JP2003198536A - Temporary worker management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To exactly authenticate a temporary worker without requiring complicated work such as the presence of a person proving the identity of the temporary worker. <P>SOLUTION: A temporary worker management device 21 prepares temporary worker data containing the fingerprint data of a serviceman to be dispatched, enciphers the temporary worker data into cryptographic data for equipment by using a secret key SK for equipment unequivocally corresponding to a public key PK for equipment assigned to a dispatching object equipment 31 and transmits the data to the equipment 31 of the dispatching object. The equipment 31 of the dispatching object stores the contents of the temporary worker data deciphering the received enciphered data for equipment by using the public key PK for equipment intrinsic for that equipment in a storage part 30c as registered user data. The temporary worker data containing the fingerprint data of the serviceman determined on a maker site 2 are registered in the equipment 31 of the dispatching object beforehand, a proper serviceman visits that equipment 31 and his/her fingerprint is read. Thus, it can be judged by collating processing in a collation part 30b that the serviceman is proper. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a dispatcher management system for dispatching an appropriate dispatcher to a device whose operation is restricted based on a user authentication result based on biometric information such as a fingerprint.

[0002]

2. Description of the Related Art Some OA equipments and FA equipments are capable of limiting the operation and executable functions of the equipment itself according to the authority of each user. Such a device has conventionally been provided with an input means for accepting an input of user data such as biometric information for identifying a user, and the user data of a user who is permitted to use the device and the use of each user are permitted. There is a database provided with the functions stored in advance for each user, and the database is searched for user data input through the input means. As a result, if the input user data does not exist in the database, the user is prohibited from using the device, and if the input user data exists in the database, only the functions that the user is permitted to use. Are enabled.

For example, in Japanese Unexamined Patent Publication No. 2001-034436, a printer reads a user's fingerprint, determines whether the user is a registered user based on the read fingerprint, and registers the registered user. A configuration is disclosed in which a job is preferentially executed.

Further, in Japanese Unexamined Patent Application Publication No. 2001-182395, when a visitor inputs biometric information such as a fingerprint into a reception device, the reception device sends the biometric information to a collating device provided in the confidential area, and the biometric information is sent to the confidential area. A structure for managing the entrance and exit of visitors is disclosed.

By combining these technologies,
Even if the device is installed in a confidential area, the dispatcher also plays a role by transferring the biometric information input by the dispatcher at the reception device to the target device and registering it while keeping the confidentiality ( The target device can be operated based on the authority according to maintenance and inspection work or contract work.

[0006]

[Problems to be Solved by the Invention] However, in order to confirm whether or not the dispatcher is the principal, when the dispatcher data of each dispatcher is registered, the person in charge of the dispatcher and the person in charge of the dispatchee are in charge. There is a problem that it is necessary to witness a person who can prove that the dispatcher such as the dispatcher is who he / she is, and the registration work of the dispatcher data becomes complicated. Even if the dispatcher is a person dispatched in a very short period of time, such as a service person who performs maintenance and inspection work on equipment, the same proof at the time of registering the dispatcher data to ensure the security of the confidential area. Is required, and complicated identification is required for each maintenance and inspection work.

An object of the present invention is to send dispatcher data including biometric information for identifying each dispatcher from a dispatch source device to a dispatch destination device before dispatching the dispatch destination device. By registering the dispatcher data in advance,
It is an object of the present invention to provide a dispatcher management system capable of accurately authenticating a dispatcher without requiring complicated work such as witnessing of a person who can definitely prove that the dispatcher is who he / she is.

[0008]

The present invention has the following structure as means for solving the above problems.

(1) In a dispatcher management system in which a single or a plurality of devices and a dispatcher management device for managing a single or a plurality of dispatchers to be dispatched to each device are connected via a public line network, The device is a public key for a device, which is encrypted data for a device, which is obtained by encrypting dispatcher data including biometric information for identifying each dispatcher through a private key for a device that corresponds to a public key for the device that is unique for each device. Device decryption means for decrypting the dispatcher data by using, registration means for registering the dispatcher data decrypted by the decryption means, and user data input means for accepting input of user data including biometric information for identifying a user And a comparing unit that compares the user data input by the user data input unit with the dispatcher data registered by the registering unit, and the dispatcher management device specifies the biometric information for identifying each dispatcher. A dispatcher database that stores dispatcher data for each dispatcher, a secret key database that stores a device-use secret key for each device, and dispatcher data retrieved from the dispatcher database as the dispatcher to be dispatched The device dispatcher dispatches the device encryption means that encrypts the device encryption data with the device private key retrieved from the private key database as the device corresponding to the above, and the device encryption data encrypted by the device encryption device. And a device-side transmitting means for transmitting to an appropriate device.

In this configuration, it is necessary to dispatch the dispatcher with any one of the single or multiple devices, and when the dispatcher management device determines the dispatcher to be dispatched,
Dispatcher data including biometric information that identifies the dispatcher,
The encrypted key for the device is encrypted by the private key for the device that corresponds to the public key for the device that is unique to the device to be dispatched, and the encrypted data for the device is sent from the dispatcher management device to the device that requires the dispatch of the dispatcher. The received device decrypts the device encrypted data into the dispatcher data using the unique device public key and registers it. Therefore, by decrypting the device encrypted data with the device public key unique to each device, the encryption is performed with the proper device private key that uniquely corresponds to the device public key known only to the manufacturer of the device. It is confirmed whether or not the dispatcher data is encrypted, and when registering the dispatcher data, the dispatcher can confirm that the dispatcher is who he or she is without the need for complicated work such as witnessing a person. Accurately authenticated and device security is maintained.

(2) The dispatcher management device includes a dispatcher selection device including the dispatcher database, and a transfer processing device including the secret key database, the device encryption means, and the device transmission means. The dispatcher selection device is configured so as to be communicably connected to each other, and the dispatcher selection device has a unique device secret key for device data specifying a device to dispatch the dispatcher and dispatcher data specifying a dispatcher to the device. The transfer processing device includes: a device encryption unit that encrypts the device encrypted data by the device; and a device transmission unit that sends the device encrypted data encrypted by the device encryption unit to the transfer processing device. A device decrypting unit for decrypting the encrypted data for the device transmitted by the transmitting unit for the device into the device data and the dispatcher data by the public key for the device corresponding to the private key for the device And it features.

In this configuration, even when the dispatcher dispatches to the equipment from the dispatching company which is a separate organization from the equipment manufacturer, the transfer processing provided by the equipment manufacturer from the dispatcher selecting device of the dispatching company. The encrypted data for the device, which is encrypted with the private key for the device that is unique to the dispatching company, which has been negotiated between the dispatching company and the manufacturer of the device, is transmitted to the device. The encrypted data for use is decrypted. Therefore, it is confirmed whether the device data and the dispatcher data are encrypted by the proper device secret key that uniquely corresponds to the device public key, and the data is transmitted from the transfer processing device of the device manufacturer. The dispatcher is correctly authenticated by comparing the dispatcher data obtained by decrypting the encrypted device data and the user data input by the dispatcher dispatched from a dispatching company of a different organization from the manufacturer of the device. .

(3) Each device is connected to a device management server via a LAN, and the device management server sends a public key database for storing a device public key for each device and the dispatcher management device. Decryption means for equipment that decrypts the encrypted data for equipment to the dispatcher data with the public key for equipment retrieved from the public key database as unique to the destination equipment, and the dispatcher data decrypted by the decryption means for equipment And a data transfer unit for transferring the encrypted data to a destination device.

In this configuration, the equipment to which the dispatcher is to be dispatched is connected to the equipment management server via LAN, and the equipment management server sends the equipment encryption data transmitted from the dispatcher management apparatus to the dispatcher to be dispatched. Decrypts the dispatcher data using the device-specific public key and transfers it to the device. Therefore, it is not necessary to equip each device with the device decryption means for decrypting the encrypted device data transmitted from the dispatcher management device into the dispatcher data. Further, even when the device to which the dispatcher should be dispatched does not work due to a failure, the dispatcher data decrypted by the device management server enables the dispatcher to be authenticated in another device that constitutes the LAN together with the device management server. Become.

(4) An entrance / exit management device which is connected to the device management server via a LAN and manages entry / exit to / from the device installation place where the device is installed, and which is transmitted from the device management server. Registration means for registering dispatcher data, entrance / exitor data input means for accepting entry / exitor data including biometric information for identifying enter / exiters, and entrance / exitor data input by the enter / exit person data input means Comparing means with the dispatcher data registered by the registering means, and the equipment management server comprises data transmission means for transmitting the dispatcher data decrypted by the decryption means for equipment to the entrance / exit management device. It is characterized by that.

In this configuration, the device encryption data transmitted from the dispatcher management device is decrypted into the dispatcher data by the device management server, and then the dispatcher is sent to the entrance / exit management device together with the device to be dispatched. After being transmitted, the entrance / exit management device compares the dispatcher data with the exit / entry data to manage the entry / exit of the dispatcher. Therefore, the dispatcher data transmitted from the dispatcher management device as the device encrypted data not only authenticates the dispatcher in the device, but also authenticates the dispatcher when entering / leaving the installation location of the device.

(5) The dispatcher management device includes authority data of each dispatcher in the dispatcher data stored in the dispatcher database, and each device controls the operation based on the authority data included in the dispatcher data. It is characterized by comprising a control means for

In this configuration, the dispatcher data transmitted from the dispatcher management apparatus to the device as the device encrypted data includes the authority data of each dispatcher, and each device is based on the authority data included in the dispatcher data. The operation is controlled.
Therefore, the operation contents of the equipment by each dispatcher are changed according to the authority of the dispatcher.

(6) The dispatcher data includes dispatch date and time data indicating the date and time when the dispatcher is dispatched to the equipment, and each equipment has a deadline for registration of the dispatcher data based on the dispatch date and time data included in the dispatcher data. It can be managed.

According to this configuration, the data of the outsider is not stored for a long period of time after the work by the dispatcher is completed, and it is possible to prevent a past dispatcher from maliciously working on the device. Security can be improved.

[0021]

1 is a block diagram showing the configuration of a dispatcher management system according to a first embodiment of the present invention. Further, FIG. 2 is a diagram showing the contents of data stored in each unit of the dispatcher management system. The dispatcher management system 1 according to this embodiment dispatches a service person who performs maintenance work related to maintenance, inspection, repair, etc. of equipment sold by the equipment manufacturer to the installation location of each equipment. It is composed of an affiliated manufacturer site 2 and a dispatch destination site 3 belonging to an organization such as a company having an office in which equipment is installed.

In the manufacturer site 2, the dispatcher management device 2
1 and a LAN 23 including the private key database 22. This LAN 23 is a firewall 24
Via, for example, a public line network 4 such as the Internet including a public telephone line network. LAN2
3 includes a mail server 25 that stores a mail transmitted from the dispatch destination site 3 or the like via the public network 4. Further, the firewall 24 is included as a part of the device-oriented transmitting means of the present invention.

The dispatcher management device 21 includes a serviceman database 21a, an encryption section 21b and an input section 21c. The serviceman database 21a is a dispatcher database of the present invention, and as shown in FIG. 2A, for each of a plurality of servicemen, an individual ID which is code data for identifying each serviceman and each serviceman. Name, skill information indicating the skill level of each service person, authority information indicating the function that each service person is permitted to perform in the device or the device permitted to perform the work, and the biometric information of each service person The fingerprint data and the like are stored. Of these, at least personal ID and fingerprint data constitute dispatcher data for identifying each service person.

The encryption unit 21b is the device encryption means of the present invention, and uses the device encryption data for the dispatcher data of the serviceman to be dispatched by a predetermined encryption method using the device secret key SK described later. To encrypt. Input unit 21c
Receives an input operation of data such as work content and location for selecting a service person to be dispatched.

As shown in FIG. 2 (B), the private key database 22 is for each of a plurality of shipped devices,
A device ID which is code data for identifying each device, a model of each device, a device mail address indicating a destination of a mail to each device, and a device secret key SK assigned to each device
(Including SKa to SKz), and a delivery destination ID for identifying the delivery destination of each device are stored. As will be described later, the device manufacturer to which the manufacturer site 2 belongs assigns a device public key PK unique to each device at the time of shipment of each device, and the device private key SK is unique to the device public key PK. It corresponds to.

With this configuration, the dispatcher management device 21
The serviceman database 21a is searched for a serviceman to be dispatched based on the data input from the input unit 21c, and after the dispatcher data of the serviceman that matches the work content etc. is read out, the serviceman is selected as the device to be dispatched. Correspondingly, any one of the device secret keys SKa to SKz read out from the secret key database 22 is used to encrypt the device encrypted data, and for example, the service person is attached to an e-mail to the device to be dispatched to the public network. Four
Send to.

A plurality of devices 31 are installed in the dispatch destination site 3.
The LAN 32 is configured by (31a to 31z). The LAN 32 is connected to the public telephone line network 4 via the firewall 33. The LAN 32 includes a mail server 34 that stores mail sent from the manufacturer site 2 or the like via the public telephone line network 4.

Each device 31 is manufactured by a device manufacturer to which the manufacturer site 2 belongs. Equipment 31
A unique device public key PK (PKa to PKz) is stored in each of (31a to 31z). The device public keys PKa to PKz are individually assigned to the devices 31a to 31z by the device manufacturer to which the manufacturer site 2 belongs at the time of shipment. Each of the above-mentioned device secret keys SKa to SKz is created corresponding to each of the device public keys PKa to PKz.

Each of the devices 31a to 31z has a fingerprint input section 30a, a collating section 30b, a decrypting section 30c, and a registering section 3.
0d and a storage unit 30e are provided. As an example,
In the device 31a, the fingerprint input unit 30a is the user data input means of the present invention, and reads fingerprints as biometric information of the user and the service person who use the device 31a.

The collating unit 30b is the comparing means of the present invention, and collates the fingerprint of the user or serviceman read by the fingerprint input unit 30a with the fingerprint read from the registered user data stored in the storage unit 30e. Decoding unit 30c
Is a device decryption means of the present invention, and is a maker site 2
The device encrypted data transmitted from the device is the device public key PKa.
Is decrypted into dispatcher data by a predetermined decryption process using. The registration unit 30d stores the dispatcher data decrypted by the decryption unit 30c in the storage unit 30c as a part of the registered user data. The storage unit 30c stores registered user data together with the device public key PKa.

The registered user data is, as shown in FIG. 2C, a user ID which is code data for identifying each user for each of a plurality of users who are permitted to use or operate each of the devices 31a to 31z, It is composed of a name of each user, authority information set for each user, fingerprint data as biometric information for identifying each user, and the like. The registration unit 30d is the registration means of the present invention, and stores the personal ID and fingerprint data of the service person included in the dispatcher data as one of the users in the registered user data. It should be noted that the authority information in the registered user data indicates here whether it is an employee of a company to which the dispatch destination site 3 belongs, an outsider who does not have a confidentiality obligation, or an outsider who has a confidentiality obligation. It is the data shown.

FIG. 3 is a flowchart showing a processing procedure in the dispatcher management apparatus and equipment in the dispatcher management system. Equipment 31a included in the dispatch site 3
31z, if it is necessary to request the dispatch of a serviceman at the time of maintenance or when a failure occurs, the equipment 31a-31b requests the manufacturer site 2 to dispatch a serviceman. An email to that effect is sent. By receiving this email,
The operator of the manufacturer site 2 recognizes the necessity of dispatching a service person. The manufacturer site 2 can grasp the operating status of each of the devices 31a to 31z, and the manufacturer site 2 side can recognize the necessity of dispatching a service person due to the arrival of a predetermined maintenance time.

Any device 3 on the manufacturer site 2
The dispatcher management apparatus 21 starts its operation by the operation of the operator who recognizes the necessity of dispatching a service person to 1a to 31z. First, the dispatcher management apparatus 21 accepts input of data such as equipment to be dispatched and work content in the input unit 21c (s1), and dispatches by referring to the serviceman database 21a based on the input data. A service person to be dispatched and a date and time to dispatch the service person are selected (s2, s3).

Next, the dispatcher management device 21 extracts data for identifying the selected serviceman from the serviceman database 21a, and creates dispatcher data including fingerprint data of dispatched serviceman and dispatch date and time ( s
4). Further, the dispatcher management device 21 is configured to send the dispatched device 3
The private key database SK for device 1 is searched in the private key database 22 (s5), and the dispatcher data is encrypted into encrypted data for devices using the corresponding private key SK for devices (s5).
6). The dispatcher management apparatus 21 attaches the encrypted data for the device to an email to the device 31 to be dispatched and sends it (s
7).

On the other hand, when the device 31 to be dispatched receives the device encrypted data attached to the mail transmitted from the dispatcher management apparatus 21 (s11), the device 31 stored in advance in the storage unit 30c. Device-specific public key P
The encrypted data for the device is decrypted into the dispatcher data using K (s12). Next, the device 31 determines whether or not the device-encrypted data has been successfully decrypted (s1
3) If the decryption is successful, the storage unit 30c stores the other contents of the dispatcher data as registered user data with the dispatch date and time included in the dispatcher data as the expiration date.
(S14), the notification is sent to the terminal device (not shown) of the administrator included in the LAN 32 (s15). On the other hand, when the device-encrypted data cannot be decrypted normally, the device 31 notifies the terminal device of the administrator to that effect (s1).
3 → s15).

In this way, the dispatcher data including the fingerprint data is registered in advance in the equipment 31 to be dispatched for the service person defined in the manufacturer site 2, and an appropriate service person goes to the equipment 31 to be dispatched. By reading the fingerprint, the device 31 determines that the service person is an appropriate service person by the verification process of the verification unit 30b. As a result, only the appropriate service person can dispatch the equipment 3
It is possible to perform work such as maintenance and inspection for 1.

When the LAN 32 of the dispatch destination site 3 includes an entry / exit management device for managing entry / exit to / from the installation location of the device 31, the dispatcher data that can be normally decrypted from the device encrypted data. May be transmitted from the device 31 to the entrance / exit management device.

As described above, in the dispatcher management apparatus 1 according to this embodiment, the dispatcher data including the fingerprint data which is the biometric information for identifying the service person to be dispatched to the dispatch target device 31 is provided as a service. At the manufacturer site 2 that manages humans, the device secret key SK uniquely corresponding to the device public key PK unique to the device 31 to be dispatched is used to encrypt the device encrypted data and send it to the device 31. As a result, the contents of the dispatcher data created at the manufacturer site 2 will not be leaked to other than the dispatch destination site 3.

The encrypted data that can be normally decrypted by the device public key PK unique to the device 31 to be dispatched uses the device secret key SK that uniquely corresponds to the device public key PK. Since only the encrypted data is encrypted, the device encrypted data created by other than the manufacturer site 2 is not decrypted by the dispatched device 31.
Therefore, fingerprint data of a person other than a proper serviceman managed on the manufacturer site 2 is not registered in the device 31, and by preregistering his / her fingerprint data in the device 31, he / she impersonates. It is possible to reliably prevent a malicious outsider from operating the device 31.

Further, in the dispatcher management apparatus 1 according to this embodiment, the dispatcher data to be encrypted as the device encryption data includes the dispatch date and time, and the device 31 stores the registered user data based on the dispatch date and time. Since the deadline management of the dispatcher data of the outside is performed, the data of outsiders is not saved for a long time after the maintenance and inspection work by the service person is completed, and the manufacturer site 2
It is possible to prevent a past service person who has left the company from operating the device 31 maliciously, and it is possible to further improve security at the dispatch destination site 3.

FIG. 4 is a block diagram showing the configuration of the dispatcher management system according to the second embodiment of the present invention. Further, FIG. 5 is a diagram showing the contents of data stored in each unit of the dispatcher management system. The dispatcher management system 101 according to this embodiment dispatches a serviceman who performs maintenance work related to maintenance, inspection, repair, etc. of equipment sold by equipment manufacturers to a location where each equipment is installed from a dispatching company affiliated with the equipment manufacturer. The manufacturer site 102 belonging to the device manufacturer, the dispatch company site 103 belonging to the dispatch company affiliated with the device manufacturer, and
It is composed of a dispatch destination site 104 belonging to an organization such as a company having an office in which the equipment is installed.

In the maker site 102, the LAN 12 including the transfer processing device 121 and the private key database 122.
3 are configured. The LAN 123 is connected to a public line network 105 such as the Internet including a public telephone line network via a firewall 124. The LAN 123 includes a mail server 125 that stores a mail transmitted from the dispatch destination site 104 or the like via the public line network 105.

The transfer processing device 121 constitutes a part of the dispatcher management device 21 in the dispatcher management system 1 according to the first embodiment, together with the dispatcher selection device 131 described later, and is encrypted / decrypted. The device public key PK including the unit 121a and corresponding only to the device secret key SKM described later.
Remember M.

The encryption / decryption unit 121a is the device encryption means and device decryption means of the present invention, and uses the device secret key SK, which will be described later, to determine the dispatcher data of the service person to be dispatched. The encrypted data for the device is encrypted by the encryption method, and the encrypted data for the device transmitted from the dispatch company site 103 is decrypted into the dispatcher data by a predetermined decryption method using the public key PKM for the device.

The secret key database 122 is substantially the same as the secret key database 22 of the dispatcher management system 1 according to the first embodiment described above. However, FIG. 5 (A)
As shown in, for each of a plurality of shipped devices, instead of the device email address stored in the private key database 22, a delivery destination email address indicating the destination of the email to the delivery destination of each device to which the service person is dispatched I remember.

A LAN 132 including a dispatcher selection device 131 is constructed in the dispatch company site 103. LA
The N 132 is connected to the public line network 105 via the firewall 133. The LAN 132 includes a mail server 134 that stores mail sent from the manufacturer site 102 or the like via the public line network 4.

The dispatcher selection device 131 constitutes a part of the dispatcher management device 21 in the dispatcher management system 1 according to the first embodiment together with the transfer processing device 121, and the serviceman database 131a. , An encryption unit 131b and an input unit 131c. The serviceman database 131a and the input unit 131c are
These are the same as the serviceman database 21a and the input unit 21c in the dispatcher management apparatus 21 of the dispatcher management system 1 according to the first embodiment. Encryption unit 131
Reference numeral b is an apparatus encryption means of the present invention, which encrypts the dispatcher data of the service person to be dispatched into the apparatus encrypted data by a predetermined encryption method using the apparatus secret key SKM.

The secret key SKM for this device is the maker site 1
02 is individually assigned by the equipment manufacturer to the dispatch company entrusted to dispatch the service person by the equipment manufacturer, and is unique to the public key PKM for the apparatus stored in the transfer processing apparatus 121 of the manufacturer site 102. Correspond to each other. When there are a plurality of dispatching companies outsourced to dispatching service personnel by the equipment manufacturer, the transfer processing device 121 uses a plurality of devices corresponding to each of the device secret keys SKM individually assigned to each dispatching company. Public key PK
Remember M.

Further, the dispatcher selection device 131 has a dispatch destination site 104 out of the equipment shipped by the equipment manufacturer to which the manufacturer site 102 belongs, to which the dispatch company to which the dispatch company site 103 belongs is entrusted to be managed by the equipment manufacturer. The model information M31a to M31z of each of the devices 31 (31a to 31z) included in is stored.

The LAN 12 in the manufacturer site 102
3 and the LAN 132 in the dispatch company site 103 can also be connected via a dedicated line.

A plurality of devices 3 are installed in the dispatch destination site 104.
1 (31a to 31z) configures the LAN 32, and the LAN 32 includes the device management server 141 and the entrance / exit management device 142.
This is the same as the LAN 32 in the dispatch destination site 3 of the dispatcher management system 1 according to the embodiment. However, the device 31 (31
In a to 31z), the decryption unit 30c included in the device 31 included in the dispatcher management system 1 according to the first embodiment is omitted. The reason for this will be described later.

The device management server 141 includes a decryption unit 141a.
And the equipment 31 (31a to 31z) included in the dispatch destination site 104 as shown in FIG.
For each of the above, a device ID that is code data for identifying each device, a model of each device, a device public key PK (PKa to PKz) assigned to each device, a device IP address assigned to each device, and It stores the installation location of each device. Device public key PK (PKa to PKz)
Is a device 31 (31a to 31) included in the LAN 32.
It is uniquely assigned to d) and is read in advance from each device 31 (31a to 31d).

The decryption unit 141a uses the device encrypted data transmitted from the manufacturer site 102 by using the device public key PK (PKa to PKz) unique to the device 31 (31a to 31d) to which the serviceman is dispatched. And decrypt it into dispatcher data.

The entrance / exit management device 142 uses the device 31 (31
a to 31z) are installed at the entrances and exits of the installation place, and manage the entrance and exit to and from the installation place. The fingerprint input unit 142a, the collation unit 142b, the registration unit 142c, and the storage unit 142d are provided. The fingerprint input unit 142a is
Fingerprints as biometric information of a user and a serviceman who pass through the entrance / exit management device 142 are read. Collating unit 142b
Compares the fingerprint of the user or service person read by the fingerprint input unit 142a with the fingerprint read from the registered user data stored in the storage unit 142d. Registration unit 14
2c stores the dispatcher data transmitted from the device management server 141 in the storage unit 142d as a part of the registered user data. The storage unit 142d stores registered user data.

The registered user data stored in the entrance / exit management device 142 may be substantially the same as the registered user data stored in each device 31 shown in FIG. 2C.

FIG. 6 is a flowchart showing a processing procedure in the dispatcher selection device, the transfer processing device and the device management server in the dispatcher management system. In the dispatcher management system 101 according to this embodiment, each device 31 (31a to 31a included in the LAN 32 in the dispatch destination site 104).
31z), when it is necessary to request the dispatch of a serviceman, for example, when it is time to perform maintenance or when a failure occurs, the devices 31a and 31b request the manufacturer site 102 to dispatch a serviceman. An email to that effect is sent. The transfer processing device 121 of the maker site 102 that receives this mail sends data that identifies the device 31 that is the sender of the received mail to the dispatch company site 1
03 by sending to 03
Operators recognize the need to dispatch service personnel. Note that the dispatcher management system 1 according to the first embodiment
In the same manner as the above, each device 31a on the dispatch company site 103
It is also possible to recognize the necessity of dispatching a service person due to the arrival of a predetermined maintenance time on the side of the dispatching company site 103 by grasping the operating conditions of the ~ 31z.

At the dispatching company site 103, the dispatcher selecting device 131 starts operating by the operation of the operator who recognizes the necessity of dispatching a service person to any of the devices 31a to 31z. The dispatcher selection device 131 first accepts input of data such as equipment to be dispatched and work content in the input unit 131c (s21), and the serviceman database 131 based on the input data.
The service person to be dispatched and the date and time to dispatch the service person are selected with reference to a (s22, s).
23).

Next, the dispatcher selection device 131 extracts data for identifying the selected serviceman from the serviceman database 131a, and creates dispatcher data including fingerprint data and dispatch date and time of the dispatched serviceman ( s24). Further, the dispatcher selection device 131 encrypts the dispatcher data into device cryptographic data using the device secret key SKM unique to the dispatching company (s25). The dispatcher selection device 131 sends the device encrypted data to the manufacturer site 1
It is attached to a mail for 02 and sent (s26).

On the other hand, the transfer processing device 121 of the manufacturer site 102 is the dispatcher selection device 13 of the dispatch company site 103.
When the device encrypted data attached to the mail transmitted from 1a is received (s31), the device public key PKM uniquely corresponding to the device private key SKM unique to the temporary agency of the sender of the mail is used. And decrypts the encrypted data for the device into the dispatcher data (s32). Then, the transfer processing device 12
1 determines whether or not the device-encrypted data could be normally decrypted (s33), and if successfully decrypted, the device secret key SK of the dispatch-targeted device 31 is determined.
In the private key database 122 (s3
4) Encrypt the dispatcher data into device encrypted data using the corresponding device private key SK (s35). The transfer processing device 121 transmits an email with the device encryption data attached to the device 31 to be dispatched (s36). When the transfer processing device 121 cannot successfully decrypt the device-encrypted data, the transfer processing device 121 notifies the administrator to that effect and ends the processing (s33 → s37).

The device management server 141 included in the LAN 32 of the dispatch destination site 104 receives the mail transmitted from the transfer processing device 121 in place of the device 31 to be dispatched. When the device management server 141 receives the device encrypted data attached to the mail transmitted from the transfer processing device 121 (s41), the device management server 141 uses the device public key PK unique to the dispatch target device 31 stored in advance. Decrypt the encrypted data for the device into the dispatcher data (s42). Next, the device management server 141 determines whether or not the device-encrypted data could be normally decrypted (s43), and if the device-encrypted data could be normally decrypted, the device management server 141 includes the dispatch included in the dispatcher data. The registered user data created by the other contents of the dispatcher data with the date and time as the expiration date is the dispatch target device 31.
And transmitted to the entrance / exit management device 142 (s44, s4
5) Notify the terminal device of the administrator (not shown) included in the LAN 32 (s46). On the other hand, if the device encrypted data cannot be decrypted normally, the device management server 141
Notifies the terminal device of the administrator to that effect (s43 → s
46).

In this way, the dispatcher data including the fingerprint data for the service person determined by the dispatcher selection device 131 of the dispatch company site 103 is transferred to the manufacturer site 10.
2 is transmitted to the device management server 141 constituting the LAN 32 together with the dispatch target device 31 via the second transfer processing device 121 to create registered user data, and this registered user data is dispatched device 31 prior to the dispatch of the service person. And is registered in advance in the entrance / exit management device 142. Therefore, an appropriate service person goes to the installation location of the dispatch target device 31 and causes the entrance / exit management device 142 and the dispatch target device 31 to read the fingerprints, so that the entrance / exit management device 142 and the device 31 can collate with the collation unit 142b. It is determined by the collation processing of 30b that he is a proper service person. As a result, only an appropriate service person can enter the installation location and perform maintenance / inspection work on the equipment 31 to be dispatched.

As described above, in the dispatcher management apparatus 101 according to this embodiment, in addition to the effects of the dispatcher management apparatus 1 according to the first embodiment, the dispatcher management apparatus 101 should be dispatched to the equipment 31 to be dispatched. Dispatcher data including fingerprint data, which is biometric information identifying a serviceman, is encrypted into device-encrypted data using a device-use secret key SKM unique to the dispatching company at the site 103 of the dispatching company managing the serviceman. By transmitting to the maker site 102, it is possible to prevent the dispatcher data from being leaked to the outside during the transmission from the dispatch company site 103 to the maker site 102.

The device public key PKM used for decrypting the device encrypted data at the maker site 102 is
Since the device maker to which the maker site 102 belongs can only decrypt the device encrypted data that has been encrypted using the device private key SKM unique to the dispatch company site 103 of the dispatch company that requested the dispatch of the service person. The device encrypted data created by other than the proper dispatch company site 103 will not be decrypted by the manufacturer site 102.
Therefore, the fingerprint data of a person other than a proper serviceman managed on the dispatch company site 103 is transferred to the transfer processing device 1.
21 is not registered in the device 31 via the device management server 141 and the device management server 141, and the device 31 is operated by a malicious outsider who pretends to be a serviceman by registering his / her fingerprint data in the device 31 in advance. Can be reliably prevented.

Further, in the dispatcher management system 101 according to this embodiment, the equipment management server 14 included in the LAN 32 together with the equipment 31 at the dispatch destination site 104.
Since the encrypted data for equipment is decrypted into the dispatcher data by 1, it is not necessary to provide a decryption unit in each equipment 31, and the operating efficiency of the original function of each equipment can be improved.

In the first and second embodiments described above, the dispatcher management system for dispatching service personnel who perform maintenance / inspection work on equipment has been described as an example. The service person is not limited to this.

[0066]

According to the present invention, the following effects can be obtained.

(1) When a dispatcher needs to be dispatched by any one of a single device and a plurality of devices, and the dispatcher management device determines the dispatcher to be dispatched, the dispatcher is specified. Equipment that requires the dispatch of a dispatcher from the dispatcher management device by encrypting the dispatcher data including biometric information to the encrypted data for the equipment by the private key for the equipment that corresponds to the public key for the equipment that is unique to the equipment to be dispatched. By transmitting the encrypted data for the device to the dispatcher data by decrypting the encrypted data for the device with the public key for the device unique to the device that received the encrypted data for the device
Only the manufacturer of the device knows whether or not the encrypted data for the device can be decrypted by the device public key unique to each device. It is encrypted by the proper device secret key that uniquely corresponds to the device public key. It is possible to confirm whether or not it is the dispatcher data. Therefore, when registering the dispatcher data, the dispatcher can be accurately authenticated without the need for complicated work such as witnessing a person who can certify that the dispatcher is who he / she is. Can be maintained.

(2) Even when a dispatcher is dispatched to a device from a dispatching company of a different organization from the manufacturer of the device, the dispatcher selecting device of the dispatching company is transferred to the transfer processing device of the manufacturer of the device. On the other hand, the encrypted data for the device encrypted with the private key for the device unique to the dispatched company, which is agreed between the dispatch company and the manufacturer of the device, is transmitted, and the device encryption is performed by the public key for the device in the transfer processing device. By decrypting the data, it is possible to confirm whether or not the device data and the dispatcher data are encrypted with the proper device private key that uniquely corresponds to the device public key.
Dispatcher data obtained by decrypting the device encryption data transmitted from the transfer processing device of the device manufacturer and user data input by a dispatcher dispatched from a dispatching company of a different organization from the device manufacturer The dispatcher can be accurately authenticated by comparing.

(3) The device to which the dispatcher should be dispatched is connected to the device management server via LAN, and the device encrypted data transmitted from the dispatcher management device by the device management server is the device public key unique to the device to be dispatched. By decrypting the dispatcher data with the device and transferring the decrypted worker data to the device, the device decrypting means for decrypting the encrypted device data transmitted from the dispatcher management device into the dispatcher data can be made unnecessary in each device. Even when the equipment to which the dispatcher should be dispatched does not work due to a failure, the dispatcher's data is decrypted by the equipment management server, and the dispatcher's authentication is performed in another device that constitutes the LAN together with the equipment management server. You can

(4) The encrypted data for equipment transmitted from the dispatcher management device is decrypted into dispatcher data by the equipment management server, and then transmitted to the entrance / exit management device together with the equipment to which the dispatcher should be dispatched. The entry / exit management device compares the dispatcher data with the entry / exiter data and manages the entry / exit of the dispatcher, so that the dispatcher data transmitted from the dispatcher management device as device encryption data is used in the device. Not only can the authentication of the dispatcher be performed, but also the authentication of the dispatcher when entering / leaving the installation location of the device can be performed.

(5) The dispatcher data transmitted from the dispatcher management device to the device as encrypted data for the device includes the authorization data of each dispatcher, and each device operates based on the authorization data included in the dispatcher data. By controlling, it is possible to change the operation contents of the equipment by each dispatcher according to the authority of the dispatcher.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a dispatcher management system according to a first embodiment of the present invention.

FIG. 2 is a diagram showing contents of data stored in each unit of the dispatcher management system.

FIG. 3 is a flowchart showing a processing procedure in a dispatcher management apparatus and equipment in the dispatcher management system.

FIG. 4 is a block diagram showing a configuration of a dispatcher management system according to a second embodiment of the present invention.

FIG. 5 is a diagram showing contents of data stored in each unit of the dispatcher management system.

FIG. 6 is a flowchart showing a processing procedure in a dispatcher selection device, a transfer processing device, and a device management server in the dispatcher management system.

[Explanation of symbols]

1, 101-Dispatcher management system 2,102-Manufacturer site 3,104-Dispatch destination site 21-Dispatcher Management Device 21a, 131a-Serviceman database 22,122-Private key database 103-Dispatch company site 141-Device Management Server

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04L 9/00 601F

Claims (5)

[Claims] 1. A dispatcher management system in which a single or a plurality of devices and a dispatcher management device for managing a single or a plurality of dispatchers to be dispatched to each device are connected via a public line network. Is the encrypted device data that is obtained by encrypting the dispatcher data including the biometric information identifying each dispatcher through the device private key corresponding to the device public key unique to each device. A device decryption means for decrypting the dispatcher data using the registration means, a registration means for registering the dispatcher data decrypted by the decryption means, a user data input means for accepting an input of user data including biometric information for identifying a user,
Comparing means for comparing the user data input by the user data inputting means with the dispatcher data registered by the registering means, and the dispatcher management device sends the dispatcher data including biometric information for identifying each dispatcher. Dispatcher database stored for each dispatcher, secret key database for storing equipment private key for each equipment, and dispatcher data retrieved from the dispatcher database as a dispatcher who should be dispatched as corresponding to that equipment and kept secret Device encryption means for encrypting device encryption data with the device private key retrieved from the key database, and device for transmitting the device encryption data encrypted by the device encryption device to the device to which the dispatcher should be dispatched A dispatcher management system, comprising: 2. The dispatcher management device includes a dispatcher selection device including the dispatcher database, and a transfer processing device including the secret key database, the device encryption means, and the device transmission means. The dispatcher selection device is configured to be communicatively connected, and the dispatcher selection device uses the unique secret key for the device to provide equipment data that identifies the equipment to which the dispatcher is to be dispatched and dispatcher data that identifies the dispatcher to be dispatched to the equipment. The device includes a device encryption unit that encrypts the device encrypted data, and a device transmission unit that transmits the device encrypted data encrypted by the device encryption unit to the transfer processing device. And a device decryption unit for decrypting the device encrypted data transmitted by the device transmitting unit to the device data and the dispatcher data by the device public key corresponding to the device private key. Dispatcher management system according to claim 1,. 3. Each device is connected to a device management server via a LAN, and the device management server stores a device public key for each device, and a device transmitted from the dispatcher management device. Decryption means for equipment that decrypts the encrypted data for use in the dispatcher data with the public key for equipment retrieved from the public key database as unique to the destination equipment, and encrypts the dispatcher data decrypted by the decryption means for equipment. The dispatcher management system according to claim 1 or 2, further comprising: a data transfer unit that transfers the data to a device of a data transmission destination. 4. An entrance / exit management device that is connected to the device management server via a LAN and manages entry / exit to / from the device installation location where the device is installed, the dispatch being sent from the device management server. Registering means for registering person data, entrance / exitor data input means for accepting entry / exitor data including biometric information for identifying enter / exiters, and entrance / exitor data input by the enter / exit person data input means. Comparing means for comparing with the dispatcher data registered by the registering means, and the equipment management server comprises data transmission means for transmitting the dispatcher data decrypted by the decryption means for equipment to the entrance / exit management device. The dispatcher management system according to claim 3, wherein: 5. The dispatcher management device includes dispatcher data stored in the dispatcher database, including authority data of each dispatcher, and each device controls an operation based on the authority data included in the dispatcher data. The dispatcher management system according to any one of claims 1 to 4, further comprising a control means.