CN106341817A

CN106341817A - Access control system, access control method, mobile terminals and access server

Info

Publication number: CN106341817A
Application number: CN201610804140.3A
Authority: CN
Inventors: 符兴富
Original assignee: Nubia Technology Co Ltd
Current assignee: Nubia Technology Co Ltd
Priority date: 2016-09-05
Filing date: 2016-09-05
Publication date: 2017-01-18

Abstract

The invention discloses an access control system, an access control method, mobile terminals and an access server. The access control method comprises steps that multiple mobile terminals are registered through the access server, and a preset public key is sent to the registered mobile terminals; the public key sent by the access server is received by the mobile terminals; an identity identifier is generated; the access time efficiency information is set; the generated identity identifier, the received public key and the set access time efficiency information are inputted through the mobile terminals according to a self-contained near-field communication NFC input function into an access card; when the access server receives a door opening request of the access card, the access information of the access card is read; whether the door opening request of the access card is responded is determined according to the read access information of the access card. Through the method, authorization operation efficiency and access efficiency are improved, and user experience is enhanced.

Description

Access control system, method, mobile terminal and access server

Technical Field

The embodiment of the invention relates to the field of communication, in particular to an access control system, an access control method, a mobile terminal and an access server.

Background

At present, an access control system of an ecological community is still in a stage of artificial authorization, for example, an access control card reading and writing device carried by a Personal Computer (PC) writes access control data and performs logout operation, which causes irregular authorization operation, low efficiency of access operation, and poor user experience.

Disclosure of Invention

The application provides an access control system, an access control method, a mobile terminal and an access server, which can improve the efficiency of authorization operation, improve the access efficiency and enhance the user experience.

In order to achieve the object of the present application, an embodiment of the present invention provides an access control system, including: the system comprises an access server, a plurality of mobile terminals and a plurality of access cards; wherein,

the access control server is used for registering the plurality of mobile terminals and sending preset public keys to the registered mobile terminals; when a door opening request of an access card is received, reading access information of the access card; determining whether to respond to a door opening request of the access card according to the read access information of the access card;

the mobile terminal is used for generating an identity; receiving a public key sent by an access control server; setting access time efficiency information; writing the generated identity, the received public key and the set access aging information into the access card according to the NFC writing function of the access card;

and the access control card is used for sending a door opening request to the access control server.

Optionally, the access information includes: the identity mark generated by the mobile terminal, the public key, the access timeliness information and the identity mark of the access control card.

Optionally, the determining, by the access server, whether to respond to the door opening request of the access card according to the read access information of the access card includes:

judging whether the identity of the access card is contained in valid identity of a plurality of access cards stored by the access card; judging whether the read public key is a preset public key; judging whether the identity generated by the mobile terminal is the identity of the registered mobile terminal; judging whether the access timeliness information is in the validity period;

when the identity of the access card is judged to be contained in valid identity of a plurality of access cards stored in the access card, and when the read public key is judged to be a public key preset by the access card, and when the identity generated by the mobile terminal is judged to be the identity of a registered mobile terminal, and when the access validity information is judged to be within the validity period, responding to a door opening request of the access card;

and when the identity identification of the access card is judged not to be contained in valid identity identifications of a plurality of access cards stored by the access card, or when the judged public key is not a public key preset by the access card, or when the identity identification generated by the mobile terminal is judged not to be the identity identification of a registered mobile terminal, or when the access validity information is judged not to be in the validity period, refusing to respond to the door opening request of the access card.

Optionally, the registering, in the access control server, the plurality of mobile terminals includes:

and acquiring and storing international mobile equipment identity IMEIs of a plurality of mobile terminals.

Optionally, the generating, in the mobile terminal, an identity identifier includes:

acquiring the IMEI of the user;

and encrypting the IMEI according to a first preset encryption algorithm to generate an identity.

Optionally, the determining, by the access control server, whether the identity generated by the mobile terminal is the identity of a registered mobile terminal includes:

decrypting the identity generated by the mobile terminal according to a first preset decryption algorithm corresponding to the first preset encryption algorithm to obtain the IMEI of the mobile terminal;

judging whether the obtained IMEI of the mobile terminal is contained in IMEIs of a plurality of mobile terminals stored in advance;

when the obtained IMEI of the mobile terminal is judged to be contained in IMEIs of a plurality of mobile terminals stored by the mobile terminal, the identity generated by the mobile terminal is judged to be the identity of the registered mobile terminal;

and when the obtained IMEI of the mobile terminal is judged not to be contained in the IMEIs of the plurality of mobile terminals stored by the mobile terminal, judging that the identity generated by the mobile terminal is not the registered identity of the mobile terminal.

