CN110417784A - The authorization method and device of access control equipment - Google Patents
The authorization method and device of access control equipment Download PDFInfo
- Publication number
- CN110417784A CN110417784A CN201910696326.5A CN201910696326A CN110417784A CN 110417784 A CN110417784 A CN 110417784A CN 201910696326 A CN201910696326 A CN 201910696326A CN 110417784 A CN110417784 A CN 110417784A
- Authority
- CN
- China
- Prior art keywords
- access control
- control equipment
- authorization
- background server
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides a kind of authorization method of access control equipment and devices;Method includes: the authorization requests in response to being directed to access control equipment, shows the graphic code of the corresponding access control equipment, the graphic code is for authorizing the access control equipment to run the application program in the access control equipment;When the graphic code obtains the scan operation of terminal device, the authorization message for being directed to the access control equipment is obtained;Based on the authorization message, the corresponding configuration information of the application program is obtained, to run the application program based on the configuration information, so, it is capable of safety the configuration information in background server is issued in access control equipment, realizes the security certificate of access control equipment.
Description
Technical field
The present invention relates to field of communication technology more particularly to the authorization methods and device of a kind of access control equipment.
Background technique
Access control equipment in the market is usually to be combined external offer service, algorithm by hardware vendor and algorithm service quotient
Service provider can generally provide license authority and algorithm SDK to hardware vendor, as long as hardware vendor possesses license's
Equipment can use the algorithm.The relevant technologies can generally carry out local identification using off-line mode, however, using such technology
Other application is cracked there are despiteful hardware vendor and obtains license authority, brings loss to algorithm service quotient.
Summary of the invention
The embodiment of the present invention provides the authorization method and device of a kind of access control equipment, be capable of safety will be in background server
Configuration information be issued in access control equipment, realize the security certificate of access control equipment.
The technical solution of the embodiment of the present invention is achieved in that
The embodiment of the present invention provides a kind of authorization method of access control equipment, comprising:
In response to being directed to the authorization requests of access control equipment, the graphic code of the corresponding access control equipment, the graphic code are shown
For authorizing the access control equipment to run the application program in the access control equipment;
When the graphic code obtains the scan operation of terminal device, the authorization message for being directed to the access control equipment is obtained;
Based on the authorization message, the corresponding configuration information of the application program is obtained, and is transported based on the configuration information
The row application program.
The embodiment of the present invention also provides a kind of authorization device of access control equipment, comprising:
Display unit shows the figure of the corresponding access control equipment for the authorization requests in response to being directed to access control equipment
Code, the graphic code is for authorizing the access control equipment to run the application program in the access control equipment;
Acquiring unit is obtained and is set for the gate inhibition when for obtaining the scan operation of terminal device when the graphic code
Standby authorization message;
Running unit obtains the corresponding configuration information of the application program, and be based on institute for being based on the authorization message
It states configuration information and runs the application program.
In above scheme, the display unit, be also used in response to be directed to the access control equipment authorized order, by with
The session connection of the background server of the application program, sends the authorization requests for being directed to the access control equipment, and the authorization is asked
Ask the device identification for carrying the access control equipment;
Receive and show the graphic code for carrying user and verifying page address that the background server returns.
In above scheme, the acquiring unit is also used to:
When the background server receives the user information that the terminal device is sent after scanning the graphic code, and
When passing through to user information verification, the authorization message that the background server is sent is obtained.
In above scheme, the acquiring unit is also used to:
It is right when the background server receives the user information that the terminal device is sent after scanning the graphic code
The user information verification passes through and determines that the access control equipment is in when licensing status, obtains the background server and sends
The authorization message.
In above scheme, the authorization message includes authorization token and communication key,
The running unit is also used to that the authorization token is encrypted based on the communication key, is added
Authorization token after close;
By the session connection of the background server with the application program, the encrypted authorization token is sent;
Receive the background server decrypt to obtain based on the communication key return after the authorization token described in match
Confidence breath.
In above scheme, described device further includes transmission unit,
The transmission unit corresponds to the logging request of the application program extremely for periodically sending the access control equipment
The background server;
The condition responsive information that the instruction that the background server returns logins successfully is received, the condition responsive information is
The background server is based on the logging request, sends after updating the logging state of the access control equipment.
In above scheme, the transmission unit is also used to receive the offline notice of the instruction of the background server transmission
Message, the notification message are that the background server receives equipment transmission identical with the device identification of the access control equipment
Logging request after send.
In above scheme, described device further includes acquisition unit,
The acquisition unit, for acquiring the user information of target user;
Feature extraction is carried out to the user information of acquisition, obtains the user characteristics for identifying the target user;
The user characteristics are encrypted, encrypted user characteristics are obtained;
By the session connection of the background server with the application program, the encrypted user characteristics are sent;
It receives the background server and decrypts the control for obtaining the user characteristics and returning to user characteristics calibration
Instruction, the control instruction is for controlling the access control equipment execution opening operation or remaining off.
The embodiment of the present invention provides a kind of authorization device of access control equipment, comprising:
Memory, for storing executable instruction;
Processor when for executing the executable instruction stored in the memory, is realized provided in an embodiment of the present invention
The authorization method of access control equipment.
The embodiment of the present invention also provides a kind of storage medium, and the storage medium is stored with executable instruction, for causing
When processor executes, the authorization method of access control equipment provided in an embodiment of the present invention is realized.
The embodiment of the present invention has the advantages that
The embodiment of the present invention is shown the graphic code of corresponding access control equipment, is worked as figure based on the authorization requests for being directed to access control equipment
When shape code obtains the scan operation of terminal device, the authorization message for being directed to access control equipment is obtained, is based on authorization message, obtains application
The corresponding configuration information of program, and application program is run based on configuration information, in this way, by online scanning figure shape code, Neng Gouan
Complete is issued to the configuration information in background server in access control equipment, realizes the security certificate of access control equipment.
Detailed description of the invention
Fig. 1 is the configuration diagram of the authoring system of access control equipment provided in an embodiment of the present invention;
Fig. 2 is the composed structure schematic diagram of the authorization device of access control equipment provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention;
Fig. 4 is the display interface schematic diagram of access control equipment provided in an embodiment of the present invention;
Fig. 5 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention;
Fig. 6 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention;
Fig. 7 is the composed structure schematic diagram of the authorization device of access control equipment provided in an embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
It is described in detail to one step, described embodiment is not construed as limitation of the present invention, and those of ordinary skill in the art are not having
All other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
In the following description, it is related to " some embodiments ", which depict the subsets of all possible embodiments, but can
To understand, " some embodiments " can be the same subsets or different subsets of all possible embodiments, and can not conflict
In the case where be combined with each other.
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention
The normally understood meaning of technical staff is identical.Term used herein is intended merely to the purpose of the description embodiment of the present invention,
It is not intended to limit the present invention.
The authoring system of the access control equipment of the embodiment of the present invention is illustrated first, Fig. 1 provides for the embodiment of the present invention
The configuration diagram of authoring system of access control equipment support an exemplary application to realize referring to Fig. 1, access control equipment
Authoring system 100 includes terminal 500, access control equipment 400 and background server 200, and terminal 500 connects gate inhibition by network 300
Equipment 400, access control equipment 400 connect background server 200 by network 300, and network 300 can be wide area network or local
Net, or be combination, realize that data are transmitted using Radio Link.
Access control equipment 400 passes through the background service with application program for the clicking operation in response to being directed to access control equipment
The session connection of device sends the authorization requests for access control equipment to background server 200;
Background server 200, for generating the graphic code for carrying user and verifying page address based on device identification, and will figure
Shape code returns to access control equipment 400;
Access control equipment 400 is also used to receive and show the graphic code that background server 200 returns;
Terminal 500 inputs user for scanning the graphic code of the displaying of access control equipment 400, and in the verification page jumped to
Information;
Background server 200 is also used to the user information sent after receiving terminal 500 in scanning figure shape code, and right
When user information verification passes through, the authorization message for being directed to access control equipment is obtained, and authorization message is sent to access control equipment 400;
Access control equipment 400 is also used to the authorization message sent based on background server 200, and it is corresponding to obtain application program
Configuration information, and application program is run based on configuration information.
Next the authorization device of access control equipment provided in an embodiment of the present invention is illustrated, Fig. 2 is that the present invention is implemented
Example provide access control equipment authorization device composition schematic diagram, Fig. 2 shows device composition be only an example, should not be right
The function and use scope of the embodiment of the present invention bring any restrictions.
As shown in Fig. 2, the authorization device 20 of access control equipment provided in an embodiment of the present invention includes: at least one processor
201, memory 202, user interface 203 and at least one network interface 204.Each group in the processing unit 20 of task cards
Part is coupled by bus system 205.It is appreciated that bus system 205 is logical for realizing the connection between these components
Letter.Bus system 205 further includes power bus, control bus and status signal bus in addition in addition to including data/address bus.But it is
For the sake of clear explanation, in Fig. 2 various buses are all designated as bus system 205.
Wherein, user interface 203 may include display, keyboard, mouse, trace ball, click wheel, key, key, sense of touch
Plate or touch screen etc..
It is appreciated that memory 202 can be volatile memory or nonvolatile memory, may also comprise volatibility and
Both nonvolatile memories.Wherein, nonvolatile memory can be read-only memory (ROM, Read Only Memory),
Programmable read only memory (PROM, Programmable Read-Only Memory), Erasable Programmable Read Only Memory EPROM
(EPROM, Erasable Programmable Read-Only Memory), flash memory (Flash Memory) etc..Volatibility is deposited
Reservoir can be random access memory (RAM, Random Access Memory), be used as External Cache.By showing
Example property but be not restricted explanation, the RAM of many forms is available, such as static random access memory (SRAM, Static
Random Access Memory), synchronous static random access memory (SSRAM, Synchronous Static Random
Access Memory).The memory 202 of description of the embodiment of the present invention is intended to include depositing for these and any other suitable type
Reservoir.
Memory 202 in the embodiment of the present invention can storing data to support the operation of terminal.The example of these data
It include: any computer program for operating at the terminal, such as operating system and application program.Wherein, operating system includes
Various system programs, such as ccf layer, core library layer, driving layer etc., for realizing various basic businesses and processing based on hard
The task of part.Application program may include various application programs.
The example that authorization device as access control equipment provided in an embodiment of the present invention uses software and hardware combining to implement, this hair
The authorization device of access control equipment provided by bright embodiment can be embodied directly in the software module group executed by processor 201
It closes, software module can be located in storage medium, and storage medium is located at memory 202, and processor 201 is read in memory 202
The executable instruction that software module includes, in conjunction with necessary hardware (e.g., including processor 201 and be connected to bus 205
Other assemblies) complete the authorization method of access control equipment provided in an embodiment of the present invention.
As an example, processor 201 can be a kind of IC chip, and the processing capacity with signal, for example, it is general
Processor, digital signal processor (DSP, Digital Signal Processor) or other programmable logic device are divided
Vertical door or transistor logic, discrete hardware components etc., wherein general processor can be microprocessor or any normal
The processor etc. of rule.
The example that authorization device as access control equipment provided in an embodiment of the present invention uses hardware to implement, the present invention are implemented
The processor 201 of hardware decoding processor form can be directly used to execute completion in device provided by example, for example, by one
Or multiple application specific integrated circuits (ASIC, Application Specif ic Integrated Circuit), DSP, can
Programmed logic device (PLD, Programmable Logic De vice), Complex Programmable Logic Devices (CPLD, Complex
Programmable Logic Device), field programmable gate array (FPGA, Field-Programmable Gate
Array) or other electronic components execute the authorization method for realizing access control equipment provided in an embodiment of the present invention.
Memory 202 in the embodiment of the present invention is for storing various types of data to support the authorization of access control equipment to fill
Set 20 operation.The example of these data includes: any executable finger for operating on the authorization device 20 of access control equipment
It enables, such as executable instruction realizes that the program of the authorization method of the access control equipment of the embodiment of the present invention may be embodied in executable finger
In order.
The exemplary application and implementation of the device above-mentioned for realizing the embodiment of the present invention will be combined, illustrates to realize of the invention real
The method for applying example.
Fig. 3 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention, referring to Fig. 3, the present invention
The authorization method of access control equipment that embodiment provides includes:
Step 301: access control equipment shows the figure of corresponding access control equipment in response to the authorization requests for access control equipment
Code, graphic code are used to authorize the application program in access control equipment operation access control equipment.
In actual implementation, when running the application program in access control equipment for the first time, no initializtion authorization, and bullet can be prompted
Graphic code out makes the user having permission carry out barcode scanning using barcode scanning equipment.Here, graphic code can for two dimensional code, bar code or its
His identification code.
In some embodiments, access control equipment can obtain simultaneously display diagram shape code in the following way:
In response to being directed to the authorized order of access control equipment, pass through the session connection of the background server with application program, hair
The authorization requests for access control equipment are sent, authorization requests carry the device identification of access control equipment;It receives and shows background server
The graphic code for carrying user and verifying page address of return.
In practical applications, it when user uses access control equipment for the first time, such as by the clicking operation of user, can trigger corresponding
Authorized order, authorized order instruction access control equipment carries out initialization Authorized operation, access control equipment by in access control equipment
The session connection of the background server of application program sends authorization requests to background server, and authorization requests carry gate inhibition and set
Standby device identification, background server receive authorization requests, based on the device identification carried in authorization requests, pass through graphic code
It generates interface and generates the graphic code comprising user's verification page address, and the graphic code of generation is sent to access control equipment,
Access control equipment receives and shows the graphic code that background server returns, when user uses the scanning device with barcode scanning function (such as
Mobile phone) scanning figure shape code when, the current page on terminal device can jump to the corresponding verification page, and then execute user information
Verification.
Step 302: when graphic code obtains the scan operation of terminal device, obtaining the authorization message for being directed to access control equipment.
In practical applications, graphic code carries user and verifies page address, when user is set by terminal device scans gate inhibition
When standby upper graphic code, the current page on terminal device can jump to the corresponding verification page, and user can be on the verification page
User information verification is carried out, if verification passes through, illustrates that the user has the Authorized operation permission for obtaining access control equipment, it can be further
Obtain the authorization message for being directed to access control equipment.
In some embodiments, when graphic code obtains the scan operation of terminal device, access control equipment can pass through such as lower section
Formula obtains the authorization message for being directed to access control equipment:
The user information sent after background server receives terminal device in scanning figure shape code, and to user information school
Test by when, obtain background server send the authorization message.
In actual implementation, when user passes through the graphic code on terminal device scans access control equipment, by graphic code
Parsing obtains the user carried in graphic code and verifies page address, verifies page address based on user and jumps to corresponding verification page
Face, the verification page input user information for user to carry out user information verification.In practical applications, user information can be
The user information of input is sent to background server and carries out user information verification by username and password, terminal device, and backstage takes
Business device matches received user information with the user information prestored, when successful match, illustrates that user information verification is logical
It crosses, background server generates authorization message and authorization message is sent to access control equipment;When matching unsuccessful, illustrate that user believes
Breath verification does not pass through, and background server does not generate authorization message, and the unsanctioned prompt information of back-checking.
In some embodiments, when graphic code obtains the scan operation of terminal device, access control equipment can pass through such as lower section
Formula obtains the authorization message for being directed to access control equipment:
The user information sent after background server receives terminal device in scanning figure shape code verifies user information
By and determine access control equipment be in when licensing status, obtain background server send authorization message.
In actual implementation, the user information of input is sent to background server and carries out user information school by terminal device
It tests, after user information verification passes through, the background server also device identification based on access control equipment judges corresponding access control equipment
Whether authorized.In practical applications, background server can be stored with access control equipment device identification and corresponding licensing status,
When receiving new authorization requests, background server parses authorization requests, obtains the equipment mark of current access control equipment
Know, the licensing status of current access control equipment is inquired based on obtained device identification, when not inquiring corresponding device identification, or looks into
The licensing status for asking the correspondence device identification stored is then to illustrate that current access control equipment is not yet awarded when licensing status
Power, background server can generate corresponding authorization message, and the authorization message of generation is sent currently to access control equipment;Work as inquiry
The licensing status of the correspondence device identification stored be licensing status when, illustrate that current access control equipment has been authorized to, backstage
Server does not regenerate new authorization message, carries out weight using same access control equipment mark in this way, can avoid same vendor equipment
Multiple authorization.
