CN117251860A - Security control method and device for accessing object, electronic equipment and medium - Google Patents

Security control method and device for accessing object, electronic equipment and medium Download PDF

Info

Publication number
CN117251860A
CN117251860A CN202310772549.1A CN202310772549A CN117251860A CN 117251860 A CN117251860 A CN 117251860A CN 202310772549 A CN202310772549 A CN 202310772549A CN 117251860 A CN117251860 A CN 117251860A
Authority
CN
China
Prior art keywords
information
access
target user
recognition result
feature information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310772549.1A
Other languages
Chinese (zh)
Inventor
董凯迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
CCB Finetech Co Ltd
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202310772549.1A priority Critical patent/CN117251860A/en
Publication of CN117251860A publication Critical patent/CN117251860A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure provides a security control method, a security control device, electronic equipment and a security control medium for accessing an object, which can be applied to the technical field of big data. The method comprises the following steps: in response to receiving feature information for controlling a target user to access an object, determining a recognition result for the feature information, the recognition result including a first recognition result for the first feature information, a second recognition result for the second feature information, and a third recognition result for the third feature information; under the condition that the first identification result representation is not allowed, acquiring first position information and second position information pre-applied by a target user; determining access control information for the target user based on the matching result between the first location information and the second location information, the second recognition result, and the third recognition result; the access control information is returned to the identification device so that the identification device allows the target user to access the object or denies the target user access to the object based on the access control information.

Description

Security control method and device for accessing object, electronic equipment and medium
Technical Field
The disclosure relates to the technical field of big data, in particular to a security control method, a security control device, electronic equipment and a security control medium for accessing an object.
Background
In an access scenario, the access object may be a campus, a building, or the like. In the related art, in order to access a park, a building, or the like, a user and a vehicle generally apply access rights at an access site, and access a target area of an access object through a credential given by a site worker.
However, checking the rights of the user and the vehicle and issuing the certificate at the access site may result in high approval cost, long approval time and poor user access experience. In addition, since the user can enter a campus, a building, or the like through issued credentials, there is also a phenomenon that the user enters a non-access area by mistake.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a security control method, apparatus, electronic device, and medium for accessing an object.
According to a first aspect of the present disclosure, there is provided a security control method for accessing an object, comprising:
determining, in response to receiving feature information for controlling a target user to access an object, a recognition result for the feature information, wherein the recognition result includes a first recognition result for the first feature information, a second recognition result for the second feature information, and a third recognition result for the third feature information;
Under the condition that the first identification result is not allowed to be characterized, acquiring first position information and second position information applied by a target user in advance, wherein the first position information is used for representing the position of identification equipment for acquiring characteristic information;
determining access control information for the target user based on the matching result between the first location information and the second location information, the second recognition result, and the third recognition result; and
the access control information is returned to the identification device so that the identification device allows the target user to access the object or denies the target user access to the object based on the access control information.
According to an embodiment of the present disclosure, wherein determining access control information for a target user based on a result of matching between the first location information and the second location information, the second recognition result, and the third recognition result includes:
under the condition that the first position information is not matched with the second position information, acquiring a right area aiming at the target user, and determining access control information according to a matching result of the first position information and the right area, wherein the second position information is positioned in the right area;
and determining access control information according to the second identification result and the third identification result under the condition that the first position information is matched with the second position information.
According to an embodiment of the present disclosure, determining access control information according to a result of matching the first location information with the rights area includes: in case the first location information matches the rights area,
determining associated terminal equipment and associated information of a target user;
generating a first confirmation credential according to the first location information and the association information;
sending a first confirmation credential to the associated terminal device; and
in response to receiving the second validation credential returned by the identification device, access control information is determined based on a matching relationship of the first validation credential and the second validation credential.
According to an embodiment of the present disclosure, determining access control information according to a result of matching the first location information with the rights area further includes:
and generating access refusal control information under the condition that the first position information is not matched with the authority area information.
According to an embodiment of the disclosure, the first recognition result includes a first recognition degree, and the first recognition result characterizes the permission if the first recognition degree is greater than a first threshold; the second recognition result comprises a second recognition degree, and the second recognition result is characterized as being allowed under the condition that the second recognition degree is larger than a second threshold value; the third recognition result includes a third degree of recognition, and the third recognition result characterizes the permission if the third degree of recognition is greater than a third threshold.
According to an embodiment of the present disclosure, determining the access control information according to the second identification result and the third identification result includes: in case it is determined that the first location information matches the second location information,
acquiring a fourth threshold and a fifth threshold, wherein the fourth threshold is larger than the second threshold, and the fifth threshold is larger than the third threshold;
in the case where the second degree of recognition is greater than the fourth threshold and the third degree of recognition is greater than the fifth threshold, permission access control information is generated.
According to an embodiment of the present disclosure, the first feature information includes: the first sub-feature information, the second sub-feature information and the third sub-feature information are acquired by the identification equipment at different moments;
the method further comprises the steps of:
calculating a first matching degree between the first sub-feature information and fourth feature information, wherein the fourth feature information is acquired when a target user applies for access rights through an applet;
calculating a second matching degree between the second sub-feature information and the fourth feature information;
calculating a third matching degree between the third sub-feature information and the fourth feature information; and
and taking the highest matching degree among the first matching degree, the second matching degree and the third matching degree as the first recognition degree.
According to an embodiment of the present disclosure, before determining the recognition result for the feature information in response to receiving the feature information for controlling the target user to access the object, further includes:
responding to the received application request for accessing the object, and displaying an application page through the applet; and
and generating an application record in response to receiving the characteristic information input through the application page.
According to an embodiment of the present disclosure, after the access control information is returned to the identification device, the method further includes:
receiving image information from the detection device and third position information of the detection device;
identifying a target user in the image information;
determining the authority area and access time of the target user according to the application record of the target user;
and generating warning information according to the authority area, the access time and the third position information.
According to an embodiment of the present disclosure, further comprising:
in case the first recognition result characterizes the permission and both the second recognition result and the third recognition result characterize the non-permission,
determining associated terminal equipment and associated information of a target user;
generating a third confirmation credential according to the first location information and the association information;
Sending a third confirmation credential to the associated terminal device; and
in response to receiving the fourth validation credential returned by the identification device, access control information is determined based on a matching relationship of the third validation credential and the fourth validation credential.
