CN115223281A - Access control system and access control method - Google Patents
Access control system and access control methodDownload PDFInfo
- Publication number
- CN115223281A CN115223281ACN202210848102.3ACN202210848102ACN115223281ACN 115223281 ACN115223281 ACN 115223281ACN 202210848102 ACN202210848102 ACN 202210848102ACN 115223281 ACN115223281 ACN 115223281A
- Authority
- CN
- China
- Prior art keywords
- access control
- authorizer
- user
- door
- machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/23—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
Translated fromChinese技术领域technical field
本发明涉及一种门禁系统及门禁控制方法。The invention relates to an access control system and an access control method.
背景技术Background technique
目前,金库门的门禁措施主要分为机械密码锁和电子密码锁,通常采用“双人双锁”原则,即金库门安装有两把门锁,操作时两名工作人员应同时到场,各自解锁一把门锁后金库门才可开启。这种门禁系统存在密码固定易被盗,开启权限低的问题。At present, the access control measures for the vault door are mainly divided into mechanical combination locks and electronic combination locks. Usually, the principle of "double double lock" is adopted, that is, the vault door is installed with two door locks. When operating, two staff members should be present at the same time and unlock one door each. The vault door can only be opened after it is locked. This kind of access control system has the problems that the password is fixed and easy to be stolen, and the opening authority is low.
发明内容SUMMARY OF THE INVENTION
本发明所要解决的技术问题是针对现有技术的上述不足,提供一种门禁控制方法、门禁管理控制平台、外设机、门上机及系统,所述门禁系统的安全性高,能够解决现有门禁系统密码固定易被盗,开启权限低的问题。The technical problem to be solved by the present invention is to provide an access control method, an access control management control platform, a peripheral machine, a door machine and a system for the above-mentioned deficiencies of the prior art. The access control system has high security and can solve the There are problems that the access control system password is fixed and easy to be stolen, and the opening authority is low.
第一方面,本发明提供一种门禁系统,包括:外设机和门上机,In a first aspect, the present invention provides an access control system, including: a peripheral machine and a door machine,
所述外设机用于对授权人进行身份信息验证,并在授权人的身份信息验证通过后,根据授权人的指令生成认证密码;The peripheral machine is used to verify the identity information of the authorizer, and after the identity information of the authorizer passes the verification, an authentication password is generated according to the order of the authorizer;
所述门上机设置在库门上,并与所述外设机隔离设置,用于对使用人进行身份信息验证,并在使用人的身份信息验证通过后,根据使用人输入的所述认证密码解除库门的门禁。The door machine is set on the warehouse door and is isolated from the peripheral machine, and is used to verify the identity information of the user. The password unlocks the vault door.
优选地,所述外设机还用于当所述认证密码生成时,根据所述认证密码生成第一工作记录;Preferably, the peripheral machine is further configured to generate a first work record according to the authentication password when the authentication password is generated;
所述门上机还用于当库门的门禁解除时,根据所述认证密码生成第二工作记录。The door machine is also used to generate a second work record according to the authentication password when the access control of the warehouse door is released.
优选地,所述授权人的指令具体包括:Preferably, the instructions of the authorizer specifically include:
认证密码有效期、授权时间、外设机编号、门上机编号、授权人以及使用人;Authentication password validity period, authorization time, peripheral machine number, door machine number, authorizer and user;
所述根据授权人的指令生成认证密码,具体包括:The generating of the authentication password according to the instruction of the authorizer specifically includes:
根据授权人的指令加上随机数使用预设加密算法生成认证密码。The authentication password is generated using a preset encryption algorithm according to the authorizer's instruction plus a random number.
优选地,所述预设加密算法为RSA加密算法。Preferably, the preset encryption algorithm is an RSA encryption algorithm.
优选地,还包括门禁管理控制平台,Preferably, it also includes an access control management and control platform,
所述门禁管理控制平台用于接收录入的授权人的身份信息,并根据授权人的身份信息制成授权卡;The access control management and control platform is used to receive the entered identity information of the authorizer, and make an authorization card according to the identity information of the authorizer;
所述门禁管理控制平台还用于接收录入的使用人的身份信息,并根据使用人的身份信息制成门禁卡;The access control management control platform is also used to receive the entered user's identity information, and make an access control card according to the user's identity information;
所述门禁管理控制平台能够与所述外设机连接,用于向外设机传送授权人和使用人的身份信息、以及授权卡,并存储外设机传送的第一工作记录;The access control management and control platform can be connected with the peripheral machine, and is used to transmit the identity information of the authorizer and the user and the authorization card to the peripheral machine, and store the first work record transmitted by the peripheral machine;
所述门禁管理控制平台能够与所述门上机连接,用于向门上机传送授权人和使用人的身份信息、以及门禁卡,并存储门上机传送的第二工作记录。The access control management and control platform can be connected with the door machine, and is used to transmit the identity information of the authorizer and the user and the access card to the door machine, and store the second work record transmitted by the door machine.
优选地,所述外设机通过有线连接方式与门禁管理控制平台临时连接,所述门上机通过有线连接方式与门禁管理控制平台临时连接。Preferably, the peripheral machine is temporarily connected to the access control management and control platform through a wired connection, and the door machine is temporarily connected to the access control management and control platform through a wired connection.
优选地,所述授权人的身份信息包括授权人的生物特征和授权密码,用于通过外设机的身份信息验证;Preferably, the identity information of the authorizer includes the biometric feature and the authorization password of the authorizer, which are used to verify the identity information of the peripheral machine;
所述使用人的身份信息包括使用人的生物特征和门禁密码,用于通过门上机的身份信息验证。The user's identity information includes the user's biometric feature and access control password, which are used for identity information verification on the door machine.
第二方面,本发明还提供一种门禁控制方法,应用于上述门禁系统,该方法包括:In a second aspect, the present invention also provides an access control method, which is applied to the above-mentioned access control system, and the method includes:
授权人在外设机进行身份信息验证;The authorized person performs identity information verification on the peripheral machine;
当授权人身份信息通过验证后,外设机根据授权人的指令生成认证密码;When the authorizer's identity information is verified, the peripheral computer generates an authentication password according to the authorizer's instructions;
授权人将认证密码交给使用人;The authorizer gives the authentication password to the user;
使用人在门上机上进行身份信息验证;The user performs identity information verification on the door machine;
当使用人身份信息通过验证后,门上机根据使用人输入的所述认证密码解除库门的门禁。After the user's identity information is verified, the door machine releases the access control of the warehouse door according to the authentication password input by the user.
优选地,授权人在外设机上进行身份信息验证,具体包括:Preferably, the authorizer performs identity information verification on the peripheral machine, specifically including:
授权人在外设机上输入授权人的生物特征、授权密码和授权卡;The authorized person enters the authorized person's biometrics, authorization password and authorization card on the peripheral machine;
外设机判断所述授权人的生物特征、授权密码和授权卡是否通过验证,若否,则验证不通过,若是,则验证通过;The peripheral machine judges whether the biometric features, authorization password and authorization card of the authorized person pass the verification, if not, the verification fails, and if so, the verification passes;
所述授权人的指令包括认证密码有效期、授权时间、外设机编号、门上机编号、授权人以及使用人;The instructions of the authorizer include the validity period of the authentication password, the authorization time, the peripheral machine number, the door machine number, the authorizer and the user;
外设机根据授权人的指令生成认证密码,具体包括:外设机根据授权人的指令加上随机数使用预设加密算法生成认证密码。The peripheral computer generates the authentication password according to the authorizer's instruction, which specifically includes: the peripheral computer generates the authentication password according to the authorizer's instruction plus a random number and uses a preset encryption algorithm.
授权人将认证密码交给使用人,具体为:授权人在线下将认证密码交给使用人。The authorizer delivers the authentication password to the user, specifically: the authorizer delivers the authentication password to the user offline.
优选地,使用人在门上机上进行身份信息验证,具体包括:Preferably, the user performs identity information verification on the door machine, specifically including:
使用人在门上机上输入使用人的生物特征、门禁密码和门禁卡;The user enters the user's biometrics, access code and access card on the door machine;
门上机判断所述授权人的生物特征、门禁密码和门禁卡是否通过验证,若否,则验证不通过,若是,则验证通过;The door-to-door machine determines whether the authorized person's biometric features, access control password and access control card pass the verification, if not, the verification fails, and if so, the verification passes;
所述门上机根据使用人输入的所述认证密码解除库门的门禁,具体包括:The door machine releases the access control of the warehouse door according to the authentication password input by the user, which specifically includes:
使用人在门上机上输入认证密码;The user enters the authentication password on the door machine;
门上机解析认证密码以获取认证密码有效期、授权时间、外设机编号、门上机编号、授权人以及使用人;The door machine parses the authentication password to obtain the validity period of the authentication password, authorization time, peripheral machine number, door machine number, authorizer and user;
门上机判断所述认证密码是否与之前已经生成的第二工作记录重复,若是,则不解除门禁,若否,则进一步判断认证密码是否超出有效期,The door-to-door machine determines whether the authentication password is duplicated with the second work record that has been generated before. If so, the access control is not lifted. If not, it is further determined whether the authentication password exceeds the validity period.
若认证密码超出有效期,则不解除门禁,若认证密码不超出有效期,则进一步判断外设机编号是否正确,If the authentication password exceeds the validity period, the access control will not be released. If the authentication password does not exceed the validity period, it is further judged whether the peripheral number is correct.
若外设机编号不正确,则不解除门禁,若外设机编号正确,则进一步判断门上机编号是否匹配,If the peripheral number is incorrect, the access control will not be released. If the peripheral number is correct, it will be further judged whether the door number matches.
若门上机编号不匹配,则不解除门禁,若门上机编号匹配,则进一步判断授权人信息是否正确,If the door operator number does not match, the access control will not be released. If the door operator number matches, it is further judged whether the authorizer information is correct.
若授权人信息不正确,则不解除门禁,若授权人信息正确,则进一步判断使用人信息是否正确,If the authorizer's information is incorrect, the access control will not be lifted. If the authorizer's information is correct, it is further judged whether the user's information is correct.
若使用人信息不正确,则不解除门禁,若使用人信息正确,则解除门禁。If the user information is incorrect, the access control will not be released, and if the user information is correct, the access control will be released.
本发明提供的门禁系统及门禁控制方法,通过预先在门禁管理控制平台录入的人员信息区分人员权限等级,将人员信息传输给外设机和门上机;高权限人员通过外设机进行认证及授权,外设机根据管理信息生成认证密码,低权限人员拿到认证密码后在有效期内于门上机进行认证及解锁,能够实现多种认证方式结合,从而能够增强密码随机性和安全性,并提高开启门禁权限。The access control system and the access control method provided by the present invention distinguish the authority level of the personnel through the personnel information entered in the access control management control platform in advance, and transmit the personnel information to the peripheral machine and the door machine; Authorization, the peripheral machine generates an authentication password according to the management information. After the low-authority personnel get the authentication password, they can authenticate and unlock the machine on the door within the validity period, which can realize the combination of various authentication methods, thereby enhancing the randomness and security of the password. And increase the access permission.
附图说明Description of drawings
图1为本发明实施例1的门禁系统的结构示意图;1 is a schematic structural diagram of an access control system according to Embodiment 1 of the present invention;
图2为本发明实施例2的门禁控制方法的流程示意图;2 is a schematic flowchart of an access control method according to Embodiment 2 of the present invention;
图3为本发明实施例3的门禁控制方法步骤S1的流程示意图;3 is a schematic flowchart of step S1 of the access control method according to Embodiment 3 of the present invention;
图4为本发明实施例3的门禁控制方法步骤S2的流程示意图。FIG. 4 is a schematic flowchart of step S2 of the access control method according to Embodiment 3 of the present invention.
具体实施方式Detailed ways
为使本领域技术人员更好地理解本发明的技术方案,下面将结合附图对本发明实施方式作进一步地详细描述。In order for those skilled in the art to better understand the technical solutions of the present invention, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.
可以理解的是,此处描述的具体实施例和附图仅仅用于解释本发明,而非对本发明的限定。It should be understood that the specific embodiments and accompanying drawings described herein are only used to explain the present invention, but not to limit the present invention.
可以理解的是,在不冲突的情况下,本发明中的各实施例及实施例中的各特征可相互组合。It will be understood that the various embodiments of the present invention and the various features of the embodiments may be combined with each other without conflict.
可以理解的是,为便于描述,本发明的附图中仅示出了与本发明相关的部分,而与本发明无关的部分未在附图中示出。It can be understood that, for the convenience of description, only the parts related to the present invention are shown in the drawings of the present invention, and the parts unrelated to the present invention are not shown in the drawings.
可以理解的是,本发明的实施例中所涉及的每个单元、模块可仅对应一个实体结构,也可由多个实体结构组成,或者,多个单元、模块也可集成为一个实体结构。It can be understood that each unit and module involved in the embodiments of the present invention may correspond to only one entity structure, or may be composed of multiple entity structures, or multiple units and modules may also be integrated into one entity structure.
可以理解的是,在不冲突的情况下,本发明的流程图和框图中所标注的功能、步骤可按照不同于附图中所标注的顺序发生。It should be understood that the functions and steps noted in the flowcharts and block diagrams of the present invention may occur out of the order noted in the drawings unless there is conflict.
可以理解的是,本发明的流程图和框图中,示出了按照本发明各实施例的系统、装置、设备、方法的可能实现的体系架构、功能和操作。其中,流程图或框图中的每个方框可代表一个单元、模块、程序段、代码,其包含用于实现规定的功能的可执行指令。而且,框图和流程图中的每个方框或方框的组合,可用实现规定的功能的基于硬件的系统实现,也可用硬件与计算机指令的组合来实现。It can be understood that the flowcharts and block diagrams of the present invention show possible implementation architectures, functions, and operations of the systems, apparatuses, devices, and methods according to various embodiments of the present invention. Wherein, each block in the flowchart or block diagram may represent a unit, module, program segment, or code, which contains executable instructions for implementing the specified function. Furthermore, each block or combination of blocks in the block diagrams and flowchart illustrations can be implemented by hardware-based systems that perform the specified functions, or by combinations of hardware and computer instructions.
可以理解的是,本发明实施例中所涉及的单元、模块可通过软件的方式实现,也可通过硬件的方式来实现,例如单元、模块可位于处理器中。It can be understood that, the units and modules involved in the embodiments of the present invention may be implemented in a software manner, and may also be implemented in a hardware manner, for example, the units and modules may be located in a processor.
实施例1:Example 1:
本实施例提供一种门禁系统,该门禁系统可以用于库房门禁,如图1所示,该系统包括:外设机和门上机,This embodiment provides an access control system, which can be used for warehouse access control. As shown in FIG. 1 , the system includes: a peripheral machine and a door machine,
外设机用于对授权人进行身份信息验证,并在授权人的身份信息验证通过后,根据授权人的指令生成认证密码;The peripheral machine is used to verify the identity information of the authorizer, and after the authentication of the authorizer's identity information is passed, the authentication password is generated according to the instructions of the authorizer;
门上机设置在库门上,并与外设机隔离设置,用于对使用人进行身份信息验证,并在使用人的身份信息验证通过后,根据使用人输入的(由授权入交付的)所述认证密码解除库门的门禁。The door machine is set on the warehouse door and is set apart from the peripheral machine to verify the user's identity information, and after the user's identity information is verified, according to the user's input (delivered by authorization) The authentication password releases the access control of the warehouse door.
在本实施例中,外设机和门上机之间不进行任何连接以实现隔离设置,通过外设机和门上机的隔离设置,可以实现认证密码的离线传输,降低密码被盗的可能性,根据目标人员信息的权限等级不同,也将人员分为授权人和使用人,授权人可以对使用人进行授权,实际应用当中可以让高层人员作为授权人,以提高系统安全性。In this embodiment, no connection is made between the peripheral machine and the door machine to realize the isolation setting. Through the isolation setting of the peripheral machine and the door machine, the offline transmission of the authentication password can be realized, and the possibility of password theft is reduced. According to the different permission levels of target personnel information, personnel are also divided into authorizers and users. The authorizer can authorize users. In practical applications, senior personnel can be used as authorizers to improve system security.
其中,所述授权人的指令包括认证密码有效期、授权时间、外设机编号、门上机编号、授权人以及使用人,Wherein, the instruction of the authorizer includes the validity period of the authentication password, the authorization time, the peripheral machine number, the door machine number, the authorizer and the user,
本实施例中,具体是根据授权人的指令加上随机数使用RSA加密算法生成认证密码。In this embodiment, the authentication password is generated by using the RSA encryption algorithm according to the instruction of the authorizer plus the random number.
在本实施例中,由于同一个外设机不能在同一时间生成两个认证密码,加入了外设机编号和授权时间以保证认证密码的唯一性,同时,加入了随机数以保证密码的随机性,生成认证密码除了可以使用RSA加密算法外,还可以使用其它高安全的加密算法,认证密码中包含了所有授权人的指令信息,当使用人在门上机输入认证密码时,门上机解析认证密码可以获得授权人的指令,根据授权人的指令判断认证密码的有效性,从而实现提高系统的安全性。In this embodiment, since the same peripheral device cannot generate two authentication passwords at the same time, the peripheral device number and authorization time are added to ensure the uniqueness of the authentication password, and at the same time, a random number is added to ensure the randomness of the password. In addition to the RSA encryption algorithm, other high-security encryption algorithms can also be used to generate the authentication password. The authentication password contains the instruction information of all authorized persons. When the user enters the authentication password on the door machine, the door machine The authorizer's instruction can be obtained by parsing the authentication password, and the validity of the authentication password can be judged according to the authorizer's instruction, so as to improve the security of the system.
外设机还用于当所述认证密码生成时,根据认证密码生成第一工作记录;The peripheral machine is further configured to generate a first work record according to the authentication password when the authentication password is generated;
门上机还用于当库门的门禁解除时,根据认证密码生成第二工作记录。The door machine is also used to generate a second work record according to the authentication password when the access control of the warehouse door is released.
在本实施例中,每当认证密码生成以及被使用时,都会生成相应的工作记录,从而便于后续查询门禁的开启情况。In this embodiment, whenever an authentication password is generated and used, a corresponding work record will be generated, so as to facilitate subsequent inquiry of the opening status of the access control.
可选的,本实施例中,该系统还包括门禁管理控制平台,Optionally, in this embodiment, the system further includes an access control management and control platform,
门禁管理控制平台用于接收录入的授权人的身份信息,并根据授权人的身份信息制成授权卡;The access control management and control platform is used to receive the entered identity information of the authorized person, and make an authorization card according to the identity information of the authorized person;
门禁管理控制平台还用于接收录入的使用人的身份信息,并根据使用人的身份信息制成门禁卡;The access control management and control platform is also used to receive the entered user's identity information, and make an access control card according to the user's identity information;
门禁管理控制平台能够与外设机连接,用于向外设机传送授权人和使用人的身份信息、以及授权卡,并存储外设机传送的第一工作记录;The access control management and control platform can be connected with the peripheral computer to transmit the identity information of the authorizer and the user, as well as the authorization card to the peripheral computer, and store the first work record transmitted by the peripheral computer;
门禁管理控制平台能够与所述门上机连接,用于向门上机传送授权人和使用人的身份信息、以及门禁卡,并存储门上机传送的第二工作记录。The access control management and control platform can be connected with the door machine, and is used to transmit the identity information of the authorizer and the user and the access card to the door machine, and store the second work record transmitted by the door machine.
外设机通过有线连接方式与门禁管理控制平台临时连接,门上机通过有线连接方式与门禁管理控制平台临时连接。The peripheral machine is temporarily connected to the access control management and control platform through a wired connection, and the door machine is temporarily connected to the access control management and control platform through a wired connection.
在本实施例中,外设机与门上机通过有线连接的方式临时连接至门禁管理控制平台,下载相关身份信息并上传工作记录,有线连接的方式可以是USB、网口等,没有采用网络连接的方式可以降低系统被入侵的可能性。In this embodiment, the peripheral machine and the door machine are temporarily connected to the access control management and control platform through a wired connection, to download relevant identity information and upload work records. The wired connection can be USB, network port, etc., and does not use network The way of connection can reduce the possibility of the system being hacked.
实施例2:Example 2:
本实施例提供一种门禁控制方法,如图2所示,该方法包括:This embodiment provides an access control method, as shown in FIG. 2 , the method includes:
步骤S111:授权人在外设机上进行身份信息验证。Step S111 : the authorizer performs identity information verification on the peripheral machine.
本实施例中,步骤S111具体包括:In this embodiment, step S111 specifically includes:
授权人在外设机上输入授权人的生物特征、授权密码和授权卡;The authorized person enters the authorized person's biometrics, authorization password and authorization card on the peripheral machine;
外设机判断授权人的生物特征、授权密码和授权卡是否通过验证,若否,则验证不通过,若是,则验证通过;The peripheral machine judges whether the biometric features, authorization password and authorization card of the authorizer pass the verification, if not, the verification fails, and if so, the verification passes;
在本实施例中,通过对生物特征、授权密码以及授权卡的多重认证,可以提高系统的安全性,生物特征指人体固有的生理特征,比如可以包括面部、指纹以及虹膜等。In this embodiment, the security of the system can be improved through multiple authentication of biometrics, authorization passwords and authorization cards. Biometrics refer to inherent physiological characteristics of the human body, such as face, fingerprint, and iris.
步骤S112:当授权人身份信息通过验证后,外设机根据授权人的指令生成认证密码。Step S112: After the authorizer's identity information is verified, the peripheral computer generates an authentication password according to the authorizer's instruction.
其中,授权人的指令包括认证密码有效期、授权时间、外设机编号、门上机编号、授权人以及使用人。Among them, the authorizer's instructions include the validity period of the authentication password, the authorization time, the peripheral machine number, the door machine number, the authorizer and the user.
通过外设机根据授权人的指令加上随机数使用RSA加密算法生成认证密码。The RSA encryption algorithm is used to generate the authentication password through the peripheral machine according to the instruction of the authorizer plus the random number.
在本实施例中,外设机将授权人的指令信息通过加密算法转换为认证密码,除了RSA加密算法外,其它成熟的加密算法都可以使用。In this embodiment, the peripheral computer converts the instruction information of the authorizer into an authentication password through an encryption algorithm, and other mature encryption algorithms can be used except the RSA encryption algorithm.
步骤S113:授权人将认证密码交给使用人。Step S113: The authorizer gives the authentication password to the user.
在本实施例中,授权人在线下将认证密码交给使用人。In this embodiment, the authorizer delivers the authentication password to the user offline.
步骤S114:使用人在门上机上进行身份信息验证。Step S114: the user performs identity information verification on the door machine.
步骤S114具体包括:Step S114 specifically includes:
使用人在门上机上输入使用人的生物特征、门禁密码和门禁卡;The user enters the user's biometrics, access code and access card on the door machine;
通过门上机判断授权人的生物特征、门禁密码和门禁卡是否通过验证,若否,则验证不通过,若是,则验证通过;Determine whether the authorized person's biometric features, access control password and access control card have passed the verification through the door-to-door machine. If not, the verification fails;
在本实施例中,门上机同样采用多重认证的方式以提高系统安全性。In this embodiment, the multi-authentication method is also used to improve the security of the system.
步骤S115:当使用人身份信息通过验证后,门上机根据使用人输入的认证密码解除库门的门禁。Step S115: After the user's identity information is verified, the door machine releases the access control of the warehouse door according to the authentication password input by the user.
步骤S115具体包括:Step S115 specifically includes:
使用人在门上机上输入认证密码;The user enters the authentication password on the door machine;
门上机解析认证密码以获取认证密码有效期、授权时间、外设机编号、门上机编号、授权人以及使用人;The door machine parses the authentication password to obtain the validity period of the authentication password, authorization time, peripheral machine number, door machine number, authorizer and user;
门上机判断所述认证密码是否与之前已经生成的第二工作记录重复,若是,则不解除门禁,若否,则进一步判断认证密码是否超出有效期,The door-to-door machine determines whether the authentication password is duplicated with the second work record that has been generated before. If so, the access control is not lifted. If not, it is further determined whether the authentication password exceeds the validity period.
若认证密码超出有效期,则不解除门禁,若认证密码不超出有效期,则进一步判断外设机编号是否正确,If the authentication password exceeds the validity period, the access control will not be released. If the authentication password does not exceed the validity period, it is further judged whether the peripheral number is correct.
若外设机编号不正确,则不解除门禁,若外设机编号正确,则进一步判断门上机编号是否匹配,If the peripheral number is incorrect, the access control will not be released. If the peripheral number is correct, it will be further judged whether the door number matches.
若门上机编号不匹配,则不解除门禁,若门上机编号匹配,则进一步判断授权人信息是否正确,If the door operator number does not match, the access control will not be released. If the door operator number matches, it is further judged whether the authorizer information is correct.
若授权人信息不正确,则不解除门禁,若授权人信息正确,则进一步判断使用人信息是否正确,If the authorizer's information is incorrect, the access control will not be lifted. If the authorizer's information is correct, it is further judged whether the user's information is correct.
若使用人信息不正确,则不解除门禁,若使用人信息正确,则解除门禁。If the user information is incorrect, the access control will not be released, and if the user information is correct, the access control will be released.
在本实施例中,使用人在门上机使用认证密码,门上机通过解析认证密码获得授权人的指令,并判断授权人的指令中的认证密码有效期、授权时间、外设机编号、门上机编号、授权人以及使用人等信息是否符合要求,只要有一项不符合要求,则门禁不予开启,除此之外,为了保证低权限人员获得认证密码后不会随意开启门禁,门上机还会将获取到的认证密码与工作记录进行比对,如果发现认证密码重复使用,则不予开启门禁。In this embodiment, the user uses the authentication password on the door machine, and the door machine obtains the authorizer's instruction by parsing the authentication password, and judges the validity period of the authentication password, authorization time, peripheral machine number, and door number in the authorization person's instruction. Whether the information such as the machine number, authorizer, and user meet the requirements, as long as one item does not meet the requirements, the access control will not be opened. The computer will also compare the obtained authentication password with the work record. If the authentication password is found to be reused, the access control will not be opened.
在一个具体的实施例中,该门禁控制方法可以包括如下步骤:In a specific embodiment, the access control method may include the following steps:
步骤S01:信息录入Step S01: information entry
在使用门禁系统进行门禁启闭控制前,首先应将目标人员信息录入设备。通过门禁管理控制平台,授权人录入生物特征,输入认证密码,并制成授权卡;使用人录入生物特征,输入门禁密码,并制成门禁卡。外设机通过USB接口连接等有线连接方式临时接至门禁管理控制平台,可进行下载相关身份信息,上传工作记录、身份信息更新记录等操作;门上机具备生物特征识别装置(或其他识别原理的门禁识别装置)的基本功能,可接入门禁管理控制平台,接受平台管理和控制。Before using the access control system to control the opening and closing of the access control, the information of the target person should be entered into the device first. Through the access control management and control platform, the authorized person enters the biometric feature, enters the authentication password, and makes an authorization card; the user enters the biometric feature, enters the access control password, and makes an access control card. The peripheral machine is temporarily connected to the access control management and control platform through wired connection such as USB interface connection, and can download relevant identity information, upload work records, update records of identity information, etc.; the door machine is equipped with a biometric identification device (or other identification principles). The basic functions of the access control identification device) can be connected to the access control management and control platform, and can be managed and controlled by the platform.
步骤S02:申请授权Step S02: apply for authorization
当使用人有开启门禁的需求时,应依据管理制度流程向授权人提出门禁开启申请。When the user has the need to open the access control, he should submit an application for opening the access control to the authorized person according to the management system process.
申请通过之后,授权人使用外设机进行生物特征认证、授权密码认证、授权卡认证,三种认证全部通过后外设机进入认证密码生成环节。After the application is approved, the authorized person uses the peripheral computer to perform biometric authentication, authorization password authentication, and authorization card authentication. After all three types of authentication are passed, the peripheral computer enters the authentication password generation process.
授权人选择使用人、需开启门上机编号、认证密码有效期限后点击生成认证密码。外设机根据外设机编号、需开启门上机编号、授权人信息、使用人信息、授权时间、认证密码有效期限等信息,加入本次生成的随机数,使用RSA算法等成熟加密算法加密信息,生成认证密码。由于每次生成密码时上述信息有所变化,因此每次生成的认证密码均不相同。The authorizer selects the user, needs to open the door number, and clicks to generate the authentication password after the valid period of the authentication password. The peripheral machine adds the random number generated this time according to the peripheral machine number, the number of the door to be opened, the authorizer information, the user information, the authorization time, the validity period of the authentication password and other information, and is encrypted with a mature encryption algorithm such as the RSA algorithm. information to generate an authentication password. Since the above information changes each time a password is generated, the authentication password generated each time is different.
授权人将认证密码线下交付给使用人。使用人获得认证密码后便可进行门禁开启工作。The authorizer delivers the authentication password to the user offline. After the user obtains the authentication password, the access control can be opened.
步骤S03:信息认证Step S03: information authentication
使用人使用门上机进行生物特征认证、门禁密码认证、门禁卡认证,三种认证全部通过后门上机进入认证密码输入环节。The user uses the door machine to perform biometric authentication, access control password authentication, and access control card authentication. All three types of authentication enter the authentication password input link through the back door machine.
使用人将认证密码输入门上机,门上机通过解密算法获得外设机编号、需开启门上机编号、授权人信息、使用人信息、授权时间、认证密码有效期限等信息。门上机对此信息进行查验:若开启时间在认证密码有效期限内、认证密码未重复、外设机编号正确、需开启门上机编号匹配、授权人信息正确、使用人信息正确,则认证通过,门上机控制电控锁开启,使用人可开启门禁。否则,若有任一条件未满足,认证失败,门禁不予开启。The user enters the authentication password into the door machine, and the door machine obtains information such as the peripheral machine number, the number of the door machine to be opened, the authorizer information, the user information, the authorization time, and the validity period of the authentication password through the decryption algorithm. The door machine checks this information: if the opening time is within the validity period of the authentication password, the authentication password is not repeated, the peripheral machine number is correct, the number of the door machine to be opened matches, the authorizer information is correct, and the user information is correct, then the authentication is performed. Through, the door machine controls the electric lock to open, and the user can open the access control. Otherwise, if any of the conditions are not met, the authentication fails and the access control will not be opened.