Step 303: being based on authorization message, obtain the corresponding configuration information of application program, and answer based on configuration information operation
Use program.
In practical applications, after entrance guard equipment authorization passes through, it can be obtained and be configured from background server by authorization message
Information, and based on the application program in configuration information operation access control equipment, configuration information includes at least following one: calculating mould
Type, feature database and configuring cipher key.
In some embodiments, authorization message includes authorization token and communication key, and access control equipment can be in the following way
Obtain the corresponding configuration information of application program:
Authorization token is encrypted based on communication key, obtains encrypted authorization token;By with apply journey
The session connection of the background server of sequence sends encrypted authorization token to background server;Background server is received to be based on
Communication key decrypts the configuration information returned after authorized token.
In practical applications, after entrance guard equipment authorization passes through, access control equipment is using the communication key obtained to warrant
Board is encrypted, and encrypted authorization token is sent to background server, and background server is based on communication key to adding
Authorization token after close is decrypted, the authorization token decrypted, and the corresponding configuration information of application program is sent to gate inhibition
Equipment can prevent authorization token from being attacked, obtain or distorting by other people in this way, authorization token is encrypted.
In some embodiments, access control equipment also periodically sends access control equipment and corresponds to the logging request of application program extremely
Background server;The condition responsive information that the instruction that background server returns logins successfully is received, condition responsive information is backstage
Server is based on logging request, sends after updating the logging state of access control equipment.
In practical applications, communicated tokens and communication key are device level, the communicated tokens that distinct device mark obtains
It is different with communication key.In actual implementation, access control equipment, can be periodically to background service after completing initialization authorization
Device sends logging request to inquire logging state, background server based on the device identification in logging request judge whether to receive with
The logging request that the identical other equipment of the device identification of the access control equipment are sent, when determination does not receive and access control equipment
When the logging request that the identical other equipment of device identification are sent, background server updates the logging state of access control equipment, generates
And the state corresponding message that logins successfully of instruction is sent to access control equipment.
When background server determines that receiving the login that the identical other equipment of device identification with the access control equipment are sent asks
When asking, in some embodiments, access control equipment also receives the offline notification message of instruction of background server transmission, notification message
It determines for background server and is sent after receiving the logging request that equipment identical with the device identification of the access control equipment is sent,
That is, background server when receiving the logging request that the equipment with same device identification is sent, will can have before
There is the access control equipment of this same device identification to kick out of offline, in this way, protecting for multiple access control equipments with same device identification
Demonstrate,proving the same time at most can only have an access control equipment authorized, and authorized access control equipment just has in operation access control equipment
The permission of application program, the equipment for also preventing same device manufacturer in this way carry out repeated registration using same device identification and award
Power.
In practical applications, it is authorized successfully when access control equipment initializes, it can be by user information, for example, name, department, photograph
In the typings access control equipment such as piece, the disengaging of user is managed using access control equipment in this way, in some embodiments, door
Can in the following way the disengaging of user be managed by prohibiting equipment:
Acquire the user information of target user;Feature extraction is carried out to the user information of acquisition, obtains marked targeted customer
User characteristics;User characteristics are encrypted, encrypted user characteristics are obtained;By with after the application program
The session connection of platform server sends encrypted user characteristics;Receive background server decrypt to obtain user characteristics and to
The control instruction returned after the verification of family feature, control instruction execute opening operation for access control equipment or remain turned-off shape
State.
In actual implementation, access control equipment acquire target user's information, and target user's information of acquisition can be carried out into
One step feature extraction obtains the user characteristics that can be identified for that user characteristics, and using certain encryption technology to the use extracted
Family feature is encrypted, for example, encrypting using the above-mentioned communication key got to user characteristics, by encrypted use
Family feature is sent to background server, and background server is after receiving encrypted user characteristics, and decryption is used first
Family feature, and the user characteristics that decryption obtains are matched with the user characteristics prestored, when successful match, illustrate that target is used
Family verification passes through, and background server generates the control instruction that verification passes through and is sent to access control equipment, and access control equipment executes unlatching
Operation permits target user and passes through this door;When matching unsuccessful, illustrate that target user's information checking fails, background server
It generates the control instruction of verification failure and is sent to access control equipment, access control equipment saves closed state, does not allow target user logical
Cross this door.
Fig. 4 is the display interface schematic diagram of access control equipment provided in an embodiment of the present invention, referring to fig. 4, when name is Li Si
Target user's Information Authentication when passing through, the prompt of display " Li Si, Men Yikai welcome to enter ", Li Si on access control equipment
Pass through this door.
The embodiment of the present invention is capable of the issuing the configuration information in background server of safety by online scanning figure shape code
Into access control equipment, the security certificate of access control equipment is realized;Authorization token is encrypted, prevents authorization token by him
People's attack is obtained or is distorted;And the authorization token and communication key obtained is device level, and what distinct device mark obtained awards
Token and communication key difference are weighed, prevents the equipment of same device manufacturer from carrying out repeated registration authorization using same device identification.
Continue to be illustrated the authorization method of access control equipment provided in an embodiment of the present invention, is this hair referring to Fig. 5, Fig. 5
The flow diagram of the authorization method for the access control equipment that bright embodiment provides, in conjunction with Fig. 5, gate inhibition provided in an embodiment of the present invention is set
Standby authorization method includes:
Step 501: access control equipment passes through the background service with application program in response to the authorized order for access control equipment
The session connection of device sends the authorization requests of access control equipment to background server.
