JP2007323262A - Access control system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an access control system that can remedy authorized users' card operation errors. <P>SOLUTION: When a user who will enter an area A2 through an electrically locked door D1 operates a card to a card reader CR01 to allow an ID code to be read and gain permission for access to the electrically locked door D1, the system updates the location of the user (ID code) to the area A2. If, in the state, the user does not pass through the electrically locked door D1 and erroneously operates the card again to the card reader CR01 in an area A1, denial of access to the electrically locked door D1 is withheld to remedy the user's operation error unless a predetermined time has passed. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an entry / exit management system that manages the entry / exit of people, and more particularly to an entry / exit management system in various facilities that require the entry / exit of people to / from a management area.

  Conventionally, in various facilities where it is necessary to regulate the access of people to the management area, personal authentication is performed using ID cards such as employee ID cards and biometrics information such as fingerprints, and only authorized persons are transferred to the management area. An access control system that enables access is in practical use.

  For example, a gate device is installed in a partition between each area which is a management area, and based on ID card data read by the gate device and passage history data stored in the central management device, a user can access each area. An entry / exit management system for managing entry / exit has been proposed (see Patent Document 1).

  In this access control system, the area in which the user currently exists is managed by the passage history data. Then, the legitimacy of the user's traffic history is determined based on whether or not the installation area of the gate device that has read the ID card data coincides with the management user's location area. If both areas match, it is determined that the user's traffic history is valid, and traffic is permitted. On the other hand, if the two areas do not match, it is judged that there is a contradiction in the user's traffic history and the traffic is rejected, and traffic between the areas using the ID card is prohibited until the administrator performs recovery work. To do.

Therefore, even if you have an ID card, if you piggyback on the movement of another person without passing through your ID card and pass between areas, you can install a gate device that reads the ID card data in the next card operation. A penalty is imposed because the area does not match the administrative user's location. Penalty is also imposed on users who have ID cards. If you take advantage of other people's movements without operating their own ID cards and pass between areas, the user's behavior management will be recorded accurately. This is because the system cannot perform reliable entry / exit management. Therefore, in the conventional entrance / exit management system, in order to make the ID card operation conscious of the user, if there is a contradiction in the user's traffic history, a penalty for denying the traffic and prohibiting the use of the ID card is imposed. is doing.
JP-A-5-79231

  As described above, in the conventional entrance / exit management system, when the installation area of the gate device that has read the ID card data does not coincide with the management user's location area, the ID card is disabled. The ID card cannot be used unless the administrator prohibits the use prohibition state.

  However, when the user causes the card reader to read the ID card, the user is informed of the unlocking by the light emission of a LED and a beeping sound. However, such an unlocking notification is missed and the ID card is read again. Some things happen. Also, when the ID card is read, the ID card is also operated on the other side of the door in the same way, and it is not known whether the ID card has been unlocked or not, and the ID card is read again. There is also.

  The access control system updates the management user's location area when traffic is permitted. Therefore, if the user accidentally reads the ID card twice (double card operation), the administrative location area is updated by the first ID card operation. Inconsistency will occur in the history. As a result, the user's traffic is denied and a penalty is imposed on the user. However, if a penalty is imposed even for a simple user operation mistake such as a double card operation, the administrator must manually troubleshoot the ID card to cancel the use prohibition state of the ID card. Therefore, there is a risk of hindering the smooth operation of the access control system.

  In view of the above problems, an object of the present invention is to provide an entry / exit management system that relieves an operation error by a legitimate user and realizes smooth operation of entry / exit management.

  In order to achieve the above object, the access control system of the present invention includes a control unit that controls access to a management area, an acquisition unit that is provided near the control unit and acquires user identification information, and the identification information. A storage unit that stores a state of access to and from the management area, identification information acquired by the acquisition unit, and whether or not to enter the management area based on the access state of the identification information stored in the storage unit, A control unit that cancels the entry / exit restriction of the restriction unit and updates the entry / exit state of the storage unit when the control unit is permitted, and the control unit permits entry of the acquired identification information before a predetermined time. In the case of the identified identification information, the restriction control of the restriction unit is canceled regardless of the state of entry / exit.

  Furthermore, it has a history storage unit, and the control unit stores the identification information permitted to enter and the acquisition unit that acquired the identification information in the history storage unit in association with each other, and the identification information acquired by the acquisition unit Is the identification information stored corresponding to the acquisition unit in the history storage unit, the entry / exit restriction of the restriction unit may be canceled.

  Furthermore, the control unit may store only the latest identification information permitted to enter for each acquisition unit.

  Furthermore, the control unit deletes the identification information from the history storage unit when the identification information acquired by the acquisition unit is the identification information stored in the history storage unit corresponding to the acquisition unit. You may make it do.

  According to the above configuration, the present invention can relieve an erroneous operation caused by a double card operation by a legitimate user, and can realize an entrance / exit management system that can be operated smoothly.

Embodiments of the present invention will be described below with reference to the drawings.
(overall structure)
1 and 2 show an outline of the overall configuration of an access control system according to an embodiment of the present invention. In the access management system of the embodiment, access to the management area is managed by an ID card possessed by the user. However, the present invention is not limited to using a card as a means for identifying the person. The present invention can also be applied to personal authentication using biometric information such as fingerprints.

  As shown in FIG. 1, the access management system according to the present embodiment manages the access of users by using a plurality of areas A1 to A4 corresponding to rooms or corridors in an area to be managed as a unit of management area. . The user operates the ID card owned by the user to the card reader, unlocks the door with the electric lock, and moves between the areas.

  At the boundaries between the areas A1 to A4, there are doors D1 to D4 with electric locks that are partitions for restricting movement between the areas, and card readers CR01 to CR08 that read the card data of the ID card possessed by the user. is set up. For example, one card reader CR01 and one CR02 are arranged in areas A1 and A2 that face each other across the door D1 with an electric lock. The card reader CR01 operates the ID card when entering the area A2 from the area A1, and the card reader CR02 operates the ID card when entering the area A1 from the area A2.

  Each door with electric lock D1 to D4 and two card readers (CR01, CR02) to (CR07, CR08) arranged in association with each door with electric lock D1 to D4 are controlled as a set. Control devices M1 to M4 are arranged. As shown in FIG. 2, for example, the control device M1 controls the door D1 with an electric lock and the card readers CR01 and CR02 as one set. Based on the card data of the ID card read by the card reader CR01, the control device M1 determines whether or not the user who owns the ID card is permitted to move from the area A1 to the area A2. When the user is permitted to pass, the control device M1 unlocks the corresponding door D1 with an electric lock.

  In addition, you may comprise so that several sets of doors with an electric lock and a card reader may be controlled with one control apparatus.

  Each of the control devices M1 to M4 is connected to one door with an electric lock to be controlled by a control signal line, and further connected to two card readers by LAN. Further, the control devices M1 to M4 are interconnected by a LAN, and one control device receives and stores data such as a determination result received from another control device and uses it for subsequent passage permission determination.

  A management device P that manages user behavior in a facility to be managed is arranged and connected to the control devices M1 to M4 via a LAN. The management device P can be configured with a personal computer or the like. FIG. 2 shows the relationship between the management device P and the control devices M1 to M4.

  The control devices M1 to M4 are configured to perform events such as card operations in the card readers CR01 to CR08, opening / closing and locking / unlocking of doors D1 to D4 with electric locks, and results of determining whether or not a user has been denied, at each occurrence or periodically. The management device P is notified. The management device P records the event contents received from the control devices M1 to M4 together with time data. The administrator can manage the behavior of the user by referring to the recording data of the management device P.

  In the present embodiment, the regulation unit, the acquisition unit, and the control unit of the present invention correspond to a door with an electric lock, a card reader, and a control device, respectively. The storage unit and history storage unit of the present invention correspond to a location area table and a permission history table described later.

(Door with electric lock)
The doors D1 to D4 with electric locks are composed of an openable door portion that physically restricts passage between adjacent areas, and an electric lock portion that holds the door portion in a closed state. For example, in the door D1 with an electric lock, the electric lock unit receives a control signal (voltage signal) from the control device M1, and the locked / unlocked state is switched. Normally, the movement of the user is restricted in the locked state, and the door D1 with the electric lock is unlocked by the unlock control signal output when the control device M1 determines that the passage is permitted. Move to area A2.

(Card reader)
FIG. 3 shows a schematic configuration of the card reader of the present embodiment. Since the card readers CR01 to CR08 have basically the same configuration, here, the card reader CR01 will be described as an example.

  The card reader CR01 stores a control unit 11 composed of an MPU and the like, an address code for identifying its own card reader, an address code for identifying a control device M1 connected at a higher level, a processing program, various parameters, and data. A storage unit 12, a communication interface 13 for communicating with the control device M1 via a LAN, a reading unit 14 for reading card data stored in an ID card, particularly an ID code which is personal identification information of a user, The display unit 15 includes at least one of a liquid crystal monitor, a speaker, an LED, and the like.

  There are various types of ID cards such as magnetic cards and IC cards, but any ID card can be used as long as it can be identified. In operation of the access control system, it is preferable that the IC card is a non-contact type IC card whose reading range is limited to some extent. For example, a proximity non-contact IC card having a communication range of 10 cm or less is suitable.

  Biometric information such as fingerprints, palm prints, voice prints, and irises can also be used as user identification information. When biometric information is used, the reading unit 14 may be configured by means for reading such information.

  When the ID card possessed by the user is a non-contact type IC card, the card operation is performed so that the ID card is brought close to the reading unit 14. The reading unit 14 reads the ID card, and confirms that the reading has been performed by the display unit 15 using an LED display or a beep. Further, the reading unit 14 attaches the read ID code and its own address code to the passage request signal, and transmits it to the control device M1 via the communication interface 13. Thereafter, when the card reader CR01 receives the result of the passage permission / inhibition determination from the control device M1 via the communication interface 13, the card reader CR01 confirms and displays the determination result on the display unit 14 with an LED display or a beep.

(Control device)
FIG. 4 shows a schematic configuration of the control device of the present embodiment. Since the control devices M1 to M4 have basically the same configuration, here, the control device M1 will be described as an example.

  The control device M1 includes a control unit 21 including an MPU, an address code for identifying each control device, an address code for the management device P, an address code for each card reader CR01, CR02, management information, a processing program, and various parameters. , Storage unit 22 for storing data, etc., LAN-connected lower level card readers CR01 and CR02, other control devices M2 to M4, higher level management device P for communication, and electric lock / Electric lock control unit 24 for sending a control signal for unlocking control to the door D1 with electric lock to be controlled, and an unlocking / unlocking monitoring unit for monitoring the locking / unlocking state of the electric lock of the door D1 with electric lock to be controlled 25 and a door opening / closing monitoring unit 26 that monitors the open / closed state of the door of the door D1 with electric lock to be controlled. The storage unit 22 stores an ID table 31, a CR area table 32, a location area table 33, and a permission history table 34 as management information.

(ID table)
FIG. 5 shows an example of the ID table. The ID table 31 is a table in which an ID code of a user who allows passage between areas regulated by a door with an electric lock as a control target is stored in association with the control device. The ID code is an identification number that can identify the user, and may be, for example, an employee number. Each control device usually stores only the contents managed by itself. For example, the control device M1 stores only the contents corresponding to the control device M1 in the ID table of FIG.

  The ID codes associated with the control device M1 are ID01 to ID05, and only users having these IDs can pass through the doors D1 with electric locks in the areas A1 and A2. In the control devices M2 and M4, ID05 is not stored in the table. Therefore, for example, in the control device M2, the user having the ID code ID05 cannot pass through the door D2 with an electric lock between the area A2 and the area A3.

  In the ID table, a prohibition flag indicating that the ID card is disabled is stored in correspondence with the ID code. The prohibition flag is turned on by the control unit as a penalty when the user's ID card operation is illegal. If it is determined that the card reader is illegal, the use of all card readers is prohibited. The The prohibition flag is turned off by an instruction signal from the management apparatus according to the operation of the administrator. In FIG. 5, the prohibition flag is set in the ID code ID03 in the control devices M1 to M4, indicating that the current ID03 is in a use-prohibited state.

  It should be noted that it is possible to make it impossible to use only a card reader that has been operated by an unauthorized ID card without using a prohibition flag that prohibits the use of all card readers. In the present embodiment, the control device stores only the information corresponding to the ID code corresponding to the control device in the storage unit, but may also store contents corresponding to other control devices.

(CR area table)
FIG. 6 shows an example of the CR area table. The CR area table 32 is an address code of each control device, an address code of a card reader managed by each control device, an installation area where the card reader is installed, and an area which can be moved by operating the card reader. It is the table which matched the movement destination area (area where traffic control was carried out by the door with an electric lock corresponding to a card reader), and the door with an electric lock which each control device controls. In FIG. 6, the address codes of the respective control devices are indicated by M1 to M4, and the address codes of the card reader are indicated by CR01 to CR08.

  For example, for the control device M1, the card reader CR01 is installed in the area A1, and the destination to which the card reader CR01 can move by operating the card reader is the area A2, and the door with the electric lock to be controlled is The door D1 with electric lock, and the card reader CR02 is installed in the area A2, and stores information that the destination area, which is an area that can be moved by operating the card reader, is A1.

  Note that the CR area table 32 stored in the storage unit of each control device may store only information related to the card reader corresponding to the control device, like the ID table 31.

(Location table)
FIG. 7 shows an example of the location area table. The location area table 33 is a table in which the location area, which is the area where the user should be present, is stored corresponding to the ID code. For example, a user having ID code ID01 is currently in area A2, and a user having ID code ID02 is currently in area A4. The location area for each ID code is updated by the control unit as needed according to the ID card operation of the user. Thereby, it is possible to grasp and manage in which area each user currently exists.

(Permission history table)
FIG. 8 shows an example of the permission history table. The permission history table 34 is a table for recording operation information of the ID card when passage is permitted. In other words, the ID code and the time data are stored in correspondence with the address code of the card reader that has read the ID code as history information that is permitted to pass as a result of reading the ID card of the card reader. In FIG. 8, for the card reader CR05, which is a control target of the control device M3, information that the ID code ID02 permits passage at 14: 8: 20 is stored. Since the card reader CR05 is installed in the area A2 corresponding to the door D3 with the electric lock, the user having the ID code ID02 usually leaves the area A2 after 14: 8: 20. It has moved to area A4 through door D3 with an electric lock. Thus, the history information is registered when the control unit permits passage. As will be described in detail later, in the present embodiment, the permission history information is used to remedy an operation error and is deleted after a predetermined time (for example, 10 seconds). When erasing after a predetermined time, the ID data may be stored for a predetermined time, so the time data may be omitted. Further, the data in the permission history table 34 is retained without being erased, and the card operation is performed for the combination of the card reader and the ID code with reference to the latest operation time and the time when the traffic request is received. It may be determined whether the elapsed time from any time is within a predetermined time.

  In this embodiment, only one ID code is stored for each of the card readers CR01 to CR08 and updated with the latest ID code. However, depending on the embodiment, a plurality of ID codes may be stored in each of the card readers CR01 to CR08. Each control device stores only the content managed by itself (if the control device M1, the part corresponding to M1), but the content of other control devices may also be stored.

  In addition, the ID table 31, the CR area table 32, the location area table 33, and the permission history table 34 according to the present embodiment are not limited to the above-described formats, and may be in other formats as long as they have similar information. It may be.

(Control by control device)
As shown in FIG. 4, in the control device M1, the locking / unlocking monitoring unit 25 monitors the energization state of the electric lock of the door D1 with an electric lock, and a signal indicating the locking state or the unlocking state depending on a difference in detection voltage. Is output to the control unit 21. The door open / close monitoring unit monitors the open / closed state of the door with the electric lock, and outputs a signal indicating an open state or a signal indicating a closed state to the control unit 21 depending on a difference in detection voltage.

  Assuming that an ID card is operated on the card reader CR01, the control unit 21 receives a passage request signal from the card reader CR01 via the communication interface 23. Based on the added ID code, the address code of each card reader CR01, and the management information in the storage unit 22, the control unit 21 executes a pass permission / rejection determination process, and transmits a pass permission / rejection determination result to the card reader CR01. .

  When the traffic is refused, a traffic denial signal is output to the card reader CR01, the prohibition flag of the ID code is turned on in the ID table 31, and this information is transmitted to another control device. That is, the ID code with the prohibition flag turned on is rejected by all card readers.

  When the passage is permitted, a passage permission signal is transmitted to the card reader CR01. At this time, when the input signals from the door opening / closing monitoring unit 26 and the locking / unlocking monitoring unit 25 are a signal indicating the closed state and a signal indicating the locking state, respectively, the unlocking control signal is transmitted from the locking / unlocking control unit 25 to the electric lock. Output to door D1. And if a closed state is detected again after detecting an open state by a user passing, a locking control signal will be outputted to door D1 with an electric lock. On the other hand, when a signal indicating an open state and a signal indicating an unlocked state are input, the unlocking signal does not need to be output because the current user can pass through a card operation by another user.

  After outputting the unlock control signal, the control unit 21 opens the door open / close monitoring unit 26 even after a predetermined time (for example, 30 seconds) has elapsed since the signal indicating the unlocking state is input from the lock / unlock monitoring unit 25. When the signal indicating is not input, the user determines that he does not intend to pass through, outputs a lock control signal for safety, and locks the door D1 with the electric lock.

  When the passage is permitted, the location area of the ID code is updated in the location area table 33, and this information is transmitted to another control device. Further, in the permission history table 34, the ID code and the current time (or operation time) determined to be permitted for passage are registered in correspondence with the card reader CR01 that has received the passage request. At this time, if the same ID code is already registered in the permission history table, the registered old data is deleted. In addition, the control unit 21 deletes the ID code and the registration time from the permission history table 34 when a predetermined time elapses (for example, 10 seconds) from the registered time.

  In addition, the control unit 21 transmits the result of the passage permission / inhibition determination and the result of the control content linked to the result to the management apparatus P via the communication interface 23.

(Flow of pass / fail judgment)
With reference to FIGS. 9-12, the detail of determination of passage permission / denial is demonstrated. When the control device receives the passage request signal from the card reader, the passage permission determination and passage control processing is started.

  Hereinafter, the determination processing of the control device will be described for each type of (1) legitimate passage request, (2) illegal passage request, and (3) passage request by double card operation to be rescued. Here, the double card operation means that the card operation is performed with the same card to the same card reader even though the passage is permitted by the first card operation. The number of times is 2 or more, including the case where a third party's card operation is performed during the card operation.

(1) Judgment process for legitimate traffic request A legitimate traffic request is a traffic request based on an ID code having a traffic authority between areas requiring traffic, and a traffic request based on an ID code whose administrative traffic history is valid. It is.

  As an example, a user who has an ID card of ID code ID01 is in a state where the card reader CR01 is operated to move from the area A1 to the area A2, and the card reader CR03 is operated in the area A2 to operate the area A3. The processing of the control device M2 when a request for passage to is made will be described.

  In step S1, the control device M2 that has received the passage request signal reads the ID code ID01 and the address code of the card reader CR03 added to the passage request signal. Next, in step S2, the permission history table 34 is read out of the management information in the storage unit 21.

  In step S3, it is determined whether or not history information permitted to pass between the current pass request and a predetermined time before the card reader CR03 having the same ID code ID01 is registered. Specifically, it is determined whether or not the ID code ID01 is stored in the permission history table 34 in the ID code area corresponding to CR03. Here, the user only operates the card with the card reader CR01 to move to the area A2, and ID01 is not stored in the card reader CR03. Therefore, it is determined that there is no permission history, and the process proceeds to step S4.

  In step S4, the ID table 31 is read out, and in step S5, it is determined whether or not the authority to pass between areas requiring passage is given to the ID code ID01. Specifically, it is determined whether or not ID01 is registered in the ID code area corresponding to the control device M2 in the ID table 31. Here, ID01 is registered for the control device M2. Therefore, it is determined that there is a passage authority and the process proceeds to step S6.

  In step S6, it is determined whether or not the ID code ID01 is set to a use-prohibited state. Specifically, it is determined whether or not a prohibition flag is set in the ID table 31 for the ID code ID01. Here, no prohibition flag is set for ID code ID01 (not ON). Therefore, it determines with it being not in a use prohibition state, and progresses to step S7.

  In step S7, the CR area table 32 is read, and in the next step S8, the location area table 33 is read.

  Next, in step S9, it is determined whether or not the traffic history of the ID code ID01 is valid. Specifically, the CR area table 32 refers to the installation area of the card reader CR03, and the location area table 33 refers to the location area of the ID code ID01. Then, it is determined whether or not the location area of the ID code ID01 matches the installation area of the card reader CR03. According to the location area table 33, the location area of the ID code ID01 is area A2, and according to the CR area table 32, the installation area of the card reader CR03 is area A2. Therefore, the installation area of CR03 and the location area of ID01 are both area A2 and coincide with each other.

  If they match, it is determined that the user has properly operated the card and entered the current area A2, and the traffic history is valid. If they do not match, it is determined that the user has made an illegal entry such as taking advantage of another person's card operation and entering the area A2, and therefore, it can be said that the traffic history is invalid.

  In this example, since it is determined that the traffic history is valid, the process proceeds to step S10 (FIG. 10). In step S10 of FIG. 10, since the received traffic request is valid, traffic permission control is executed. Specifically, the passage permission signal is output to the card reader CR03, and if the door D2 with the electric lock is in the closed state and the locked state, the unlock control signal is output to the door D2 with the electric lock. The unlocked state is set to be valid only for a predetermined time (for example, about 30 seconds), and after this predetermined time, the user is locked because there is no intention to pass.

  Next, in step S11, the movement area A3 of the card reader CR03 is referred to in the CR area table 32, and the location area of the ID code ID01 in the location area table 33 is updated to the area A3 that is the movement destination area.

  In Step S12, the ID code ID01 and the current time data are stored in the permission history table 34 in association with the card reader CR03, and stored for a predetermined time. The permission history table 34 is used for the purpose of relieving a user's erroneous operation to be described later. In this embodiment, the predetermined time is set to 10 seconds, and the stored data is erased after 10 seconds. .

  In step S13, the updated contents of the location area table 33 are notified to the other control devices M1, M3, and M4, and the process ends. The other control devices M1, M3, and M4 that have received the notification can update the management information of itself to execute subsequent passage permission / rejection determination using correct information.

(2) Judgment Processing for Unauthorized Traffic Requests Unauthorized traffic requests are (2-1) a traffic request with an ID code that does not have a traffic authority between traffic requesting areas, and (2-2) an ID code in a disabled state. (2-3) A traffic request with an ID code whose management history is invalid.

(2-1) Passing request by ID code without passing authority First, as an example of a passing request by ID code without passing authority, a user who has an ID card with ID code ID05 that has no authority to enter area A3 However, the determination operation when the card reader CR03 is operated in the area A2 and the passage request to the area A3 is made will be described.

  When the control device M2 receives the passage request signal from the card reader CR03, the passage permission determination and passage control processing is started.

  In step S1, the control device M2 that has received the passage request signal reads the ID code ID05 and the address code of the card reader CR03 added to the passage request signal. Next, in step S2, the permission history table 34 is read out of the management information in the storage unit 21.

  In step S3, it is determined whether or not history information permitted to pass in the past is registered for the card reader CR03 having the same ID code ID05. Since the ID 05 is not stored in the card reader CR03, it is determined that there is no permission history, and the process proceeds to step S4.

  In step S4, the ID table 31 is read out, and in step S5, it is determined whether or not the authority to pass between the areas requested to pass is given to the ID code ID05. Specifically, it is determined whether or not ID05 is registered in the ID code area corresponding to the control device M2 in the ID table 31. Here, ID05 is not registered for the control device M2. Therefore, it is determined that there is no traffic authority and the process proceeds to step S20.

  In step S20, the received traffic request is recognized as invalid, and traffic rejection control is executed and the process ends. Specifically, the traffic denial control is performed by outputting a traffic denial signal to the card reader CR03. In order to penalize, a prohibition flag can be set to disable use by all card readers, but it is also harsh to the user to set a prohibition flag just by using a card without permission to use it by mistake. Therefore, in the present embodiment, the processing is ended only by denying the passage.

(2-2) Passage Request Using ID Code in Use Prohibited State As an example of a pass request using an ID code in a use-prohibited state, a user who has an ID card with ID code ID03 enters a card reader CR03 installed in area B. On the other hand, an operation when a card operation is performed and a passage request to the area A3 is made will be described.

  When the control device M2 receives the passage request signal from the card reader CR03, the passage permission determination and the passage control process are started.

  In step S1, the control device M2 that has received the passage request signal reads the ID code ID03 added to the passage request signal and the address code of the card reader CR03. Next, in step S2, the permission history table 34 is read out of the management information in the storage unit 21.

  In step S3, it is determined whether or not history information permitted to pass in the past is registered for the card reader CR03 having the same ID code ID03. Since the card reader CR03 does not store ID03, it is determined that there is no permission history, and the process proceeds to step S4.

  In step S4, the ID table 31 is read out, and in step S5, it is determined whether or not the authority to pass between areas requiring passage is given to the ID code ID03. Specifically, it is determined whether or not ID03 is registered in the ID code area corresponding to the control device M2 in the ID table 31. Here, ID03 is registered for the control device M2. Therefore, it is determined that there is a passage authority and the process proceeds to step S6.

  In step S6, it is determined whether or not the ID code ID03 is set in a use-prohibited state. Specifically, it is determined whether or not a prohibition flag is set in the ID table 31 for the ID code ID03. Here, a prohibition flag is set (ON) for the ID code ID03. Therefore, it determines with it being in a use prohibition state, and progresses to step S20.

  In step S20, since the received traffic request is invalid, the traffic rejection control is executed and the process ends. Specifically, a traffic denial signal is output to the card reader CR03, and the process ends.

(2-3) Passage Request with ID Code with Unauthorized Movement History on Management As an example of a traffic request with an ID code with invalid management history, a user who has an ID card with ID code ID01 is area A2. When moving to the area A3, the card reader CR07 is card-operated in the area A3 and the traffic request is made to the area A4 in a state where the card is operated by another person without moving the card. The operation will be described.

  When the control device M4 receives the passage request signal from the card reader CR07, the passage permission determination and the passage control process are started.

  In step S1, the control device M4 that has received the passage request signal reads the ID code ID01 and the address code of the card reader CR07 added to the passage request signal. Next, in step S2, the permission history table 34 is read out of the management information in the storage unit 21.

  In step S3, with reference to the permission history table 34, it is determined whether or not history information permitted to pass in the past is registered for the card reader CR07 having the same ID code ID01. Since ID01 is not stored in the card reader CR07, it is determined that there is no permission history, and the process proceeds to step S4.

  In step S4, the ID table 31 is read out, and in step S5, it is determined whether or not the authority to pass between areas requiring passage is given to the ID code ID01. Specifically, it is determined whether or not ID01 is registered in the ID code area corresponding to the control device M4 in the ID table 31. Here, ID01 is registered for the control device M2. Therefore, it is determined that there is a passage authority and the process proceeds to step S6.

  In step S6, it is determined whether or not the ID code ID01 is set to a use-prohibited state. Specifically, it is determined whether or not a prohibition flag is set in the ID table 31 for the ID code ID01. Here, no prohibition flag is set for ID code ID01 (not ON). Therefore, it determines with it being not in a use prohibition state, and progresses to step S7.

  In step S7, the CR area table 32 is read, and in the next step S8, the location area table 33 is read.

  Next, in step S9, it is determined whether or not the traffic history of the ID code ID01 is valid. Specifically, the CR area table 32 refers to the installation area of the card reader CR07, and the location area table 33 refers to the location area of the ID code ID01. Then, it is determined whether or not the location area of the ID code ID01 matches the installation area of the card reader CR03. According to the location area table 33, the location area of the ID code ID01 is area A2, and according to the CR area table 32, the installation area of the card reader CR07 is area A3. Therefore, the CR03 installation area and the ID01 location area do not match. Therefore, it is determined that the traffic history is invalid, and the process proceeds to step S14 (FIG. 11).

In step S14 of FIG. 11, since the received traffic request is invalid, traffic rejection control is executed. Specifically, a traffic denial signal is output to the card reader CR07.
In step S15, a prohibition flag is set (set to ON) for the ID code ID01 in the ID table 31. Next, in step S16, the updated contents of the ID table 31 are notified to other control devices, and the process is terminated.

(3) Judgment processing for passage request by double card operation to be relieved Even if the user is authorized to pass through the card operation, another person opens the door with the electric lock from the opposite area at the same time If the user moves or overlooks the confirmation display of the passage permission, the user may not be able to recognize whether or not his / her card operation is accepted, and the card operation may be performed again on the same card reader.

  In this case, the location area is updated by the first card operation in spite of not performing illegal traffic, and it is determined that the traffic history is invalid for the second card operation and the traffic is refused. At the same time, the use of the ID card is prohibited.

  Rejecting the traffic request as described above, which is not actually illegal traffic, inconveniences the user and the administrator, and prevents the smooth operation of the access management system.

  Therefore, the passage request is permitted when the past card operation is permitted and the same card reader is operated again using the same ID card. To do.

  As an example, a user who has an ID card with ID code ID02 is in a state where the card reader CR05 is operated in the area A2 and is allowed to pass to the area A4, and the card reader CR05 is again carded in the area A2. The operation of the control device M3 when operating to make a traffic request to the area A4 will be described. It is assumed that the card operation is performed again 5 seconds after the first card operation.

  By the first card operation, the location area of ID code ID02 in location area table 33 is updated to area A4, and ID code ID02 and registration time 14: 8: 20 are corresponding to card reader CR05 in permission history table 34. It is remembered. In the present embodiment, the history information stored in the permission history table is deleted when a predetermined time, for example, 10 seconds elapses.

  Assume that a second card operation is performed 5 seconds after the first card operation. In response to the card operation again, the control device M3 that has received the passage request signal reads the ID code ID02 and the address code of the card reader CR05 added to the passage request signal (step S1), and manages the storage unit 21. The permission history table 34 is read out of the information (step S2).

  Next, in step S3, since the predetermined time (10 seconds) has not elapsed from the time when the user operated the card with the card reader CR05 last time to allow the user to pass, the permission history table indicates permission corresponding to CR05. An ID code ID02 is registered as a history. Therefore, it is determined that there is a permission history, and the process proceeds to step S17 (FIG. 12).

  In step S17 in FIG. 12, since the received traffic request is a traffic request to be rescued, traffic permission control is executed. Specifically, the passage permission signal is output to the card reader CR05, the passage permission is notified by the lighting or beeping of the LED by the card reader CR05, and the door D3 with the electric lock is closed and locked. An unlock control signal is output to the door D3 with an electric lock.

  Next, in step S18, the permission history of ID02 for CR05 is deleted from the permission history table, and the process ends. At this time, a new permission history is not recorded. This is because in this embodiment, the passage permission for relief is set to be limited to one time. If it is a double card operation within a predetermined time, it may be set to allow the passage of the card any number of times. However, if the predetermined time is long, such as 10 seconds, it is unlimited. If double card operation is permitted, fraud may be performed, which is not preferable.

  In the present embodiment, the number of double card operations until the history of the permission history table is deleted is one, but the number of double card operations is not limited to one and can be set as appropriate. Of course, it is possible to limit only the time without limiting the number of times. In addition to the time limit for double card operation, if you limit the number of times, you can lengthen the predetermined time limit, so even if a third party card operation is performed after the first operation, Subsequent double card operations by the user can be rescued.

  In this embodiment, as a method of determining the legitimacy of the traffic history, it is determined whether or not the ID code location area and the card reader installation area coincide with each other, but other methods may be employed. . For example, as a method of determining the legitimacy of the travel history, it may be determined whether or not a predetermined movement route has been taken. In this case, the movement route for the past several times is stored as the passing area table as the location area table 33, and the movement route which is a condition for determining the validity instead of the installation area is stored using the CR area table 32 as the movement route table. It should be remembered.

  In this embodiment, the history information stored in the permission history table is deleted after a predetermined time. However, the history information stored in the permission history table can be retained without being deleted after a predetermined time. When confirming the permission history, the difference between the current time and the registration time is calculated for the combination of the card reader and the ID code, and if the calculated result is shorter than the predetermined time, it may be determined that the permission history exists. In this way, history information can be held, and history information can be referred to later.

  In this embodiment, all areas are set as management areas, but some areas such as important rooms may be set as management areas. In this case, the above-described permission / rejection determination may be performed when entering the area of the management area, and the location area table may be updated without performing the above-described permission / rejection determination when leaving.

  In the present embodiment, the history information stored in the permission history table is associated with the card reader. However, there are cases where it is not necessary to associate the history information with the card reader, such as when the control device performs permission / rejection determination only in the entry direction. Therefore, in such a case, the history information stored in the permission history table may simply store the ID code without corresponding to the card reader.

  In this embodiment, the ID card is set in a use-prohibited state when traffic is rejected. However, if a strict penalty is not required, traffic may be rejected. In this case, the prohibition flag of this embodiment is not necessary, and S6 may be omitted in the flow of FIG.

It is a figure which shows the whole structure of one Embodiment of the entrance / exit management system of this invention. It is a figure which shows the system configuration | structure of one Embodiment of the entrance / exit management system of this invention. It is a figure which shows schematic structure of the card reader of one Embodiment of this invention. It is a figure which shows schematic structure of the card reader of one Embodiment of this invention. It is a figure which shows ID table of one Embodiment of this invention. It is a figure which shows CR area table of one Embodiment of this invention. It is a figure which shows the location area table of one Embodiment of this invention. It is a figure which shows the permission log | history table of one Embodiment of this invention. It is a figure which shows the common flow of the entrance / exit management of one Embodiment of this invention. It is a figure which shows the flow of the entrance / exit management corresponding to a legitimate traffic request. It is a figure which shows the flow of the entrance / exit management corresponding to an unauthorized traffic request. It is a figure which shows the flow of the entrance / exit management corresponding to the traffic request | requirement of relief object.

Explanation of symbols

D1-D4 Door with electric lock CR01-CR08 Card reader M1-M4 Control device P Management device

Claims (4)

In the access control system that manages the access of users to the management area,
A regulatory department that regulates access to the controlled area;
An acquisition unit provided in the vicinity of the restriction unit for acquiring user identification information;
A storage unit for storing a state of entering and exiting the management area of the identification information;
Based on the identification information acquired by the acquisition unit and the access state of the identification information stored in the storage unit, whether or not to enter the management area is determined, and when the entry is permitted, the restriction unit release control of the restriction unit And a control unit that updates the access state of the storage unit,
When the acquired identification information is identification information permitted to enter before a predetermined time, the control unit cancels the entry / exit restriction of the restriction unit regardless of the entry / exit state. Access control system. Furthermore, it has a history storage unit,
The control unit stores the identification information permitted to enter in the history storage unit in association with the acquisition unit that acquired the identification information, and the identification information acquired by the acquisition unit is stored in the acquisition unit in the history storage unit. The entrance / exit management system according to claim 1, wherein the entry / exit restriction of the restricting unit is canceled when the identification information is stored corresponding to.   The access control apparatus according to claim 2, wherein the control unit stores only the latest identification information permitted to enter for each acquisition unit.   The control unit deletes the identification information from the history storage unit when the identification information acquired by the acquisition unit is identification information stored in the history storage unit corresponding to the acquisition unit. Item 4. The access control system according to item 2 or 3.

Images