为保证使用人获得认证密码后不可随意开启门禁,门上机将在输入认证密码后与工作记录比对,若发现认证密码重复,门禁开启认证失败。In order to ensure that the user cannot open the access control at will after obtaining the authentication password, the door machine will compare it with the work record after entering the authentication password. If the authentication password is found to be duplicated, the access control opening authentication fails.
实施例3:Example 3:
本实施例提供一种门禁控制方法,该方法包括:This embodiment provides an access control method, the method includes:
步骤S1:申请授权。Step S1: Apply for authorization.
具体地,如图3所示,步骤S1包括:Specifically, as shown in Figure 3, step S1 includes:
S11,使用人发起申请S11, the user initiates an application
S12,授权人向外设机输入生物特征、授权密码和授权卡以进行授权人认证;S12, the authorizer inputs the biometric feature, the authorization password and the authorization card to the peripheral computer to perform the authorization person authentication;
S13:当授权人认证通过后,授权人选择使用人、金库门编号以及认证密码有效期限;S13: When the authorizer passes the authentication, the authorizer selects the user, the vault door number and the validity period of the authentication password;
S14:外设机根据预设加密算法生成认证密码;S14: The peripheral computer generates an authentication password according to a preset encryption algorithm;
S15:使用人获取认证密码。S15: The user obtains the authentication password.
在本实施例中,预设加密算法可以为RSA加密算法,只有当授权人认证中的生物特征、授权密码和授权卡都通过认证后,外设机才会生成认证密码,其中,生物特征指人体固有的生理特征,可以包括面部、指纹以及虹膜等。In this embodiment, the preset encryption algorithm may be the RSA encryption algorithm, and only after the biometric feature, the authorization password and the authorization card in the authentication of the authorizer are authenticated, the peripheral computer will generate the authentication password, wherein the biometric feature refers to the authentication password. The inherent physiological characteristics of the human body, which can include the face, fingerprints, and iris.
步骤S2:信息认证。Step S2: information authentication.
具体地,如图4所示,步骤S2包括:Specifically, as shown in Figure 4, step S2 includes:
S21:使用人向门上机输入生物特征、门禁密码和门禁卡以进行使用人认证;S21: The user inputs the biometric feature, access code and access card to the door machine for user authentication;
S22:当使用人认证通过后,使用人向门上机输入认证密码;S22: After the user passes the authentication, the user inputs the authentication password to the door machine;
S23:门上机根据认证密码解析获取授权人信息、使用人信息、金库门编号以及认证密码有效期限;S23: The door machine obtains the authorizer information, user information, vault door number and the validity period of the authentication password according to the authentication password analysis;
S24:判断认证密码是否已经记录,若是,则门禁不开启,否则,执行步骤S25;S24: Determine whether the authentication password has been recorded, if so, the access control is not opened, otherwise, go to step S25;
S25:判断认证密码是否超出有效期限,若是,则门禁不开启,否则,执行步骤S26;S25: determine whether the authentication password exceeds the validity period, if so, the access control is not opened, otherwise, go to step S26;
S26:判断金库门编号以及授权人信息是否错误,若是,则门禁不开启,否则,执行步骤S27;S26: Determine whether the vault door number and the authorizer information are wrong, if so, the access control will not be opened, otherwise, go to step S27;
S27:判断使用人信息是否错误,若是,则门禁不开启,否则,开启门禁。S27: Determine whether the user information is wrong, if so, the access control is not turned on, otherwise, the access control is turned on.
在本实施例中,为保证使用人不会随意开启门禁,门禁每次开启都会将认证密码进行记录,在使用人将认证密码输入门上机时,门上机会将认证密码与记录进行对比,若发现重复,则门禁不开启。In this embodiment, in order to ensure that the user will not open the door at will, the authentication password will be recorded every time the door is opened. When the user enters the authentication password into the door, the door will compare the authentication password with the record. If duplicates are found, the door will not be opened.
本发明实施例2和3提供的门禁控制方法,通过预先在门禁管理控制平台录入的人员信息区分人员权限等级,并通过有线传输的方式将人员信息传输给外设机和门上机;授权人通过外设机进行认证及授权,外设机根据授权人的指令生成认证密码,由于认证密码生成时加入了随机数,使得认证密码具有随机性,使用人拿到认证密码后在有效期内于门上机进行认证及解锁,同时,外设机和门上机的验证都采用生物特征验证、密码验证和权限卡验证的多重验证结合的方式,提高系统安全性,解决了现有门禁系统,密码固定易被盗,开启权限低的问题。In the access control methods provided in Embodiments 2 and 3 of the present invention, the personnel authority levels are distinguished by the personnel information entered in the access control management control platform in advance, and the personnel information is transmitted to the peripheral machine and the door machine through wired transmission; the authorized person Authentication and authorization are carried out through the peripheral machine. The peripheral machine generates the authentication password according to the instructions of the authorizer. Since the random number is added to the authentication password, the authentication password is random. At the same time, the verification of the peripheral machine and the door machine adopts the combination of biometric verification, password verification and authorization card verification, which improves the security of the system and solves the problem of the existing access control system, password verification. Fixed the problem of easy to be stolen and low permission to open.
可以理解的是,以上实施方式仅仅是为了说明本发明的原理而采用的示例性实施方式,然而本发明并不局限于此。对于本领域内的普通技术人员而言,在不脱离本发明的精神和实质的情况下,可以做出各种变型和改进,这些变型和改进也视为本发明的保护范围。It can be understood that the above embodiments are only exemplary embodiments adopted to illustrate the principle of the present invention, but the present invention is not limited thereto. For those skilled in the art, without departing from the spirit and essence of the present invention, various modifications and improvements can be made, and these modifications and improvements are also regarded as the protection scope of the present invention.
Claims (10)
Translated fromChinesePriority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210848102.3ACN115223281A (en) | 2022-07-19 | 2022-07-19 | Access control system and access control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210848102.3ACN115223281A (en) | 2022-07-19 | 2022-07-19 | Access control system and access control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115223281Atrue CN115223281A (en) | 2022-10-21 |
Family
ID=83612752
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210848102.3APendingCN115223281A (en) | 2022-07-19 | 2022-07-19 | Access control system and access control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115223281A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116055036A (en)* | 2022-12-08 | 2023-05-02 | 江苏拓米洛高端装备股份有限公司 | Dynamic password generation method of non-networking system and identity authentication method of non-networking system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101763672A (en)* | 2010-01-22 | 2010-06-30 | 河北莱恩科技有限责任公司 | Centralized management system for fingerprint access control system |
| KR101688633B1 (en)* | 2015-06-30 | 2017-01-02 | 한국전자통신연구원 | Door lock using certification number and method using the same |
| CN108053539A (en)* | 2018-01-19 | 2018-05-18 | 南京西西科技有限公司 | Access control method, access control system and access control mobile client |
| CN108806025A (en)* | 2017-05-03 | 2018-11-13 | 腾讯科技(深圳)有限公司 | Realize the entrance guard authorization method and device of visitor's temporary visit |
| CN109410405A (en)* | 2018-11-13 | 2019-03-01 | 香港中文大学(深圳) | Access control management method, gate inhibition's unlocking method and entrance guard management system for unlocking |
- 2022
- 2022-07-19CNCN202210848102.3Apatent/CN115223281A/enactivePending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101763672A (en)* | 2010-01-22 | 2010-06-30 | 河北莱恩科技有限责任公司 | Centralized management system for fingerprint access control system |
| KR101688633B1 (en)* | 2015-06-30 | 2017-01-02 | 한국전자통신연구원 | Door lock using certification number and method using the same |
| CN108806025A (en)* | 2017-05-03 | 2018-11-13 | 腾讯科技(深圳)有限公司 | Realize the entrance guard authorization method and device of visitor's temporary visit |
| CN108053539A (en)* | 2018-01-19 | 2018-05-18 | 南京西西科技有限公司 | Access control method, access control system and access control mobile client |
| CN109410405A (en)* | 2018-11-13 | 2019-03-01 | 香港中文大学(深圳) | Access control management method, gate inhibition's unlocking method and entrance guard management system for unlocking |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116055036A (en)* | 2022-12-08 | 2023-05-02 | 江苏拓米洛高端装备股份有限公司 | Dynamic password generation method of non-networking system and identity authentication method of non-networking system |
| CN116055036B (en)* | 2022-12-08 | 2024-03-12 | 江苏拓米洛高端装备股份有限公司 | Dynamic password generation method of non-networking system and identity authentication method of non-networking system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112214745B (en) | Authenticated external biometric reader and verification device | |
| JP3222110B2 (en) | Personal identification fob | |
| EP2102790B1 (en) | Biometric security system and method | |
| US8689013B2 (en) | Dual-interface key management | |
| US8070061B2 (en) | Card credential method and system | |
| CN109410406B (en) | Authorization method, device and system | |
| US7275263B2 (en) | Method and system and authenticating a user of a computer system that has a trusted platform module (TPM) | |
| Aakula et al. | Forging Unbreakable Identities: The Biometric-Blockchain Nexus | |
| CA2820986C (en) | Methods for secure enrollment and backup of personal identity credentials into electronic devices | |
| JP6378773B2 (en) | Method of accessing physically secure rack and computer network infrastructure | |
| US20110084799A1 (en) | Lock system including an electronic key and a passive lock | |
| CN105243314B (en) | A kind of security system and its application method based on USB key | |
| CN109389709B (en) | Unlocking control system and unlocking control method | |
| WO2019204954A1 (en) | Smart lock system | |
| CN108777015B (en) | Access control system based on dynamic password | |
| KR101052936B1 (en) | A network-based biometric authentication system using a biometric authentication medium having a biometric information storage unit and a method for preventing forgery of biometric information | |
| KR20180000849A (en) | Biometric card for encrypting card information using biometric crptosystem and biometric data and user authentication method thereof | |
| US20020078372A1 (en) | Systems and methods for protecting information on a computer by integrating building security and computer security functions | |
| CN115223281A (en) | Access control system and access control method | |
| EP2356637A1 (en) | Card credential method and system | |
| CN110738764A (en) | Security control system and method based on intelligent lock | |
| CN106340101A (en) | Access control system based on dynamic password | |
| CN105243305A (en) | Access control method and system based on biological recognition characteristics | |
| Bechelli et al. | Biometrics authentication with smartcard | |
| WO2013114649A1 (en) | Biological authentication system, biological authentication device, and biological authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |