JP2008002094A - Key management system and key management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To further improve security by devising a method of handling cards only for keys and registered information such as personal identification numbers. <P>SOLUTION: This key management system comprises a key management device 200 storing a main key or/and a spare key for a safe 300; one or more cards #1-#6, #10 only for keys for opening/closing the key management device 200; a key management DB 101 registering passwords for identifying card possessors authorized to possess the cards #1 etc. only for keys; and an information processor 100 for processing information by monitoring personnel changes of the card possessors whose passwords are registered. The information processor 100 freezes the registered information D10 of the card #1 or the like only for the key when there was a personnel change of the card possessor. With this constitution, input refusal processing of the card #1 or the like only for the key can be carried out in the key management device 200 to prevent opening/closing operation using the card only for the key, the password, or the like in the former place of work. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention is a key applicable to a system that manages a key management device for storing a main key and / or a spare key of an article storage such as a safe, an armory, a warehouse, etc. based on a plurality of dedicated cards and a password. The present invention relates to a management system and a key management method.

  Specifically, when managing the main key and / or spare key of an article storage such as a safe, the personnel change of a person who is registered with a PIN and authorized to possess a key-dedicated card is monitored. When there is a personnel change in the holder of a dedicated card, the registration information of the key dedicated card is frozen so that the key management device can execute input rejection processing for the key dedicated card and In this way, it is possible to prevent an opening / closing operation using the key-dedicated card or the personal identification number by mistake.

  In recent years, new type safes having an IC card and a biometric authentication function have appeared, but as a practical problem, most of the conventional safes are used as they are. Safes owned by companies have been scattered in many offices for a long time, mainly for small cash, for temporary valuable storage. Many of these safes are of the type that opens and closes with a key.

  There are safes at many sales offices and business offices under the head office, and the company manages its keys by setting internal rules. However, depending on the type of business of the company or organization, personnel changes are implemented in 2 to 3 years, and the management of keys accompanying personnel changes is often busy. For managing the safe, two physical keys, a main key and a spare key, are provided, and these keys are stored in the key management device outside working hours. The key management apparatus sets a password (password) for each key-dedicated card, and manages the key with this key-dedicated card.

  In relation to the key management apparatus described above, Patent Document 1 discloses a lock management system. According to this system, when an IC card that records user authentication data is used as a key, the authentication data input at the time of use is compared with the user authentication data recorded on the IC card, and when the authentication passes, An electronic lock is unlocked. If the system is configured in this way, the qualified person who operates the lock can be strictly determined, so that the safety is further improved.

  Patent Document 2 discloses a personnel change management system related to a personnel change of a company. According to this system, personnel information of members of a company is collected on an information providing site, new personnel information is compared with previously accumulated personnel information, and the presence or absence of personnel changes of the member is determined. Personnel transfer information is provided to applicants as needed. By configuring the system in this way, if there is a personnel change in the company, the necessary personnel change information can be acquired at any time without checking newspapers or the like every day.

JP 2000-145219 A JP 2002-056081 A

  By the way, according to the key management system according to the conventional example, a key-dedicated card for opening and closing the key management device is prepared, and a key manager or a deputy manager (key manager) is opened and closed using a password of the key-dedicated card. The key management is distributed and stored.

  When these key managers have personnel changes, the password is changed, but in reality, it is not confirmed whether the password has been changed. Therefore, there is a security problem that even the predecessor can use the key of the previous workplace.

  In addition, in the lock management system shown in Patent Document 1, when the IC card holder becomes a person to be transferred, it is assumed that the personal authentication data is changed. If the system is linked as it is, it becomes difficult to prevent an opening / closing operation using the IC card in the previous workplace by mistake.

  Accordingly, the present invention solves such a conventional problem, and a key management system that can further improve security by devising a method of handling registration information such as a key-only card and a personal identification number. And a key management method.

  The key management system of the present invention that solves the above-described problem is a system that manages the main key and / or spare key of an article storage, and stores the main key and / or spare key of the article storage. A registration means for registering one or more key-dedicated cards for opening and closing the key management device, a code number for identifying a card holder permitted to possess the key-dedicated card, and a code number An information processing device that monitors the personnel change of the card holder and processes the information, and the information processing device freezes the registration information of the key dedicated card when there is a personnel change of the card holder It is characterized by this.

  According to the key management system of the present invention, when managing the main key and / or the spare key of the article storage, the key management device stores the main key and / or the spare key of the article storage. One or more key-only cards are provided to open and close the key management device. In the registration means, a personal identification number for identifying a card holder who is permitted to possess a key-only card is registered. On the premise of this, the information processing apparatus monitors the personnel change of the card holder who registered the personal identification number and processes the information. For example, an existing personnel management system is connected to the information processing apparatus, and the information processing apparatus receives personnel change information of the organization to which the card holder belongs from the personnel management system, and based on the personnel change information, When a change is detected and a change in the cardholder is detected, the registration information of the key-only card is temporarily frozen.

  Therefore, since the key management device can execute the input rejection process for the key dedicated card, it is possible to prevent an opening / closing operation using the key dedicated card, the personal identification number, or the like in the previous workplace.

  The key management method according to the present invention is a method of storing and managing the main key and / or the spare key of the article storage in the key management device, and possessing a key-dedicated card for opening and closing the key management device is permitted. Register a password to identify the card holder, monitor the personnel change of the card holder who registered the password, and register the key-dedicated card when there is a personnel change of the card holder It is characterized by freezing information.

  According to the key management method of the present invention, when the main key or / and the spare key of the article storage are stored and managed in the key management device, the key management device can execute the input rejection process for the key dedicated card. As a result, it is possible to prevent an opening / closing operation using the key-dedicated card or the personal identification number in the previous workplace by mistake.

  According to the key management system and the key management method of the present invention, when managing the main key and / or the spare key of the article storage box, a card in which a personal identification number is registered and possession of a key-dedicated card is permitted. The owner's personnel change is monitored, and when there is a personnel change of this card holder, the registration information of the key-only card is frozen.

  With this configuration, the key management device can execute the input refusal process for the key dedicated card, so that it is possible to prevent the opening / closing operation using the key dedicated card or the password in the previous workplace by mistake. Become. Thereby, it is possible to further improve the security of the system that manages the main key and / or the spare key of the article storage by opening and closing the key management device by applying the key-dedicated card and the password.

  Next, a key management system and a key management method according to the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram showing a configuration example of a key management system 1 for a safe as an embodiment according to the present invention.

  A safe key management system 1 shown in FIG. 1 constitutes an example of a key management system and manages a main key 401 and / or a spare key 402 of a safe 300 as an example of an article storage. The main key 401 and the backup key 402 are assigned key numbers. In addition to the safe 300, the main key 401 and / or the reserve key 402, the key management system 1 includes a plurality of key-dedicated cards, a key management information processing device 100, a database (hereinafter referred to as a key management DB 101), and a key management device. 200. The safe 300 can be opened and closed with a main key 401 or a spare key 402.

  The key management device 200 stores the main key 401 and the spare key 402 of the safe 300. The key management device 200 can be opened and closed by inputting main key cards # 1 to # 6 or spare key card # 10 and a personal identification number (hereinafter referred to as a password). The key management apparatus 200 includes, for example, an apparatus main body unit 201, a card reading unit 202, a password input operation unit 203, a key storage unit 204, and an opening door 205.

  The apparatus main body 201 has a housing (box) having a predetermined shape. The apparatus main body 201 has an operation surface. A card reading unit 202, a password input operation unit 203, and a key storage unit 204 are attached to the operation surface. The card reading unit 202 reads card information when the main key cards # 1 to # 6 or the spare key card # 10 are inserted. The card information is, for example, control information that reads a program for verifying a password.

  The password input operation unit 203 has numeric keys such as numbers “0” to “9”, “#”, “*”, and is operated to input a password of the cardholder. The key storage unit 204 stores and stores the main key 401 and the spare key 402. For example, the main key 401 and the spare key 402 are inserted and removed by the key storage unit 204. An opening door 205 is attached to the key storage unit 204 so that the opening door 205 can be opened and closed when the passwords are verified and matched. Thereby, the main key 401 or the spare key 402 can be taken out from the key storage unit 204 and the safe 300 can be opened and closed.

  When the registration information D10 such as the main key cards # 1 to # 6 and the spare key card # 10 is frozen, the key management apparatus 200 uses the main key cards # 1 to # 6 and the spare key card. An input rejection process for the card # 10 or the like is executed. For example, the card reader 202 repeats the operation of removing the card without accepting the card insertion process. This makes it possible to restrict the input of the main key cards # 1 to # 6, the spare key card # 10, and the cardholder password.

  Further, when the password of the key management device 200 is changed, the representative of the sales office or business office registers the changed password in the key management system 1. While this registration is not made, a reminder e-mail or the like is continuously sent to the representative at regular intervals. This is to enable the key management system 1 to make the password change of the key management device 200 in a business office, business office, etc. well known.

  The main key cards # 1 to # 6 and the spare key card # 10 constitute an example of a plurality of key-dedicated cards, and are used to open and close the key management device 200. For these key-dedicated cards # 1 to # 6 and # 10, magnetic cards and IC (electronic) cards are used. For example, six main key cards # 1 to # 6 and one spare key card # 10 are provided. The main key cards # 1 to # 6 and the spare key card # 10 are distributed (granted) to persons who are permitted to possess the key-dedicated card, and the card holders who are permitted to possess the key manage the password with the key. The information processing apparatus 100 is registered. Thus, the password is associated with the main key cards # 1 to # 6 and the spare key card # 10.

  In this example, the main key card # 1 is distributed to the main key manager of the safe 300, the main key cards # 2 to # 6 are distributed to five proxy managers, and the spare key card # 10 is Distributed to one spare key manager. Personnel information of the main key manager of the safe 300, its agent manager and its spare key manager is registered in the personnel management system 3, and personnel information is stored in a personnel management database (hereinafter referred to as personnel management DB4).

  The key management information processing apparatus 100 is connected to a key management DB 101 that constitutes an example of a registration unit, and possession of the main key cards # 1 to # 6, the spare key card # 10, and the like is permitted. An employee ID for identifying a main key manager, a substitute manager, and a backup key manager, a key card number, a password, a set date, and the like are registered. A hard disk device is used for the key management DB 101. In addition to the above, the key management DB 101 manages the office / office (affiliation) code and safe number (ID) where the safe 300 is arranged, and the key numbers of the main key 401 and the spare key 402 that open and close the safe 300. The As a result, the key management DB 101 can store and manage the registration information D10 and the password of the main key cards # 1 to # 6 and the spare key card # 10 that manage the insertion / removal of the main key 401 / spare key 402. (See FIG. 4).

  The information processing apparatus 100 processes information by monitoring personnel changes of the card holder who has registered the password. In this example, the passwords of the main key cards # 1 to # 6 and the spare key card # 10 are managed and stored in the key management DB 101. As the information processing apparatus 100, a desktop or notebook personal computer is used. The information processing apparatus 100 freezes the registration information D10 such as the main key cards # 1 to # 6 and the spare key card # 10 when there is a personnel change of the card holder.

  In this example, the existing personnel management system 3 is connected to the information processing apparatus 100, and the information processing apparatus 100 receives the personnel change information D14 of the organization to which the card holder belongs from the personnel management system 3, and this personnel change. Based on the information D14, a change in the cardholder is detected. This is to confirm whether or not the person who is permitted to possess the key-dedicated card is no longer involved in the management of the safe 300. When the information processing device 100 detects a change of the card holder, the information processing apparatus 100 temporarily freezes the registration information D10 of the main key cards # 1 to # 6 or the spare key card # 10 of the card holder. Thereby, it is possible to restrict the use of the main key cards # 1 to # 6 or the spare key card # 10 of the card holder who has been subject to personnel change.

  In addition, when the information processing apparatus 100 detects a change in the card holder, the information processing apparatus 100 outputs a password registration discard procedure request to the card holder. In this way, it is possible to prevent an opening / closing operation using the main key cards # 1 to # 6, the spare key card # 10, the password, etc. in the previous workplace by mistake.

  Further, the information processing apparatus 100 receives the change of the previous card holder from the personnel management system 3, invalidates the registration of the password of the previous card holder, and then enters the password of the person who is permitted to possess the new card. Accept registration. This makes it possible to prevent double registration of the password for the cardholder. In addition, if a new password is registered after a new employee arrives, the registration information D10 can be smoothly stored in the key management DB 101.

  Next, a key management method according to the present invention will be described. FIG. 2 is a flowchart illustrating an example of key management in the key management system 1 of the safe as the embodiment. In this key management system 1, it is assumed that the main key 401 and / or the spare key 402 of the safe 300 are stored and managed in the key management device 200. The key management system 1 has a key management DB 101, and the information processing apparatus 100 manages the main key cards # 1 to # 6 and the spare key card # 10. In particular, in conjunction with the existing HR management system 3, based on the transfer information from the HR management system 3, the employee who has changed owns the main key card # 1 to # 6 or the spare key card # 10. If it is, the password of the main key card # 1 to # 6 or the spare key card # 10 is automatically invalidated to prompt the user to set a new password.

  With these as key management conditions, the possession of cards that are permitted to possess the main key cards # 1 to # 6 and the spare key card # 10 for opening and closing the key management device 200 in step A1 of the flowchart shown in FIG. Register a password to identify the person. At this time, the main key manager, the substitute manager, and the spare key manager who are permitted to possess the main key cards # 1 to # 6, the spare key card # 10, etc. ID, key card number, password, set date, etc. are registered in the key management DB 101.

  Next, the personnel change of the cardholder who registered the password in step A2 is monitored. In this key management system 1, the information processing apparatus 100 obtains personnel change information D <b> 14 from the personnel management system 3. The personnel change information D14 obtained here and the key manager ID registered in the key management DB 101 are matched (checked) to confirm the presence or absence of the card holder who is the subject of the personnel change.

  Furthermore, when there is a personnel change of the card holder in step A3, the registration information D10 of the main key cards # 1 to # 6 or the spare key card # 10 of the personnel change target person is frozen. By freezing the registration information D10, the key management device 200 can execute the input rejection process for the main key cards # 1 to # 6 or the spare key card # 10. It is possible to prevent an opening / closing operation using the cards # 1 to # 6, the spare key card # 10, a password, etc. by mistake.

  In step A4, post-processing for the freezing processing of the registration information D10 is performed. The post-processing includes password registration / discard processing for the card holder and password change processing at the new position. In this way, it is possible to prevent an opening / closing operation using the main key cards # 1 to # 6, the spare key card # 10, the password, etc. in the previous workplace.

  Thereafter, the information processing is branched depending on whether or not the successor procedure is executed in step A5. When executing the succeeding procedure, the process returns to Step A1. After the new employee arrives, he / she registers a new password. As a result, the main key cards # 1 to # 6, the spare key card # 10, and the password are applied to open and close the key management device 200 to manage the main key 401 and / or the spare key 402 of the safe 300. Security can be further improved. In particular, it is possible to link the personnel change information D14 with the old-fashioned key management information which is not the latest type, and to change the password with certainty. In addition, passwords can be issued smoothly according to employee changes.

  FIG. 3 is a diagram illustrating a configuration example of the key management network 1 ′ for the safe as the first embodiment. According to this key management network 1 ′, the key management system 1 is applied, and the information management apparatus 100 for key management is disposed at, for example, a head office. The information processing apparatus 100 is connected to the existing personnel information system 3 through the communication unit 2 and is connected to the terminal device 60 of each sales office or business office through the communication unit 5. Safes 300 are arranged at each business office and business office (branch). The number of safes 300 is, for example, 30 if there are 30 sales offices and 70 offices, and if one or more safes are provided at each of the sales offices and business offices, the number of safes 300 is 100 or more. The number of key-dedicated cards is the number of safes × (6 cards + 1 card).

  The terminal device 60 at the sales office or business office is provided with a key information reference / change means 60 'so that the information processing apparatus 100 can be called via the communication means 5 to refer to the key information and change the password. Has been made. A communication network such as a LAN (Local Area Network) or a dedicated communication line is used for the communication means 2, and a communication network such as a public telephone line, a microwave communication line, or the Internet is used for the communication means 5.

  In this example, the information processing apparatus 100 acquires personnel change information D14 from the personnel management system 3. The personnel change information D14 obtained here and the key manager ID registered in the key management DB 101 are matched (checked) to confirm the presence or absence of the card holder who is the subject of the personnel change. The information processing apparatus 100 shown in FIG. 3 includes a change information confirmation unit 10, a password change check unit 20, a password change notification unit 30, a determination unit 20, and a change management unit 50 configured by software.

  The change information confirmation unit 10 inquires of the existing personnel management system 3 about the presence or absence of the personnel change information D14 through the communication unit 2 once a month, for example. If there is no personnel change information D14, then the information processing is terminated. When there is the personnel change information D14, the personnel information such as the employee ID, the transfer source affiliation code, the transfer destination affiliation code, and the transfer date is received from the personnel management system 3. Next, the transfer information confirming means 10 checks whether or not the employees who belong to the organization include the key manager, the substitute manager, etc. among the persons who have been subject to personnel changes. If the corresponding person is included, the registration information D10 of the main key cards # 1 to # 6 or the spare key card # 10 of the corresponding person is temporarily frozen.

  If there is a key administrator in the personnel transfer target person, the office or business location to which this person transfer target person belongs will be passed after the change date of the person to be transferred + a fixed number (passover period). .. Are notified to the terminal devices 601, 502, 503,... Via an e-mail or the like. This notification may be fax transmission, automatic telephone call, etc. in addition to electronic mail.

  The password change check means 20 checks whether or not the key manager password registered in the key management DB 101 has been changed. For example, the password change check means 20 compares the password of the person to whom the personnel change whose registration information D10 has been frozen with the password of a newly appointed cardholder who has been newly registered as a key manager, and both passwords are compared. If they match, it is determined that the password of the previous key manager has not been changed. If both passwords do not match, it is determined that the password of the previous key manager has been changed or discarded. This is because the password of the personnel transfer target person needs to be changed or discarded.

  The password change notification means 30 notifies the sales office, the business office, etc. of the change or discard of the password of the person to be transferred. For example, the password change notification means 30 indicates that the password of the person to be transferred whose frozen registration information D10 has been changed to the password of a newly appointed cardholder registered as a new key manager. Notify the location. This is to make sure that the password of the person to be transferred has been changed or discarded.

  The discriminating means 40 discriminates whether or not the password is a number that can be estimated from the cardholder's birthday, telephone number, postal code, or employee number. For example, the discriminating means 40 can guess by searching for a combination (number) of matching numbers by comparing a cardholder's birthday, telephone number, postal code, or employee number with an input password. Determine if it is a number. When the password corresponds to a guessable number, a password reset request is output. This makes it possible to register passwords that are difficult to guess, so that if the main key cards # 1 to # 6 and the spare key card # 10 are stolen or lost, the password is used incorrectly (unauthorized). It can be prevented beforehand.

  The change management means 50 receives and manages a change of the cardholder's password. For example, when the password has not been changed for a certain period, the change management unit 50 outputs a password change request to the card holder. By outputting this change request, it is possible to support the card holder's password change registration procedure and confirm whether or not to continue possession of the main key cards # 1 to # 6 and the spare key card # 10, In addition, it becomes possible to shift to the registration invalidation process of the card holder (person who is subject to personnel change) who has been subject to personnel change. By configuring the key management system 1 and the key management network in this way, it is possible to prevent a person who is to be transferred from being left without changing the password of the key of the safe 300 after the transfer.

  The information processing apparatus 100 shown in FIG. 3 is connected to a terminal device 60 such as a business office or a business office through the communication means 5 to perform communication processing related to the change or discard of the password of the personnel transfer target person. . When there is a personnel change of the key manager at a business office or business office, the information processing apparatus 100 can rewrite the registered contents of the key management DB 101 via the communication means or change the information.

  FIG. 4 is a block diagram illustrating an internal configuration example of the information management apparatus 100 for key management. An information processing apparatus 100 shown in FIG. 4 includes a keyboard 11, a mouse 12, a ROM (Read Only Memory) 13, a work RAM (Random Access Memory) 14, a CPU (Central Processing Unit) 15, and a nonvolatile memory 16. , I / O interface 17, system bus 18, monitor 19, hard disk device (hereinafter referred to as HDD 21) and communication modem 22. As the information processing apparatus 100, a desktop type or notebook type personal computer is used.

  The keyboard 11, mouse 12, etc. are connected to the I / O interface 17 and are operated to input registration item information such as employee ID, key card number, password, setting date, etc. registered in the key management DB 101. . Operation data D11 such as numbers and characters input by operating the keyboard 11 is input to the CPU 15 via the I / O interface 17. The operation data D12 input or designated by operating the mouse 12 is also input to the CPU 15 in the same manner.

  The CPU 15 is connected to the system bus 18. A ROM 13, a RAM 14, an HDD 21, a key management DB 101 and the like are connected to the system bus 18. The ROM 13 stores system startup program data D13 for controlling the entire apparatus. The RAM 14 temporarily stores program data D13, control commands for executing various calculations, and the like. When the power is turned on, the CPU 15 reads the system program data D13 from the ROM 13 into the RAM 14, starts the system, and controls the entire apparatus.

  The non-volatile memory 16 stores a change information confirmation program DP1, a password change check program DP2, a password change notification program DP3, a determination program DP4, a change management program DP5, and the like. When these programs are stored in the HDD 21, the nonvolatile memory 16 may be omitted. As the nonvolatile memory 16, an EEPROM is used.

  The CPU 15 expands the change information confirmation program DP1 read from the nonvolatile memory 16 in the RAM 14, and executes change information confirmation processing based on the operation data D11 and D12 input from the keyboard 11, the mouse 12, or the like. For example, the CPU 15 inquires of the existing personnel management system 3 about the presence or absence of personnel change information D14 through the communication means 2 once a month. If there is no personnel change information D14, then the information processing is terminated. When there is the personnel change information D14, the personnel information such as the employee ID, the transfer source affiliation code, the transfer destination affiliation code, and the transfer date is received from the personnel management system 3.

  Next, the CPU 15 checks whether or not the employees belonging to the organization include those who have been subject to personnel changes, such as key managers and proxy managers. If the corresponding person is included, the registration information D10 of the main key cards # 1 to # 6 or the spare key card # 10 of the corresponding person is temporarily frozen. Thus, the change information confirmation means 10 is comprised by RAM14, CPU15, and change information confirmation program DP1.

  Similarly, the password change check program DP2 is expanded in the RAM 14, and the password change check process is executed based on the operation data D11 and D12 input from the keyboard 11, the mouse 12, or the like. As described above, the password change check means 20 is configured by the RAM 14, the CPU 15, and the password change check program DP2. Further, the password change notification program DP3 is expanded in the RAM 14, and the password change notification process is executed based on the operation data D11 and D12 input from the keyboard 11, the mouse 12, or the like. In this way, the password change notification means 30 is configured by the RAM 14, the CPU 15, and the password change notification program DP3.

  Further, the discrimination program DP4 is expanded in the RAM 14, and discrimination processing is executed based on the operation data D11 and D12 input from the keyboard 11, the mouse 12, or the like. As described above, the determination unit 40 is configured by the RAM 14, the CPU 15, and the determination program DP4. The change management program DP5 is expanded in the RAM 14, and the change management process is executed based on the operation data D11 and D12 input from the keyboard 11, the mouse 12, or the like. As described above, the RAM 14, CPU 15, and change management program DP5 constitute the change management means 50.

  The HDD 21 includes a transfer information confirmation program DP1, a password change check program DP2, a password change notification program DP3, a discrimination program DP4, and a change management for backing up the registration information D10 for creating the key management database and the nonvolatile memory 16. A program DP5 is stored. For example, an employee ID or key for identifying a main key manager, a substitute manager, and a spare key manager who are permitted to possess the main key cards # 1 to # 6, the spare key card # 10, etc. Data such as a dedicated card number, password, and setting date is stored. In this example, the key management DB 101 that stores the registration information D10 and the above-described HDD 21 are provided separately, but the key management DB 101 may be configured by the HDD 21.

  Display data D19 based on the registration information D10 read from the key management DB 101 is output to the monitor 19. The monitor 19 registers the main key manager, the substitute manager, and the spare key manager who are permitted to possess the main key cards # 1 to # 6 and the spare key card # 10 based on the display data D19. Display the contents. As the monitor 19, a liquid crystal display panel, a PDP display panel, a CRT, or the like is used. For example, the CPU 15 is controlled to display a “change list screen” on the monitor 19 when “search for personnel change” is selected on a registration screen (not shown).

  A communication modem 22 is connected to the I / O interface 17 described above. The communication modem 22 is connected to the communication means 5 such as the Internet and, for example, uses the function of the password change notification means 30 to transmit a password change notice or the like to the terminal device 60 at the sales office or business office. . In addition, the communication modem 22 receives personnel change information D14 from the personnel management system 3. Thus, the key management information processing apparatus 100 applicable to the key management system 1 is configured.

  5A and 5B are table diagrams showing examples of data storage in the key management DB 101. FIG. According to the data storage example of the key management DB 101 shown in FIG. 5A, the employee ID of the person who is permitted to possess the key card, the key card number, the password, and the set date are registered. Registration is performed through the information processing apparatus 100. For example, the employee ID of the main key manager who is permitted to possess the key-dedicated card is “ABC12345”, and the key-dedicated card number distributed to the employee ID (hereinafter referred to as the “dedicated card number”) is “AB001”. The password is “1234” and the set date is “20030208”.

  For the employee ID = “ABC23456”, the dedicated card number is “AB002”, the password is “3456”, and the setting date is “2003030206”. Furthermore, for the employee ID = “DFG45678”, the dedicated card number is “BG001”, the password is “7890”, and the setting date is “20040703”.

  The dedicated card numbers are further divided into lower layers as shown in FIG. 5B. In this example, the dedicated card number is subordinate to an affiliation code, safe ID, main key (M), or backup key (Y). For example, “E01” is described in the affiliation code for the dedicated card number = “AB001” of the main key manager, “1” is described in the safe ID, and “M” is used as the main key / reserve key classification symbol. Is described. Similarly, “E01” is described in the affiliation code and “1” is described in the safe ID for the proxy manager's dedicated card number = “AB002” to “AB006”. “M” is described as the classification symbol.

  For the dedicated key number of the spare key manager = “AB101”, “E01” is described in the affiliation code, “1” is described in the safe ID, and “Y” is used as the main key / spare key classification symbol. Described.

  For the main key manager's dedicated card number = “YT001”, “E02” is described in the affiliation code, “1” is described in the safe box ID, and “M” is used as the classification symbol for the main key / spare key. Is described. Similarly, “E02” is described in the affiliation code, “1” is described in the safe ID, and “1” is described in the safe ID for the proxy manager's dedicated card number = “YT002” to “YT006”. “M” is described as the classification symbol.

  For the dedicated key number of the spare key manager = “YT101”, “E02” is described in the affiliation code, “1” is described in the safe ID, and “Y” is used as the main key / spare key classification symbol. Described. The same applies to other dedicated card numbers. Thus, the key management DB 101 applicable to the key management system 1 is configured.

  6A and 6B are table diagrams showing a configuration example of personnel change information D14. According to the personnel change information D14 shown in FIG. 6A, an area (column) describing the presence / absence of the change information is provided. If there is a change in the cardholder, “1” is described, and if there is no change, “0” is described. In the personnel change information D14, a change list is described in addition to the presence / absence of change information. As shown in FIG. 6B, the change list (transferred person information) is divided into employee ID, transfer date, pre-transfer affiliation code, post-transfer affiliation code, and other fields. For example, “YYYYMMDD” is described on the change date for “ID” of the employee ID that is the subject of personnel change, “CODE” is described for the affiliation code before the change, and “ “CODE” is described, and in the other columns, a special note that “CODE = NULL at the time of retirement” is described.

  Such personnel change information D14 is created by the personnel management system 3. In the personnel management system 3, when a change occurs in an employee belonging to the organization with respect to personnel information stored in the personnel management DB 4, personnel change information D14 as shown in FIG. 6A is created. The personnel change information D14 is notified from the personnel management system 3 to the information management apparatus 100 for key management. This is because the employee may include the main key manager of the safe 300, the proxy manager, or the backup key manager.

  Next, an example of information processing in the key management network 1 ′ will be described for the key management method as an embodiment according to the present invention. FIG. 7 is a flowchart showing an example of confirming personnel change information in the key management network 1 '.

  In this key management network 1 ′, it is assumed that the key management system 1 is applied and the main key 401 and / or the spare key 402 of the safe 300 are stored and managed in the key management device 200. The passwords of key managers such as the main key cards # 1 to # 6 and the spare key card # 10 are already registered. The key management system 1 has a key management DB 101, and the information processing apparatus 100 manages the main key cards # 1 to # 6 and the spare key card # 10.

  In particular, in conjunction with the existing HR management system 3 (linked, linked), based on the transfer information from the HR management system 3, the employee who has changed is the main key card # 1 to # 6 or the spare key card If # 10 is owned, the password of the main key cards # 1 to # 6 or the spare key card # 10 is automatically invalidated to prompt the user to set a new password.

  Using these as confirmation processing conditions, it is determined in step B1 of the flowchart shown in FIG. 7 whether there is personnel change information. At this time, the CPU 15 develops the change information confirmation program DP1 read from the nonvolatile memory 16 in the RAM 14, and executes change information confirmation processing based on the operation data D11 and D12 input from the keyboard 11, mouse 12, or the like. For example, the CPU 15 inquires of the existing personnel management system 3 about the presence or absence of personnel change information D14 through the communication means 2 once a month. The contents of the personnel change information D14 are as shown in FIGS. 6A and 6B.

  If there is no personnel change information D14, the confirmation process of the personnel change information D14 is terminated. If there is the personnel change information D14, the process proceeds to step B2 and receives information such as the employee ID, the transfer source affiliation code, the transfer destination affiliation code, and the transfer date from the HR management system 3 via the communication modem 22. . In step B3, the CPU 15 determines whether or not the entire change list has been confirmed. If the entire transfer list has not been confirmed, the process proceeds to step B4, where the employee ID in the key management DB 101 that matches the transferred employee ID is searched. The registration contents of the key management DB 101 are as shown in FIGS. 5A and 5B. This determination is for checking whether or not the employees belonging to the organization include those who have been subject to personnel changes, such as key managers and proxy managers.

  If there is an employee ID in the key management DB 101 that matches the employee ID to be transferred, that is, if a person related to key management is included in the personnel transfer target person, the process proceeds to step B6, and at the time of transfer Add (plus) the transfer period to the employee's transfer date. Thereafter, the process proceeds to step B7, where the employee ID, affiliation code, date, etc. are registered in the password change candidate for key management. The registered contents such as the employee ID that is the password change candidate for the key management are stored in, for example, the HDD 21. Thereby, the registration information D10 of the main key cards # 1 to # 6 or the spare key card # 10 of the corresponding person can be temporarily frozen.

  If the employee ID transferred in step B5 does not match the employee ID in the key management DB 101, the process returns to step B3. When the entire change list is confirmed, the confirmation process for the personnel change information D14 is terminated. As a result, the personnel manager's personnel change information D14 can be confirmed accurately and easily.

  FIG. 8 is a flowchart showing an example of information processing at the time of password change reminder related to key management.

  In this embodiment, a registered content such as an employee ID that is a password change candidate related to key management is stored in the HDD 21, and a case where the registered content is read from here and information processing at the time of password change prompting is executed is taken as an example. With this as an information processing condition, the CPU 15 determines whether or not there is a password change candidate in step C1 of the flowchart shown in FIG. At this time, the presence / absence of existence is identified by searching the HDD 21 to determine whether or not an employee ID or the like that is a password change candidate for key management is registered.

  If there is a password change candidate, the process proceeds to step C2 to acquire today's date. At this time, today's date is described in the registered contents such as the employee ID that is the password change candidate. Next, the process proceeds to step C3, and the password setting date of the main key cards # 1 to # 6 or the spare key card # 10 (key dedicated card) owned by the candidate is acquired. At this time, the CPU 15 acquires the password setting date from the registered content such as the employee ID that is the password change candidate.

  Next, in step C4, the CPU 15 registers the change date of the candidate + the date (number of days) of the takeover period. This is to set a password change (change) procedure period. In step C5, it is determined whether the password has already been changed. The discrimination criteria at this time are that the password of the person subject to personnel change whose registration information D10 has been frozen is compared with the password of the newly appointed cardholder who is newly registered as the key manager, and the passwords match. If it is, it is determined that the password of the previous key manager has not been changed. If both passwords do not match, it is determined that the password of the previous key manager has been changed or discarded.

  If the password has already been changed, the process returns to step C1. If the password has not been changed, the process proceeds to step C6. In step C6, the CPU 15 confirms whether the takeover period has passed. If the handover period has not passed, the password change procedure period remains, and the process returns to Step C1. If the handover period has passed, the password change procedure period has passed, so the process moves to step C7, where the candidate's affiliation code is referenced and the affiliation representative is searched.

  Next, in step C8, the CPU 15 executes a reminder notification process of a password change procedure for the representative to which the candidate belongs. At this time, notification of a password change procedure notification is made using e-mail transmission, fax transmission or automatic telephone depending on settings. Thereafter, the process returns to step C1. If there is no password change candidate in step C1, the information processing accompanying the password change prompting is terminated. As a result, the key manager password can be changed smoothly. In addition, the password of the main key cards # 1 to # 6 or the spare key card # 10 of the personnel transfer target person can be automatically invalidated to promptly prompt the setting of the password for the newly appointed person.

  As described above, according to the key management network 1 ′ of the safe as the first embodiment, the key management system and the key management method according to the present invention are applied, and the main key 401 and / or the spare key 402 of the safe 300 are used. When managing, the key management device 200 stores the main key 401 and / or the spare key 402 of the safe 300. The main key cards # 1 to # 6 and the spare key card # 10 are provided to open and close the key management device 200.

  In the key management DB 101, a password for identifying a card holder who is permitted to possess the main key cards # 1 to # 6 or the spare key card # 10 is registered. On the premise of this, the information processing apparatus 100 processes information by monitoring the personnel change of the card holder who registered the password. The existing personnel management system 3 is connected to the information processing apparatus 100, and the information processing apparatus 100 receives the personnel change information D14 of the organization to which the cardholder belongs from the personnel management system 3, and based on the personnel change information D14. When the change of the card holder is detected, and the change of the card holder is detected, the registration information D10 of the main key cards # 1 to # 6 or the spare key card # 10 is temporarily frozen. .

  Accordingly, the key management apparatus 200 can execute the input rejection process for the main key cards # 1 to # 6 or the spare key card # 10, so the main key cards # 1 to # 6 at the previous workplace. In addition, it is possible to prevent an opening / closing operation using the spare key card # 10, a password or the like by mistake.

  As a result, the main key cards # 1 to # 6, the spare key card # 10, and the password are applied to open and close the key management device 200 to manage the main key 401 and / or the spare key 402 of the safe 300. Security can be further improved. In particular, it is possible to link the personnel change information D14 with the old-fashioned key management information which is not the latest type, and to change the password with certainty. In addition, passwords can be issued smoothly according to employee changes.

  FIG. 9 is a diagram illustrating a configuration example of the key management network 1 ″ as the second embodiment. In the first embodiment described above, addition (modification) of a function to the key management apparatus 200 is performed. The registration information D10 is managed on the key management system 1. In this embodiment, a remote monitoring system 500 is introduced into the key management apparatus 200, and the remote monitoring system 500 and the information processing apparatus 100 are connected to each other. The main key and the spare key can be managed by connecting via the communication means 6.

  A key management apparatus 200 shown in FIG. 9 includes a remote monitoring system 500. The remote monitoring system 500 has the information processing function of the information processing apparatus 100 shown in FIG. 4, and password information is automatically collected in the information management apparatus 100 for key management at the head office.

  At the head office, it is possible to monitor the operation status of the key management device 200 handled at the sales office or business office. For example, a key administrator operates the password input operation unit 203 at a sales office or business office to input a password. In the remote monitoring system 500, the password verification result in the key management device 200 is transmitted to the information processing device 100. The information processing apparatus 100 reads and collates the registered contents of the key management DB 101, and returns the collation result to the key management apparatus 200 through the remote monitoring system 500.

  The key management device 200 shifts to the opening / closing operation of the opening door 205 with reference to its own password verification result and the verification result from the head office. At this time, when the self password verification result matches the verification result from the head office, the opening operation of the opening door 205 is executed. If the self password verification result does not match the verification result from the head office, the closing operation of the opening door 205 is maintained. As a result, the key management apparatus 200 can be managed by the remote monitoring system 500 and the information processing apparatus 100.

  As described above, according to the key management network 1 ″ for the safe as the second embodiment, when managing the main key 401 and / or the spare key 402 of the safe 300 in the sales office or business office, the key management device 200 is used. Is provided with a remote monitoring system 500, which connects the remote monitoring system 500 and the information processing apparatus 100 of the head office via the communication means 6 to manage the main key and the spare key of the safe 300 of the sales office or office. It is made like.

  Therefore, when the registration information D10 such as the main key cards # 1 to # 6 and the spare key card # 10 is already frozen in the information processing apparatus 100 at the main store, the main key cards # 1 to # 6 and The password change process for the spare key card # 10 or the like can be prompted more reliably. Thereby, it is possible to prevent erroneous use of the main key cards # 1 to # 6, the spare key card # 10, etc. due to the time lag of the password change procedure.

  In the first and second embodiments, the case of the safe 300 with respect to the article storage has been described. However, the present invention is not limited to this, and a weapon arsenal that handles explosives, a warehouse that handles dangerous goods, and a facility that stores fuel. Needless to say, the key management device for storing the main key and / or the backup key such as the above can be applied to a system that manages a plurality of dedicated keys and passwords.

  The present invention can be applied to a system for managing a key management device for storing a main key and / or a spare key of an article storage such as a safe, an armory, a warehouse, etc., based on a plurality of key-dedicated cards and passwords. Is preferred.

It is a figure which shows the structural example of the key management system 1 of the safe as embodiment which concerns on this invention. It is a flowchart which shows the key management example in the key management system 1 of the safe as embodiment. It is a figure which shows the structural example of the key management network 1 'of the safe as a 1st Example. It is a block diagram which shows the example of an internal structure of the information processing apparatus 100 for key management. (A) And (B) is a table | surface figure which shows the example of data storage in key management DB101. (A) And (B) is a table | surface figure which shows the structural example of personnel change information. It is a flowchart which shows the example of confirmation of the personnel change information in a key management network. It is a flowchart which shows the example of information processing at the time of the password change reminder which concerns on key management. It is a figure which shows the structural example of the key management network 1 '' as a 2nd Example.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Key management system, 1 ', 1 "... Key management network, 2, 5, 6 ... Communication means, 3 ... Personnel management system, 4 ... Personnel management database, 10 ... Transfer information confirmation means, 20 ... password change check means, 30 ... password change notification means, 40 ... discrimination means, 50 ... change management means, 100 ... information processing apparatus, 200 ... Key management device, 300 ... safe, 401 ... main key, 402 ... spare key, 101 ... key management database (registration means), # 1 to # 6 ... main key card ( Key dedicated card), # 10 ... Spare key card (key dedicated card)

Claims (8)

A system for managing a main key and / or a spare key of an article storage,
A key management device for storing a main key and / or a spare key of the article storage;
One or more dedicated cards for opening and closing the key management device;
Registration means for registering a personal identification number for identifying a card holder permitted to possess the key-only card;
An information processing device that monitors personnel changes of the card holder who registered the personal identification number and processes information;
The information processing apparatus includes:
A key management system characterized by freezing the registration information of the key-dedicated card when there is a personnel change of the card holder. An existing personnel management system is connected to the information processing apparatus,
The information processing apparatus includes:
Receive personnel change information of the organization to which the cardholder belongs from the personnel management system,
Detecting a change in the cardholder based on the personnel change information,
2. The key management system according to claim 1, wherein when the change of the card holder is detected, the registration information of the key dedicated card is temporarily frozen. The key management device includes:
When the registration information of the key card is frozen,
The key management system according to claim 1, wherein an input rejection process for the key-dedicated card is executed. The information processing apparatus includes:
Change management means for changing and managing the password according to the request of the card holder,
The change management means includes
2. The key management system according to claim 1, wherein when the personal identification number has not been changed for a certain period of time, a request for changing the personal identification number is output to the card holder. The information processing apparatus includes:
A discriminating means for discriminating whether or not the password can be guessed from the birthday of the cardholder, a telephone number, a postal code or an employee number;
The discrimination means includes
2. The key management system according to claim 1, wherein when the personal identification number corresponds to a guessable number, a reset request for the personal identification number is output. The information processing apparatus includes:
2. The key management system according to claim 1, wherein when a change of the card holder is detected, a request for a procedure for discarding the registration of the password is output to the card holder. The information processing apparatus includes:
Receiving a change of the previous card holder from the personnel management system;
2. The key management system according to claim 1, wherein registration of a password of a new card holder is accepted after invalidating registration of the password of the previous card holder. 3. A method of storing and managing a main key and / or a spare key of an article storage in a key management device,
Registering a personal identification number for identifying a card holder who is permitted to possess a key-only card for opening and closing the key management device;
Monitor the personnel changes of the cardholder who registered the PIN,
A key management method comprising: freezing the registration information of the key-dedicated card when the cardholder has a personnel change.

Images