JP4532961B2 - Access control system - Google Patents

Description

  The present invention relates to an entry / exit management system that manages movement of a person or an article between areas using data of an ID card or biometric information.

  Conventionally, in order to regulate movement between areas in a building or a group of buildings, individual authentication or article authentication is performed using ID metrics such as employee ID cards or biometric information such as fingerprints, and has a legitimate authority. An access control system has been put into practical use in which only things can move between areas.

For example, in Japanese Patent Laid-Open No. 5-79231, a plurality of gate devices installed in partitions between areas and a centralized management device are connected via a network, and based on ID card data input from the gate device, the card holder's An access management system for managing access to each area is disclosed.
In such a conventional access control system, the ID card data input from the gate device is transmitted to the central control device. Whether the transmitted ID card data is pre-registered, or whether the owner's passage is permitted or not, depending on whether or not the ID card holder's passage history is valid from the gate device installation location Was judged.

  Here, the determination as to whether or not the traffic history is valid is made with reference to the area correspondence table of the gate device registered in advance in the central management device. The area correspondence table is a table in which an area where each gate device is installed and an area that can be directly moved from the area are registered. When the central management device receives the ID card data, it identifies the gate device that transmitted the ID card data, and stores the location information of the ID card holder as travel history information as needed. Whether the traffic history is valid or not is determined as valid if the area where the gate device that transmitted the ID card data is not inconsistent with the traffic history information. Judgment of traffic.

In addition, if it is determined that the traffic is illegal, illegal activities involving simultaneous passage of multiple people through the same gate device using a single ID card have been performed. Do not allow further traffic. In this way, if you pass on someone else's card operation without operating your own ID card, you will not be able to accurately record the user's behavior management. A penalty for setting the ID card to a use-prohibited state is imposed. As a result, the high-security illegal traffic test was conducted.

JP-A-5-79231

In order to ensure security, the ID field that has been disabled in the conventional access control system cannot be easily restored by the owner of the ID card. Recovery work will be done.
In other words, the cardholder whose ID card has been disabled is requested to restore the use-prohibited state to the administrator by using a telephone, etc. Restore to a usable state.

The administrator identifies an ID card that is prohibited from use based on communication from the card holder, and restores the use prohibited state. At this time, the location area of the ID card holder stored in the centralized management device is an area before the illegal passing, and therefore does not match the area where the card holder is actually located. If the operation is resumed with the areas being inconsistent in this way, the next time the ID card is used, unauthorized traffic will again occur. For this reason, at the time of recovery, the administrator needs to ask the cardholder about the current location, identify the corresponding area, and write the area code of the area in the location area.
However, buildings and the like where the access control system is used have tens to hundreds of areas. Therefore, in order to specify the area where the manager is actually based on the contact from the card holder, one is specified from several hundred area codes, which is a very complicated operation.

  On the other hand, in order to avoid the complexity of updating the location area, it is conceivable to set the location area to neutral (initial value). However, in this case, traffic restriction is not performed for the next use of the ID card, which causes inconvenience in terms of security after recovery.

  The present invention has been made to solve the above problems, and an object of the present invention is to provide an access management system that simplifies the recovery work of an administrator while maintaining security.

An access control system according to the present invention that achieves the above object is provided at a boundary of each area, and is provided corresponding to the traffic control unit that regulates movement between areas, and is assigned to the user. An input unit for inputting a personal ID, an input unit information storage unit for storing, for each input unit, destination area information indicating a destination area that is restricted by the passage restriction unit, and an area where the user is located The location information storage unit for storing the location area information indicating and whether or not the personal ID input to the input unit is allowed to pass, and when the passage is permitted, the passage restriction unit is controlled to release and When the location area information in the location information storage unit is updated with the movement destination area information of the input unit and traffic is not permitted, the personal ID is set to a use-prohibited state without releasing the traffic control unit. And control unit, at least the passage of the history information storage unit for storing input histories of personal ID to the input unit from when disallowed recovery operation section for recovering personal ID Unusable And when the personal ID to be restored is input by the restoration operation unit, the control unit restores the use-prohibited state of the personal ID and stores the location area information in the location information storage unit. The area information specified by the input history of the personal ID is updated.

In the access control system, the input unit information storage unit further stores affiliation area information indicating an affiliation area where the input unit exists, and the control unit stores the location area information in the location information storage unit, It is preferable to update with the belonging area information of the input unit when the passage is not permitted.
Further, the input unit information storage unit further stores belonging area information indicating an belonging area where the input unit exists, and the control unit uses the location area information in the location information storage unit for personal use of a recovery target. You may make it update with the affiliation area information of the input part in which ID was input last.

In the access control system, the control unit does not restore the use prohibition state when the area information specified by the input history and the area information of the input unit when the passage is prohibited have a predetermined relationship. It is preferable to do so.
The predetermined relationship is preferably a relationship in which an area interval between the area information specified by the input history and the affiliation area information of the input unit when the passage is not permitted is greater than or equal to a predetermined value.

Furthermore, in the above-mentioned entrance and exit management system, further comprising an important area storage unit for storing the set area information as an important area,
The control unit preferably updates the location area information with the area information when the area information specified by the input history is the important area, and clears the location area information when the area information is not the important area. It is.

  Further, in the access control system, the control unit checks the belonging area information of the input unit to which the personal ID is input and the location area information of the personal ID, and permits the passage if they match, If they do not match, it is preferable not to allow traffic.

  According to the present invention, the recovery operation of the administrator is reduced while facilitating the operation of the system after the recovery because the use prohibition state of the ID is restored and the location area is updated only by inputting the recovery target ID. can do.

  DESCRIPTION OF EMBODIMENTS Hereinafter, an access management system of the present invention will be described with reference to the accompanying drawings in an embodiment applied to an access management system using an ID card.

1 and 2 are diagrams showing a configuration of an access control system according to an embodiment of the present invention. As shown in the figure, the area managed by the access management system is divided into an area A, which is an external area, and areas B to J corresponding to the rooms in the management area. The card reader 200 and the door 600 with an electric lock manage the movement of the user between areas. This area division is arbitrarily determined by the user so as to be easy to use in the management area where the present system is introduced, and is not limited to the present embodiment.

At the boundary of each area, doors D1 to D9 with electric locks, which are partitions for restricting movement between the areas, and card readers CR11 to CR1 that read identification codes (ID) of ID cards held by users who enter and exit the management area. CR92 is installed.
Specifically, corresponding to the door D1 with an electric lock that is a partition between the area A and the area B, it corresponds to the door D2 with an electric lock that is a partition between the card reader CR11 and the card reader CR12 and the area B and the area C. Card reader CR21 and card reader CR22, one door with electric lock and two card readers like card reader CR31 and CR32,... Corresponding to door D3 with electric lock which is a partition between area C and area D. Are installed as a set.
Here, the doors D1 to D9 with electric locks are normally maintained in a locked state, and are unlocked for a predetermined time when receiving an unlock signal from the card reader. As a result, the user cannot move between areas without reading the identification code (ID) stored in the ID card possessed by the card readers CR11 to CR92.

Next, the card reader 200 will be described in detail with reference to FIG.
The force reader 200 is a control unit 210 such as a microcomputer, an address code for identifying each of the card readers CR11 to CR92, a processing program, various parameters, data, and the like. Communication interface 230 for communication, reading unit 240 for reading an ID code (identification code) stored in the ID card from the ID card, and locking / unlocking the electric lock of door 600 with electric lock An electric lock control unit 250 to be controlled, a liquid crystal monitor, a display unit 260 composed of LEDs and the like, and a power source unit (not shown) for supplying power to each unit.
The ID force may be any of a magnetic force, an IC force, a wireless force (transmitter), etc., but is preferably a non-contact force force for system use. Further, the reading unit 240 may read biometric information such as a personal fingerprint, palm print, and voice print instead of the ID field, and use the read information as an identification code for identifying the individual.

Next, the centralized management apparatus 100 will be described in detail with reference to FIG. The central management apparatus 100 is connected to the card reader 200 via a LAN and centrally manages the entire system.
The centralized management device 100 includes a control unit 110 configured by a CPU, a storage unit 120 configured by a ROM / RAM and the like, and stores processing programs, various parameters, data, and the like, and card readers CR11 to CR92 via a LAN. A communication interface 130 that communicates with each other, an operation unit 140 such as a keyboard / mouse, a display unit 150 including a liquid crystal display, an LED, a speaker, and the like, and a power supply unit (not shown) that supplies power to each unit. Yes.

The storage unit 120 stores card management information, card reader area information, ID location information, operation history information, various processing programs, and the like.
The card management information is information in which the ID code stored in each card is associated with the name of the card user. By using the card management information, the owner of the ID card is identified from the ID code of the ID card.

The card reader area information includes the address code of each card reader, the affiliation area in which the card reader is installed, and the destination area after operating the card reader (the electric lock corresponding to the card reader). This is information that associates in advance the area where traffic is restricted by the door. The card reader area information is basic information for managing the behavior of the ID card holder, and based on the address code of the card reader in which the ID card is operated, the location area at the time of operation and the subsequent movement This is basic information for determining the destination area.
FIG. 5A shows an example of the card reader area information in the present embodiment, corresponding to FIG. The card reader CR11 is given CR11 as an address code. Since the area where the card reader CR11 is installed is the area A, the area A is set as the belonging area. Further, since the area that can be moved when the ID card is operated on the card reader CR11 is the area B, the area B is set as the movement destination area. Similarly, in CR71, the address code is CR71, the affiliation area that is the installed area is area G, and area H is set as the destination area that is movable when the card reader CR71 is operated. Yes. In the same manner, address codes, affiliation areas, and destination areas are set for all card readers.

The ID location information is information in which the moved area is recorded in order to manage the behavior of the owner of the ID card. Specifically, as information indicating a history of movement between areas for each ID code, each time an ID card is read and a passage request is made, the destination area is recorded with reference to the card reader / area information. The destination area is recorded in the location area where the cardholder is currently located. Further, the ID location information stores whether or not the ID code is set in a use-prohibited state. Here, the use prohibition state indicates that when the ID card is operated on the card reader, the area where the read ID code is located does not match the area to which the card reader belongs, and the traffic request is invalid (illegal traffic). When judged, it is set to ON. The holder of the ID card set in the use prohibition state is not permitted to pass even if the card reader operates the ID card to request the pass.
FIG. 5B shows an example of ID location information in the present embodiment. Details of the ID location information will be described later.

The operation history information is information in which the address code of the card reader operated for each ID code is stored in association with the operation time in order to manage the history of the user operating the ID card on the card reader. It also stores whether each operation (traffic request) has been permitted or not permitted, and similarly stores the card operation after the use is prohibited due to unauthorized traffic.
FIG. 5C shows an example of operation history information in the present embodiment. Details of the operation history information will be described later.

FIG. 6 shows an example of a screen displayed on the display unit 150 of the centralized management device 100.
The display unit 150 displays the users set to the use-prohibited state and their information. As shown in the figure, the display contents are the name of the user corresponding to the ID code set in the use prohibition state, the location area based on the ID location information of the ID code, the operation on the window screen of the use prohibition ID list The time (card reader operation time) at which an illegal passage request for entering a use prohibition state based on the history information is displayed. In addition, a recovery icon used when the current time and use prohibition state setting are recovered (OFF) is displayed.

Hereinafter, with reference to FIGS. 1 to 6, an operation example of the access management system of the present embodiment will be described.
Each system user is given one ID card, and the ID code stored in the ID card and the user's name are associated with each other and stored in the central management apparatus. In addition, one or more managers are determined from the users, and an administrator code indicating the manager is stored in the ID card possessed by the manager. The number of managers may be arbitrarily determined depending on the number of system users or the scale of the system (number of areas).
The centralized management apparatus 100 verifies the administrator code at the time of operation so that only a person having administrator authority of the system can operate. In addition, entry into the area where the central management apparatus 100 is installed is also limited so that only the administrator can do it.

When the user operates the ID card when the user moves between areas, the reading unit 240 reads the ID code. Then, the control unit 210 refers to the storage unit 220 and transmits a traffic request signal including its own address code and the read ID code to the centralized management device 100 via the communication interface 230.
The central management apparatus 100 receives a traffic request signal via the communication interface 130. The control unit 110 refers to the storage unit 120 to determine the legitimacy of the passage request, and transmits a passage permission signal or a passage non-permission signal to the card reader 200 via the communication interface 130 according to the determination result.

When the pass permission is determined, the central management apparatus 100 updates the location area of the ID location information in the storage unit 120 with the movement destination area of the card reader in the card reader / area information. Thereby, a user's action management is performed at any time. Further, the address code of the card reader 200, the operation time, and the determination result “permitted” are recorded in the CR operation history of the operation history information.
When the traffic non-permission is determined, the central management apparatus 100 records the address code of the card reader, the operation time, and the determination result “non-permission” in the CR operation history of the operation history information in the storage unit 120. In addition, if it is determined that the traffic is illegal due to the determination of the above-described traffic request, then it is set to a “use prohibited state” in which the traffic request by the ID card is not permitted. Specifically, the use prohibition setting of the ID location information is set to ON (the initial state is OFF). The location area is not updated because traffic is not permitted.

Upon receiving the passage permission signal, the card reader 200 sends an unlock signal to the door 600 with the electric lock via the electric lock control unit 250, and unlocks the electric lock. As described above, the user can move between the areas.
On the other hand, when the card reader 200 receives the traffic non-permission signal, the card reader 200 displays on the display unit 260 that the traffic is unauthorized without unlocking the electric lock, and notifies the user.

Further, the central management device 100 determines that the traffic is not permitted when there is a traffic request from the ID code set in the use-prohibited state. At this time, the address code of the card reader, the operation time, and the determination result “use prohibited state” are recorded in the CR operation history of the operation history information.

Here, the determination of the traffic request in the centralized management apparatus 100 will be described with a specific example.
Now, it is assumed that the ID card holder in which the ID code 04 is recorded moves from the area A and is in the area B. At this time, the location area of the ID code 04 is area B in the ID location information. Here, when moving to the area C next time, the card reader CR21 operates the ID card. In response to the traffic request by this operation, the central management apparatus 100 reads the location area “area B” of the ID code 04 with reference to the ID location information, and also refers to the card reader / area information and belongs to the card reader CR 21. Read area “Area B”. Then, it is determined whether the read location area and the belonging area match. In this case, since “area B” matches, it is determined that the traffic request is valid, and a traffic permission signal is transmitted. At the same time, the movement destination area “area C” of the card reader CR 21 is read and the location area is updated to “area C”. Further, the address code “CR21” of the card reader CR21, the card operation time (08:48), and the pass determination result “permitted” are recorded in the CR operation history of the operation history information.

Next, it is assumed that the user takes a card operation of another user, moves from area C to area D, and subsequently performs a card operation with the card reader CR41 in order to move to area E. At this time, the area where the ID 04 is located is “area C” and does not match the area “area D” to which the card reader CR 41 belongs. Therefore, it is determined that the traffic request is illegal and a traffic non-permission signal is transmitted. At the same time, the use prohibition setting is set to ON for ID04, and thereafter no traffic request from ID04 is accepted. Further, the address code “CR41” of the card reader CR41, the card operation time (14:12), and the result of traffic determination “not permitted” are recorded in the CR operation history of the operation history information.

  Subsequently, it is assumed that while the ID card is in a use-prohibited state, the user operates the card operation of another user, moves from area D to area E, and operates the card with the card reader CR42. At this time, since ID04 is set to the use prohibition state (use prohibition setting “ON”), it is determined that the passage request is invalid, and a passage non-permission signal is transmitted. At the same time, the address code “CR42” of the card reader CR42, the time when the card was operated (16:08), and the result of passage determination “use prohibited state” are recorded in the CR operation history of the operation history information.

  As described above, although the user who has been legitimately operating the ID card and is moving between the areas is permitted to pass, it is illegal to take advantage of other users' ID card operations and move between areas. The following traffic is not permitted for users who have moved between areas. As a result, the user can be prevented from passing illegally, and the behavior management of the user can be accurately performed.

Next, recovery of the ID card set to the use prohibition state will be described.
Since the ID card set to the use prohibition state cannot be used as it is, it is necessary to have the administrator restore it. The use-prohibited ID card holder notifies the administrator having the authority to restore that his / her ID code has been set to a use-prohibited state using a communication means such as a public line, a private extension, or a private PHS. The administrator who has received the notification performs the use prohibition state recovery work in the central management apparatus 100. A list of use prohibition IDs is displayed on the display unit 150 of the centralized management apparatus 100, and a recovery process is performed by selecting a recovery target ID using the operation unit 140 such as a keyboard or a mouse and selecting a recovery icon. To start.

  At this time, the location where the card holder of the recovery target ID is actually located and the location area stored in the ID location information usually do not match. In other words, it is because the use is prohibited by operating the ID card in an area different from the location area. Therefore, the location area is updated with the place where the cardholder actually exists.

  The area for updating the location area is determined based on the CR operation history of the operation history information. The CR operation history stores the address code of the card reader when it is determined that the passage request is not permitted, and the address code of the card reader operated when the use prohibition state is set. The area to which the card reader belongs according to the latest operation history is the area where the cardholder actually exists. Therefore, the location area of the ID code is updated in the area to which the card reader belongs. When the recovery process is performed in this manner, the use prohibition state of the recovery target ID is canceled, and the target person is deleted from the use prohibition ID list of the display unit 150.

Here, the recovery of the use-prohibited state will be described by taking ID04 set to the use-prohibited state in the above specific example as an example.
The user with ID 04 that is in a use-prohibited state currently exists in area E. At this time, as described above, the area where ID 04 is located is “area C”, and the CR operation history is recorded with CR 42 as the final operation card reader.
When the user of ID04 notifies the administrator of a recovery request from area E, the administrator selects the user of ID04 as the recovery target ID and starts the recovery process. When the recovery process is started, the final operation card reader “CR42” is read from the CR operation history. Then, the location area of ID04 is updated in the area “area E” to which the card reader CR42 belongs. Then, the use prohibition setting of ID04 is changed to “OFF”, and a restoration completion signal is transmitted.

In this way, the administrator can restore the prohibited state of the target ID and update the location area to the correct area simply by selecting the recovery target ID, so that the recovery work by the administrator is extremely simple, In addition, security can be maintained in later operations.

  It should be noted that the recovery work by the administrator does not have to be performed by the centralized management apparatus, and the same recovery work can be performed by accessing the centralized management apparatus via a LAN from a personal computer (PC) used by the administrator. Can be realized.

  The area where the location area is updated when the use prohibition state is restored is not the area to which the card reader related to the latest operation history belongs, but the card reader when the use prohibition state is set (the determination result in the CR operation history) May be the affiliation area of the card reader whose ID is “non-permitted”. In this case, the CR operation history may not be recorded after being set to the use-prohibited state. According to this embodiment, when a card holder who has been prohibited from use moves to another user and travels between areas, after the use prohibited state is restored, the first ID card operation again performs fraud. It will be judged as traffic. Therefore, it is possible to make the user strongly aware not to move in a use-prohibited state, to reliably manage the user's behavior, and to improve the security of the system.

  With reference to FIG. 7, processing of the central management apparatus 100 when each card reader operates an ID card will be described.

First, the process of the centralized management apparatus 100 when the ID card holder operates the ID card when the person is moving between areas without illegal traffic will be described.
When the central management device 100 receives the traffic request signal from the card reader 200 via the communication interface 130, the central management device 100 reads the ID code and the address code of the card reader included in the traffic request signal (step 300), and the card in the storage unit 120 Reference is made to management information, card reader / area information, ID location information, and operation history information (step 310).
Next, the ID code registered in the card management information is collated with the read ID code to determine the validity of the read ID code (step 320). As a result of the determination, since there is a matching ID code here, the process proceeds to step 330. If there is no matching ID code, it means that an unregistered ID card is used, and a pass-permission signal is sent to the card reader 200 (step 390), and the process ends.

In step 330, it is determined whether or not use of the ID code is prohibited based on the ID location information. Here, since unauthorized traffic was not made in the previous card operation, use prohibition is not set (OFF), so the process proceeds to the next process. In step 340, the location area of the corresponding ID code in the ID location information is collated with the area to which the card reader belongs in the card reader / area information. If both areas match, it is a legitimate passage request, and the process proceeds to step 350. In step 350, the location area is updated with the destination area of the card reader. At the same time, the location management of the ID location information and the CR operation history of the operation history information may be updated. In this case, the operation time and the result of passage determination “permitted” are recorded in the CR operation history together with the address code of the card reader.
Subsequently, in step 360, a passage permission signal is sent to the card reader, and the process is terminated.

If the ID code location area and the card reader affiliation area do not match at step 340, the use prohibition state is set to ON at step 370 because it is an illegal traffic request. In addition, the operation time and the result of passage determination “not permitted” are recorded in the CR operation history of the operation history information together with the address code of the card reader (step 380).
Subsequently, in step 390, a traffic non-permission signal is sent to the card reader, and the process is terminated.

Next, a description will be given of the processing of the central management apparatus 200 when a user who has made unauthorized traffic through the previous ID card operation operates the ID card.
Steps 300 to 320 are processed in the same manner. In step 330, the ID code is set to be prohibited from use due to unauthorized traffic up to the previous time (ON), so the process proceeds to step 380. In step 380, the operation time and the result of passage determination “use prohibited state” are recorded in the CR operation history of the operation history information together with the address code of the card reader. The “use prohibition state” as a result of this traffic determination is distinguished from the above-mentioned “non-permission” and indicates that an ID card that has already been disabled is operated.
Subsequently, in step 390, a traffic non-permission signal is sent to the card reader, and the process is terminated.

With reference to FIG. 8, a process when the centralized management apparatus 100 restores the use-prohibited ID code will be described.
The administrator performs a recovery operation in response to a recovery request from an ID card holder who has illegally passed. As described above, the use prohibition ID list is displayed on the display unit 150 of the central management apparatus 100. The administrator uses a keyboard, a mouse, or the like to instruct a recovery target person, selects a recovery icon, and starts the recovery process.
When the recovery process is started, the central management apparatus 100 refers to the card management information, card reader / area information, ID location information, and operation history information in the storage unit 120 (step 400). Next, the use prohibition setting of the ID code of the designated recovery target person is turned OFF (step 410).

In step 420, the location area of the corresponding ID code in the ID location information is updated. The area for updating the location area is determined based on the CR operation history in the operation history information. In the CR operation history, the address code of the card reader is stored as the operation history, and attention is paid to the card reader related to the latest operation history (card reader operated last). The area to which the card reader belongs is the area where the cardholder actually exists. Therefore, the location area of the ID code is updated in the area to which the card reader belongs.
When the location area is updated in step 420, a restoration signal is sent to the card reader (step 430), and the process is terminated.

As described above, the area to be updated may be the location of the card reader related to the operation history whose determination result is “non-permitted”, instead of the area to which the card reader is operated last.
Also, compare the operation time of the operation history with a determination result of “not permitted” with the current time, and if the predetermined time has passed, notify the administrator to that effect without performing recovery processing immediately. You can also. As a result, the administrator can alert the user who has been set to the prohibition state for a long time.

  According to the access control system according to the embodiment of the present invention described above, when the administrator designates the recovery target ID, the use prohibition state of the target ID is restored and the location area is updated to the correct area. For this reason, it is possible to greatly reduce troublesome restoration work by the administrator, and it is possible to maintain security in system operation after restoration.

An access control system according to another embodiment of the present invention will be described below. The overall configuration is the same as that of the above-described embodiment, and different parts will be described.
In the present embodiment, an important area, which is an area where entry / exit should be strictly managed, is set among a plurality of areas of the management area. Referring to FIG. 1, for example, area H, area I, and area J where the centralized management device 100 is installed are set as important areas. This important area is stored in the storage unit 120 of the centralized management apparatus 100.

Next, processing of the centralized management apparatus 100 in this embodiment will be described.
Since the processing when the ID card is operated by each card reader is the same as that in the above-described embodiment, the description thereof is omitted.
Processing for restoring the ID code in the disabled state will be described with reference to FIG.
When the central management device 100 starts the recovery process by the operation of the administrator, the central management device 100 refers to the card management information, card reader / area information, ID location information, operation history information, and important area information in the storage unit 120 (step 500).

In step 510, the affiliation area of the lastly operated card reader read from the operation history information is compared with the affiliation area of the card reader related to the operation history whose determination result is “non-permitted”. Determine how far away (area spacing). Referring to FIG. 1, for example, it is assumed that the user operates the card reader CR 71 installed in the area G to determine unauthorized traffic and the ID card is set in a use-prohibited state. At this time, CR 71 “operation time” and “non-permission” are recorded in the CR operation history. Then, after the user moves from area G to area B-area C-area D following the card operation of another user, it is assumed that the user requests the administrator to restore the use-prohibited state. First, the user operates the card reader CR41 (or CR32) installed in the area D to indicate his current position. At this time, CR 41 (operation time 14:15) “use prohibited state” is recorded in the CR operation history.

Here, the affiliation area of CR41, which is the last card reader operated, is area D, and the affiliation area of CR71, which is the card reader related to the operation history whose determination result is “non-permitted”, is area G. Looking at how far the area D and the area G are separated, when moving from the area D to the area G, it goes through at least two areas B and C. Therefore, the area interval in this case is “2”.

If the area interval thus obtained is greater than or equal to a predetermined value, a restoration impossible signal is sent to the card reader (step 520), and the process is terminated. At the same time, in order to notify the administrator of the recovery NG, the fact is displayed on the display unit. The card reader that has received the unrecoverable signal displays a message indicating that the recovery is not possible and notifies the user.
By performing the determination in step 510, if the user who has been improperly trafficked and moved in the management area by the time it is recovered is not recovered immediately, the administrator cannot It is possible to confirm whether there was any fraud by listening to the reason.

If the area interval is less than the predetermined value in step 510, it is determined in step 530 whether the area to which the card reader operated last in the CR operation history belongs is an important area.
If it is determined that the area is an important area, the use prohibition setting of the ID code of the designated recovery target person is turned OFF (step 540). Subsequently, the location area of the corresponding ID code in the ID location information is updated (step 550). The area to be updated is the same as in the previous embodiment.
Finally, a restoration signal is sent to the card reader (step 560), and the process is terminated.

If it is determined in step 530 that the area is not an important area, the process proceeds to step 570, where the use prohibition setting of the instructed recovery target ID code is turned off. In step 580, the location area of the corresponding ID code in the ID location information is initialized. Here, the initialization of the location area is to store a Null code in the location area. At this time, the location area is in a neutral state, that is, a state that does not belong to any area. If the location area is neutral at the time of determination of illegal traffic, it is not determined that the traffic is illegal regardless of the area of the card reader to which the card is operated.
Finally, a restoration signal is sent to the card reader (step 560), and the process is terminated.

  The processes after the determination of the important area will be described with reference to FIG. For example, it is assumed that there is a user who has been prohibited from use due to unauthorized traffic in area C. When the user moves to area D following the other person in a use-prohibited state and requests recovery from area D to the administrator, the area to which the card reader that was last operated in the CR operation history is the area C. Therefore, if this is updated to the location area, it will be different from the area where the user is actually. Therefore, if the card operation is performed in the area D after the restoration, it is determined again that the traffic is illegal. Therefore, it is determined whether or not the specified area is an important area. If the area is not an important area, the location area is set to neutral in order to allow operation from the area D after restoration.

As described above, when the identified area is an important area by the processing of step 530 to step 580, the location area is updated, and when it is not the important area, the processing is branched so as to initialize the location area. And when the card user is in an important area, the card usage after recovery is strengthened to increase security, and when the card user is in an area that is not an important area, the card usage limit after recovery is weakened. System operation can be facilitated.

According to the access control system according to the other embodiment of the present invention described above, the recovery work of the administrator can be greatly reduced, and there is no inconvenience while maintaining security after the recovery. Smooth system operation is possible.

It is a figure which shows the operation structure of the entrance / exit management system which concerns on one Embodiment of this invention. It is a block diagram which shows the access management system which concerns on one Embodiment of this invention. It is a block diagram which shows a specific example of the card reader in the entrance / exit management system shown in FIG. It is a block diagram which shows a specific example of the centralized management apparatus in the entrance / exit management system shown to FIG. FIG. 5 is a diagram illustrating a specific example of information stored in a storage unit in the centralized management device illustrated in FIG. 4, (a) is a diagram illustrating card reader area information, and (b) is a diagram illustrating ID location information. (C) is a diagram showing operation history information. It is a figure which shows an example of the information displayed on the display part of a centralized management apparatus. It is a flowchart which shows the process which the centralized management apparatus with respect to a traffic request signal performs. It is a flowchart which shows the process which a centralized management apparatus performs in the case of a recovery operation | work. It is a flowchart which shows the process which a centralized management apparatus performs in the case of a recovery operation in the access management system which concerns on other embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Central management apparatus 110 ... Control part 120 ... Storage part 130 ... Communication interface 140 ... Operation part 150 ... Display part 200, CR11-CR92 ... Card reader 210 ... Control part 220 ... Storage part 230 ... Communication interface 240 ... Reading part 250 ... Electric lock control unit 260 ... Display unit 600, D1 to D9 ... Electric lock door

Claims (3)

In the access control system that manages the movement of users between multiple areas in the management area,
A traffic control part that is arranged at the boundary of each area and regulates movement between areas,
An input unit that is provided corresponding to the traffic regulation unit and that receives a personal ID assigned to the user;
An input unit information storage unit that stores, for each input unit, destination area information indicating a destination area that is restricted by the traffic restriction unit, and belonging area information indicating an belonging area in which the input unit exists ;
A location information storage unit for storing location area information indicating the location area of the user;
The affiliation area information of the input unit to which the personal ID is input and the location area information of the personal ID are collated. The traffic control unit is controlled to be released, and the location information in the location information storage unit is updated with the destination area information of the input unit, and the traffic control unit is controlled to be released when the traffic is not permitted. A control unit that sets the personal ID to a use-prohibited state without
A history information storage unit for storing an input history of a personal ID to the input unit since at least the passage is not permitted ;
A recovery operation unit for recovering a personal ID in a prohibited state,
When the personal ID to be restored is input by the restoration operation unit, the control unit restores the use-prohibited state of the personal ID, and the location information in the location information storage unit is changed to the personal ID. The entry / exit management system is characterized in that the personal ID to be restored specified by the input history is updated with the affiliation area information of the input unit last input . The control unit has an area interval between the belonging area information of the input unit to which the personal ID to be restored specified by the input history is last input and the belonging area information of the input unit when the passage is not permitted. The access control system according to claim 1, wherein the use prohibition state is not restored when the relationship is greater than or equal to a predetermined value . Furthermore, an important area storage unit for storing the set area information as an important area is provided,
The control unit updates the location area information with the area information when the belonging area information of the input unit to which the personal ID for recovery specified by the input history is last input is the important area, wherein not important area access control system according to any one of claims 1 or 2 for initializing the location area information.

Images