TWM673943U - Access control management system - Google Patents

Abstract

An access control management system is provided, utilizing a mobile phone and an access control management host to perform multi-layer identity verification to ensure the security of access control. The system comprises a mobile phone and an access control management host. The mobile phone is equipped with a biometric recognition module to identify the user's biometric features and transmits the encrypted user identification code and user identity data to the access control management host through an access control management module. After processing the received data, the access control management host compares the data with an access approval list. If approved, it further verifies the user identification code and user identity data with a telecommunications platform. Upon successful authentication, the access control management host issues an unlocking command to an access control device to grant access.

Description

Access control management system

This invention relates to an identity verification technology, and more particularly to an access control management system and method using the identity verification technology.

Current access control systems generally use electronic locks as the primary control mechanism and rely on various authentication methods to manage access. The most common methods include access cards, passwords, and biometrics. However, these methods still face numerous practical challenges and cannot fully meet the security, convenience, and cost-effectiveness requirements of modern access control systems.

Access card systems are one of the most popular access control methods today. Using radio frequency identification (RFID) or near-field communication (NFC) technology, users simply hold their access card near or in contact with a reader to complete identity verification. However, this method has some significant drawbacks. First, access cards are easily lost or stolen. Someone with a lost card can easily impersonate the cardholder and gain access to controlled areas. Furthermore, managing access cards is a significant burden. Businesses or organizations need to regularly issue, recycle, and manage a large number of access cards. Furthermore, maintaining access records and tracking requires a more complex back-end system, further increasing costs and management complexity.

In addition to access cards, some electronic door locks use password input for identity verification. Users enter a pre-set password on the door lock's keyboard to open the door. However, password systems also have many security issues. First, users often choose simple passwords that are easy to remember but not secure enough, such as "123456" or "0000". These passwords are extremely easy to guess or brute force. In addition, the password input process may be observed by others or recorded by surveillance equipment, increasing the risk of theft. More seriously, passwords are easy to share. If a user tells his or her password to others, the access control system will no longer be able to effectively identify the true identity of the entrant, resulting in a security loophole. Furthermore, when a password is forgotten, the user may need to be reset by the administrator, which is quite inconvenient in large organizations or environments where passwords need to be changed frequently.

To overcome the shortcomings of traditional access cards and password systems, some access control systems have begun to incorporate biometric technologies, such as fingerprint, facial, and iris recognition, to enhance identity verification security. However, while these technologies offer high anti-counterfeiting capabilities, they still face practical limitations. For example, fingerprint recognition systems are easily affected by environmental factors. If a user's finger is wet, dirty, or dry, recognition accuracy will be significantly reduced. Similarly, while facial recognition technology offers a more convenient verification method, its success rate is also affected in low-light environments or when the user is wearing an obstruction such as a mask or glasses. Furthermore, biometric data is highly sensitive personal information. Once stolen or misused, it cannot be easily changed like a password, posing even more serious privacy and security risks.

Overall, while current access control systems have evolved from traditional mechanical locks to electronic locks and incorporate various authentication technologies, they still cannot fully address the challenges facing modern access control management. Access cards are easily lost and forged, password systems face issues with sharing and forgetting, and biometric technology, due to factors such as high equipment costs and environmental impact, still lacks optimal user experience. Therefore, current access control systems still have many shortcomings in terms of security, convenience, and management costs. More advanced and integrated access control management solutions are urgently needed to overcome these issues.

Therefore, one aspect of the present invention is to provide an access control management system comprising a mobile phone and an access control management host.

The mobile phone belongs to a user and includes a biometric module, a SIM card, and an access control management module. The biometric module identifies the pending biometric feature, generates a pending biometric identification code, and verifies whether the pending biometric identification code matches the user's user biometric identification code, thereby obtaining a biometric verification result. The SIM card stores the user's user identification code. The access control management module includes an access control management application and is electrically connected to the SIM card and the biometric module. The access control management module obtains the user identification code from the SIM card and the user's user identity information, and receives the biometric verification result from the biometric module.

The access control management host includes a communication module, a storage module, and a computing module. The communication module communicates with the access control management module of the mobile phone, as well as with the telecommunications platform and the access control device. The communication module receives the user's user identification code, user identity information, and biometric verification results from the access control management module. The telecommunications platform has the user's user identification code and user identity information. The storage module stores the access control approval list of the access control device. The computing module is electrically connected to the communication module and the storage module. When the biometric verification result is "successful," the access control management module encrypts the user ID and user identity information and transmits them to the computing module. The computing module then decrypts the encrypted user ID and user identity information and receives the access control approval list from the storage module to verify whether the user ID and user identity information are listed on the access control approval list. Approval is granted. If the verification result is "successful," the computing module encrypts the user ID and user identity information and transmits them to the telecommunications platform via the communication module. The telecommunications platform decrypts the encrypted user ID and user identity information to verify them, obtains the telecommunications verification result, and transmits it back to the computing module. If the telecommunications verification result is "successful," the computing module issues an unlock command to the access control device.

According to one embodiment of the present invention, the biometric recognition module includes at least one of a fingerprint recognition module, a facial recognition module, and an iris recognition module.

According to one embodiment of the present invention, the access control management module of the mobile phone requests the computing module of the access control management host to provide a system public key and a system private key. The access control management module uses the system private key to encrypt the user identification code and user identity information and then transmits the encrypted information to the computing module. The computing module then uses the system public key to decrypt the encrypted user identification code and user identity information.

According to one embodiment of the present invention, the computing module of the access control host requests the telecommunications platform for a telecommunications public key and a telecommunications private key through the communication module. The computing module encrypts the user identification code and user identity information with the telecommunications private key and transmits the encrypted information to the telecommunications platform. The telecommunications platform then decrypts the encrypted user identification code and user identity information using the telecommunications public key.

According to one embodiment of the present invention, the access control management module further generates a timestamp before transmitting the user identification code and the user identity information. The timestamp is encrypted together with the user identification code and the user identity information before being transmitted to the access control management host.

According to one embodiment of the present invention, the storage module of the access control management host also stores the access control permission settings for the access control device. After the telecommunications verification result is "successful," the computing module receives and, based on the access control permission settings, limits the access control scope and access control time period for the user identification code and user identity information. It then confirms whether the user's request to access the access control device falls within the access control scope and access control time period. Only when the request is met does the computing module issue the unlock command to the access control device.

Another aspect of the present invention is to provide an access control management method applicable to the aforementioned access control management system. The access control management method includes the biometric recognition module identifying the pending biometric feature and verifying whether the pending biometric identification code matches the user's biometric identification code, thereby obtaining a biometric verification result. When the biometric verification result is "successful," the access control management module encrypts the user identification code and user identity information and transmits them to the computing module. The computing module then decrypts the encrypted user identification code and user identity information and receives the access control approval list from the storage module to verify whether the user identification code and user identity information are listed on the access control approval list, thereby obtaining the approval verification result. If the verification result is "successful," the computing module encrypts the user ID and user identity information and transmits them to the telecommunications platform via the communication module. The telecommunications platform decrypts the encrypted user ID and user identity information to verify them, obtains the telecommunications verification result, and returns it to the computing module.

This new access control system integrates biometric authentication, SIM card identification verification, and multi-layer encryption technology to provide a highly secure, cost-effective, and convenient access control solution. This access control system not only effectively prevents identity forgery, false entry, and tampering with authentication information, but also reduces the installation and maintenance costs of access control equipment, making it suitable for a variety of environments requiring high-security access control.

The above description is intended to provide a simplified summary of the present invention to provide readers with a basic understanding of the present invention. This description is not a complete overview of the present invention and is not intended to identify important or key elements of the present invention or to define the scope of the present invention. After reading the following detailed description, those skilled in the art will readily understand the fundamental spirit and other objectives of the present invention, as well as the technical means and implementation aspects employed by the present invention.

100: Access Control System

110: Mobile phone

112: Biometric Module

114: SIM card

116: Access Control Management Module

120: Access control management host

122: Communication Module

124: Storage Module

126: Computational Module

130: Access control equipment

140: Telecommunications Platform

210-250: Steps

305-355: Steps

To make the above and other purposes, features, advantages and embodiments of the present invention more clearly understood, the accompanying drawings are described as follows.

Figure 1 is a schematic diagram of the functional architecture of an access control management system according to an embodiment of the present invention.

Figure 2 is a schematic diagram of the pre-processing steps of an access control management method according to an embodiment of the present invention.

Figure 3 is a schematic diagram of the process of an access control management method according to an embodiment of the present invention.

Based on the above, an access control management system and method are provided. This access control management system and method integrate biometric authentication, SIM card identification code authentication, and multi-layer encryption technology to provide a highly secure, low-cost, and convenient access control management solution. The following description will introduce an exemplary structure and method of the access control management system and method.

For ease of description, the functions of the device are described as various functional units and/or functional modules. When implementing the present invention, these functional units or modules may be implemented in the same or multiple software and/or hardware components. The present invention is described with reference to flowcharts and/or block diagrams of methods, devices, and computer program products according to the embodiments. Computer program instructions are input into a processor, which executes the instructions to generate a device for implementing the described functions. These instructions may be executed in a processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing device.

Figure 1 is a schematic diagram of the functional architecture of an access control management system according to an embodiment of the present invention.

In Figure 1, the access control management system 100 includes a mobile phone 110 and an access control management host 120.

The mobile phone 110 belongs to a user and includes a biometric recognition module 112, a SIM card 114, and an access control management module 116.

The biometric module 112 identifies the pending biometric feature and generates a pending biometric code, and verifies whether the pending biometric code matches the user's user biometric code, thereby obtaining a biometric verification result. According to one embodiment of the present invention, the biometric module 112 includes at least one of a fingerprint recognition module, a facial recognition module, and an iris recognition module. For example, when the biometric recognition module 112 is a fingerprint recognition module, the user places their finger on the fingerprint sensing area of the mobile phone 110. The fingerprint recognition module scans and senses the user's fingerprint characteristics and converts the scanned fingerprint characteristics into a pending biometric identification code. This code is then compared with the user's biometric identification code stored in the mobile phone 110 to confirm the user's identity. In the case of a facial recognition module, the camera of the mobile phone 110 captures an image of the user's face, and image analysis technology is used to generate a pending biometric identification code for comparison. In the case of an iris recognition module, the camera of the mobile phone 110 scans an image of the user's iris, and the iris pattern is analyzed to generate a pending biometric identification code, which is then compared with the user's biometric identification code.

SIM card 114 stores the user's user identification code. This user identification code is issued and managed by telecommunications platform 140. Telecommunications platform 140 also stores the user's user identity information corresponding to the user identification code in SIM card 114 for subsequent identity verification. According to one embodiment of the present invention, the user identification code may be the user's mobile phone number or another unique identification code assigned by the telecommunications platform.

Access management module 116 includes an access management application and is electrically connected to SIM card 114 and biometric module 112 to facilitate access management. Access management module 116 , through the access management application installed on mobile phone 110 , requires the user to enter relevant user identification information, such as name, contact information, or other identifiable personal information, upon initial registration. The user identification information is then stored in the internal storage unit of mobile phone 110 . During subsequent access control verification, the access control management module 116 obtains the user identification code issued by the telecommunications platform from the SIM card 114 and the user identity information entered by the user during registration from the internal storage unit of the mobile phone 110. It also receives the biometric verification result generated by the biometric recognition module 112.

The access control management host 120 includes a communication module 122, a storage module 124, and a computing module 126.

The communication module 122 communicates with the access control management module 116 of the mobile phone 110, as well as with the telecommunications platform 140 and the access control device 130. It is responsible for data transmission between the access control management host 120 and various components. The communication module 122 receives the user identification code and user identity information from the access control management module 116 and transmits them to the computing module 126 of the access control management host 120 for verification. Furthermore, the communication module 122 can send query requests to the telecommunications platform 140 to compare the user identification code and user identity information to ensure the user's identity authenticity.

According to one embodiment of the present invention, the communication module 122 can exchange data with the mobile phone 110 via wireless communication technologies (such as Wi-Fi, mobile network, or Bluetooth). It also establishes a secure connection with the telecommunications platform 140 and the access control device 130 via a local area network or mobile network to ensure the integrity and immediacy of data transmission. Furthermore, the telecommunications platform 140 has the user ID and corresponding user identity information for logging in. When the access control management host 120 requests authentication from the telecommunications platform 140, the telecommunications platform 140 compares the user ID and user identity information against its internal database and provides the corresponding authentication result to the access control management host 120.

The storage module 124 stores the access control authorization list for the access control device 130. The authorization list records information about users permitted to access the access control device 130, including the user identification code and corresponding user identity information, for comparison by the access control management host 120 during identity verification. When the access control management host 120 receives an access verification request from the access control management module 116, the storage module 124 provides the relevant information from the authorization list to confirm whether the user has permission to access the access control device 130.

According to one embodiment of the present invention, the storage module 124 of the access control management host 120 also stores access control permission settings for the access control device 130. The access control permission settings include access control ranges and access control time periods. Access control ranges can define access permissions for a specific access control device 130, for example, restricting certain users to specific areas or floors within a building. Access control time periods can set the time range during which a user can access the access control device 130, for example, allowing access only during specific hours on weekdays.

The computing module 126 is electrically connected to the communication module 122 and the storage module 124 and is responsible for processing various calculations and verification operations for the access control management host 120. When the biometric verification result is "successful," the access control management module 116 encrypts the user identification code and user identity information and transmits them to the computing module 126 via the communication module 122. After receiving the encrypted user identification code and user identity information, the computing module 126 decrypts them to obtain the user identification code and user identity information. Next, the computing module 126 reads the access control authorization list of the access control device 130 from the storage module 124 and compares the user identification code with the user identity information to see if they are listed in the access control authorization list to generate an authorization verification result.

According to one embodiment of the present invention, when the verification result is "successful," the computing module 126 encrypts the user identification code and user identity information and transmits them again via the communication module 122 to the telecommunications platform 140 to request further identity verification. After receiving the encrypted user identification code and user identity information, the telecommunications platform 140 decrypts and performs an identity comparison to confirm whether the user identification code and user identity information match its internally stored data, and then generates a telecommunications verification result.

If the telecommunications verification result is "successful," the computing module 126 confirms the user's identity and further checks the access control permission settings in the storage module 124 to determine whether the user meets the access conditions of the access control device 130, such as whether the user is within the permitted time period or meets specific permission requirements. If all conditions are met, the computing module 126 sends an unlock command to the access control device 130 via the communication module 122, causing the access control device 130 to unlock and allow the user access.

According to one embodiment of the present invention, communication between the mobile phone 110 and the access control management host 120 involves user authentication and access control management, requiring the integrity and security of transmitted data to prevent unauthorized access or data interception. To this end, the access control management module 116 establishes a secure encryption mechanism before transmitting authentication data to the access control management host 120 to ensure the security of the transmission of user identification codes and user identity data. To establish a secure encrypted communication mechanism, the access control management module 116 first requests the computing module 126 of the access control management host 120 to provide a system public key and a system private key. Upon receiving the request, the computing module 126 generates a system public key and a corresponding system private key and responds to the access control management module 116. After receiving the system private key, the access control management module 116 uses it to encrypt the obtained user ID and the user identity information entered during user registration to prevent unauthorized access or tampering during transmission. The access control management module 116 then securely transmits the encrypted user ID and user identity information to the computing module 126 of the access control management host 120 via the communication module 122. After receiving the encrypted data, the computing module 126 decrypts it using the system public key to recover the user ID and user identity information and perform subsequent access control identity authentication operations. This public and private key encryption mechanism ensures that sensitive data will not be leaked during transmission due to unauthorized access or malicious attacks, further enhancing the security and reliability of the access control management system 100.

According to one embodiment of the present invention, communication between the access control host 120 and the telecommunications platform 140 involves user identity authentication, ensuring the security and integrity of the transmitted data to prevent unauthorized access, tampering, or interception. To this end, the computing module 126 establishes a secure encryption mechanism before transmitting the user identification code and user identity information to the telecommunications platform 140 for verification. This ensures the confidentiality and tamper resistance of the data during transmission. To achieve secure communication, the computing module 126 sends a request to the telecommunications platform 140 via the communication module 122, requesting a set of telecommunications public and private keys. Upon receiving the request, the telecommunications platform 140 generates a pair of telecommunications public and private keys and responds to the computing module 126. After receiving the telecommunications private key, the computing module 126 uses it to encrypt the user identification code and user identity information to ensure that the data cannot be accessed or tampered with by unauthorized third parties during transmission. The computing module 126 then securely transmits the user identification code and user identity information, encrypted with the telecommunications private key, to the telecommunications platform 140 via the communication module 122. After receiving the encrypted data, the telecommunications platform 140 decrypts it using the telecommunications public key to recover the user identification code and user identity information and perform identity verification. The encryption mechanism of the telecommunications public key and telecommunications private key ensures the security of data transmission between the access control management host 120 and the telecommunications platform 140, preventing malicious attacks, data theft, or identity theft, further enhancing the security and reliability of the access control management system 100.

According to one embodiment of the present invention, the access control management module 116 further generates a timestamp before transmitting the user identification code and user identity information to ensure the timeliness and validity of data transmission and prevent replay attacks or unauthorized request interception and duplicate submission. The timestamp can be the current system time or other verifiable timestamp, ensuring that each access control request is accompanied by unique and valid time information. After the access control management module 116 obtains the timestamp, it encrypts it along with the user identification code and user identity information to ensure data integrity and prevent unauthorized tampering or forgery. The access control management module 116 then securely transmits the encrypted timestamp, user identification code, and user identity information to the access control management host 120 via the communication module 122. After receiving the encrypted data, the computing module 126 decrypts and analyzes the timestamp to confirm whether the request was submitted within the valid timeframe, thereby verifying the authenticity and validity of the request. This timestamp mechanism effectively prevents malicious attackers from reusing old request data for unauthorized access, further enhancing the security and anti-attack capabilities of the access control management system 100 and ensuring the immediacy and reliability of the access control verification process.

According to one embodiment of the present invention, after the telecommunications verification result is "successful," the computing module 126 further verifies the access control permission settings to ensure that the user's access permissions comply with system specifications. Therefore, the computing module 126 reads the access control permission settings from the storage module 124 and, based on the access control permission settings, limits the access control scope and access time period for the user identification code and user identity information.

The access control scope can include specific access control devices 130 or specific areas, ensuring that the user can only access the access control within the authorized scope. For example, if the user is only authorized to enter a specific floor or area within the building, the computing module 126 will check whether the user identification code and user identity information meet the access conditions of the specific access control device 130 based on the access control permission settings. In addition, the access control time period can be used to limit the time range during which the user can access the access control device 130, for example, only allowing access during specific working hours, or setting one-time or time-limited access permissions for specific users (such as visitors). When a user issues an access control request, the computing module 126 compares the current time with the user's authorized access control time period. If the access request exceeds the permitted time period, the access control request is denied. Once the computing module 126 confirms that the user ID and identity information match the access control permission settings, including the access control range and access control time period, the computing module 126 sends an unlock command to the access control device 130 via the communication module 122, unlocking the device and allowing the user access. If the access control permission settings do not match, the computing module 126 denies the access control request and optionally stores the denial record in the storage module 124 for subsequent analysis and monitoring by the administrator. By implementing a verification mechanism for access control permissions, the security of the access control management system 100 can be effectively ensured, preventing unauthorized personnel from entering specific areas and improving the flexibility and accuracy of access control management.

The following describes the implementation method of the aforementioned access control management system. Figure 2 is a schematic diagram of the pre-processing steps of an access control management method according to one embodiment of this novel invention.

In step 210 of Figure 2 , the user applies for a SIM card 114 from the telecommunications platform operator and registers their user identity information. The user inserts SIM card 114 into mobile phone 110 to ensure proper communication between mobile phone 110 and telecommunications platform 140. When the access control management application is activated, it reads the user identification code stored on SIM card 114 and prompts the user to enter their user identity information (e.g., name, contact information, etc.). This user identity information will be used for subsequent identity authentication and access control management within access control management system 100.

In step 220, the user activates the biometric recognition function of the biometric recognition module 112 on the mobile phone 110. To ensure access security, the user must activate the biometric recognition module 112 on the mobile phone 110. The biometric recognition module 112 may include at least one of a fingerprint recognition module, a facial recognition module, and an iris recognition module. The user must follow the setup process of the mobile phone 110 to register their biometric characteristics (such as recording fingerprints, taking a facial image, or scanning irises) to facilitate subsequent biometric verification by the access control management system 100.

After the user completes steps 210 and 220, in step 230, the user installs the access control management application on mobile phone 110 and registers with the access control management application for subsequent login. The user must install the access control management application on mobile phone 110, which provides features such as identity login, access control requests, data encryption, and secure communication. After installing the access control management application, the user must register and log in to ensure that the access control management module 116 can obtain the user's user identity information and establish a secure connection with the access control management host 120.

Next, in step 240, the access management application obtains the system public key and system private key from the access management host 120 and registers the user's user identity information and SIM card user ID. To ensure secure communication between the mobile phone 110 and the access management host 120, the access management application sends a secure communication request to the computing module 126 of the access management host 120. The computing module 126 responds to the request and provides the system public key and system private key, establishing an encrypted communication mechanism. The access control management application then uses the system private key to encrypt the user's identity information and the user identification code in the SIM card 114. The encrypted data is then transmitted to the access control management host 120 via the communication module 122 to ensure the confidentiality and integrity of the data transmission.

Through the aforementioned pre-installation, the access control management system 100 is able to establish a complete identity authentication mechanism, ensuring the security and reliability of subsequent access control operations and effectively preventing unauthorized access. To ensure secure communication between the access control management host 120 and the telecommunications platform 140, the computing module 126 sends a secure communication request to the telecommunications platform 140 via the communication module 122, requesting the provision of a telecommunications public key and a telecommunications private key. Upon receiving the request, the telecommunications platform 140 generates a dedicated encryption key and responds to the access control management host 120. After obtaining the telecommunications private key, the access control management host 120 uses it to encrypt the user identification code and user identity information, ensuring secure data transmission with the telecommunications platform 140 and preventing unauthorized access or data interception.

Through the above preparatory steps, the access control management system 100 completes user registration, identity binding, and the establishment of an encrypted communication mechanism, providing a secure and reliable foundation for subsequent access control authentication and access control.

Next, the access control management method of the access control management system is described. Figure 3 is a schematic diagram of the access control management method according to an embodiment of the present invention. This process describes how the access control management system 100 ensures secure and efficient user access to access control devices 130 through multi-layer identity authentication.

In step 305, the biometric module 112 of the mobile phone 110 performs biometric identification on the user. The biometric module 112 may include a fingerprint recognition module, a facial recognition module, or an iris recognition module, which scans and compares the user's biometric features to generate a biometric verification result.

In step 310, the biometric verification result is checked to see if it is successful. If so, step 315 is executed to proceed to the next stage of identity verification. If not, step 355 is executed to terminate the entire access control management process, ensuring that unauthorized users cannot gain access to the access control system.

In step 315, the access control management module 116 of the mobile phone 110 uses the system private key to encrypt the user identification code and user identity information, and transmits the encrypted data to the communication module 122 of the access control management host 120 via the communication interface of the mobile phone 110, ensuring that the data is protected from unauthorized access or interception during transmission.

In step 320, the computing module 126 of the access control management host 120 uses the system public key to decrypt the encrypted user identification code and user identity information to restore the data and prepare for access control verification.

In step 325, the computing module 126 receives the access control authorization list from the storage module 124 and verifies whether the user identification code and the user identity information are listed on the access control authorization list to determine whether the user has permission to enter the access control device 130.

In step 330, the verification result is checked to see if it is successful. If so, step 335 is executed to proceed to the next stage of telecommunications verification. If not, step 355 is executed to terminate the entire access control management process to ensure that unauthorized users cannot continue access control requests.

In step 335, the computing module 126 of the access control management host 120 uses the telecommunications private key to encrypt the user identification code and the user identity data, and securely transmits the encrypted data to the telecommunications platform 140 via the communication module 122 for further verification of the user's telecommunications identity information.

In step 340, the telecommunications platform 140 decrypts the received encrypted data and verifies whether the user identification code and user identity information of the SIM card 114 match the user information stored therein, thereby confirming the telecommunications identity of the user.

In step 345, the telecommunications verification result is checked to see if it is successful. If so, step 350 is executed to send an access unlock command. If not, step 355 is executed to terminate the entire access control management process, preventing unauthorized users from accessing access control device 130.

In step 350, when the access control management host 120 receives the "successful" authentication result from the telecommunications platform 140, the computing module 126 sends an unlock command to the access control device 130 via the communication module 122, unlocking the access control device 130 and allowing the user access. This mechanism ensures that users are authorized to access the access control device 130 only after undergoing multiple identity verifications, thereby enhancing the security and reliability of the access control management system 100.

As can be seen from the above, this novel system provides an access control management system and method based on mobile phone SIM cards and biometric technology. This system enhances the security, reliability, and convenience of access control management through a dual authentication mechanism and encryption technology. Specifically, this system offers the following technical advantages: Dual authentication enhances access control security: This system combines biometric technology (such as fingerprint, facial, or iris recognition) with SIM card user identification code verification to ensure that users entering the access control area are legitimate. Only after successful biometric verification is the user allowed to send an encrypted user identification code and identity information, further enhancing the security of the access control system and reducing the risks associated with card loss or theft.

Multi-layer encryption ensures data transmission security: Mobile-side encryption allows the access control module to encrypt user IDs and identity information using the system's private key, preventing unauthorized interception and modification. After decryption by the access control host, the data is re-encrypted using the carrier's private key and sent to the telecommunications platform for final verification, ensuring data integrity and security. The telecommunications platform decrypts the data using the carrier's public key, ensuring that the user ID and identity information from the access control host have not been tampered with, thereby preventing man-in-the-middle attacks (MITM attacks).

SIM card-based access control improves identity verification accuracy: Compared to traditional card-based access control systems, this new system uses the user identification code stored on the SIM card for identity verification, ensuring each user has a unique identification code and reducing the risk of duplication or forgery. The telecommunications platform compares the SIM card identification code with the corresponding identity data to further confirm that the phone belongs to the user, preventing unauthorized access.

Access control authorization list and timestamp mechanism enhance access control: The access control management host includes an access authorization list that can perform identity verification based on a list of pre-authorized users, ensuring that only designated individuals can access the access control system. The access control management module generates a timestamp when sending verification information to prevent malicious attackers from replaying previous verification information (preventing replay attacks).

No additional hardware required, reducing equipment costs and maintenance burdens: This new system eliminates the need for physical access cards or card readers. Identity verification is performed solely through a mobile phone, access control host, and telecommunications platform, reducing the cost of establishing and maintaining the access control system. Users simply use a mobile phone with a bound SIM card to complete access verification, reducing the risk of losing physical access cards and improving convenience.

Flexible access control settings adapt to different application scenarios: The access control management host can manage user access rights in detail based on access control settings, such as authorizing access to specific areas or restricting access during specific time periods. This is suitable for various application environments, including enterprises, government agencies, schools, and smart buildings. Identity matching through the telecommunications platform further provides remote management functions, such as the instant revocation of access control permissions, enhancing the flexibility of the access control system.

Although the present invention has been disclosed above in terms of implementation, it is not intended to limit the present invention. Anyone skilled in the art may make various modifications and improvements without departing from the spirit and scope of the present invention. Therefore, the scope of protection of the present invention shall be determined by the scope of the attached patent application.

100: Access Control System

110: Mobile phone

112: Biometric Module

114: SIM card

116: Access Control Management Module

120: Access control management host

122: Communication Module

124: Storage Module

126: Computational Module

130: Access control equipment

140: Telecommunications Platform

Claims (6)

An access control management system includes: a mobile phone belonging to a user, the mobile phone including: a biometric identification module, identifying a pending biometric identification code generated by a pending biometric feature, and verifying whether the pending biometric identification code matches a user biometric identification code of the user to obtain a biometric verification result; a SIM card, storing a user identification code of the user; and an access control management module having an access control management application and electrically connected to the SIM card and the biometric identification module. The present invention relates to a mobile phone access control host comprising: a mobile phone access control module, ... a computing module electrically connected to the communication module and the storage module; when the biometric verification result is "successful", the access control management module encrypts the user identification code and the user identity data and transmits them to the computing module; the computing module then decrypts the encrypted user identification code and the user identity data and receives the access control approval list from the storage module to verify whether the user identification code and the user identity data are listed in the access control approval list. The computing module obtains an approval verification result on the list. When the approval verification result is "successful", the computing module encrypts the user identification code and the user identity data and transmits them to the telecommunications platform through the communication module. The telecommunications platform decrypts the encrypted user identification code and the user identity data to verify the user identification code and the user identity data, obtains a telecommunications verification result and returns it to the computing module. When the telecommunications verification result is "successful", the computing module issues an unlocking command to the access control device. The access control management system as described in claim 1, wherein the biometric recognition module includes at least one of a fingerprint recognition module, a facial recognition module, and an iris recognition module. The access control management system as described in claim 1, wherein the access control management module of the mobile phone requests the computing module of the access control management host to provide a system public key and a system private key, allowing the access control management module to use the system private key to encrypt the user identification code and the user identity data and then transmit them to the computing module, and then the computing module uses the system public key to decrypt the encrypted user identification code and the user identity data. The access control management system as described in claim 1, wherein the computing module of the access control management host requests the telecommunications platform to provide a telecommunications public key and a telecommunications private key through the communication module, allowing the computing module to encrypt the user identification code and the user identity information with the telecommunications private key and then transmit them to the telecommunications platform. The telecommunications platform then uses the telecommunications public key to decrypt the encrypted user identification code and the user identity information. The access control management system as described in claim 1, wherein the access control management module further generates a timestamp before transmitting the user identification code and the user identity data, and encrypts the timestamp together with the user identification code and the user identity data and transmits it to the access control management host. The access control management system as described in claim 1, wherein the storage module of the access control management host also stores an access control permission setting of the access control device. After the telecommunications verification result is "successful", the computing module receives and, based on the access control permission setting, limits the access control usage range and access control time period of the user identification code and the user identity information, and confirms whether the user requests to enter or exit the access control device within the access control usage range and the access control time period. Only when the requirements are met, the computing module issues the unlocking command to the access control device.