[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110546641B - Access control method and device, intelligent device and storage medium - Google Patents

Access control method and device, intelligent device and storage medium Download PDF

Info

Publication number
CN110546641B
CN110546641B CN201980001198.6A CN201980001198A CN110546641B CN 110546641 B CN110546641 B CN 110546641B CN 201980001198 A CN201980001198 A CN 201980001198A CN 110546641 B CN110546641 B CN 110546641B
Authority
CN
China
Prior art keywords
user
information
current
authentication
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201980001198.6A
Other languages
Chinese (zh)
Other versions
CN110546641A (en
Inventor
陈铿帆
刘胜强
陈鹏丞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yingshuo Shaoguan Information Industry Group Co ltd
Original Assignee
Yingshuo Shaoguan Information Industry Group Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yingshuo Shaoguan Information Industry Group Co ltd filed Critical Yingshuo Shaoguan Information Industry Group Co ltd
Publication of CN110546641A publication Critical patent/CN110546641A/en
Application granted granted Critical
Publication of CN110546641B publication Critical patent/CN110546641B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an access control method, an access control device, intelligent equipment and a storage medium, wherein the method comprises the following steps: acquiring identity identification information of a current user; sending the identity identification information to an application authentication server to authenticate the current user; if the authentication is successful, controlling the current equipment to enter an application function mode; if the authentication fails, judging whether the current user has the authority of accessing the current equipment according to the identity identification information, and if so, controlling the current equipment to enter a common function mode. The invention improves the use efficiency of the equipment and also has the functions of protecting privacy and limiting the use of functions by carrying out remote application server authentication and local authentication on the user in sequence.

Description

Access control method and device, intelligent device and storage medium
Technical Field
The invention relates to the technical field of access control of intelligent equipment, in particular to an access control method, an access control device, intelligent equipment and a storage medium.
Background
With the popularity of smart devices, teaching models are shifting and more schools and training institutions are beginning to try flat teaching. In K12 wisdom teaching field, because student's automatic control ability is relatively poor, most education manufacturers are in order to prevent that the student from using the flat board to do the work irrelevant with study, all can customize the system of flat board for the flat board can not do other work except study. This measure, although preventing the student from abusing the tablet, is a great waste of the functional attributes of the tablet itself.
Disclosure of Invention
The present invention is directed to an access control method, an access control apparatus, an intelligent device, and a storage medium, so as to solve the problems in the background art.
According to an aspect of the present invention, there is provided an access control method including:
acquiring identity identification information of a current user;
sending the identity identification information to an application authentication server to authenticate the current user;
if the authentication is successful, controlling the current equipment to enter an application function mode;
if the authentication fails, judging whether the current user has the authority of accessing the current equipment according to the identity identification information, and if so, controlling the current equipment to enter a common function mode.
In one embodiment of the invention, the identification information is physiological characteristic information and/or account information, and the physiological characteristic information is fingerprint information, and/or face image information, and/or voice information, and/or iris information.
In one embodiment of the invention, the method further comprises:
acquiring authentication result information returned by an application authentication server, wherein the authentication result information comprises information about whether authentication is successful and user basic information, and the user basic information comprises a user role;
and if the authentication is successful, controlling the current equipment to enter an application function mode matched with the user role.
In an embodiment of the present invention, the application authentication server is a teaching authentication server, the user role includes a teacher and a student, and the step of controlling the current device to enter the application function mode matched with the user role specifically includes:
if the role of the current user is teacher, controlling the current equipment to enter a teacher function mode;
and if the role of the current user is a student, controlling the current equipment to enter a student function mode.
In an embodiment of the present invention, the authentication result information further includes an access token ID, and the user basic information further includes a user ID, and the method further includes:
and acquiring the service data information of the user ID from a background teaching server according to the access token ID and the user ID, and entering a teacher function homepage or a student function homepage corresponding to the current user.
In one embodiment of the invention, the method further comprises:
judging whether the current user is in a login state or not according to the identity identification information;
if the current equipment is in the application function mode login state, user login information corresponding to the identity identification information is acquired, and the current equipment is controlled to enter a corresponding application function interface;
if the equipment is in a normal function mode login state, user login information corresponding to the identity identification information is acquired, and the current equipment is controlled to enter a corresponding normal function interface;
and if the current user is in a non-login state, the identity identification information is sent to an application authentication server to authenticate the current user.
In one embodiment of the invention, the method further comprises:
if the role of the current user is teacher, further judging whether the current user has the authority of accessing the current equipment;
if so, entering a mode selection interface for a user to select, wherein the mode selection interface comprises two selection items, namely a teacher function mode and a common function mode;
and acquiring the functional mode selected by the user, and controlling the current equipment to enter the functional mode selected by the user.
According to an aspect of the present invention, there is provided an access control apparatus including:
the identity recognition information acquisition module is used for acquiring the identity recognition information of the current user;
the first authentication module is used for sending the identity identification information to an application authentication server to authenticate the current user;
the first access control module is used for controlling the current equipment to enter an application function mode when authentication is successful;
the second authentication module is used for judging whether the current user has the authority of accessing the current equipment or not according to the identity identification information when authentication fails;
and the second access control module is used for controlling the current equipment to enter a common function mode when the second authentication module judges that the equipment is in the common function mode.
In one embodiment of the present invention, the access control device is configured to perform an operation to implement the access control method according to any one of the above.
According to an aspect of the present invention, there is provided an access control apparatus comprising a memory and a processor, wherein:
a memory to store instructions;
a processor configured to execute the instructions to cause the access control device to perform operations to implement any of the access control methods described above.
According to an aspect of the invention, there is provided a smart device comprising an access control apparatus as described in any one of the above.
According to an aspect of the invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the access control method of any of the above.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention firstly authenticates the application identity of the current user, controls the current equipment to enter the application function mode if the current user is the application user, otherwise further judges whether the user is the equipment user, and controls the current equipment to enter the common function mode if the user is the equipment user. The embodiment of the invention identifies the attributes of the user by sequentially carrying out remote application server authentication and local authentication on the user, thereby controlling the current equipment to enter different functional modes, and effectively solving the problem that the functions of the flat plate cannot be exerted because the flat plate of the student is only used for learning in the current teaching scene. After the embodiment of the invention is applied to a teaching scene, a binding relationship does not exist between a teaching account and a teaching flat plate, students can log in and use any teaching flat plate by using the student account, and in addition, the teaching flat plate also has a management account of the teaching flat plate, so that a flat plate owner (such as a parent) can use the teaching flat plate as a common flat plate, and the use convenience of the teaching flat plate is greatly improved. In addition, the embodiment of the invention also has the functions of protecting the privacy of the user and limiting the use of functions, and the application account only can access the application program but cannot access the system of the equipment by specially processing the system of the equipment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Wherein:
FIG. 1 is a flow chart of a method of access control in one embodiment of the invention;
FIG. 2 is a flow chart of a method of access control in another embodiment of the present invention;
FIG. 3 is a flow chart of a method of access control in accordance with another embodiment of the present invention;
FIG. 4 is a block diagram of an access control device in accordance with one embodiment of the present invention;
fig. 5 is a block diagram of an access control apparatus according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of an access control method according to an embodiment of the present invention. Preferably, the method according to the embodiment of the present invention is executed by an access control device in a tablet computer, and the method includes the following steps:
step S101, obtaining the identification information of the current user.
Specifically, step S101 is executed before the current device enters the system after being started.
In one embodiment of the invention, the identification information is physiological characteristic information and/or account information, and the physiological characteristic information comprises fingerprint information, and/or face image information, and/or voice information, and/or iris information. I.e. the identification information may be any combination of one or more of the above.
Preferably, the face image information is used as the identification information. Specifically, after the device is started, a user is waited to input a login instruction, and after the login instruction is detected, a camera of the current device is called to obtain face image information.
Generally, before a user logs in, the user registers an account by means of shooting a face image of the user, and/or inputting user fingerprint information, and/or inputting user voice information, and/or shooting user iris information, and the like, and the user only needs to shoot a face image of the user, and/or input user fingerprint information, and/or input user voice information, and/or shoot user iris information for authentication when logging in, and does not need to input a user name and a password for authentication. In addition, the invention can log in through the account password.
In the embodiment of the invention, the account registration of the application function mode can be carried out by a third-party organization after collecting the information of the user through external equipment, or can be carried out by the user through own equipment, and after the registration, the identity identification information of the user is sent to a corresponding external server for storage. The account registration of the common function mode is performed by the user through the own equipment, and the identity identification information of the user is stored in the current equipment.
Step S102, the identification information is sent to an application authentication server to authenticate the current user, if the authentication is successful, the step S103 is entered; otherwise, the process proceeds to step S104.
Specifically, the fingerprint information, and \ or face image information, and \ or voice information, and \ or iris information, and \ or account information are sent to an application authentication server for authentication.
In one embodiment of the invention, the identification information sent to the application authentication server is only the physiological characteristic information. For example, the face image information is used as the identity identification information, after the face image information sent by the current equipment is received by the application authentication server, the face characteristic value of the face image information is obtained, the face characteristic value is compared with the face characteristic value in the user database, a matched target face image is searched, and if the face characteristic value is found, the authentication is successful; otherwise, the authentication is failed.
In one embodiment of the invention, the identification information sent to the application authentication server is the combination of account information and physiological characteristic information, after the application authentication server receives the identification information, the application authentication server searches the corresponding physiological characteristic information in a user database through the account information, then matches the received physiological characteristic information with the searched physiological characteristic information, and if the matching is successful, the authentication is successful; otherwise, the authentication is failed.
And step S103, controlling the current equipment to enter an application function mode.
And if the application authentication server successfully authenticates, the current user is the application user. In one embodiment of the invention, a plurality of application programs are used in the application function mode, the current equipment loads the application program matched with the user identification information, and the corresponding application function mode is entered.
And step S104, judging whether the current user has the authority of accessing the current equipment or not according to the identity identification information, if so, entering step S105, and otherwise, entering step S106.
In an embodiment of the present invention, if the authentication of the application authentication server fails, it is further determined whether the current user has the right to access the current device according to the identification information, and if so, it indicates that the current user is a device common user or a device administrator.
And step S105, controlling the current equipment to enter a common function mode.
In an embodiment of the present invention, the current device controls the current device to enter a normal function mode corresponding to a normal user or enter a normal function mode corresponding to an administrator user according to the user identification information.
And step S106, refusing the current user to log in.
And after the application identity authentication and the equipment authority authentication are successively carried out on the current user, if the user does not have the authority, the current user is refused to log in.
In the embodiment, the application identity authentication is performed on the current user, if the current user is the application user, the current device is controlled to enter the application function mode, otherwise, whether the user is the device user is further judged, and if the user is the device user, the current device is controlled to enter the common function mode. The embodiment of the invention identifies the attributes of the user by sequentially carrying out remote application server authentication and local authentication on the user, thereby controlling the current equipment to enter different functional modes, and effectively solving the problem that the functions of the flat plate cannot be exerted because the flat plate of the student is only used for learning in the current teaching scene. After the embodiment of the invention is applied to a teaching scene, a binding relationship does not exist between a teaching account and a teaching flat plate, students can log in and use any teaching flat plate by using the student account, and in addition, the teaching flat plate also has a management account of the teaching flat plate, so that a flat plate owner (such as a parent) can use the teaching flat plate as a common flat plate, and the use convenience of the teaching flat plate is greatly improved. In addition, the embodiment of the invention also has the functions of protecting the privacy of the user and limiting the use of functions, and the application account only can access the application program but cannot access the system of the equipment by specially processing the system of the equipment.
Fig. 2 is a flowchart of an access control method according to another embodiment of the present invention. In this embodiment, a teaching scene is taken as an example to describe the flow of the access control method of the present invention in detail, and preferably, the embodiment of the present invention is executed by an access control device in a teaching tablet, and the method includes the following steps:
step S201, obtaining the identification information of the current user.
This step is the same as S101 in fig. 1, and is not described again here.
Step S202, the identity identification information is sent to a teaching authentication server to authenticate the current user.
Specifically, the fingerprint information, and \ or face image information, and \ or voice information, and \ or iris information, and \ or account information are sent to the teaching authentication server for authentication.
Step S203, obtaining the authentication result information returned by the teaching authentication server, wherein the authentication result information comprises the information whether the authentication is successful, the access token ID and the user basic information, and the user basic information comprises the user ID and the role.
The teaching server authenticates the identity of the user according to the user identity identification information, if the authentication is successful, basic information of the current user is obtained, an access token of the current user is generated according to the basic information of the current user, and a message indicating whether the authentication is successful, an access token ID and the basic information of the user are returned to the current equipment; if the authentication fails, returning a message of the authentication failure.
Step S204, the current device judges whether the authentication is successful according to the authentication result information returned by the teaching authentication server, if so, the current device enters step S205; if the failure occurs, the process proceeds to step S207.
Step S205, if the role of the current user is teacher, controlling the current device to enter a teacher function mode; and if the role of the current user is a student, controlling the current equipment to enter a student function mode.
Specifically, the role of the current user is judged according to the user role information in the authentication result information, and then different application function modes are entered according to different roles. And if the role of the current user is a teacher, controlling the current equipment to enter a teacher functional mode, and if the role of the current user is a student, controlling the current equipment to enter a student functional mode.
In the teaching scene, the application program corresponding to the teacher functional mode may be different from the application program corresponding to the student functional mode. In an embodiment of the invention, after the current user is successfully authenticated by the teaching authentication server, the current device starts different application programs according to the user role, and if the current user is a teacher user, the current device starts a teacher-side application program; and if the student user is in use, the student end software is started.
In an embodiment of the present invention, if the role of the current user is teacher, it is further determined whether the current user has the right to access the current device; if so, entering a mode selection interface for a user to select, wherein the mode selection interface comprises two selection items, namely a teacher function mode and a common function mode; and acquiring the functional mode selected by the user, and controlling the current equipment to enter the functional mode selected by the user. In this embodiment, the teacher account is both an application user and a device user, and the teacher may enter the corresponding functional mode according to the needs before logging in the system.
And step S206, acquiring the service data information of the user ID from the background teaching server according to the access token ID and the user ID in the authentication result information, and entering a teacher function homepage or a student function homepage corresponding to the current user.
Specifically, the teacher end application program or the student end application program obtains the service data information of the user ID from the background teaching server according to the access token ID and the user ID, and enters a teacher function homepage or a student function homepage corresponding to the current user.
Step S207, judging whether the current user has the authority of accessing the current equipment according to the identity identification information.
When the authentication of the teaching authentication server fails, the current device judges whether the current user has the authority to access the current device according to the identity identification information, if so, the current user is indicated as a device user, and the step S208 is entered, otherwise, the step S209 is entered.
And step S208, controlling the current equipment to enter a common function mode.
Specifically, the current device controls the current device to enter a normal function mode corresponding to a normal user or enter a normal function mode corresponding to an administrator user according to the user identification information.
Step S209, the current user is rejected from logging in.
And after the application identity authentication and the equipment authority authentication are successively carried out on the current user, if the user does not have the authority, the current user is refused to log in.
In the embodiment, the application identity authentication is performed on the current user, if the current user is the application user, the current device is controlled to enter the application function mode, otherwise, whether the user is the device user is further judged, and if the user is the device user, the current device is controlled to enter the common function mode. The embodiment of the invention identifies the attributes of the user by sequentially carrying out remote application server authentication and local authentication on the user, thereby controlling the current equipment to enter different functional modes, and effectively solving the problem that the functions of the flat plate cannot be exerted because the flat plate of the student is only used for learning in the current teaching scene. After the embodiment of the invention is applied to a teaching scene, a binding relationship does not exist between a teaching account and a teaching flat plate, students can log in and use any teaching flat plate by using the student account, and in addition, the teaching flat plate also has a management account of the teaching flat plate, so that a flat plate owner (such as a parent) can use the teaching flat plate as a common flat plate, and the use convenience of the teaching flat plate is greatly improved. In addition, the embodiment of the invention also has the functions of protecting the privacy of the user and limiting the use of functions, and the application account only can access the application program but cannot access the system of the equipment by specially processing the system of the equipment.
As shown in fig. 3, which is a flowchart of an access control method according to another embodiment of the present invention, the embodiment of the present invention is further optimized in the embodiments of fig. 1 and fig. 2, and the optimized function is to determine whether a current user is logged in before sending the identification information of the current user to an application authentication server for authentication, and execute different procedures according to the login status. Preferably, the method comprises the following steps:
step S301, obtaining the identification information of the current user.
Step S302, judging whether the current user is in a login state according to the identity identification information of the current user. If the mobile terminal is in the login state, the step S303 is performed, otherwise, the step S306 is performed.
When a user enters an application function mode or a normal function mode through the embodiment of fig. 1 or fig. 2 and temporarily exits the system in the midway due to some conditions, such as screen locking, network terminal, low power protection, and the like, and the user identity identification information is input again within a preset time limit to log in, whether the current user is in a login state is judged according to locally stored login information.
Specifically, after the user logs in, the login state of the current user is recorded, and the recorded user login information includes: user basic information, target user identification information, login function mode, login state information and login time. The target user identification information may be identification information obtained by current equipment when the user logs in last time, or target user identification information searched in a database by an application authentication server. Under different functional modes, the recorded login state information is different, and under the application functional mode, the login state information comprises application modules where the user exits the system, for example, under a teaching scene, under the student side application functional mode, possible application modules comprise: class, homework, wrong questions, my class, etc.; in the normal functional mode, the login state information includes various applications that the user opens when logging out of the system and applications that are currently being viewed. It should be noted that the login state information is not limited to the above, and in the prior art, in the normal function mode, the login state saving technology is already mature, and the application function mode is more single than the normal function mode.
And matching the acquired user identity identification information with the target user identity identification information in the user login information by the current equipment, and judging that the current user is in a login state if the matching is successful. And further acquiring user login information corresponding to the successfully matched target user identification information, wherein the user login information comprises user basic information, a login function mode and login state information.
Step S303, further judging whether the current user is in an application function mode login state, if so, entering step S304; if not, the process proceeds to step S305.
Specifically, whether the current user is in the login state of the application function mode is judged according to the function mode of the user login in the user login information.
Step S304, obtaining user login information corresponding to the identification information, and controlling the current device to enter an application function interface during the last login.
Specifically, according to the user basic information and login state information in the user login information, the current device is controlled to enter an application function interface during the last login.
Step S305, obtaining user login information corresponding to the identification information, and controlling the current device to enter a common function interface when logging in last time.
Step S306, the identity identification information is sent to an application authentication server to authenticate the current user.
The subsequent steps are the same as those of S102 in fig. 1 or S202 in fig. 2, and are not described again here.
In the embodiment, before the identity identification information of the user is sent to the application authentication server for remote authentication, whether the user is in a login state is judged locally, and if the user is in the login state, the user directly enters the state of login last time, so that the authentication efficiency is effectively improved, and the pressure of the remote application authentication server is reduced.
Fig. 4 is a block diagram of an access control device according to an embodiment of the present invention. Preferably, the access control device includes an identification information obtaining module 41, a first authentication module 42, a first access control module 43, a first authentication module 44, and a first access control module 45, wherein:
an identification information obtaining module 41, configured to obtain identification information of a current user;
the first authentication module 42 is configured to send the identification information to an application authentication server to authenticate a current user;
a first access control module 43, configured to control the current device to enter an application function mode when the authentication is successful;
the second authentication module 44 is configured to, when authentication fails, determine whether the current user has an authority to access the current device according to the identity identification information;
and the second access control module 45 is used for controlling the current device to enter a common function mode when the second authentication module judges that the current device is in the common function mode.
In one embodiment of the invention, the identification information is physiological characteristic information and/or account information, and the physiological characteristic information comprises fingerprint information, and/or face image information, and/or voice information, and/or iris information. I.e. the identification information may be any combination of one or more of the above.
Generally, before a user logs in, the user registers an account by means of shooting a face image of the user, and/or inputting user fingerprint information, and/or inputting user voice information, and/or shooting user iris information, and the like, and the user only needs to shoot a face image of the user, and/or input user fingerprint information, and/or input user voice information, and/or shoot user iris information for authentication when logging in, and does not need to input a user name and a password for authentication. In addition, the invention can log in through the account password.
In one embodiment of the invention, the identification information sent to the application authentication server is only the physiological characteristic information. For example, the face image information is used as the identity identification information, after the face image information sent by the current equipment is received by the application authentication server, the face characteristic value of the face image information is obtained, the face characteristic value is compared with the face characteristic value in the user database, a matched target face image is searched, and if the face characteristic value is found, the authentication is successful; otherwise, the authentication is failed.
In one embodiment of the invention, the identification information sent to the application authentication server is the combination of account information and physiological characteristic information, after the application authentication server receives the identification information, the application authentication server searches the corresponding physiological characteristic information in a user database through the account information, then matches the received physiological characteristic information with the searched physiological characteristic information, and if the matching is successful, the authentication is successful; otherwise, the authentication is failed.
And if the application authentication server successfully authenticates, the current user is the application user. In one embodiment of the invention, a plurality of application programs are used in the application function mode, the current equipment loads the application program matched with the user identification information, and the corresponding application function mode is entered.
In an embodiment of the present invention, if the authentication of the application authentication server fails, it is further determined whether the current user has the right to access the current device according to the identification information, and if so, it indicates that the current user is a device common user or a device administrator.
In an embodiment of the present invention, the current device controls the current device to enter a normal function mode corresponding to a normal user or enter a normal function mode corresponding to an administrator user according to the user identification information.
In an embodiment of the present invention, the access control apparatus is configured to perform operations for implementing the access control method according to any of the embodiments (any of fig. 1 to 3).
In the embodiment, the application identity authentication is performed on the current user, if the current user is the application user, the current device is controlled to enter the application function mode, otherwise, whether the user is the device user is further judged, and if the user is the device user, the current device is controlled to enter the common function mode. The embodiment of the invention identifies the attributes of the user by sequentially carrying out remote application server authentication and local authentication on the user, thereby controlling the current equipment to enter different functional modes, and effectively solving the problem that the functions of the flat plate cannot be exerted because the flat plate of the student is only used for learning in the current teaching scene. After the embodiment of the invention is applied to a teaching scene, a binding relationship does not exist between a teaching account and a teaching flat plate, students can log in and use any teaching flat plate by using the student account, and in addition, the teaching flat plate also has a management account of the teaching flat plate, so that a flat plate owner (such as a parent) can use the teaching flat plate as a common flat plate, and the use convenience of the teaching flat plate is greatly improved. In addition, the embodiment of the invention also has the functions of protecting the privacy of the user and limiting the use of functions, and the application account only can access the application program but not the system of the equipment by specially processing the system of the equipment.
Fig. 5 is a block diagram of an access control device according to another embodiment of the present invention, the access control device includes a memory 51 and a processor 52, wherein:
a memory 51 for storing a computer program operable on the processor 52.
A processor 52, configured to execute a computer program, so that the access control apparatus performs an operation to implement the access control method according to any of the above embodiments (fig. 1, 2, or 3 embodiments).
According to another aspect of the present invention, there is provided a smart device including an access control apparatus as described in any of the above embodiments (fig. 4 or fig. 5 embodiments).
In the embodiment, the application identity authentication is performed on the current user, if the current user is the application user, the current device is controlled to enter the application function mode, otherwise, whether the user is the device user is further judged, and if the user is the device user, the current device is controlled to enter the common function mode. The embodiment of the invention identifies the attributes of the user by sequentially carrying out remote application server authentication and local authentication on the user, thereby controlling the current equipment to enter different functional modes, and effectively solving the problem that the functions of the flat plate cannot be exerted because the flat plate of the student is only used for learning in the current teaching scene. After the embodiment of the invention is applied to a teaching scene, a binding relationship does not exist between a teaching account and a teaching flat plate, students can log in and use any teaching flat plate by using the student account, and in addition, the teaching flat plate also has a management account of the teaching flat plate, so that a flat plate owner (such as a parent) can use the teaching flat plate as a common flat plate, and the use convenience of the teaching flat plate is greatly improved. In addition, the embodiment of the invention also has the functions of protecting the privacy of the user and limiting the use of functions, and the application account only can access the application program but cannot access the system of the equipment by specially processing the system of the equipment.
According to another aspect of the present invention, there is provided a computer-readable storage medium, the computer-readable storage medium storing a computer program, which when executed by a memory, implements the access control method according to any of the above embodiments (for example, the embodiments of fig. 1 to 3), and can be applied to an intelligent device; the technical solutions of the foregoing embodiments substantially or partly contribute to the prior art, or all or part of the technical solutions may be embodied in the form of a software product stored in a storage medium, and including several instructions for causing a computer device (which may be a personal computer, a server, a mobile device, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method described in this embodiment. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the embodiment, the application identity authentication is performed on the current user, if the current user is the application user, the current device is controlled to enter the application function mode, otherwise, whether the user is the device user is further judged, and if the user is the device user, the current device is controlled to enter the common function mode. The embodiment of the invention identifies the attributes of the user by sequentially performing remote application server authentication and local authentication on the user, thereby controlling the current equipment to enter different functional modes, and effectively solving the problem that the function of a tablet cannot be exerted because a student tablet is only used for learning in the current teaching scene. After the embodiment of the invention is applied to a teaching scene, a binding relationship does not exist between a teaching account and a teaching flat plate, students can log in and use any teaching flat plate by using the student account, and in addition, the teaching flat plate also has a management account of the teaching flat plate, so that a flat plate owner (such as a parent) can use the teaching flat plate as a common flat plate, and the use convenience of the teaching flat plate is greatly improved. In addition, the embodiment of the invention also has the functions of protecting the privacy of the user and limiting the use of functions, and the application account only can access the application program but not the system of the equipment by specially processing the system of the equipment.
The access control devices described above may be implemented as a general purpose processor, a Programmable Logic Controller (PLC), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any suitable combination thereof, for performing the functions described herein.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention, and it is therefore to be understood that the invention is not limited by the scope of the appended claims.

Claims (5)

1. An access control method, characterized in that the method comprises:
acquiring identity identification information of a current user;
sending the identity identification information to an application authentication server to authenticate the current user;
if the authentication is successful, controlling the current equipment to enter an application function mode;
if the authentication fails, judging whether the current user has the authority of accessing the current equipment according to the identity identification information, and if so, controlling the current equipment to enter a common function mode;
the method further comprises the following steps:
judging whether the current user is in a login state or not according to the identity identification information;
if the current equipment is in the application function mode login state, user login information corresponding to the identity identification information is acquired, and the current equipment is controlled to enter a corresponding application function interface;
if the equipment is in a normal function mode login state, user login information corresponding to the identity identification information is acquired, and the current equipment is controlled to enter a corresponding normal function interface;
if the current user is in a non-login state, the identity identification information is sent to an application authentication server to authenticate the current user;
recording the login state of the current user after the user logs in, wherein the recorded user login information comprises: the method comprises the following steps that basic user information, target user identity identification information, a login function mode, login state information and login time are obtained, wherein the target user identity identification information is the identity identification information obtained by current equipment when a user logs in last time or the target user identity identification information searched in a database by an application authentication server, recorded login state information is different in different function modes, and the login state information comprises an application module where the user logs out of a system in the application function mode;
the identification information is physiological characteristic information and/or account information, and the physiological characteristic information is fingerprint information, and/or face image information, and/or voice information, and/or iris information;
the method further comprises the following steps:
acquiring authentication result information returned by an application authentication server, wherein the authentication result information comprises information about whether authentication is successful and user basic information, and the user basic information comprises a user role;
if the authentication is successful, controlling the current equipment to enter an application function mode matched with the user role;
the application authentication server is a teaching authentication server, the user roles comprise teachers and students, and the specific step of controlling the current equipment to enter the application function mode matched with the user roles is as follows:
if the role of the current user is teacher, controlling the current equipment to enter a teacher function mode;
if the role of the current user is a student, controlling the current equipment to enter a student function mode;
the authentication result information further includes an access token ID, the user basic information further includes a user ID, and the method further includes:
acquiring service data information of the user ID from a background teaching server according to the access token ID and the user ID, and entering a teacher function homepage or a student function homepage corresponding to the current user;
the method further comprises the following steps:
if the role of the current user is teacher, further judging whether the current user has the authority of accessing the current equipment;
if so, entering a mode selection interface for a user to select, wherein the mode selection interface comprises two selection items, namely a teacher function mode and a common function mode;
and acquiring the functional mode selected by the user, and controlling the current equipment to enter the functional mode selected by the user.
2. An access control apparatus, comprising:
the identity recognition information acquisition module is used for acquiring the identity recognition information of the current user;
the first authentication module is used for sending the identity identification information to an application authentication server to authenticate the current user;
the first access control module is used for controlling the current equipment to enter an application function mode when authentication is successful;
the second authentication module is used for judging whether the current user has the authority of accessing the current equipment or not according to the identity identification information when authentication fails;
the second access control module is used for controlling the current equipment to enter a common function mode when the second authentication module judges that the equipment is in the normal function mode;
the access control device is configured to perform operations to implement the access control method of claim 1.
3. An access control device comprising a memory and a processor, wherein:
a memory to store instructions;
a processor configured to execute the instructions to cause the access control apparatus to perform operations to implement the access control method of claim 1.
4. An intelligent device, characterized in that it comprises an access control device according to any one of claims 2 to 3.
5. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method as claimed in claim 1.
CN201980001198.6A 2019-07-11 2019-07-11 Access control method and device, intelligent device and storage medium Active CN110546641B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/095654 WO2021003752A1 (en) 2019-07-11 2019-07-11 Access control method and apparatus, smart device and storage medium

Publications (2)

Publication Number Publication Date
CN110546641A CN110546641A (en) 2019-12-06
CN110546641B true CN110546641B (en) 2022-08-02

Family

ID=68715924

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201980001198.6A Active CN110546641B (en) 2019-07-11 2019-07-11 Access control method and device, intelligent device and storage medium

Country Status (2)

Country Link
CN (1) CN110546641B (en)
WO (1) WO2021003752A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111124546A (en) * 2019-12-26 2020-05-08 联想(北京)有限公司 Control method and electronic equipment
CN113158198B (en) * 2020-01-22 2024-07-05 华为技术有限公司 Access control method, device, terminal equipment and storage medium
CN113037780B (en) * 2021-04-22 2022-10-21 读书郎教育科技有限公司 Automatic deployment method for intelligent classroom learning tablet
CN113360875A (en) * 2021-06-15 2021-09-07 读书郎教育科技有限公司 Method for realizing student flat main interface management and control function
CN113835968A (en) * 2021-09-29 2021-12-24 浪潮卓数大数据产业发展有限公司 Application server interface management method, device and medium suitable for digital security chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107526958A (en) * 2017-08-30 2017-12-29 努比亚技术有限公司 A kind of operating mode control method, terminal and computer-readable recording medium
CN107592427A (en) * 2017-10-11 2018-01-16 广东小天才科技有限公司 mode switching method, terminal device and computer readable storage medium
CN109151151A (en) * 2018-07-24 2019-01-04 深圳智祺科技有限公司 Realize the method and device of the user mode switching of terminal
CN109743603A (en) * 2018-12-19 2019-05-10 聚好看科技股份有限公司 A kind of selection method and equipment of smart television operating mode

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160120458A (en) * 2015-04-08 2016-10-18 엘지전자 주식회사 Mobile terminal and method for controlling the same
CN106921780A (en) * 2017-03-09 2017-07-04 广东小天才科技有限公司 Intelligent terminal operation mode switching method and device and intelligent terminal
CN107517321A (en) * 2017-08-31 2017-12-26 努比亚技术有限公司 Terminal pattern switching method, mobile terminal and computer-readable recording medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107526958A (en) * 2017-08-30 2017-12-29 努比亚技术有限公司 A kind of operating mode control method, terminal and computer-readable recording medium
CN107592427A (en) * 2017-10-11 2018-01-16 广东小天才科技有限公司 mode switching method, terminal device and computer readable storage medium
CN109151151A (en) * 2018-07-24 2019-01-04 深圳智祺科技有限公司 Realize the method and device of the user mode switching of terminal
CN109743603A (en) * 2018-12-19 2019-05-10 聚好看科技股份有限公司 A kind of selection method and equipment of smart television operating mode

Also Published As

Publication number Publication date
CN110546641A (en) 2019-12-06
WO2021003752A1 (en) 2021-01-14

Similar Documents

Publication Publication Date Title
CN110546641B (en) Access control method and device, intelligent device and storage medium
CN104205721B (en) The adaptive authentication method of context aware and device
US20110185402A1 (en) Access control system
US20090089876A1 (en) Apparatus system and method for validating users based on fuzzy logic
CN105450643B (en) The authentication method of network insertion, apparatus and system
US9680812B1 (en) Enrolling a user in a new authentication procdure only if trusted
CN109639724B (en) Password retrieving method, password retrieving device, computer device and storage medium
CN107800672A (en) A kind of Information Authentication method, electronic equipment, server and information authentication system
CN104184705A (en) Verification method, apparatus, server, user data center and system
CN105024986A (en) Account login method, device and system
EP3211825A1 (en) Trusted terminal verification method and apparatus
CN104184709A (en) Verification method, device, server, service data center and system
CN106169047A (en) Method and device for opening monitoring camera and electronic equipment
CN107182042A (en) Short message channel method for evaluating quality, device, medium and system
US6804331B1 (en) Method, apparatus, and computer readable media for minimizing the risk of fraudulent receipt of telephone calls
WO2021244471A1 (en) Real-name authentication method and device
CN107371160B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
CN105429954B (en) A kind of eyeball login method and device
CN105978899A (en) SIM card binding method for preventing malicious mobile phone flash
WO2020077890A1 (en) System security method and apparatus, computer device, and storage medium
CN111666785A (en) Behavior recognition method, system, apparatus, computing device, and medium
CN109271765A (en) A kind of student's private data guard method based on artificial intelligence
CN115906028A (en) User identity verification method and device and self-service terminal
CN104134025B (en) Mobile terminal locking method, device and mobile terminal based on SIM card
CN115546952A (en) Method and device for managing parent access through cloud, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20201026

Address after: 512000 101, building 31, Huangshaping Innovation Park, phase I, guanshaocheng, Wujiang District, Shaoguan City, Guangdong Province

Applicant after: YINGSHUO (Shaoguan) Information Industry Group Co.,Ltd.

Address before: 518000 Room 202, Second Floor, 1 Building, Jianda Industrial Zone, Xin'an Third Road, Baoan District, Shenzhen City, Guangdong Province

Applicant before: SHENZHEN EAGLESOUL TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant