JP4902856B2 - Movement information holding device, management device, information processing method, and program - Google Patents

Description

  The present invention relates to a security system that performs entrance / exit management at an entrance of an office building, for example.

In order to improve security in office buildings, condominiums, hospitals, etc., gates are provided at the entrances and exits of specific spaces such as entrances, floors, and living rooms. When passing through the gate, the ID device is checked with the ID control device. There is a security system that allows only a user who is given a device to enter a specific space.
At this time, the ID device is an RFID (Radio Frequency Identification), a contact / non-contact IC card, a mobile phone with a built-in non-contact IC card, etc., and ID information for each ID device is received from these ID devices from the ID control device. It is held in a readable state.
The gate is a lane type flapper gate, a door provided with an electric lock, or an automatic door, and includes a reader that reads the ID information of the ID device and notifies the ID control device.
If such an ID device is lost outside the specific space, a third party can illegally pick it up and pass through the gate, causing a reduction in the reliability of the security system.

In recent years, with the growing security awareness of companies and individuals, there is a desire to use specific data among memory cards and mobile phones stored only in specific spaces such as office buildings, condominiums, and hospitals. There is.
For example, among the personal identification number, telephone number, and program stored in a state that can be read by a memory card or a mobile phone, there are a personal identification number of a locker installed in the office, an extension number, and an electronic seal program that is used only within the company.
If these data are lost outside a specific space, they are illegally used by a third party, which causes leakage of secrets of companies and individuals.

Patent Document 1 discloses a conventional technology for realizing a memory card or a mobile phone that prevents an ID device or data used in a security system that allows only a specific user from entering the space as described above from being used outside the specific space. There is a technology.
In this technology, in a portable terminal provided with a non-contact IC card capable of non-contact data transmission / reception with an external device and means for accessing data by contact communication with the non-contact IC card, an input operation by a user is performed. In addition, an access restriction unit is provided that makes it impossible to access the recording data of the non-contact IC card.
With this technology, it is possible to prevent unauthorized use by a third party even if the ID device is lost by making it impossible to access the ID information and specific data of the IC card outside the specific space.
JP-A-2005-301489

  However, in the conventional technology, since the IC card function is invalidated by the user's input operation such as a button operation, for example, after using the IC card function at the gate passage when exiting the specific space, the user is clearly indicated outside the specific space. It is necessary to disable the IC card function, and if the user forgets to operate the IC card function, the ID device may be lost while the IC card function is valid. There is a problem of high possibility of causing leakage.

  The main object of the present invention is to solve such a problem, and the main object is to limit the output of ID information and specific data regardless of user operations.

The movement information holding device according to the present invention includes:
A mobile information holding device that holds private information and communicates with a gate device that performs entrance / exit management,
An output unit for outputting the non-public information in a predetermined case;
An input unit that inputs from the gate device a lock instruction that instructs to lock the output of the non-public information by the output unit;
And an output lock management unit that locks the output of the non-public information by the output unit based on a lock instruction input by the input unit.

  According to the present invention, since the output of the non-public information is locked regardless of the user's operation, the situation where the output lock is left in the released state due to the user's forgetting operation does not occur. A person cannot illegally use non-public information, and can enhance security.

Embodiment 1 FIG.
FIG. 1 is a diagram illustrating a configuration example of a security system according to the present embodiment.
The security system includes an ID control device 101, an entrance security gate device 102, an exit security gate device 103, an ID device 104, a token device 105, and a computer device 801.

The entrance security gate device 102 and the exit security gate device 103 are gate devices that physically limit the passage of people.
The entrance security gate device 102 restricts the passage of people when entering a security zone (for example, an office building or an apartment building) managed by the security system.
The exit security gate device 103 restricts the passage of people when leaving the security zone.
The security zone is also referred to as a management target zone.

  As a person who is not restricted, the user 106 receives the distribution of the ID device 104 and the token device 108 from the administrator of the security system and carries them.

  The ID control device 101 is connected to the entrance security gate device 102 and the exit security gate device 103 that perform entrance / exit management, and confirms the validity of the ID device 104 of the user 106. The passage restriction of the device 102 or the exit security gate device 103 is temporarily released.

The computer device 801 accesses data as information resources stored in the ID device 104.
In this embodiment, it is assumed that the computer device 801 is arranged in the security zone. The ID device 104 outputs information resources only to the computer device 801 arranged in the security zone.
The information resource is, for example, information that is permitted to be used only within the security zone, and is confidential information, such as a login password or encryption key of the computer device 801, or a company extension telephone number. An information resource is an example of on-site usage information.

The ID control device 101, the entrance security gate device 102, and the exit security gate device 103 are connected via a network so that they can communicate with each other.
The ID device 104 is connected to the entrance security gate device 102, the exit security gate device 103, the token device 105, and the computer device 801 via a network so that they can communicate with each other. Although it is preferable to configure a proximity wireless network or a short-range wireless network, a wired network or contact communication in which a device and a terminal of the device are in direct contact may be configured.

  The ID control device 101 is an example of a management device, the entrance security gate device 102 and the exit security gate device 103 are examples of gate devices, and the ID device 104 is an example of a movement information holding device.

  Here, before explaining the details of each element shown in FIG. 1, an overall processing flow (information processing method) in the security system according to the present embodiment will be outlined.

First, an example of an operation when the user 106 leaves the security zone (managed zone) will be described.
When the user 106 passes through the exit security gate device 103 in order to leave the security zone, the ID control device 101 sends private information (for example, passing through the security gate device) from the ID device 104 via the exit security gate device 103. ID information for the user 106), the value of the in-place flag, which will be described later, and the like are received, and it is determined whether or not the user 106 is permitted to leave the security zone.

When the user 106 is permitted to leave the security zone, the ID control device 101 temporarily cancels the passage restriction of the exit security gate device 103.
At this time, the ID control device 101 outputs a lock instruction for instructing the ID device 104 to lock the output of the private information held by the ID device 104 via the exit security gate device 103.
The ID device 104 receives the lock instruction from the ID control device 101 via the exit security gate device 103 (input step), and locks the output of the secret information based on the lock instruction (output lock management step). .
Thereby, it is possible to prevent private information from being output outside the security zone.
Further, the ID device 104 stores an in-field flag indicating whether or not the ID device 104 has entered the security zone. When the user 106 leaves the security zone, the ID control device 101 displays the in-field flag. An in-field flag release instruction for instructing to enter the release state is transmitted via the exit security gate device 103, and the ID device 104 receives the in-field flag release instruction and sets the in-field flag to the release state. The release state of the in-field flag indicates that the ID device 104 is outside (outside of) the security zone.
The ID control device 101 may transmit the in-place flag release instruction together with the lock instruction.

Next, an example of an operation when the user 106 enters the security zone will be described.
The token device 105 holds authentication information for releasing the output lock of the private information in the ID device 104, and when the user 106 enters the security zone, for example, the authentication information is operated by the operation of the user 106. Is transmitted to the ID device 104.
On the other hand, the ID device 104 stores authentication information for releasing the output lock of private information (this stored authentication information is referred to as storage lock release authentication information).
The ID device 104 receives the authentication information transmitted from the token device 105 (this received authentication information is referred to as input lock release authentication information).
In the ID device 104, when the input lock release authentication information matches the storage lock release authentication information, the output lock of the private information is released, and the private information is transmitted to the entrance security gate device 102 (output step).
The ID device 104 also transmits the value of the on-site flag (in a normal state, the release state) to the entrance security gate device 102.
The ID control device 101 stores authentication information for authenticating the ID device 104, inputs the secret information and the value of the in-field flag from the entrance security gate device 102, and the authentication information stored in the secret information If it matches the information and the in-field flag is in the release state, the user 106 is allowed to enter the security zone, and the passage restriction of the entrance security gate device 102 is temporarily released.

Further, the ID control device 101 transmits an in-field flag setting instruction to instruct the ID device 104 to set the in-field flag via the entrance security gate device 102, and the ID device 104 responds to the in-field flag setting instruction. Based on this, the in-field flag is set. The setting state of the in-field flag indicates that the ID device 104 is inside the security zone (in the area).
Through the above procedure, the user can properly enter the security gate.

  Next, details of each element shown in FIG. 1 will be described.

FIG. 2 is a diagram illustrating a configuration example of the entrance security gate device 102 (gate device) and the exit security gate device 103 (gate device).
The entrance security gate device 102 and the exit security gate device 103 include an ID access device 201, an electric lock 202, an automatic door 203, and a security gate communication unit 204.
The ID access device 201 reads and writes the contents of the ID device 104.
The electric lock 202 is a key device that electrically restricts the opening and closing of the automatic door 203.
The automatic door 203 is a door that detects a person and automatically opens and closes the door, and is connected to the electric lock 202. If the electric lock 202 is in a locked state, the automatic door 203 is closed even if a person is detected. Will remain.
The security gate communication unit 204 is a communication unit for connecting to the host device that controls the ID access device 201 and the electric lock 202, in this case, the ID control device 101.
The entrance security gate device 102 and the exit security gate device 103 may have a configuration of a flapper gate that restricts passage of a person by a passage and a flap installed in the passage.

FIG. 3 illustrates an example of the security zone 301 (management target zone).
The security zone 301 is set so as to prevent unauthorized entry into spaces such as office buildings, condominiums, and hospital buildings, floors, residence rooms, hospital rooms, and the like. In this case, as shown in FIG. 3, the entrance and exit of the residence room are provided one by one, and the entrance security gate device 102 and the exit security gate device 103 are installed respectively, and the user 106 who has permitted entry and exit of the residence room is provided. Try to limit.
Since the ID access device 201 accesses the ID device 104 of the user 106 while the electric lock 202 is locked, the ID access device 201 of the entrance security gate device 102 is located outside the security zone 301 and the exit security gate device 103. ID access devices 201 are installed inside the security zone.

If an office building or a condominium building is used as one security zone 301, an entrance and an exit for installing the entrance security gate device 102 and the exit security gate device 103 may be provided at the entrance.
Further, when a space provided with a fence or a fence so as to surround a group of buildings such as a factory is used as the security zone 301, an entrance and an exit provided with an entrance security gate device 102 and an exit security gate device 103 are provided at one or more locations of the fence. Provide.
One or more entrances and exits for installing the entrance security gate device 102 and the exit security gate device 103 may be installed, respectively, and the entrance and the exit may be bidirectional entrances. For one electric lock 202, automatic door 203, and security gate communication unit 204, two ID access devices 201 are placed inside and outside the security zone 301.

FIG. 4 is a diagram illustrating a configuration example of the ID control device 101 (management device).
The ID control device 101 includes a control unit 401, a data storage unit 402, and an ID control device communication unit 403. The control unit 401 controls input / output of the data storage unit 402 and the ID control device communication unit 403. The data storage unit 402 stores data.
The ID control device communication unit 403 communicates with the entrance security gate device 102 and the security gate communication unit 204 of the exit security gate device 103.
The data stored in the data storage unit 402 is ID information and device authentication information.

FIG. 5 is a diagram illustrating a configuration example of the ID access device 201.
The ID access device 201 includes an access device communication unit 501 and an access device wireless communication unit 502, and the access device communication unit 501 is connected to the ID control device 101 via the security gate communication unit 204.
Access device wireless communication unit 502 connects to ID device 104.
The ID access device 201 connects the ID control device 101 and the ID device 104 so that they can communicate with each other.

FIG. 6 is a diagram illustrating a configuration example of the ID device 104 (movement information holding device).
The ID device 104 includes an ID device control unit 601 (output lock management unit), an ID device storage unit 602 (storage unit), a wireless communication unit 603 (input unit and output unit), and a timer unit 604.
In the ID device 104, the ID device control unit 601 reads and writes the contents of the ID device storage unit 602 in response to an external access via the wireless communication unit 603, and returns a result via the wireless communication unit 603.
Data stored in the ID device storage unit 602 is ID information (private information), a field flag, information resources (field usage information), device authentication information, and authentication information (memory lock release authentication information).
The device authentication information is information for the ID device 104 to authenticate the ID control device 101, the entrance security gate device 102, or the exit security gate device 103.
The wireless communication unit 603 can output private information (ID information) when the output lock is released.
On the other hand, the wireless communication unit 603 inputs a lock instruction for instructing to lock the output of the private information from the exit security gate device 103.
The ID device control unit 601 locks the output of private information based on the lock instruction input by the wireless communication unit 603.
The timer unit 604 raises an interrupt to the ID device control unit 601 at the set time.
The timer unit 604 measures time after the authentication information (input lock release authentication information) from the token device 105 is input.
The ID device control unit 601 locks the output of ID information when the authentication information (input lock release authentication information) from the token device 105 matches the authentication information (storage lock release authentication information) stored in the ID device storage unit 602. When the timer unit 604 determines that a certain time has elapsed since the authentication information (input lock release authentication information) from the token device 105 is input after the release of the authentication, the in-field flag is checked and the in-field flag is released. When it is in a state, the output of ID information is locked.
For example, if the ID information output lock is released when the user 106 is not in the security zone due to an operation mistake or the like, leaving the output lock released state will cause a security problem. Therefore, the output lock is performed again after a certain time.
Even if the ID information is output at a place where the entrance security gate device 102 is not set, the ID device 104 does not receive the in-field flag setting instruction and the in-field flag remains in the released state. If the flag is in the released state, the output lock is performed again.

The ID device 104 is connected to the ID access device 201, the token device 105, and the computer device 801 via the wireless communication unit 603.
The ID device 104 may be configured in a non-contact IC card shape or a memory card shape.

FIG. 7 is a diagram illustrating a configuration example of the token device 105.
The token device 105 includes a token wireless communication unit 701 and an authentication information storage unit 702, and is connected to the ID device 104 via the token wireless communication unit 701.
The authentication information stored in the authentication information storage unit 702 is transmitted to the ID device 104. This authentication information is received by the ID device 104 and used as input lock release authentication information.
The data stored in the authentication information storage unit 702 is authentication information.

FIG. 8 is a diagram illustrating a configuration example of the computer device 801.
The computer device 801 includes a key input unit 802, a display unit 803, a computer control unit 804, a program storage unit 805, a data storage unit 806, and an ID device reading unit 807.
The key input unit 802 is an input unit, and accepts inputs such as changes in numbers, characters, and input targets.
The display unit 803 displays information.
The computer control unit 804 performs an operation based on a program stored in the program storage unit 805, stores and reads data in the data storage unit 806, and performs input / output processing for the key input unit 802, the display unit 803, and the ID device reading unit 807.
The ID device reading unit 807 reads information stored in the ID device 104.

Next, the operation of the ID control apparatus 101 will be described with reference to FIG.
The ID control device 101 waits for the entrance security gate device 102 or the exit security gate device 103 to detect the ID device 104 in step S901.
When the user 106 carries the ID device 104 and tries to pass the security gate, the ID device 104 is detected via the entrance security gate device 102 or the exit security gate device 103, and the process proceeds to step S902.
In step S902, in order to determine whether the user 106 enters or exits, it is determined whether the gate that has detected the ID device 104 is the entrance security gate device 102 or the exit security gate device 103. .
When the ID security device 104 is detected by the entrance security gate device 102, it is a case of entry, and step S903 is executed. When it is detected by the exit security gate device 103, it is a case of participation, and step S909 is executed.

In step S903, the ID control device 101 reads the ID information of the ID device 104 and the in-field flag via the entrance security gate device 102 in step S903, and the received ID information is authenticated for authentication in step S904. It collates with ID information which 101 holds.
If the verification is successful in step S904, step S905 is executed to execute the next determination. If the verification is unsuccessful, the ID device 104 should allow entry, including the case where the ID information has failed to be read in step S903. It is determined that it is not kimono, and step S908 is executed.
If the verification of the ID information is successful, the ID control apparatus 101 determines in step S905 whether the in-field flag is in the released state, and if it is in the released state, the ID apparatus 104 has correctly entered the previous security zone. In step S906, it is determined that the ID device 104 and its user 106 should be allowed to enter the security zone together with the successful verification of the previous ID information.
In step S <b> 906, the ID control apparatus 101 transmits apparatus authentication information and an in-place flag setting instruction to the ID apparatus 104. This device authentication information is information for the ID device 104 to authenticate the ID control device 101.
Further, in step S907, the ID control apparatus 101 temporarily unlocks the electric lock 202 of the entrance security gate apparatus 102 to allow the user 106 of the ID apparatus 104 to pass the entrance security gate apparatus 102, and the next ID. The processing returns to step S901 for the processing of the device 104.

In step S909, the ID control device 101 reads the ID information and the in-field flag of the ID device 104 via the exit security gate device 103 in step S909. In step S910, the ID control device 101 performs ID control on the received ID information for authentication. It collates with the ID information held by the device 101.
If the verification is successful in step S910, step S911 is executed to execute the next determination. If the verification is unsuccessful, the ID device 104 should allow the participation including the case where the ID information is unsuccessfully read in step S909. It is determined that it is not kimono, and step S908 is executed.
If the verification of the ID information is successful, the ID control device 101 determines in step S911 whether the in-field flag is in the set state, and if it is in the set state, the ID device 104 has correctly entered the previous security zone. In step S912, it is determined that the ID device 104 and its user 106 should be allowed to participate in the security zone together with the successful collation of the previous ID information.
In step S912, the ID control apparatus 101 transmits apparatus authentication information, a lock instruction, and an in-field flag release instruction to the ID apparatus 104, and in step S9913, the exit security gate apparatus 103 is sent to the user 106 of the ID apparatus 104. In order to pass the password, the electric lock 202 of the exit security gate device 103 is temporarily unlocked, and the processing returns to step S901 for processing of the next ID device 104.

  In step S904, step S905, step S901, and step S911, the ID control device 101 determines that the ID device 104 and its user 106 should not be allowed to enter or exit the security zone. In that case, an alarm is sounded at step S908, and the security guard is notified.

The operation of the ID device 104 will be described with reference to FIGS.
The ID device 104 waits for access in step S1001. If there is any access, the ID device 104 determines the type of access in steps S1002, S1008, and S1012.

In step S1002, if the access is reading of ID information and in-field flag, that is, access from the ID control device 101 via the entrance security gate device 102 or the exit security gate device 103, the user of the ID device 104 is in the security zone. Trying to enter or leave the security zone.
In step S1003, the ID device 104 determines whether it is in the ID lock (output lock) release state, and if it is in the ID lock release state, it can output ID information. Therefore, in step S1004, the ID information and the in-field flag are output. Returns the value of.
In step S1005, device authentication information and a request are received from the ID control device 101. This request is an in-field flag setting instruction described in step S906 when entering, and a lock instruction and in-field flag releasing instruction described in step S912 when entering.
Next, in step S1006, the ID device 104 collates the device authentication information (stored gate authentication information) to be held with the received device authentication information (input gate authentication information) for authentication, and the collation is successful. In step S1007, the entrance security gate device 102 or the exit security gate device 103 which has made the request is a correct device, and executes the received request.
That is, when entering, an in-field flag is set, and when entering, ID lock (output lock) for prohibiting output of ID information is performed, and the setting of the in-field flag is cancelled.
Then, in preparation for the next access, step S1001 is executed.

In step S1008, it is determined whether or not the access is an input of authentication information. If the authentication information is input, that is, if the access is from the token device 105, the ID device 104 determines in step S1009 that For authentication, the held authentication information is collated with the received authentication information. If the collation is successful, output of ID information is permitted in step S1010, and the timer unit 604 of the ID device 104 is set in step S1011.
The timer value is desirably a time from when ID information is permitted to be output to when it passes through the entrance security gate device 102. For example, it is a value such as 5 minutes or 10 minutes, but there is no particular limitation.
The ID device 104 executes step S1001 in preparation for the next access.

If the access is a data read / write request, that is, access from the computer device 801 in step S1012, the ID device 104 determines permission of access in step S1013.
In step S1013, when the ID information can be read and the in-place flag is set, the user 106 can correctly read the ID information of the ID device 104, and correctly passes through the entrance security gate device 104. It is determined that the user has entered the security zone, data reading / writing is permitted, data access is executed in step S1014, and the result is returned to the computer device 801.
If the condition is not satisfied in step S1013, the ID device 104 does not execute the request from the computer device 801.
The ID device 104 executes step S1001 in preparation for the next access.

FIG. 11 is a flowchart of processing executed in response to an interrupt generated when the ID device 104 sets the timer unit 604 in step S1011 and the timer unit 604 times out.
The ID device 104 determines that the ID device 104 is still outside the secure zone when the ID information is in the ID lock release state in which the output of the ID information is permitted in step S1101 and the in-field flag is in the release state, and step S1102 Thus, the ID lock state in which the output of ID information is prohibited is entered.

FIG. 12 is a state transition diagram of the security system.
Reference numeral 1201 denotes that the ID device 104 is in the ID locked state and the in-field flag is in a released state, and is outside the security zone. When entering the security zone through the security gate device 102, the in-field flag 1203 is set.
From 1203, when the vehicle passes the exit security gate device 103 and goes out of the security zone, a state 1201 is obtained.

If it passes through the entrance security gate device 102 and the exit security gate device 103 in the state of 1201, it is an unauthorized act and an unauthorized detection state of 1204 is entered.
Similarly, even if it passes through the exit security gate device 103 in the state of 1202, or passes through the exit security gate device 103 in the state of 1203, it becomes the fraud detection state of 1204. Even if an ID lock release input is made to the ID device 104 in the ID lock release state of 1202 and 1203, the state does not change.
In the state of 1202, if the entrance security gate device 102 is not passed within a certain time and does not enter the security zone, a timeout occurs and the state transitions to the state of 1203.

In the present embodiment, whether or not the in-field flag of the ID device 104 can be output may be controlled in the same manner as whether or not the ID information can be output.
That is, in the ID lock state, the in-field flag cannot be output, and in the ID lock release state, the in-field flag can be output. When the ID control device 101 cannot read the in-field flag, the in-field flag is handled as a release state.

A security gate may be provided in the security zone, and the ID device 104 may be used as an ID for passing through the security gate.

As described above, according to the present embodiment, when leaving the security zone, the ID control device 101 transmits a lock instruction for instructing the output lock of the private information (ID information) of the ID device 104, and the ID device In 104, the output of the private information (ID information) is locked according to the lock instruction, so that even if the ID device 104 is lost, the third party cannot illegally use the private information (ID information). It is possible to prevent leakage of secrets of companies and individuals.
Further, the output lock is not based on a user operation, and the ID device 104 autonomously locks the output based on a lock instruction transmitted from the ID control device 101. For this reason, a situation in which the output lock is left in a released state due to a user's forgotten operation does not occur, and even if the ID device 104 is lost, a third party illegally uses private information (ID information) Can not do it.
As described above, according to the embodiment, non-public information (ID information) is not leaked to the outside, and security can be enhanced.
Further, since the user does not need to perform an output lock operation when passing through the security gate, the convenience of the user can be improved.

Embodiment 2. FIG.
FIG. 13 is a diagram illustrating a configuration example when the ID device is configured by the mobile phone terminal 1301.
That is, in this embodiment, the mobile phone terminal 1301 functions as a movement information holding device.

The mobile phone terminal 1301 includes a key input unit 1302, a display unit 1303, a voice input / output unit 1304, a mobile phone terminal control unit 1305, a power supply control unit 1306, a telephone control unit 1307, a wireless communication unit 1308, a wireless LAN communication unit 1309, data storage. Part 1310 and non-contact IC card part 1311.
The key input unit 1302 accepts information related to a destination in creating a visit, a destination telephone number for a user to make a call, and an input for selecting a destination from a telephone directory.
The display unit 1303 notifies the user of the state of the mobile phone terminal 1301 such as an input instruction, an input result, and an incoming call by displaying characters, pictures, and icons on a screen such as a liquid crystal display.
The voice input / output unit 1304 inputs or outputs voice such as voice input and output for a telephone call or voice guidance and voice operation.
The mobile phone terminal control unit 1305 performs calculation, data storage, reading, and input / output processing based on the stored program.
The power supply control unit 1306 performs transition to a low power consumption mode such as turning off the power of the display unit 1303, returning to the normal mode, and measuring the remaining power amount.
A telephone control unit 1307 connects, maintains, and disconnects a mobile phone network and a telephone line for calls via a wireless LAN.
The wireless communication unit 1308 establishes, maintains, and disconnects communications with a wireless base station for calls on the cellular phone network and data communications using the cellular phone network, converts voice, and transmits and receives data via radio.
The wireless LAN communication unit 1309 authenticates, establishes, maintains, and disconnects communication with a wireless LAN access point for calls via the wireless LAN and data communication using the wireless LAN, converts voice, and transmits / receives data via wireless I do.
The data storage unit 1310 stores calculation results of the mobile phone terminal control unit 1305, user data such as a phone book and incoming / outgoing call history, and device data such as characters, pictures, and icons.
The non-contact IC card unit 1311 includes a non-contact IC card mounted on the mobile phone terminal 1301. Data stored in the non-contact IC card unit 1311 includes an external non-contact IC card reader / writer or the like. Reading / writing is performed from the mobile phone terminal 1301 main body.

  The non-contact IC card unit 1311 operates in the same manner as the ID device 104 of the first embodiment.

At this time, the authentication information for setting the ID lock (output lock) release state that permits the output of the ID information of the non-contact IC card unit 1311 is a PIN (Personal Identification Number) that can be input using the key input unit 1302. Yes, output of ID information is permitted when the PIN stored in the non-contact IC card unit 1311 matches the PIN.
In this embodiment, the authentication information (PIN) input by the user is an example of the input lock release authentication information, and the authentication information (PIN) stored in the contactless IC card unit 1311 is stored locked. It is an example of cancellation | release authentication information.
The information resource (in-field usage information) stored in the non-contact IC card unit 1311 is in the state of 1203 (ID lock release state, in-field flag = set), as in the first embodiment, which is accessed by the computer device 801. For example, the access can be made from the mobile phone terminal control unit 1305 of the mobile phone terminal 1301. For example, the access result can be updated using the key input unit 1302 and can be displayed on the display unit 1303.
At this time, the information resource is information that is desired to be used only within the security zone, for example, confidential information, such as an extension telephone number.

Also, as shown in FIG. 14, a wireless LAN access point 1401 is installed in the security zone 301 so that the mobile phone terminal 1301 is connected to the wireless LAN access point 1401 and stored in the non-contact IC card unit 1311. Authentication information for connecting to the wireless LAN access point 1401 may be stored as a resource.
At that time, it is possible to restrict so that the mobile phone terminal 1301 can be connected to the wireless LAN access point 1401 only when the mobile phone terminal 1301 exists in the security zone.

Similarly, as shown in FIG. 15, the wireless LAN access point 1401 and the office server device 1501 are connected so that the mobile phone terminal 1301 can access the office server device 1501. You may make it store the login password to the office server apparatus 1501 as an information resource to store.
At that time, it is possible to restrict the mobile phone terminal 1301 to log in to the office server device 1501 only when the mobile phone terminal 1301 exists in the security zone. The login to such an apparatus is not limited to being performed via a network, but authentication information for logging in to a personal computer or a notebook personal computer may be stored in the non-contact IC card unit 1311 as an information resource.

Note that the operation example of the mobile phone terminal 1301 according to this embodiment is the same as that shown in FIGS.
An example of the operation of the ID control apparatus 101 is also the same as that shown in FIG.

  Thus, in this embodiment, since the ID device is composed of a mobile phone terminal, in addition to the effects realized in Embodiment 1, the user needs to carry both the ID device and the mobile phone terminal. Since only the mobile phone terminal needs to be carried, user convenience can be improved.

In the second embodiment, the example in which the user inputs the authentication information (PIN) using the key input unit of the mobile phone terminal 1301 has been described. However, as in the first embodiment, the token device 105 is used. You may do it.
That is, the authentication information may be transmitted from the token device 105 to the mobile phone terminal 1301 by, for example, short-range wireless communication. In this way, the user can save the trouble of inputting authentication information by key operation.

  In the first and second embodiments described above, an ID control device that controls the opening and closing of the security gate by inputting ID information of the ID device when entering and leaving the security zone, and controlling the opening and closing of the security gate. The ID control apparatus that outputs a lock instruction for prohibiting output of ID information has been described.

  In the first and second embodiments described above, the security gate that opens and closes at the entrance and exit of the security zone, the ID device that stores the ID information in an outputable state, and the ID information of the ID device that enters and exits the security zone are collated. And an ID control device that controls the opening and closing of the security gate, and the ID control device outputs a lock instruction to the ID device on the participation side of the security zone, and the ID device inputs the lock instruction. A security system has been described in which an ID lock state in which output of ID information is prohibited is entered, and an ID lock release state in which output of ID information is permitted when the first authentication information is input and authenticated.

  In the first and second embodiments described above, the security system in which the first authentication information input unit is a wireless token has been described.

  In the first and second embodiments described above, the ID control device outputs a lock instruction and an in-field flag release instruction to the ID device on the entry side of the security zone, and the ID information of the ID device on the entry side of the security zone. When the in-field flag is input, the ID information can be collated and the in-field flag is in the released state, the security gate is opened and an in-field flag setting instruction is output to the ID device, and the ID device further sets the in-field flag. The security system has been described in which it is stored in an outputable state, the in-field flag is canceled by inputting the in-field flag canceling instruction, and the in-field flag is set by inputting the in-field flag setting instruction.

  In the first and second embodiments described above, the ID device includes a timer, and the ID lock state is set when the in-field flag is not set within a predetermined time after the ID lock (output lock) is released. Explained the security system.

  In the first and second embodiments described above, the ID control device outputs the second authentication information together with any one of the lock instruction, the in-field flag release instruction, and the in-field flag setting instruction, and the ID apparatus performs the second authentication. The security system has been described in which processing is executed according to any one of the lock instruction, the in-field flag release instruction, and the in-field flag setting instruction only when the information can be input and authenticated.

  In the first and second embodiments, there is an information resource that is permitted to be used only in the security zone, and the ID device holds the information resource (ex. Confidential information, extension telephone number) in a state where it can be output. In the ID lock state that prohibits the output of ID information, the information flag becomes in the information resource lock state that prohibits the output of the information resource when the in-field flag is in the released state, and the unlock state and the in-field flag that permits the output of ID information are in the set state. A security system has been described that, in some cases, enters an information resource unlock state that permits the output of information resources.

  In the first and second embodiments described above, the information resource permitted to be used only in the security zone uses the information processing resource in the security zone (ex. Login to the notebook PC, connection to the wireless network). We explained the security system that is the authentication information.

  In the first and second embodiments described above, ID information is stored in an outputable state, and when a lock instruction is input, an ID lock state in which output of ID information is prohibited is entered, and authentication is performed by inputting first authentication information. Then, the ID lock is released to permit the output of ID information, and the in-field flag is stored in a state in which it can be output. In addition, the information resource is held in a state where it can be output, the ID lock state prohibits the output of the ID information, and the information resource lock state prohibits the output of the information resource when the on-site flag is in the released state. When an ID device is in an unlocked state where output is permitted and the in-field flag is set, the ID device enters an information resource unlocked state that permits output of the information resource. It explained.

Here, a hardware configuration example of the mobile phone terminal 1301 according to this embodiment will be described.
FIG. 16 is a diagram illustrating an example of hardware resources of the mobile phone terminal 1301 described in this embodiment.
Note that the configuration in FIG. 16 is merely an example of the hardware configuration of the mobile phone terminal 1301, and the hardware configuration of the mobile phone terminal 1301 is not limited to the configuration shown in FIG. Also good.

In FIG. 16, a mobile phone terminal 1301 includes a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, and a processor) that executes a program. The CPU 911 receives, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901 such as an LCD, a numeric keypad 902, a microphone 914, a speaker 915, and a non-contact IC via the bus 912. It is connected to a card 916, a flash memory 930, etc., and controls these hardware devices.
The RAM 914 is an example of a volatile memory. Storage media such as the ROM 913, the non-contact IC card 916, and the flash memory 930 are examples of nonvolatile memories. These are examples of a storage device or a storage unit.
The communication board 915, the numeric keypad 902, and the like are examples of an input unit and an input device.
Further, the communication board 915, the display device 901, the non-contact IC card 916, and the like are examples of an output unit and an output device.
The non-contact IC card 916 functions as the ID device 104 as described above.

The communication board 915 can be connected to, for example, the Internet, a WAN (wide area network), a LAN (local area network), or the like via a wireless line.
The flash memory 930 can store an operating system 921 (OS), a window system 922, a program group 923, a file group 924, and the like. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

  The program group 923 stores a program that executes at least the function of the ID device 104. The program is read and executed by the CPU 911.

In addition, FIG. 17 illustrates a hardware configuration example of the ID control apparatus 101 according to the first and second embodiments.
FIG. 17 is a diagram illustrating an example of hardware resources of the ID control apparatus 101 according to the first and second embodiments.
17 is merely an example of the hardware configuration of the ID control apparatus 101, and the hardware configuration of the ID control apparatus 101 is not limited to the configuration illustrated in FIG. Also good.

Among the elements shown in FIG. 17, the same reference numerals as those in FIG. 16 are hardware having the same functions. Description of the same parts as those in FIG. 16 is omitted.
17, the CPU 911 mounted on the ID control device 101 is connected to, for example, a ROM 913, a RAM 914, a communication board 915, a display device 901, a keyboard 902, a mouse 903, and a magnetic disk device 920 via a bus 912. And control these hardware devices. Further, the CPU 911 may be connected to an FDD 904 (Flexible Disk Drive), a compact disk device 905 (CDD), a printer device 906, and a scanner device 907. Further, instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card read / write device may be used.
As shown in FIG. 1, the communication board 915 is connected to the entrance security gate device 102 and the exit security gate device 103, and is also connected to, for example, a LAN (local area network), the Internet, a WAN (wide area network), and the like. It does not matter.
The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

  The program group 923 stores programs that execute the functions described as “˜units” that are elements of the ID control apparatus 101 in the first and second embodiments. The program is read and executed by the CPU 911.

16 and 17, the file group 924 includes, in the above description, “determination of”, “calculation of”, “comparison of”, “evaluation of”, “update of”, “ Information, data, signal values, variable values, and parameters indicating the results of the processing described as “setting of”, “selection of”, etc. are stored as, for example, “˜file” and “˜database” items. ing. “˜File” and “˜Database” are stored in a recording medium. Information, data, signal values, variable values, and parameters stored in the storage medium are read out to the main memory and the cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, calculated, calculated, processed, Used for CPU operations such as editing, output, and display. Information, data, signal values, variable values, and parameters are stored in the main memory, registers, cache memory, buffer memory, etc. during the CPU operations of extraction, search, reference, comparison, calculation, processing, editing, output, and display. Temporarily stored.
In addition, the arrows in the flowchart described above mainly indicate input / output of data and signals, and the data and signal values are recorded on a recording medium. Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In addition, what is described as “˜unit” in the above description may be “˜circuit”, “˜device”, “˜device”, “means”, and “˜step”, It may be “˜procedure” or “˜processing”. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored in the recording medium as programs. The program is read by the CPU 911 and executed by the CPU 911.

  As described above, the cellular phone terminal and the ID control device described in the first and second embodiments are a CPU as a processing device, a memory as a storage device, a flash memory, a magnetic disk device, etc., a numeric keypad as an input device, a communication board, a keyboard, and a mouse. And the like, and a display device, a communication board, a non-contact IC card, and the like, which are output devices, are used to realize the functions indicated as “-unit” using these processing devices, storage devices, input devices, and output devices.

FIG. 3 is a diagram illustrating a configuration example of a security system according to the first and second embodiments. FIG. 3 is a diagram illustrating a configuration example of a security gate device according to the first and second embodiments. FIG. 3 is a diagram illustrating an example of a security zone according to the first embodiment. FIG. 3 is a diagram illustrating a configuration example of an ID control device according to the first and second embodiments. FIG. 3 is a diagram illustrating a configuration example of an ID access device according to the first and second embodiments. 2 shows a configuration example of an ID device according to Embodiments 1 and 2. 2 shows a configuration example of a token device according to the first and second embodiments. 2 shows a configuration example of a computer apparatus according to Embodiments 1 and 2. FIG. 5 is a flowchart showing an operation example of the ID control device according to the first and second embodiments. FIG. 3 is a flowchart showing an operation example of the ID device according to the first and second embodiments. FIG. 3 is a flowchart showing an operation example of the ID device according to the first and second embodiments. The figure which shows the example of the state transition of the security system which concerns on Embodiment 1 and 2. FIG. FIG. 5 shows a configuration example of a mobile phone terminal according to Embodiment 2. FIG. 6 shows an example of a security zone according to the second embodiment. The figure which shows the relationship between the mobile telephone terminal which concerns on Embodiment 2, a wireless LAN access point, and an office server apparatus. FIG. 4 is a diagram illustrating a hardware configuration example of a mobile phone terminal according to a second embodiment. FIG. 3 is a diagram illustrating a hardware configuration example of an ID control device according to the first and second embodiments.

Explanation of symbols

  101 ID Control Device, 102 Entrance Security Gate Device, 103 Exit Security Gate Device, 104 ID Device, 105 Token Device, 106 User, 201 ID Access Device, 202 Electric Lock, 203 Automatic Door, 204 Security Gate Communication Unit, 301 Security Zone, 401 control unit, 402 data storage unit, 403 ID control device communication unit, 501 access device communication unit, 502 access device wireless communication unit, 601 ID device control unit, 602 ID device storage unit, 603 wireless communication unit, 604 timer Unit, 701 token wireless communication unit, 702 authentication information storage unit, 801 computer device, 802 key input unit, 803 display unit, 804 computer control unit, 805 program storage unit, 806 data storage unit, 807 ID Device reading unit, 1301 mobile phone terminal, 1302 key input unit, 1303 display unit, 1304 voice input / output unit, 1305 mobile phone terminal control unit, 1306 power supply control unit, 1307 telephone control unit, 1308 wireless communication unit, 1309 wireless LAN communication Unit, 1310 data storage unit, 1311 contactless IC card unit, 1401 wireless LAN access point, 1501 office server device.

Claims (20)

A mobile information holding device that holds private information and communicates with a gate device that performs entrance / exit management,
An output unit for outputting the non-public information in a predetermined case;
An input unit that inputs from the gate device a lock instruction that instructs to lock the output of the non-public information by the output unit;
A movement information holding device comprising: an output lock management unit that locks the output of the non-public information by the output unit based on a lock instruction input by the input unit. The input unit is
The movement information holding device according to claim 1, wherein when the movement information holding device leaves the management target zone where the gate device performs entry / exit management, the lock instruction is input from the gate device. . The movement information holding device further includes:
A storage unit for storing authentication information for releasing the output lock of the non-public information by the output lock management unit as storage lock release authentication information;
The input unit is
Input authentication information for releasing the output lock of the non-public information by the output lock management unit as input lock release authentication information,
The output lock management unit
The movement information holding device according to claim 1, wherein when the input lock release authentication information matches the storage lock release authentication information, the output lock of the secret information is released. The input unit is
When the movement information holding device enters the management target zone where the gate device performs entrance / exit management, the input lock release authentication information is input,
The output unit is
The movement information holding device according to claim 3, wherein the secret information is output to the gate device after the output lock of the secret information is released by the output lock management unit. The input unit is
The movement information holding device according to claim 3, wherein the input lock release authentication information is input from a token device holding the input lock release authentication information. The storage unit
Storing an in-field flag indicating whether or not the movement information holding device has entered the management target zone in which the gate device performs entrance / exit management,
The input unit is
When a movement information holding device enters the management target zone, an in-field flag setting instruction is input from the gate device instructing to set the in-field flag.
The storage unit
The movement information holding device according to claim 1, wherein the in-field flag is set when the in-field flag setting instruction is input by the input unit. The movement information holding device further includes:
A timer unit for measuring time after the input unlocking authentication information is input by the input unit;
The output lock management unit
After the input lock release authentication information and the storage lock release authentication information coincide with each other, after the output lock of the non-public information is released, a certain period of time has passed since the input lock release authentication information was input. 7. The movement information holding device according to claim 6, wherein when the determination is made, the inside flag is confirmed, and when the inside flag is in a released state, the output of the secret information is locked. The storage unit
Storing an in-field flag indicating whether or not the movement information holding device has entered the management target zone in which the gate device performs entrance / exit management,
The input unit is
When the movement information holding device leaves the zone to be managed, an in-field flag release instruction is input from the gate device instructing the in-field flag to be in a release state,
The storage unit
The movement information holding device according to claim 1, wherein the in-field flag is released when the in-field flag cancel instruction is input by the input unit. The movement information holding device further includes:
A storage unit that stores authentication information for authenticating the gate device or a management device that manages the gate device as storage gate authentication information;
The input unit is
From the gate device, together with the lock instruction, input authentication information for authenticating the gate device or the management device as input gate authentication information,
The lock management unit
The movement according to claim 1, wherein when the input gate authentication information and the stored gate authentication information match, the output of the secret information by the output unit is locked based on the lock instruction. Information holding device. The storage unit
Storing authentication information for authenticating the gate device or a management device that manages the gate device as storage gate authentication information;
The input unit is
From the gate device, together with the in-field flag setting instruction, authentication information for authenticating the gate device or the management device is input as input gate authentication information,
The storage unit
The movement information holding device according to claim 6, wherein when the input gate authentication information matches the stored gate authentication information, the in-field flag is set based on the in-field flag setting instruction. The storage unit
Storing authentication information for authenticating the gate device or a management device that manages the gate device as storage gate authentication information;
The input unit is
From the gate device, along with the in-field flag release instruction, authentication information for authenticating the gate device or the management device is input as input gate authentication information,
The storage unit
9. The movement information holding device according to claim 8, wherein when the input gate authentication information matches the stored gate authentication information, the in-field flag is set in a released state based on the in-field flag release instruction. The storage unit
Storing in-field usage information that is permitted to be used only when the mobile information holding device is located in the managed zone;
The output lock management unit
7. The movement information holding device according to claim 6, wherein when the inside flag is in a set state and the output lock of the non-public information is released, output of the inside use information is permitted. A management device connected to a gate device that performs entrance / exit management,
A lock instruction that instructs the mobile information holding device that communicates with the gate device to lock the output of private information held by the mobile information holding device is output via the gate device. Management device. The management device
The lock instruction is output to the movement information holding device via the gate device when the movement information holding device leaves the management target zone where the gate device performs entrance / exit management. Item 14. The management device according to Item 13. The management device
Storing authentication information for authenticating the mobile information holding device;
When the mobile information holding device enters the management target zone where the gate device performs entrance / exit management, the private information and the mobile information holding are transferred from the mobile information holding device via the gate device. Enter an on-site flag indicating whether or not the device has entered the managed zone,
The entry of the mobile information holding device to the management target zone is permitted when the non-public information matches the authentication information and the in-field flag is in a released state. Management device. The management device
When permitting the movement information holding device to enter the management target zone, an in-field flag setting instruction for instructing to set the in-field flag of the movement information holding device to a set state is provided via the gate device. The management apparatus according to claim 15, wherein the management apparatus outputs the movement information holding apparatus. The management device
Storing authentication information for authenticating the mobile information holding device;
When the mobile information holding device leaves the management target zone where the gate device performs entrance / exit management, the private information and the mobile information holding are transferred from the mobile information holding device via the gate device. Enter an on-site flag indicating whether or not the device has entered the managed zone,
14. The exit of the movement information holding device from the management target zone is permitted when the non-public information matches the authentication information and the in-field flag is set. Management device. The management device
When permitting the movement information holding device to leave the zone to be managed, an in-field flag release instruction for instructing the movement information holding device to set the in-field flag to the release state is provided via the gate device. The management apparatus according to claim 17, wherein the management apparatus outputs the information to a movement information holding apparatus. An information processing method by a device that holds private information and communicates with a gate device that manages entrance and exit,
An output step in which the device outputs the non-public information in a predetermined case; and
An input step for inputting, from the gate device, a lock instruction for instructing the device to lock the output of the private information by the output step;
An information processing method comprising: an output lock management step of locking the output of the non-public information by the output step based on the lock instruction input by the input step. A device that holds private information and communicates with the gate device that manages entrance and exit,
An output process for outputting the non-public information in a predetermined case;
An input process for inputting from the gate device a lock instruction for instructing to lock the output of the non-public information by the output process;
A program for executing an output lock management process for locking an output of the non-public information by the output process based on a lock instruction input by the input process.

Images