JP2017061776A - Room locking management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a security system capable of controlling the operation of an electric lock provided to a confidential block storing information equipment or confidential materials therein, for example at an open/close portion such as a rack in a data center, capable of managing entering and exiting the room in which a confidential block is disposed and accessing to the confidential block and capable of controlling locking and unlocking, in which the confidential block is constantly locked excepting the time when necessary for preventing unlocked state.SOLUTION: The security system includes: individual authentication devices 20 and 30 which are disposed inside and outside a door 10 with an electric lock 11 of a room 1; an electric lock 51 that locks the door of a confidential block 50; and a locking management unit 40 capable of locking and unlocking the door of the confidential block. The security system records entering and exiting the room where a confidential block is disposed, and locking and unlocking operation made on the locking management unit by a user, and prohibits the user from exiting the room until the confidential block is locked.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a room lock management technique.

  In order to ensure information security, rooms that contain information devices and confidential materials, such as racks in data centers, can only be locked and unlocked by authorized personnel. There is a need for a security system that is locked and inaccessible to a room other than a designated user.

However, it is common for a person to lock and unlock the room, and human error such as forgetting to lock the room may occur. If you forget to lock the room, the risk of unauthorized access by those who do not have access privileges increases.
In addition, it is necessary to establish an operation system for key management that locks the room. For example, in the case of a data center, it is necessary to secure personnel for managing keys 24 hours a day, 365 days a year.

  There is an example of building a system that monitors the locking / unlocking status of the room with the system, but from the information on the locking / unlocking status of the storage shelf only, it is forgotten that it is unlocked because the room is used It is difficult to systematically determine whether or not it is unlocked.

  In addition, conventionally, it is considered that the system for managing entry / exit to / from the room and the system for locking / unlocking the room are interlocked to manage the entry / exit to the room and the locked / unlocked state of the confidential area consistently. Not.

JP 2014-197328

  In the prior art, it is difficult to monitor the lock / unlock state of the secret zone in association with the usage status of the secret zone, and it is a problem that the forgetting to lock the secret zone cannot be prevented.

  The present invention detects a forgotten lock in the prior art that could not prevent forgetting to lock a confidential area, and forgets to lock the confidential area by a security system that forces the user who unlocked the confidential area to lock. It is intended to provide a locking / unlocking method that can prevent the above.

  The first personal authentication device, which is installed outside the room with the electric lock and confirms the user's authority to enter the room, and lock management of the confidential area with the electric lock in the room, When the lock request is received, information indicating whether or not the user is determined to have the right to enter by the personal authentication device installed outside the room is received from the first personal authentication device, and the user has the right to enter the room. If there is an access authority for the confidential section requested to unlock, the lock management device that unlocks the electric lock of the confidential section, and when the user requests to unlock the electric lock of the room, the user It is confirmed whether or not the electric lock of the unlocked confidential area is locked, and if the user does not lock the electric lock of the confidential area, the electric lock of the room is installed inside the room not unlocked. Second personal identification The above object is achieved by a locking management system comprising a device. More detailed means will be disclosed in the examples.

  It is possible to prevent forgetting to lock a confidential section installed in a room where security needs to be maintained and to prevent unauthorized unlocking of the confidential section.

Example of system configuration diagram in the embodiment Example of database configuration diagram in the embodiment Example of computer room layout in the embodiment Operation terminal perspective view in the embodiment Example of flowchart from entering to leaving the room in the embodiment An example of a flowchart showing processing from unlocking to locking of the confidential section in the embodiment

  In this embodiment, a room in which information equipment and confidential materials are stored, for example, an electric lock provided in an opening / closing part of a rack or the like in a data center, is operated to enter and exit a room where a confidential section is installed and The present invention relates to a security system capable of managing access to a partition.

  The present invention will be described with reference to the drawings.

  FIG. 1 shows an example of the overall configuration of the security system in the embodiment. This security system is attached to the personal authentication device 20 provided outside the room, the personal authentication device 30 provided inside the room, and the opening / closing part of the confidential section 50, for example, the door of the rack. An electric lock that can be locked and a lock management device 40 that can lock and unlock the electric lock. The secret section may be a box-like shape for storing a rack storing computers, or a room with a door.

  The entrance 10 of the room is always locked. The personal authentication device 20 acquires the user ID 61, collates the user ID with the user ID 63a permitted to enter the room, and unlocks the electric lock if entry into the room is permitted. Let When leaving the room, the electric lock on the door is unlocked after confirmation by the personal authentication device 30.

  A plurality of classified sections 50 are installed in the room, and each classified section 50 is assigned a unique identifier, for example, a classified section ID, and the classified section ID corresponds to one classified section 50. Shall.

  In addition, the lock management device 40 of the security system is installed in the room, and the lock management device 40 can perform the operation of locking and unlocking the electric lock for each confidential section 50. In order to ensure the authenticity and responsibility tracking of the electric lock locking / unlocking operation by the locking management device 40, there is no record that the user has performed personal authentication with the personal authentication device 20 provided at the entrance 10 of the room. It is assumed that the lock management device 40 cannot be used. There may be a plurality of lock management devices 40 in the room, and the lock management device 40 is installed according to the size of the room and the number of confidential sections 50.

  FIG. 2 shows the structure of the security system database. In the database, three types of data, ie, a user ID 61, a room ID 62, and a confidential section ID 63 are stored.

  The user ID 61 is an ID assigned to all users who access the confidential section 50. Corresponding to each user ID 61, each user's entry flag 61a and confidential section unlock flag 61b are recorded. The entry flag 61a is data that records whether the user is in or not in the room as a flag. The confidential section unlock flag 61b is data for recording the secret section ID 63 that is unlocked if the user has unlocked the secret section 50 or has not unlocked it.

  The room ID 62 is an ID assigned to the room where the confidential section 50 is installed. For each room ID, an ID 62a of a user permitted to enter the room is stored. When a user tries to enter a room, the security system collates the user ID 61 acquired from the authentication device with the user ID 61a that can be entered, and performs processing according to the case.

  The confidential section ID is an ID assigned to the confidential section 63. For each confidential section ID, an ID 63a of a user who is permitted to unlock the confidential section is stored. When the user tries to unlock the confidential section, the security system compares the user ID 61 acquired from the lock management device 40 with the ID 63a of the user who is permitted to unlock the corresponding confidential section, It is assumed that processing according to circumstances is performed.

  In this embodiment, in order to increase security, a database is installed so as to access a place away from the computer room via a network, but if incorporated in the lock management device 40, access from the outside can be blocked.

  FIG. 3 is a diagram showing an example of the layout of the confidential section 50, the lock management device 40, and the personal authentication devices 30 and 20 installed in the computer room 1.

  FIG. 4 is a perspective view of the locking management device 40 in the embodiment. The lock management device 40 includes an authentication unit 42 for confirming the identity of the user, an operation unit 43 that receives an operation from the user, and a display unit 44 that displays the operation status of the security system to the user. The The perspective view is an example of the operation terminal and may be any terminal that satisfies the above-described configuration, and may be, for example, a desktop personal computer connected to the security system.

  The security system of the present invention restricts the actions of users in confidential areas where confidentiality is required based on the authentication information at the personal authentication devices provided at each location, and prevents unauthorized actions and forgetting to lock It is possible to do. Below, the flowchart of the process of the security system in each operation | movement is demonstrated.

  6 is an example of a flowchart from entering the room to leaving the room in the embodiment in FIG.

  Step 100: The user performs personal authentication using a personal authentication device 20 provided outside the room, such as an ID card reader or a biometric authentication device, and obtains the user's ID.

  Step 101: The personal authentication device 20 collates the read user ID with the user ID permitted to enter the room recorded in the database, and confirms whether the user has the right to enter the room. . If the user has authority to enter the room, the process proceeds to the next step. On the other hand, if the user does not have the authority to enter the room, an error is displayed on the display unit of the personal authentication device, and the process is interrupted.

  Step 102: The electric lock of the door 10 is unlocked, and the user's entry flag 61a recorded in the database 60 is set.

  Step 103: The user performs personal authentication using a personal authentication device 30 provided inside the room, such as an ID card reader or a biometric authentication device.

  Step 104: The system checks the user's entry flag 61a. When the entrance flag 61a is set, the process proceeds to the next step. If there is no entry flag 61a, the user is regarded as an unauthorized intruder, an error is displayed on the display unit of the personal authentication device, and the process is interrupted.

  Step 105: The system checks the unlock flag 61b of the user's confidential section 50. When the unlock flag 61b of the confidential section 50 is not set, the process proceeds to the next step. When the unlock flag 61b of the confidential section 50 is set, it is considered that the user has forgotten to lock the confidential section 50, and an error is displayed.

Step 106: The electric lock of the door 10 is unlocked, and the user's entry flag 61a is turned off.
FIG. 6 is an example of a flowchart illustrating processing from unlocking to locking of the confidential section in the embodiment.

Step 200: The user inputs the secret zone ID of the secret zone 50 to be unlocked to the system from the input unit 43 of the lock management device 40 installed in the room.
Step 201: The user performs personal authentication using an authentication unit 42 provided in the lock management device 40, such as an ID card reader or a biometric authentication device, and obtains the user's ID.

  Step 202: The authentication unit 42 confirms the presence / absence of the user's entry flag 61a. When the user's entry flag 61a is set, the process proceeds to the next step. If there is no user entry flag 61a, the user operating the lock management device 40 is regarded as an unauthorized intruder, and an error is displayed on the lock management device 40.

  Step 203: The system makes an inquiry to the database 60 to check whether the user has the access authority for the confidential section 50. When the user has the authority to unlock the designated confidential section 50, the process proceeds to the next step. If the user does not have the authority to unlock the designated confidential section 50, an error is displayed on the lock management device 40.

  Step 204: The user's confidential zone unlock flag 61b is set and the electric lock of the secret zone 50 is unlocked.

  Step 205: The user inputs the secret zone ID of the secret zone 50 to be unlocked from the operation unit 43 of the lock management device 40 installed in the room.

  Step 206: The user performs personal authentication using an authentication unit 42 provided in the lock management device 40, such as an ID card reader or a biometric authentication device.

  Step 207: The system confirms the unlocked state of the confidential section 50 having the designated confidential section ID. When unlocked, the process proceeds to the next step. If unlocked, an error is displayed.

  Step 208: The system confirms the open / close state of the confidential section 50 of the designated confidential section ID. When the confidential section 50 is closed, the process proceeds to the next step. If the confidential section 50 is empty, an error is displayed.

  Step 209: The system compares the user ID that unlocks the confidential section 50 of the designated confidential section ID with the ID of the user who is trying to lock, and if they match, the system proceeds to the next step. If they do not match, an error is displayed on the lock management device 40.

  Step 210: The system locks the electric lock of the confidential section 50 and deletes the user's confidential section unlock flag 61b. If the electric lock cannot be locked due to the secret section 50 being open, an error is displayed on the lock management device 40.

  In step 204, after the unlocking operation of the designated secret section 50 is performed from the lock management device 40, if the door of the secret section 50 cannot be opened, it automatically automatically after a certain time (for example, 10 minutes) has elapsed. It may be locked and the unlock flag may be turned off.

  In step 204, when the unlocking operation of the confidential section 50 is performed from the locking management device 40, it may be reported to the administrator set in advance by e-mail or the like that the unlocking operation has been performed.

DESCRIPTION OF SYMBOLS 1 ... Room, 10 ... Door 20 ... Personal authentication apparatus, 30 ... Personal authentication apparatus, 40 ... Locking management apparatus, 41 ... Processing part, 42 ... Authentication part, 43 ... Operation part, 50 ... Confidential section, 51 ... Electric lock, 60 ... Database

Claims (3)

A first personal authentication device installed outside the room with an electric lock and confirming the user's authority to enter the room;
When the lock control of the confidential section with the electric lock in the room is performed and the request for unlocking the secret section is received from the user, the user has the right to enter the room with the personal authentication device installed outside the room. Locking that unlocks the electric lock in the confidential area if information indicating whether or not it is judged is received from the first personal authentication device, and the user has the authority to enter the room and has the access authority to the confidential area requested to be unlocked A management device;
When there is a request for unlocking the electric lock in the room from the user, it is confirmed whether or not the electric lock in the confidential section unlocked by the user is locked, and the user locks the electric lock in the confidential section. If not, a locking management system comprising a second personal authentication device installed inside the room where the electric lock of the room is not unlocked. In the locking management system according to claim 1,
The lock management system according to claim 1, wherein the lock management device locks the electric lock in the confidential section if the confidential section is not accessed for a predetermined time after unlocking the electric lock in the secret section. In the locking management system according to claim 2,
When the electric lock in the confidential area is unlocked, the locking management device sends an email indicating that the electric lock in the confidential area is unlocked to a predetermined address. .

Images