A second aspect of the present disclosure provides a security control apparatus for accessing an object, comprising:
the identification module is used for responding to the received characteristic information for controlling the target user to access the object, and determining an identification result aiming at the characteristic information, wherein the identification result comprises a first identification result aiming at the first characteristic information, a second identification result aiming at the second characteristic information and a third identification result aiming at the third characteristic information;
the position acquisition module is used for acquiring first position information and second position information applied by a target user in advance under the condition that the first identification result is not allowed to be characterized, wherein the first position information is used for representing the position of identification equipment for acquiring the characteristic information;
the control module is used for determining access control information aiming at the target user based on a matching result between the first position information and the second position information, a second identification result and a third identification result; and
And the return module is used for returning the access control information to the identification device so that the identification device allows the target user to access the object or refuses the target user to access the object based on the access control information.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described security control method for accessing the object.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described security control method for accessing an object.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described security control method for accessing an object.
In the embodiment of the disclosure, since the security control access for the access object can be realized by the linkage of the control system and the identification device, and the identification device can be arranged in a plurality of areas of the access object, the security control access can be realized without providing a large number of staff on the site of the access object, the control access cost and the control access time are reduced, and the user access experience is improved. In addition, in the process of realizing control access, the position of the user can be determined in real time and the corresponding control authority is released as the current first position information of the user is compared with the second position information applied by the user, so that the accuracy of safety control and the safety of the whole park can be ensured.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario of a security control method for accessing an object according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a security control method for accessing an object according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow chart of determining access control information from first location information and second location information, according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a flow diagram for determining access control information from a first validation credential and a second validation credential according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart of a security control method for accessing an object in accordance with a particular embodiment of the present disclosure;
FIG. 6 schematically illustrates a system architecture diagram of a security control method for accessing an object according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of a security control apparatus for accessing an object according to an embodiment of the present disclosure; and
fig. 8 schematically illustrates a block diagram of an electronic device adapted for a security control method for accessing an object according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that, the method and apparatus for security control of accessing an object of the present disclosure may be used in technical fields of park management, access control, and the like in the financial field, and may also be used in any field other than the financial field, and the application field of the method and apparatus for security control of accessing an object of the present disclosure is not limited.
In the technical scheme of the disclosure, the related data (such as including but not limited to personal information of a user) are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public welcome is not violated.
For example, the processes of collecting, storing, using, processing, transmitting, providing, disclosing and applying the characteristic information in the present disclosure all conform to the regulations of the relevant laws and regulations, and necessary security measures are taken without violating the public order.
Aiming at the scene that an external visitor accesses a park, the existing access control scheme needs staff and the visitor to the site, and the visitor site applies for access rights and the staff site approves the access rights. After the staff passes the approval, the staff generally gives the visitor special credentials. However, the above scheme has the technical problems of high approval cost, long approval time and poor user access experience. In the park, if security personnel are arranged in a plurality of areas in the park, so that the security personnel can determine whether the visitor has permission to enter the target area according to the certificate security personnel, and the labor cost can be further increased; if no security personnel are arranged, the phenomenon that the visitor mistakenly enters the non-access area exists, so that the park is at safety risk.
Therefore, the access control method of the related technology has the problems of complicated management flow, large potential safety hazard, incapability of determining the identity of the visitor, lack of image data support in traceability and large occupation of human resources.
Embodiments of the present disclosure provide a security control method for accessing an object, including: determining, in response to receiving feature information for controlling a target user to access an object, a recognition result for the feature information, wherein the recognition result includes a first recognition result for the first feature information, a second recognition result for the second feature information, and a third recognition result for the third feature information; under the condition that the first identification result is not allowed to be characterized, acquiring first position information and second position information applied by a target user in advance, wherein the first position information is used for representing the position of identification equipment for acquiring characteristic information; determining access control information for the target user based on the matching result between the first location information and the second location information, the second recognition result, and the third recognition result; the access control information is returned to the identification device so that the identification device allows the target user to access the object or denies the target user access to the object based on the access control information.
Fig. 1 schematically illustrates an application scenario of a security control method for accessing an object according to an embodiment of the present disclosure.
As shown in fig. 1, an application scenario 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, and a server 105. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 through the network 104 using at least one of the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages, etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The first terminal device 101, the second terminal device 102, and the third terminal device 103 may also be various electronic devices that have a display screen and support feature information collection and image acquisition, for example, an intelligent access control device and an intelligent camera device.
The server 105 may be a server providing various services, such as an access system for approving application requests transmitted by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. After the application request is approved, the approval result may be returned to any one of the first terminal device 101, the second terminal device 102, and the third terminal device 103. Alternatively, the server 105 may also receive feature information for controlling the access of the target user to the object, identify the feature information, generate access control information, and then may feed back the access control information to the identifying device.
It should be noted that, the security control method for accessing an object provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the security control apparatus for accessing an object provided by the embodiments of the present disclosure may be generally provided in the server 105. The security control method for accessing an object provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105. Accordingly, the security control apparatus for accessing an object provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105.
For example, an access system is provided in the server 105. The access system determines a recognition result for the feature information in response to receiving the feature information for controlling the target user to access the object, wherein the recognition result comprises a first recognition result for the first feature information, a second recognition result for the second feature information and a third recognition result for the third feature information; under the condition that the first identification result is not allowed to be characterized, acquiring first position information and second position information applied by a target user in advance, wherein the first position information is used for representing the position of identification equipment for acquiring characteristic information; determining access control information for the target user based on the matching result between the first location information and the second location information, the second recognition result, and the third recognition result; and returning the access control information to the identification device so that the identification device allows the target user to access the object or denies the target user access to the object based on the access control information.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The security control method for accessing an object of the disclosed embodiment will be described in detail with reference to fig. 2 to 6 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flow chart of a security control method for accessing an object according to an embodiment of the present disclosure.
As shown in fig. 2, the method 200 includes operations S210 to S240.
In response to receiving the feature information for controlling the target user to access the object, a recognition result for the feature information is determined, wherein the recognition result includes a first recognition result for the first feature information, a second recognition result for the second feature information, and a third recognition result for the third feature information in operation S210.
According to embodiments of the present disclosure, an object may be understood as an object to be accessed by a target user, e.g., a campus, a building, etc. The feature information is used to control access to the object by the target user, e.g., allowing the target user to access the object or denying the user access to the object.
According to an embodiment of the present disclosure, the feature information is used to characterize the target user biometric. The feature information may include feature information of multiple dimensions, for characterizing a multi-dimensional biometric feature of the target user.
According to embodiments of the present disclosure, the characteristic information may be collected by an identification device for controlling access of the target user to the object. Wherein the identification device may be located at a plurality of locations where the object is accessed, such as at a gate of a campus, at gates of a plurality of areas within the campus, at gates of a building within the campus.
According to an embodiment of the present disclosure, the identifying device collects the above feature information if allowed by the user, and transmits the feature information to the access system, and the access system uses the feature information to control whether the user is allowed to access the object. For example, a user may apply access rights through an application or applet before accessing an object, and the access system requests the user to collect feature information in order to control the user's rights to access the object. Feature information is collected and used as the user allows.
According to an embodiment of the present disclosure, the feature information may include feature information of a plurality of dimensions, for example, the feature information includes first feature information, second feature information, and third feature information. And generating a corresponding identification result aiming at the characteristic information of each dimension. For example, the recognition results include a first recognition result for the first feature information, a second recognition result for the second feature information, and a third recognition result for the third feature information.
According to the embodiment of the disclosure, the first recognition result, the second recognition result and the third recognition result are only used as recognition results of feature dimensions corresponding to the first recognition result, the second recognition result or the third recognition result, and in the case that only one recognition result is allowed in the first recognition result, the second recognition result or the third recognition result, other verification means are needed to determine whether the target user is allowed to access the object or not.
In operation S220, under the condition that the first identification result is not allowed to be characterized, acquiring first location information and second location information applied in advance by the target user, wherein the first location information is used for characterizing the location of the identification device for acquiring the feature information.
According to embodiments of the present disclosure, there are different recognition priorities between feature information of multiple dimensions. In the process of generating access control information for controlling the target user to access the object, the recognition result is judged based on the above-described recognition priority.
For example, the first feature information is higher in recognition priority than the second feature information and the third feature information. And judging the first recognition result according to the first recognition result, the second recognition result and the third recognition result.
According to the embodiment of the disclosure, since the identification device can be arranged in a plurality of areas in the access object, and the user controls the access rights of different areas, when the first identification result representation of the first characteristic information returned by the identification device is not allowed, different access control strategies need to be determined according to the first position information of the identification device and the second position information applied by the target user so as to generate different access control results.
According to the embodiment of the disclosure, the second location information is the location information of the access area applied in advance by the target user.
For example, the target user applies the day before visiting the campus, the access area being the A1 area of the campus a. Park a comprises a plurality of areas, each of the gates of which is equipped with an identification device. When a user enters a park A and reaches an A1 area of the park A, the first position information and the second position information are both the position information of the A1 area; when the user enters the park a and reaches the A2 area of the park a, the first position information is the position information of the A2 area, and the second position information is the position information of the A1 area.
According to embodiments of the present disclosure, accessing an object may involve multiple functional areas inside, the multiple functional areas having multiple access rights. After the user passes through the gate of the access object, the access system can accurately control the target user to enter the access area of the application and refuse to enter the non-access area.
In operation S230, access control information for the target user is determined based on the matching result between the first location information and the second location information, the second recognition result, and the third recognition result.
According to an embodiment of the present disclosure, a result of the matching between the first location information and the second location information is used to characterize whether the target user is currently in the pre-applied access area.
For example, matching the first location information with the second location information characterizes that the target user is currently at an access area with a pre-application; the first location information and the second location information not being matched characterizes that the current location of the target user is not a pre-applied access area.
According to an embodiment of the present disclosure, in a case where the first recognition result is not allowed to be characterized, it may be further determined whether to generate the access control area using the second recognition result and the third recognition result, and whether to generate access control information allowing the target user to access the object or denying the target user to access the object, based on a result of the matching between the first location information and the second location information.
For example, the access control information includes permission access control information and denial of access control information for characterizing access control information that permits the target user to access the object and denies access to the object by the target user, respectively.
In operation S240, the access control information is returned to the identification device so that the identification device allows the target user to access the object or denies the target user access to the object based on the access control information.
According to an embodiment of the present disclosure, the access system returns the access control information to the identification device after generating the access control information. The identification device can open or not open access based on the access control information to allow or deny access to the object by the target user.
For example, the identification device may be a smart door control device that may be used to collect the characteristic information and send the characteristic information to the access system. The gate can be developed or closed according to the access control information fed back by the access system.
In the embodiment of the disclosure, since the security control access for the access object can be realized by the linkage of the control system and the identification device, and the identification device can be arranged in a plurality of areas of the access object, the security control access can be realized without providing a large number of staff on the site of the access object, the control access cost and the control access time are reduced, and the user access experience is improved. In addition, in the process of realizing control access, the position of the user can be determined in real time and the corresponding control authority is released as the current first position information of the user is compared with the second position information applied by the user, so that the accuracy of safety control and the safety of the whole park can be ensured.
According to an embodiment of the present disclosure, for operation S230, determining access control information for a target user based on a matching result between the first location information and the second location information, the second recognition result, and the third recognition result includes: determining at least one access control strategy according to a matching result between the first position information and the second position information; determining whether a second identification result and a third identification result need to be acquired based on at least one access control policy; and under the condition that the second identification result and the third identification result need to be acquired, determining the access control information according to the second identification result and the third identification result.
Fig. 3 schematically illustrates a flowchart of determining access control information from first location information and second location information according to an embodiment of the present disclosure.
As shown in fig. 3, the flowchart 300 of determining access control information according to the first location information and the second location information of this embodiment includes operations S331 to S332, which may be a specific embodiment of operation S230.
In operation S331, in case that it is determined that the first location information does not match the second location information, the authority area for the target user is acquired, and access control information is determined according to the result of matching the first location information with the authority area, wherein the second location information is located in the authority area.
According to the embodiment of the disclosure, the fact that the first location information and the second location information are not matched characterizes that the area where the target user is currently located is not an access area, and therefore whether the area where the target user is currently located is a right area or not needs to be determined according to the first location information of the target user.
For example, the access object may be campus a, which includes region a, region B, and region C; the area A comprises an A building and a B building, and each building comprises a plurality of floors. When the target user applies to access building 2 of the building A, but at the same time, the target user has permission to enter the area A, A building, namely the permission area comprises the area A, A building and building 2 of the building A, and the second position information is building 2 of the building A.
Thereby, the second location information is applied in advance for the authority area of the target user.
According to the embodiment of the disclosure, since a plurality of identification devices can be set in the access object, in order to avoid intercepting the target user outside the authority area, such as the area a, in the case that the area where the target user is currently located is not the access area, the access control information can be determined by acquiring the authority area for the target user and according to the matching result of the first location information and the authority area.
In operation S332, in case it is determined that the first location information matches the second location information, access control information is determined according to the second recognition result and the third recognition result.
According to an embodiment of the present disclosure, matching the first location information with the second location information characterizes that the area where the target user is currently located is not an access area. And acquiring a second identification result and a third identification result under the condition that the first position information is matched with the second position information because the first identification result is not allowed to be characterized, and determining access control information based on the second identification result and the third identification result.
In the embodiment of the disclosure, under the condition that the first position information is not matched with the second position information, by introducing the authority area aiming at the target user and comparing the authority area with the first position information, the target user can be prevented from being intercepted outside the authority area by mistake, the target user can not access the non-authority area, and the safety of the access object can be ensured while the user experience is improved. In addition, under the condition that the first position information is matched with the second position information, the access control information is determined according to the second identification result and the third identification result, so that error identification caused by characteristic information acquisition operation errors or other errors can be avoided, and the safety of an access object can be ensured while the user experience is improved through the second identification result and the third identification result.
Fig. 4 schematically illustrates a flow diagram for determining access control information from a first validation credential and a second validation credential according to an embodiment of the disclosure.
As shown in fig. 4, the flowchart of the embodiment for determining the access control information 400 according to the first confirmation credential and the second confirmation credential includes operations S4321 to S4324, which may be a specific embodiment of operation S332.
In operation S4321, the associated terminal device and the associated information of the target user are determined.
According to embodiments of the present disclosure, the associated terminal device may be a mobile terminal device associated with the target user, e.g., a cell phone.
According to an embodiment of the present disclosure, the target user may log in the applet in advance through the associated terminal device in order to apply for the access area, i.e., the second location information. The target user may also log in the applet in advance through other terminal devices than the associated terminal device in order to apply for access to the area.
According to an embodiment of the present disclosure, the associated information includes a plurality of information filled in when the user applies to access the area. For example, the association information includes access time, identity information of the target user.
In operation S4322, a first validation credential is generated based on the first location information and the association information.
According to the embodiment of the disclosure, the first location information is matched with the authority area to represent that the area where the target user is currently located is the authority area and is not an access area, so that the first confirmation credential can be generated by combining the current first location information of the user and the associated information.
According to the embodiment of the disclosure, since the first validation voucher includes the first location information of the target user and the associated information of the target user, the access right of the current location is purposefully opened or not opened to the user through the first validation voucher generated in real time, so that the security of each area in the access object is ensured.
According to embodiments of the present disclosure, the first validation credential may be in the form of a validation code, or a string of characters. The first location information, the access time and the identity information of the target user may be combined according to a preset combination rule to obtain a confirmation code or a character string.
The first confirmation credential is sent to the associated terminal device in operation S4323.
According to an embodiment of the present disclosure, after generating the first confirmation credential, the first confirmation credential is sent by the guest system to the associated terminal device of the target user so that the target user presents the first confirmation credential to the identification device through the associated terminal device.
In response to receiving the second validation credential returned by the identification device, access control information is determined in accordance with the matching relationship of the first validation credential and the second validation credential in operation S4324.
In accordance with an embodiment of the present disclosure, in response to detecting the second validation credential, the identification device returns the second validation credential to the access system. In response to receiving the second validation credential returned by the identification device, the access system determines access control information based on a matching relationship of the first validation credential and the second validation credential.
According to the embodiment of the disclosure, the access system can store the first confirmation certificate in the form of a picture, and the second confirmation certificate returned by the identification device is also the picture. The access system does not need to analyze the second confirmation certificate according to a preset combination rule, and can determine the matching relationship of the first confirmation certificate and the second confirmation certificate by comparing the pictures of the first confirmation certificate and the second confirmation certificate.
According to another embodiment of the disclosure, the access system may further parse the second validation credential according to a preset combination rule to obtain parsed data; and then comparing the analysis data with the first confirmation certificate to obtain the matching relation.
According to an embodiment of the present disclosure, in case the first validation credential and the second validation credential match, permission access control information is generated; in the event that the first validation credential and the second validation credential do not match, denial of access control information is generated.
The embodiment of the disclosure introduces a confirmation credential, and ensures the security of the access object by adding the confirmation credential in the case that the first identification result is not allowed and the current first position information of the target user is the authority area.
According to an embodiment of the present disclosure, access denied control information is generated in case the first location information does not match the rights area information.
According to an embodiment of the disclosure, the first recognition result includes a first recognition degree, and the first recognition result characterizes the permission if the first recognition degree is greater than a first threshold; the second recognition result comprises a second recognition degree, and the second recognition result is characterized as being allowed under the condition that the second recognition degree is larger than a second threshold value; the third recognition result includes a third degree of recognition, and the third recognition result characterizes the permission if the third degree of recognition is greater than a third threshold.
According to an embodiment of the disclosure, the first recognition degree may represent a similarity between first feature information and fourth feature information, wherein the first feature information is collected by the recognition device, and the fourth feature information is collected when the target user applies for access rights in advance. The first feature information and the fourth feature information are used for describing feature information of the same dimension.
The second degree of identification may characterize a similarity of second feature information collected by the identification device with fifth feature information collected when the target user previously applied for access rights. The second feature information and the fifth feature information are used to describe feature information of the same dimension.
The third recognition degree may represent a similarity between third feature information and sixth feature information, where the third feature information is collected by the recognition device, and the sixth feature information is collected when the target user applies for access rights in advance. The third feature information and the sixth feature information are used to describe feature information of the same dimension.
According to an embodiment of the present disclosure, the first degree of recognition, the second degree of recognition, and the third degree of recognition may be determined by at least one similarity calculation model. The first, second, and third thresholds may be determined based on the accuracy of the similarity calculation model. The first threshold value, the second threshold value, and the third threshold value may be the same or different.
According to an embodiment of the present disclosure, determining access control information according to the second recognition result and the third recognition result includes: under the condition that the first position information is matched with the second position information, a fourth threshold value and a fifth threshold value are obtained, wherein the fourth threshold value is larger than the second threshold value, and the fifth threshold value is larger than the third threshold value; in the case where the second degree of recognition is greater than the fourth threshold and the third degree of recognition is greater than the fifth threshold, permission access control information is generated.
According to the embodiment of the disclosure, the matching of the first location information and the second location information characterizes that the current user is currently in the access area, and whether the current user is a target user needs to be determined according to the second identification result and the third identification result.
According to the embodiment of the disclosure, since the first recognition result characterization does not allow the target user to access the object, the determination threshold values of the second recognition degree and the third recognition degree are set when the second recognition result characterization is allowed and the third recognition result characterization is allowed.
For example, the determination threshold value of the second degree of recognition is determined as the fourth threshold value, and the determination threshold value of the third degree of recognition is determined as the fifth threshold value. The fourth threshold is greater than the second threshold and the fifth threshold is greater than the third threshold.
According to an embodiment of the present disclosure, the fourth threshold value may be the same as the fifth threshold value or may be different from the first threshold value; the fourth threshold may be the same as or different from the third threshold; the fifth threshold may be the same as the second threshold or may be different from the second threshold.
In the embodiment of the disclosure, since the fourth threshold is greater than the second threshold and the fifth threshold is greater than the third threshold, when the second recognition result characterization is allowed and the third recognition result characterization is allowed, the judgment threshold is improved, whether the current user is a target user can be more accurately determined, and the safety of the park is ensured.
According to an embodiment of the present disclosure, the access denial control information is generated in a case where the second recognition degree is equal to or smaller than a fourth threshold value and/or the third recognition degree is equal to or smaller than a fifth threshold value.
According to the embodiment of the disclosure, under the condition that the first recognition result is allowed to be characterized and the second recognition result and the third recognition result are not allowed to be characterized, determining associated terminal equipment and associated information of the target user; generating a third confirmation credential according to the first location information and the association information; sending a third confirmation credential to the associated terminal device; and in response to receiving the fourth validation credential returned by the identification device, determining access control information based on a matching relationship of the third validation credential and the fourth validation credential.
According to the embodiment of the disclosure, in the case that the first recognition result is allowed to be characterized and the second recognition result and the third recognition result are not allowed to be characterized, since whether the current user is the target user cannot be accurately determined only by the first recognition result, the current user can be verified again by generating the confirmation credential.
According to the embodiment of the present disclosure, the generation operation of the third validation token is similar to the generation operation of the first validation token, the acquisition operation of the fourth validation token is similar to the acquisition operation of the second validation token, and the description thereof will be omitted. The matching operation between the third validation script and the fourth validation script is similar to the matching operation between the first validation script and the second validation script, and will not be described in detail herein.
According to an embodiment of the present disclosure, in a case where the first recognition result characterizes the permission and the second recognition result or the third recognition result characterizes the permission, permission access control information is generated and returned to the recognition device.
According to the embodiment of the disclosure, under the condition that the first recognition result is allowed but the second recognition result and the third recognition result are not allowed, the second confirmation is performed by generating the third confirmation certificate, so that the recognition accuracy and the park safety are ensured.
Fig. 5 schematically illustrates a flow chart of a security control method for accessing an object according to a specific embodiment of the present disclosure.
As shown in fig. 5, the flowchart 500 includes operations S501 to S520.
In operation S501, a first recognition result for the first feature information is determined.
In operation S502, whether the first recognition result allows access. Specifically, in the case where the first recognition result allows access, the operation S512 is entered; in the case where the first recognition result does not allow access, operation S503 is entered.
In operation S503, first location information and second location information are acquired. Specifically, the first location information characterizes a location of an identification device that collects feature information, and the second location information characterizes an access area that is pre-applied by a target user.
In operation S504, whether the first location information and the second location information match. Specifically, in the case where the first position information and the second position information match, operation S519 is entered; in the case where the first position information and the second position information do not match, operation S505 is entered.
In operation S505, a right area for a target user is acquired.
In operation S506, whether the first location information and the rights area match. Specifically, in the case where the first location information and the authority area match, operation S507 is entered; in case that the first location information and the authority area do not match, operation S511 is entered.
In operation S507, a first validation credential is generated and sent.
In operation S508, a second validation credential is received.
In operation S509, whether the first validation credential and the second validation credential match. Specifically, in case that the first validation credential and the second validation credential match, operation S510 is entered; in case that the first validation voucher and the second validation voucher do not match, operation S511 is entered.
In operation S510, permission access control information is generated.
In operation S511, access rejection control information is generated.
In operation S512, the second recognition result indicates whether access is allowed. Specifically, in the case where the second recognition result allows access, the operation S517 is entered; in the case where the second recognition result does not allow access, operation S513 is entered.
In operation S513, the third recognition result indicates whether access is allowed. Specifically, in the case where the third recognition result allows access, operation S517 is entered; in the case where the third recognition result does not allow access, operation S514 is entered.
In operation S514, a third validation credential is generated and sent.
In operation S515, a fourth validation credential is received.
In operation S516, whether the third validation credential and the fourth validation credential match. Specifically, in the case where the third validation credential and the fourth validation credential match, operation S517 is entered; in case the third validation credential and the fourth validation credential do not match, operation S518 is entered.
In operation S517, permission access control information is generated.
In operation S518, access denied control information is generated.
In operation S519, a fourth threshold value and a fifth threshold value are acquired.
In operation S520, whether the second recognition degree is greater than the fourth threshold value and whether the third recognition degree is greater than the fifth threshold value. Specifically, in the case where the second recognition degree is greater than the fourth threshold value and the third recognition degree is greater than the fifth threshold value, operation S510 is entered; if the second recognition level is equal to or lower than the fourth threshold value and/or the third recognition level is equal to or lower than the fifth threshold value, the operation proceeds to operation S511.
According to an embodiment of the present disclosure, the first characteristic information includes: the first sub-feature information, the second sub-feature information and the third sub-feature information are collected by the identification device at different times. The method further comprises the following steps: calculating a first matching degree between the first sub-feature information and fourth feature information, wherein the fourth feature information is acquired when a target user applies for access rights through an applet; calculating a second matching degree between the second sub-feature information and the fourth feature information; calculating a third matching degree between the third sub-feature information and the fourth feature information; and taking the highest matching degree among the first matching degree, the second matching degree and the third matching degree as the first recognition degree.
According to an embodiment of the present disclosure, the first sub-feature information, the second sub-feature information, the third sub-feature information, and the fourth feature information are used to describe feature information of a same dimension, and the first sub-feature information, the second sub-feature information, the third sub-feature information, and the fourth feature information are different at a collection time. The fourth characteristic information is collected when the target user applies for the access area in advance, and the first sub-characteristic information, the second sub-characteristic information and the third sub-characteristic information are collected by the identification equipment at different moments when the target user arrives at the identification equipment.
For example, for feature a used to characterize the user identity information, the fourth feature information may be feature a collected by the associated terminal device or other terminal device when the target user applies for access the day before access. The first sub-feature information, the second sub-feature information and the third sub-feature information may be features a acquired by the identification device at successive moments when the target user arrives at the identification device. If the characteristic A is acquired for 3 times within 3 seconds, the first sub-characteristic information, the second sub-characteristic information and the third sub-characteristic information are obtained.
According to the embodiment of the disclosure, the shapes of different target users, such as heights, proportions and the like, are different, and the acquisition accuracy of the identification equipment under different angles is different, so that the first sub-feature information, the second sub-feature information and the third sub-feature information can be obtained by acquiring the same feature for multiple times. And comparing the first sub-feature information, the second sub-feature information and the third sub-feature information with the fourth feature information respectively to obtain a first matching degree, a second matching degree and a third matching degree, and taking the highest matching degree as a first recognition degree.
In the embodiment of the disclosure, the low recognition accuracy caused by the problem of the acquisition equipment can be avoided by acquiring the same characteristic for a plurality of times and taking the highest matching degree as the first recognition degree.
According to an embodiment of the present disclosure, before determining the recognition result for the feature information in response to receiving the feature information for controlling the target user to access the object, further includes: responding to the received application request for accessing the object, and displaying an application page through the applet; and generating an application record in response to receiving the feature information input through the application page.
According to embodiments of the present disclosure, a target user may apply access rights to an access area to an access system through an applet before accessing an object.
According to the embodiment of the disclosure, the access system receives an application request for accessing the object, and the application page is displayed through the applet. The application page comprises a plurality of configuration boxes, so that a target user inputs application data and feature information through the configuration boxes, or selects the application data and the feature information through the configuration boxes.
For example, the target user may input the identity information of the target user, the associated terminal device, the access area, and the access time through the application page.
According to the embodiment of the disclosure, the target user may also enter feature information of multiple dimensions through the application page, for example, fourth feature information belonging to the same dimension as the first feature information, fifth feature information belonging to the same dimension as the second feature information, and sixth feature information belonging to the same dimension as the third feature information.
According to an embodiment of the present disclosure, an application record is generated in response to receiving feature information input through an application page. The application record comprises the application data and the characteristic information.
According to the embodiment of the disclosure, after the application record is generated, the access system may send the application record to an approval platform or a terminal device of an approver so as to approve the application record of the target user.
According to the embodiment of the disclosure, in the case that the result of approval for the application record is passing, the application record may be stored in the access system.
According to the embodiment of the disclosure, in the case that the result of approval for the application record is passing, the application record may also be sent to a plurality of devices controlled by the access system, for example, a plurality of identification devices, a plurality of detection devices, and the like.
According to an embodiment of the present disclosure, after the access control information is returned to the identification device, further comprising: receiving image information from the detection device and third position information of the detection device; identifying a target user in the image information; determining the authority area and access time of the target user according to the application record of the target user; and generating warning information according to the authority area, the access time and the third position information.
According to the embodiment of the disclosure, the detection device may be arranged in an object to be accessed by the target user, for example, a plurality of monitoring cameras are arranged in a park.
According to the embodiment of the disclosure, the detection device may feed back the image information acquired in real time and the third position information of the detection device to the access system. The access system receives the image information from the detection device and the third location information of the detection device, and identifies at least one target user in the image information. In the case that at least one target user is identified, it is determined for each target user whether each target user is located in a non-authority area.
According to the embodiment of the disclosure, for each target user, the authority area and access time of each target user are determined according to the application record of each target user. Multiple ones
And then, generating warning information according to the authority area, the access time and the third position information.
According to an embodiment of the present disclosure, in case the third location information does not match the rights area, the first warning information is generated. The access system may send the first warning message to the terminal device of the administrator, so as to inform the administrator whether the authorized person enters the area characterized by the third location information.
According to an embodiment of the present disclosure, the second warning information is generated in a case where the third location information matches the authority area and the current time is not within the above access time. The access system may send a first warning message to the terminal device of the administrator and the associated terminal device of the target user to inform the administrator and the target user that the access time has timed out. And when the target user receives the second warning information representing the overtime of the access time, the target user can continue to apply for prolonging the access time through the applet.
According to an embodiment of the present disclosure, in the case where the third location information matches the authority area and the current time is within the above access time, no warning information is generated.
In the embodiment of the disclosure, after the target user enters the object to be accessed, the detection device can determine the position of the user in real time, and generate warning information in a non-authority area so as to ensure the safety of the park.
Fig. 6 schematically illustrates a system architecture diagram of a security control method for accessing an object according to an embodiment of the present disclosure.
As shown in fig. 6, a system architecture diagram 600 of a security control method for accessing an object includes an applet 601, an access system 602, an associated terminal device 603, a detection device 604, and an identification device 605.
The target user can log in the applet 601 through the other terminal device and send an application request for applying for access to the object to be accessed to the access system 602 through the applet 601. Alternatively, the target user may log in the applet 601 through the associated terminal device 603 and send an application request for applying for access to the object to be accessed to the access system 602 through the applet 601.
The access system 602 is used for displaying an application page to a target user through the applet 601 after receiving the application request from the applet 601; and generating an application record in response to receiving the feature information input through the application page. The access system 602 may send the application records to the detection device 604 and the identification device 605.
After the target user arrives at the identification device 605, the identification device 605 may collect feature information for controlling the target user to access the object and send the feature information to the access system 602. The access system 602 generates access control information based on the above-described security control method for accessing the object and transmits the access control information to the identification device 605, which allows the target user to access the object or denies the target user to access the object based on the access control information.
In generating the access control information, the access system 602 may send the first confirmation credential or the third confirmation credential to the associated terminal device 603. The identification device 605 may also send a second validation credential or a fourth validation credential to the access system 602.
According to embodiments of the present disclosure, after entering an object, such as a campus, the detection device 604 may image information and send the image information and third location information to the access system 602.
The security access control method based on the biological feature recognition can realize the security access management of the unattended park, and can realize the access warning of unauthorized personnel in key areas, thereby greatly saving manpower and material resources and being convenient for the visitor management and statistics of the park.
The method and the system provide a new thought for the safety access management of the visitors in the park, save manpower and material resources in the park, quickly discover and solve the problem that abnormal personnel appear in key areas, and greatly improve the experience of the visitors entering the park.
Fig. 7 schematically illustrates a block diagram of a security control apparatus for accessing an object according to an embodiment of the present disclosure.
As shown in fig. 7, the security control apparatus 700 for accessing an object of this embodiment includes an identification module 710, a location acquisition module 720, a control module 730, and a return module 740.
And a recognition module 710 for determining a recognition result for the feature information in response to receiving the feature information for controlling the target user to access the object, wherein the recognition result includes a first recognition result for the first feature information, a second recognition result for the second feature information, and a third recognition result for the third feature information. In an embodiment, the identification module 710 may be configured to perform the operation S210 described above, which is not described herein.
The location obtaining module 720 is configured to obtain, if the first identification result is not allowed to be characterized, first location information and second location information applied in advance by the target user, where the first location information is used to characterize a location of the identification device that collects the feature information. In an embodiment, the location obtaining module 720 may be configured to perform the operation S220 described above, which is not described herein.
And a control module 730 for determining access control information for the target user based on the matching result between the first location information and the second location information, the second recognition result, and the third recognition result. In an embodiment, the control module 730 may be configured to perform the operation S230 described above, which is not described herein.
A return module 740 for returning the access control information to the identification device so that the identification device allows the target user to access the object or denies the target user access to the object based on the access control information. In an embodiment, the return module 740 may be configured to perform the operation S240 described above, which is not described herein.
According to an embodiment of the present disclosure, the control module 730 includes a first determination submodule and a second determination submodule.
The first determination submodule is used for acquiring the authority area aiming at the target user under the condition that the first position information is not matched with the second position information, and determining access control information according to the matching result of the first position information and the authority area, wherein the second position information is positioned in the authority area. In an embodiment, the first determining sub-module may be used to perform the operation S331 described above, which is not described herein.
The second determining submodule is used for determining access control information according to the second identification result and the third identification result under the condition that the first position information is matched with the second position information. In an embodiment, the second determining sub-module may be used to perform the operation S332 described above, which is not described herein.
According to an embodiment of the present disclosure, in case the first location information matches the rights area, the first determination submodule includes a first determination unit, a first generation unit, a transmission unit, and a second determination unit.
The first determining unit is used for determining the associated terminal equipment and the associated information of the target user. In an embodiment, the first determining unit may be configured to perform the operation S4321 described above, which is not described herein.
The first generation unit is used for generating a first confirmation certificate according to the first position information and the association information. In an embodiment, the first generating unit may be configured to perform the operation S4322 described above, which is not described herein.
The sending unit is used for sending the first confirmation certificate to the associated terminal equipment. In an embodiment, the sending unit may be configured to perform the operation S4323 described above, which is not described herein.
The second determining unit is used for determining the access control information according to the matching relation between the first confirmation credential and the second confirmation credential in response to receiving the second confirmation credential returned by the identification device. In an embodiment, the second determining unit may be configured to perform the operation S4324 described above, which is not described herein.
According to an embodiment of the present disclosure, in case the first location information does not match the rights area information, the first determination submodule further comprises a second generating unit for generating access refusal control information.
According to an embodiment of the disclosure, the first recognition result includes a first recognition degree, and the first recognition result characterizes the permission if the first recognition degree is greater than a first threshold; the second recognition result comprises a second recognition degree, and the second recognition result is characterized as being allowed under the condition that the second recognition degree is larger than a second threshold value; the third recognition result includes a third degree of recognition, and the third recognition result characterizes the permission if the third degree of recognition is greater than a third threshold.
According to an embodiment of the present disclosure, the second determination submodule includes a first acquisition unit and a third generation unit.
The first acquisition unit is used for acquiring a fourth threshold value and a fifth threshold value, wherein the fourth threshold value is larger than the second threshold value, and the fifth threshold value is larger than the third threshold value.
The third generation unit is configured to generate the access permission control information in a case where the second recognition degree is greater than the fourth threshold value and the third recognition degree is greater than the fifth threshold value.
According to an embodiment of the present disclosure, the first characteristic information includes: the first sub-feature information, the second sub-feature information and the third sub-feature information are collected by the identification device at different times.
According to an embodiment of the present disclosure, the security control apparatus 700 for accessing an object includes a first calculation module, a second calculation module, a third calculation module, and an identification degree determination module.
The first computing module is used for computing a first matching degree between the first sub-feature information and fourth feature information, wherein the fourth feature information is obtained when a target user applies for access rights through an applet.
The second calculating module is used for calculating a second matching degree between the second sub-feature information and the fourth feature information.
The third computing module is used for computing a third matching degree between the third sub-feature information and the fourth feature information.
The recognition degree determining module is used for taking the highest matching degree among the first matching degree, the second matching degree and the third matching degree as the first recognition degree.
According to an embodiment of the present disclosure, the security control apparatus 700 for accessing an object further includes a presentation module and a record generation module.
The display module is used for responding to the application request for accessing the object and displaying the application page through the applet.
The record generation module is used for generating an application record in response to receiving the characteristic information input through the application page.
According to an embodiment of the present disclosure, the security control apparatus 700 for accessing an object further includes a receiving module, a user identification module, a first determining module, and a first generating module.
And the receiving module is used for receiving the image information from the detection device and the third position information of the detection device.
And the user identification module is used for identifying the target user in the image information.
And the first determining module is used for determining the authority area and the access time of the target user according to the application record of the target user.
The first generation module is used for generating warning information according to the authority area, the access time and the third position information.
According to an embodiment of the present disclosure, the security control apparatus 700 for accessing an object further includes a second determination module, a second generation module, a transmission module, and a third determination module.
And the second determining module is used for determining the associated terminal equipment and the associated information of the target user.
And the second generation module is used for generating a third confirmation credential according to the first position information and the association information.
And the sending module is used for sending the third confirmation certificate to the associated terminal equipment.
And the third determining module is used for determining the access control information according to the matching relation between the third confirmation credential and the fourth confirmation credential in response to receiving the fourth confirmation credential returned by the identification device.
Any of the plurality of modules of the identification module 710, the location acquisition module 720, the control module 730, and the return module 740 may be combined in one module to be implemented, or any of the plurality of modules may be split into a plurality of modules, according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module.
At least one of the identification module 710, the location acquisition module 720, the control module 730, and the return module 740 may be implemented, at least in part, as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or as hardware or firmware in any other reasonable manner of integrating or packaging circuitry, or as any one of or a suitable combination of three of software, hardware, and firmware, in accordance with embodiments of the present disclosure. Alternatively, at least one of the identification module 710, the location acquisition module 720, the control module 730, and the return module 740 may be at least partially implemented as a computer program module which, when executed, may perform the corresponding functions.
Fig. 8 schematically illustrates a block diagram of an electronic device adapted for a security control method for accessing an object according to an embodiment of the present disclosure.
As shown in fig. 8, an electronic device 800 according to an embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 801 may also include on-board memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the disclosure.
In the RAM 803, various programs and data required for the operation of the electronic device 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 802 and/or the RAM 803. Note that the program may be stored in one or more memories other than the ROM 802 and the RAM 803. The processor 801 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 800 may also include an input/output (I/O) interface 805, the input/output (I/O) interface 805 also being connected to the bus 804. The electronic device 800 may also include one or more of the following components connected to the input/output I/O interface 805: an input portion 806 including a keyboard, mouse, etc.; an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 808 including a hard disk or the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. The drive 810 is also connected to the I/O interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 802 and/or RAM 803 and/or one or more memories other than ROM 802 and RAM 803 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to perform the methods provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, and/or from a removable medium 811 via a communication portion 809. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 809, and/or installed from the removable media 811. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
While the foregoing is directed to embodiments of the present disclosure, other and further details of the invention may be had by the present application, it is to be understood that the foregoing description is merely exemplary of the present disclosure and that no limitations are intended to the scope of the disclosure, except insofar as modifications, equivalents, improvements or modifications may be made without departing from the spirit and principles of the present disclosure.

Claims (14)

1. A security control method for accessing an object, comprising:
determining a recognition result for the feature information in response to receiving the feature information for controlling the target user to access the object, wherein the recognition result comprises a first recognition result for the first feature information, a second recognition result for the second feature information and a third recognition result for the third feature information;
acquiring first position information and second position information pre-applied by the target user under the condition that the first identification result is not allowed to be characterized, wherein the first position information is used for representing the position of identification equipment for acquiring the characteristic information;
determining access control information for the target user based on a result of the matching between the first location information and the second location information, the second recognition result, and the third recognition result; and
And returning the access control information to the identification device so that the identification device allows the target user to access the object or denies the target user to access the object based on the access control information.
2. The method of claim 1, wherein the determining access control information for the target user based on a result of the match between the first location information and the second location information, the second recognition result, and the third recognition result comprises:
acquiring a right area aiming at the target user under the condition that the first position information is not matched with the second position information, and determining the access control information according to a matching result of the first position information and the right area, wherein the second position information is positioned in the right area;
and determining the access control information according to the second identification result and the third identification result under the condition that the first position information is matched with the second position information.
3. The method of claim 2, wherein the determining the access control information according to a result of the matching of the first location information and the rights area comprises: in case the first location information matches the rights area,
Determining associated terminal equipment and associated information of the target user;
generating a first confirmation credential according to the first location information and the association information;
sending the first confirmation credential to the associated terminal device; and
and in response to receiving a second confirmation credential returned by the identification device, determining the access control information according to a matching relationship of the first confirmation credential and the second confirmation credential.
4. The method of claim 2, wherein the determining the access control information according to a result of the matching of the first location information and the rights area further comprises:
and generating access refusal control information under the condition that the first position information is not matched with the authority area information.
5. The method of claim 2, wherein the first recognition result comprises a first degree of recognition, the first recognition result characterizing a permission if the first degree of recognition is greater than a first threshold; the second recognition result comprises a second recognition degree, and the second recognition result is allowed to be characterized under the condition that the second recognition degree is larger than a second threshold value; the third recognition result comprises a third recognition degree, and the third recognition result is allowed to be characterized under the condition that the third recognition degree is larger than a third threshold value.
6. The method of claim 5, wherein the determining the access control information according to the second recognition result and the third recognition result comprises: in case it is determined that the first location information matches the second location information,
acquiring a fourth threshold and a fifth threshold, wherein the fourth threshold is larger than the second threshold, and the fifth threshold is larger than the third threshold;
and generating permission access control information in the case that the second recognition degree is larger than the fourth threshold value and the third recognition degree is larger than the fifth threshold value.
7. The method of claim 5, wherein the first characteristic information comprises: the identification device comprises first sub-feature information, second sub-feature information and third sub-feature information, wherein the first sub-feature information, the second sub-feature information and the third sub-feature information are acquired by the identification device at different moments;
the method further comprises the steps of:
calculating a first matching degree between the first sub-feature information and fourth feature information, wherein the fourth feature information is acquired when the target user applies for access rights through an applet;
calculating a second matching degree between the second sub-feature information and the fourth feature information;
Calculating a third matching degree between the third sub-feature information and the fourth feature information; and
and taking the highest matching degree among the first matching degree, the second matching degree and the third matching degree as the first recognition degree.
8. The method of claim 1, wherein prior to the determining the recognition result for the feature information in response to receiving the feature information for controlling the target user to access the object, further comprising:
responding to the received application request for accessing the object, and displaying an application page through the applet; and
and generating an application record in response to receiving the characteristic information input through the application page.
9. The method of claim 1, wherein after the returning the access control information to the identification device, further comprising:
receiving image information from a detection device and third position information of the detection device;
identifying a target user in the image information;
determining the authority area and access time of the target user according to the application record of the target user;
and generating warning information according to the authority area, the access time and the third position information.
10. The method of claim 1, further comprising:
in case the first recognition result characterizes a permission, and both the second recognition result and the third recognition result characterize a non-permission,
determining associated terminal equipment and associated information of the target user;
generating a third confirmation credential according to the first location information and the association information;
sending the third confirmation credential to the associated terminal device; and
and in response to receiving a fourth confirmation credential returned by the identification device, determining the access control information according to a matching relationship of the third confirmation credential and the fourth confirmation credential.
11. A security control apparatus for accessing an object, comprising:
an identification module for determining an identification result for the feature information in response to receiving the feature information for controlling the target user to access the object, wherein the identification result comprises a first identification result for the first feature information, a second identification result for the second feature information and a third identification result for the third feature information;
the position acquisition module is used for acquiring first position information and second position information applied in advance by the target user under the condition that the first identification result is not allowed to be characterized, wherein the first position information is used for representing the position of identification equipment for acquiring the characteristic information;
A control module configured to determine access control information for the target user based on a result of matching between the first location information and the second location information, the second recognition result, and the third recognition result; and
and the return module is used for returning the access control information to the identification equipment so that the identification equipment allows the target user to access the object or refuses the target user to access the object based on the access control information.
12. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-10.
13. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1 to 10.
14. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 10.
CN202310772549.1A 2023-06-27 2023-06-27 Security control method and device for accessing object, electronic equipment and medium Pending CN117251860A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310772549.1A CN117251860A (en) 2023-06-27 2023-06-27 Security control method and device for accessing object, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310772549.1A CN117251860A (en) 2023-06-27 2023-06-27 Security control method and device for accessing object, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN117251860A true CN117251860A (en) 2023-12-19

Family

ID=89125411

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310772549.1A Pending CN117251860A (en) 2023-06-27 2023-06-27 Security control method and device for accessing object, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN117251860A (en)

Similar Documents

Publication Publication Date Title
AU2016273888B2 (en) Controlling physical access to secure areas via client devices in a networked environment
CN113098870B (en) Phishing detection method and device, electronic equipment and storage medium
CN110213215A (en) A kind of resource access method, device, terminal and storage medium
JP2020520511A (en) Access control method and apparatus, system, electronic device, program and medium
US11700129B2 (en) Systems and methods for tokenized data delegation and protection
US9934310B2 (en) Determining repeat website users via browser uniqueness tracking
US11379591B2 (en) Methods and devices for user authorization
CN106897586A (en) A kind of application programming interface API right management methods and device
CN111915789A (en) Visitor reservation management method, device, equipment and storage medium
CN110838195A (en) Method for authorizing others to unlock
US20220164789A1 (en) Location based wallets
CN109409552A (en) Reserve access method, system, computer equipment and storage medium
CN114268494A (en) Secure access method, system, device and medium
CN108696540A (en) A kind of authorizing secure system and its authorization method
CN117540355A (en) Zero trust access control system based on collaborative risk assessment model
CN112634501A (en) Visitor authorization method for property management
CN111125656A (en) Service processing method and device and electronic equipment
CN114866247B (en) Communication method, device, system, terminal and server
CN117251860A (en) Security control method and device for accessing object, electronic equipment and medium
CN114418586A (en) Reserved mobile phone number verification method, reserved mobile phone number verification device, reserved mobile phone number verification electronic equipment, reserved mobile phone number verification medium and program product
KR101345803B1 (en) Epc network authentication apparatus using reserve proxy and the method thereof
CN113850945B (en) Access control method and multi-access-control-host anti-submergence system
CN112069231B (en) User information processing method and device, storage medium and electronic equipment
CN114333098A (en) Patrol method, patrol device, electronic equipment and computer readable medium
CN113630415A (en) Network admission control method, apparatus, system, device, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination