Access control management method based on wireless communication network

[0040] In order to enable those skilled in the art to better understand the solutions of the application, the technical solutions in the embodiments of the application will be clearly and completely described below in conjunction with the drawings in the embodiments of the application. Obviously, the described embodiments are only It is a part of the embodiments of this application, not all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work should fall within the protection scope of this application.

[0041] It should be noted that the terms "first" and "second" in the description and claims of the application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific sequence or sequence. It should be understood that the data used in this way can be interchanged under appropriate circumstances for the purposes of the embodiments of the present application described herein. In addition, the terms "including" and "having" and any variations of them are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device that includes a series of steps or units is not necessarily limited to the clearly listed Those steps or units may include other steps or units that are not clearly listed or are inherent to these processes, methods, products, or equipment.

[0042] It should be noted that the embodiments in the application and the features in the embodiments can be combined with each other if there is no conflict. Hereinafter, the present application will be described in detail with reference to the drawings and in conjunction with embodiments.

[0043] Such as figure 1 As shown, in the first embodiment of the present application, the access control system 100 includes a mobile terminal 101, an access control device 102 and a server 103.

[0044] The mobile terminal 101 can access at least one wireless communication network, such as WIFI, Bluetooth, NFC, NB-IOT, Zigbee, etc.; as a specific solution, it can also access long-distance wireless communication networks, such as CDMA, WCDMA, GSM, etc. TD-SCDMA, TD-LTE, 5G and other mobile networks.

[0045] Specifically, such as figure 2 As shown, the mobile terminal 101 includes an image acquisition device, a first communication module, and a first processor.

[0046] As a specific solution, the mobile terminal 101 may also include: a terminal power supply, a terminal touch screen, a terminal audio, and other equipment. The terminal power supply is used to power other devices of the mobile terminal 101; the terminal touch screen is mainly used to feed back image information to the user and provide an input interface for the user; the terminal audio is used to feed back sound information to the user.

[0047] Wherein, the image acquisition device may include a front camera or a rear camera, which are respectively arranged on opposite sides of the mobile terminal 101. Either the front camera or the rear camera can collect image information.

[0048] The first communication module is used to implement the communication function of the mobile terminal 101, and the first communication module can at least transmit data through the Bluetooth protocol. Of course, the first communication module can also realize data transmission of other communication protocols.

[0049] As a specific solution, the mobile terminal 101 further includes a human body information sensor, which is used to identify the physical characteristics of the user. These physical features include facial features, fingerprint features, or iris features, or a combination of these features. As a specific solution, the human body information sensor includes a camera, a fingerprint sensor, and an iris sensor to collect human body characteristics to identify different users.

[0050] As mentioned above, the mobile terminal 101 can be equipped with two cameras, both of which can be used as an embodiment of an image acquisition device or a human body information sensor. As a preferred solution, the rear camera is used as an image acquisition for collecting the identification information of the access control device 102 Equipment, the front camera is used as a human body information sensor that collects facial images and then facial feature data.

[0051] As another specific solution, the iris sensor can be implemented by selecting a high-precision optical camera. As a preferred solution, the iris sensor and the camera for recognizing the human face are both front cameras of the mobile terminal 101. The fingerprint recognition sensor may be constituted by a special device of the mobile terminal 101, or may be constituted by a pressure-sensitive touch screen configured on the mobile terminal 101, or may adopt optical fingerprint recognition technology.

[0052] The access control device 102 includes three main parts: the access control body, the door lock device and the control device.

[0053] The access control body mainly constitutes an access control body that obstructs the space, and can be specifically configured as a room door, a gate, or other forms of physical mechanism. The access control body in this application should be understood as the access control body in the broadest sense.

[0054] The door lock mechanism should also be understood as a device or mechanism that can realize a mechanical or electromechanical combination of limiting the position of the door control body in the broadest sense. For example, the lock core mechanism in the room door and the lock core motor that drives the lock core, another example is the electromagnet device of the glass door and the drive circuit that drives the electromagnet; another example, the gate of the gate and the gate motor that drives the gate. It can be seen from the above that the door lock device includes: a mechanical part for realizing physical contact or obstruction, which is defined in this application as a door lock mechanism, and the other part is a driving device that converts electrical energy into mechanical energy for driving the mechanical part. The control device may be various chips capable of outputting control signals, a combination of chips, or a combination of chips and peripheral circuits.

[0055] As an example, such as figure 2 with image 3 As shown, in addition to the access control body, the access control device 102 also includes a door lock mechanism, an access control motor, a second communication module, and a second processor.

[0056] As mentioned earlier, the role of the door lock mechanism is to realize the unlocking and locking of the door, that is, to control the state of the door, so that it has an unlocked state that allows the user to enter a certain space and a position that prevents the user from passing the door body. Enter the locked state of a certain space.

[0057] The access control motor is used as the driving device of the door lock mechanism, which can be inserted into or withdrawn from the lock slot in the building structure by rotating and driving the lock core in the door lock mechanism to realize the lock function.

[0058] The second processor serves as a control device, which can control the access control motor, and can form an electrical signal-based data interaction with the second communication module. The second processor controls the operation of the access control motor by sending an electrical signal to the access control motor. The second communication module can at least form a communication connection with the first communication module so that the mobile terminal 101 and the access control device 102 form data interaction.

[0059] The second communication module can also be connected to at least one wireless communication network like the first communication module, such as WIFI, Bluetooth, NFC, NB-IOT, etc.; as a specific solution, it can also be connected to a long-distance wireless communication network , Such as CDMA, WCDMA, GSM, TD-SCDMA, TD-LTE, 5G and other mobile networks.

[0060] As an extended solution, the access control device 102 further includes an input device and an output device, wherein the input device is used for the user to operate to input information, and the output device is used to output information to the user. As a specific solution, the input device and the second processor form a data connection so that user input information and data can be transmitted to the second processor; the output device and the second processor form a data connection so that the output device can be connected to the second processor. Output information under the control of the processor.

[0061] Such as image 3 As shown, in addition to the housing 10 of the access control device 102, the access control device 102 may also be provided with an access control camera 11, an iris sensor 12, a fingerprint sensor 13, a touch screen 14 and a password disk 15.

[0062] Among them, the access control camera 11 can realize face recognition and direct unlocking, or can be used as an external camera of the mobile terminal 101 or an external camera of other servers 103 through a short-range wireless communication network.

[0063] The iris sensor 12, the fingerprint sensor 13 and the password disk 15 can all be used as input devices to enable the user to input information to the second processor of the access control device 102.

[0064] The touch screen 14 can be used as an input device of the access control device 102 or an output device of the access control device 102. It can display information to the user, such as displaying pattern information such as a QR code to the user, for the mobile terminal 101 to scan to identify the access control device 102 . Of course, the touch screen 14 can be replaced with a general display screen, which is only used to prompt the user with information, and the password disk 15 is used as an input device.

[0065] As an extension solution, the output device also includes an audio device, and the audio device can be used to prompt the user with information.

[0066] As an optional solution, the access control system of the present application further includes a gateway device, which can be set between the server 103 and the access control device 102. The gateway device directly interacts with the second communication module of the access control device 102 to form data interaction through the gateway The device realizes remote control of the access control device 102. The server 103 directly forms a data interaction with the gateway device and indirectly forms a data interaction with the access control device 102. The communication between the server 103 and the gateway device may be through a wireless network or a wired network.

[0067] As a specific solution, the present application provides a Bluetooth device, which can be used as a control device and is compatible with the electronic access control device 102 having only a door lock mechanism and an access control motor to expand specific functions.

[0068] As a specific solution, the Bluetooth device includes: a Bluetooth module, a processor, and a circuit board. Among them, the Bluetooth module is used to send and receive Bluetooth signals at least; the processor is used to control the access control motor and determine whether the electronic key transmitted through Bluetooth conforms to its own electronic key; the circuit board is used to connect the Bluetooth module with the The circuit board constitutes the electric core connection.

[0069] More specifically, the circuit board is provided with an access point for accessing the circuit board and an access point for accessing a 4V to 6V power supply.

[0070] The size of the width of the circuit board ranges from 10 mm to 15 mm, and the size of the length of the circuit board ranges from 15 mm to 25 mm. As a preferred solution, the width of the circuit board is 13 mm, and the length of the circuit board is 23 mm.

[0071] The range of the area of ​​the circuit board is 250mm 2 Up to 350mm 2. As a preferred solution, the area of ​​the circuit board is 299 mm.

[0072] The circuit board is provided with a number of half holes, which are used to connect external circuits, and the spacing between the half holes ranges from 1 mm to 1.5 mm. As a preferred solution, the spacing between the half holes is 1.27 mm.

[0073] The circuit board is provided with a motor drive pin, and the output voltage of the electrode drive pin is between 4V and 6V.

[0074] As a specific solution, the specific parameters of the Bluetooth device are as follows:

[0075] The working frequency band is 2.4GHz ISM frequency band; the communication distance is 30m (condition: open area/class II); the working voltage is 4V to 6V; the temperature range is -40℃ to 85℃.

[0076] The interface includes: high-level output, low-level output, status indication output, external trigger detection, serial port, motor drive output, and custom function IO interface.

[0077] As a specific solution, the Bluetooth device uses an on-board antenna; its Bluetooth module uses a low-power BLE4.0 Bluetooth single-mode chip, and integrates the standard BLE4.0 protocol 桟;

[0078] In addition, the Bluetooth device is also equipped with a standard UART (TTL) interface, which can be directly connected to the serial port of the external MCU or the serial port peripheral module pad adopts a half-hole process, and the hole spacing is standard 1.27mm, which can be directly welded to other types of access control On the motherboard of the device 102.

[0079] On the basis of the above solution, the technical solution of the software part of this application is introduced below.

[0080] The mobile terminal pre-installs the corresponding application program, the access control device also stores the corresponding control program, and activates the access control device in advance, and sets a unique device identification for each access control device.

[0081] Specifically, the data protocol of the Bluetooth device of the present application includes a basic protocol and an application layer protocol. Among them, the basic protocol includes activating device/binding Bluetooth, time synchronization, synchronization permission, synchronization usage record, request to report information, report information, obtained information, restore factory settings, mobile terminal door opening protocol; application layer protocol includes adding permissions, adding Permissions include physical information, delete permissions, modify permissions, disable/enable permissions, open door mode settings, and battery power query.

[0082] In order to enable the management system to effectively and safely manage the access control device, a unique device identification is set for the access control device. If the access control device is manufactured in one piece, after the Bluetooth module and the processor are assembled, device activation and Bluetooth binding are performed, so that the processor and the Bluetooth module are bound as a whole. As a preferred solution, in order to enable the mobile terminal to be paired with the Bluetooth module of the access control device, the pairing information of the Bluetooth module or the device information of the access control device can be attached to the access control device in the form of a readable image such as a QR code or set in The periphery of the access control device. Information such as a QR code can include the name and MAC address of the Bluetooth module.

[0083] As an optional solution, the two-dimensional code corresponding to the access control device can be displayed when the touch screen of the access control device is activated.

[0084] On the basis of the technical solutions introduced above, refer to Image 6 As shown, this application also discloses a management method of an access control device.

[0085] The management method includes an unlock method. Specifically, the unlocking method includes the following steps:

[0086] The mobile terminal scans the QR code of the access control device to obtain the device information of the access control device.

[0087] The mobile terminal transmits the device information to the server.

[0088] The server verifies the device information, and if the device information is correct, sends the first digital key corresponding to the device information to the mobile terminal.

[0089] The mobile terminal sends the first digital secret key to the access control device through the Bluetooth protocol.

[0090] The access control device judges whether the first digital secret key matches with the prestored second digital secret key.

[0091] The access control device outputs a control signal for driving the access control motor according to the matching result.

[0092] As a preferred solution, the mobile terminal obtains a verification data related to the access sequence number of the Bluetooth device of the current access control device while obtaining the first digital secret key from the server. The access control device not only determines whether the first digital secret key matches the second digital secret key, but also whether the verification data meets the requirements.

[0093] Specifically, the check data is equal to the access sequence number of the Bluetooth device stored in the server to perform an operation, such as adding 1 to the original access, of course, it can also be other operations, and then combine the calculated check data with the first number The combination of secret keys is encrypted by AES and then sent to the mobile terminal. At the same time, the server uses this verification data instead of the original stored access sequence number. If the access control device is matched and passed, the current verification data will overwrite the original access sequence number.

[0094] The access sequence number and verification data are for security reasons. If the verification data received by the Bluetooth device is greater than the current access sequence number, it will respond and use the verification data as the next access sequence number. If the serial number received by the receiver is less than or equal to the serial number of the current record, the command is discarded and the serial number packet is returned to inform the sender that the serial number is wrong. The serial number parameter is the current serial number parameter. When the current serial number is 0xFFFFFF, the next serial number is 0x000000.

[0095] As another solution, the verification data can also use a set of random numbers in a set format. The criterion is that the verification data is different from the current access sequence number.

[0096] This can ensure that the access sequence number is changed every time the secret key is obtained, and the secret key is prevented from being reused after the secret key is intercepted, that is, the secret key is automatically invalidated after the door is opened, ensuring the security of the secret key.

[0097] As a specific plan, management methods include:

[0098] Through the property management client (data backend is in the cloud server), apply for the registration of the property manager account and password;

[0099] Through the system management terminal, review the registration application of the property manager, establish a corresponding account password, assign authority and save it;

[0100] After the property administrator account is established, you can log in to the cloud server to set up property-related information such as: property unit information, owner information, access control equipment information, access control installation location, etc., and store the cloud server. Among them, the property unit information includes the property name and the number of terminal users; the access control device information includes the name of the access control channel and the name of the Bluetooth device;

[0101] Step a4, the property owner uses the smart mobile terminal to log in to the WeChat applet, click the button "scan code to open the door" to call the camera camera to scan the code access control device fixed QR code (ie Bluetooth device name and MAC address), and perform the Bluetooth device name and MAC address Check the match, if the match is successful, you have the right to apply for the key from the cloud server; the specific entry is the entry that requires the username and password of the WeChat applet. The WeChat account login method has been implemented, that is, you can click "WeChat Quick Login" to enter when you are logged in to WeChat.

[0102] After the cloud server receives the key request, it adds 1 to the maximum serial number of the corresponding Bluetooth device recorded in the cloud database, and combines the secret key in the database. After the combination, the content is encrypted with AES and sent to the requesting mobile terminal;

[0103] The WeChat applet sends the secret key returned by the cloud server to the Bluetooth device to decrypt the secret key according to the protocol. After decryption, the content must meet: the serial number must be greater than the serial number recorded in the Bluetooth device, and the secret key matches the secret key in the Bluetooth module. If the two conditions are met at the same time, it will return success and output a signal to open the electronic control door lock, otherwise it will return a failure without outputting a signal and opening the door lock to indicate a failure to open the door; among them, the content of obtaining the secret key from the cloud server consists of two parts, one is the current The access sequence number of the access control Bluetooth module is increased by 1, and the other part is the secret key of the Bluetooth module. The two parts are encrypted and distributed in AES mode, and the current access sequence number in the database is replaced at the same time to ensure that the access sequence number can only get larger and larger each time the secret key is obtained, so as to prevent the secret key from being intercepted. Repeated use, that is, the secret key is automatically invalidated after opening the door to ensure the security of the secret key.

[0104] After successful return, the current serial number will be overwritten to the Bluetooth device to prepare for the next comparison. This process ensures that the secret key must be obtained from the cloud server in real time, and ensures the security and timeliness of the secret key.

[0105] The property manager of the property management client is responsible for managing the terminal user's authority to open the door, such as issuing new secret key authority or recovering secret key, and storing the result on the cloud server. View or count the door opening records and door opening permissions within the jurisdiction of the office as required.

[0106] As a specific solution, in order to improve the security of unlocking, when a user uses a mobile terminal to register, the information that needs to be filled in is: fill in the mobile terminal number or login via WeChat ID, and need to verify identity, enter the ID number, and take a snapshot of the mobile terminal The face is uploaded to the national ID database (such as the National ID Card Central Library, the First Research Institute of Public Security) for comparison, and other operations can be performed only after the identity is verified.

[0107] The remote cloud server in the main door opens contains owner information including the property unit, building number, owner name, and owner’s address; access control information includes the door name, Bluetooth device name, and MAC address, and the effective start and end time; the owner’s door opening action information is controlled by the smart The mobile terminal (APP or applet) is sent to a remote cloud server for storage through the WAN for query.

[0108] As an extension plan, when installing the door lock device or part of the door lock device, the user can enter the installation interface through a small program or access the official account, and then use the address location function through the mobile terminal, such as the mobile phone itself. The positioning module, such as the GPS module, obtains the address information, and then binds the address information with the device.

[0109] As a specific solution, at the same time, in the process of scanning the code and unlocking, it is necessary to perform face recognition. The face recognition is collected by the image capture device of the mobile terminal, and then uploaded to the server for comparison, or uploaded to the national ID card through the server Database (such as the National ID Card Center, the First Research Institute of Public Security) server for comparison. Only when the face recognition is successful can the actual user be determined, and then the secret key can be compared through Bluetooth.

[0110] In this way, real-name access control management can be realized, which can be applied to places where real-name check-in is required, such as homestays, hotels, and guesthouses.

[0111] As an optional solution, the access control device also has a camera, and the camera of the access control device can be used to collect face information, and then transmitted to the mobile terminal via Bluetooth, and then uploaded to the server by the mobile terminal for comparison. This can improve safety.

[0112] As another optional solution, after the face comparison is performed on the mobile terminal, the camera of the access control device collects the face information again for comparison, so as to ensure that it is the user who enters.

[0113] Of course, other human body recognition sensors or a combination of sensors can also be used for similar inspections.

[0114] As an extension plan, since the above plan has the function of real-name authentication, the plan can be applied to the check-in management of hourly rental places such as homestays, hotels, guesthouses, and public rental houses.

[0115] Specifically, the server described above is a server in a broad sense. As a specific solution, the server in a broad sense may include multiple servers, such as the first server 103 and the second server 105.

[0116] As a specific solution, three sub-servers can be included: a secret key server, an identity server, and a management server. Data interaction can be formed between these three servers.

[0117] Among them, the secret key server is used to realize the key transmission and matching of the Bluetooth device before, and it is used to support the data service concerning the basic functions of the access control system in this application.

[0118] The identity server can be either an external server or a self-built internal server. The identity server stores at least facial information for identity recognition. The secret key server can be externally connected to the server of the national ID card database (such as the National ID Card Central Database, the First Research Institute of Public Security) to make it an identity server. No matter after the electronic key is shared or other electronic keys are obtained, the user can obtain the address information of the door lock through the information of the electronic key for navigation.

[0119] The management server is used for the daily management of hotels and other places. It can store the correspondence between users and access control devices as the relationship between hotel rooms and users, and the management server can directly or indirectly communicate with the communication module of the access control device. Grasp user information.

[0120] When the user opens the door, his face recognition first realizes the user's real name authentication, and then, during the unlocking process, the user and the room number are associated and stored on the management server. In order to ensure safety, the access control device can collect the entering user person again. Face information, check again whether the user is checking in with his real name.

[0121] As an extended solution, a millimeter-wave radar can be installed inside the room, and the accuracy of the millimeter-wave radar can be adjusted to only recognize the presence of a human body.

[0122] Of course, the corresponding accuracy can also be set so that the accuracy of the millimeter-wave radar can only identify the outline of the human body. The processor connected to the millimeter-wave radar can determine which image is the human body through convolutional neural learning, so that the user enters After that, millimeter-wave radar detection can be performed to detect whether there are redundant personnel.

[0123] In this way, as long as the secret key server is connected with the management server of the hotel and the server of the National ID Card Center, it can not only realize the user's cardless entry, but also complete the real-name authentication and registration when the user opens the door, which not only saves money It saves the user’s time and is also unmanned management, which is especially suitable for homestays or other forms of online booking rooms or unmanned hotels.

[0124] In addition, as another aspect of this application, the above solution can also be applied to the access control system of the community. Similarly, the management server is used to implement general management of the property, and the identity server is used to identify the user.

[0125] The difference is that the community management server does not need to perform one-to-one matching and registration between users and access control devices, but only needs to register passing users.

[0126] As a specific solution, community access control needs to distinguish users, which can be divided into owner users and guest users. For owner users, they can only complete the pass function without monitoring their entry and exit times. For guest users, except for the secret key server itself The time limit of the secret key, the management server also needs to monitor the guest users, especially the guest users such as express delivery and takeaway. As an optional solution, different user tags can be set for the guest users, such as general visit or express delivery, so as to manage the server. management.

[0127] Obviously, those skilled in the art should understand that the above-mentioned modules or steps of this application can be implemented by a general computing device, and they can be concentrated on a single computing device or distributed in a network composed of multiple computing devices. Above, alternatively, they can be implemented with program codes executable by a computing device, so that they can be stored in a storage device for execution by the computing device, or they can be made into individual integrated circuit modules, or they can be Multiple modules or steps are made into a single integrated circuit module to achieve. In this way, this application is not limited to any specific hardware and software combination.

[0128] The foregoing descriptions are only preferred embodiments of the application, and are not used to limit the application. For those skilled in the art, the application can have various modifications and changes. Any modification, equivalent replacement, improvement, etc., made within the spirit and principle of this application shall be included in the protection scope of this application.