CN115035633A - Access control system and access control method - Google Patents
Access control system and access control method Download PDFInfo
- Publication number
- CN115035633A CN115035633A CN202210103009.XA CN202210103009A CN115035633A CN 115035633 A CN115035633 A CN 115035633A CN 202210103009 A CN202210103009 A CN 202210103009A CN 115035633 A CN115035633 A CN 115035633A
- Authority
- CN
- China
- Prior art keywords
- dimensional code
- random number
- code
- information
- personal terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title abstract description 21
- 238000007726 management method Methods 0.000 claims description 90
- 238000004891 communication Methods 0.000 abstract description 43
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 15
- 239000000470 constituent Substances 0.000 description 4
- 230000000694 effects Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000001771 impaired effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- ADTDNFFHPRZSOT-PVFUSPOPSA-N ram-330 Chemical compound C([C@H]1N(CC2)C)C3=CC=C(OC)C(OC)=C3[C@]32[C@@]1(O)CC[C@@H](OC(=O)OCC)C3 ADTDNFFHPRZSOT-PVFUSPOPSA-N 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/10—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
- G06K7/14—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
- G06K7/1404—Methods for optical code recognition
- G06K7/1408—Methods for optical code recognition the method being specifically adapted for the type of code
- G06K7/1417—2D bar codes
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/0042—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed
- G07C2009/00476—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed dynamically
- G07C2009/005—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed dynamically whereby the code is a random code
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Electromagnetism (AREA)
- Computer Networks & Wireless Communication (AREA)
- Toxicology (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Theoretical Computer Science (AREA)
- Time Recorders, Dirve Recorders, Access Control (AREA)
- Lock And Its Accessories (AREA)
- Alarm Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an access management system and method, which can make the information transmission and reception between the device for controlling access and the personal terminal not depend on unstable wireless communication, and execute the authentication processing stably and instantly. In an entrance and exit management system, a control terminal (2) is provided with: a random number generation unit (5) that generates a random number that uniquely determines a two-dimensional code; a two-dimensional code output unit (6) that generates a two-dimensional code image in which the random number generated by the random number generation unit (5) is embedded as information, and displays the two-dimensional code image on a screen of a two-dimensional code reader connected to the control terminal (2); and a two-dimensional code authentication unit (7) that determines whether or not the random number read from the two-dimensional code image for entry/exit authentication displayed on the screen of the personal terminal (30) is the random number generated by the two-dimensional code reader. The personal terminal (30) is provided with a two-dimensional code generation unit (34) which generates a two-dimensional code image for entry/exit authentication in which a random number read from a two-dimensional code image displayed on a two-dimensional code reader is embedded as information and displays the two-dimensional code image on a screen.
Description
Technical Field
The present invention relates to an access management system and an access management method.
Background
When entering and exiting a building or the like, an authentication device and an unlocking device that operates based on the authentication result may be provided at an entrance from the viewpoint of security and entry and exit control. In general, an authentication medium such as an IC card is placed in an authentication device, information such as a unique number registered in the corresponding authentication medium is read, and when it is determined that permission is given to a door or the like to be passed, an unlocking device is operated to enable entry and exit.
Patent document 1: japanese patent laid-open publication No. 2013-204233
Disclosure of Invention
Problems to be solved by the invention
The convenience of the technique described in patent document 1 is affected by the stability of wireless communication, and the convenience is significantly impaired when the wireless communication is unstable depending on the installation place and the environment.
The present invention has been made in view of the above circumstances, and an object thereof is to enable stable and instantaneous authentication processing without relying on unstable wireless communication for transmission and reception of information between an apparatus for controlling entry and exit and a personal terminal.
Means for solving the problems
In order to solve the above problem, an access management system according to an aspect of the present invention includes: a control terminal having a management function of the connected access device and an authentication function of the access person; and a personal terminal which holds identification information of a two-dimensional code for identifying an entering or exiting person and has a function of reading and generating the two-dimensional code.
The control terminal is provided with:
a random number generation unit that generates and issues a random number capable of uniquely determining a two-dimensional code at a predetermined cycle;
a two-dimensional code output unit that generates a two-dimensional code image in which the random number issued by the random number generation unit is embedded as information, and displays the two-dimensional code image on a screen of a two-dimensional code reader connected to a control terminal; and
and a two-dimensional code authentication unit that determines whether or not the random number read from the two-dimensional code image for entry/exit authentication displayed on the screen of the personal terminal is the random number generated by the two-dimensional code reader.
The personal terminal includes:
and a two-dimensional code generation unit that generates a two-dimensional code image for entry/exit authentication in which a random number read from the two-dimensional code image displayed on the two-dimensional code reader is embedded as information, and displays the two-dimensional code image on a screen.
Effects of the invention
According to at least one aspect of the present invention, it is possible to perform authentication processing stably and instantaneously without relying on unstable wireless communication for transmission and reception of information between a control terminal that controls entrance and exit and a personal terminal.
Problems, structures, and effects other than those described above will become apparent from the following description of the embodiments.
Drawings
Fig. 1 is a schematic diagram showing an example of the overall configuration of an entrance/exit management system including a control terminal, a personal terminal, and an information management device in a building according to an embodiment of the present invention.
Fig. 2 is a diagram showing a schematic configuration of a QR code reader and a schematic configuration of a personal terminal according to an embodiment of the present invention.
Fig. 3 is a block diagram showing an example of a hardware configuration of a control terminal according to an embodiment of the present invention.
Fig. 4 is a block diagram showing an example of a hardware configuration of an information management apparatus (data center) according to an embodiment of the present invention.
Fig. 5 is a block diagram showing an example of a hardware configuration of a personal terminal according to an embodiment of the present invention.
Fig. 6 is a diagram showing an example of the data configuration of the random number issuance history area of the control terminal according to the embodiment of the present invention.
Fig. 7 is a diagram showing an example of a data structure of a permitted list recording area of a control terminal according to an embodiment of the present invention.
Fig. 8 is a diagram showing an example of the data structure of the personal information recording area of the information management apparatus (data center) according to the embodiment of the present invention.
Fig. 9 is a diagram showing an example of the data structure of the permitted list recording area of the information management apparatus (data center) according to the embodiment of the present invention.
Fig. 10 is a diagram showing an example of a data structure of a QR code information area of a personal terminal according to an embodiment of the present invention.
Fig. 11 is a sequence diagram showing an operation example of the entire entry and exit management system according to the embodiment of the present invention.
Fig. 12 is a flowchart showing an example of processing of the passage permission list creation unit of the information management device according to the embodiment of the present invention.
Fig. 13 is a flowchart showing an example of processing of the personal terminal communication unit of the information management device according to the embodiment of the present invention.
Fig. 14 is a flowchart showing an example of processing of the random number generation unit of the control terminal according to the embodiment of the present invention.
Fig. 15 is a flowchart showing an example of processing performed by the QR code generation unit of the personal terminal according to the embodiment of the present invention.
Fig. 16 is a flowchart showing an example of processing of the QR code authentication portion of the control terminal according to the embodiment of the present invention.
Description of the reference numerals
1 … building (building facility), 2 … control terminal, 3 … communication device, 4 … control device, 5 … random number generation unit, 6 … QR code output unit, 7 … QR code authentication unit, 8 … control terminal DB, 8a … random number issuance history area, 8B … passage permission list recording area, 9 … exclusive unit (1), 9a … code reader, 9B … electronic lock, 10 … exclusive unit (2), 10a … QR code reader, 10B … electronic lock, 20 … information management device (data center), 21 … communication device, 22 … control device, 23 … passage permission list creation unit, 24 … personal terminal communication unit, 25 … passage personnel information storage area, 25a … passage personnel main information area, 25B … personnel information recording area, 25C … passage permission list recording area, 30 … terminal, 31 … communication device, A 32 … control device, a 33 … dedicated application program, a 34 … QR code generation section, a 35 … personal terminal DB, a 35a … QR code information area, a 40 … entering and exiting person information registration PC, a 41 … communication device, a 50 … entering and exiting management system, an N … network line, a PA1 to PA2 … QR code reader outline configuration, a PB1 to PB2 … personal terminal outline configuration, a MA1 to MA5 … random number issuance history area, a MB1 to MB5 … passage permission list recording area, a MC1 to MC6 … personal information recording area, an MD1 to MD7 … passage permission list recording area, and a ME1 to ME5 … QR code information area.
Detailed Description
Hereinafter, an example of a mode for carrying out the present invention will be described with reference to the drawings. In the present specification and the drawings, components having substantially the same function and configuration are denoted by the same reference numerals, and redundant description thereof is omitted.
[ entire Structure of Access management System ]
First, the overall configuration of an entry and exit management system according to an embodiment of the present invention will be described with reference to fig. 1.
Fig. 1 is a schematic diagram showing an example of the overall configuration of an entrance/exit management system including a control terminal and a personal terminal in a building according to an embodiment of the present invention. The access management system 50 manages access to facilities (buildings, management areas, and the like) accessed by users by cooperation of the control terminal 2 provided in the facilities, the personal terminal 30 carried by the users, and the information management device 20 provided in the data center.
In the access management system 50, the access person information registration person performs registration of information of the access person using the access device (for example, the QR code reader 9A and the electronic lock 9B) managed by the facility 1 (hereinafter, referred to as "building facility 1") in which the access management device is installed. Thus, the entrance/exit management system 50 makes the exit to the exclusive part of the building facility 1 only when the entrance/exit person information registration person permits. In the example of fig. 1, an arbitrary floor (n floors) of building a is shown as building facility 1.
The entry and exit management system 50 of the present embodiment can transmit information stably and instantaneously when transmitting information indicating that entry and exit are permitted to the QR code reader, and prevent entry and exit of a third person who does not permit entry and exit.
As shown in fig. 1, in the access control system 50, each device in the building facility 1 in which an access device is installed is connected to the information management apparatus 20 via the communication apparatus 3 via the network line N forming a wide area network. For example, the access devices are the control terminal 2, the exclusive part 9, and the exclusive part 10. The control terminal 2 provided in the common section includes a control device 4, a random number generation section 5, a QR code output section 6, a QR code authentication section 7, and a control terminal storage area 8 ("control terminal DB 8" in the figure).
A QR code reader 9A and an electronic lock 9B connected to the control device 4 are provided on a door for entrance and exit of the exclusive portion 9 (hereinafter, also referred to as "exclusive portion (1)") as the management area. A QR code reader 10A and an electronic lock 10B connected to the control device 4 are provided on a door for entrance and exit of the exclusive portion 10 (hereinafter, also referred to as "exclusive portion (2)").
The QR code readers 9A and 10A are devices for reading a QR code (registered trademark) held by a person who enters or exits the exclusive sections 9 and 10 and converting the QR code into binary data. The QR code reader is an example of a two-dimensional code reader. In the present embodiment, the QR code is used as the two-dimensional code, but a matrix type two-dimensional code or a stacked type two-dimensional code other than the QR code may be applied.
The electronic locks 9B and 10B are locks provided at the boundaries of the management sections of the building facility 1 for each management section. The electronic locks 9B and 10B are unlocked and locked based on the unlock command and the lock command from the control terminal 2, thereby opening and closing the doors and controlling the passage of the entrance and exit person to the management section.
In addition, the information management apparatus 20 and the personal terminal 30 are connected to the entrance/exit management system 50 via the network line N.
Further, as for the entrance/exit devices, a plurality of devices can be set in the building facility 1 so that the buildings 1 are 2 levels and 2 are 6 levels, and the number of the entrance/exit devices to be targeted changes depending on the system configuration, the configuration of the entrance/exit devices, and the like. The personal terminal 30 may be set to satisfy the requirements for importing the application program corresponding to the access management system 50, and is not limited by the manufacturer, model, and the like.
The building facility 1 has entrance and exit facilities. The building facility 1 also includes a control terminal 2 for managing each device of the entrance and exit devices and a communication device 3 connected to the network line N. The communication device 3 is used as a routing device.
The information management device 20 includes a communication device 21 connected to the network line N, a permission list creation unit 23, a personal terminal communication unit 24, and an entrance/exit person information storage area 25 (hereinafter referred to as "entrance/exit person information DB 25").
The personal terminal 30 includes a communication device 31 connected to the network line N, a dedicated application 33, a QR code generation unit 34, and a personal terminal storage area 35 (hereinafter referred to as "personal terminal DB 35").
The entrance/exit person information registration PC40 is a client computer used when a registration person who registers entrance/exit person information performs an operation of registering entrance/exit person information with the information management apparatus 20. The entrance/exit person information registration PC40 uses a personal computer or the like. The entrance/exit person information input by the entrance/exit person information registration PC40 is transmitted to the information management apparatus 20 via the communication device 41 and registered in the entrance/exit person information DB 25. The communication device 41 has the same configuration as the communication device 3.
[ control terminal ]
Next, the control terminal 2 will be described in more detail.
The control device 4 in the control terminal 2 stores the permission list created by the permission list creating unit 23 of the information management device 20 in the control terminal DB8 via the network line N and the communication device 3. The random number generated by the random number generation unit 5 is stored in the random number issuance history area 8A. The QR-code image generated by the QR-code output unit 6 is output to the screen of the QR-code reader 9A. Further, the QR-code image acquired by the built-in camera of the QR-code reader 9A (the QR-code reading camera PA2 of fig. 2) is transmitted to the QR-code authentication section 7. When the electronic lock 9B is unlocked upon receiving the result of the authentication determination by the QR code authentication portion 7, an unlocking command is transmitted to the electronic lock 9B.
The random number generation unit 5 in the control terminal 2 generates a random number for uniquely determining a QR code reader for each QR code reader. The random number generation unit 5 compares the generated random number with the past issuance history in the random number issuance history area 8A, and if the generated random number is a random number that has not been used in the past, newly stores the generated random number in the random number issuance history area 8A. When the same random number is already stored in the random number issuance history area 8A, the random number generation unit 5 performs the random number generation process again.
The QR code output unit 6 (an example of a two-dimensional code output unit) in the control terminal 2 acquires the latest random number from the random numbers stored in the random number issuance history area 8A, and generates a QR code in which the random number information is embedded. The generated QR code image is output to the screen of the QR code reader 9A. The processing of the QR code output unit 6 is periodically executed to determine whether the number of times the random number used by the QR code currently displayed stored in the random number issuance history area 8A is used is 1 or whether the QR code is displayed for a predetermined time or longer. When it is determined that the number of times of use of the random number used for the QR code currently being displayed is 1 or that the QR code is continuously displayed for a predetermined time or longer, the QR code output unit 6 generates the QR code in which the new random number is embedded, and displays the QR code again on the QR code reader 9A.
The QR code authentication unit 7 (an example of a two-dimensional code authentication unit) in the control terminal 2 acquires the QR code displayed on the personal terminal 30 via the QR code reader 9A, and acquires the QR code generation date and time, the random number, and the QRID (details will be described later). Then, the QR code authentication portion 7 compares the QR code generation date and time with the current time, and determines whether or not the elapsed time from the QR code generation date and time is within the fixed time set in the entry/exit management system 50.
When the determination condition is satisfied in this time determination, the QR code authentication portion 7 then compares the acquired random number with the random number issuance history area 8A, and determines whether or not there is a history issued as a random number for the QR code reader 9A and whether or not the number of usage times is 0.
When the determination condition is satisfied in the random number determination, the QR code authentication portion 7 then determines whether the obtained QRID permits the passage of the QR code reader 9A in the passage permission list recording area 8B.
When the QRID determination satisfies the determination condition, the QR code authentication unit 7 permits the passage of the QR code reader 9A to be permitted, and transmits an unlock command to the electronic lock 9B.
The control terminal DB8 has a random number issuance history area 8A and a permission list recording area 8B. Details of the random number issuance history area 8A and the permission list recording area 8B will be described later with reference to fig. 6 and 7.
[ information management apparatus ]
Next, the information management device 20 will be described in more detail.
The control device 22 in the information management device 20 stores the information of the accessing person input from the accessing person information registration PC40 in the accessing person main information area 25A via the network line N and the communication device 21. After the entrance/exit person information is stored in the entrance/exit person main information area 25A, the permission list created by the permission list creation unit 23 is stored in the permission list recording area 25C. After the permission list is stored in the permission list recording area 25C, the personal terminal is specified from the personal information recording area 25B, and the personal terminal communication unit 24 transmits the QRID stored in the permission list recording area 25C to the personal terminal 30 of the subject via the network line N and the communication device 21.
The access permit list making unit 23 associates the information (for example, name) of the access person with the access information (for example, access date and time) of the access person registered from the access person information registration PC40, and issues a unique random number as QRID in the access management system 50 in order to uniquely search the information. Information in which the issued QRID is associated with the entrance/exit person information is stored in the permission list recording area 25C.
The personal terminal communication unit 24 transmits the QRID recorded in the permission list recording area 25C to the target personal terminal.
The entrance/exit person information DB25 has an entrance/exit person master information area 25A, a personal information recording area 25B, and a permission list recording area 25C. In the entering and exiting person master information area 25A, information relating to entering and exiting persons, information relating to scheduled entering and exiting, information relating to building facilities, and the like are registered and stored as entering and exiting person master information. The details of the personal information recording area 25B and the permission list recording area 25C will be described later with reference to fig. 8 and 9.
[ personal terminal ]
Next, the personal terminal 30 will be described more specifically.
The personal terminal 30 includes a communication device 31, a control device 32, a dedicated application 33, a QR code generation unit 34, and a personal terminal storage area 35 ("personal terminal storage area 35" in the drawing). Hereinafter, the dedicated application is simply referred to as a dedicated application.
The control device 32 in the personal terminal 30 stores the QRID information transmitted from the information management device 20 in the QR code information area 35A via the network line N and the communication device 21. The control device 32 acquires the random number from the QR code image displayed on the QR code reader of the building facility 1 read by the QR code generation unit 34. Then, the control device 32 generates a QR code in which a random number is embedded from the QR code image, and displays the QR code on the screen PB2 of the personal terminal 30.
The QR code generation unit 34 (an example of a two-dimensional code generation unit) acquires a random number from a QR code image displayed on a QR code reader of the building facility 1. Then, the QR code generating unit 34 generates a QR code using the acquired random number, the QRID stored in the QR code information area 35A, and the current time acquired from the personal terminal 30, and displays the QR code on the screen PB2 of the personal terminal 30.
The personal terminal DB35 has a QR code information area 35A storing a QRID as QR code information. Details of the QR code information area 35A will be described later with reference to fig. 10.
[ outline structures of QR code reader and personal terminal ]
Next, an outline structure of the QR code reader and the personal terminal will be described with reference to fig. 2.
Fig. 2 shows a schematic configuration of the QR code readers 9A and 10A and a schematic configuration of the personal terminal 30. The QR code readers 9A and 10A shown on the left side of fig. 2 are configured to include a QR code display section PA1 and a QR code reading camera PA 2. The QR code display portion PA1 displays a QR code image in which a random number for uniquely identifying the QR code reader is embedded. The QR code reading camera PA2 is positioned below the QR code display section PA1, and is adjusted so that the screen PB2 of the personal terminal 30 can be brought within the angle of view of the QR code reading camera PA2 when the QR code reading camera PA2 is positioned directly opposite a normal personal terminal 30 (for example, a smartphone).
The personal terminal 30 shown on the right side of fig. 2 is configured to include a camera PB1 and a screen PB 2. The camera PB1 is a so-called built-in camera, and is provided on the same surface as the screen PB 2. When the QR code readers 9A and 10A are aligned with the personal terminal 30, the camera PB1 is disposed to face the QR code display section PA1, and the screen PB2 is disposed to face the QR code reading camera PA 2. The example on the right side of fig. 2 is a configuration of a general mobile terminal (for example, a smartphone or a tablet terminal), but the vertical relationship is not limited as long as the configuration includes the camera PB1 and the screen PB 2. For example, even a terminal provided with a camera PB1 on the lower side of the screen PB2 can be regarded as the same as the right drawing of fig. 2 by turning the terminal upside down.
Next, the hardware configuration of each of the control terminal 2, the information management device 20, and the personal terminal 30 will be described with reference to fig. 3 to 5.
[ hardware configuration of control terminal ]
Fig. 3 is a block diagram showing an example of the hardware configuration of the control terminal 2 shown in fig. 1. The hardware configuration example of the control terminal 2 shown in fig. 2 corresponds to a computer, and can be realized by using a personal computer or the like.
The control terminal 2 includes a CPU (Central Processing Unit) 110, a ROM (Read Only Memory) 120, a RAM (Random Access Memory) 130, and a nonvolatile Memory device 140, which are connected to a system bus. Further, a network interface (referred to as "network IF" in the figure) 150 for performing communication with an external device is provided.
The CPU110 reads out a program code of software that realizes the functions of each section of the control terminal 2 from the ROM120 and executes the program code. Variables and the like generated during the arithmetic processing performed in the control terminal 2 are temporarily written in the RAM 130. The CPU110 realizes various functions of the control terminal 2 by executing program codes recorded in the ROM 120.
As the Network Interface 150, for example, an NIC (Network Interface Card) or the like is used, and various data can be transmitted and received between devices via a LAN (Local Area Network) or a dedicated line connected to a terminal of the NIC. The network interface 150 is connected to the communication device 3 in the building facility 1.
The nonvolatile storage device 140 is a nonvolatile storage device such as a hard disk or an SSD (Solid State Drive), and semi-permanently stores and stores programs, data, and the like necessary for the operation of the CPU 110. In addition, the nonvolatile storage device 140 constitutes the control terminal DB8 of fig. 1.
The control terminal 2 is provided with an input unit 160 and an output unit 170 as necessary. The input unit 160 receives the result of reading by the corresponding QR code reader 9A or 10A, a sensor signal indicating the open/close state of the electronic lock 9B or 10B, and the like. The output unit 170 outputs control signals for the corresponding QR code readers 9A and 10A and the electronic locks 9B and 10B, respectively.
[ hardware configuration of information management apparatus (data center) ]
Fig. 4 is a block diagram showing an example of the hardware configuration of the information management apparatus 20 (data center) shown in fig. 1. The hardware configuration of the information management apparatus 20 shown in fig. 4 is an example of a computer, and can be realized by using a personal computer or the like.
The information management device 20 also includes a CPU210, a ROM220, a RAM230, and a nonvolatile storage device 240 (corresponding to the entrance/exit person information DB25 in fig. 1) connected to the system bus. The information management device 20 includes a network interface (referred to as "network IF" in the figure) 250 for communicating with an external device. The communication means 21 is realized by a network interface 250. These configurations and functions are the same as the hardware configuration and functions of the control terminal 2 described in fig. 3, and therefore, the description thereof is omitted. However, the information management device 20 can delete the configuration corresponding to the input unit 160 and the output unit 170 shown in fig. 3.
[ hardware configuration of personal terminal ]
Fig. 5 is a block diagram showing an example of the hardware configuration of the personal terminal 30 shown in fig. 1. The hardware configuration of the personal terminal 30 shown in fig. 5 is an example of a computer, and can be implemented using a personal computer or the like.
The personal terminal 30 also includes a CPU310, a ROM320, a RAM330, and a nonvolatile storage device 360 (corresponding to the personal terminal DB35 in fig. 1) connected to the system bus. Various functions of the personal terminal 30 are realized by the CPU310 executing the program code of the dedicated application 33 recorded in the ROM 320. The personal terminal 30 includes a network interface (referred to as "network IF" in the figure) 370 for communicating with an external device. The communication device 31 is implemented by a network interface 370. These configurations and functions are the same as the hardware configuration and functions of the control terminal 2 described in fig. 3, and therefore, the description thereof is omitted.
The personal terminal 30 includes a display device 340 and an input device 350. The display device 340 is a display panel such as a liquid crystal display, and displays a GUI (Graphical User Interface) screen, results of processing performed by the CPU310, and the like. The input device 350 uses a touch panel, a pointing device such as a mouse, a keyboard, and the like, and a user can input information and instructions by operating the input device 350. Input device 350 generates an input signal corresponding to an operation by a user and supplies the input signal to CPU 310. The control terminal 2 and the information management device 20 may include a display device 340 and an input device 350.
Next, information (table) stored in a storage area (DB) provided in each of the control terminal 2, the information management device 20, and the personal terminal 30 will be described.
[ random number issuance history field ]
Fig. 6 shows an example of the data configuration of the random number issuance history area 8A of the control terminal 2. The random number issuance history area 8A has a table structure, and includes, as its constituent elements, a number (No.) MA1, an issuing QR code reader MA2, a random number MA3, an issuance time MA4, and a number of uses MA 5. Hereinafter, the table shown in fig. 6 is referred to as an entry and exit time recording area table.
Number (No.) MA1 indicates the order in which records in the entry/exit time recording area table are recorded.
The issuing QR code reader MA2 represents information (identifier or name) that uniquely identifies the QR code reader that issued the random number. For example, QR1 in the drawing represents the QR code reader 9A, and QR2 represents the QR code reader 10A.
The random number MA3 is composed of characters, symbols, and the like, and indicates the content of the random number. The information included in the number of digits of the random number, the character type, and the like is arbitrary. In addition, the random number is unique within the facility in which the access device is provided.
The issuance time MA4 indicates the date and time when the random number was issued.
The number of times of use MA5 indicates the number of times the random number is used.
When the random number generator 5 issues a random number, the issued QR code reader MA2, the random number MA3, the issuance time MA4, and the number of use MA5 are newly stored.
[ passing permission list recording area ]
Fig. 7 shows an example of the data configuration of the permission list recording area 8B of the control terminal 2. The passage permission list recording area 8B has a table structure, and includes, as its constituent elements, a number (No.) MB1, a QRID MB2, a passage permission QR reader MB3, an entrance and exit start date and time MB4, and an entrance and exit end date and time MB 5. Hereinafter, the table shown in fig. 7 is referred to as a passage permission list recording area table.
The number (No.) MB1 indicates the order of recording in the recording area table of the recording permission list.
The QRID MB2 represents information (identifier) that uniquely identifies the QR code.
The passage permission QR reader MB3 indicates information (an identifier or a name) that uniquely identifies the QR code reader that has permitted the passage.
The access start date and time MB4 indicates the date and time when the person in or out starts to access.
The access completion date and time MB5 indicates the date and time when the person accessing the vehicle completed the access.
When the passage permission list recording area 25C of the information management apparatus 20 is updated, the QRID MB2, the passage permission QR reader MB3, the entrance and exit start date and time MB4, and the entrance and exit end date and time MB5 are newly stored in the passage permission list recording area 8B.
[ personal information recording area ]
Fig. 8 shows an example of the data structure of the personal information recording area 25B of the information management apparatus 20 (data center). The personal information recording area 25B has a table structure, and includes, as its constituent elements, a number (No.) MC1, a name MC2, a QRID MC3, a personal terminal IP address MC4, a mail address MC5, and a personal terminal ID MC 6. Hereinafter, the table shown in fig. 8 is referred to as a personal information recording area table.
The number (No.) MC1 indicates the order in which records in the personal information recording area table are recorded.
Name MC2 represents the name of the person entering or exiting.
The QRID MC3 indicates information (identifier) that uniquely identifies the QR code.
The personal terminal IP address MC4 indicates an IP address used by the personal terminal 30 in communication.
Mail address MC5 indicates the address of an electronic mail used by personal terminal 30. The mail address MC5 is not an essential component.
The personal terminal ID MC6 indicates information (identifier) that uniquely identifies the personal terminal 30. For example, as the personal terminal ID, an inherent MAC (Media Access Control) address assigned to each network interface is used.
The personal terminal IP address MC4, mail address MC5, and personal terminal ID MC6 are stored in the personal information recording area 25B in advance, and QRID MC3 is newly stored after being registered as entrance/exit person information.
[ passing permission list recording area ]
Fig. 9 shows an example of the data configuration of the permitted list recording area 25C of the information management apparatus 20 (data center). The permission list recording area 25C has a table structure, and includes, as its components, a number (No.) MD1, a permission building MD2, a building IP address MD3, a QRID MD4, a permission QR reader MD5, an entrance/exit start date and time MD6, and an entrance/exit end date and time MD 7. Hereinafter, the table shown in fig. 9 is referred to as a passage permission list recording area table.
After the entrance and exit person information is registered, the corresponding entrance and exit permission building MD2, building IP address MD3, QRID MD4, entrance permission QR reader MD5, entrance and exit start date and time MD6, and entrance and exit end date and time MD7 are newly stored.
[ QR code information area ]
Fig. 10 shows an example of the data structure of the QR code information area 35A of the personal terminal 30. The QR code information area 35A has a table structure, and includes, as its constituent elements, a number (No.) ME1, a QRID ME2, a pass permission QR reader ME3, an access start date and time ME4, and an access end date and time ME 5. Hereinafter, the table shown in fig. 10 is referred to as a QR code information area table.
The number (No.) ME1, QRID ME2, passage permission QR reader ME3, entry and exit start date and time ME4, and entry and exit end date and time ME5 of the QR code information area table are the same as those of the same name of the passage permission list recording area table (fig. 7), and therefore, description thereof is omitted.
Thus, the new storage number (No.) ME1, QRID ME2, passage permission QR reader ME3, access start date and time ME4, and access end date and time ME 5.
[ operation of the entire Access management System ]
Next, the operation of the entire entry and exit management system 50 will be described with reference to fig. 11.
Fig. 11 is a sequence diagram showing an operation example of the entire access management system 50. Here, the contents described with reference to fig. 11 are an outline of the operation of the entire access management system 50.
First, as a premise, the entrance/exit information registration person operates the entrance/exit information registration PC40 to transmit information such as entrance/exit persons and reservation of passage to the information management apparatus 20 of the data center so as to permit the authentication result in the control terminal 2 (authentication apparatus) provided in parallel with the door that wants to enter and exit.
The information management device 20 sets passage permission list tables in which entrance and exit person information, an entrance and exit facility permitted to enter and exit, date and time information (effective date and time) permitted to enter and exit, and the like are associated with each other, and stores the passage permission list tables in the entrance and exit person information DB 25. At this time, the information management apparatus 20 assigns an ID (hereinafter, referred to as "QRID") capable of uniquely identifying a series of information (marked as "passage mode" in the drawing) stored in the passage permission list table, and stores the ID in the passage permission list table (S1). At the same time, the information (QRID, passage mode) of the passage permission list table is also transmitted to the control terminal 2 installed in the building facility 1 where the person entering and exiting the building enters and exits (S2), and is stored in the control terminal DB8 in the control terminal 2 (S3). The information management device 20 stores information of the building facility 1 in which the entrance and exit facility is installed. The control terminal 2 periodically generates a random number (S4).
The information management device 20 confirms that the entrance/exit person information is stored, and then operates to transmit information (passage mode) including the passage permission list table such as QRID to the dedicated application 33 of the personal terminal 30 (S5). The information notified from the information management apparatus 20 to the personal terminal 30 includes at least information of QRID and expiration date and time. The dedicated application 33 of the personal terminal 30 stores the transmitted information in the personal terminal DB35 within the personal terminal 30 (S6). At this time, it is assumed that the user of the personal terminal 30 is registered with the user of the dedicated application 33 in advance.
When the dedicated application 33 is activated before the entrance of the person, the camera PB1 built in the personal terminal 30 stands by in an activated state. At this time, a QR code in which a random number that can uniquely identify the QR code reader is embedded is displayed on a screen provided in the QR code reader (for example, the QR code reader 9A) provided in parallel with the target door (S8). After the entrance/exit person activates the dedicated application 33 and confirms that the camera PB1 is in the activated state, the entrance/exit person performs a random number acquisition operation on the personal terminal 30 so that the QR code displayed on the QR code reader can be read by the camera PB1 (S7). That is, the personal terminal 30 is opposed to the QR code reader.
After the normal alignment, the personal terminal 30 reads the QR code displayed on the QR code reader using the camera PB1 to acquire a random number (S9). In addition, the control terminal 2 may display the QR code on the QR code reader after detecting the facing of the personal terminal 30.
The dedicated application 33 generates a QR code for entry/exit authentication based on information obtained by combining the random number acquired from the QR code of the QR code reader, the QRID received from the information management apparatus 20 in advance, and the QR code generation time (current time), and displays the QR code on the screen of the personal terminal 30 (S10). Next, the QR code reader reads the QR code displayed on the personal terminal, and acquires the random number, the QRID, and the QR code generation time (S11).
Finally, the QR code reader reads the QR code displayed on the personal terminal 30, acquires information such as a random number and a QRID, compares the acquired information with the permission list table stored in advance in the control terminal 2 of the building facility 1, and unlocks the electronic lock 9B of the target door when it is determined that the passage is permitted (S12).
For example, the control terminal 2 compares the current time with the acquired QR code generation time, and determines whether or not the time difference between the two times is within a predetermined time. If the time is within a certain period, the control terminal 2 then compares the random number obtained from the QR code with the release history of the random number recorded in the control terminal 2, and determines whether the random number matches the random number displayed by the QR code reader and is not used. When the random numbers match and are not used, the obtained QRID is compared with the passage permission list table recorded in the control terminal 2, and it is determined whether or not the QRID permits passage to the target entrance/exit device. When the passage is permitted, the door is unlocked. At this time, the random number is stored and used 2 times, and cannot be used.
In the above series of authentication operations, by using authentication information such as a random number for specifying the QR code reader and QRID for specifying an entering or exiting person, it is possible to perform stable and instantaneous operations while ensuring security when performing transmission and reception between the control terminal 2 and the personal terminal 30. In the present embodiment, the authentication process is completed during the passage while the person who enters and exits lifts the personal terminal 30 on which the QR code is displayed to the QR code reader, and therefore the authentication operation for entering and exiting is easy.
The respective processes of the information management device 20, the control terminal 2, and the personal terminal 30 constituting the access management system 50 will be described below with reference to fig. 12 to 16.
[ incoming and outgoing person information registration processing ]
Here, a flow of processing until a registrant registering arbitrary entrance/exit person information registers entrance/exit person information via an arbitrary entrance/exit person information registration PC40 connected to the network line N and transmits necessary information to the personal terminal 30 will be described.
(processing of permission List creation section)
Fig. 12 is a flowchart showing an example of processing of the permission list creation unit 23 of the information management device 20.
Referring to fig. 12, personal information (for example, names) of persons entering and exiting and information (for example, information on Card Readers (CR) corresponding to doors to which passage is desired) of destinations of persons entering and exiting are stored in advance (step SA 1). When the entrance/exit person information is stored, the processing of the passage permission list creation unit 23 is started.
The passage permission list creation unit 23 determines whether or not the entrance/exit person information to be stored in the entrance/exit person information DB25 is ready (step SA 2). Here, when the entrance/exit person information is prepared (yes in step SA2), the passage permission list creation unit 23 issues a QRID that is a unique random number for each data of the entrance/exit person 1 (step SA3), and stores the entrance/exit person information and the QRID in the MD2 to MD7 in the passage permission list recording area 25C and the MC3 in the personal information recording area 25B (step SA 4).
At this time, if there is a defect in the entrance/exit person information (no in step SA2), such as when the entrance/exit person information is not available, the permission list creation unit 23 notifies a predetermined error (step SA 5). The release of QRID and the storage processing of entrance/exit person information and QRID information after step SA2 are not performed (steps SA3 and SA 4).
The QRID issued in step SA3 has a unique value in the access management system 50, and by using the QRID, it is possible to uniquely determine when and who have access to the right. Then, the MC2 and MC4 to MC6 in the personal information recording area 25B are input in advance by performing user registration from the dedicated application 33 installed in the personal terminal 30 in the personal terminal registration job.
The pass-permission-list creating unit 23 notifies the personal-terminal communication unit 24 of the completion of step SA4 or SA 5.
(processing of personal terminal communication section)
Fig. 13 is a flowchart showing an example of processing of the personal terminal communication unit 24 of the information management device 20.
After the process at step SA4 in fig. 12, the personal terminal communication unit 24 of the information management apparatus 20 determines whether or not the same QRID exists in the permission list recording area 25C and the personal information recording area 25B (step SB 1).
When the same QRID is present (yes at step SB1), the personal terminal communication unit 24 determines whether or not the personal terminal IP address MC4 and the personal terminal ID MC6 are stored in the record of the target QRID in the personal information recording area 25B (step SB 2). When the information is stored (yes at step SB2), the personal terminal communication unit 24 transmits information such as the QRID to the personal terminal IP address MC4 (step SB 3).
At this time, in step SB1, when the same QRID does not exist in the permission list recording area 25C and the personal information recording area 25B (no in step SB1), the personal terminal communication unit 24 performs a predetermined error notification and does not perform the subsequent processes (steps SB2 to SB3 in this case) (step SB 5).
In step SB2, when the personal terminal IP address MC4 and the personal terminal ID MC6 are not present in the personal information recording area 25B (no in step SB2), the personal terminal communication unit 24 performs a predetermined error notification and does not perform the subsequent processing (step SB3 in this case) (step SB 4).
[ treatment of random number Generation section ]
Here, a flow of processing until a QR code using a random number issued for each QR code reader connected to the control terminal 2 is generated and displayed on a screen of the QR code reader will be described.
Fig. 14 is a flowchart showing an example of processing of the random number generation unit 5 of the control terminal 2.
First, when the predetermined period (for example, 1 minute) has been reached (yes at step SC 1) or when the random number has been used (yes at step SC 2) (details will be described later), the random number generation unit 5 starts the random number generation process. That is, even when the random number has not reached the predetermined cycle (no at step SC 1), the random number generation processing is started when the random number has been used (yes at step SC 2). On the other hand, when the random number has not been used in the predetermined cycle (no in step SC 1) or when the random number has not been used (no in step SC 2), the random number generation process is not started.
After the processing at steps SC1 and SC2, the random number generator 5 issues a new random number for each QR code reader (step SC 3). The random number generated at step SC3 is compared with the random number issuance history area 8A (step SC 4). If the same random number is present in the random number issuance history area 8A (no at step SC4), the process returns to step SC 3.
If the same random number does not exist (yes at step SC4), the random number generation unit 5 stores the newly generated random number and the related information (the issuing QR code reader, the issuing time) in the MA2 to MA4 of the random number issuing history area 8A, and stores "0" in the number of uses MA5 (step SC 5). Next, the random number generation unit 5 generates a QR code using the newly generated random number, transmits the QR code to the QR code reader (here, the QR code reader 9A) of the object, and outputs the QR code to the screen (step SC 6).
[ QR code Generation and authentication ]
Next, the generation of the QR code and the authentication process will be described with reference to fig. 15 and 16. Here, a description will be given of a process flow of the personal terminal 30 and the control terminal 2 for acquiring a random number from a QR code of a QR code reader displayed on the site (building facility 1) and generating an entrance/exit QR code that can be authenticated only by the QR code reader of the object.
(processing of QR code generating section)
Fig. 15 is a flowchart showing an example of processing of the QR code generation section 34 of the personal terminal 30.
First, the QR code generating section 34 executes the dedicated application 33 to check that the camera PB1 is in the activated state, and then causes the personal terminal 30 to face the QR code reader 9A in order to read the QR code on the screen of the QR code reader (here, the QR code reader 9A) installed on the door of the facility where the user wants to enter and exit (step SD 1).
After the positive alignment, the QR code generation unit 34 reads the QR code of the QR code reader 9A with the camera PB1 to acquire a random number (step SD 2). Next, the QRID stored in advance in the QR code information area 35A, the random number acquired at step SD2, and the current time (hereinafter, also referred to as "QR code generation time") acquired from the personal terminal 30 are combined to generate a QR code for entrance/exit authentication (step SD 3).
The QR code generator 34 immediately displays the QR code generated at step SD3 on the screen of the personal terminal 30 (step SD 4). Next, when detecting that a predetermined fixed time (for example, 30 seconds) has elapsed since the QR code generation time or a manual end operation (for example, end of a dedicated application), the QR code generation unit 34 ends the display of the QR code (step SD 6).
After the process at step SD4, the person entering or exiting lifts the personal terminal 30 up to the QR code reader (SD 5). The processing in steps SD2 to SD4 is performed in a state where the personal terminal 30 faces the QR code reader 9A, and the personal terminal 30 is substantially kept facing the QR code reader 9A (lifted state).
(processing of QR code authentication section)
Fig. 16 is a flowchart showing an example of processing of the QR code authentication portion 7 of the control terminal 2.
While the QR code for entrance/exit authentication is displayed on the screen of the personal terminal 30 in step SD4 of fig. 15, when the QR code reader 9A reads the QR code (step SE1), the QR code authentication unit 7 acquires the QR code generation time, the random number, and the QRID from the QR code for entrance/exit authentication (step SE 2).
Next, the QR code authentication unit 7 determines the QR code generation time (step SE3), and if it is determined that the QR code generation time is within a predetermined time (for example, 30 seconds) (yes at step SE3), the routine proceeds to step SE 4.
Next, the QR code authentication unit 7 determines whether or not the random number acquired from the portable terminal 60 exists in the random number issuance history area 8A (random number MA3) and whether or not the number of usage MA5 is "0" (step SE 4). If it is determined that the acquired random number is present and is not used (yes at step SE4), the routine proceeds to step SE 6.
Next, the QR code authentication unit 7 determines whether or not the QRID acquired from the mobile terminal 60 is present in the permission list recording area 8B (QRID MB2) and the permission of the door to pass through is obtained (the permission QR reader MB3) (step SE 6).
If it is determined at step SE4 that the result is "yes", that is, if it is determined that the acquired random number is used, the QR code authentication unit 7 updates the number of times MA5 of use of the random number issuance history area 8A to "1", and performs a process such that the random number generation unit 5 reissues the random number (step SE 5). Thereby, the QR code output portion 6 of the QR code reader 9A updates the QR code being displayed in the QR code reader 9A.
Next, when the obtained QRID is permitted to pass through the door provided by the QR code reader 9A lifting the personal terminal 30 (yes at step SE6), the QR code authentication unit 7 unlocks the electronic lock provided in parallel with the target door (here, the electronic lock 9B) (step SE 7).
On the other hand, when a predetermined time or more has elapsed since the QR code generation time (no at step SE3), or when the acquired random number is illegal or used (no at step SE4), or when the QRID is illegal or unauthorized (no at step SE6), a predetermined error notification is performed, and the QR code authentication unit 7 does not perform the unlocking operation of the electronic lock 9B (step SE 8).
As described above, the QR code authentication portion 7 of the present embodiment judges the random number by referring to the random number issuance history in which the number of times the random number is used is recorded, and either one of the random number issuance history, and the random number issuance history is issued and unused in the past, or the random number issuance history and the random number usage history are issued and used in the past.
In this way, the QR code authentication unit 7 instructs the random number generation unit 5 to reissue the random number when it is determined that the random number has been used, assuming the determination results of the plurality of patterns. Therefore, the random number is re-issued, and the QR code embedded with the random number is also updated. Therefore, a reduction in safety can be prevented.
[ specific examples ]
Next, the operation of the access management system 50 will be described with specific examples with reference to fig. 1 and 6 to 10.
For example, assume that an entering/exiting person a who wants to enter/exit from 09:00 at "2021/02/01 to 18:00 at" 2021/02/01 "exists in the exclusive part (1) of the building facility 1. At this time, it is assumed that the entrant/exit person a has previously completed the pre-registration work of the personal terminal 30 (for example, a smartphone). In order to give the entrance/exit permission to the exclusive part (1) to the entrance/exit person a, the entrance/exit person information registration person registers the personal information and the entrance/exit information of the entrance/exit person a from the entrance/exit person information registration PC40 to the information management apparatus 20 in advance. After the registration of the entrance/exit person information is completed, the passage permission list creation unit 23 of the information management device 20 issues a new unique QRID (here, 789789789) to the information of the newly registered entrance/exit person a. Then, the permission list creation unit 23 stores the entrance/exit person information and the QRID (789789789) in the personal information recording area 25B (MC2 to MC6) and the permission list recording area 25C (MD2 to MD 7).
At this time, a part of the information (MD4 to MD7) of the permission list recording area 25C is also stored in the permission list recording area 8B (MB2 to MB5) in the control terminal 2 of the building facility 1. Next, the personal terminal communication unit 24 transmits information such as QRID (789789789) to the personal terminal IP address (here, 789.789.789.789) of the personal information recording area 25B.
Subsequently, the person a is assumed to enter the exclusive room (1) at "10: 00 of 2021/02/01". First, the entrant/waiter a sets the dedicated application 33 of the personal terminal 30 to an execution state, confirms that the camera PB1 is activated, and makes the QR code reader 9A face the personal terminal 30.
The personal terminal 30 reads the QR code displayed on the QR code reader 9A to acquire the random number (here, aBc789) specific to the QR code reader 9A. Then, the QR code generation unit 34 of the personal terminal 30 generates a QR code for entrance/exit authentication in the personal terminal 30 using the random number (aBc789), a QR code generation time (here, 2021/02/01 — 10:00:30), and a QRID (789789789), which are not shown, and displays the QR code on the screen.
Next, assume that the QR code reader 9A reads the QR code for entrance/exit authentication displayed on the personal terminal 30 held in the right direction at "2021/02/01 — 10:00: 40". At this time, the QR code authentication portion 7 of the control terminal 2 determines that the QR code is valid because the QR code is within a preset reading period (here, 30 seconds) for entering and exiting authentication of the QR code.
Next, in the QR code authentication section 7, since the acquired random number (aBc789) exists in the random number issuance history area 8A and the number of times of use MA5 is also "0", it is determined that the random number of the QR code displayed in the QR code reader 9A has been read. Finally, the obtained QRID (789789789) is present in the permission list recording area 8B, and permission to pass to the QR code reader 9A is obtained within the reading time of "10: 00:40 at 2021/02/01", and therefore it is determined that the passage is permitted and the electronic lock 9B is unlocked.
As described above, the access management system (access management system 50) according to one embodiment of the present invention is a system including the control terminal (control terminal 2) having the management function of the connected access device and the authentication function of the person who accesses, and the personal terminal (personal terminal 30) having the reading and generating functions of the two-dimensional code while holding the identification information of the two-dimensional code for specifying the person who accesses.
The control terminal (control terminal 2) includes: a random number generation unit (random number generation unit 5) that generates and issues a random number capable of uniquely determining a two-dimensional code at a predetermined cycle; a two-dimensional code output unit (QR code output unit 6) that generates a two-dimensional code image in which the random number generated by the random number generation unit is embedded as information, and displays the two-dimensional code image on a screen of a two-dimensional code reader ( QR code readers 9A and 10A) connected to the control terminal; and a two-dimensional code authentication unit (QR code authentication unit 7) that determines whether or not a random number read from a two-dimensional code image for entry/exit authentication displayed on a screen of the personal terminal is a random number generated by the two-dimensional code reader.
The personal terminal (personal terminal 30) includes a two-dimensional code generation unit (QR code generation unit 34) that generates a two-dimensional code image for entry/exit authentication embedded with a random number read from a two-dimensional code image displayed on a two-dimensional code reader as information, and displays the two-dimensional code image on a screen.
In the entry and exit management system 50 of the present embodiment configured as described above, the QR code reader and the personal terminal 30 facing each other transmit and receive information to and from each other via the QR code image without depending on unstable wireless communication. This enables the control terminal 2 connected to the QR code reader to perform the authentication process of entering and exiting stably and instantaneously.
In general, since the QR code image is characterized by ease of copying, there is a concern that security may be degraded due to copying of the QR code image for entrance/exit authentication. In contrast, in the present embodiment, by reading QR code images respectively displayed on the QR code reader and the personal terminal, a fear that the QR code image can be easily copied is overcome.
Only when the person who enters or exits the door is actually authenticated in front of the target door, the QR code that can be used only 1 time for the target door can be issued stably and instantaneously. Therefore, the authentication operation of the entrance and exit is easy, and the security of the entrance and exit management when using the QR code can be ensured.
The present invention is not limited to the above-described embodiment, and it is needless to say that various other application examples and modifications can be obtained without departing from the spirit of the present invention described in the claims.
For example, the above-described embodiment is an embodiment in which the configuration of the access management system is described in detail and specifically for easy understanding of the present invention, and is not limited to the embodiment in which all the components described are necessarily provided. In addition, a part of the configuration of each embodiment may be added, replaced, or deleted with another component.
In addition, a part or all of the above-described respective structures, functions, processing units, and the like may be realized by hardware by designing an integrated circuit or the like, for example. As the hardware, a general processor device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit) may be used.
In the timing charts and flowcharts shown in fig. 11 to 16, a plurality of processes may be executed in parallel or the order of the processes may be changed within a range that does not affect the processing result.
Claims (6)
1. An access management system, comprising: a control terminal having a management function of the connected access device and an authentication function of the access person; and a personal terminal which holds identification information of a two-dimensional code for identifying an entering or exiting person and has a function of reading and generating the two-dimensional code,
the control terminal is provided with:
a random number generation unit that generates and issues a random number capable of uniquely determining the two-dimensional code at a predetermined cycle;
a two-dimensional code output unit that generates a two-dimensional code image in which the random number issued by the random number generation unit is embedded as information, and displays the two-dimensional code image on a screen of a two-dimensional code reader connected to the control terminal; and
a two-dimensional code authentication unit that determines whether or not the random number read from the two-dimensional code image for entry/exit authentication displayed on the screen of the personal terminal is the random number generated by the two-dimensional code reader,
the personal terminal includes:
and a two-dimensional code generation unit that generates the two-dimensional code image for authentication of entrance and exit embedded with a random number read from the two-dimensional code image displayed on the two-dimensional code reader as information, and displays the two-dimensional code image on a screen.
2. The access management system of claim 1,
the random number capable of uniquely deciding the two-dimensional code is unique within a facility provided with an access device.
3. The access management system of claim 1,
the two-dimensional code authentication unit instructs the random number generation unit to reissue the random number when it is determined that the random number is used.
4. The access management system of claim 1,
the two-dimensional code authentication unit determines the random number by referring to a random number issuance history in which the number of times the random number is used is recorded, and determines that the random number has been issued and unused in the past, has not been issued in the past, and has been issued and used in the past.
5. The access management system of claim 1,
when the person who enters or exits enters a facility in which the entrance/exit device is installed, the personal terminal acquires the random number generated by the control terminal by facing the two-dimensional code reader to the personal terminal, and the two-dimensional code reader reads the two-dimensional code image generated by the personal terminal.
6. An access management method for an access management system, the access management system comprising: a control terminal having a management function of the connected access device and an authentication function of the access person; and a personal terminal which holds identification information of a two-dimensional code for identifying an entering or exiting person and has a function of reading and generating the two-dimensional code,
in the control terminal:
a random number generation unit that generates and issues a random number capable of uniquely determining the two-dimensional code at a predetermined cycle;
a two-dimensional code output unit that generates a two-dimensional code image in which the random number issued by the random number generation unit is embedded as information, and displays the two-dimensional code image on a screen of a two-dimensional code reader connected to the control terminal; and
a two-dimensional code authentication unit that determines whether or not the random number read from a two-dimensional code image for entry/exit authentication displayed on a screen of the personal terminal is a random number generated by the two-dimensional code reader,
in the personal terminal:
the two-dimensional code generation unit generates the two-dimensional code image for entrance/exit authentication in which the random number read from the two-dimensional code image displayed on the two-dimensional code reader is embedded as information, and displays the two-dimensional code image on a screen.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2021034816A JP7442473B2 (en) | 2021-03-04 | 2021-03-04 | Room entry/exit control system and entry/exit control method |
| JP2021-034816 | 2021-03-04 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115035633A true CN115035633A (en) | 2022-09-09 |
Family
ID=83119738
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210103009.XA Pending CN115035633A (en) | 2021-03-04 | 2022-01-27 | Access control system and access control method |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP7442473B2 (en) |
| CN (1) | CN115035633A (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP7569418B1 (en) | 2023-07-26 | 2024-10-17 | 株式会社アクシオ | User Authentication System |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101855861A (en) * | 2007-11-16 | 2010-10-06 | 富士通天株式会社 | Authentication method, authentication system, on-vehicle device, and authentication device |
| CN104252602A (en) * | 2013-06-27 | 2014-12-31 | 日立欧姆龙金融系统有限公司 | Transaction processing system and transaction processing method |
| JP2015233263A (en) * | 2014-06-11 | 2015-12-24 | コニカミノルタ株式会社 | Authentication system and authentication method |
| CN106966245A (en) * | 2016-01-14 | 2017-07-21 | 株式会社日立大厦系统 | Lift maintenance system |
-
2021
- 2021-03-04 JP JP2021034816A patent/JP7442473B2/en active Active
-
2022
- 2022-01-27 CN CN202210103009.XA patent/CN115035633A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101855861A (en) * | 2007-11-16 | 2010-10-06 | 富士通天株式会社 | Authentication method, authentication system, on-vehicle device, and authentication device |
| CN104252602A (en) * | 2013-06-27 | 2014-12-31 | 日立欧姆龙金融系统有限公司 | Transaction processing system and transaction processing method |
| JP2015233263A (en) * | 2014-06-11 | 2015-12-24 | コニカミノルタ株式会社 | Authentication system and authentication method |
| CN106966245A (en) * | 2016-01-14 | 2017-07-21 | 株式会社日立大厦系统 | Lift maintenance system |
Also Published As
| Publication number | Publication date |
|---|---|
| JP7442473B2 (en) | 2024-03-04 |
| JP2022135183A (en) | 2022-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4881588B2 (en) | Service provision system | |
| CN109074693B (en) | Virtual panel for access control system | |
| JP2012069036A (en) | Entry/exit management system and method | |
| CN104517338A (en) | Remote door access control system based on wireless network and realization method of remote door access control system | |
| JP5513234B2 (en) | Visitor management device | |
| CN115035633A (en) | Access control system and access control method | |
| JP5107598B2 (en) | Entrance / exit management device and method | |
| JP2016194212A (en) | Entry/exit management device, management pc, and id key identification information copy method | |
| JP2007197960A (en) | Entrance key managing system and method | |
| WO2021019508A1 (en) | Property management systems | |
| JP5106264B2 (en) | Elevator security control system and elevator security control method | |
| JP2007172039A (en) | Login management system and method using location information of user | |
| JP2009060231A (en) | Security system, management device, mobile terminal, and program | |
| CN110599651A (en) | Access control system based on unified authorization center and control method | |
| JP2007207116A (en) | Voting right counting system, voting right counting method, and voting right counting program | |
| KR20130082678A (en) | Server for meeting room reservation and control method thereof | |
| JP2020113146A (en) | Charge settlement system | |
| US20210234931A1 (en) | Information processing apparatus and non-transitory computer readable medium | |
| JP2022091771A (en) | Information processing apparatus, information processing method, and information processing system | |
| JP2005232754A (en) | Security management system | |
| JP2010055197A (en) | Cooperation controller | |
| JP2021188401A (en) | Information processing device, information processing method, program, and mobile terminal | |
| JP5226347B2 (en) | Area management system and method | |
| JP7573317B2 (en) | Facility rental system and facility rental method | |
| JP2006132152A (en) | Entrance management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |