JP2006059161A5 - - Google Patents

Description

Entrance / exit management system, ID card, control unit, system management device.

  The present invention relates to an entrance / exit management system that mainly manages the entry and exit of a person into a closed compartment.

In an entrance / exit management system equipped with an authentication server and a network system that authenticates an ID card with a client (terminal), data is stored in an IC in the card as a means for verifying the authenticity of the ID card, and this data is authenticated. Many entrance / exit management systems that prove authenticity by doing so have been proposed.
However, in the conventional entrance / exit management system, an entrance / exit management system has been proposed in which a management department that manages the entire building and a tenant entering the building construct different authentication systems with the same authentication product (ID card). It wasn't.
JP 2001-323695 A JP-A-8-99484 JP 2004-190455 A

As a means to prove your identity in the entrance / exit management system,
1, property certification by own property,
2. PIN authentication based on the knowledge of the person.
3. Biometric authentication based on the physical and behavioral characteristics of the person.
There is.
First, security authentication is easily threatened when knowledge is known to other people only by password authentication based on the knowledge possessed by the person. Further, in the case of biometric authentication, there is an aspect that it cannot be used easily because it is extremely important privacy of the person himself / herself. For example, it is difficult to use a fingerprint collected for security at a visited facility because it is very resistant.

Therefore, what is considered the most realistic is property authentication that identifies the person by property.
In this property authentication, the IC card is currently most suitable. The reasons for this are tamper resistance from physical attacks that protect the data stored on the IC card, access control rights that manage data access rights against logical attacks, and legitimacy of accessing users. Improvements such as user authentication to confirm, external authentication to confirm the validity of the accessing device and software, and the like have been enhanced.

On the other hand, if a plurality of different administrators can share and authenticate a single ID card, for example, in the case of building security, which is an example of a closed partition, In the authentication system built by the building management department that manages and the authentication system built independently by each tenant occupying the building, the card user can use it with one ID card, which is extremely convenient Becomes higher.
In addition, since the building management department can grasp the tenant's employees in the common area, it is possible to prevent suspicious people and people who are trying to enter the building without using it, thereby improving the safety of the entire building. It can be secured.

However, if an entrance / exit management system, which is an authentication system in which a plurality of administrators participate, is constructed with an IC card, programs such as IC card access management rights, user authentication, external authentication, etc. may be executed by different administrators. You need to decide whether to share it or build it separately.
First, when sharing an access management right or the like, each tenant's ID card management management system must be equally strict. In addition, the risk of human factors such as leakage of confidential information increases as the number of people involved in the management department of each tenant increases.

  Next, in order to avoid such an increase in human risk, an IC card that can be accessed by different managers is required when separately establishing access management rights, etc. Multi-application OS (MULTIS / JavaCard, etc.) (trademark registration) is effective, but because of high development costs and maintenance costs for each administrator, security for small tenants Could not meet the needs of

The entrance / exit management system of the first invention is:
An entrance / exit management system comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card,
The ID card includes an ID providing unit having an identifier in which an object to be analyzed is distributed three-dimensionally and having a physically unique pattern, and ID data (T) for specifying the ID card itself,
The control unit outputs an ID input unit that reads the ID data (T), an observation unit that obtains identifier data by observing the identifier, and outputs the ID data (T) and the identifier data to a communication line. An output control unit,
The system management apparatus transmits a plurality of identifier reference data (Ta) to the ID data (T), and the ID data (T) and the identifier data are transmitted from the control unit. The ID card based on one reference data (Ta) of the plurality of reference data (Ta) corresponding to the ID data stored in the storage unit and the transmitted identifier data. And an entry / exit management system comprising: a determination means for determining authenticity.

An entrance / exit management system according to a second aspect of the present invention is an entrance / exit management comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card. A system,
The ID card includes an ID providing unit having an identifier in which an object to be analyzed is distributed three-dimensionally and having a physically unique pattern, and ID data (T) for specifying the ID card itself,
The control unit includes an ID input unit that reads the ID data (T), an observation unit that observes the identifier to obtain identifier data, and an observation means symbol (A) that specifies an observation method when the identifier is observed. ), And an output control unit for outputting the ID data (T), the identifier data, and the observation means symbol (A) to a communication line,
The system management device includes a storage unit capable of storing a plurality of the observation means symbols (A) for each ID data (T) and reference data (Ta) of the identifier corresponding to each observation means symbol (A). When the identifier data, the ID data (T) and the observation means symbol (A) are transmitted from the control unit, the reference corresponding to the ID data (T) and the observation means symbol (A) is sent. A control unit that reads data (Ta) from the storage unit,
The control unit of the system management apparatus includes a determination unit that determines the authenticity of the ID card based on the identifier data sent from the control unit and the reference data (Ta).

  An entrance / exit management system according to a third aspect of the present invention is an entrance / exit management comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card. A system,
  The ID card includes an ID providing unit having an identifier in which an object to be analyzed is distributed three-dimensionally and having a physically unique pattern, and ID data (T) for specifying the ID card itself,
  The control unit includes an ID input unit that reads ID data (T) of the ID providing unit;
  An observation unit that observes the identifier, a terminal control unit that encodes the data of the identifier obtained from the observation unit and outputs code data (F), and encoding when the code data (F) is encoded Output means for outputting a coding method symbol (a) for specifying a method, and an output control unit for outputting the ID data (T), the coded data (F), and the coding method symbol (a) ,
  The system management apparatus uses the storage unit that stores the reference data (Ta) of the identifier corresponding to the ID data (T) and the encoding method symbol (a) to generate dummy data ( f) having a control unit for generating,
  When the control unit of the system management apparatus receives the ID data (T), code data (F), and encoding method symbol (a) from the control unit, the ID data (T) is transmitted from the storage unit. And the dummy data (f) is generated from the reference data (Ta) by the encoding method specified by the encoding method symbol (a). Determination means for determining the authenticity of the ID card by collating with the code data (F) transmitted from the control unit.

  An entrance / exit management system according to a fourth aspect of the present invention is an entrance / exit management comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card. A system,
  The ID card includes an identifier in which an object to be analyzed is three-dimensionally distributed and has a physically unique pattern, and an ID providing unit having ID data (T) for specifying the ID card itself,
  The control unit includes an ID input unit that reads the ID data (T), an observation unit that observes the identifier to obtain analysis data (Ka) of the identifier, and encodes the analysis data (Ka) to code data ( F) encoding means for obtaining, and output means for outputting an observation means symbol (A) for specifying an observation method when the identifier is observed,
  The system management device includes a storage unit capable of storing a plurality of the observation means symbols (A) for each ID data (T) and reference data (Ta) of the identifier corresponding to each observation means symbol (A). ,
  When the ID data (T), the code data (F), and the observation means symbol (A) are transmitted from the control unit, the ID data (T) and the observation means symbol (A) are transmitted from the storage unit. And a control unit that reads the reference data (Ta) corresponding to
  The control unit obtaining ID data (T) from the ID card;
  The control unit obtains code data (F);
  The control unit transmitting ID data (T), observation means symbol (A), code data (F) to the system management device;
  The system management device receiving data from the control unit;
  The control unit of the system management device calls the reference data (Ta) corresponding to the ID data (T) and the observation means symbol (A) transmitted from the control unit from the storage unit;
  The control unit of the system management device performs authenticity determination of the ID card by comparing the reference data (Ta) and the code data (F);
  The control unit of the system management device transmits the result of the authenticity determination of the ID card to the control unit by the output control unit;
  Have

  An entrance / exit management system according to a fifth aspect of the present invention is an entrance / exit management including an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card. A system,
  The ID card includes an identifier in which an object to be analyzed is three-dimensionally distributed and has a physically unique pattern, and an ID providing unit having ID data (T) for specifying the ID card itself,
  The control unit includes an ID input unit that reads ID data (T) of the ID providing unit;
  An observing unit for observing the identifier, an output unit for encoding the data of the identifier obtained from the observing unit and outputting code data (F), and an encoding method for encoding the code data (F) An output means for outputting an encoding method symbol (a) for identifying the ID, an output control unit for outputting the ID data (T), the code data (F), and the encoding method symbol (a) to a communication line; Have
  The system management device includes a storage unit that stores reference data (Ta) of the identifier corresponding to ID data (T),
  The control unit obtains ID data (T) from the ID card and analysis data (Ka) from the identifier by an observation unit;
  The control unit obtains code data (F) from the analysis data (Ka);
  The control unit transmitting the ID data (T), the encoding method symbol (a), and the code data (F) to a system management device;
  When the control unit of the system management apparatus transmits the ID data (T) and the code data (F) from the control unit, reference data corresponding to the ID data (T) is transmitted from the storage unit. Reading out (Ta);
  The controller of the system management device generates dummy data (f) from reference data (Ta) by an encoding method specified by the encoding method symbol (a) transmitted from the control unit;
  A step of authenticating, wherein the control unit of the system management device compares the dummy data (f) with the code data (F) to determine the authenticity of the ID card;
  The control unit of the system management device transmits the result of the authenticity determination of the ID card to the control unit by the output control unit;
  Have

  An entrance / exit management system according to a sixth aspect of the present invention is an entrance / exit management comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card. A system,
  The ID card includes an identifier in which an object to be analyzed is three-dimensionally distributed and has a physically unique pattern, and an ID providing unit having ID data (T) for specifying the ID card itself,
  The control unit includes an ID input unit that reads ID data (T) of the ID providing unit;
  An observing unit for observing the identifier; an output unit for outputting an observing means symbol (A) for specifying an observing method when observing the identifier; and encoding data obtained by encoding the identifier data obtained from the observing unit. Output means for outputting (F), output means for outputting an encoding method symbol (a) for specifying an encoding method when the encoded data (F) is encoded, the ID data (T), An output control unit for outputting code data (F), the encoding method symbol (a), and the observation means symbol (A) to a communication line;
  The system management device can store a plurality of observation means symbols (A) for each ID data (T) and reference data (Ta) of the identifier corresponding to each of the observation means symbols (A) Have
  The control unit obtaining ID data (T) from the ID card;
  The control unit obtains code data (F) from the identifier;
  The control unit transmitting the ID data (T), the encoding method symbol (a), the code data (F), and the observation means symbol (A) to a system management device;
  When the control unit of the system management apparatus receives the identifier data, the ID data (T), and the observation means symbol (A) from the control unit, the ID data (T) is transmitted from the storage unit. Reading the reference data (Ta) corresponding to the observation means symbol (A),
  The controller of the system management device generates dummy data (f) from the reference data (Ta) by the encoding method specified by the encoding method symbol (a);
  A step of authenticating, wherein the control unit of the system management device compares the dummy data (f) with the code data (F) to determine the authenticity of the ID card;
  The control unit of the system management device includes a step of transmitting the result of the authenticity determination of the ID card to the control unit by the output control unit.

  The ID card according to a seventh aspect of the present invention is the entrance / exit management system according to any one of claims 1 to 6, wherein the analyte observed by the observation unit of the control unit is physically distributed in three dimensions. And an ID providing unit having an identifier having a unique pattern and ID data read by an ID input unit of the control unit.
  The ID card according to an eighth aspect of the present invention is the entrance / exit management system according to any one of claims 1 to 6, wherein the analyte observed by the observation unit of the control unit is physically distributed in three dimensions. An identifier having a unique pattern, a reference point serving as a reference for the position of the object to be analyzed in a three-dimensional space, and an ID providing unit having ID data read by an ID input unit of the control unit are provided.

  A control unit according to a ninth aspect of the present invention is the entrance / exit management system according to any one of claims 1 to 6, wherein the control unit is provided in an ID input unit that reads ID data (T) of the ID card, and the ID card. An observation unit for obtaining the identifier data by observing the identifier having three-dimensionally distributed and physically unique patterns, and outputting the ID data (T) and the identifier data to a communication line Possible output control unit.
  A system management device according to a tenth aspect of the present invention is the entrance / exit management system according to any one of claims 1 to 6, wherein the storage unit stores reference data (Ta) of the identifier corresponding to the ID data (T). And a control unit that reads reference data (Ta) corresponding to the ID data (T) when the identifier data and the ID data (T) are transmitted from the control unit, The control unit of the system management apparatus includes a determination unit that determines the authenticity of the ID card based on the identifier data sent from the control unit and the reference data (Ta).

In the entrance / exit management system of the present invention, an ID card having an identifier having a physically unique pattern, an ID providing unit having ID data, and an ID input unit for reading the ID data of the ID providing unit, A control unit comprising an observing unit for observing the identifier, and a system management device for authenticating the ID card based on data from the control unit. Since there is a means to manage, when authenticating the possession of one ID card, the authenticity of the ID card is identified by an identifier provided in the ID card and distributed in three dimensions and having a physically unique pattern. Since there is no program or program bug in the identifier that can be proved and proves authenticity, the ID card development and maintenance costs are very high It has the effect of being cheap.

  In the ID card according to the present invention, in the entrance / exit management system, the identifier observed by the observation unit of the control unit is distributed three-dimensionally and has a physically unique pattern, and the ID input of the control unit An ID card including an ID providing unit having ID data read by the unit can be provided.

  In the control unit according to the ninth aspect of the present invention, in the entrance / exit management system according to any one of claims 1 to 6, an ID input unit that reads ID data (T) of the ID card;
  An observation unit for obtaining an identifier data by observing the identifier having a unique pattern physically distributed in three dimensions and an object provided on the ID card; and the ID data (T) and the identifier It is possible to provide a control unit having an output control unit capable of outputting data to a communication line and capable of reading information from an ID card in which an object to be analyzed is distributed three-dimensionally.

  In the system management apparatus according to the tenth aspect of the present invention, in the entrance / exit management system according to any one of claims 1 to 6,
  A storage unit that stores reference data (Ta) of the identifier corresponding to the ID data (T);
  A controller that reads reference data (Ta) corresponding to the ID data (T) when the identifier data and the ID data (T) are transmitted from the control unit;
  It is possible to provide the system management apparatus, wherein the control unit of the system management apparatus includes a determination unit that determines the authenticity of the ID card based on the identifier data sent from the control unit and the reference data (Ta).

  The present invention employs an ID card 3 provided with an ID providing unit 2 that supplies an identifier 1 and ID data 5 each having a unique characteristic to an ID card used for property authentication of a plurality of authentication systems. .

Hereinafter, an embodiment for determining the authenticity of an identifier will be described with reference to the drawings.
First, terms used in this embodiment will be described.
The analysis data (Ka) is identifier data output from the observation unit.
The observation means symbol (A) is a symbol for specifying the observation method when the identifier is observed.
Encoding is to calculate analysis data by a specific algorithm.
The encoding method is an algorithm for encoding analysis data.
The encoding method symbol (a) is a symbol for specifying an encoding method used when encoding analysis data.
The code data (F) is data obtained by encoding the analysis data (Ka).
The reference data (Ta) is data (template) that serves as a reference for each identifier registered in advance in the storage unit of the system management apparatus.
The dummy data (f), reference data (Ta) is data obtained by encoding method symbol thus corrected.

  FIG. 1 is a plan view showing an example of an ID card 3 (authenticated product) used in a building management system according to the present invention, and has a card shape in this embodiment. The ID card 3 includes an identifier 1, an ID providing unit 2 for specifying an authentication object, an ID visualizing unit 2-1 that visualizes and displays ID data, and a photo pasting field 32.

  For ID2, a two-dimensional bar code is used in the present embodiment, but the purpose of the ID providing unit 2 is to supply ID data 5 to be read by an ID input unit 60 described later. Therefore, it may be a non-contact IC capable of outputting data, or may be a contact IC, etc. However, preferably, a non-contact IC automatically detects the reader installed at the gate when entering or leaving the building. It is convenient because it reads ID data.

The ID visible section 2-1 is a display section that visually displays ID data for specifying a card to be used when the owner fills in a document or the like.
The image column 32 is a part for displaying a photograph of the owner's face, a symbol (mark) representing the tenant to which the owner belongs, and these images are pasted or printed as necessary.

The identifier 1 has a physical pattern with uniqueness to prove the authenticity of the ID card.
Since this identifier 1 has a physically unique pattern, it is impossible to forge a large amount because it must be duplicated for each unique pattern. Furthermore, if it has a three-dimensional shape, it cannot be duplicated.

  FIG. 2 shows an example of the identifier 1 in which the analyte 4 is distributed in three dimensions, (A) is a plan view showing the identifier 1 viewed from above, and (B) is seen from the lateral method. FIG. B3 is a perspective view of the identifier 1. In this identifier 1, three analytes 4-1 to 4-3 are three-dimensionally distributed.

Reference symbols N1 to N3 in FIG. 2 are cut-out symbols that serve as a reference for the position of the object to be analyzed in the three-dimensional space. Is determined.
The analyzed object 4-1 has a fibrous shape and has feature points such as end points and breaks from n1 to n3, and the analyzed object 4-2 has intersection points n4 to n7 that are feature points where the sides intersect. The analyzed object 4-3 has intersections n8 to n16 which are feature points where the sides intersect. The three-dimensional positions of these feature points can be specified by a three-dimensional position estimation method described in Japanese Patent No. 3020898 or the like.
Even in the case of such an object to be analyzed, various encoding methods are conceivable, such as extracting only data of end points from feature points and setting the three-dimensional position of the end points as code data (F).

FIG. 3 is a perspective view of the identifier 1 in the present embodiment, and shows the relationship between the analyte 4 and the feature points.
In FIG. 4, when the resolution is increased, the end point n1 which is a feature point of the analyzed object 4-1 is enlarged, and the shape is analyzed, instead of the same magnification observation method, the shape is further subdivided from n1-1 to n1-4. It is a figure for demonstrating that a feature point can be provided.
That is, the accuracy of the observation unit 61 indicates that it is possible to generate analysis data obtained by further subdividing the feature points assigned to the same analyte.

  In the present embodiment, the example in which the identifier 1 is incorporated in the ID card portion is shown. However, by analyzing the object to be analyzed having physical properties such as a magnetic material distributed throughout the ID card without being caught by the ID card. The ID card itself may be configured as an identifier 1, and a part of the identifier 1 may be code data (F), and the position information of the code data may be the encoding method symbol (a). It is. In short, if the method for observing the encoded data of the analysis data of the identifier having the unique physical pattern and the encoding method can be specified and transmitted to the system management apparatus side, it deviates from the gist of the present invention. Various modes are possible instead of those.

Next, an example of the authentication system for authenticating the identifier 1 (analog chip) will be described.
5 to 7 are block diagrams for explaining how the control unit 9 and the system management device 73 are configured with an analog chip authenticity determination system.
The roles of the control unit 9 and the system management device 73 in the entrance / exit management system will be described later.

Now, an information processing method in the control unit 9 including the ID input unit 60, the observation unit 61, and the control device 62 will be described with reference to FIG.
First, the role of the control unit 9 will be described. The control unit 9 has an ID input unit 60 that reads data of the ID providing unit 2 of the ID card 3 and an observation unit 61 that observes the identifier 1 and obtains analysis data. The code data group including the encrypted data of the identifier obtained by processing the analysis data is transmitted to the system management apparatus.

  Next, each unit will be described. The ID input unit 60 reads the ID data 5 from the ID providing unit 2 provided in the ID card 3 and transmits it to the terminal input unit 66. The observation unit 61 observes the identifier 1 and transmits the analysis data 15 (Ka) and the observation means symbol 13 (A) for specifying the method of the observation means to the terminal input unit 66.

  The control device 62 includes a terminal input unit 66 that receives signals from the ID input unit 60 and the observation unit 61, an output control unit 70 that transmits data to the communication line 101, control of each unit, data transfer, And a terminal control unit 65 that performs calculation, temporary storage of data, and the like.

The encoding method data output unit 85 of the terminal control unit 65 outputs an algorithm for encoding the analysis data (Ka) 15 to the code output unit 84 and outputs the encoding method symbol (a) 12 to the output control unit 70. To do.
The code output unit 84 of the terminal control unit 65 transmits the analysis data 15 “Ka1-238” transmitted from the terminal input unit 66 according to the encoding method algorithm from the encoding method data output unit 85 to the encrypted data of the identifier. Is converted into code data “F-238”.
These encoding method symbol 12 (a), observation means symbol 13 (A), ID data 5 (T), and code data 16 (F) are transmitted as a code data group 94 via the communication line 101 to the system management apparatus. 73.

FIG. 6 is a block diagram for explaining how the data group 94 transmitted from the control unit 9 via the communication line 101 is processed in the system management apparatus 73.
First, the system management device 73 includes an input control unit 75 that receives the data group 94, a storage unit 80 that includes a reference data table 125, an ID data processing unit 91, a dummy data generation unit 92, and a code verification unit 95. The control unit 74 includes an output control unit 76 that transmits data to the communication line 101.

The ID data processing unit 91 of the control unit 74 receives the reference data 19 corresponding to the ID data 5 “T238” and the observation means symbol 13 “A1” transmitted from the control unit 9 via the input control unit 75. When the reference data table 125 of the storage unit 80 is inquired and the reference data “Ta1-238” is obtained, it is transmitted to the dummy data generation unit 92.
The dummy data generation unit 92 generates the dummy data 17 “f-238” by correcting the reference data “Ta1-238” with the encoding method symbol “a1-1” for correcting the reference data “Ta1-238”. The data is transmitted to the code verification unit 95.

  The code collation unit 95 collates the dummy data “f-238” from the dummy data generation unit 92 with the code data “F-238”, and if the error is less than or equal to the allowable value, it approves the determination result 20. Is output as "real". The determination result 20 is transmitted from the output control unit 76 to the control unit 9 via the communication line 101. The control unit 9 controls the external device control unit 71 shown in FIG. Allow.

  Furthermore, the procedure will be described with reference to FIG. 7 as an example of an identifier authenticity determination system for comparing code data with reference data. Various encoding methods for data such as a compression rate for compressing image data and a method for obtaining three-dimensional position information of an object can be adopted as an encoding method in this identifier authenticity determination system. In the example, for the convenience of explanation, the encoding method for extracting only a circular graphic from the graphic information of the image data “Ka1-238” and the method for authenticity determination have been described.

First, the control unit 9 obtains ID data (T238) from the ID card 3 and analysis data (Ka1-238) from the observation unit 61;
Step S102 for obtaining code data (F-238) by an encoding method for extracting a circular figure of the encoding method symbol ( a1-1) from the analysis data (Ka1-238);
The control unit 9 transmits a data group including ID data (T238), observation means symbol (A1), encoding method symbol (a1-1), code data (F-238), and the like to the system management device 73. Step S103,

Step S104 in which the system management device 73 receives the data group;
Step S105 for calling the reference data 19 (Ta1-238) from the reference data table 125 of the storage unit 80 using the ID data (T238) and the observation means symbol;
Step S106 for generating the dummy data (f-238) by correcting the reference data (Ta1-238) with the encoding method data (a1-1) for “extracting a circular figure”;
When the dummy data (f-238) and the code data (F-238) are collated and the deviation is found to be within the reference value, the authenticity determination step S107 for authenticity,
Step S108 for transmitting the result of the authenticity determination to the control unit 9.

Thus, in the identifier authenticity determination system of the present embodiment , authenticity is determined using the identifier 1 having physical characteristics.

  Also, when sharing an ID card with multiple authentication systems, there is no need to share programs and procedures such as access management rights, user authentication, and external authentication required for IC cards. In spite of sharing the same ID card, it is possible to construct an authentication system having an original observation unit and an encoding method in an authentication system according to each scale.

  However, although each identifier 1 used in the present invention has a unique pattern, it can naturally be said that similar ones can be made by chance, and the amount of feature points changes due to scratches and dirt. Such problems that can be considered are the errors in erroneously determining a person as an other person (identification rejection error) and errors in determining another person as an original person in biometrics (such as fingerprints) authentication. It is known that (other person acceptance error) occurs, and such errors are collectively taken as accuracy.

In the present invention, the same error occurs when determining the authenticity of the identifier. However, the safety of the system can be increased by increasing the accuracy and reducing the error.
On the other hand, if the accuracy of the observation part and the reference data is increased in order to reduce the error, the forgery of the identifier must be made precisely according to the accuracy of these data. For example, the identifier is distributed three-dimensionally in the resin. Since there is no technique for manufacturing by reproducing the state of a substance, it is impossible to forge an identifier having a three-dimensional structure, so that safety is increased.
In this way, an authentication system effective for counterfeiting can be constructed, and at the same time, for example, an inexpensive two-dimensional camera image can be used for authentication. Therefore, it is possible to construct an authentication system that uses an inexpensive observation unit.

  In addition, even if one of a plurality of management systems sharing the ID card of the present embodiment is inadequate for ID card management or ID card authentication system management, the authentication system for other management systems is It has no effect. Furthermore, the identifier of the present embodiment has the advantage that it is not necessary to maintain and manage the IC program and the running cost is lower than that of the IC.

  As described above, in this embodiment, while using the ID card 3 in common, the control unit 9 installed in the building management unit 45 and the control unit 9 installed in each tenant observe observations of completely different identifiers. And an encoding method can be provided.

  Since it has such a configuration, from the viewpoint of the security level, the ID card 3 starts from the lowest security level A in which the security guard determines authenticity by the appearance of the ID card according to the security level. It is possible to set a security level B for confirming ID information of ID2, a security level C for determining the authenticity of the identifier 1, and the security level C is particularly suitable for the performance of the observation apparatus for analyzing the identifier and the accuracy of the reference data. By changing the accuracy at the time of authentication, it is possible to obtain a high level of security, and it is possible to construct an authentication system that can meet various requirements including budgets.

  Next, looking at the ID card 3 from the viewpoint of convenience, for example, when the publicity is high and the security level may be low, a non-contact IC is adopted for the ID providing unit 2 and the entrance / exit unit is used. Read the information so that you can see who entered. On the other hand, if a high security level is required for entry into a private room or management of physical keys or devices, authentication of identifier 1 can be performed with an authentication method having a different security level with a single card. This makes it possible to provide a highly convenient ID card 3.

FIG. 8 is a conceptual diagram for explaining an embodiment in which the management system of the present invention is employed in a building entrance / exit management system.
In the present embodiment, description will be made on the assumption that the building management unit 45 that manages the tenant building 42 and the tenant 50A and the tenant 50B are occupying the building.
First, the tenant building 42 is broadly divided into a building management unit 45 that manages the entire building and a shared part, and a plurality of tenants 50A and tenants 5B each having a unique management system, and are partitioned by a wall 44.

First, in the building management unit 45, an entrance 49 , a passage 47, and a management room 46 are partitioned by a wall 44, and an entrance / exit room 6-1 is provided between the entrance 49 and the passage 47. 46 is provided between the tenant building 42 and the outside, and an entrance / exit room 6-3 is provided between the tenant building 42 and the outside, and the shared gate 7 is provided between the passage 47 and each tenant 50. Is provided.
The entrance / exit chamber 6 is provided with a control unit 9 on the entrance side and the exit side, respectively, which will be described later. The entrance side is 9a and the exit side is 9b.

  The shared gate 7 is provided with an ID input unit 60 connected to the control unit 9 and a system management device 73 managed by the building management unit 45 by a line L2 indicated by a one-dotted line.

In the tenant 50, a private room 52 with a high security level is partitioned by a wall 44 inside the tenant 50, and an entrance / exit part 6 is provided at the entrance of the private room 52.
The system management device 73 also includes a control unit 9c that permits log on to the device 8a that is an information processing device that manages information via the line L2, or a device 8b that is a storage for storing keys and valuables. A control unit 9d and the like for unlocking are connected.

Furthermore, the configuration of each management system of the entrance / exit management system for the entire tenant building will be described with reference to FIG.
The management system is a unit of management, and the management system of this embodiment can be roughly divided into a wide area management system and an area management system. The wide area management system manages the entire tenant building 42 indicated by the dotted line, and is controlled and operated by a system management device 73a which is an information processing device managed by the building management unit 45, and mainly manages the public sector such as the management room 46 and the passage 47. to manage. The system management device 73a is connected in parallel with the system management devices 73b and 73c of the tenant 50 via the line L1, and the system management device 73a of the building management unit needs information from the system management devices 73b and 73c of the tenant. To collect and manage the security of the entire building.

On the other hand, the area management system has two management systems, a tenant 50A and a tenant 50B, in this embodiment, and the control unit 9 is connected to the system management apparatus 73 installed in each tenant as necessary. .
Therefore, in this embodiment, there are three different business operator management systems, and each of these management systems can construct an authenticity determination system with a different identifier 1.

FIG. 10 is a block diagram for explaining an example of the configuration of the system management device 73 and the control unit 9 in the exit management system that manages the entry and exit of people to and from the closed compartment.
First, the control unit 9 obtains information of the ID input unit 60 that reads the ID data 5 from the ID providing unit 2 provided in the ID card 3 and the information of the identifier 1 in the control device 62 that is an information processing device. An observation unit 61 for transmitting identifier analysis data to the user, a personal information input unit 64 for acquiring unique information possessed by the owner, such as biometric information (biometrics) and a personal identification number, log-on to a computer, storage, door The external device control unit 71 etc. for performing unlocking etc. are connected as necessary.

The control device 62 is a control means and comprises a CPU or the like, and controls each part, transfers data, performs various calculations, and temporarily stores data.
The control device 62 will be further described. The terminal control unit 65 is a CPU that controls data processing, input / output, etc., and receives signals from the ID input unit 60, the observation unit 61, the personal information input unit 64, and the like. A terminal input unit 66, a display unit 67 for displaying entry permission and operation instructions to the owner of the ID card 3, and an ID that can temporarily store information from the ID card 3 or log on to the control unit 9 A storage unit 68 that stores information and the like, an input control unit 69 that controls data transmitted from the communication line 101, and an output control unit 70 that controls data that outputs signals to the communication line are provided.

The system management device 73 is an information processing device, and is connected to a display unit 83 that displays information and an input unit 82 such as a pointing device, a mouse, and a keyboard, and the ID is based on data sent from the control unit 9. It manages card authentication and whereabouts of the owner of the ID card.
The system management device 73 includes a control unit 74 that is a CPU that controls data processing such as computation and input / output, an input control unit 75 that controls a signal from the communication line 101, and a signal that is output to the communication line 101. An output control unit 76 for controlling the data, a storage unit 80 for storing various data, and the like.

  Various types of data are stored in the storage unit 80 of the system management device 73. For convenience, information necessary for describing the management system is adopted in the structure of a database that is a relational database. And it demonstrates based on FIG.

  FIG. 11 is an example of a part of the database in the storage unit 80 provided in the system management device 73a of the building management unit 45 that manages the wide area management system. Data for managing entry / exit of ID cards is shown in FIG. Information on entrance / exit management table 121 to be stored, personal authentication table 122a for storing data for performing personal authentication, reference data table 125 required for authentication of identifier 1 described later, and information relating to the owner of the ID card Change form 127, flag table 128 that is turned on when the owner enters the passage 47, and an after-hours list 129 in which the ID is listed when the passage does not pass within the time described later. A level table 132 in which different security levels 118 can be set for each control unit name 106, and devices installed in the building management unit 45 Who has been to the facility management table 136a, etc. to manage or use the.

  In the entrance / exit management table 121, an affiliation 35 for identifying a tenant to which an employee who owns an ID card belongs, an email address 24 as a contact information of the manager or owner of the ID card, and the validity of the ID card Status data 21 that is a record of invalidity, suspension of rights, etc., a gate list 25 in which information such as the entrance / exit section 6 and the shared gate 7 to which this ID is allowed to pass is registered, and the expiration date of the ID card 26 and the like are recorded, and the building management unit 45 manages the users of the entire building.

  The personal authentication table 122a is a table for storing a personal identification number corresponding to the ID data 5 and biometric information such as the user's iris, fingerprint, voiceprint, face image, and the like. Personal authentication by biometric authentication is possible.

The correction value table 126a is a table that can be registered when the observation means symbol (A) and the encoding method symbol (a) of the control unit 9 are known in advance, and these symbols are registered. If it is, it is possible to determine the legitimacy of the control unit 9 by collating with the data of the code data group 94 sent when the authenticity of the identifier 1 is determined. The observation means symbol 13 and the encoding method symbol 12 can be omitted.
Further, the observation means symbol 13 and the encoding method symbol 12 are stored in the table 126a when the control unit 9 is first connected, and thereafter, these symbols are stored from the control unit 9 installed in a specific place or the like. If it is configured not to output data, even if a malicious person attempts to impersonate the control unit 9 installed in a specific place, the first registered observation means symbol and encoding method symbol must be understood. Since the identifier cannot be properly encoded, the security level can be increased.

  FIG. 12 is an example of a database in the storage unit 80 of the system management devices 73b and 73c managed by the tenant 50a, and a tenant management table 135 that stores data for managing employees and guests who own ID cards. The personal authentication table 122b for accumulating data required for the personal authentication of the employee, the reference data table 125 for storing the reference data 19 required for determining the authenticity of the identifier 1, and the possession of the ID card 3 A change form 127 for changing information relating to a person, etc., a facility management table 136b for managing who has used the device 8 installed in the tenant 50, and a leaving / leaving management table 137 for recording employee attendance and leaving. A level table 132 that enables the security level for each control unit name 106 to be set. It is. About the structure which overlaps in this memory | storage part, the previous description is used unless there is particular description.

  In the tenant management table 135, the ID data 5, the personal information 29 which is information related to an individual such as an e-mail address / phone number, contact information, name, date of birth, etc., and the ID card 3 are valid, invalid, right ID data based on status data 21 for storing the status of stoppage, permission list 112 in which the entrance / exit unit 6, the common gate 7, the device 8, and the like permitted to pass are listed, and information from the entrance / exit unit 6 Data such as a residence 113 for recording the whereabouts of the owner is recorded.

  In the personal authentication table 122b, data 22 required for personal authentication of the employee working at the tenant 50a is associated with the ID data 5, and the name 22, password 30, physical characteristics 107, etc. are stored as necessary. ing.

The change form 127 is a form used when a person in charge of the building management unit and a tenant administrator change data in the entrance / exit management table 121.
The attendance / leaving management table 137 stores the attendance time 114 and the exit time 115 of tenant employees for each date.

  In this embodiment, for the sake of convenience of explanation, the display unit 83 and the input unit 82 are connected to the system management device 73, and the observation unit 61 and the ID input unit 60 are connected to the control device 62. Can be integrated, and the combination and configuration thereof can be changed without departing from the gist of the present invention.

In this embodiment, a database format that is a relational database is adopted. A plurality of tables are provided according to the data to be managed, and the data in these tables are associated with each other. In addition, there are queries that search and display data that meets the conditions from these tables, and a form that allows input of information according to a request from the user.
In addition, not all of these tables, queries and forms are required, but it is necessary to combine arbitrarily required tables, queries and forms, a report that determines the printing format (not shown), etc. Needless to say, the configuration and format of the database are not limited as long as the database having the function to be configured is configured and the technical idea of the present invention is realized. Further, the data described in each table of the present embodiment is described for convenience of explanation, and is not data that specifically specifies the present embodiment.

13 to 19 are flowcharts showing an example of the operation of the management system of this embodiment.
FIGS. 13 and 17 show the operation of the management system at the time of entry at the security level B for authenticating the ID data 5 from the ID providing unit 2, and FIGS. 14 and 18 show the ID data 5 from the ID providing unit 2. The operation of the management system at the time of admission at the security level C that authenticates the identifier 1 and the identity authentication is shown.

For the sake of convenience, for the sake of convenience, the employee A of the tenant 50A who has come to the office enters the closed section managed by the building management unit 45 from the outside, and further moves to the closed section managed by the tenant 50A. An example to be performed is temporarily set, and the operation of each authentication system will be described with reference to FIG. 8 based on this example.
In this embodiment, the ID providing unit 2 will be described as adopting a read-only non-contact IC.

FIG. 13 is a flowchart for explaining a management procedure in a passage or the like which is a shared part from the entrance / exit unit 6-1 installed at the entrance of the building to the tenant 50 by the building management unit 45.
When the management method of the common portion further illustrated by FIGS. 13 and 8 and the like, in step S1, the control unit employee A tenant who owns the ID card has been installed in the entry-exit portion 6-1 of entrance 49 9a- When approaching 1 and accessing, ID data 5 of the ID providing unit 2 (non-contact ID) is detected by the ID input unit 60 of the control unit 9a-1 (S2).

The ID data 5 detected in step S2 is transferred to the system management device 73a of the building management unit 45, and the system management device 73a acquires the ID data 5 (S3).
In step S4, the acquired ID data 5 is collated with the ID data 5 registered in the entrance / exit management table 121 recorded in the storage unit 80 by the control unit 74 of the system management apparatus 73a. If “YES”, the process proceeds to the next step, and if it cannot be done, a negative “NO” is reported to the building manager 48 (S12).

  In step S5, the check flag 108 corresponding to the ID data 5 in the flag table 128 of the storage unit 80 is set to “ON”, and the entry time 109 is recorded and the person who owns this ID card has entered the building. Or is recorded.

Eventually, employee A who entered the building passes through the passage 47 and passes through the shared gate 7a to enter the tenant 50A. At that time, the ID data is detected by the ID input unit 60-1 installed in the vicinity of the shared gate 7a. (S6)
The main purpose of step S6 for detecting the ID data by the gate is to register the gate through which the owner of the ID card passes in the gate list 25 of the entrance management table 121 in advance, and the ID to be passed by the gate that passes after entering the gate. Observing the behavior of the card owner and performing identity authentication (behavior authentication) based on the characteristics of the behavior of the ID card owner.

  The control unit 74 determines whether the gate data detected in S6 is transferred to the system management device 73a of the building management unit 45 (S7) and registered in the gate list 25 of the entrance / exit management table 121 of the building management unit 45. Makes an inquiry to the storage unit 80 and confirms that it has passed the gate registered in the list (S8).

In S8, if the passed gate is a registered gate, the check flag of the flag table 128 is set to “OFF” (S9). In this example, since the shared gate 7a leading to the tenant 50A is registered in the gate list, in this step 9, the owner of the ID card has moved from the partition managed by the building management unit 45 to the partition managed by the tenant 50A. It is confirmed that the processing of a series of steps when the building management unit 45 enters is completed (S10).
In addition, since the entrance / exit part 6 of S11 leads the entrance / exit part 6-1 to the entrance 49 and 6-2 to the outside, these pieces of information indicate that the ID card owner has left the building. means.

  Further, the behavior authentication will be further described. In this embodiment, the shared card installed at the entrance of the tenant within a certain time after the cardholder passes through the entrance / exit section 6-1 installed at the entrance of the passage. Focusing on the probability of passing, the system management device 73a of the building management unit 45 monitors whether or not the owner of the ID card is performing a normal action. The specific method will be described with reference to FIG.

  First, the system management device 73a of the building management unit 45 is programmed to perform “entrance check processing”, which is a series of processes at appropriate intervals, and when that time arrives, the “entrance check” of S15 shown in FIG. Processing "is started.

First, the control unit 74 of the system management device 73 inquires of the flag table 128 of the storage unit 80 illustrated in FIG. 11 and collects the ID data 5 in which the check flag 108 is ON (S16).
Next, by subtracting the admission time of the previous ID data 5 from the current time, the elapsed time since admission is obtained. For example, the ID data 5 whose elapsed time has exceeded 5 minutes of the specified time is extracted as ID data outside the specified time (S17).

  The ID data 5 extracted in step 17 and its elapsed time 117 are tabulated in the after-hours list 129 (S18), and the data of the after-hours list 129 is notified to the building manager 48 (S20).

  In this example, the specified time is 5 minutes. However, the specified time may be set for each ID, or the specified time is set in consideration of the size of the building, the time required for the elevator, etc. It is possible to adopt various specified times such as a method of measuring daily and automatically setting the optimal specified time. Moreover, even if a plurality of gates are installed not only at the boundary between the tenant and the building management section but also at important points in the passage, it does not depart from the gist of the present invention.

  FIG. 14 is a first half portion of a flowchart showing the operation of the entrance / exit management system that can be applied to a common area of a tenant building, which is set at a security level C that requires a high level of safety, and that can be applied at the time of warning, holiday, and night. It is. The latter half is shown in FIG.

For convenience of explanation of the present embodiment, a case is set where an employee A of a tenant 50a who has come to the office first enters a section managed by the building management unit 45 and then moves to a section managed by the tenant 50. The operation of each authentication system will be described with reference to FIG.
Note that the same reference numerals as those in the above-described drawings have the same effects unless otherwise specified.

The difference between the series of procedures shown in FIGS. 14 and 15 and the series of procedures shown in FIG. 13 is that identifier authentication and identity authentication are added in steps S4-1 to S4-10. Since there is, the difference will be described below.
After the ID is authenticated in step S4, in step S4-1, the identifier 1 is displayed on the display unit 67 of the control unit 9a-1 installed near the entrance / exit unit 6-1 from the system management device 73a of the building management unit 45. A display is made requesting that data be entered.

Next, when the employee A sets the ID card 3 in the positioning unit 40 and the observation unit 61 obtains the analysis data (Ka) of the identifier, the analysis data (Ka) is encoded by the control device 62 of the control unit 9. (S4-2). Further, the control device 62 sends the code data group 94 related to the identifier to the system management device 73a of the building management unit 45 (S4-3).
When the system management device 73a acquires the code data group related to this identifier (S4-4), the reference data table 125 of the identifier is stored for each ID data 5 in the reference data table 125 of the storage unit 80. This reference data The authenticity of identifier 1 is authenticated by collating the data of identifier 1 transmitted with 19 (S4-5).

  When the identifier is authenticated and the authenticity of the ID card 3 is confirmed, the system management device 73b requests personal authentication data for authenticating the owner from the control unit 9a-4 in the next step (S4-6). ).

  When the control device 62 of the control unit 9 receives the data request for the personal authentication, it displays on the display unit 67 so as to perform the personal authentication to the owner, and displays the “password” or “physical feature (fingerprint, iris, Voice identification etc.) "to identify the individual, and prompt the user to input the personal authentication data into the personal information input unit 64 to acquire the personal authentication data (S4-7).

In the next step, the personal authentication data is sent to the system management device 73a of the building management unit 45 (S4-8).
In the system management device 73a, when the control unit 74 receives the personal authentication data, the personal identification number 30 or the physical feature corresponding to the ID data 5 stored in the personal authentication table 122 of the storage unit 80 is read and authenticated (S4). -9 · S4-10).
In step S4-10, if the user is authenticated and the user is authenticated, the process proceeds to the next step S5, and the following processing method is the same as the steps described in FIG.

According to the security level C management system described in the present embodiment, the authenticity of the identifier provided on the ID card and the authentication for identifying the owner are performed when entering the building, so that a very high safety is ensured. It becomes possible to do.
In the security level C management system of the present embodiment, the so-called “authentication of ID card” of property authentication, “password” for authenticating the owner's behavioral characteristics, and the physical characteristics of the owner All of the “biological information” that authenticates the ID is described, but the most important thing is “authenticity of the ID card”, which is most important for property authentication. It is preferable that these authentications be arbitrarily adopted as necessary.

  Further, for example, in the control unit 9a-2 that manages the entrance to the management room 46, the ID card holder is requested to input an identifier and personal information, and the entrance / exit section 6 from the entrance 49 to the passage 47 is set. The security level 118 of the level table 138 is set for each control unit as necessary, such as permitting admission by acquiring and authenticating only the ID data 5 in the control unit 9a-1 installed on the entrance side of -1. By doing so, it is possible to construct a flexible entrance / exit management system.

  Hereafter, the operation of the management system when the employee A of the tenant 50A who owns the ID card 5 whose ID data 5 is T238 enters the tenant 50A will be described with reference to FIGS.

  FIG. 17 is a flowchart of the entrance / exit management system of the present embodiment at the security level B preferably applied on weekdays or the like. FIG. 18 shows a flowchart of the present embodiment in the state of the security level C when high safety is required at the time of warning or holiday.

First, an example of the operation in the security level B state will be described with reference to FIG.
When the owner of the ID card 5 accesses the vicinity of the control unit 9a-4 connected to the system management device 73b of the tenant 50A (S25), the ID data 5 is detected by the control unit 9a-4 (S26). The detected ID data 5 is output from the output control unit 70 of the control device 62. The output ID data 5 is received by the system management device 73b managed by the tenant 50A, and the ID data 5 is acquired (S27).

In step S28, when the acquired ID data is collated with the ID data registered in the tenant management table 135 recorded in the storage unit 80 by the control unit 74 of the system management apparatus 73b, the authentication is “YES”. Then, the process proceeds to the next step 29. If the authentication cannot be performed, a negative “NO” is notified to the tenant administrator 51 (S31).
In step S29, the time at which the ID data is detected is recorded in the office entry time 114 of the entry / exit management table 137 of the storage unit 80, and the series of processes ends (S30).
In step S31 of the present embodiment, the report destination is the tenant administrator 51. However, the notification destination is not trapped, and the building administrator 48 may be used, or both may be used as necessary. Can be configured.

FIG. 18 shows a flowchart of the security level C when high safety is required such as on a holiday or on alert.
Note that the same reference numerals as those in the above-described flowchart have the same effects unless otherwise specified. The difference will be described below. First, after accessing in step 25, ID data acquisition and ID data authentication of the system management apparatus are performed from detection of ID data by the control unit (S25 to S28).

  Next, identifier authentication in steps S4-1 to S4-5 and identity authentication in steps S4-6 to S4-10 are the same as those in the embodiment shown in FIG. 13, and therefore the description of FIG. 13 is commonly used.

  Next, when authenticated in S4-10, the door of the shared gate 7a is unlocked by the external device control unit 71 connected to the control device 62 of the control unit 9a-4 (S32), and the employee A It is possible to enter the tenant 50A, and the office time is recorded in the attendance / exit management table 137 of the storage unit 80 (S29), and the process ends in step S30.

FIG. 19 is a flowchart showing the operation of the control units 9c and 9d that manage the equipment 8 such as a valuable storage and a computer, and is set to the security level C.
These control units 9c and 9d are installed for the purpose of unlocking the doors of these storages and logging on to the computer.
Note that the same reference numerals as those in the above-described flowchart have the same effects unless otherwise specified.

  First, the ID data 5 of the ID card 3 is read by the control unit 9 and transferred to the system management apparatus 73 together with the device number 110 to which the control unit 9 is attached (S33-S34).

The system management device 73b confirms whether the ID data 5 and the device number 110 transferred from the control unit 9 are registered in advance in the facility management table 136a of the storage unit 80. If the result is negative (NO), the process returns to the detection of ID data in step S34. If the result is authentication (Yes), the use permission is given, and the process proceeds to the next step of identifier data claim step S4-1. The authentication of the identifier and the identity authentication are performed in S4-1 to S4-10, and when these authentications are completed, the usage history such as login / unlocking is stored in the contents 111 such as the usage time of the equipment management table 136a of the storage unit 80. It is recorded (S37), door unlocking / logon permission is made (S39), and a series of processing ends (S38).

  As apparent from the flowcharts of FIGS. 13 to 16, the building A until the employee A of the tenant 50A enters the entrance 49 and moves from the shared gate 7a to the section of the tenant 50A via the entrance / exit section 6-1. The entire building is managed by being managed by the system management device 73a of the management unit 45 and managed by the system management device 73b in the tenant 50A in the tenant section.

In addition, inside a tenant building, leaving and leaving management, permission to use equipment, and permission to log on to a computer can be performed with a single ID card, and the observation unit and the encoding method for observing this ID card are different. Therefore, for example, when a new device is purchased and the control unit 9 is attached, the specification of the existing device is not constrained.
This includes, for example, programs such as an access management right for managing the access right of the IC card, a user authentication for confirming the validity of the accessing user, and an external authentication function for confirming the validity of the accessing device and software. Compared to the fact that authenticity cannot be authenticated without using, it brings great convenience and economic effect.

As is apparent from the present embodiment, by using the ID card 3 provided with the non-contact IC of the present embodiment in the ID providing section, the security level B uses the ID of the ID providing section 2 to generate a large number of people. It is possible to improve the safety of the entrance / exit management system by security level C for authenticating the identifier 1 of the ID card 3 in situations where there are few people such as holidays and during warning, such as holidays. is there.
Furthermore, it is possible to maximize the safety of the entrance / exit management system by performing identity authentication as necessary.

The authenticity in the ID card of the present invention is that each identifier associated with the ID data 5 is provided with an identifier 1 having a unique feature, and physical characteristics (color, shape feature point position data, Authenticity is determined based on the distribution data of the magnetic material, etc.), and the authenticity of the ID card 3 having the ID data 5 is proved.
This means that the monitoring unit for verifying the authenticity of the ID card and the encoding method for encoding the analysis data can be freely determined by the individual tenant administrator as required. To do.

  Therefore, for example, when the building management unit 45 distributes the ID card to all persons entering or leaving the tenant building, the tenant who has received the distribution can construct an authentication system using the ID card identifier as necessary. In addition, since each tenant can independently construct a system for managing employee attendance, the management independence of each tenant can be provided.

  In addition, when the ID card 3 having the unique identifier 1 and the ID data 5 specifying the identifier 1 is used in the entire tenant building 42, the authenticity determination system for an identifier of a certain tenant is used. Even if analyzed, it has security independence that it does not affect the entrance / exit management system of other tenants or the building management department.

  Since the ID card identifier 1 of the present invention does not record any programs necessary for access management rights, user authentication, external authentication, etc., the ID card is physically attacked or logically stolen in the event of theft or loss. There is a very good characteristic that even if exposed to an attack, there is no influence on the authentication system.

  As for the method of generating the identifier code data (encrypted data) of the present invention, extraction of graphic data has been described as an example, but it is also possible to use an encoding method that does not process the analysis data. Needless to say.

  Needless to say, when data is exchanged between the control unit and the system management device, the data can be encrypted by a known public key encryption system or the like.

  It should be noted that the order in which the steps described in this embodiment are performed is for illustrative purposes only, and the steps in each process can be performed in any order or in parallel.

  Although the present invention has been specifically described above based on the embodiments, it is needless to say that the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the invention. Absent.

  Since the present invention can share the ID data of the same ID card in a plurality of management systems, the management of sections such as tenants and departments and the wide area management including a plurality of these sections are performed simultaneously. It is possible to construct an entrance / exit management system that has an unprecedented effect that the management system can construct an original authentication system, and its industrial applicability is very high.

It is a top view which shows an example of ID card 3 (authenticated material). It is a figure which shows an example of an identifier, Comprising: (A) is a top view, (B) is a side view. It is a perspective view for demonstrating the identifier shown in FIG. It is an enlarged view of the end point n1 of the analyzed object 4-1. It is a block diagram for demonstrating an example of a structure of a control unit. It is a block diagram for demonstrating an example of a structure of a system management apparatus. It is a block diagram for demonstrating an example of the authenticity determination system of an identifier. It is a conceptual diagram for demonstrating an example which applied the entrance / exit management system to the tenant building. It is a conceptual diagram for demonstrating an example of the relationship between a wide area management system and an area management system in an entrance / exit management system. It is a block diagram for demonstrating an example of a structure of the system management apparatus 73 and the control unit 9 in an entrance / exit management system. It is a block diagram for demonstrating an example of the database memorize | stored in the memory | storage part of the building management part. It is a block diagram for demonstrating an example of the database memorize | stored in the memory | storage part of the tenant 50a. It is a flowchart for demonstrating the authentication system of the security level B in a shared part. It is the first half of the flowchart for demonstrating the authentication system of the security level C in a shared part. It is the latter half of the flowchart for demonstrating the authentication system of the security level C in a shared part. It is a flowchart for demonstrating the authentication system of ID card holder action authentication. It is a flowchart for demonstrating the authentication system of the security level B at the time of entering a tenant. It is a flowchart for demonstrating the authentication system of the security level C at the time of entering a tenant. It is a flowchart for demonstrating operation | movement of the control unit which manages storage, a computer, etc. FIG.

Explanation of symbols

1: Identifier (analog chip)
2: ID providing unit 3: ID card 4: Analyte 5: ID data (T)
6: Entrance / exit parts 7a, 7b: Shared gates 8a-8d: Equipment 9a, 9b: Control unit 12: Encoding method Symbol (a)
13: Observation means symbol (A)
15: Analysis data (Ka)
16: Code data (F)
17: Dummy data (f)
19: Reference data (Ta)
20: Determination result (G)
21: Status data (S)
22: Name 24: E-mail address 25: Gate list 26: Expiration date 29: Personal information 30: Personal identification number 31: Physical feature 38: Telephone number 40: Positioning unit 42: Tenant building 44: Wall 45: Building management unit 46 : Management room 47: Passage 49: Entrance 50A, 50B: Tenant 52a-52c: Private room 53: Employee A
60: ID input unit 61: Observation unit 62: Control device 64: Identity information input unit 65: Terminal control unit 66: Terminal input unit 67: Display unit 68: Storage unit 69: Input control unit 70: Output control unit 71: External Device control unit 73: System management device 74: Control unit 75: Input control unit 76: Output control unit 80: Storage unit 82: Input unit 83: Display unit 92: Dummy data generation unit 94: Code data group 95: Code verification unit 101: Communication line 108: Check flag 109: Admission time 110: Device number 111: Contents such as usage time 112: Permit list 113: Whereabouts 114: Time to leave 115: Leave time 116: Date 117: Elapsed time 118: Security level 121 : Entrance / exit management table 122: Identity authentication table 125: Reference data table 126: Correction value table 127: Change form 128: Rug table 129: overtime list 132: level table 135: tenant management table 136: facilities management table 137: out leaving management table

Claims (10)

  An entrance / exit management system comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card,
  The ID card is
  An identifier in which the analyte is distributed in three dimensions and has a physically unique pattern;
  An ID providing unit having ID data (T) for specifying the ID card itself;
  The control unit is
  An ID input unit for reading the ID data (T);
  An observation unit for observing the identifier to obtain identifier data;
  An output control unit that outputs the ID data (T) and the data of the identifier to a communication line;
  The system management device includes:
  A storage unit storing a plurality of reference data (Ta) of the identifier with respect to the ID data (T);
  When the ID data (T) and the identifier data are transmitted from the control unit, one of the plurality of reference data (Ta) corresponding to the ID data stored in the storage unit ( And a determination means for determining the authenticity of the ID card based on the transmitted identifier data.   An entrance / exit management system comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card,
  The ID card is
  An identifier in which the analyte is distributed in three dimensions and has a physically unique pattern;
  An ID providing unit having ID data (T) for specifying the ID card itself;
  The control unit is
  An ID input unit for reading the ID data (T);
  An observation unit for observing the identifier to obtain identifier data;
  An output means for outputting an observation means symbol (A) for specifying an observation method when the identifier is observed;
  An output control unit that outputs the ID data (T), the identifier data, and the observation means symbol (A) to a communication line;
  The system management device includes:
  A plurality of observation means symbols (A) for each ID data (T), and a storage unit capable of storing reference data (Ta) of the identifier corresponding to each observation means symbol (A);
  When the identifier data, the ID data (T), and the observation means symbol (A) are transmitted from the control unit, the reference data corresponding to the ID data (T) and the observation means symbol (A) are transmitted. A control unit that reads (Ta) from the storage unit,
  The entrance / exit management characterized in that the control unit of the system management device includes a determination unit that determines the authenticity of the ID card based on the identifier data sent from the control unit and the reference data (Ta). system.     An entrance / exit management system comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card,
  The ID card is
  An identifier in which the analyte is distributed in three dimensions and has a physically unique pattern;
  An ID providing unit having ID data (T) for specifying the ID card itself;
  The control unit is
  An ID input unit for reading ID data (T) of the ID providing unit;
  An observation unit for observing the identifier;
  A terminal control unit that encodes the identifier data obtained from the observation unit and outputs code data (F);
  Output means for outputting an encoding method symbol (a) for specifying an encoding method when the encoded data (F) is encoded;
  An output control unit that outputs the ID data (T), the code data (F), and the encoding method symbol (a);
  The system management device includes:
  A storage unit that stores reference data (Ta) of the identifier corresponding to the ID data (T);
  A control unit for generating dummy data (f) from the reference data (Ta) by the encoding method symbol (a);
  When the control unit of the system management apparatus receives the ID data (T), code data (F), and encoding method symbol (a) from the control unit, the ID data (T) is transmitted from the storage unit. And the dummy data (f) is generated from the reference data (Ta) by the encoding method specified by the encoding method symbol (a). An entry / exit management system comprising: a determination unit that determines the authenticity of the ID card by comparing the code data (F) transmitted from the control unit.   An entrance / exit management system comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card,
  The ID card is
  An identifier in which the analyte is distributed in three dimensions and has a physically unique pattern;
  An ID providing unit having ID data (T) for specifying the ID card itself,
  The control unit is
  An ID input unit for reading the ID data (T);
  An observation unit that observes the identifier and obtains identifier analysis data (Ka);
  Encoding means for encoding the analysis data (Ka) to obtain code data (F);
  An output means for outputting an observation means symbol (A) for specifying an observation method when the identifier is observed;
  The system management device includes:
  A plurality of observation means symbols (A) for each ID data (T), and a storage unit capable of storing reference data (Ta) of the identifier corresponding to each observation means symbol (A);
  When the ID data (T), the code data (F), and the observation means symbol (A) are transmitted from the control unit, the ID data (T) and the observation means symbol (A) are transmitted from the storage unit. And a control unit that reads the reference data (Ta) corresponding to
  The control unit obtaining ID data (T) from the ID card;
  The control unit obtains code data (F);
  The control unit transmitting ID data (T), observation means symbol (A), code data (F) to the system management device;
  The system management device receiving data from the control unit;
  The control unit of the system management device calls the reference data (Ta) corresponding to the ID data (T) and the observation means symbol (A) transmitted from the control unit from the storage unit;
  The control unit of the system management device performs authenticity determination of the ID card by comparing the reference data (Ta) and the code data (F);
  The control unit of the system management device transmits the result of the authenticity determination of the ID card to the control unit by the output control unit;
  An entrance / exit management system characterized by comprising:   An entrance / exit management system comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card,
  The ID card is
  An identifier in which the analyte is distributed in three dimensions and has a physically unique pattern;
  An ID providing unit having ID data (T) for specifying the ID card itself,
  The control unit is
  An ID input unit for reading ID data (T) of the ID providing unit;
  An observation unit for observing the identifier;
  An output means for encoding the data of the identifier obtained from the observation unit and outputting the code data (F);
  Output means for outputting an encoding method symbol (a) for specifying an encoding method when the encoded data (F) is encoded;
  An output control unit that outputs the ID data (T), the code data (F), and the encoding method symbol (a) to a communication line;
  The system management device includes:
  A storage unit for storing reference data (Ta) of the identifier corresponding to ID data (T);
  The control unit obtains ID data (T) from the ID card and analysis data (Ka) from the identifier by an observation unit;
  The control unit obtains code data (F) from the analysis data (Ka);
  The control unit transmitting the ID data (T), the encoding method symbol (a), and the code data (F) to a system management device;
  When the control unit of the system management apparatus transmits the ID data (T) and the code data (F) from the control unit, reference data corresponding to the ID data (T) is transmitted from the storage unit. Reading out (Ta);
  The controller of the system management device generates dummy data (f) from reference data (Ta) by an encoding method specified by the encoding method symbol (a) transmitted from the control unit;
  A step of authenticating, wherein the control unit of the system management device compares the dummy data (f) with the code data (F) to determine the authenticity of the ID card;
  The control unit of the system management device transmits the result of the authenticity determination of the ID card to the control unit by the output control unit;
  An entrance / exit management system characterized by comprising:   An entrance / exit management system comprising an ID card to be authenticated, a control unit for reading information of the ID card, and a system management device having a determination means for determining the authenticity of the ID card,
  The ID card is
  An identifier in which the analyte is distributed in three dimensions and has a physically unique pattern;
  An ID providing unit having ID data (T) for specifying the ID card itself,
  The control unit is
  An ID input unit for reading ID data (T) of the ID providing unit;
  An observation unit for observing the identifier;
  An output means for outputting an observation means symbol (A) for specifying an observation method when the identifier is observed;
  An output means for encoding the data of the identifier obtained from the observation unit and outputting the code data (F);
  Output means for outputting an encoding method symbol (a) for specifying an encoding method when the encoded data (F) is encoded;
  An output control unit that outputs the ID data (T), the code data (F), the encoding method symbol (a), and the observation means symbol (A) to a communication line;
  The system management device includes:
  A plurality of observation means symbols (A) for each ID data (T), and a storage unit capable of storing reference data (Ta) of the identifier corresponding to each of the observation means symbols (A),
  The control unit obtaining ID data (T) from the ID card;
  The control unit obtains code data (F) from the identifier;
  The control unit transmitting the ID data (T), the encoding method symbol (a), the code data (F), and the observation means symbol (A) to a system management device;
  When the control unit of the system management apparatus receives the identifier data, the ID data (T), and the observation means symbol (A) from the control unit, the ID data (T) is transmitted from the storage unit. Reading the reference data (Ta) corresponding to the observation means symbol (A),
  The controller of the system management device generates dummy data (f) from the reference data (Ta) by the encoding method specified by the encoding method symbol (a);
  A step of authenticating, wherein the control unit of the system management device compares the dummy data (f) with the code data (F) to determine the authenticity of the ID card;
  The control unit of the system management device transmits the result of the authenticity determination of the ID card to the control unit by the output control unit;
  An entrance / exit management system characterized by comprising:   In the entrance / exit management system in any one of Claims 1 thru | or 6,
  The identifier observed by the observation unit of the control unit is three-dimensionally distributed and an identifier having a physically unique pattern;
  An ID card comprising an ID providing unit having ID data read by an ID input unit of the control unit.   In the entrance / exit management system in any one of Claims 1 thru | or 6,
  The identifier observed by the observation unit of the control unit is three-dimensionally distributed and an identifier having a physically unique pattern;
  A reference point serving as a reference for the position of the object to be analyzed in a three-dimensional space;
  An ID card comprising: an ID providing unit having ID data read by an ID input unit of the control unit.   In the entrance / exit management system in any one of Claims 1 thru | or 6,
  An ID input unit for reading ID data (T) of the ID card;
  An observation unit that obtains identifier data by observing the identifier having a unique pattern physically distributed in a three-dimensional distribution of an object provided on the ID card;
  The control unit comprising: an output control unit capable of outputting the ID data (T) and the identifier data to a communication line.   In the entrance / exit management system in any one of Claims 1 thru | or 6,
  A storage unit that stores reference data (Ta) of the identifier corresponding to the ID data (T);
  A controller that reads reference data (Ta) corresponding to the ID data (T) when the identifier data and the ID data (T) are transmitted from the control unit;
  The system management characterized in that the control unit of the system management device includes a determination unit that determines the authenticity of the ID card based on the identifier data and the reference data (Ta) sent from the control unit. apparatus.