Optionally, the accessing the aging information includes: a threshold number of accesses and/or an access time period; accordingly, the number of the first and second electrodes,

the access control server is used for judging whether the access timeliness information comprises the following information in the validity period:

acquiring the access times of the access control card and/or acquiring the current moment;

judging whether the obtained access times of the access control card reach the access time threshold value and/or judging whether the obtained current time is in the accessible time period;

when the obtained access times of the access control card do not reach the access time threshold value, and when the obtained current time is within the accessible time period, the access timeliness information is judged to be within the validity period;

and when the obtained access times of the access control card reach the access time threshold value, or when the obtained current time is not within the accessible time period, judging that the access timeliness information is not within the validity period.

The embodiment of the invention also provides an access control method, which comprises the following steps:

the access control server registers the plurality of mobile terminals and sends a preset public key to the registered mobile terminals;

the mobile terminal receives a public key sent by the access control server; generating an identity label; setting access time efficiency information;

the mobile terminal writes the generated identity identification, the received public key and the set access aging information into the access card according to the NFC writing function of the mobile terminal;

when receiving a door opening request of an access card, the access server reads access information of the access card; and determining whether to respond to the door opening request of the access card according to the read access information of the access card.

An embodiment of the present invention further provides a mobile terminal, including: the device comprises a receiving module, a generating module, a setting module and a writing module; wherein,

the receiving module is used for receiving the public key sent by the access control server;

the generating module is used for generating the identity;

the setting module is used for setting access timeliness information;

and the writing module is used for writing the generated identity, the received public key and the set access aging information into the access card according to the Near Field Communication (NFC) writing function of the mobile terminal to which the writing module belongs.

An embodiment of the present invention further provides an access control server, including: the device comprises a registration module, a sending module, a reading module and a processing module; wherein,

the registration module is used for registering a plurality of mobile terminals;

a sending module, configured to send a preset public key to a registered mobile terminal;

the access control system comprises a reading module, a processing module and a control module, wherein the reading module is used for reading access information of an access control card when receiving a door opening request of the access control card;

and the processing module is used for determining whether to respond to the door opening request of the access card according to the read access information of the access card.

The embodiment of the invention comprises the following steps: the access control server registers the plurality of mobile terminals and sends a preset public key to the registered mobile terminals; the mobile terminal receives a public key sent by the access control server; generating an identity label; setting access time efficiency information; the mobile terminal writes the generated identity identification, the received public key and the set access aging information into the access card according to the NFC writing function of the mobile terminal; when receiving a door opening request of an access card, the access server reads access information of the access card; and determining whether to respond to the door opening request of the access card according to the read access information of the access card. The embodiment of the invention improves the efficiency of authorization operation, improves the access efficiency and enhances the user experience.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:

fig. 1 is a schematic diagram of a hardware structure of an optional mobile terminal for implementing various embodiments of the present application;

FIG. 2 is a schematic diagram of a communication system supporting communication between mobile terminals according to the present application;

FIG. 3 is an architecture diagram of the access control system of the present application;

FIG. 4 is a flow chart of the access control method of the present application;

FIG. 5 is a flowchart of an embodiment of a method for access control according to the present application;

fig. 6 is a schematic structural diagram of a mobile terminal according to the present application;

fig. 7 is a schematic structural diagram of the access control server according to the present application.

Detailed Description

The technical solution of the present invention will be described in more detail with reference to the accompanying drawings and examples.

A mobile terminal implementing various embodiments of the present application will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.

The mobile terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. In the following, it is assumed that the terminal is a mobile terminal. However, it will be understood by those skilled in the art that the configuration according to the embodiment of the present invention can be applied to a fixed type terminal in addition to elements particularly used for moving purposes.

Fig. 1 is a schematic diagram of a hardware structure of an optional mobile terminal for implementing various embodiments of the present application.

The mobile terminal 100 may include a wireless communication unit 110, an a/V (audio/video) input unit 120, a user input unit 130, a sensing unit 140, an output unit 150, a memory 160, an interface unit 170, a controller 180, and a power supply unit 190, etc. Fig. 1 illustrates a mobile terminal having various components, but it is to be understood that not all illustrated components are required to be implemented. More or fewer components may alternatively be implemented. Elements of the mobile terminal will be described in detail below.

The wireless communication unit 110 typically includes one or more components that allow radio communication between the mobile terminal 100 and a wireless communication system or network. For example, the wireless communication unit may include at least one of a broadcast receiving module 111, a mobile communication module 112, a wireless internet module 113, a short-range communication module 114, and a location information module 115.

The broadcast receiving module 111 receives a broadcast signal and/or broadcast associated information from an external broadcast management server via a broadcast channel. The broadcast channel may include a satellite channel and/or a terrestrial channel. The broadcast management server may be a server that generates and transmits a broadcast signal and/or broadcast associated information or a server that receives a previously generated broadcast signal and/or broadcast associated information and transmits it to a terminal. The broadcast signal may include a TV broadcast signal, a radio broadcast signal, a data broadcast signal, and the like. Also, the broadcast signal may further include a broadcast signal combined with a TV or radio broadcast signal. The broadcast associated information may also be provided via a mobile communication network, and in this case, the broadcast associated information may be received by the mobile communication module 112. The broadcast signal may exist in various forms, for example, it may exist in the form of an Electronic Program Guide (EPG) of Digital Multimedia Broadcasting (DMB), an Electronic Service Guide (ESG) of digital video broadcasting-handheld (DVB-H), and the like. The broadcast receiving module 111 may receive a signal broadcast by using various types of broadcasting systems. In particular, the broadcast receiving module 111 may receive a broadcast signal by using a signal such as multimedia broadcasting-terrestrial (DMB-T), digital multimedia broadcasting-satellite (DMB-S), digital video broadcasting-handheld (DVB-H), forward link media (MediaFLO)^@) A digital broadcasting system of a terrestrial digital broadcasting integrated service (ISDB-T), etc. receives digital broadcasting. The broadcast receiving module 111 may be constructed to be suitable for various broadcasting systems that provide broadcast signals as well as the above-mentioned digital broadcasting systems. The broadcast signal and/or broadcast associated information received via the broadcast receiving module 111 may be stored in the memory 160 (or other type of storage medium).

The mobile communication module 112 transmits and/or receives radio signals to and/or from at least one of a base station (e.g., access point, node B, etc.), an external terminal, and a server. Such radio signals may include voice call signals, video call signals, or various types of data transmitted and/or received according to text and/or multimedia messages.

The wireless internet module 113 supports wireless internet access of the mobile terminal. The module may be internally or externally coupled to the terminal. The wireless internet access technology to which the module relates may include WLAN (wireless LAN) (Wi-Fi), Wibro (wireless broadband), Wimax (worldwide interoperability for microwave access), HSDPA (high speed downlink packet access), and the like.

The short-range communication module 114 is a module for supporting short-range communication. Some examples of short-range communication technologies include bluetooth^TMRadio Frequency Identification (RFID), infrared data association (IrDA), Ultra Wideband (UWB), zigbee^TMAnd so on.

The location information module 115 is a module for checking or acquiring location information of the mobile terminal. A typical example of the location information module is a GPS (global positioning system). According to the current technology, the GPS module 115 calculates distance information and accurate time information from three or more satellites and applies triangulation to the calculated information, thereby accurately calculating three-dimensional current location information according to longitude, latitude, and altitude. Currently, a method for calculating position and time information uses three satellites and corrects an error of the calculated position and time information by using another satellite. In addition, the GPS module 115 can calculate speed information by continuously calculating current position information in real time.

The a/V input unit 120 is used to receive an audio or video signal. The a/V input unit 120 may include a camera 121 and a microphone 122, and the camera 121 processes image data of still pictures or video obtained by an image capturing apparatus in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 151. The image frames processed by the cameras 121 may be stored in the memory 160 (or other storage medium) or transmitted via the wireless communication unit 110, and two or more cameras 121 may be provided according to the construction of the mobile terminal. The microphone 122 may receive sounds (audio data) via the microphone in a phone call mode, a recording mode, a voice recognition mode, or the like, and can process such sounds into audio data. The processed audio (voice) data may be converted into a format output transmittable to a mobile communication base station via the mobile communication module 112 in case of a phone call mode. The microphone 122 may implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated in the course of receiving and transmitting audio signals.

The user input unit 130 may generate key input data according to a command input by a user to control various operations of the mobile terminal. The user input unit 130 allows a user to input various types of information, and may include a keyboard, dome sheet, touch pad (e.g., a touch-sensitive member that detects changes in resistance, pressure, capacitance, and the like due to being touched), scroll wheel, joystick, and the like. In particular, when the touch pad is superimposed on the display unit 151 in the form of a layer, a touch screen may be formed.

The sensing unit 140 detects a current state of the mobile terminal 100 (e.g., an open or closed state of the mobile terminal 100), a position of the mobile terminal 100, presence or absence of contact (i.e., touch input) by a user with the mobile terminal 100, an orientation of the mobile terminal 100, acceleration or deceleration movement and direction of the mobile terminal 100, and the like, and generates a command or signal for controlling an operation of the mobile terminal 100. For example, when the mobile terminal 100 is implemented as a slide-type mobile phone, the sensing unit 140 may sense whether the slide-type phone is opened or closed. In addition, the sensing unit 140 can detect whether the power supply unit 190 supplies power or whether the interface unit 170 is coupled with an external device.

The interface unit 170 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The identification module may store various information for authenticating a user using the mobile terminal 100 and may include a User Identity Module (UIM), a Subscriber Identity Module (SIM), a Universal Subscriber Identity Module (USIM), and the like. In addition, a device having an identification module (hereinafter, referred to as an "identification device") may take the form of a smart card, and thus, the identification device may be connected with the mobile terminal 100 via a port or other connection means. The interface unit 170 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal and the external device.

In addition, when the mobile terminal 100 is connected with an external cradle, the interface unit 170 may serve as a path through which power is supplied from the cradle to the mobile terminal 100 or may serve as a path through which various command signals input from the cradle are transmitted to the mobile terminal. Various command signals or power input from the cradle may be used as signals for recognizing whether the mobile terminal is accurately mounted on the cradle. The output unit 150 is configured to provide output signals (e.g., audio signals, video signals, alarm signals, vibration signals, etc.) in a visual, audio, and/or tactile manner. The output unit 150 may include a display unit 151, an audio output module 152, an alarm unit 153, and the like.

The display unit 151 may display information processed in the mobile terminal 100. For example, when the mobile terminal 100 is in a phone call mode, the display unit 151 may display a User Interface (UI) or a Graphical User Interface (GUI) related to a call or other communication (e.g., text messaging, multimedia file downloading, etc.). When the mobile terminal 100 is in a video call mode or an image capturing mode, the display unit 151 may display a captured image and/or a received image, a UI or GUI showing a video or an image and related functions, and the like.

Meanwhile, when the display unit 151 and the touch pad are overlapped with each other in the form of a layer to form a touch screen, the display unit 151 may serve as an input device and an output device. The display unit 151 may include at least one of a Liquid Crystal Display (LCD), a thin film transistor LCD (TFT-LCD), an Organic Light Emitting Diode (OLED) display, a flexible display, a three-dimensional (3D) display, and the like. Some of these displays may be configured to be transparent to allow a user to view from the outside, which may be referred to as transparent displays, and a typical transparent display may be, for example, a TOLED (transparent organic light emitting diode) display or the like. Depending on the particular desired implementation, the mobile terminal 100 may include two or more display units (or other display devices), for example, the mobile terminal may include an external display unit (not shown) and an internal display unit (not shown). The touch screen may be used to detect a touch input pressure as well as a touch input position and a touch input area.

The audio output module 152 may convert audio data received by the wireless communication unit 110 or stored in the memory 160 into an audio signal and output as sound when the mobile terminal is in a call signal reception mode, a call mode, a recording mode, a voice recognition mode, a broadcast reception mode, or the like. Also, the audio output module 152 may provide audio output related to a specific function performed by the mobile terminal 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output module 152 may include a speaker, a buzzer, and the like.

The alarm unit 153 may provide an output to notify the mobile terminal 100 of the occurrence of an event. Typical events may include call reception, message reception, key signal input, touch input, and the like. In addition to audio or video output, the alarm unit 153 may provide output in different ways to notify the occurrence of an event. For example, the alarm unit 153 may provide an output in the form of vibration, and when a call, a message, or some other incoming communication (communicating communication) is received, the alarm unit 153 may provide a tactile output (i.e., vibration) to inform the user thereof. By providing such a tactile output, the user can recognize the occurrence of various events even when the user's mobile phone is in the user's pocket. The alarm unit 153 may also provide an output notifying the occurrence of an event via the display unit 151 or the audio output module 152.

The memory 160 may store software programs and the like for processing and controlling operations performed by the controller 180, or may temporarily store data (e.g., a phonebook, messages, still images, videos, and the like) that has been or will be output. Also, the memory 160 may store data regarding various ways of vibration and audio signals output when a touch is applied to the touch screen.

The memory 160 may include at least one type of storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. Also, the mobile terminal 100 may cooperate with a network storage device that performs a storage function of the memory 160 through a network connection.

The controller 180 generally controls the overall operation of the mobile terminal. For example, the controller 180 performs control and processing related to voice calls, data communications, video calls, and the like. In addition, the controller 180 may include a multimedia module 181 for reproducing (or playing back) multimedia data, and the multimedia module 181 may be constructed within the controller 180 or may be constructed separately from the controller 180. The controller 180 may perform a pattern recognition process to recognize a handwriting input or a picture drawing input performed on the touch screen as a character or an image.

The power supply unit 190 receives external power or internal power and provides appropriate power required to operate various elements and components under the control of the controller 180.

The various embodiments described herein may be implemented in a computer-readable medium using, for example, computer software, hardware, or any combination thereof. For a hardware implementation, the embodiments described herein may be implemented using at least one of an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a processor, a controller, a microcontroller, a microprocessor, an electronic unit designed to perform the functions described herein, and in some cases, such embodiments may be implemented in the controller 180. For a software implementation, the implementation such as a process or a function may be implemented with a separate software module that allows performing at least one function or operation. The software codes may be implemented by software applications (or programs) written in any suitable programming language, which may be stored in the memory 160 and executed by the controller 180.

Up to this point, mobile terminals have been described in terms of their functionality. Hereinafter, a slide-type mobile terminal among various types of mobile terminals, such as a folder-type, bar-type, swing-type, slide-type mobile terminal, and the like, will be described as an example for the sake of brevity. Accordingly, the present application can be applied to any type of mobile terminal, and is not limited to a slide type mobile terminal.

The mobile terminal 100 as shown in fig. 1 may be configured to operate with communication systems such as wired and wireless communication systems and satellite-based communication systems that transmit data via frames or packets.

A communication system in which a mobile terminal according to the present application is capable of operating will now be described with reference to fig. 2.

Such communication systems may use different air interfaces and/or physical layers. For example, the air interface used by the communication system includes, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), and Universal Mobile Telecommunications System (UMTS) (in particular, Long Term Evolution (LTE)), global system for mobile communications (GSM), and the like. By way of non-limiting example, the following description relates to a CDMA communication system, but such teachings are equally applicable to other types of systems.

Referring to fig. 2, the CDMA wireless communication system may include a plurality of mobile terminals 100, a plurality of Base Stations (BSs) 270, Base Station Controllers (BSCs) 275, and a Mobile Switching Center (MSC) 280. The MSC280 is configured to interface with a Public Switched Telephone Network (PSTN) 290. The MSC280 is also configured to interface with a BSC275, which may be coupled to the base station 270 via a backhaul. The backhaul may be constructed according to any of several known interfaces including, for example, E1/T1, ATM, IP, PPP, frame Relay, HDSL, ADSL, or xDSL. It will be understood that a system as shown in fig. 2 may include multiple BSCs 275.

Each BS270 may serve one or more sectors (or regions), each sector covered by a multi-directional antenna or an antenna pointing in a particular direction being radially distant from the BS 270. Alternatively, each partition may be covered by two or more antennas for diversity reception. Each BS270 may be configured to support multiple frequency allocations, with each frequency allocation having a particular frequency spectrum (e.g., 1.25MHz,5MHz, etc.).

The intersection of partitions with frequency allocations may be referred to as a CDMA channel. The BS270 may also be referred to as a Base Transceiver Subsystem (BTS) or other equivalent terminology. In such a case, the term "base station" may be used to generically refer to a single BSC275 and at least one BS 270. The base stations may also be referred to as "cells". Alternatively, each sector of a particular BS270 may be referred to as a plurality of cell sites.

As shown in fig. 2, a Broadcast Transmitter (BT)295 transmits a broadcast signal to the mobile terminal 100 operating within the system. A broadcast receiving module 111 as shown in fig. 1 is provided at the mobile terminal 100 to receive a broadcast signal transmitted by the BT 295. In fig. 2, several Global Positioning System (GPS) satellites 300 are shown. The satellite 300 assists in locating at least one of the plurality of mobile terminals 100.

In fig. 2, a plurality of satellites 300 are depicted, but it is understood that useful positioning information may be obtained with any number of satellites. The GPS module 115 as shown in fig. 1 is generally configured to cooperate with satellites 300 to obtain desired positioning information. Other techniques that can track the location of the mobile terminal may be used instead of or in addition to GPS tracking techniques. In addition, at least one GPS satellite 300 may selectively or additionally process satellite DMB transmission.

As a typical operation of the wireless communication system, the BS270 receives reverse link signals from various mobile terminals 100. The mobile terminal 100 is generally engaged in conversations, messaging, and other types of communications. Each reverse link signal received by a particular base station 270 is processed within the particular BS 270. The obtained data is forwarded to the associated BSC 275. The BSC provides call resource allocation and mobility management functions including coordination of soft handoff procedures between BSs 270. The BSCs 275 also route the received data to the MSC280, which provides additional routing services for interfacing with the PSTN 290. Similarly, the PSTN290 interfaces with the MSC280, the MSC interfaces with the BSCs 275, and the BSCs 275 accordingly control the BS270 to transmit forward link signals to the mobile terminal 100.

Based on the above mobile terminal hardware structure and communication system, various embodiments of the method of the present application are proposed.

Fig. 3 is an architecture diagram of the access control system of the present application, as shown in fig. 3, including: the system comprises an access control server, a plurality of mobile terminals and a plurality of access control cards. Wherein,

the access control server is used for registering the plurality of mobile terminals and sending preset public keys to the registered mobile terminals; when a door opening request of an access card is received, reading access information of the access card; and determining whether to respond to the door opening request of the access card according to the read access information of the access card.

Wherein, be used for registering a plurality of mobile terminal including among the access control server:

and acquiring and storing International Mobile Equipment Identities (IMEIs) of a plurality of mobile terminals.

The preset public key is obtained by encrypting a certain file stored by the access control server by adopting a second preset encryption algorithm.

Wherein the access information comprises: the identity, the public key, the access timeliness information and the identity of the access control card are generated by the mobile terminal.

Wherein, the access control server is used for determining whether to respond to the door opening request of the access control card according to the access information of the read access control card and comprises:

judging whether the identity of the access card is contained in the valid identity of a plurality of access cards stored by the access card; judging whether the read public key is a preset public key; judging whether the identity generated by the mobile terminal is the identity of the registered mobile terminal; judging whether the access timeliness information is in the validity period;

when the identity of the access card is judged to be contained in valid identity of a plurality of access cards stored by the access card, and when the read public key is judged to be a public key preset by the access card, and when the identity generated by the mobile terminal is judged to be the identity of a registered mobile terminal, and when the access validity information is judged to be within the validity period, responding to the door opening request of the access card;

and when the identity of the access card is judged not to be contained in valid identity of a plurality of access cards stored by the access card, or when the judged public key is not the public key preset by the access card, or when the identity generated by the mobile terminal is judged not to be the identity of a registered mobile terminal, or when the access validity information is judged not to be in the validity period, refusing to respond to the door opening request of the access card.

The mobile terminal is used for generating an identity; receiving a public key sent by an access control server; setting access time efficiency information; and writing the generated identity, the received public key and the set access aging information into the access card according to the NFC writing function of the access card.

Wherein accessing the age information comprises: a threshold number of accesses and/or an access time period. The access time threshold may be a default value set by a system of the mobile terminal, or may be set by a user according to a requirement of the user by providing a human-computer interaction interface, for example, the access time threshold may be set to 2, 5, or 10.

The mobile terminal for generating the identity identifier comprises the following steps:

acquiring the IMEI of the user;

and encrypting the IMEI according to a first preset encryption algorithm to generate the identity.

The method for judging whether the identity generated by the mobile terminal is the registered identity of the mobile terminal in the access control server comprises the following steps:

when the obtained IMEI of the mobile terminal is judged to be contained in the IMEIs of the plurality of mobile terminals stored by the mobile terminal, the identity generated by the mobile terminal is judged to be the registered identity of the mobile terminal;

Wherein, be used for judging in the access control server whether visit ageing information includes in the validity period:

judging whether the obtained access times of the access control card reach an access time threshold value and/or judging whether the obtained current time is in an accessible time period;

and when the obtained access times of the access control card reach the access time threshold value, or when the obtained current time is not in the accessible time period, judging that the access time efficiency information is not in the validity period.

Wherein, be used for judging among the access control server whether the public key that reads is the public key that self preset includes:

decrypting the read public key according to a second preset decryption algorithm corresponding to the second preset encryption algorithm to obtain a decrypted certain file;

judging whether the obtained decrypted certain file is the same as the certain file which is not encrypted by adopting a second preset encryption algorithm;

when the obtained decrypted certain file is judged to be the same as the certain file before being encrypted by adopting a second preset encryption algorithm, the read public key is disconnected and is a preset public key per se;

and when the obtained decrypted certain file is judged to be different from the certain file before being encrypted by adopting a second preset encryption algorithm, the read public key is not the preset public key.

Fig. 4 is a flowchart of the access control method of the present application, as shown in fig. 4, including:

step 401: the access control server registers the plurality of mobile terminals and sends a preset public key to the registered mobile terminals.

Wherein, entrance guard's server registers a plurality of mobile terminal and includes:

Step 402: the mobile terminal receives a public key sent by the access control server; generating an identity label; and setting access aging information.

The mobile terminal generates the identity identifier, which comprises the following steps:

the mobile terminal acquires the IMEI of the mobile terminal;

the mobile terminal encrypts the IMEI according to a first preset encryption algorithm to generate the identity.

For example, the IMEI may be encrypted as follows: the IMEI of the mobile terminal is multiplied by the number of seconds at time 1/1 of 1970 (or other years) divided by a random number within 100. The identity generated by the mobile terminal every time is different, so that the generated identity is only effective once, and other equipment is prevented from being stolen.

Step 403: and the mobile terminal writes the generated identity, the received public key and the set access aging information into the access card according to the NFC write-in function of the mobile terminal.

It should be noted that how to write data by using the NFC writing function belongs to the conventional technical means known to those skilled in the art, and details are not described herein and are not intended to limit the present application.

Step 404: when receiving a door opening request of an access card, the access server reads access information of the access card; and determining whether to respond to the door opening request of the access card according to the read access information of the access card.

Wherein, the access control server confirms whether to respond to the request of opening the door of entrance guard's card according to the access information of the entrance guard's card that reads includes:

the entrance guard server judges whether the identity of the entrance guard card is contained in the valid identity of a plurality of entrance guard cards stored by the entrance guard server; the access control server judges whether the read public key is a preset public key; the access control server judges whether the identity generated by the mobile terminal is the identity of the registered mobile terminal; the access control server judges whether the access aging information is in the valid period;

when the access server judges that the identity of the access card is contained in the valid identity of a plurality of access cards stored in the access server, and when the access server judges that the read public key is a public key preset by the access server, and when the access server judges that the identity generated by the mobile terminal is the identity of a registered mobile terminal, and when the access server judges that the access time-efficiency information is within the validity period, the access server responds to the door opening request of the access card;

when the entrance guard server judges that the identification of the entrance guard card is not contained in the valid identification of a plurality of entrance guard cards stored by the entrance guard server, or when the public key judged by the entrance guard server is not the public key preset by the entrance guard server, or when the entrance guard server judges that the identification generated by the mobile terminal is not the identification of the registered mobile terminal, or when the entrance guard server judges that the access time-effect information is not in the valid period, the entrance guard server refuses to respond to the door opening request of the entrance guard card.

Wherein, the access control server judges whether the identity generated by the mobile terminal is the registered identity of the mobile terminal, and the access control server comprises:

the access control server decrypts the identity generated by the mobile terminal according to a first preset decryption algorithm corresponding to the first preset encryption algorithm to obtain the IMEI of the mobile terminal;

the entrance guard server judges whether the obtained IMEI of the mobile terminal is contained in IMEIs of a plurality of mobile terminals stored in advance;

when the access control server judges that the obtained IMEI of the mobile terminal is contained in the IMEIs of the mobile terminals stored in the access control server, the access control server judges that the identity generated by the mobile terminal is the registered identity of the mobile terminal;

when the access control server judges that the obtained IMEI of the mobile terminal is not contained in the IMEIs of the mobile terminals stored in the access control server, the access control server judges that the identity generated by the mobile terminal is not the registered identity of the mobile terminal.

Wherein, entrance guard's server judges whether visit ageing information includes in the validity period:

the access control server acquires the access times of the access control card and/or acquires the current moment;

the access control server judges whether the obtained access times of the access control card reach an access time threshold value or not, and/or the access control server judges whether the obtained current time is within an accessible time period or not;

when the access server judges that the obtained access times of the access card do not reach an access time threshold value, and when the access server judges that the obtained current time is in an accessible time period, the access server judges that access aging information is in an effective period;

and when the access server judges that the obtained access times of the access card reach an access time threshold, or when the access server judges that the obtained current time is not in an accessible time period, judging that the access timeliness information is not in the validity period.

Wherein, the public key that entrance guard's server judgement was read is the public key that self preset includes:

In the embodiment of the application, the generated identity, the received public key and the set access aging information are written into the access control card through the mobile terminal according to the Near Field Communication (NFC) write-in function of the mobile terminal, and whether the door opening request of the access control card is responded is determined according to the read access information of the access control card, so that the authorization operation efficiency is improved, the access efficiency is improved, and the user experience is enhanced.

Fig. 5 is a flowchart of an embodiment of the access control method, and as shown in fig. 5, the embodiment explains that the access time limit information is an access time threshold, and includes:

step 500: the access control server encrypts a certain file stored by the access control server by adopting a second preset encryption algorithm so as to obtain a preset public key.

Step 501: and the access control server registers the plurality of mobile terminals.

Wherein, step 501 specifically includes:

the access control server obtains and stores International Mobile Equipment Identities (IMEIs) of a plurality of mobile terminals.

Step 502: and the access control server sends a preset public key to the registered mobile terminal.

Step 503: and the mobile terminal receives the public key sent by the access control server, generates an identity and sets an access time threshold.

the mobile terminal acquires the IMEI of the mobile terminal;

The access time threshold may be a default value set by a system of the mobile terminal, or may be set by a user according to a requirement of the user by providing a human-computer interaction interface, for example, the access time threshold may be set to 2, 5, or 10.

Step 504: and the mobile terminal writes the generated identity, the received public key and the set access time threshold into the access card according to the NFC write-in function of the mobile terminal.

Step 505: and the access control card sends a door opening request to the access control server.

Step 506: and when receiving the door opening request of the access card, the access server reads the access information of the access card.

Wherein the access information comprises: the mobile terminal generates an identity, a public key, an access frequency threshold and an identity of the access control card.

Step 507: and the access server determines whether to respond to the door opening request of the access card according to the read access information of the access card.

the entrance guard server judges whether the identity of the entrance guard card is contained in the valid identity of a plurality of entrance guard cards stored by the entrance guard server; the access control server judges whether the read public key is a preset public key; the access control server judges whether the identity generated by the mobile terminal is the identity of the registered mobile terminal; the access control server judges whether the access frequency threshold is in the valid period or not;

when the access server judges that the identity of the access card is contained in valid identity of a plurality of access cards stored in the access server, and when the access server judges that the read public key is a public key preset by the access server, and when the access server judges that the identity generated by the mobile terminal is the identity of a registered mobile terminal, and when the access server judges that the access time threshold is within the validity period, the access server responds to a door opening request of the access card;

when the entrance guard server judges that the identification of the entrance guard card is not contained in the valid identification of a plurality of entrance guard cards stored by the entrance guard server, or when the public key judged by the entrance guard server is not the public key preset by the entrance guard server, or when the entrance guard server judges that the identification generated by the mobile terminal is not the identification of the registered mobile terminal, or when the entrance guard server judges that the access time threshold value is not in the valid period, the entrance guard server refuses to respond to the door opening request of the entrance guard card.

Wherein, the access control server judges whether the access frequency threshold value includes in the validity period:

the access control server acquires access of an access control card;

the access control server judges whether the obtained access times of the access control card reach an access time threshold value or not, and/or the access control server judges whether the obtained current time is in an accessible time period or not;

when the access server judges that the obtained access times of the access card do not reach the access time threshold, the access server judges that the access time threshold is in the valid period;

and when the access server judges that the obtained access times of the access card reach the access time threshold, judging that the access time threshold is not in the validity period.

Fig. 6 is a schematic structural diagram of a mobile terminal according to the present application, as shown in fig. 6, including: a receiving module 60, a generating module 61, a setting module 62 and a writing module 63. Wherein,

and the receiving module 60 is configured to receive the public key sent by the access control server.

And the generating module 61 is used for generating the identity.

The generating module 61 is specifically configured to:

acquiring an International Mobile Equipment Identity (IMEI) of a mobile terminal to which the mobile terminal belongs;

And the setting module 62 is used for setting the access aging information.

And the writing module 63 is configured to write the generated identity, the received public key, and the set access aging information into the access card according to a near field communication NFC writing function of the mobile terminal to which the writing module belongs.

Fig. 7 is a schematic structural diagram of the access control server of the present application, as shown in fig. 7, including: a registration module 70, a sending module 71, a reading module 72 and a processing module 73. Wherein,

a registration module 70, configured to register a plurality of mobile terminals.

The registration module 70 is specifically configured to:

A sending module 71, configured to send a preset public key to the registered mobile terminal.

The reading module 72 is configured to read access information of the access card when receiving a door opening request of the access card.

And the processing module 73 is used for determining whether to respond to the door opening request of the access card according to the read access information of the access card.

Wherein, the processing module 73 is specifically configured to:

The step of determining, in the processing module 73, whether the identity generated by the mobile terminal is the identity of the registered mobile terminal includes:

Wherein accessing the age information comprises: a threshold number of accesses and/or an access time period. At this time, the process of the present invention,

the processing module 73 is configured to determine whether the access aging information includes the following information in the validity period:

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by a program instructing associated hardware (e.g., a processor) to perform the steps, and the program may be stored in a computer readable storage medium, such as a read only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the above embodiments may be implemented using one or more integrated circuits. Accordingly, the modules/units in the above embodiments may be implemented in hardware, for example, by an integrated circuit, or may be implemented in software, for example, by a processor executing programs/instructions stored in a memory to implement the corresponding functions. The present invention is not limited to any specific form of combination of hardware and software.

The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.

Claims

1. An access control system, comprising: the system comprises an access server, a plurality of mobile terminals and a plurality of access cards; wherein,

2. The access control system of claim 1, wherein the access information comprises: the identity mark generated by the mobile terminal, the public key, the access timeliness information and the identity mark of the access control card.

3. The door access control system according to claim 2, wherein the determining, in the door access server, whether to respond to the door opening request of the door access card according to the read access information of the door access card comprises:

4. The door access control system according to claim 3, wherein the registering of the plurality of mobile terminals in the door access server comprises:

5. The door access control system according to claim 4, wherein the mobile terminal for generating the identification comprises:

acquiring the IMEI of the user;

6. The door access control system according to claim 5, wherein the step of determining whether the id generated by the mobile terminal is the id of the registered mobile terminal in the door access server comprises:

7. The access control system of claim 3, wherein the access age information comprises: a threshold number of accesses and/or an access time period; accordingly, the number of the first and second electrodes,

8. An access control method, comprising:

9. A mobile terminal, comprising: the device comprises a receiving module, a generating module, a setting module and a writing module; wherein,

the generating module is used for generating the identity;

the setting module is used for setting access timeliness information;

10. An access server, comprising: the device comprises a registration module, a sending module, a reading module and a processing module; wherein,