensing status of current access control equipment is inquired based on obtained device identification, when not inquiring corresponding device identification, or looks into The licensing status for asking the relevant device mark stored is then to illustrate that current access control equipment is not yet awarded when licensing status Power;When the licensing status for the correspondence device identification that inquiry is stored is licensing status, then current access control equipment is illustrated It is authorized to.
When background server passes through user information verification and determines that face access control equipment in when licensing status, can give birth to At corresponding authorization message, authorization message includes: authorization token and communication key.
Here, authorization message is sent to face access control equipment by background server, subsequent, and face access control equipment is based on authorization Token obtains the configuration informations such as computation model, face characteristic and configuring cipher key to background server, and matches confidence based on acquisition Breath runs application program in face access control equipment.
The authorization token and communication key obtained through aforesaid way is facility level, the authorization that distinct device mark obtains Token and communication key difference.
2, the communication mechanism of safety is established
After face entrance guard equipment authorization passes through, computation model, face can be pulled from background server by authorization token The configuration informations such as feature database and configuring cipher key, the communication key that whole network request can be obtained by initialization authorization are encrypted And signature can prevent authorization token from being attacked, obtain or distorting by other people in this way, authorization token is encrypted.
3, dynamic check equipment state
In practical applications, after face access control equipment completes initialization authorization, face gate inhibition is also periodically sent Equipment corresponds to the logging request of application program to background server, and background server is judged based on the device identification in logging request Whether receive the logging request that identical with the device identification of access control equipment other equipment are sent, when determine do not receive with When the logging request that the identical other equipment of the device identification of access control equipment are sent, background server updates the login of access control equipment State generates and sends the status message that logins successfully of instruction to access control equipment;When background server determine receive with it is described When the logging request that the identical equipment of the device identification of access control equipment is sent, that is to say, that background server has receiving When the logging request that the equipment of same device identification is sent, the access control equipment before with this same device identification can be kicked out of down Line.
In this way, a door can only be had by guaranteeing the same time at most for multiple access control equipments with same device identification Taboo equipment is authorized, and authorized access control equipment just has the permission of application program in operation access control equipment, is also prevented from this way The equipment of same device manufacturer carries out repeated registration authorization using same device identification.
By the above-mentioned means, vendor equipment mark and face access control equipment are identified preparatory typing, by face, gate inhibition is set The mode of standby online initialization authorization is authenticated, and the face access control equipment after certification just obtains computation model and people by network Face feature, and by network acquisition process using encryption authentication techniques, it is ensured that accomplish to prevent from stealing, anti-replay, anti-repetition are recognized Card, and ensure the safety of background server algorithm service therein itself.
Next the authorization device of the access control equipment also provided the embodiment of the present invention is illustrated, in some embodiments In, the mode that software module can be used in the training device of semantic segmentation model is realized, Fig. 7 is gate inhibition provided in an embodiment of the present invention The composed structure schematic diagram of the authorization device of equipment, referring to Fig. 7, the authorization device 70 of access control equipment provided in an embodiment of the present invention Include:
Display unit 71 shows the graphic code of corresponding access control equipment for the authorization requests in response to being directed to access control equipment, The graphic code is used to authorize the application program in access control equipment operation access control equipment;
Acquiring unit 72 obtains when for obtaining the scan operation of terminal device when graphic code and is directed to the access control equipment Authorization message;
Running unit 73 obtains the corresponding configuration information of application program, and be based on configuration information for being based on authorization message Run application program.
In some embodiments, the display unit is also used to the authorized order in response to being directed to the access control equipment, leads to The session connection with the background server of the application program is crossed, the authorization requests for being directed to the access control equipment are sent, it is described to award Power request carries the device identification of the access control equipment;
Receive and show the graphic code for carrying user and verifying page address that the background server returns.
In some embodiments, the acquiring unit is also used to receive the terminal device when the background server The user information sent after scanning the graphic code, and when passing through to user information verification, obtain the background service The authorization message that device is sent.
In some embodiments, the acquiring unit is also used to receive the terminal device when the background server The user information sent after scanning the graphic code passes through user information verification and determines that the access control equipment is in When licensing status, the authorization message that the background server is sent is obtained.
In some embodiments, the authorization message includes authorization token and communication key,
The running unit is also used to that the authorization token is encrypted based on the communication key, is added Authorization token after close;
By the session connection of the background server with the application program, the encrypted authorization token is sent;
Receive the background server decrypt to obtain based on the communication key return after the authorization token described in match Confidence breath.
In some embodiments, described device further includes transmission unit,
The transmission unit corresponds to the logging request of the application program extremely for periodically sending the access control equipment The background server;
The condition responsive information that the instruction that the background server returns logins successfully is received, the condition responsive information is The background server is based on the logging request, sends after updating the logging state of the access control equipment.
In some embodiments, it is offline to be also used to receive the instruction that the background server is sent for the transmission unit Notification message, the notification message are that the background server receives equipment identical with the device identification of the access control equipment It is sent after the logging request of transmission.
In some embodiments, described device further includes acquisition unit,
The acquisition unit, for acquiring the user information of target user;
Feature extraction is carried out to the user information of acquisition, obtains the user characteristics for identifying the target user;
The user characteristics are encrypted, encrypted user characteristics are obtained;
By the session connection of the background server with the application program, the encrypted user characteristics are sent;
It receives the background server and decrypts the control for obtaining the user characteristics and returning to user characteristics calibration Instruction, the control instruction is for controlling the access control equipment execution opening operation or remaining off.
It need to be noted that: above is referred to the description of device, be with above method description it is similar, with having for method Beneficial effect description, does not repeat them here, for undisclosed technical detail in described device of the embodiment of the present invention, please refers to present invention side The description of method embodiment.
The embodiment of the present invention provides a kind of authorization device of access control equipment, comprising:
Memory, for storing executable instruction;
Processor when for executing the executable instruction stored in the memory, realizes that the embodiment of the present invention provides door Prohibit the authorization method of equipment.
The embodiment of the present invention also provides a kind of storage medium, and the storage medium is stored with executable instruction, for causing When processor executes, the authorization method of access control equipment provided in an embodiment of the present invention is realized.
In some embodiments, storage medium can be FRAM, ROM, PROM, EPROM, EE PROM, flash memory, magnetic surface The memories such as memory, CD or CD-ROM;Be also possible to include one of above-mentioned memory or any combination various equipment.
In some embodiments, executable instruction can use program, software, software module, the form of script or code, By any form of programming language (including compiling or interpretative code, or declaratively or process programming language) write, and its It can be disposed by arbitrary form, including be deployed as independent program or be deployed as module, component, subroutine or be suitble to Calculate other units used in environment.
As an example, executable instruction can with but not necessarily correspond to the file in file system, can be stored in A part of the file of other programs or data is saved, for example, being stored in hypertext markup language (H TML, Hyper Text Markup Language) in one or more scripts in document, it is stored in the single file for being exclusively used in discussed program In, alternatively, being stored in multiple coordinated files (for example, the file for storing one or more modules, subprogram or code section).
As an example, executable instruction can be deployed as executing in a calculating equipment, or it is being located at one place Multiple calculating equipment on execute, or, be distributed in multiple places and by multiple calculating equipment of interconnection of telecommunication network Upper execution.
The above, only the embodiment of the present invention, are not intended to limit the scope of the present invention.It is all in this hair Made any modifications, equivalent replacements, and improvements etc. within bright spirit and scope, be all contained in protection scope of the present invention it It is interior.

Claims (10)

1. a kind of authorization method of access control equipment, which is characterized in that the described method includes:
In response to being directed to the authorization requests of access control equipment, show that the graphic code of the corresponding access control equipment, the graphic code are used for The access control equipment is authorized to run the application program in the access control equipment;
When the graphic code obtains the scan operation of terminal device, the authorization message for being directed to the access control equipment is obtained;
Based on the authorization message, the corresponding configuration information of the application program is obtained, and institute is run based on the configuration information State application program.
2. the method as described in claim 1, which is characterized in that the authorization requests in response to being directed to access control equipment are shown The graphic code of the corresponding access control equipment, comprising:
In response to being directed to the authorized order of the access control equipment, connected by the session of the background server with the application program It connects, sends the authorization requests for being directed to the access control equipment, the authorization requests carry the device identification of the access control equipment;
Receive and show the graphic code for carrying user and verifying page address that the background server returns.
3. the method as described in claim 1, which is characterized in that the scan operation for obtaining terminal device when the graphic code When, obtain the authorization message for being directed to the access control equipment, comprising:
When the background server receives the user information that the terminal device is sent after scanning the graphic code, and to institute User information verification is stated when passing through, obtains the authorization message that the background server is sent.
4. the method as described in claim 1, which is characterized in that the scan operation for obtaining terminal device when the graphic code When, obtain the authorization message for being directed to the access control equipment, comprising:
When the background server receives the user information that the terminal device is sent after scanning the graphic code, to described User information verification passes through and determines that the access control equipment is in when licensing status, obtains the institute that the background server is sent State authorization message.
5. the method as described in claim 1, which is characterized in that the authorization message includes authorization token and communication key, institute It states based on the authorization message, obtains the corresponding configuration information of the application program, comprising:
The authorization token is encrypted based on the communication key, obtains encrypted authorization token;
By the session connection of the background server with the application program, the encrypted authorization token is sent;
Receive the background server decrypt to obtain based on the communication key return after the authorization token described in confidence Breath.
6. the method as described in claim 1, which is characterized in that the method also includes:
It periodically sends the access control equipment and corresponds to the logging request of the application program to the background server;
The condition responsive information that the instruction that the background server returns logins successfully is received, the condition responsive information is described Background server is based on the logging request, sends after updating the logging state of the access control equipment.
7. method as claimed in claim 6, which is characterized in that the method also includes:
The offline notification message of the instruction of the background server transmission is received, the notification message is that the background server connects It is sent after receiving the logging request that equipment identical with the device identification of the access control equipment is sent.
8. the method as described in claim 1, which is characterized in that the method also includes:
Acquire the user information of target user;
Feature extraction is carried out to the user information of acquisition, obtains the user characteristics for identifying the target user;
The user characteristics are encrypted, encrypted user characteristics are obtained;
By the session connection of the background server with the application program, the encrypted user characteristics are sent;
The background server is received to decrypt to obtain the user characteristics and refer to the control returned after user characteristics verification It enables, the control instruction is for controlling the access control equipment execution opening operation or remaining off.
9. a kind of authorization device of access control equipment, which is characterized in that described device includes:
Display unit shows the graphic code of the corresponding access control equipment, institute for the authorization requests in response to being directed to access control equipment Graphic code is stated for authorizing the access control equipment to run the application program in the access control equipment;
Acquiring unit obtains when for obtaining the scan operation of terminal device when the graphic code for the access control equipment Authorization message;
Running unit obtains the corresponding configuration information of the application program, and match based on described for being based on the authorization message Confidence breath runs the application program.
10. a kind of authorization device of access control equipment, which is characterized in that described device includes:
Memory, for storing executable instruction;
Processor when for executing the executable instruction stored in the memory, is realized described in any one of claim 1 to 8 The authorization method of access control equipment.
CN201910696326.5A 2019-07-30 2019-07-30 Authorization method and device of access control equipment Active CN110417784B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910696326.5A CN110417784B (en) 2019-07-30 2019-07-30 Authorization method and device of access control equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910696326.5A CN110417784B (en) 2019-07-30 2019-07-30 Authorization method and device of access control equipment

Publications (2)

Publication Number Publication Date
CN110417784A true CN110417784A (en) 2019-11-05
CN110417784B CN110417784B (en) 2021-10-12

Family

ID=68364255

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910696326.5A Active CN110417784B (en) 2019-07-30 2019-07-30 Authorization method and device of access control equipment

Country Status (1)

Country Link
CN (1) CN110417784B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111629012A (en) * 2020-07-28 2020-09-04 杭州海康威视数字技术股份有限公司 Communication method, communication device, access control system, access control equipment and storage medium
CN112950833A (en) * 2019-12-11 2021-06-11 浙江宇视科技有限公司 Authorization method, device, equipment and storage medium of access control equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103634294A (en) * 2013-10-31 2014-03-12 小米科技有限责任公司 Information verifying method and device
CN107404382A (en) * 2016-05-18 2017-11-28 奥多比公司 Use the licensable feature of access token control software
US10218695B1 (en) * 2018-03-27 2019-02-26 Capital One Services, Llc Systems and methods for providing credentialless login using a random one-time passcode
CN109615757A (en) * 2019-02-27 2019-04-12 西安艾润物联网技术服务有限责任公司 Visitor's access control management method, system and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103634294A (en) * 2013-10-31 2014-03-12 小米科技有限责任公司 Information verifying method and device
CN107404382A (en) * 2016-05-18 2017-11-28 奥多比公司 Use the licensable feature of access token control software
US10218695B1 (en) * 2018-03-27 2019-02-26 Capital One Services, Llc Systems and methods for providing credentialless login using a random one-time passcode
CN109615757A (en) * 2019-02-27 2019-04-12 西安艾润物联网技术服务有限责任公司 Visitor's access control management method, system and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112950833A (en) * 2019-12-11 2021-06-11 浙江宇视科技有限公司 Authorization method, device, equipment and storage medium of access control equipment
CN112950833B (en) * 2019-12-11 2022-08-30 浙江宇视科技有限公司 Authorization method, device, equipment and storage medium of access control equipment
CN111629012A (en) * 2020-07-28 2020-09-04 杭州海康威视数字技术股份有限公司 Communication method, communication device, access control system, access control equipment and storage medium

Also Published As

Publication number Publication date
CN110417784B (en) 2021-10-12

Similar Documents

Publication Publication Date Title
CN110519062B (en) Identity authentication method, authentication system and storage medium based on block chain
CN104104672B (en) The method that dynamic authorization code is established in identity-based certification
CN103685138B (en) The authentication method of the Android platform application software that mobile interchange is online and system
CN102281286B (en) Flexible end-point compliance and strong authentication method and system for distributed hybrid enterprises
CN104378206B (en) A kind of virtual desktop safety certifying method and system based on USB Key
JP5373997B2 (en) System and method for using a domain specific security sandbox to facilitate secure transactions
CA2591968C (en) Authentication device and/or method
CN108111473B (en) Unified management method, device and system for hybrid cloud
CN108898389A (en) Based on the content verification method and device of block chain, electronic equipment
CN106452772B (en) Terminal authentication method and device
CN108183924A (en) A kind of login validation method and terminal device
US10382954B2 (en) System and method for providing a service to the user of a mobile terminal
CN109245893A (en) A kind of identity building and endorsement method for substituting U-shield
KR20160138063A (en) Techniques to operate a service with machine generated authentication tokens
CN105812350B (en) Cross-platform single sign-on system
CN107124431A (en) Method for authenticating, device, computer-readable recording medium and right discriminating system
CN110149328A (en) Interface method for authenticating, device, equipment and computer readable storage medium
CN110535648A (en) Electronic certificate is generated and verified and key controlling method, device, system and medium
CN110417820A (en) Processing method, device and the readable storage medium storing program for executing of single-node login system
CN110365684A (en) Access control method, device and the electronic equipment of application cluster
CN104104671B (en) Establish the unified dynamic authorization code system of business entity's account
CN107645471A (en) A kind of method and system for mobile terminal user identity certification
CN110401613A (en) A kind of authentication management method and relevant device
CN109831310A (en) A kind of auth method, system and relevant apparatus
CN110417784A (en) The authorization method and device of access control equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant