JP2001325569A - Electronic lock, electronic lock system, and use service providing method for locked body provided with electronic lock - Google Patents

Abstract

PROBLEM TO BE SOLVED: To facilitate the registration of a user and the management of a key. SOLUTION: This electronic lock system 602 includes an identification card 601 having identification information recorded and an electronic lock 600 which is provided to a locked body to be provided for the user 611 and locks and unlocks the body according to the identification information. The electronic lock 600 is equipped with an identification information storage means which stores the identification information allowing the locking and unlocking, an identification information input means which inputs identification information from the identification card 601, and a lock control means which locks and unlocks the lock when the identification information stored in the identification information storage means and the identification information inputted from the identification information input means have specific relation. The identification information is information capable of identifying the bearer of the identification card 601 and the identification information storage means is stored with the identification information read out of the identification card 601 handed over from the user 611.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic lock using information for identifying an individual as a key, an electronic lock system, and a service providing method for a locked object provided with the electronic lock.

[0002]

2. Description of the Related Art << First Prior Art >> As a conventional service providing method of a locked article provided with a lock, for example, a rental service providing method of a rental house will be described. FIG.
3 shows a procedure flow in the conventional rental service providing method. Hereinafter, this will be described in the order of procedures.

(1) The lock maker 902 attaches the lock 900 to the rental house (step S950), and delivers the key 901 of the lock 900 to the facility manager 903 (step S951). (2) The user 904 who wants to rent a rental house is an external authentication center 905 (for example, an administrative organization such as a city hall).
An identity certificate 906 (for example, a resident's card or a copy of a family register) is obtained from the company (step S952), and this is sent to the facility manager 903
And asks the facility manager 903 to confirm his / her identity (step S953). (3) A rental contract is concluded between the facility manager 903 and the user 904, and the rental contract 9
07 at least two copies (for the facility manager and for the user, respectively). Then, the facility manager 903 and the user 904 store the rental contract 907 (step S954). (5) The facility manager 903 delivers the rental house key 901 to the user 904 (step S955). (6) The user 904 uses the key 901 to lock or unlock the lock 900 of the rental house (step S)
956).

<< Second Prior Art >> Further, when providing a rental service using a computer, there is a problem in how to authenticate a manager or a user of a rental house when providing the service, for example. Become. For example, as a conventional authentication method for an individual having an identification medium in which unique identification information is recorded, a personal identification number is registered in advance in association with the identification information, and the individual having the identification medium presents the personal identification number. An example may be given in which, when successful, the individual is authenticated as the holder of the identification medium.

In place of the password, physical information for confirming the identity, such as a fingerprint, retina, voice or face image, is registered in advance, and the physical information of the individual having the identification medium is detected. In some cases, when it is determined that the individual is the same as the registered one, the individual is authenticated as the holder of the identification medium.

<< Third Prior Art >> Further, when attempting to provide a rental service using a computer, there is a problem in managing personal information when the service is provided. Conventionally, for example, information relating to an individual (hereinafter referred to as “personal information”) generally includes information required by each unit, such as an individual, a company / organization, a local government, and an administrative unit. And are stored and disclosed at their own risk.

[0007] Handling personal information in this way has the following advantages, for example. (1) Since only the information required by each unit is handled, the responsibility for managing and disclosing the information becomes clear. (2) Since information is dispersed in each of the units, the collection is costly, and it is difficult for a large amount of information to be collectively illegally acquired.

On the other hand, such an embodiment has the following disadvantages, for example. (1) It is not consistent with the current administrative system. (2) The handling of information differs for each unit, and the reliability of the information is not stable. (3) Information of overlapping contents (especially basic personal information) is scattered in each unit, and it is difficult to unify them.

Therefore, in order to eliminate the disadvantage, for example, it has been studied to efficiently and unitarily manage the personal information dispersed in each unit.

[0010]

However, the conventional rental service providing method in the first prior art has the following problems. (1) It is difficult to manage the duplicate key 901 to be copied for various reasons. (2) If lost or stolen, it will not be possible to go out with peace of mind. (3) In the case of (2), it is necessary to replace the lock up to the lock 900, which is costly. (4) There is a risk that a lock key 901 is created by a lock maker, facility manager 903, or the like without the knowledge of the user 904. (5) It is troublesome to obtain an identification card 906 such as a resident card. (6) It is difficult to confirm whether the identity proof 906 submitted at the time of the contract and the document describing the personal information were destroyed when the rental service was canceled. (7) The identity of the facility manager 903 at the time of contract is the user 904
Not usually presented to (8) The lock 900 is provided on various things, and it is necessary to have various keys 901 for each lock 900.

In the conventional authentication method using a personal identification number in the second prior art, a person who has a low or reduced memory ability depends on the memory ability of only the person to be authenticated.
Alternatively, there is a problem that it is difficult for a person who has a memory impairment to store a password. For example, a birthday or a telephone number of the person can be used as the personal identification number so that the person can easily remember the personal identification number. However, this may cause a problem that a malicious third party can easily find the personal identification number. .

Further, in the conventional authentication method using physical information in the second prior art, the problem as in the authentication method using a password does not occur, but a detection device for detecting physical information and a detection device for detecting physical information are used. A discriminating device for discriminating the identity between the physical information and the registered physical information is required, and there is a problem that the cost is high.

The personal information in the third prior art includes, for example, information inherent to an individual such as a name and a date of birth, as well as information derived from the individual's social life (according to an individual's contract). (Including derived information), and information related to personal abilities and histories. When attempting to centrally manage such a wide variety of subdivided personal information, it becomes a problem how to disclose to whom and how much information is disclosed.

There is no problem in disclosing information provided by the individual who requests the information, for example, as long as the information is recognized and provided by the individual (for example, information described in a document at the time of application / contract). However, in particular, information (e.g., medical records, facility use, purchases, benefits, contract records, performance, performance, other various records, etc.) generated in the relationship between the person and the information holder, and third parties (institutions) investigate -Disclosure of the analyzed information (eg, house map, questionnaire, marketing analysis, etc.) is a problem.

[0015] A first object of the present invention is to solve the above-mentioned problems, and to easily perform user registration and key management, an electronic lock, an electronic lock system, and a locked object provided with the electronic lock. To provide a use service providing method.

[0016] A second object of the present invention is to solve the above-mentioned problems, to perform authentication without depending on the capabilities of the owner or manager of the object and the user, and to realize this at low cost. It is an object of the present invention to provide an electronic lock, an electronic lock system, and a service providing method for a locked object provided with the electronic lock.

[0017] A third object of the present invention is to solve the above-mentioned problems and to provide an electronic lock, an electronic lock system, and an electronic lock capable of objectively and rationally managing and disclosing a wide variety of subdivided personal information. It is an object of the present invention to provide a service providing method for a locked article provided with a lock.

[0018]

In order to achieve the above object, an electronic lock according to the present invention is provided on a locked object to be provided to a user, and is locked based on identification information recorded on an identification medium. Or an electronic lock for unlocking, the identification information storage means for storing the identification information permitting locking or unlocking, the identification information input means for inputting the identification information stored in the identification medium, Lock control means for locking or unlocking when the identification information stored in the information storage means and the identification information input from the identification information input means have a predetermined relationship, The identification information is information capable of identifying an individual owner of the identification medium, and the identification information storage means stores the identification information read from the identification medium lent by the user. Is configured to It is characterized by a door.

Further, the electronic lock system of the present invention is provided on an identification medium on which identification information is recorded and a locked object to be provided to a user, and locks or unlocks based on the identification information. An electronic lock system comprising: an electronic lock system comprising: an identification information storage unit configured to store the identification information that permits locking or unlocking; and an identification information input unit configured to input the identification information stored in the identification medium. Lock control means for locking or unlocking when the identification information stored in the identification information storage means and the identification information input from the identification information input means have a predetermined relationship. The identification medium, the identification information is information capable of identifying an individual owner of the identification medium, and the identification information storage means is read from the identification medium lent by the user. Said It is characterized in that different information is configured to be stored.

The predetermined relationship is not particularly limited, and examples thereof include a matching relationship, a similar relationship, and a matching or similar relationship when a predetermined operation is performed on one or both pieces of identification information.

The electronic lock or the electronic lock system can be exemplified by an embodiment having an authentication means for authenticating a person who changes the storage content of the identification information storage means.

In the electronic lock or the electronic lock system, an owner or a manager of the locked object has an identification medium on which the identification information is recorded, and the authentication unit includes the owner or the manager. And the user mutually authenticate each other, and in order to mutually confirm that the owner or administrator and the user are the owners of the respective identification media, Personal identification information presenting means for both presenting personal identification information associated with the identification information of the identification medium to each other, and the identification information of both of the two in order to indicate that they have confirmed each other. An embodiment including an identification information reading device capable of setting both of the identification media in a readable state at the same time can be exemplified.

The personal identification information and the personal identification information presenting means are not particularly limited, but the following modes can be exemplified.

(1-1) The identity verification information is a portrait of the identity, and the identity verification information presenting means displays the portrait on the identification medium, or displays the identification on a medium different from the identification medium. An aspect in which a display unit that displays the portrait in association with information is provided.

(1-2) The identity verification information is an expression indicating the characteristics of the identity, and the identity verification information presenting means displays the expression on the identification medium or a medium different from the identification medium. A display unit for displaying the expression in association with the identification information.

(1-3) The personal identification information is personal portrait data or audio data, and the personal identification information presenting means is provided on a medium recorded on the identification medium or on a medium different from the identification medium. A mode in which the portrait data or the audio data recorded in association with the identification information is output to an output unit.

(1-4) The identification information is expression data indicating the characteristics of the identification, and the identification information presenting means is provided on the identification medium or on a medium different from the identification medium. An aspect in which the expression data recorded in association with the identification information is output to an output unit.

Here, the identification medium is not particularly limited, but may be a magnetic medium, a magneto-optical medium, an integrated circuit (IC).
And the like, in which recording means for recording identification information in a computer-readable manner is embedded. The form of the identification medium is not particularly limited, but may be a card, a disk,
Examples thereof include those formed in a spherical shape, a pen shape, and a human shape.

Although the identification information reading device is not particularly limited, a mode in which the identification information is read by contacting the identification medium or a mode in which the identification information is read without contacting the identification medium can be exemplified. In the aspect of reading without touching, “setting the identification medium” means that the identification medium is prepared so that the identification information reading device can read the identification information. .

The expression "related to the identification information" includes not only a case where the information is directly related but also a case where the information is indirectly related through other identification information. .

The presentation of the identification information is not particularly limited as long as it is presented so that a human can recognize it with the five senses. The identification information can be recognized as visual, auditory, tactile, olfactory or taste, or a combination thereof. Presentation can be exemplified.

The portrait is not particularly limited as long as an individual other than the person can recognize whether or not the person is a person, but a picture, photograph, or image of the whole or part of a person's face or figure is taken. Can be exemplified. The pictures and images include those in which the characteristics of a person are emphasized and displayed, such as a portrait.

The portrait data is not particularly limited, and examples thereof include two-dimensional image data and three-dimensional image data indicating the portrait. The means for outputting the audio data is not particularly limited, but a speaker can be exemplified,
The means for outputting portrait data is not particularly limited.
An image display device and an image printing device can be exemplified.

The expression is not particularly limited, but may be a character, a graphic, a symbol, a shape, a pattern, a color, or a combination thereof. The expression data is:
Although not particularly limited, audio data that can be output to the audio output means in addition to data that can output the expression to the output means can be exemplified.

Further, the "state that can be read substantially simultaneously" means that the respective identification media are simultaneously set in the identification information reading apparatus provided with the same number of reading units as the at least two individuals. The present invention also includes a state in which each identification medium is set in an identification information reading apparatus having a number of reading units smaller than the number of at least two individuals while replacing each identification medium within a predetermined time.

The authentication means may be exemplified by a mode provided with a history storage means for storing the history of authentication.

Also, the electronic lock system includes a database system that discloses the personal information of the user requested by the owner or the administrator and the user, and the database system includes the owner or the administrator. Access qualification setting means for setting access qualification information indicating a range of information that can be disclosed to the combination based on information on the combination of the administrator and the user; and information included in the range indicated by the access qualification information. An embodiment including an information disclosure means for disclosing the combination can be exemplified.

The access qualification information is not particularly limited, but includes information for specifying an accessible database among at least two databases storing personal information, and an accessible item in the database storing personal information. The information to be specified can be exemplified. The information for specifying the accessible item is not particularly limited. However, when an access qualification level indicating an access qualification value necessary to access each item is set, the access qualification value is It can be exemplified that the information is specified.

The means for setting the access qualification information is not particularly limited, but can be exemplified by setting based on the following information. (2-1) Information that specifies at least two individuals requesting information, respectively. For example, the name, date of birth, gender, nationality, address, occupation, affiliation, qualifications (eg, license, official qualification, educational background, occupational history, etc.), relatives, income, assets, contract relationships, and the like can be given. (2-2) The relationship between the at least two individuals. For example,
The relationship between a doctor and a patient, a salesperson and a customer, a teacher and a student, a boss and a subordinate of a company, a caregiver and a cared person, and the like can be given. (2-3) Purpose of using (requesting) information. For example, the purpose is to be used for medical examination, sales of products and services, education, business, nursing care, and the like. (2-4) Requested information. For example, information such as a patient's medical history and diagnosis information, a customer's payment performance, a student's academic performance, a subordinate's work performance and evaluation, and a caregiver's care level determination result may be used.

The information on the individual is not particularly limited, but as described in the above [Problems to be Solved by the Invention], information recognized and provided by the individual (hereinafter referred to as "individual primary information"). And other information (referred to as “individual secondary information” in this document; for example, information generated in the relationship between the person and the information holder, information investigated and analyzed by a third party (institution), etc.).

Although the personal authentication means is not particularly limited, the following embodiments can be exemplified. (2-a) A mode in which authentication is performed by presenting a predetermined recitation code from an individual to be authenticated. (2-b) A mode in which authentication is performed when a predetermined identification medium is presented from an individual to be authenticated. (2-c) It is determined that the characteristics of the individual to be authenticated (for example, physical characteristics, mental characteristics, attributes such as name and date of birth, etc.) are identical to the characteristics registered in advance. Authentication mode. (2-d) at least 2 of (2-a) to (2-c)
The aspect which combined two aspects.

The database system can be exemplified by a mode provided with history storage means for storing the used history.

Further, according to the present invention, there is provided a method for providing a service for using a locked article provided with an electronic lock, wherein the locked article provided with an electronic lock which is locked or unlocked based on identification information recorded on an identification medium. A service providing method for an owner or an administrator to provide the locked article to a user, wherein the identification medium is owned by the user and the owner or the administrator, respectively, The information is information capable of identifying the individual owner of the identification medium, the authentication step of authenticating both using the personal identification information of the user and the identification information of the owner or the administrator, When the user and the owner or the administrator are authenticated in the authentication step, a use start setting step of setting the electronic lock to lock or unlock when the identification information of the user is input is included. Contains.

In the authentication step, the two present themselves to each other with personal identification information associated with the identification information of the identification medium of the user, and the two are the holders of the identification media. Confirming each other, and reading the identification information of the two at substantially the same time by an identification information reading device for reading the identification information from the identification medium to indicate that the identification has been performed. A setting step of setting both of the identification media in a possible state.

When the user and the owner or the manager are authenticated in the authentication step, a personal information browsing step of extracting the personal information of the user and enabling the owner or the manager to view the personal information is performed. Examples included before the use start setting stage can be exemplified.

[0046]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS << First Embodiment >> Hereinafter, a first embodiment in which the present invention is embodied in an authentication system 1 will be described with reference to the drawings together with an authentication method implemented using the same system 1. I do. This authentication system 1 is for two of a plurality of individuals to authenticate each other,
As shown in FIG. 1, it includes an identification card 2 as an identification medium for each individual and an authentication device 3 for authenticating the individual having the identification card 2.

The identification card 2 is distributed to a plurality of individuals who are going to be authenticated by the authentication system 1.
Each identification card 2 has an identification I as unique identification information.
A magnetic tape on which D10 is recorded is embedded. Further, on the surface of the identification card 2, there is provided a portrait display section 11 on which a portrait of the holder of the identification card 2 is printed and displayed. This portrait is personal identification information associated with the identification ID 10 of the identification card 2 of the user. Further, in order for the portrait display unit 11 to mutually confirm that each of the individuals is the holder of each of the identification cards 2, personal identification information presenting means for presenting a portrait to each of the other individuals by each of the individuals. is there.

The authentication device 3 includes a CPU (central control device),
An authentication device main body 15 configured using a known computer including a RAM (random access memory), a ROM (read only memory), a display controller, a hard disk device, and the like (all not shown); Is connected to a card reader 16 for reading information recorded on the identification card 2 and a monitor device 17 as a display means for displaying the progress of authentication, the authentication result, and the like.

The hard disk device of the authentication device 3 stores an identification ID database 20 in which identification information recorded on each identification card 2 is stored.

The card reader 16 has two identification cards 2
Are provided with two card slots 16a so that the IDs of the identification cards 2 can be inserted.
10 can be read almost simultaneously.

When the identification card 2 is inserted into any one of the card slots 16a, the authentication device 3 executes the next authentication process (step S100) shown in the flowchart of FIG. This authentication process (step S
100) First, within a predetermined time, the identification I of each individual is performed.
It waits until each identification card 2 is set in both card slots 16a while D10 can be read substantially simultaneously (step S101). If each identification card 2 is set in both card slots 16a within a predetermined time (step S10
2) Then, the identification IDs 10 are read from both identification cards 2 (step S103). When the identification ID 10 can be read from both identification cards 2 (step S
104), it is confirmed whether both the read identification IDs 10 are registered in the identification ID database 20 (step S105). When each identification ID 10 has been registered in the identification ID database 20 (step S10
6) The fact that authentication has been successful is displayed on the monitor device 17 (step S107), and the process is terminated (step S10).
9). If the conditions are not satisfied in each of steps S102, S104, or S106, a message indicating that authentication is not possible is displayed on the monitor device 17 as an authentication result (step S108), and the process is immediately terminated (step S108). S109).

Next, an authentication method performed using the authentication system 1 will be described. First, each individual displays the portrait display section 11 displayed on the identification card 2 as personal identification information presentation means to another individual. The identification cards 2 are presented and mutually confirmed that they are the holders of the identification card 2 (confirmation step). Next, each individual inserts (sets) the identification card 2 of each individual into each card slot 16a of the card reader 16 to indicate that they have confirmed each other (the setting stage). Then, an authentication process (step S100) is executed by the authentication device, and the authentication result is displayed on the monitor device 17.

This authentication system 1 authenticates, for example, a purchaser of a product or service and a provider of a product or service that accesses credit information in order to collect the payment, or accesses an individual and their medical information. Can be used for authentication with a doctor. Then, when both of the above-mentioned authentications can be performed, various systems can be constructed so that access to credit information and medical information is permitted.

According to the authentication system 1 configured as described above and the authentication method implemented using the system 1,
Since individual persons authenticate each other, they do not depend only on the memory ability of the individual to be authenticated, unlike an authentication method using, for example, a personal identification number. For this reason, even those with low or reduced memory ability, or those with impaired memory ability can use it.

Further, by providing the identification card 2 with a portrait display section 11 as personal identification information presenting means, the identity of the personal identification information can be determined by a human. Unlike a method of automatically discriminating a fingerprint, a retina, or the like, a special detecting device or a discriminating device is not required, and the configuration can be performed at low cost.

<< Second Embodiment >> FIG. 3 shows an authentication system 30 according to a second embodiment of the present invention, and the authentication system 30 and an authentication method implemented using the system 30. Is different from the first embodiment only in the following points. For this reason, the same parts as those in the first embodiment are denoted by the same reference numerals, and redundant description will be omitted.

(1) The portrait display section 11 as in the first embodiment is not provided on the identification card 31, but two magnetic tapes are embedded. As in the first embodiment, the identification ID 10 is recorded on one magnetic tape, and the portrait data 33 of the person as the identification information is recorded on the other magnetic tape. Then, the identification card 31
From the predetermined end of the card reader 1
6, the identification ID 10, which is the content of one magnetic tape, can be read by the card reader 16. Also, the identification card 3
When the identification card 31 is inserted into the card slot 16a from the predetermined other end of the card 1, the portrait data 33, which is the content of the other magnetic tape, can be read by the card reader 16.

(2) Insert the identification card 31 into the card reader 16
Is inserted into the card slot 16a of the authentication device 32.
Reads the content recorded on the magnetic tape before executing the authentication process (step S100). When the content is the portrait data 33 (that is, when the identification card 31 is inserted into the card slot 16a from the predetermined other end), the portrait represented by the portrait data 33 is used as a monitor as output means. The information is displayed on the device 17. This is personal identification information presenting means, and each individual presents a portrait of each individual to another individual by this personal identification information presenting means, and mutually confirms that each individual is the holder of the identification card 2. You can meet.

The effects of the first embodiment can also be obtained by the authentication system 30 of the present embodiment and the authentication method implemented using the system 30.

Third Embodiment Next, FIG. 4 shows an authentication system 40 according to a third embodiment of the present invention. The system 40 and an authentication method performed using the system 40 are as follows. Only the following points are different from the first embodiment.

(1) The identification card 41 is not provided with the portrait display section 11 as in the first embodiment. (2) The hard disk device of the authentication device 42 has an identification I
Along with the D database 20, a portrait database 44 storing portrait data as personal identification information for each identification ID 10 is stored. The portrait database 44 is configured so that portrait data can be extracted using the identification ID 10 as a key.

(3) In step S101 of the authentication process (step S100), when the identification card 41 is inserted into only one of the card slots 16a, the following process is performed. That is, the identification ID 10 recorded on the inserted identification card 41 is read, and the portrait data corresponding to the identification ID 10 is extracted from the portrait database 44. Then, the portrait represented by the portrait data is displayed on the monitor device 17 as output means. This is personal identification information presentation means.

The effects of the first embodiment can also be obtained by the authentication system 40 of the present embodiment and the authentication method implemented using the system 40.

Fourth Embodiment Next, FIG. 5 shows an authentication system 50 according to a fourth embodiment of the present invention. The system 50 and an authentication method performed using the system 50 are as follows. Only the following points are different from the first embodiment.

Unlike the first embodiment, the authentication device 52 does not include the identification ID database 20 in its hard disk device. Instead, the ID 10
The IDs are distributed and stored in a plurality of identification ID database servers 56 connected to the authentication device 52 via the communication line 55, and by searching these identification ID databases 56, the identification IDs 1 read from the identification card 51 are retrieved.
It is configured to check whether 0 is registered. At this time, the target identification ID 10 is
The means for specifying whether or not the ID is stored in the database server 56 is not particularly limited.
A directory server that outputs the network address of the database server 56 can be connected to the authentication device 52 via the communication line 55, and the identification ID database server 56 that stores the identification ID can be specified from the configuration of the identification ID. And storing the identification ID in the identification ID database server, searching all the identification ID database servers 56, and the like. The communication line 55 is not particularly limited, but may be a wide area network (WAN), a local area network (L
AN) and the like.

The effects of the first embodiment can also be obtained by the authentication system 50 of the present embodiment and the authentication method implemented using the system 50.

It should be noted that the present invention is not limited to the above-described embodiment, and can be embodied by appropriately changing the scope of the invention as follows, for example, as follows.

(1) In the first embodiment, the personal identification information is displayed on a medium other than the identification medium in association with the identification ID 10 to display the portrait. (2) In the second and third embodiments, audio data is used instead of portrait data.

(3) In the first embodiment, instead of a portrait, an expression indicating a characteristic of the individual is employed as the identification information. (4) In the second or third embodiment, instead of portrait data, expression data indicating personal characteristics is adopted as the personal identification information.

(5) In the fourth embodiment, (a) the identification card 51 is not provided with the portrait display section 11,
(B) connecting the authentication device 52 via the communication line 55 to one or more portrait database servers configured similarly to the portrait database 44 of the third embodiment,
(C) The authentication process (step S100) is configured in the same manner as in the third embodiment.

<< Fifth Embodiment >> FIGS. 6 to 15 show a database system 201 according to a fifth embodiment of the present invention.
2 shows an access qualification setting device 202 and an information disclosure device 203 of the database system 201. This database system 201 is for disclosing information required by a pair of individuals, and as shown in FIG. 6, a pair of individuals registered as users of the database system Access terminal 204 for accessing information stored in
A card management device 205 for storing and managing personal primary information of an individual registered as a user, and managing an identification card 209 as an identification medium distributed to the individual for personal authentication; and an access terminal 204. Information disclosure device 203 that discloses information requested by the set of individuals via
And an access qualification setting device 202 for setting an access qualification value as access qualification setting information indicating a range of information that can be disclosed to the set of individuals, which are connected to each other via a communication line 206. ing. The communication line 206 is not particularly limited, but may be a wide area network (WAN), a local area network (LAN), or the like.

In the identification card 209, a magnetic tape on which an identification ID 210 as unique identification information is recorded is embedded. On the surface of the identification card 209, there is provided a portrait display section 211 on which a portrait of the holder of the identification card 209 is printed and displayed. This portrait
This is personal identification information associated with the identification ID 210 of the identification card 209 of the user. Also, the portrait display unit 211
Identity verification information presenting means for each individual presenting a portrait to another individual in order to mutually confirm that each individual is the holder of each identification card 209.

The access terminal 204 includes a CPU (central control unit), a RAM (random access memory), a ROM
(Read-only memory), a display controller, a hard disk device and the like (all are not shown). The access terminal main body 220 shown in FIG. A keyboard 221 as an input device for designating requested information and the like; a monitor device 222 as a display device for displaying guide messages, processing progress, personal information, and the like; and a card for reading an identification ID 210 recorded on an identification card 209 The reader 223 is connected. The card reader 223 includes two card slots 223a so that the two identification cards 209 can be inserted into the card readers 223, respectively, so that the identification IDs 210 of the identification cards 209 can be read almost simultaneously. It has become. In the access terminal body 220, an information access process (step S300) described later is executed.

The card management device 205 has access terminal 2
As in the case of the access terminal 204, a keyboard 221 similar to the access terminal 204, a monitor 222, and a card management device main body 225 shown in FIG. Is connected. The personal primary information database 226 is stored in the hard disk device of the card management device main body 225. The personal primary information database 226 stores, for each registered individual, personal primary information and a list of the personal secondary information database 227 in which personal secondary information is stored. The card management device 205 is configured to basically provide such information only to the access qualification setting device 202. In the card management apparatus main body 225, an ID inquiry process described later (step S32)
0) and the individual primary information disclosure process (step S340) are respectively executed.

The information disclosure device 203 is connected to the access terminal 20
As in the case of No. 4, it is configured using a known computer. As shown in FIGS. 6 and 9, a plurality of personal secondary information database servers 228 are connected to the information disclosure device 203 via a communication line 207 different from the communication line 206 (particularly by way of example, in particular, The invention is not limited thereto, and the personal secondary information database server 228 may be configured to be connected to the communication line 206. In this case, the personal secondary information database server 228 responds only to a request from the information disclosure device 203. Can be exemplified.). The communication line 207 is not particularly limited, but may be a wide area network (WAN), a local area network (LAN), or the like. Each personal secondary information database server 228 stores a personal secondary information database 227 in which personal secondary information is stored. In each item of the personal secondary information stored in each personal secondary information database 227, an access qualification level indicating an access qualification value required to access each item is set. In the information disclosure apparatus 203, a personal secondary information disclosure process (step S360) as information disclosure means described later is executed.

The access qualification setting device 202 is configured using a known computer in the same manner as the access terminal 204. As shown in FIG. 10, the hard disk device of the access qualification setting device 202 includes an occupation classification table 230, a qualification classification table 231, and a database classification table 2 for use in setting an access qualification value.
32, a two-party relationship table 233, and a purpose classification table 234 are stored. In the access qualification setting device 202, an access qualification setting process (step S380) as an access qualification setting unit described later is executed.

The occupation classification table 230 shows the occupations classified by classification, the qualification classification table 231 shows the qualifications classified by classification, and the database classification table 232 shows the personal secondary information database 227 classified by classification. The two-party relationship table 233 stores information indicating the relationship between the two parties classified by category, and the purpose classification table 234 stores, for the purposes classified by category, information indicating the relationship with the individual secondary information classified by category. It is indicated by a numerical value (for example, it can be configured such that the larger the numerical value, the higher the access qualification to the personal secondary information (the wider the accessible range).

Next, the processing executed in each of the devices 202 to 205 will be described. The information access process (step S300) of the access terminal 204 is started when a pair of personal identification cards 209 is inserted into two card slots 223a of the card reader 223, respectively. As shown in FIG. 11, first, the card slot 223
It is confirmed that a pair of identification cards 209 are inserted substantially simultaneously into a, and the identification IDs 210 are read from both identification cards 209 (step S301).
Then, an ID inquiry request 2 specifying both of the identification IDs 210
40 is transmitted to the card management device, and a response 241 to the request 240 is received from the card management device 205 (step S302). The contents of the answer 241 are checked (step S303), and when it is "not able to be queried", a message indicating that personal authentication is not possible is displayed on the monitor device 222 (step S304), and the process is terminated (step S310). ). When the contents of the answer 241 indicate that "inquiry was successful", a list of the personal secondary information database 227 included in the answer 241 is displayed on the monitor device 222, and an individual requesting information disclosure from a set of individuals is displayed. In addition to inputting the next information database name, information for requesting disclosure (hereinafter referred to as “request information”) and a purpose for requesting disclosure (hereinafter referred to as “request purpose”) are input (step S305). When a personal secondary information database name and request information are input from a set of individuals, an information disclosure request 242 that specifies the personal secondary information database name and request information together with the reference number included in the answer 241 is transmitted to the information disclosure device. 2
03, and a response 243 to the request 242 is received from the information disclosure device 203 (step S306). The contents of the answer 243 are checked (step S307), and if it is "the request has been accepted", the disclosed information is displayed on the monitor device 222 (step S30).
8), the process ends (step S310). On the other hand, when the content of the answer 243 is "rejection of the request", a message "information cannot be disclosed" is displayed on the monitor device 222 (step S309), and the process ends (step S310).

Note that the information received in step S306 is transmitted to the monitor 222 in step S308.
Is displayed and then erased, so that the received information does not remain in the access terminal 204.

The ID inquiry process (step S320) of the card management device 205 is started when the ID inquiry request 240 is received from the access terminal 204. As shown in FIG. 12, first, a set of identification IDs 210 is extracted from the received ID inquiry request 240 (step S321). Then
In order to confirm whether or not each identification ID 210 is registered in the personal primary information database 226,
Personal primary information database 2 using D210 as a search key
26 (step S322). As a result, if each identification ID 210 is registered (step S32)
3), a personal secondary information database 22 in which an inquiry number indicating the ID inquiry fact in the card management device 205 and personal secondary information relating to each identification ID 210 are stored.
7 is transmitted to the access terminal 204 as a response 241 to the ID inquiry request 240 (step S32).
4), the process ends (step S326). On the other hand, when any one of the identification IDs 210 is not registered,
The fact that the inquiry could not be performed is transmitted to the access terminal 204 as a response 241 to the ID inquiry request 240 (step S
325), and the process ends (step S326).

The personal primary information disclosure process (step S340) of the card management device 205 is started when an information disclosure request 244 described later is received from the information disclosure device 203.
As shown in FIG. 13, first, the received information disclosure request 24
Then, a reference number and a set of identification IDs 210 are extracted from No. 4 (step S341). Then, it is confirmed whether or not the inquiry number is a regular number issued by the card management device 205 for the set of identification IDs 210 (step S34).
2) If the number is a regular number, the personal primary information for each identification ID 210 is transmitted to the card management device 205 as a response 245 to the information disclosure request 244 (step S).
343), and the process ends (step S345). If the reference number is not a legitimate number, "information cannot be disclosed" is transmitted as a response 245 to the information disclosure request 244 (step S344), and the process ends (step S3).
45).

[0102] The personal secondary information disclosure process (step S 360) of the information disclosure device 203 is started when the information disclosure request 242 is received from the access terminal 204. As shown in FIG. 14, first, an inquiry number and a set of identification IDs 210 are extracted from the received information disclosure request 242 (step S361). The reference number is the card management device 205
It is checked whether or not is issued legally (step S362). If it is a regular inquiry number, a set of identification ID 210 received along with the inquiry number, a qualification setting request 246 specifying request information and a request purpose are transmitted to the access qualification setting device 202, and an answer 247 to the request 246 is accessed. It is received from the qualification setting device 202 (step S363). The contents of the answer 247 are checked (step S364). If it is “access qualification set”, the access qualification value is extracted from the answer 247 and a request is made from the designated personal secondary information database 227. The access qualification level for the information is extracted, and it is checked whether there is an access qualification for the requested information (step S365). And
If there is an access qualification, the request information is retrieved from the designated personal secondary information database 227, disclosed to the access terminal 204 (step S366), and the process is terminated (step S368). Step S36
2. If the condition is not satisfied in any of S364 and S365, a response to the effect that information cannot be disclosed is transmitted to access terminal 4 (step S36).
7), and terminate the process (step S368).

The access qualification setting process of the access qualification setting device 202 (step S 380)
The process starts when a qualification setting request 246 is received from the third party. As shown in FIG. 15, first, the received qualification setting request 246
, An inquiry number, a set of identification ID 210, an individual secondary information database name, request information, and a request purpose are extracted (step S381). And the reference number is the card management device 2
It is checked whether 05 is issued legally (step S382). If the inquiry number is a regular inquiry number, an information disclosure request 244 specifying the inquiry number and the set of identification IDs 210 is transmitted to the card management device 205, and a response 245 to the request 244 is received from the card management device 205 (step S383). The contents of the answer 245 are checked (step S384). When the personal primary information is disclosed, the information, the personal secondary information database name,
The request information and the request purpose are stored in the occupation classification table 230, the qualification classification table 231, and the database classification table 23.
2, two-party relation table 233 and purpose classification table 2
Then, an access qualification value is set based on the access rights 34 (step S385). Then, this access qualification value is transmitted as a response 247 to the qualification setting request 246 to the information disclosure device 203 (step S386), and the process ends (step S388). Step S382 or S
If the conditions are not satisfied in 384, a response 247 to the effect that access qualification cannot be set is transmitted to the information disclosure device 203 (step S387),
The process ends (step S388).

The personal authentication means of this embodiment includes a portrait display section 211 as personal identification information presenting means, a card reader 223 as an identification information reading device, and information access processing of the access terminal 204 (step S300). This includes steps S301 to S303 and an ID inquiry process of the card management device 205 (step S320).

Next, a series of operation examples of the database system 201 configured as described above will be specifically described. (1) One set of individuals is each other's identification card 209
Is compared with the actual partner to confirm that the individual holding the identification card 209 is the holder of the identification card 209. Then, the identification cards 209 of the respective individuals are inserted into the card readers 223 of the access terminals 204, respectively, in order to indicate that they have confirmed each other. Then, the access terminal 204 confirms that a pair of identification cards 209 are simultaneously present in the card reader 223, reads the identification ID 210 recorded on the identification card 209, and reads the card management device 2
ID inquiry request 240 specifying the identification ID 210 in the ID 05
Is transmitted (steps S300 to S302).

(2) In the card management device 205 which has received the ID inquiry request 240, the personal primary information database 22
6 is checked to determine whether or not each identification ID 210 has been registered (steps S320 to S323). For example, both identification ID2
10 is registered, the card management device 205
Transmits, as the answer 241 to the ID inquiry request 240, an inquiry number and a list of the individual secondary information database 227 in which the individual secondary information of the individual is registered (steps S324 and S326).

(3) The access terminal 204 having received the answer 241 requests the personal secondary information database name and the request information from the list of the individual secondary information database 227 included in the answer 241 to request a set of individuals to disclose information. And a request purpose, and transmits an information disclosure request 242 designating them, an inquiry number and a set of identification IDs to the information disclosure apparatus 203 (steps S302, S303, S305, S
306).

(4) After receiving the information disclosure request 242, the information disclosure device 203 confirms the reference number included in the information disclosure request 242, and then sets the qualification setting request specifying the content included in the information disclosure request 242. 246 is transmitted to the access qualification setting device 202 (steps S360 to S363).

(5) After receiving the qualification setting request 246, the access qualification setting device 202 checks the reference number included in the qualification setting request 246, and then requests the information disclosure request specifying the content included in the qualification setting request 246. 244 is transmitted to the card management apparatus 205 (steps S380 to S383).

(6) After receiving the information disclosure request 244, the card management device 205 confirms the reference number included in the information disclosure request 244, and then returns personal primary information as a response 245 to the access qualification setting device 202 (step S340
~ S343, S345).

(7) Upon receiving the answer 245, the access qualification setting device 202 sets the access qualification value based on the personal primary information and the like, and sets the answer 24 to the qualification setting request 246.
The access qualification value is transmitted to the information disclosure device 203 as 7 (steps S383 to S386 and S388).

(8) The information disclosure device 203 that has received the response 247 discloses (transmits) the request information as the response 243 to the information disclosure request 242 based on the access qualification value.
(Steps S363 to S366, S368).

(9) Upon receiving the answer 243, the access terminal 204 displays the disclosed information on its monitor device 222 (steps S306 to S308, S310). In this way, a set of individuals can refer to personal secondary information.

According to the database system 201 configured as described above, the access qualification setting means (step S
380), and the information disclosure device 2 including the information disclosure means (step S360).
03, it is possible to efficiently manage and disclose a variety of subdivided personal information. For this reason, for example, (1) it is consistent with the current administrative system,
(2) In particular, basic personal information such as personal primary information can be unified, (3) rules for system operation can be unified, (4) average reliability of information can be improved, The effect described above can be obtained.

The access qualification setting device 202 sets an access qualification value indicating a range of information that can be disclosed to the set of individuals based on the information regarding the set of individuals (step S380). , The database system 201 can be configured to limit the disclosure range of information to an objective and reasonable range.

[0096] Further, the information disclosing device 203 discloses information disclosing means (step) for disclosing information included in the range indicated by the access qualification information indicating the range of information that can be disclosed to the set of individuals to the set of individuals. S360).
It is possible to efficiently disclose a large amount of subdivided and large amounts of personal information while limiting it to an objective and reasonable range.

Further, since the card management device 205 includes a set of personal identification means, a person who requests personal information can be specified in advance. For this reason, it is possible to improve the reliability of information management, prevent improper requests for information and “spoofing” of other individuals, and facilitate detection of improper activities.

The present invention is not limited to the above-described embodiment. For example, the present invention can be appropriately modified and embodied as follows without departing from the spirit of the invention. (1) Changing the personal authentication means to another mode such as a mode of performing authentication by presenting a predetermined recitation code from an individual to be authenticated.

(2) The access qualification level is not set for each item of information stored in the personal secondary information database 227, but is set for each personal secondary information database 227.

(3) The personal primary information database 226 is provided in a device different from the card management device 205. Then, it can be exemplified that the other device is configured to be connected to the database system 201 via the communication line 206.

(4) Instead of any two or more of the access terminal 204, the card management device 205, the information disclosing device 203, and the access qualification setting device 202, a device having the functions of the two or more devices is provided. To be provided.

(5) At least two or more of the card management device 205, the information disclosure device 203, and the access qualification setting device 202 are provided, and the two or more devices perform distributed processing. thing.

Sixth Embodiment FIGS. 16 to 22 show an electronic lock 600, an electronic lock system 602, and a rental house provided with the electronic lock 600 as a locked object according to a sixth embodiment of the present invention. It shows a method of providing rental services.

FIG. 16 shows a basic concept of a method of providing a rental service of a rental house by the electronic lock system 602. Specifically, an identification card 601 on which an identification ID 620 as identification information for identifying an individual is recorded. The facility manager 610 uses a user 611 to rent a rental house equipped with an electronic lock 600 that is locked or unlocked by using it as a key.
The flow when renting to is shown. Identification card 601
Are owned and managed by the facility manager 610 and the user 611, respectively. The electronic lock system 602 issues an electronic lock 600, an identification card 601 as an identification medium for the electronic lock, and an individual who registers the identification card 601 as a user, and stores personal primary information of the individual. A card issue management unit 603 that manages the role of managing the identification card distributed to the individual, authenticates the individual with the identification card, and stores the history of use of the identification card 601. History storage unit 6 in charge
04 and a database access qualification authenticating unit 6 responsible for authenticating the access qualification of the individual having the identification card 601 to the personal secondary information database server 606.
05 (in this document, "database access qualification authentication" is referred to as "DB access qualification authentication").

A magnetic tape on which an identification ID 620 as unique identification information is recorded is embedded in the identification card 601. On the surface of the identification card 601, there is provided a portrait display section 621 on which a portrait of the holder of the identification card 601 is printed and displayed. This portrait
This is personal identification information associated with the identification ID 620 of the identification card 601 of the user. Also, the portrait display section 621
An identification information presenting means for each individual presenting a portrait to another individual in order to mutually confirm that each individual is the holder of each identification card 601.

First, a method of providing a rental service for a rental house at the level of the basic concept of the electronic lock system 602 will be described in order. (1) The electronic lock maker 612 attaches the electronic lock 600 to the rental house (step S700). Further, the card issuance management unit 603 confirms the identity with, for example, a public external authentication center 607 by the government (step S70).
1) The identification card 601 is issued to each individual including the facility manager 610 and the user 611 (step S702). (2) When renting a rental house, a user 611 who wants to rent the rental house and a facility manager 610 managing the rental house are printed on the portrait display section 621 of the identification card 601 of each other. By confirming the portraits with each other, it is confirmed that each is the holder of each identification card 601. Next, the user 611 gives his or her identification card 601 to the facility manager 610 (step S703). This action of the user allows the facility manager 610 to browse the personal information of the user 611 as described later, so that the user 611 temporarily provides the facility manager 610 with the browsing authority for the personal information. It means to do. (3) When the user 611 is present, the facility manager 6
10 uses the identification card 601 of the user and the user 611 to request the card issuance management unit 603 to confirm the identity (step S704). At the same time, the facility manager 610 notifies the history storage unit 604 that this request has been made, and the history storage unit 604 stores the content of the notification (step S705). (4) The card issuance management unit 603 confirms the identities of the user 611 and the facility manager 610, and answers the results to both (step S706). (5) When the identity of the user 611 can be confirmed, the facility manager 610 indicates the result of the identity confirmation to the DB access qualification authentication unit 605, and the user required by the facility manager 610 to provide the rental service. A request is made to browse the personal information 611 (step S707). (6) The DB access qualification authentication unit 605 determines the range that can be disclosed to the combination of the two, and among the personal information requested by the facility manager 610, the personal information included in the range is used as the personal secondary information database server 606. (Step S708) and disclose it to the facility manager 610 (step S709). (7) The facility manager 610 browses the disclosed personal information and, when judging from the contents that it is possible to provide a rental service, agrees with the user 611 to rent a rental house and identifies the user 611. The electronic lock 600 is set to be locked or unlocked by the identification ID 620 recorded on the card 601 (step S710). (8) The user 611 uses the identification card 601 to lock or unlock the electronic lock 600 and use the rental house (step S711). (9) Thereafter, when stopping the use of the rental house by the user 611, the facility manager 610 sets the electronic lock 600 so as not to be locked or unlocked by the identification ID 620 recorded on the identification card 601 of the user 611. (Step S7
12).

Next, an example of a configuration for realizing the method for providing a rental service of a rental house will be described. As shown in FIG. 17, the card issuance management unit 603 includes a card management device 6
25, and the history storage unit 604 has a history storage device 6
26, the DB access qualification authentication unit 605 is provided with an information disclosure device 627 and an access qualification setting device 628, and these devices are connected to each other via a communication line 630. Further, another communication line 631 (illustrative and not particularly limited, and can be connected via the communication line 630) to the information disclosure device 627.
, One or more personal secondary information database servers 606 are connected. And the facility manager 610
, An access terminal 629 connected to these devices via a communication line 630 is provided.

Of these devices, the card management device 62
5. Information disclosure device 627 and access qualification setting device 62
8 are card management devices 2 in the fifth embodiment, respectively.
05, information disclosure device 203 and access qualification setting device 2
02. Further, the personal secondary information database server 606 is configured similarly to the personal secondary information database server 228 in the fifth embodiment. Therefore, the same parts as those of the fifth embodiment are denoted by the same reference numerals as those of the fifth embodiment, and the description thereof will not be repeated.

[0109] The access terminal 629 of the present embodiment is different from the access terminal shown in FIG.
As shown in FIG. 8, it differs from the access terminal 204 of the fifth embodiment in the following points, and the other configuration is the same as that of the embodiment. (1) In step S302 of the information access process (step S300), when the ID inquiry request 240 is transmitted to request the card management device 625 to confirm the identity of the holder of the identification card 601, the access terminal 6
29 is configured to send a copy 240a of the request to the history storage device 626. (2) Information access processing of the fifth embodiment (step S3
00), instead of step S308, a usage information registration request process (step S720) described later is executed. (3) Usage information erasure request processing described later (step S76)
0). (4) An administrator ID storage unit 640 as means for storing the ID 20 of the facility manager 610 is provided. (5) In addition to the wired communication unit 641 as communication means for communicating via the communication line 630 (not shown in the fifth embodiment), wireless communication as communication means for communicating with the electronic lock 600 wirelessly A point 642.

The history storage device 626 is connected to the access terminal 62.
9 is stored (that is, the history of use of the identification card 601 is stored).

As shown in FIG. 19, the electronic lock 600 includes a control unit 65 as lock control means for controlling the operation of the entire electronic lock.
0, a lock mechanism 651 that performs an unlocking operation or a locking operation according to a control instruction from the control unit 650, a card reader unit 652 as identification information input means for inputting an identification ID from the identification card 601, and an access terminal 629. A wireless communication unit 653 as a communication unit with the clock, a clock unit 654 as a unit for obtaining the date and time, and an identification ID 620 permitting locking or unlocking.
ID storage unit 6 as identification information storage means for storing
55 and the identification ID 6 stored in the identification ID storage unit 655
20 is provided with a use condition storage unit 656 as means for storing use conditions such as an expiration date for permitting locking or unlocking of the device 20. The drive power source (not shown) of the electronic lock 600 is not particularly limited, but may be a primary battery or a secondary battery removably incorporated from the indoor side.

The control unit 650 registers an ID ID 620 for registering an ID ID 620 permitting locking or unlocking of the electronic lock 600 (step S740), and an ID ID for deleting the registered ID 620. ID
Erasing process (step S780) and the card reader 65
2 according to the identification ID 620 input from the lock mechanism 65.
1, a locking / unlocking process (step S800) as a means for performing a locking or unlocking operation is performed.

Although the lock mechanism 651 is not particularly limited, in the present embodiment, the lock mechanism 651 operates so as to sequentially switch between the unlocked state and the locked state according to a switching instruction as a control instruction output by the control section 650. An example is shown in which the following is adopted.

The card reader section 652 has one card slot 652a.
a ID recorded on the identification card 601 inserted in a
620 is read.

The wireless communication unit 653 is connected to the access terminal 629.
Converts an analog signal received wirelessly from the terminal to a digital signal and passes it to the control unit 650, or converts a digital signal output from the control unit 650 into an analog signal and converts the digital signal to an access terminal 62.
9 for wireless transmission.

The clock section 654 measures the current date and time, and the control section 650 can read the date and time.

The identification ID storage unit 655 stores the user 611
The identification ID 620 read from the identification card 601 loaned from is stored.

It is preferable that the identification ID storage unit 655 and the use condition storage unit 656 be configured to retain the storage contents without supplying power, and a configuration using a flash memory can be exemplified.

Next, the access terminal 629 and the electronic lock 60
Each process of 0 will be described. First, the access terminal 62
The flow of the use information registration request process (step S720) of No. 9 will be described along with the flow of the identification ID registration process (step S740) of the electronic lock 600 that operates in response to the request, along the flowchart shown in FIG. The use information registration request process (step S720) is the same as the answer 2 in step S307 of the information access process (step S300).
When the content of 43 is “the request has been accepted”, it is executed instead of step S308.
In this processing, first, a guide that prompts the facility manager 610 to input whether or not to make a rental contract as a result of referring to the disclosed personal information together with the disclosed personal information of the user 611 as in step S308. Monitor device 2
22 (step S721). Facility manager 61
0 inputs that no lease contract is made (step S72).
2) The process ends immediately (step S727). When the facility manager 610 inputs that a lease contract is to be made (step S722), various usage conditions including designation of a house to be rented, an expiration date of the lease contract, and the like are input (step S72).
3). Next, a registration request for use information including the identification ID 620 of the user 611 and the use condition is transmitted to the electronic lock 600 of the designated house (step S724). The control unit 650 of the electronic lock 600 that has received this request executes a usage information registration process (step S740). In this process, the content of the request is read from the received request (step S741), and the identification ID 620 and the usage condition as usage information are stored in the identification ID storage unit 655 and the usage condition storage unit 656, respectively (step S). A response indicating that the information has been registered is transmitted to access terminal 629 (step S
743), and the process ends (step S744). Usage information registration request processing of access terminal 629 (step S7
In step 20), a response to the effect that the usage information has been registered is received (step S725), the result is displayed on the monitor device 222 (step S726), and the process ends (step S726).
727).

Next, the flow of the use information erasure request process (step S760) of the access terminal 629 is shown in FIG. 21 together with the flow of the identification ID erasure process (step S780) of the electronic lock 600 that operates in response thereto. Description will be given along a flowchart. Note that the administrator identification ID storage unit 64
It is assumed that the identification ID 620 of the facility manager 610 is stored in advance by a setting unit (not shown).

This usage information deletion request processing (step S7)
Step 60) is executed when a predetermined operation is performed on the access terminal 629 when the use information registered in the electronic lock 600 is to be deleted. In the usage information erasure request processing (step S760), first, it is checked whether or not the identification card 601 is inserted into any of the card slots 223a (step S761).
The process ends immediately (step S767). When the identification card 601 is inserted, its identification ID 620
Is read and compared with the identification ID 620 stored in the administrator identification ID storage unit 640. If the identification ID 620 read from the identification card 601 does not match that of the facility manager 610, the process ends immediately (step S7).
67). If the identification IDs 620 match, a guide prompting the facility manager 610 to input the designation of the house whose usage information is to be deleted is displayed on the monitor device 222, and the input is waited for (step S763). When the designation of a house is input, a request to delete usage information is transmitted to electronic lock 600 of the house (step S764). The control unit 650 of the electronic lock 600 that has received this request executes a usage information erasing process (step S780). In this process, the content of the request is read from the received usage information deletion request and confirmed (step S781), and the contents of the identification ID storage unit 655 and the usage condition storage unit 656 are deleted (step S78).
2) The access terminal 62 sends a reply to the effect that the usage information has been deleted.
9 (step S783), and the process ends (step S784). In the usage information erasure request process of the access terminal 629 (step S760), a response indicating that the usage information has been erased is received (step S765), the result is displayed on the monitor device 222 (step S766), and the process ends (step S766). Step S767).

Next, the flow of the locking / unlocking process (step S800) of the electronic lock 600 will be described with reference to the flowchart shown in FIG. This locking / unlocking process (step S800) is performed in the card slot 65 of the electronic lock 600.
This is executed when the identification card 601 is inserted into 2a. In this processing, first, the identification ID 6 is stored in the identification ID storage unit 655.
It is checked whether or not 20 has been registered (step S801), and if not, the process ends immediately (step S806). When the identification ID 620 is registered, the validity period of the contract is read out of the usage conditions stored in the usage condition storage unit 656, and the clock unit 6 is read.
The current date and time are read out from 54 and it is checked whether the current date and time is within the validity period of the contract (step S80).
2). If the expiration date of the contract has elapsed, the contents of the identification ID storage unit 655 and the usage condition storage unit 656 storing the identification ID 620 as the usage information and the usage condition are deleted (step S805), and the process ends. (Step S806). If the contract has not expired, the identification ID 620 is read from the identification card 601 and
The ID is compared with the ID 620 stored in the ID storage unit 655 (step S803). If the two IDs match, a switching instruction is issued to the locking mechanism 651 to switch between the locked state and the unlocked state (step S80).
4). Then, the process ends (step S806).

Next, a series of operation examples of the electronic lock system 602 configured as described above will be described together with a method for providing a rental service of a rental house equipped with the electronic lock 600 using the system 602 ( Card management device 62
5. Information disclosure device 627 and access qualification setting device 6
The operation of 28 and the operation of the access terminal 629 when cooperating with these devices are basically the same as those of the fifth embodiment, so that they will be described briefly here. ).

First, the user 611 who wants to rent a rental house and the facility manager 610 who manages the rental house confirm each other's portrait printed on the portrait display section 621 of the identification card 601 of each other. Thus, it is confirmed that each is the holder of each identification card 601 (confirmation step). Next, the user 611 gives his or her identification card 601 to the facility manager 610 (the user 611).
Is temporarily provided to the facility manager 610).

Next, in the presence of the user 611, the facility manager 610 makes the user 611 and the facility manager 6
The ten identification cards 601 are inserted (set) into the card slot 223a of the access terminal 629 (set stage). Then, the identification card 601 is provided to the access terminal 629.
Of the individual with respect to the identification ID 620 recorded in the request. Then, the access terminal 629
Sends the card management device 625 an I
A D inquiry request 240 is transmitted. At the same time, the access terminal 629 transmits a copy 240a of the ID inquiry request 240.
Is transmitted to the history storage device 429, and the history storage device 429 is transmitted.
Stores a copy 240a of the received ID inquiry request 240. Card management device 6 receiving ID inquiry request 240
25 queries the identification ID 620 and the resulting I
The D inquiry result 241 is transmitted to the access terminal 629. I
The access terminal 629 receiving the D inquiry result displays the ID inquiry result (authentication stage). This display allows the user 61
When the identity of the user 1 can be confirmed, the facility manager 610 inputs a request for browsing personal secondary information necessary for providing the rental service to the access terminal 629. Then, the access terminal 629
Transmits the information disclosure request 242 of the personal secondary information requested by the facility manager 610 to the information disclosure device 627 together with the ID inquiry result as the identification result of the identity. This request 24
When the information disclosure device 627 receives the request 24,
A qualification setting request 246 is transmitted to the access qualification setting device 628 together with the content of the second. Access qualification setting device 628
Upon receiving the qualification setting request 246, it transmits an information disclosure request 244 of personal primary information to the card management device 625, and sends the personal primary information of the user 611 and the facility manager 610 from the card management device 625 as a response 245. obtain. Based on the personal primary information, the range of the personal secondary information that can be disclosed to the combination of the user 611 and the facility manager 610 is determined, the access qualification of both is set, and this is answered 247. The information disclosing device 627 that has received the response 247 transmits the personal secondary information included in the discloseable range indicated by the access qualification included in the response 247 among the personal secondary information requested by the facility manager 610. The information is read from the secondary information database server 606 and transmitted to the access terminal 629 as a response 243 to the information disclosure request. The access terminal 629 displays the received personal secondary information (discloses it to the facility manager 610) (a personal information browsing step).

Then, the facility manager 610 browses the disclosed personal secondary information, and determines from the contents that the rental service can be provided, and agrees with the user to lend the rental house to the user. , User identification card 601
Is set in the electronic lock 600 so that the electronic lock 600 is locked or unlocked by the identification ID 620 recorded in (1) (use start setting stage). The user 611 locks or unlocks the electronic lock 600 using the identification card 601 and uses the rental house. Thereafter, when stopping the use of the rental house by the user 611, the facility manager 610 inserts his / her own identification card into the card slot 223a of the access terminal 629 and the identification recorded on the identification card 601 of the user 611. The electronic lock 600 is set so as not to be locked or unlocked by the ID 620 (steps S760 and S760).
780).

The electronic lock 600 of this embodiment, the identification card 601 for the electronic lock, the electronic lock system 602, and the electronic lock 6
Since the method for providing a rental service of a rental house provided with the 00 is configured as described above, the following effects can be obtained in addition to the effects of the fifth embodiment. (1) Identification card 601 in which identification ID 620 is not registered in electronic lock 600 (identification card 601 other than user)
In this case, the electronic lock 600 cannot be locked or unlocked, so that the safety is enhanced. (2) By giving the identification card 601 to the agent, the holder of the identification card 601 can request the agent to lock or unlock the electronic lock 600.

(3) When the identification card 601 is lost or stolen, the facility manager 610 is contacted and the use information stored in the electronic lock 600 is erased so that the identification card 601 cannot be used immediately. Can be (4) Since the user 611 can be authenticated by the identification ID 620 recorded on the identification card 601, it is not necessary to obtain an identity certificate from an external authentication center such as a government at the time of contract.

(5) The personal information is only viewed by the facility manager 610 at the time of contract (at the time of authentication and at the time of viewing the personal secondary information), and the facility management side (the access terminal 629 and the electronic lock 600) does not. Since no personal information remains, information leakage can be reduced. (6) Since the identification card 601 is not dedicated to the electronic lock system, the number of cards as keys managed by the user 611 does not increase even when the use of the electronic lock system 602 is started. Further, if the electronic lock system 602 becomes widespread, a plurality of electronic locks 600 can be unlocked / locked with one identification card.

(7) To register the identification ID, the facility manager 6
Both identification cards 601 must be inserted into the card slot 223a of the access terminal 629 in such a manner that the respective identification IDs 620 recorded on the ten identification cards 601 and the user 611 can be read almost simultaneously. Therefore, the user 611 sets the identification ID 620
And the unauthorized operation of the facility manager 610 can be suppressed. (8) Since the history storage device 626 is configured to store the history (used history) of ID inquiries as identity confirmation, unauthorized use (including use for other purposes) of the identification card 601 is performed. Not only can the criminal investigation at the time of discovery be facilitated, but also the effect of deterring the unauthorized use of the facility manager 610 and the user 611 can be enhanced.

(9) In the present invention, the electronic lock maker 612 provides the key because the identification card 601 in which the individual identification ID 620 distributed to each individual is recorded is used as a key. There is no need and there is no need to manage duplicate keys.

Note that the present invention is not limited to the above-described embodiment, and may be embodied by appropriately changing, for example, the following without departing from the spirit of the invention. (1) A device other than the history storage device 626 is configured to store a history of use of the device other than the history storage device 626.

(2) The information disclosure device 627 is provided for each personal secondary information database server 606. In addition, an access qualification setting device 628 can be provided for each personal secondary information database server 606.

(3) Access terminal 629 and electronic lock 60
Wired communication means is adopted as the communication means with 0. (4) access terminal 629, history storage device 626,
Adopting wireless communication means as communication means with the information disclosure device 627 or the like.

(5) Identification ID storage section 65 of electronic lock 600
5 so that a plurality of identification IDs 620 can be stored, and when an identification card 601 on which any one of the identification IDs 620 is recorded is inserted into the card slot 652a, the electronic lock 600 is locked or unlocked. thing. Thus, the electronic lock 600 can be used by a plurality of persons.

Further, the present invention aims to solve the problems of the second conventional example and to provide an authentication method and an authentication system which can be realized at low cost without depending on the ability of the person to be authenticated alone. Is disclosed. Here, the interpretations of the terms included below are the same as those described in [Means for Solving the Problems] in this document.

In order to achieve the above object, the authentication method of the present invention is an authentication method for at least two of a plurality of individuals each having an identification medium recording unique identification information to authenticate each other. The at least two individuals present the identity information associated with the identification information of their identification medium to the other of the at least two individuals, whereby the at least two individuals A confirmation step of mutually confirming the identity of the holder of each of the identification media, and an identification information reading device for reading the identification information from the identification medium to indicate that they have confirmed each other, Setting the identification medium of the at least two individuals so that the identification information of the at least two individuals can be read substantially simultaneously.

The authentication system according to the present invention is an authentication system for at least two of a plurality of individuals to authenticate each other. The identification system records unique identification information and identifies each individual. Medium and the identification information associated with the identification information of the identification medium of the at least two individuals to mutually confirm that the at least two individuals are the owners of the identification media. Personal identification information presenting means for an individual to present to the at least two of the at least two individuals, and the identification information of the at least two individuals can be read at substantially the same time to indicate the mutual confirmation And an identification information reading device capable of setting the identification medium of the at least two individuals in an appropriate state.

The personal identification information and the personal identification information presenting means are not particularly limited, but the following modes can be exemplified. Note that, in the authentication method of the present invention, the personal identification information presenting means may include: "Personal identification information associated with the identification information of the identification medium of the user, wherein the at least two individuals have the at least two individuals. Present to other individuals within "means the means used.

(1-1) The identity verification information is a portrait of the identity, and the identity verification information presenting means displays the portrait on the identification medium, or displays the identification on a medium different from the identification medium. An aspect in which a display unit that displays the portrait in association with information is provided.

(1-2) The identity verification information is an expression indicating the characteristics of the identity, and the identity verification information presenting means displays the expression on the identification medium, or a medium different from the identification medium. A display unit for displaying the expression in association with the identification information.

(1-3) The personal identification information is personal portrait data or audio data, and the personal identification information presenting means is provided on the identification medium or on a medium different from the identification medium. A mode in which the portrait data or the audio data recorded in association with the identification information is output to an output unit.

(1-4) The identity verification information is expression data indicating the characteristics of the identity, and the identity verification information presenting means is provided on the identification medium or on a medium different from the identification medium. An aspect in which the expression data recorded in association with the identification information is output to an output unit.

Although the authentication method is not particularly limited, an embodiment including a history storing step of storing the authenticated history can be exemplified. The authentication system is not particularly limited, but may be an embodiment including a history storage unit for storing the history of authentication.

Further, in this document, an access qualification setting device and an information disclosure device which can solve the problem of the third embodiment and can objectively and rationally manage and disclose a variety of subdivided personal information. , And the following invention for providing a database system is disclosed. Here, the interpretations of the terms included below are the same as those described in [Means for Solving the Problems] in this document.

In order to achieve the above object, the access qualification setting device of the present invention is a means used for disclosing information required by a combination of at least two individuals, the information relating to the combination of individuals. On the basis of the,
An access qualification setting unit for setting access qualification information indicating a range of information that can be disclosed to the combination of individuals is provided.

The information disclosing device of the present invention is a means used for disclosing information required by a combination of at least two individuals, and indicates a range of information that can be disclosed to the combination of the individuals. An information disclosing means for disclosing information included in the range indicated by the access qualification information to the combination of individuals is provided.

Further, the database system of the present invention
A database system for disclosing information required by a combination of at least two individuals, the access being configured to set access qualification information indicating a range of information that can be disclosed to the combination of individuals based on information on the combination of individuals. A qualification setting unit; and an information disclosure unit that discloses information included in a range indicated by the access qualification information to the combination of individuals.

Further, the database system of the present invention
A database system for disclosing information required by a combination of at least two individuals, wherein the database can be disclosed to a combination of individuals based on information relating to the identity of the individual and information relating to the combination of the individuals. Access qualification setting means for setting access qualification information indicating a range of information, and information disclosure means for disclosing information included in the range indicated by the access qualification information to the combination of the individuals who have been authenticated. It has.

The information on the combination of individuals can be exemplified by information on the individual and a combination of information on the individual. Further, the requested information can be exemplified by a mode including personal information of any one of the individuals.

The access qualification setting device is not particularly limited, but can be exemplified by a mode provided with history storage means for storing the history of use. Further, the information disclosure apparatus is not particularly limited, but can be exemplified by a mode provided with a history storage unit for storing a history of use. Further, the database system is not particularly limited, but can be exemplified by an embodiment including a history storage unit for storing a history of use.

[0152]

As described above in detail, the electronic lock according to the present invention,
According to the electronic lock system and the method of providing a service for using a locked object provided with the electronic lock, user registration and key management can be easily performed.

Further, according to the present invention, it is possible to perform authentication without depending on the capabilities of the owner or manager of the product and the user, and to realize this at low cost.

Further, according to the present invention, it is possible to objectively and rationally manage and disclose a wide variety of subdivided personal information.

[Brief description of the drawings]

FIG. 1 is a configuration diagram illustrating an authentication system according to a first embodiment of the present invention.

FIG. 2 is a flowchart showing a flow of an authentication process of the authentication system.

FIG. 3 is a configuration diagram illustrating an authentication system according to a second embodiment that embodies the present invention.

FIG. 4 is a configuration diagram illustrating an authentication system according to a third embodiment that embodies the present invention.

FIG. 5 is a configuration diagram showing an authentication system according to a fourth embodiment of the present invention;

FIG. 6 is a block diagram illustrating a configuration of a database system according to a fifth embodiment of the present invention.

FIG. 7 is a block diagram showing a configuration of an access terminal of the database system.

FIG. 8 is a block diagram showing a configuration of a card management device of the database system.

FIG. 9 is a block diagram showing a configuration of an information disclosure device of the database system.

FIG. 10 is a block diagram showing a configuration of an access qualification setting device of the database system.

FIG. 11 is a flowchart showing a flow of an information access process executed by the access terminal.

FIG. 12 is a flowchart showing a flow of an ID inquiry process executed by the card management device.

FIG. 13 is a flowchart showing the flow of personal primary information disclosure processing executed by the card management device.

FIG. 14 is a flowchart showing a flow of personal secondary information disclosure processing executed by the information disclosure device.

FIG. 15 is a flowchart showing a flow of an access qualification setting process executed by the access qualification setting device.

FIG. 16 is a block diagram showing a basic concept of a rental service providing method of a rental house by an electronic lock system according to a sixth embodiment of the present invention.

FIG. 17 is a block diagram illustrating a configuration example of the system.

FIG. 18 is a block diagram showing a configuration of an access terminal of the system.

FIG. 19 is a block diagram showing a configuration of an electronic lock of the system.

FIG. 20 is a flowchart showing a flow of a usage information registration request process executed by the access terminal and a usage information registration process executed by the electronic lock.

FIG. 21 is a flowchart showing a flow of a usage information deletion request process executed by the access terminal and a usage information deletion process executed by the electronic lock.

FIG. 22 is a flowchart showing a flow of a locking / unlocking process executed by the electronic lock.

FIG. 23 is a diagram showing a flow of a procedure in a conventional rental service providing method.

[Explanation of symbols]

 REFERENCE SIGNS LIST 1 authentication system 2 identification card 3 authentication device 10 identification ID 11 portrait display section 16 card reader 16 a card slot 20 identification ID database 30 authentication system 31 identification card 32 authentication device 33 portrait data 40 authentication system 41 identification card 42 authentication device 44 portrait database Reference Signs List 50 authentication system 51 identification card 56 identification ID database server 201 database system 202 access qualification setting device 203 information disclosure device 204 access terminal 205 card management device 226 personal primary information database 227 personal secondary information database S320 ID inquiry process S360 personal secondary information Disclosure process S380 Access qualification setting process 600 Electronic lock 601 Identification card 602 Electronic lock system 606 Personal secondary information database Over bus 610 facility manager 611 user 620 identification ID 621 portrait display section 625 card management device 626 log storing apparatus 627 information disclosure device 628 access rights setting device 629 access terminal 655 identification information storage unit

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06F 15/00 330 G06F 15/00 330F 330G G06K 19/00 G06K 19/00 Q 19/10 S R

Claims (14)

[Claims] 1. An electronic lock provided on a locked object to be provided to a user and locked or unlocked based on identification information recorded on an identification medium, wherein said identification permitting locking or unlocking is provided. Identification information storage means for storing information; identification information input means for inputting the identification information stored in the identification medium; identification information stored in the identification information storage means; input from the identification information input means Lock control means for locking or unlocking when the identification information has a predetermined relationship with the identification information, the identification information is information capable of identifying an individual owner of the identification medium, An electronic lock, wherein the identification information storage means is configured to store the identification information read from the identification medium lent by the user. 2. An electronic lock system comprising: an identification medium on which identification information is recorded; and an electronic lock provided on a locked object to be provided to a user and locked or unlocked based on the identification information. The electronic lock, identification information storage means for storing the identification information permitting locking or unlocking, identification information input means for inputting the identification information stored in the identification medium, and the identification information storage means Lock control means for locking or unlocking when the identification information stored in the storage device and the identification information input from the identification information input means have a predetermined relationship, The identification information is information that can identify an individual owner of the identification medium, and the identification information storage means is configured to store the identification information read from the identification medium lent by the user. That Electronic lock system, characterized. 3. The electronic lock system according to claim 1, further comprising an authentication unit for authenticating a person who changes the storage content of the identification information storage unit. 4. The owner or manager of the locked article has an identification medium on which the identification information is recorded, and the authentication unit authenticates the owner or manager and the user with each other. In order to mutually confirm that the owner or the administrator and the user are the owners of the respective identification media, in order to match each other with the identification information of their own identification media. Personal identification information presenting means for presenting the attached personal identification information to each other; and indicating that the two parties have confirmed each other in a state where the identification information of the two can be read substantially simultaneously. The electronic lock or the electronic lock system according to claim 3, further comprising: an identification information reading device capable of setting the identification medium. 5. The personal identification information is a portrait of the principal, and the personal identification information presenting means displays the portrait on the identification medium, or relates the identification information to a medium other than the identification medium. 5. The electronic lock or the electronic lock system according to claim 4, further comprising a display unit for displaying the portrait. 6. The identity verification information is an expression indicating a feature of the identity, and the identity verification information presenting means displays the expression on the identification medium, or displays the identification on a medium different from the identification medium. The electronic lock or the electronic lock system according to claim 4, further comprising a display unit that displays the expression in association with information. 7. The personal identification information is personal portrait data or audio data, and the personal identification information presenting means is provided on the identification medium or on a medium different from the identification medium. The electronic lock or the electronic lock system according to claim 4, wherein the portrait data or the audio data recorded in association with the electronic lock is output to an output unit. 8. The personal identification information is expression data indicating characteristics of the personal identification, and the personal identification information presenting means is configured to store the identification information in a medium recorded on the identification medium or in a medium different from the identification medium. 5. The electronic lock or the electronic lock system according to claim 4, wherein the expression data recorded in association with the above is output to an output unit. 9. The electronic lock or the electronic lock system according to claim 3, wherein the authentication unit includes a history storage unit that stores an authenticated history. 10. A database system for disclosing personal information of the user requested by the owner or the administrator and the user, wherein the database system includes the owner or the administrator and the user. Access qualification setting means for setting access qualification information indicating a range of information that can be disclosed to the combination, based on the information about the combination, and disclose information included in the range indicated by the access qualification information to the combination The electronic lock system according to any one of claims 2 to 9, further comprising information disclosure means. 11. The electronic lock system according to claim 10, wherein said database system includes history storage means for storing a history of use. 12. A service for an owner or a manager of a locked article provided with an electronic lock for locking or unlocking based on identification information recorded on an identification medium to provide the locked article to a user. A providing method, wherein the identification medium is owned by each of the user and the owner or the manager, and the identification information is information capable of identifying an owner of the identification medium. An authentication step of authenticating both of the user and the owner or the administrator using the identification information of the owner or the administrator; and when the user and the owner or the administrator are authenticated in the authentication step. A use start setting step of setting the electronic lock so that the electronic lock is locked or unlocked when the user's personal identification information is input. 13. The authentication step includes the steps of: presenting personal identification information associated with the identification information of the identification medium of the identification medium to the other party; A confirmation step of mutually confirming that the identification information is read from the identification medium by an identification information reading device for reading the identification information. 13. The service providing method for a locked article provided with an electronic lock according to claim 12, further comprising a setting step of setting both of the identification media in a readable state at the same time. 14. When the user and the owner or the manager are authenticated in the authentication step, personal information browsing for extracting the personal information of the user so that the owner or the manager can view the personal information. 13. The method of providing a service for using a locked article provided with an electronic lock according to claim 12, wherein the step includes a step before the step of setting use start.