Here, authorized order instruction access control equipment carries out initialization Authorized operation, and authorization requests carry access control equipment
Device identification.
Step 502: background server generates the graphic code for carrying user and verifying page address based on authorization requests.
Here, background server parses the authorization requests received, obtains the device identification of access control equipment, and be based on gate inhibition
The device identification of equipment generates interface by graphic code and generates the graphic code comprising user's verification page address, graphic code
For authorizing the application program in access control equipment operation access control equipment.
Step 503: the graphic code that background server transmission generates to access control equipment.
Step 504: access control equipment shows the graphic code that background server returns.
Step 505: the graphic code that terminal device scans access control equipment is shown.
Step 506: the verification page is shown on terminal device.
Step 507: after user inputs user information on verifying the page, terminal device sends user information to backstage and takes
Business device.
Step 508: background server receives user information, judges whether user information verification passes through and judge access control equipment
Whether licensing status is in.
In practical applications, background server can distribute administrator to access control equipment, and user, can with administrator's identity logs
To obtain the permission with application program in access control equipment, background server passes through judge whether the user information of input is management
Whether member's identity information passes through to determine that user information verifies;Since authorization message is device level, background server can be based on
The device identification of access control equipment judges the licensing status of corresponding access control equipment, when determining that user information verification passes through and determine
Access control equipment is in when licensing status, executes step 509.
It should be noted that can be awarded without judging whether access control equipment is in when determining that user information verification does not pass through
Power state, background server can not generate authorization message;When determine user information verification pass through but access control equipment be in awarded
When power state, background server does not regenerate new authorization message, is set in this way, can avoid same vendor equipment using same gate inhibition
Standby mark carries out repetitive endowment.
Step 509: background server generates authorization message, and authorization message includes authorization token and communication key.
Step 510: the authorization message that background server transmission generates to access control equipment.
Step 511: access control equipment is based on communication key and encrypts to authorization token, obtains encrypted authorization token.
Step 512: access control equipment sends encrypted authorization by the session connection of the background server with application program
Token is to background server.
Step 513: background server is based on communication key and decrypts authorized token.
Step 514: the corresponding configuration information of background server sending application program.
511- step 514 through the above steps, based on communication key authorization token transmits after being encrypted, and can prevent from awarding
Power token is attacked by other people, obtains or is distorted.
Step 515: access control equipment periodically sends the logging request that access control equipment corresponds to application program.
Step 516: background server judges whether to receive other equipment identical with the device identification of the access control equipment
The logging request of transmission.
In actual implementation, when background server judgement determine have received it is identical as the device identification of the access control equipment
Equipment send logging request when, execute step 517;Here, demand is not, it is emphasized that when determination receives and the gate inhibition
When the logging request that the identical other equipment of the device identification of equipment are sent, background server updates the login shape of access control equipment
State generates and sends the state corresponding message that logins successfully of instruction to access control equipment.
Step 517: background server, which generates, indicates offline notification message.
Step 518: background server, which is sent, indicates offline notification information to access control equipment.
Step 519: access control equipment is offline based on the notification message received.
515- step 519 through the above steps guarantees with for the moment multiple access control equipments with same device identification
Between can only at most have an access control equipment authorized, authorized access control equipment just have operation access control equipment in application program
Permission, also prevent the equipment of same device manufacturer in this way using same device identification and carry out repeated registration authorization.
In the following, will illustrate exemplary application of the embodiment of the present invention in an actual application scenarios.
By taking face access control equipment as an example, the authorization method of access control equipment provided in an embodiment of the present invention is mainly based upon barcode scanning
The mode of authorization carries out initialization authorization, the authorized party of access control equipment provided in an embodiment of the present invention to door access machine background server
Method can be divided into three phases:
1, initialization authorization
Fig. 6 is the flow diagram of the authorization method of access control equipment provided in an embodiment of the present invention, referring to Fig. 6, in reality
When implementation, background server is mainly used for providing the application program in face access control equipment, for example, algorithm SDK, face gate inhibition is set
Algorithm SDK in standby prompts no initializtion when using first time, i.e., when user clicks face access control equipment for the first time, face door
Prohibit equipment and is sent in response to being directed to the clicking operation of access control equipment by the session connection of the background server with application program
For face access control equipment authorization requests to background server, wherein authorization requests carry access control equipment device identification, after
Platform server parses the authorization requests received, obtains the device identification of access control equipment, is generated based on device identification and carries user
The graphic code of page address is verified, and graphic code is returned into face access control equipment, face access control equipment receives and shows backstage
The graphic code that server returns, terminal scan the graphic code of face access control equipment displaying to input on the verification page jumped to
User information.
Here, in practical applications, background server can distribute administrator right to face access control equipment, use for the first time
When face access control equipment, administrator just has the permission of application program in request operation face access control equipment.Pass through end in user
When end equipment scans the graphic code on access control equipment, the current page on terminal device can jump to the corresponding verification page, use
Family can input the user informations such as username and password on the verification page, and user information is sent to background server and is used
Family information checking, background server is by matching the user information received with the administrator information of distribution, to judge
Whether user has administrator right, if the administrator information successful match of the user information of input and distribution, illustrates the use
Family has administrator right, can be performed and operates in next step;Otherwise, illustrate that user does not have administrator right, give a warning prompt.
After determining that user information verification passes through, device identification and manufacturer of the background server also based on face access control equipment
Mark judges whether corresponding face access control equipment authorized.
In practical applications, background server can be stored with access control equipment device identification and corresponding licensing status, In
When receiving new authorization requests, background server parses authorization requests, obtains the equipment mark of current access control equipment
Know, the licensing status of current access control equipment is inquired based on obtained device identification, when not inquiring corresponding device identification, or looks into
The licensing status for asking the relevant device mark stored is then to illustrate that current access control equipment is not yet awarded when licensing status
Power;When the licensing status for the correspondence device identification that inquiry is stored is licensing status, then current access control equipment is illustrated
It is authorized to.
When background server passes through user information verification and determines that face access control equipment in when licensing status, can give birth to
At corresponding authorization message, authorization message includes: authorization token and communication key.
Here, authorization message is sent to face access control equipment by background server, subsequent, and face access control equipment is based on authorization
Token obtains the configuration informations such as computation model, face characteristic and configuring cipher key to background server, and matches confidence based on acquisition
Breath runs application program in face access control equipment.
The authorization token and communication key obtained through aforesaid way is facility level, the authorization that distinct device mark obtains
Token and communication key difference.
2, the communication mechanism of safety is established
After face entrance guard equipment authorization passes through, computation model, face can be pulled from background server by authorization token
The configuration informations such as feature database and configuring cipher key, the communication key that whole network request can be obtained by initialization authorization are encrypted
And signature can prevent authorization token from being attacked, obtain or distorting by other people in this way, authorization token is encrypted.
3, dynamic check equipment state
In practical applications, after face access control equipment completes initialization authorization, face gate inhibition is also periodically sent
Equipment corresponds to the logging request of application program to background server, and background server is judged based on the device identification in logging request
Whether receive the logging request that identical with the device identification of access control equipment other equipment are sent, when determine do not receive with
When the logging request that the identical other equipment of the device identification of access control equipment are sent, background server updates the login of access control equipment
State generates and sends the status message that logins successfully of instruction to access control equipment;When background server determine receive with it is described
When the logging request that the identical equipment of the device identification of access control equipment is sent, that is to say, that background server has receiving
When the logging request that the equipment of same device identification is sent, the access control equipment before with this same device identification can be kicked out of down
Line.
In this way, a door can only be had by guaranteeing the same time at most for multiple access control equipments with same device identification
Taboo equipment is authorized, and authorized access control equipment just has the permission of application program in operation access control equipment, is also prevented from this way
The equipment of same device manufacturer carries out repeated registration authorization using same device identification.
By the above-mentioned means, vendor equipment mark and face access control equipment are identified preparatory typing, by face, gate inhibition is set
The mode of standby online initialization authorization is authenticated, and the face access control equipment after certification just obtains computation model and people by network
Face feature, and by network acquisition process using encryption authentication techniques, it is ensured that accomplish to prevent from stealing, anti-replay, anti-repetition are recognized
Card, and ensure the safety of background server algorithm service therein itself.
Next the authorization device of the access control equipment also provided the embodiment of the present invention is illustrated, in some embodiments
In, the mode that software module can be used in the training device of semantic segmentation model is realized, Fig. 7 is gate inhibition provided in an embodiment of the present invention
The composed structure schematic diagram of the authorization device of equipment, referring to Fig. 7, the authorization device 70 of access control equipment provided in an embodiment of the present invention
Include:
Display unit 71 shows the graphic code of corresponding access control equipment for the authorization requests in response to being directed to access control equipment,
The graphic code is used to authorize the application program in access control equipment operation access control equipment;
Acquiring unit 72 obtains when for obtaining the scan operation of terminal device when graphic code and is directed to the access control equipment
Authorization message;
Running unit 73 obtains the corresponding configuration information of application program, and be based on configuration information for being based on authorization message
Run application program.
In some embodiments, the display unit is also used to the authorized order in response to being directed to the access control equipment, leads to
The session connection with the background server of the application program is crossed, the authorization requests for being directed to the access control equipment are sent, it is described to award
Power request carries the device identification of the access control equipment;
Receive and show the graphic code for carrying user and verifying page address that the background server returns.
In some embodiments, the acquiring unit is also used to receive the terminal device when the background server
The user information sent after scanning the graphic code, and when passing through to user information verification, obtain the background service
The authorization message that device is sent.
In some embodiments, the acquiring unit is also used to receive the terminal device when the background server
The user information sent after scanning the graphic code passes through user information verification and determines that the access control equipment is in
When licensing status, the authorization message that the background server is sent is obtained.
In some embodiments, the authorization message includes authorization token and communication key,
The running unit is also used to that the authorization token is encrypted based on the communication key, is added
Authorization token after close;
By the session connection of the background server with the application program, the encrypted authorization token is sent;
Receive the background server decrypt to obtain based on the communication key return after the authorization token described in match
Confidence breath.
In some embodiments, described device further includes transmission unit,
The transmission unit corresponds to the logging request of the application program extremely for periodically sending the access control equipment
The background server;
The condition responsive information that the instruction that the background server returns logins successfully is received, the condition responsive information is
The background server is based on the logging request, sends after updating the logging state of the access control equipment.
In some embodiments, it is offline to be also used to receive the instruction that the background server is sent for the transmission unit
Notification message, the notification message are that the background server receives equipment identical with the device identification of the access control equipment
It is sent after the logging request of transmission.
In some embodiments, described device further includes acquisition unit,
The acquisition unit, for acquiring the user information of target user;
Feature extraction is carried out to the user information of acquisition, obtains the user characteristics for identifying the target user;
The user characteristics are encrypted, encrypted user characteristics are obtained;
By the session connection of the background server with the application program, the encrypted user characteristics are sent;
It receives the background server and decrypts the control for obtaining the user characteristics and returning to user characteristics calibration
Instruction, the control instruction is for controlling the access control equipment execution opening operation or remaining off.
It need to be noted that: above is referred to the description of device, be with above method description it is similar, with having for method
Beneficial effect description, does not repeat them here, for undisclosed technical detail in described device of the embodiment of the present invention, please refers to present invention side
The description of method embodiment.
The embodiment of the present invention provides a kind of authorization device of access control equipment, comprising:
Memory, for storing executable instruction;
Processor when for executing the executable instruction stored in the memory, realizes that the embodiment of the present invention provides door
Prohibit the authorization method of equipment.
The embodiment of the present invention also provides a kind of storage medium, and the storage medium is stored with executable instruction, for causing
When processor executes, the authorization method of access control equipment provided in an embodiment of the present invention is realized.
In some embodiments, storage medium can be FRAM, ROM, PROM, EPROM, EE PROM, flash memory, magnetic surface
The memories such as memory, CD or CD-ROM;Be also possible to include one of above-mentioned memory or any combination various equipment.
In some embodiments, executable instruction can use program, software, software module, the form of script or code,
By any form of programming language (including compiling or interpretative code, or declaratively or process programming language) write, and its
It can be disposed by arbitrary form, including be deployed as independent program or be deployed as module, component, subroutine or be suitble to
Calculate other units used in environment.
As an example, executable instruction can with but not necessarily correspond to the file in file system, can be stored in
A part of the file of other programs or data is saved, for example, being stored in hypertext markup language (H TML, Hyper Text
Markup Language) in one or more scripts in document, it is stored in the single file for being exclusively used in discussed program
In, alternatively, being stored in multiple coordinated files (for example, the file for storing one or more modules, subprogram or code section).
As an example, executable instruction can be deployed as executing in a calculating equipment, or it is being located at one place
Multiple calculating equipment on execute, or, be distributed in multiple places and by multiple calculating equipment of interconnection of telecommunication network
Upper execution.
The above, only the embodiment of the present invention, are not intended to limit the scope of the present invention.It is all in this hair
Made any modifications, equivalent replacements, and improvements etc. within bright spirit and scope, be all contained in protection scope of the present invention it
It is interior.
Claims (10)
1. a kind of authorization method of access control equipment, which is characterized in that the described method includes:
In response to being directed to the authorization requests of access control equipment, show that the graphic code of the corresponding access control equipment, the graphic code are used for
The access control equipment is authorized to run the application program in the access control equipment;
When the graphic code obtains the scan operation of terminal device, the authorization message for being directed to the access control equipment is obtained;
Based on the authorization message, the corresponding configuration information of the application program is obtained, and institute is run based on the configuration information
State application program.
2. the method as described in claim 1, which is characterized in that the authorization requests in response to being directed to access control equipment are shown
The graphic code of the corresponding access control equipment, comprising:
In response to being directed to the authorized order of the access control equipment, connected by the session of the background server with the application program
It connects, sends the authorization requests for being directed to the access control equipment, the authorization requests carry the device identification of the access control equipment;
Receive and show the graphic code for carrying user and verifying page address that the background server returns.
3. the method as described in claim 1, which is characterized in that the scan operation for obtaining terminal device when the graphic code
When, obtain the authorization message for being directed to the access control equipment, comprising:
When the background server receives the user information that the terminal device is sent after scanning the graphic code, and to institute
User information verification is stated when passing through, obtains the authorization message that the background server is sent.
4. the method as described in claim 1, which is characterized in that the scan operation for obtaining terminal device when the graphic code
When, obtain the authorization message for being directed to the access control equipment, comprising:
When the background server receives the user information that the terminal device is sent after scanning the graphic code, to described
User information verification passes through and determines that the access control equipment is in when licensing status, obtains the institute that the background server is sent
State authorization message.
5. the method as described in claim 1, which is characterized in that the authorization message includes authorization token and communication key, institute
It states based on the authorization message, obtains the corresponding configuration information of the application program, comprising:
The authorization token is encrypted based on the communication key, obtains encrypted authorization token;
By the session connection of the background server with the application program, the encrypted authorization token is sent;
Receive the background server decrypt to obtain based on the communication key return after the authorization token described in confidence
Breath.
6. the method as described in claim 1, which is characterized in that the method also includes:
It periodically sends the access control equipment and corresponds to the logging request of the application program to the background server;
The condition responsive information that the instruction that the background server returns logins successfully is received, the condition responsive information is described
Background server is based on the logging request, sends after updating the logging state of the access control equipment.
7. method as claimed in claim 6, which is characterized in that the method also includes:
The offline notification message of the instruction of the background server transmission is received, the notification message is that the background server connects
It is sent after receiving the logging request that equipment identical with the device identification of the access control equipment is sent.
8. the method as described in claim 1, which is characterized in that the method also includes:
Acquire the user information of target user;
Feature extraction is carried out to the user information of acquisition, obtains the user characteristics for identifying the target user;
The user characteristics are encrypted, encrypted user characteristics are obtained;
By the session connection of the background server with the application program, the encrypted user characteristics are sent;
The background server is received to decrypt to obtain the user characteristics and refer to the control returned after user characteristics verification
It enables, the control instruction is for controlling the access control equipment execution opening operation or remaining off.
9. a kind of authorization device of access control equipment, which is characterized in that described device includes:
Display unit shows the graphic code of the corresponding access control equipment, institute for the authorization requests in response to being directed to access control equipment
Graphic code is stated for authorizing the access control equipment to run the application program in the access control equipment;
Acquiring unit obtains when for obtaining the scan operation of terminal device when the graphic code for the access control equipment
Authorization message;
Running unit obtains the corresponding configuration information of the application program, and match based on described for being based on the authorization message
Confidence breath runs the application program.
10. a kind of authorization device of access control equipment, which is characterized in that described device includes:
Memory, for storing executable instruction;
Processor when for executing the executable instruction stored in the memory, is realized described in any one of claim 1 to 8
The authorization method of access control equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910696326.5A CN110417784B (en) | 2019-07-30 | 2019-07-30 | Authorization method and device of access control equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910696326.5A CN110417784B (en) | 2019-07-30 | 2019-07-30 | Authorization method and device of access control equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110417784A true CN110417784A (en) | 2019-11-05 |
CN110417784B CN110417784B (en) | 2021-10-12 |
Family
ID=68364255
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910696326.5A Active CN110417784B (en) | 2019-07-30 | 2019-07-30 | Authorization method and device of access control equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110417784B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111629012A (en) * | 2020-07-28 | 2020-09-04 | 杭州海康威视数字技术股份有限公司 | Communication method, communication device, access control system, access control equipment and storage medium |
CN112950833A (en) * | 2019-12-11 | 2021-06-11 | 浙江宇视科技有限公司 | Authorization method, device, equipment and storage medium of access control equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103634294A (en) * | 2013-10-31 | 2014-03-12 | 小米科技有限责任公司 | Information verifying method and device |
CN107404382A (en) * | 2016-05-18 | 2017-11-28 | 奥多比公司 | Use the licensable feature of access token control software |
US10218695B1 (en) * | 2018-03-27 | 2019-02-26 | Capital One Services, Llc | Systems and methods for providing credentialless login using a random one-time passcode |
CN109615757A (en) * | 2019-02-27 | 2019-04-12 | 西安艾润物联网技术服务有限责任公司 | Visitor's access control management method, system and storage medium |
-
2019
- 2019-07-30 CN CN201910696326.5A patent/CN110417784B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103634294A (en) * | 2013-10-31 | 2014-03-12 | 小米科技有限责任公司 | Information verifying method and device |
CN107404382A (en) * | 2016-05-18 | 2017-11-28 | 奥多比公司 | Use the licensable feature of access token control software |
US10218695B1 (en) * | 2018-03-27 | 2019-02-26 | Capital One Services, Llc | Systems and methods for providing credentialless login using a random one-time passcode |
CN109615757A (en) * | 2019-02-27 | 2019-04-12 | 西安艾润物联网技术服务有限责任公司 | Visitor's access control management method, system and storage medium |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112950833A (en) * | 2019-12-11 | 2021-06-11 | 浙江宇视科技有限公司 | Authorization method, device, equipment and storage medium of access control equipment |
CN112950833B (en) * | 2019-12-11 | 2022-08-30 | 浙江宇视科技有限公司 | Authorization method, device, equipment and storage medium of access control equipment |
CN111629012A (en) * | 2020-07-28 | 2020-09-04 | 杭州海康威视数字技术股份有限公司 | Communication method, communication device, access control system, access control equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110417784B (en) | 2021-10-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110519062B (en) | Identity authentication method, authentication system and storage medium based on block chain | |
CN104104672B (en) | The method that dynamic authorization code is established in identity-based certification | |
CN103685138B (en) | The authentication method of the Android platform application software that mobile interchange is online and system | |
CN102281286B (en) | Flexible end-point compliance and strong authentication method and system for distributed hybrid enterprises | |
CN104378206B (en) | A kind of virtual desktop safety certifying method and system based on USB Key | |
JP5373997B2 (en) | System and method for using a domain specific security sandbox to facilitate secure transactions | |
CA2591968C (en) | Authentication device and/or method | |
CN108111473B (en) | Unified management method, device and system for hybrid cloud | |
CN108898389A (en) | Based on the content verification method and device of block chain, electronic equipment | |
CN106452772B (en) | Terminal authentication method and device | |
CN108183924A (en) | A kind of login validation method and terminal device | |
US10382954B2 (en) | System and method for providing a service to the user of a mobile terminal | |
CN109245893A (en) | A kind of identity building and endorsement method for substituting U-shield | |
KR20160138063A (en) | Techniques to operate a service with machine generated authentication tokens | |
CN105812350B (en) | Cross-platform single sign-on system | |
CN107124431A (en) | Method for authenticating, device, computer-readable recording medium and right discriminating system | |
CN110149328A (en) | Interface method for authenticating, device, equipment and computer readable storage medium | |
CN110535648A (en) | Electronic certificate is generated and verified and key controlling method, device, system and medium | |
CN110417820A (en) | Processing method, device and the readable storage medium storing program for executing of single-node login system | |
CN110365684A (en) | Access control method, device and the electronic equipment of application cluster | |
CN104104671B (en) | Establish the unified dynamic authorization code system of business entity's account | |
CN107645471A (en) | A kind of method and system for mobile terminal user identity certification | |
CN110401613A (en) | A kind of authentication management method and relevant device | |
CN109831310A (en) | A kind of auth method, system and relevant apparatus | |
CN110417784A (en) | The authorization method and device of access control equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |