JP5634940B2 - Security equipment - Google Patents

Description

  The present invention relates to a security device for releasing security of a facility gate.

  In order to ensure security in the facility, a security system is known in which a gate and an authentication device are installed at appropriate locations in the facility, a person who wants to pass is authenticated by the authentication device, and the gate is opened and closed based on the authentication result . In such a security system, a multi-person authentication function is used to realize higher security than usual or to manage an area in which work by a plurality of persons is essential.

  The multi-person authentication function uses only ID card, biometric information, etc., and permits the passage only when it is determined that a plurality of persons can pass continuously within a predetermined time. It is something to regulate.

  As a multi-person authentication function, Patent Document 1 discloses that in the event of an emergency, when there are not two persons to be authenticated at the entrance where a two-person authentication is required for some reason, only one person is authenticated. A technique for permitting entry into a room by confirming that the manager in the room is the person himself / herself through an interphone or the like is disclosed.

JP 2009-271708 A

The technique described in Patent Document 1 has a problem that it is not suitable for an area where a plurality of people must work. On the other hand, a system that secures multiple person authentication by setting up an agent and authenticating the agent can be considered.
Such a system can be realized by registering a proxy in advance using a management terminal or the like, or registering a proxy in advance using a terminal that can communicate via a network.

  However, because the consignment agency is absent on the day, when entrusting the authority for multi-person authentication to the consignee as an agent in advance, if the consignment agency suddenly disappears, communication via the network There is a problem that it is necessary to cancel the entrustment using a possible terminal or contact the administrator to cancel the entrustment from the management terminal.

  In addition, when the system is continuously used without canceling the entrustment, there is a problem that the number of users having the authority for multi-person authentication increases more than necessary, and the security level is lowered.

  The present invention has been developed to solve the above-described problems, and an object of the present invention is to provide a security device capable of easily canceling entrustment in multi-person authentication.

In order to solve the above problems, a security device according to the present invention includes a first gate that can be passed by single authentication, and a multi-person authentication that is provided after the first gate and includes a user having a higher level authority. A security device in a facility comprising: a second gate that can be passed by; and an authentication information reader provided corresponding to the first gate and the second gate, wherein the security device is An authentication information acquisition unit that acquires authentication information read by the authentication information reading device, passable authentication information that associates the authentication information with a passable gate, the authentication information, and a user level. and level information associated, and the authentication information of the consignment source user is an authorized user of the higher level, the first gate of the consignment source user And consignment information collected by and traffic authority of the second gate has associated with, and the authentication information of the consignee of the user to be commissioned, a storage unit is registered, on the basis of the acquired authentication information, the An authentication unit that determines whether gate security can be released; a gate control unit that controls the gate based on a determination result by the authentication unit; and an authentication that controls the authentication information reading device based on the determination result by the authentication unit An information reading device control unit; and a management unit that manages information registered in the storage unit, wherein the authentication unit is read by the authentication information reading device provided corresponding to the second gate. A plurality of authentication information relating to a plurality of users is acquired, and the passable authentication information associated with at least one of the acquired plurality of authentication information is To indicate that it is passable to the gate performs a plurality of persons authentication for releasing a security of the second gate, on the basis of the authentication information and the passable authentication information, the first gate and the second Determine whether the security of the second gate can be released, and based on the entrustment information, consider the entrusted user as the user of the entrustment source, determine whether the security can be unlocked, and release the security of the first gate Is determined based on the level information, it is determined whether or not the user has a higher level authority. If it is determined that the user has a higher level authority, the authentication information and Based on the consignment information, it is determined whether or not the user is a consignment source, and the authentication information reading device control unit determines that the user is a consignment source In this case, inquiries about consignment maintenance and consignment cancellation via the authentication information reading device provided corresponding to the first gate, and based on the operation of the authentication information reading device by the user who is a consignment source When the entrustment is canceled, the management unit deletes the entrustment information, and the authentication unit performs multi-person authentication of the second gate after the entrustment is released, and the plurality of acquired authentication information When all of the level information is not associated with a higher level, the authentication information reading device provided corresponding to the second gate is notified that the delegation has been canceled, and the delegation source When the entrustment is maintained based on the operation of the authentication information reading device by the user, the authentication unit performs multi-person authentication of the second gate after the entrustment maintenance, and obtains the plurality of acquired authentications. When all of the information is not associated with the upper level in the level information, the authentication information reader provided corresponding to the second gate is entrusted to the user of the entrustment source in the facility It is characterized by notifying that it is in

  According to the present invention, entrustment in multi-person authentication can be easily canceled.

It is a figure showing typically a security system provided with a security device concerning an embodiment of the present invention. It is a block diagram which shows the card reader of FIG. (A) is a block diagram showing the security device of FIG. 1, (b) is a block diagram showing the server of FIG. (A) is a figure which shows a door management table, (b) is a figure which shows a traffic authority management table, (c) is a figure which shows a consignment origin management table, (d) is a figure which shows a consignee management table. It is a flowchart for demonstrating the operation example of the security apparatus which concerns on embodiment of this invention. It is a flowchart for demonstrating the operation example of the security apparatus which concerns on embodiment of this invention. It is a flowchart for demonstrating the operation example of the security apparatus which concerns on embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings as appropriate. Similar parts are denoted by the same reference numerals, and redundant description is omitted. In the following description, the case where ID information stored in an RFID (Radio Frequency IDentification) card is used as authentication information will be described as an example. However, the authentication information is not limited to the ID information, and biometric information such as a fingerprint, password Etc. When a fingerprint is used as the authentication information, a fingerprint reading device is used as the authentication information reading device. When a password is used as the authentication information, a numeric keypad is used as the authentication information reading device. Moreover, in the following description, the case where an automatic door (hereinafter, simply referred to as “door”) is used as a gate will be described as an example. However, the gate is not limited to the automatic door, and an electric lock is attached. It may be a gate such as a door or a ticket gate.

  First, a configuration of a security system including a security device according to an embodiment of the present invention will be described with reference to FIGS.

  As shown in FIG. 1, a security system 1 according to an embodiment of the present invention is a system applied to a facility 10 having doors 20 (20A, 20B, 20C) provided on a plurality of floors. The door 20 includes a lock mechanism and a sensor that detects the open / closed state of the door 20 and outputs the detected state to the security device 40 described later. The security system 1 includes a door 20A as an example of a gate, a door 20A that is a door provided on the first floor, and a door 20B and a door 20C that are provided in parallel on the second floor. The layout of the facility 10 is such that the doors 20B and 20C cannot be reached without passing through the door 20A.

  The door 20A is a door that is permitted to pass by single authentication, and is normally closed so as to restrict human traffic from the facility entrance side to the facility back side, and is transmitted from the security device 40A described later. By opening the door 20A based on the security release signal, the person is allowed to pass from the facility entrance / exit side to the facility back side. Further, the door 20A is configured to always allow human traffic from the facility back side to the facility entrance / exit side.

  The door 20B is a door that is allowed to pass by multi-person authentication, and is normally closed so as to restrict the passage of humans. The door 20B is based on a security release signal transmitted from the security device 40B described later. By opening the door 20B, it is configured to allow human traffic.

  The door 20C is a door that is permitted to pass by multi-person authentication, and is normally closed so as to restrict human traffic. The door 20C is based on a security release signal transmitted from the security device 40C described later. It is configured to allow human traffic by opening the door 20C.

  The gate in the present invention is not limited to the doors 20A to 20C described above, and is controlled based on a security release signal such as an elevator, an automatic door, a shutter, and a flap gate, and allows or restricts the movement of a human. Anything can be used.

  Further, the security system 1 corresponds to the door 20B and the card reader 30A provided on the facility entrance side of the wall near the door 20A as the card reader 30 which is an example of the authentication information reading device. Card readers 30B1 and 30B2 provided on the facility entrance side of the wall near the door 20B, and card readers 30C1 and 30C2 provided on the facility entrance side of the wall near the door 20C corresponding to the door 20C. The card reader 30 reads ID information as authentication information from the RFID card Ca held up by a human and transmits the read ID information to the corresponding security device 40.

  The security system 1 further includes a security device 40A, a security device 40B, and a security device 40C as the plurality of security devices 40. The security device 40A is communicably connected to the door 20A and the card reader 30A. Further, the security device 40B is communicably connected to the door 20B and the card readers 30B1 and 30B2. The security device 40C is communicably connected to the door 20C and the card readers 30C1 and 30C2.

  In addition, the security system 1 includes a server 50 and a monitoring terminal 60 made up of a computer or the like. The security devices 40A, 40B, and 40C, the server 50, and the monitoring terminal 60 are connected to be communicable with each other via a network (for example, a LAN (Local Area Network)).

≪Card reader≫
As shown in FIG. 2A, the card reader 30 controls an ID information reading unit 31 that is a user interface, a touch panel 32 that is a display / operation unit, and a speaker 33 that is an audio output unit. And a control unit 34. The control unit 34 assigns the door ID of the door 20 corresponding to the card reader 30 to the ID information read by the ID information reading unit 31, and outputs the ID information and the door ID to the corresponding security device 40.

≪Security device≫
The security device 40 includes a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read-Only Memory), an input / output circuit, and the like. As shown in FIG. Acquisition unit (authentication information acquisition unit) 41, storage unit 42, authentication unit 43, door control unit (gate control unit) 44, card reader control unit (authentication information reader control unit) 45, and table management unit 46.

  The ID information acquisition unit 41 acquires the ID information transmitted from the corresponding card reader and outputs it to the authentication unit 43.

  The storage unit 42 stores a door management table 42a shown in FIG. In the door management table 42a, the door ID is associated with whether or not the door is multi-person authentication (multi-person authentication flag). The door 20A having the door ID “01” has a multi-person authentication flag “0”, and is a door that can be accessed by single authentication of a user at a higher level or a general level. The door ID “02” 20B and the door ID “03” 20C have a multi-person authentication flag “1”, and can be accessed by authentication of a plurality of persons (two persons in the present embodiment) including high-level users. Door.

  The storage unit 42 stores a passage authority management table 42b shown in FIG. 4B as a table for storing the passable ID information and the level information. Here, the passable ID information associates the ID information with whether or not the user carrying the RFID card Ca having the ID information can pass through the doors 20A to 20C (passability flag). The level information is information that associates ID information with an authority level (authority level flag). Here, the authority level flag “1” represents an upper level, and the authority level flag “2” represents a general level. Further, the passage permission / prohibition flag “1” of the door 20 </ b> A indicates that passage is possible. Further, the passage permission flag “0” of the doors 20B and 20C indicates that the user cannot pass even if two users of the flag “0” are present. The passage permission flag “1” of the doors 20B and 20C is the flag “ This means that if two people including at least one user “1” are aligned, they can pass.

  Further, the storage unit 42 stores a consignment source management table 42c shown in FIG. 4C as a table for storing consignment information. Here, the consignment information associates the ID information of the consignment user (consignment ID information), the ID information of the consignee user (consignment ID information), the consignment period, and the in-period usage flag. Information. The in-period use flag “0” indicates that the entrustee does not use authentication based on the entrustment within the entrustment period, and the in-period use flag “1” indicates that the entrustee used the authentication within the entrustment period. Represents that.

  The storage unit 42 stores a consignee management table 42d shown in FIG. In the consignee management table 42d, consignee ID information and a notification flag are associated with each other. The notification flag “0” indicates that it is out of the consignment period, the notification flag “1” indicates that the consignment has been cancelled, the notification flag “2” indicates that the consignment source has used authentication, The notification flag “3” indicates that it is during the commission period.

  Returning to FIG. 3, the authentication unit 43 determines whether the security of the door can be released using the ID information acquired by the ID information acquisition unit 41, and outputs the determination result to the door control unit 44. More specifically, the authentication unit 43 searches the door management table 42a using the door ID given to the ID information to determine whether to perform single authentication or multiple person authentication for the door 20. .

  If it is determined that single authentication is to be performed, the authentication unit 43 determines whether to release the security of the door 20 by searching the passage authority management table 42b using the ID information and the door ID.

  On the other hand, when it is determined that the multi-person authentication is performed, the authentication unit 43 searches the passage authority management table 42b using the ID information and the door ID of the two users acquired within a certain period. It is determined whether or not the security of the door 20 is released. That is, the authentication unit 43 determines that the security of the door 20 is to be released when the passage permission / prohibition flag corresponding to one of the acquired ID information of the two users and the door ID is “1”.

Further, the authentication unit 43 searches the consignment source management table 42c using the acquired ID information of the two users, and the acquired ID information is recorded as consignee ID information and the current time is If it is within the consignment period, the passage authority management table 42b is searched using the consignment source ID information corresponding to the consignee ID information, and the passage permission / prohibition flag corresponding to the consignment source ID information and the door ID is “1”. In this case, it is determined that the security of the door 20 is released.
The authentication unit 43 may be configured to treat (change) the authority level flag of the consignment source during the consignment period as “2” and handle the consignment source during the consignment period as a general level user. The configuration may be such that the authority level flag of the consignment source is maintained at “1”.

  That is, a user A (not shown) whose ID information is “0001” can pass through the door 20A by attempting single authentication, and can take a plurality of users with one of the other users B, C, and D. By attempting the person authentication, the door 20B can be passed. In addition, the user B whose ID information is “0002” can pass through the door 20A by attempting single authentication, and tries to authenticate multiple persons with one of the other users A, C, and D. Therefore, it is possible to pass through the door 20C. In addition, the user C whose ID information is “0003” and the user D whose ID information is “0004” can pass through the door 20A by trying single authentication.

  The door control unit 44 controls the corresponding door based on the determination result by the authentication unit 43. In more detail, the door control part 44 transmits a security cancellation | release signal to a corresponding door, when the judgment result by the authentication part 43 is what can be opened.

  The card reader control unit 45 corresponds to the corresponding card reader based on either the determination result by the authentication unit 43, the security release signal from the door control unit 44, or the security release instruction from the door control unit 44 of another security device 40. 30 is controlled. More specifically, the card reader control unit 45 transmits a passable message to the corresponding card reader 30 when the determination result by the authentication unit 43 is such that the door can be opened. When the control unit 34 of the card reader 30 acquires the passable message, the control unit 34 displays an image (passage notification image) indicating that the pass is allowed to the user on the touch panel 32, so that the security state of the door 20 is given to a human. Notice.

  The table management unit 46 manages the tables 42 a to 42 d stored in the storage unit 42. More specifically, the table management unit 46 deletes or updates data in each of the tables 42a to 42d in accordance with an instruction from the monitoring terminal 60, for example. Further, the table management unit 46 sets an in-period use flag of the consignment source management table 42c, or sets a notification flag of the consignee management table 42d based on the consignment period.

<< Server >>
The server 50 is composed of a CPU, a RAM, a ROM, an input / output circuit, and the like. As shown in FIG. 2B, a storage unit 51 that stores tables 42a to 42d as functional blocks, and a storage unit And a table management unit 52 that manages the tables 42a to 42d stored in 51.

≪Monitoring terminal≫
The monitoring terminal 60 is a computer operated by a supervisor, and includes a control unit including an input unit including a mouse and a keyboard, an output unit including a display and a speaker, a CPU, a RAM, a ROM, an input / output circuit, and the like. A section. By operating the input unit of the monitoring terminal 60, the monitor can display each table 42a to 42d on a display which is an output unit, or delete or update data in each table 42a to 42d. .
For example, the commission source ID information, the commission destination ID information, and the commission period in the commission source management table 42 c are set based on data transmitted from the monitoring terminal 60.

≪Operation example≫
Subsequently, an operation example of the security system 1 according to the embodiment of the present invention will be described with reference to FIGS.

  First, when a user carrying the RFID card Ca holds the RFID card Ca over the card reader 30, the card reader 30 reads the ID information held by the RFID card Ca and the security device 40 corresponding to the read ID information. Send to.

Subsequently, when the ID information acquisition unit 41 of the security device 40 acquires the ID information (Yes in step S1), the authentication unit 43 performs an authentication process and determines whether the user can pass (step S2). ).

  In the authentication process (step S2), the authentication unit 43 performs the above-described single authentication or multiple person authentication using the ID information. The passage authority management table 42b is searched. If no passable ID information corresponding to the acquired ID information or consignment source ID information is found in the pass authority management table 42b (No in step S2), the card reader control unit 45 authenticates the pass disabled message. It outputs to the apparatus 30 (step S3).

  On the other hand, when passable ID information corresponding to the acquired ID information or consignment source ID information is found in the pass authority management table 42b (Yes in step S2), the authentication unit 43 sets the acquired ID information. It is determined whether or not the user is at a higher level by searching the passage authority management table 42b (step S4).

  In the case of No in step S4, the authentication unit 43 reads the notification flag by searching the consignee management table 42d using the ID information and outputs it to the card reader control unit 45. The card reader control unit 45 A message corresponding to the notification flag is output to the authentication device 30A (step S5).

The control unit 34 of the authentication device 30 acquires a message corresponding to the notification flag and causes the touch panel 32 to display an image corresponding to the message.
In the case of the notification flag “0”, the touch panel 32 displays “consignment registered but out of consignment period”. In the case of the notification flag “1”, the touch panel 32 displays “Consignment has been cancelled. Please leave the multi-person authentication area immediately”. In the case of the notification flag “2”, the touch panel 32 displays “I am outsourced but the outsourcer is using the facility”.
In the case of the notification flag “3”, the touch panel 32 displays “Now outsourced. Requested for multi-person authentication”.

  In the case of Yes in step S4, the authentication unit 43 determines whether or not the user is a consignment source by searching the consignment source management table 42c using the ID information (step S6). If Yes in step S6, the authentication unit 43 further refers to the consignment source management table 42c to determine whether or not it is within the consignment period (step S7).

  In the case of Yes in step S7, the authentication device 40 performs a consignment source process (step S8). Specifically, as shown in FIG. 6, the table management unit 46 sets the in-period use flag in the consignment source management table 42c to “1” (step S21), and subsequently, a notification flag in the consignee management table 42d. Is set to “2” (step S22). The execution order of these steps S21 and S22 can be switched.

  Subsequently, the card reader control unit 45 outputs a delegation cancellation message to the card reader 30 (step S23).

  When the control unit 34 of the card reader 30 acquires the delegation cancellation message, the control unit 34 displays the delegation cancellation image on the touch panel 32. On the touch panel 32, a commission release button and a commission maintenance button are displayed. When the user B touches the commission release button, the control unit 34 outputs a commission release instruction to the authentication device 40, and the user B maintains the commission maintenance. When the button is touched, the control unit 34 outputs a commission maintenance instruction to the authentication device 40.

When the table management unit 46 obtains the delegation cancellation instruction before the predetermined time has elapsed (No in step S24) (Yes in step S25), the notification flag in the delegation destination management table 42d is set to “1” (step S26). This flow moves to step S9.
Note that this flow also proceeds to step S9 in the case of Yes in step S24 and in the case of No in step S25.

  On the other hand, after the execution of step S5, in the case of No in step S6 and in the case of No in step S7, the authentication device 40A performs a consignee process (step S9).

  Specifically, as shown in FIG. 7, the door control unit 44 outputs a security release signal to the corresponding door 20 (step S41). When the door 20A acquires the security release signal, the door 20A unlocks the lock mechanism of the door 20. Before and after step S21, the card reader control unit 45 outputs a passable message to the corresponding card reader 40. When acquiring the passable message, the control unit 34 of the card reader 30 causes the touch panel 32 to display an image (passage notification image) indicating to the user that the pass is possible.

  If the validity period has elapsed after the output of the security release signal (Yes in step S42), the card reader control unit 45 outputs an authentication message to the card reader 30, and the door control unit 44 outputs the security signal to the door. 20 (step S43), the flow proceeds to step S10.

  When acquiring the authentication message, the control unit 34 of the card reader 30A displays an authentication image on the touch panel 32. Further, when the door 20 acquires the security signal, the door 20 locks the lock mechanism of the door 20A.

  If the door 20 is opened (Yes in step S44) after the security release signal is output and before the validity period has elapsed (No in step S42), the card reader control unit 45 sends the authentication message to the corresponding card. Output to the reader 30 (step S45).

  Subsequently, when the door 20 is closed (Yes in step S46), the door control unit 44 outputs a security signal to the corresponding door 20 (step S47), and the flow proceeds to step S10.

  Note that this flow returns to step S42 if No in step S44, and repeats step S46 if No in step S46.

  In step S <b> 10, the security device 40 performs synchronization processing with the other security devices 40 and the server 50, and reflects the setting changes of the tables 42 c and 42 d of the security device 40 in the tables of the other devices 40 and 50.

  The security device 40 according to the embodiment of the present invention is configured such that, for example, when a user B who has higher-level authority entrusts authority to a general-level user D as a delegation source, the users C and D perform multi-person authentication. Before passing through the door 20C, the user B can cancel the entrustment by operating the card reader 30A. Further, when the entrustment is canceled, the card reader 30C1 can notify the users C and D that the entrustment has been canceled. When entrustment is maintained, the card reader 30C1 can notify the users C and D that the entruster is at the facility 10.

  As mentioned above, although embodiment of this invention was described, this invention is not limited to the said embodiment, A design change is possible suitably in the range which does not deviate from the summary of this invention. For example, the tables 42a to 42d stored in the storage unit 51 of the server 50 and the tables 42a to 42d stored in the storage unit 42 of the security device 40 may not be completely the same. 51 may store tables 42a to 42d related to data of the entire system, and the storage unit 42 of the security device 40 may store tables 42a to 42d related to data of the security device 40. The security device 40 is not limited to the configuration in which the security devices 40A, 40B, and 40C are provided for each of the doors 20A, 20B, and 20C, and the security device 40 that can handle two or more doors 20 is provided. Also good.

1 Security system 20 Door
30 ID information reader (authentication information reader)
40 Security device 41 ID information acquisition unit (authentication information acquisition unit)
42 Storage Unit 43 Authentication Unit 44 Door Control Unit (Gate Control Unit)
45 Card reader controller (authentication information reader control unit)
46 Table Management Department (Management Department)

Claims (2)

A first gate that can be accessed by single authentication,
A second gate that is provided after the first gate and is accessible by multi-person authentication including a user having a higher level authority;
An authentication information reader provided corresponding to the first gate and the second gate;
A security device in a facility comprising:
The security device comprises:
An authentication information acquisition unit for acquiring authentication information read by the authentication information reader;
Passable authentication information in which the authentication information is associated with a passable gate; and
Level information associating the authentication information with a user level;
The authentication information of a user of a consignment who is a user having the higher-level authority, and the user of a consignee to whom the passage authority of the first gate and the second gate of the user of the consignment is entrusted Consignment information associated with authentication information,
A storage unit in which is registered,
Based on the acquired authentication information, an authentication unit that determines whether the gate can be unlocked,
A gate control unit that controls the gate based on a determination result by the authentication unit;
An authentication information reading device control unit for controlling the authentication information reading device based on a determination result by the authentication unit;
A management unit for managing information registered in the storage unit;
With
The authentication unit
A plurality of the authentication information related to a plurality of users read by the authentication information reader provided corresponding to the second gate is acquired, and at least one of the acquired plurality of the authentication information; If the associated passable authentication information indicates that the second gate can be passed, perform multi-person authentication to release the security of the second gate,
Based on the authentication information and the passable authentication information, the security determination of the first gate and the second gate is performed, and the entrusting user is determined to be the entrusting user based on the entrusting information. Judging whether security can be released
If it is determined to release the security of the first gate, based on the level information, determine whether the user has a higher level authority,
If it is determined that the user has a higher level authority, based on the authentication information and the entrustment information, determine whether the user is an entrustor,
When it is determined that the user is a consignment source, the authentication information reading device control unit performs consignment maintenance and consignment cancellation via the authentication information reading device provided corresponding to the first gate. Inquiry,
When the entrustment is canceled based on the operation of the authentication information reading device by the user who is an entrustment source, the management unit erases the entrustment information, and the authentication unit performs the second after the entrustment is canceled. The authentication information read provided corresponding to the second gate when all of the plurality of acquired authentication information is not associated with a higher level in the level information. Let the device know that the entrustment has been canceled,
When the entrustment is maintained based on the operation of the authentication information reading device by the user who is an entrustment source, the authentication unit performs the multi-person authentication of the second gate after the entrustment maintenance and is acquired. When all of the plurality of pieces of authentication information are not associated with a higher level in the level information, the user who is outsourced to the authentication information reading device provided corresponding to the second gate is outsourced Is notified that the user is in the facility . The commission information includes a commission period,
The authentication unit further determines whether or not it is within the commission period,
The authentication information reading device control unit is configured to correspond to the first gate when the user is a consignment source and is determined to be within the consignment period. The security device according to claim 1, wherein inquiry about entrustment maintenance and entrustment cancellation is made via the server.

Images