JP2008077364A - Cooperation control apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent a state in which attendant operational trouble may occur even when setting of an operation parameter has a defect. <P>SOLUTION: A parameter setting unit 37 sets an operation parameter necessary for operating an area managing unit 32 and a terminal authenticating unit 35. A parameter check unit 38 determines whether or not a defect of setting exists in the operation parameter to be set by the parameter setting unit 37. An operation mode setting unit 39 selects an operation mode responding to a result of determination performed by the parameter check unit 38 from among a plurality operation modes which are different each other, and manages each operation state of the area managing unit 32 and the terminal authenticating unit 35 based on the selected operation mode. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a linkage control apparatus that links an entry / exit management system that manages entry / exit in a security management area and a network authentication system that restricts access to terminal devices provided in the security management area.

  In companies that frequently handle confidential information or specific departments within the company, it is possible to prevent leakage of confidential information in advance by applying an entry / exit management system that manages the entry / exit of workers handling confidential information. ing.

  Generally, an entry / exit management system is a user ID (IDentification) incorporated in an IC (Integrated Circuit) card given to a user or biometric information (fingerprint, iris, voiceprint, etc.) to be authenticated information that uniquely identifies the user. Is used to perform personal authentication for users who wish to enter and exit. When it is authenticated that the user is a registered legitimate user, for example, entry into the security management area that handles confidential information is permitted by unlocking the locked door.

  By the way, the above-mentioned confidential information is managed by a network authentication system constructed in a network different from the entrance / exit management system, and is used by accessing the network from a terminal device provided in the security management area. It becomes possible. When accessing a network using a terminal device, the network authentication system requires an authentication process similar to the personal authentication in the above-described entry / exit management system.

  Therefore, cooperation between such an entry / exit management system and a network authentication system is required, and user authentication processing at the time of entering a security management area that handles confidential information and a user who uses a terminal device after entering the room A technique for associating with authentication processing has been devised (see, for example, Patent Document 1 and Patent Document 2).

In addition, a technique for realizing a countermeasure for a problem caused by a lapse of time from entry to logon to the terminal device, and a countermeasure for forgetting to log off the terminal device when leaving, which are not considered in Patent Document 1 and Patent Document 2. Has also been devised (for example, see Patent Document 3).
JP 2000-259878 A JP 2002-41468 A JP 2004-302875 A

  By the way, when the entrance / exit management system and the network authentication system are linked, it is necessary to set various operating parameters for operating the control device. However, if there is a deficiency in the setting of these operation parameters, there is a risk of causing a malfunction, which may cause a malfunction in the cooperation between systems.

  The present invention has been made in view of such circumstances, and it is intended to suppress a situation in which an operation failure associated therewith may occur even when there is an incomplete setting of operation parameters.

  In order to solve such a problem, the present invention provides an entry / exit management system for managing entry / exit of a user in a security management area according to a result of a user authentication process based on first authenticated information for uniquely identifying a user. A network that restricts access to a network according to a result of user authentication processing by an authentication server based on second authenticated information that uniquely identifies a user, with a terminal device provided in the security management area as a processing target Provided is a cooperative control device that cooperates with an authentication system. This cooperation control apparatus includes an area management unit, a terminal authentication unit, a parameter setting unit, a parameter check unit, and an operation mode setting unit. Here, the area management means manages the staying state of the user in the security management area based on the incoming / outgoing information indicating the change in the state of the user in the security management area, transmitted from the entry / exit management system. The terminal authentication unit relays a request for access to the network using the second authenticated information, which is made from the user to the authentication server via the terminal device, and the stay of the user managed by the area management unit Based on the state, the terminal device is authenticated for use by the user. The parameter setting means sets operation parameters necessary for operating the area management means and the terminal authentication means. The parameter check means determines whether or not the operation parameter set by the parameter setting means has a setting defect. The operation mode setting unit selects an operation mode according to the determination result by the parameter check unit from a plurality of different operation modes, and based on the selected operation mode, the region management unit and the terminal authentication unit Manage operating status.

  In the present invention, the plurality of operation modes include an operation stop mode for stopping the operation of at least one of the area management means and the terminal authentication means, and a normal operation mode for operating the area management means and the terminal authentication means, respectively. Is preferred. In this case, the operation mode setting unit selects the operation stop mode when the parameter check unit determines that the operation parameter is deficient in setting, and the parameter check unit determines that the operation parameter is not deficient in setting. In some cases, it is desirable to select the normal operation mode.

  In the present invention, the operation parameter is used for basic communication information including an operation parameter used for communicating with the entry / exit management system and the network authentication system, and for the area management means to manage the staying state of the user in the security management area. It is preferable to include area management information including operation parameters, and terminal authentication information including operation parameters used by the terminal authentication unit to authenticate use of the terminal device with respect to the user. In this case, it is desirable that the parameter check means specifies whether there is an operation parameter that is incompletely set in basic communication information, area management information, or terminal authentication information.

  In the present invention, the operation stop mode preferably includes an operation stop mode in which the operations of both the area management unit and the terminal authentication unit are stopped. In this case, the operation mode setting means is determined by the parameter checking means that the basic communication information is incompletely set, or the area management information and the terminal authentication information are both incompletely set. In addition, it is desirable to select the operation stop mode.

  In the present invention, the operation stop mode preferably includes a region management stop mode in which the terminal authentication unit is operated to stop the operation of the region management unit. In this case, it is desirable that the operation mode setting unit selects the region management stop mode when the parameter check unit determines that the region management information is incompletely set in the region management information and the terminal authentication information.

  In the present invention, it is desirable that the operation stop mode includes a terminal authentication stop mode in which the area management unit is operated to stop the operation of the terminal authentication unit. In this case, the operation mode setting unit selects the terminal authentication stop mode when the parameter check unit determines that the terminal authentication information is incompletely set in the area management information and the terminal authentication information.

  Further, in the present invention, the parameter check means includes an unset check process for determining deficiencies in the setting of the operation parameter and an operation parameter set by the parameter setting means when there is no operation parameter set by the parameter setting means. In the case where there is no consistency, it is preferable to execute a consistency check process for determining an operation parameter setting deficiency.

  In the present invention, the consistency check process includes a parameter condition check process for determining whether or not an operation parameter set by the parameter setting unit has a predetermined condition, and an operation set by the parameter setting unit. It is preferable to include a parameter relationship check process for determining whether there is a contradiction between parameters.

  Furthermore, in the present invention, it is preferable that the parameter check unit permits the restart in the operation stop mode on condition that the operation parameter set by the parameter setting unit is not incompletely set.

  According to the present invention, it is possible to suppress a situation in which an operation failure may occur due to incomplete setting of operation parameters. As a result, it is possible to suppress a situation in which an operation failure occurs due to an operation parameter setting defect.

  Further, according to the present invention, it is possible to suppress a situation in which an operation failure may occur in at least one of the area management unit and the terminal authentication unit. In addition, since both of these means are operated in a situation where no operation failure can occur in the area management means or terminal authentication means, the reliability of cooperation between the entry / exit management system and the network authentication system should be improved. Can do.

  Further, according to the present invention, it is possible to effectively identify target means that can cause an operation failure.

  Further, according to the present invention, when the basic communication information or both the area management information and the terminal authentication information are imperfectly set, the operation stop mode is selected, so both the area management means and the terminal authentication means It is possible to suppress a situation in which a malfunction may occur in the operation. Thereby, the malfunction which may generate | occur | produce in a system can be suppressed beforehand.

  Further, according to the present invention, it is possible to suppress a situation in which a problem may occur in the operation of the area management unit. In addition, by operating only the terminal authentication means, which is not a situation where malfunctions may occur in operation, it is possible to realize the function of cooperation control even though it is incomplete while suppressing problems that may occur in the system. .

  Further, according to the present invention, it is possible to suppress a situation in which a malfunction may occur in the operation of the terminal authentication unit. In addition, by operating only the area management means, which is not a situation where malfunctions may occur in operation, it is possible to realize the function of cooperation control even though it is incomplete while suppressing problems that may occur in the system. .

  In addition, according to the present invention, it is possible to effectively determine the setting failure of the operation parameter due to various causes such as non-setting or mismatching of the operation parameter. Further, in the case of inconsistency, the cause of the setting failure can be easily identified.

  Furthermore, according to the present invention, it is possible to suppress the occurrence of a situation in which the same setting defect is repeated again.

  FIG. 1 is a conceptual diagram showing the overall configuration of a network management system 1 according to the first embodiment of the present invention. The network management system 1 is configured by connecting an equipment system 10 and a network authentication system 20 to each other by a cooperation control device 30.

  The facility system 10 is an entry / exit management system that manages user entry / exit from a low security level area to a high security level area (security management area) that handles confidential information.

  The equipment system 10 may be of any form as long as it manages the entry into and exit from the security management area. For example, as shown in FIG. 1, the security management area is separated by a barrier or the like. A form in which entry / exit (entrance / exit) is allowed according to processing can be applied.

  The facility system 10 performs user authentication for all users who wish to enter the security management area, and permits authentication only for legitimate users registered in advance. Allow entry. In addition, the facility system 10 performs user authentication for a user who wants to leave the security management area, and permits authentication only for legitimate users registered in advance, thereby leaving the security management area. Allow. The security management area includes a door including an electric lock that can be locked and unlocked by an electric action.

  The facility system 10 is mainly composed of an entrance card reader 11, an exit card reader 12, and an entrance / exit control unit 13.

  The entrance card reader 11 is provided in the vicinity of the door outside the security management area, and reads information stored in a semiconductor memory of a user, for example, a non-contact IC card (Integrated Circuit) 2. Information read by the entry card reader 11 is transmitted to the entry / exit control unit 13.

  The exit card reader 12 is provided in the vicinity of the door inside the security management area, and reads information stored in the semiconductor memory of the IC card 2 owned by the user. Information read by the leaving card reader 12 is transmitted to the entry / exit control unit 13.

  The entrance / exit control unit 13 performs user authentication based on the card ID of the IC card 2 among the information acquired from the entrance card reader 11. If the user who wishes to enter the room (the holder of the IC card 2) determines that the user is a valid user (authentication permitted) by the authentication process, the entrance / exit control unit 13 unlocks the locked electric lock. Lock. This allows the user to enter the security management area. On the other hand, the entrance / exit control unit 13 keeps the electric lock locked when it is determined by the authentication process that the user who wishes to enter the room is not a valid user (authentication is not permitted). Thereby, the user's entry into the security management area is not permitted. Here, the card ID is information to be authenticated that uniquely identifies the user, and the entrance / exit control unit 13 holds in advance a database in which the card ID related to the legitimate user is described, and refers to this database for authentication. Process.

  Further, the entrance / exit control unit 13 performs user authentication based on the card ID of the IC card 2 in the information acquired from the exit card reader 12. The entry / exit control unit 13 unlocks the locked electric lock when it is determined by the authentication process that the user who wants to leave the room is an authorized user (authentication permitted). This allows the user to leave the security management area. On the other hand, the entry / exit control unit 13 keeps the electric lock locked when it is determined by the authentication process that the user who wants to leave the room is not a valid user (authentication is not permitted). As a result, the user cannot leave the security management area.

  When the user status in the security management area changes after such user authentication, the entrance / exit control unit 13 determines whether the card ID of the IC card 2, the door ID unique to the unlocked door, and the entrance or exit of the room. And the entry / exit information including the time when the entry / exit operation was performed (entrance / exit time) is transmitted to the cooperation control device 30. In addition, you may make it show the information which shows whether it is entering or leaving a room with the apparatus ID which specifies the card reader 11 for entrance, or the card reader 12 for exit, respectively uniquely.

  The network authentication system 20 manages a network constructed in the security management area, and a plurality of terminal devices 21 are connected to the network via a relay device 22. In this network, the relay device 22 is also connected to the authentication server 23.

  The network authentication system 20 treats each terminal device 21 as a processing target, performs user authentication for all users who wish to access the network using the terminal device 21, and performs authentication only for users who are permitted to authenticate. Allow access to the network. In the network authentication system 20, access requests to the network transmitted from the plurality of terminal devices 21 are authenticated by the relay device 22 and the authentication server 23.

  Specifically, the network authentication system 20 uses a technology for authenticating a user connected to a LAN (Local Area Network) switch or a wireless LAN access point established by IEEE (American Institute of Electrical and Electronics Engineers) 802.1X. Thus, an authentication process corresponding to the network connection request that is an access request from the terminal device 21 is performed. IEEE 802.1X is a protocol on Ethernet (registered trademark) that controls whether or not a LAN can be used. In addition, a RADIUS server that can centrally manage users to be authenticated by communication using RADIUS (Remote Authentication Dial-In-User-Service) as an authentication protocol is used for user authentication.

  The terminal device 21 is a so-called PC (Personal Computer) that can be used by a user who has entered the security management area, and exchanges information with the relay device 22 and the authentication server 23. The terminal device 21 holds authentication client software called a supplicant for requesting connection to a network.

  The relay device 22 is connected to, for example, a plurality of terminal devices 21 by wire, and relays authentication processing between the authentication server 23 and the terminal device 21. The relay device 22 is an authentication device that functions as a RADIUS client for the RADIUS server, and performs communication using RADIUS as an authentication protocol for communication with the RADIUS server. The relay device 22 is a LAN switch or the like that supports IEEE 802.1X and RADIUS, and connects the terminal device 21 to the network for each port 22a in cooperation with the authentication server 23.

  The authentication server 23 is a RADIUS server in RADIUS authentication, and includes a user information storage unit (not shown) that holds information about a user who requests connection to the network, and authenticates the terminal device 21 via the relay device 22 that is a RADIUS client. Processing is performed, and whether to access to the network is notified according to the authentication result.

  A user information storage unit (not shown) included in the authentication server 23 holds an account ID, which is information to be authenticated for uniquely identifying a user in the network, and a password corresponding to the account ID.

  The actual authentication procedure by the network authentication system 20 is defined by EAP (Extensible Authentication Protocol). In the network authentication system 20, a user ID (account ID) and a password are input to various EAP that can be used in IEEE802.1X, for example, EAP-MD5 (EAP-Message Digest alogorithm5) and PEAP (Protected-EAP). EAP that is required to be performed, EAP-TLS (EAP-Transport Layer Security) that authenticates using a digital electronic certificate, or the like can be used.

  The cooperation control device 30 is provided so as to pass through an authentication packet exchanged during the authentication process between the relay device 22 and the authentication server 23 of the network authentication system 20, and the facility system 10 and the network authentication system 20. And linked control.

  Using the entrance / exit information transmitted from the facility system 10, the cooperation control device 30 manages the staying state (occupancy state) of the user in the facility system 10 such as entering the security management area, and this occupancy state Accordingly, the authentication is performed by determining whether the network authentication request transmitted as an access request from the terminal device 21 to the authentication server 23 via the relay device 22 is passed or rejected without being passed. As a premise of user authentication by the server 23, use authentication of the terminal device 21 is performed for the user.

  Further, the cooperation control device 30 uses the entrance / exit information transmitted from the equipment system 10 in a state where the connection to the network has already been authenticated for the user, and the equipment system such as leaving the security management area. 10 can manage the user's occupancy state, and can perform control such as disconnecting the network connected to the terminal device 21 according to the occupancy state.

  FIG. 2 is a block diagram illustrating a configuration of the cooperation control device 30. The cooperation control device 30 includes an external system I / F (interface) 31, an area management unit 32, an internal database 33, a network I / F (interface) 34, a terminal authentication unit 35, and a setting I / F (interface). ), A parameter setting unit 37, a parameter check unit 38, and an operation mode setting unit 39.

  The external system I / F 31 is a communication interface for connecting the facility system 10 and the cooperation control device 30. Communication between the facility system 10 and the cooperation control apparatus 30 via the external system I / F 31 can use a communication standard such as Ethernet (registered trademark), for example. Communication between the facility system 10 and the cooperation control device 30 via the external system I / F 31 is not limited to TCP / IP-based communication, and a non-IP field bus or the like can also be used.

  The area management unit 32 stores the entry / exit information transmitted from the entry / exit control unit 13 via the external system I / F 31 in the internal database 33 or updates the internal database 33 based on the entry / exit information. Thus, the staying state (in-room state) of the user in the security management area is managed.

  The internal database 33 is a database that stores various operation parameters necessary for operating the cooperation control device 30, specifically, the area management unit 32 and the terminal authentication unit 35, and includes a user information storage unit 33A, A room state storage unit 33B, an authentication state storage unit 33C, a system information storage unit 33D, and a setting information storage unit 33E are provided.

  The user information storage unit 33 </ b> A is a card ID (authenticated information for uniquely identifying a user in the facility system 10 (an IC card held by a previously registered user and used when the facility system 10 enters and leaves the room). 2), the account ID, the occupancy time, and the occupancy time are stored in association with each other. The operation parameters stored in the user information storage unit 33A are set by a parameter setting unit 37 described later. These operation parameters are static information, and once set by the parameter setting unit 37, they are not changed until a new user registration or a system change is held.

  FIG. 3 is an explanatory diagram showing an example of information stored and held in the user information storage unit 33A and its contents. The account ID is authentication information for uniquely identifying the user in the network. When the card ID is notified from the facility system 10, the area management unit 32 refers to the user information storage unit 33A to acquire the account ID corresponding to the card ID, and stores the occupancy state based on the acquired account ID. The update process of the unit 33B is executed.

  The occupancy time indicates the time allowed to continue in the security management area permitted by the user specified by this account ID. This occupancy time is compared with the occupancy time that indicates how long the user has been in the security management area so far, and if this occupancy time exceeds the occupancy time, For example, the terminal authentication unit 35 disconnects the network connection to the terminal device 21 used by the user, or denies authentication of an access request to the network. The occupancy time is obtained by the area management unit 32 by referring to the occupancy start time stored in the occupancy state storage unit 33B described later.

  The occupancy time indicates a time zone in which the user specified by this account ID is allowed to stay in the security management area, and depends on a set of occupancy start time and occupancy end time. It is configured. This occupancy time is compared with the current time, and if the current time is outside the occupancy time range, the terminal authentication unit 35, for example, connects to the terminal device 21 used by the user. Is disconnected, or a request to access the network is not permitted.

  The occupancy state storage unit 33B stores the occupancy room number and the occupancy start time in association with each account ID that is authentication information for uniquely identifying the user in the network. The operation parameter stored in the occupancy state storage unit 33B is dynamic information, and is updated as needed by the area management unit 32 according to a change in the state of the user managed in the facility system 10.

  FIG. 4 is an explanatory diagram showing an example of information stored in the occupancy state storage unit 33B and its contents. The occupancy room number is a number (room ID) that identifies the security management area in which the user is currently occupying the room. The area management unit 32 specifies whether or not the user is currently in the security management area from the entrance / exit information transmitted from the facility system 10 when there is a change in the state of the user. In the case of occupancy, the occupancy state storage unit 33B stores the room ID that specifies the security management area as the occupancy room number.

  The occupancy start time is the entry time to the security management area specified from the entry / exit information transmitted when there is a state change from the equipment system 10, and the occupancy start time is the time when the occupancy is started in the security management area Is shown. This occupancy start time is used for comparison with the occupancy time in the security management area at the time of network authentication or the like.

  The authentication status storage unit 33C stores a relay device ID and a relay device port number in association with each account ID, which is information to be authenticated for uniquely identifying a user in the network. The information stored in the authentication status storage unit 33C is dynamic information, and is updated as needed by the terminal authentication unit 35 according to the network authentication status of the user managed by the network authentication system 20.

  FIG. 5 is an explanatory diagram showing an example of information stored in the authentication status storage unit 33C and its contents. The relay device ID indicates the IP address of the relay device 22 to which the terminal device 21 permitted to authenticate the user specified by the account ID among the plurality of terminal devices 21 provided in the security management area is connected. The terminal authentication unit 35 relays the IP address of the relay device 22 to which the terminal device 21 permitted to authenticate the user connects when the access request to the network is permitted by the relay device 22 and the authentication server 23. The device ID is stored in the authentication state storage unit 33C. In addition, the terminal authentication unit 35 deletes the corresponding relay device ID from the authentication state storage unit 33C on the condition that the network connection to the terminal device 21 permitted to authenticate the user is disconnected.

  The relay device port number indicates the number of the port 22a of the relay device 22 to which the terminal device 21 permitted to authenticate the user specified by the account ID among a plurality of terminals provided in the security management area is connected. . When the relay device 22 and the authentication server 23 are permitted to authenticate the access request to the network, the terminal authentication unit 35 sets the port 22a number of the relay device 22 to which the terminal device 21 permitted to authenticate the user is connected. The authentication state storage unit 33C stores the relay device port number. Further, the terminal authentication unit 35 deletes the corresponding relay device port number from the authentication state storage unit 33C on the condition that the network connection to the terminal device 21 permitted to authenticate the user is disconnected.

  The system information storage unit 33D stores an entry door ID, an exit door ID, and a relay device ID in association with each room ID that is an identification number for uniquely specifying the security management area of the facility system 10. is doing. The operation parameters stored in the system information storage unit 33D are set by a parameter setting unit 37 described later. These operation parameters are static information, and once set by the parameter setting unit 37, they are held without being changed until there is a system change or the like.

  FIG. 6 is an explanatory diagram showing an example of information stored and held in the system information storage unit 33D and its contents. The entrance door ID is an ID of an entrance door provided in the security management area of the facility system 10, for example, the device ID of the entrance card reader 11 of the entrance system 10 corresponding to the entrance door on a one-to-one basis. Can be used. The exit door ID is an ID of an exit door provided in the security management area of the facility system 10, for example, the device ID of the exit card reader 12 of the facility system 10 corresponding to the exit door on a one-to-one basis. Can be used. A plurality of entrance door IDs and exit door IDs can be set according to the number of doors provided in the security management area.

  The relay device ID is an ID for identifying the relay device 22 installed in the security management area. For example, the IP address of the relay device 22 can be used. A plurality of relay device IDs can be set according to the number of relay devices 22 set in the security management area.

  The setting information storage unit 33E stores basic communication information including operation parameters necessary for communication between the facility system 10 and the network authentication system 20. Details of the basic communication information will be described later. The setting information storage unit 33E can store arbitrarily set operation parameters such as an administrator ID and password, communication-related detailed configuration data, SNMP agent function setting data, and log function setting data.

  The network I / F 34 is a communication interface for performing communication between the cooperation control device 30, the relay device 22, and the authentication server 23. The network I / F 34 corresponds to Ethernet (registered trademark) or a TCP / IP stack.

  When the terminal authentication unit 35 receives an access request to the network using the account ID made to the authentication server 23 from the user via the terminal device 21, the terminal authentication unit 35 manages the user managed by the area management unit 32. Based on the occupancy state, as a premise of user authentication (RADIUS authentication) by the authentication server 23, the use authentication of the terminal device for the user is performed.

  Specifically, the terminal authentication unit 35 executes processing related to RADIUS authentication performed between the terminal device 21, the relay device 22, and the authentication server 23. Therefore, the terminal authentication unit 35 relays the RADIUS packet transmitted / received between the relay device 22 and the authentication server 23 in the RADIUS authentication. The terminal authentication unit 35 also has a function of recalculating an authentication code defined in the RADIUS standard. At this time, the terminal authentication unit 35 stores the secret sharing held in the relay device 22 and the authentication server 23 which are stored in the setting information storage unit 33E of the internal database 33 and are necessary for confirming the validity of the RADIUS communication. The correspondence relationship between the key and the IP address of the communication partner is referenced as necessary.

  Further, the terminal authentication unit 35 uses the information included in the RADIUS packet of the network authentication request transmitted from the relay device 22 and the information stored in the internal database 33 to perform authentication processing (use authentication of the terminal device for the user). ) To determine whether the network authentication request is transferred to the authentication server 23 or rejected. When the terminal authentication unit 35 makes a rejection response, the terminal authentication unit 35 generates a rejection response packet and transmits it to the relay device 22.

  The setting I / F 36 is a communication interface that connects the management terminal 40 and the cooperation control device 30 used by the administrator. Communication between the management terminal 40 and the cooperation control device 30 via the setting I / F 36 can use a communication standard such as Ethernet (registered trademark), for example. A system administrator can manage static information stored in the internal database 33 from the outside using an HTTP (S) server, Telnet, or the like, using the management terminal 40.

  The parameter setting unit 37 sets operation parameters based on the information transmitted from the management terminal 40 via the setting I / F 36. Specifically, the parameter setting unit 37 converts the operation parameter transmitted from the management terminal 40 into a predetermined data format and stores it in the internal database 33. The operation parameters set by the parameter setting unit 37 are checked for deficiencies in the operation parameters by the parameter check unit 38 before being stored in the internal database 33, and only the operation parameters that pass this check are stored in the internal database. 33.

  The operation parameters set by the parameter setting unit 37 typically include basic communication information, area management information, and terminal authentication information.

  FIG. 7 is an explanatory diagram showing an example of parameter information and operation parameters included in the basic communication information. The basic communication information includes operation parameters necessary for communication between the facility system 10 and the network authentication system 20. As operation parameters included in the basic communication information, an IP address and subnet mask that are address information on the network authentication system 20 side of the cooperation control device 30, an IP address that is address information on the facility system 10 side of the cooperation control device 30, and Subnet mask is mentioned. In addition to this, the IP address and shared key that are the setting information of the authentication server 23, the IP address that is the setting information of the entry / exit control unit 13, the IP address and the shared key that are the setting information of the relay device 22, and the like Is mentioned.

  FIG. 8 is an explanatory diagram showing an example of parameter information and operation parameters included in the area management information. The area management information includes operation parameters used by the area management unit 32 to manage the user's occupancy state in the security management area, and includes room ID, entrance door ID and exit door ID, user name, card ID, and the like. This is the case.

  The room ID is an operation parameter set for each security management area, and is setting information for specifying each security management area. The entrance door ID and the exit door ID are operation parameters set for each room ID, and are setting information for specifying a door corresponding to each security management area. The user name is setting information for identifying individual users. Note that the user name itself does not function as a substantial operation parameter in the cooperation control device 30, but functions as a secondary operation parameter, such as identification of a user by an administrator. The card ID is an operation parameter set for each user, and is setting information for specifying the IC card 2 corresponding to each user.

  FIG. 9 is an explanatory diagram showing an example of parameter information and operation parameters included in the terminal authentication information. The terminal authentication information includes operation parameters used by the terminal authentication unit 35 to authenticate the use of the terminal device 21 for the user, and the relay area ID, the account ID, and the like correspond to this.

  The relay area ID is an operation parameter set for each relay apparatus 22 and is setting information for specifying a security management area in which the relay apparatus 22 is installed. This relay area ID corresponds to the room ID which is the setting information of the security management area described above. The account ID is an operation parameter set for each user (for example, card ID), and is setting information for identifying a user account corresponding to the user (card ID).

  The parameter setting unit 37 stores basic communication information in the information transmitted from the management terminal 40 in the setting information storage unit 33E of the internal database 33.

  In addition, the parameter setting unit 37 stores the area management information and the terminal authentication information in the information transmitted from the management terminal 40 in the user information storage unit 33A or the system information storage unit 33D of the internal database 33.

  Specifically, the parameter setting unit 37 stores the room ID that is the area management information as the room ID of the system information storage unit 33D. Then, the parameter setting unit 37 stores the entrance door ID and the exit door ID, which are area management information, corresponding to the room ID, as the room ID in the entrance door ID and the exit door ID of the system information storage unit 33D. Also, the parameter setting unit 37 stores the relay device 22 (for example, the IP address of the relay device 22 that is basic communication information) installed in the relay area ID that is terminal authentication information corresponding to the room ID in the system information storage. It is stored as the relay device ID of the unit 33D. As a result, the system information storage unit 33D is associated with the room ID, the entrance door ID, the exit door ID, and the relay device ID for each security management area.

  The parameter setting unit 37 stores the card ID that is the area management information as the card ID of the user information storage unit 33A. The parameter setting unit 37 stores the account ID corresponding to the card ID, which is terminal authentication information, in the account ID of the user information storage unit 33A. In this embodiment, the occupancy time and occupancy time of the user information storage unit 33A are not treated as indispensable area management information (operation parameter), but this is indispensable area management information (operation parameter). ), The parameter setting unit 37 stores the occupancy time and occupancy time as the area management information in the occupancy time and occupancy time of the user information storage unit 33A. Thereby, in user information storage part 33A, account ID, occupancy time, and occupancy time will be related for every card ID.

  The parameter check unit 38 determines whether or not the operation parameter set by the parameter setting unit 37 is imperfectly set (parameter check process). Specifically, the parameter check unit 38 performs an unset check process for determining deficiencies in operation parameter settings and an operation set by the parameter setting unit 37 when there is no operation parameter set by the parameter setting unit 37. When the parameters are not consistent, a consistency check process for determining incomplete setting of operation parameters is executed. Details of these processes will be described later.

  The operation mode setting unit 39 selects an operation mode according to the check result by the parameter check unit 38 from a plurality of different operation modes. Then, the operation mode setting unit 39 manages the operation states of the area management unit 32 and the terminal authentication unit 35 based on the selected operation mode. In the present embodiment, the operation modes that can be selected by the operation mode setting unit 39 are the normal operation mode in which the area management unit 32 and the terminal authentication unit 35 are operated, and the operation of at least one of the area management unit 32 and the terminal authentication unit 35, respectively. And an operation stop mode for stopping the operation.

  The operation stop mode is further subdivided and includes an operation stop mode, an area management stop mode, and a terminal authentication stop mode. Here, the operation stop mode is a mode in which the operations of both the area management unit 32 and the terminal authentication unit 35 are stopped. The area management stop mode is a mode in which the terminal authentication unit 35 is operated, but the operation of the area management unit 32 is stopped. The terminal authentication stop mode is a mode in which the area management unit 32 is operated, but the operation of the terminal authentication unit 35 is stopped.

  FIG. 10 is a timing chart illustrating an operation performed by the cooperation control device 30 according to the present embodiment.

  First, when an operation parameter setting request is made to the parameter setting unit 37 from the management terminal 40 in step S1, the parameter setting unit 37 in step S2 determines the operation parameter based on the information from the management terminal 40. Set up.

  When setting the operation parameters, the parameter check unit 38 checks for deficiencies in the operation parameters set by the parameter setting unit 37, and if it is determined that there are no deficiencies in the operation parameters based on this check result, various operation parameters are set. The setting is made in the internal database 33, and the setting of operation parameters is completed. The parameter check process by the parameter check unit 38 will be described later.

  In a state where the operation parameters are set, the user enters the security management area where the network is constructed from the door managed by the entrance / exit control unit 13. Specifically, the user puts the IC card 2 in the room card reader 11. In response to this, the entrance / exit control unit 13 reads the information stored in the semiconductor memory of the IC card 2, authenticates the card ID, and unlocks the locked electric lock. Then, the entrance / exit control unit 13 controls the card ID of the IC card 2, the entrance door ID that uniquely identifies the unlocked door, the information indicating the entrance, and the entrance / exit time as entrance / exit information. To device 30.

  In step S3, when the area management unit 32 of the cooperative control device 30 receives the entry / exit information from the facility system 10 via the external system I / F 31, the entry / exit information is stored in the occupancy state storage unit 33B of the internal database 33. And the current occupancy status of the user in the security management area is stored (updated) (step S4).

  Specifically, the area management unit 32 searches the user information storage unit 33A using the card ID of the IC card 2 transmitted from the entrance / exit control unit 13, and stores it in association with this card ID. Get an account ID. Further, the area management unit 32 searches the system information storage unit 33D using the entrance door ID transmitted from the entrance / exit control unit 13, and specifies a security management area associated with the entrance door ID. Get an ID. Then, the area management unit 32 stores the acquired room ID in the occupancy state storage unit 33B as the occupancy room number in association with the account ID acquired from the user information storage unit 33A. In addition, when the entry / exit information transmitted from the entry / exit control unit 13 is information indicating entry, the area management unit 32 uses the entry / exit time included in the entry / exit information as the occupancy start time. The data is stored in the storage unit 33B.

  A user who has entered the security management area attempts to connect the terminal device 21 to the network by transmitting a network authentication request as an access request from the terminal device 21 via the relay device 22 according to the IEEE 802.1X procedure. In the initial state, since the connection between the terminal device 21 and the network is disconnected by the relay device 22, the terminal device 21 can communicate only with the relay device 22.

  First, in order to connect to the network, the user inputs an account ID and a password from the terminal device 21 and transmits a network authentication request, which is an authentication packet, to the relay device 22.

  The terminal device 21 transmits a network authentication request to the relay device 22 as a MAC (Media Access Control) frame including an EAP message. At this time, the account ID is transmitted in plain text, and the password is transmitted in a hashed state.

  The relay device 22 extracts the EAP message from the MAC frame, transfers it to the IP packet, and transmits it to the cooperation control device 30. Specifically, the relay device 22 stores the EAP message extracted from the relay device 22 in the data portion of the RADIUS packet and transmits it to the cooperation control device 30 using UDP of the upper layer of IP.

  In the authentication sequence in the RADIUS authentication process between the relay device 22 and the authentication server 23, only the EAP message of the first RADIUS packet transmitted as a network authentication request from the relay device 22 is EAP-Type = Identity data that is a plain text account ID. Exists. In the RADIUS packet, in addition to this account ID, the IP address of the relay device 22 as information of the relay device 22, the port number of the relay device 22 to which the terminal device 21 is connected, and the like are described as RADIUS attribute information.

  In step S5, the terminal authentication unit 35 receives the RADIUS packet for the network authentication request via the network I / F 34, and receives the identity data attached to the EAP message of the received RADIUS packet for the network authentication request (performed the network authentication request). User's account ID). Further, the terminal authentication unit 35 acquires the IP address of the relay device 22 to which the terminal device 21 that has made the network authentication request is connected and the port number of the relay device 22 to which the terminal device 21 is connected.

  In step S <b> 6, the terminal authentication unit 35 requests the region management unit 32 to determine whether the user is in the room by transmitting the account ID and the IP address of the relay device 22 among the acquired information to the region management unit 32. To do.

  The area management unit 32 that has received the user's occupancy determination first uses the acquired account ID as a key, and the occupancy time and occupancy time stored in the user information storage unit 33A, and the occupancy state storage unit The occupancy room number and the occupancy start time stored in 33B are searched. The area management unit 32 searches for the room ID stored in the system information storage unit 33D using the acquired IP address of the relay device 22 as a key. The room ID indicates a security management area in which the relay device 22 that has transmitted the network authentication request is installed.

  When the following conditions (1) to (3) are satisfied, the area management unit 32 determines that the user is legally present in the security management area, and displays the determination result as a terminal. It transmits to the authentication unit 35. On the other hand, if any one of the following conditions (a) to (c) is not satisfied, the presence determination is not performed and the determination result is transmitted to the terminal authentication unit 35.

(1) The occupancy room number acquired from the occupancy state storage unit 33B is compared with the room ID acquired from the system information storage unit 33D, and the user exists in the security management area, and network authentication is performed from this security management area. (2) The occupancy time acquired from the user information storage unit 33A is compared with the occupancy time, and the user does not exist in the security management area beyond the occupancy time. (3) It is a time zone in which the user can stay in the security management area by comparing the available time acquired from the user information storage unit 33A with the current time. In step S7, terminal authentication is performed. When the area management unit 32 determines that the user is in the room as the determination result of the presence determination, the unit 35 authenticates the use of the terminal device 21 for the user. Is transmitted (transferred) to the authentication server 23. Specifically, the terminal authentication unit 35 transmits a network authentication request to the authentication server 23 via the network I / F 34.

  On the other hand, in step S8, if the terminal authentication unit 35 does not determine the user's legitimate occupancy from the area management unit 32 as a determination result of the occupancy determination, the terminal authentication unit 35 authenticates the use of the terminal device 21 to the user. An authentication rejection packet is transmitted to the relay device 22 in order to disallow it. Specifically, the terminal authentication unit 35 rejects transmission of the network authentication request to the authentication server 23, generates a rejection response packet, and transmits it to the relay device 22 via the network I / F 34. The relay device 22 notifies the terminal device 21 of a rejection response indicating that the network authentication request has been rejected based on the transmitted rejection response packet.

  In response to the transmission of the network authentication request to the authentication server 23, an authentication response that is a packet transmitted from the authentication server 23 to which the EAP message is attached and an authentication request that is a packet transmitted from the terminal device 21 are exchanged. Thus, the authentication process on the user's network is executed.

  Specifically, the authentication server 23 performs collation processing with information stored in a user information storage unit (not shown) using the account ID attached to the network authentication request as a key. The authentication server 23 hashes the password of the target user associated with the transmitted account ID and stored in the user information storage unit with a predetermined hash function, and is hashed attached to the network authentication request. Compare with the password and check if the hashed passwords match. At this time, the terminal authentication unit 35 of the cooperation control device 30 passes through the authentication request and the authentication response between the terminal device 21 and the authentication server 23 without performing anything. The relay device 22 functions as a relay device that performs only EAP message transfer as described above.

  The authentication server 23 relays either an authentication permission notification indicating that the authentication by the authentication server 23 has been performed or an authentication disapproval notification indicating that the authentication has not been performed via the terminal authentication unit 35 of the cooperation control device 30. Transmit to device 22. When receiving the authentication permission notification from the authentication server 23, the relay device 22 opens the line between the terminal device 21 and the network. Accordingly, the user can access the network via the terminal device 21 and can communicate with other terminal devices 21 on the network.

  On the other hand, when the relay device 22 receives the authentication non-permission notification from the authentication server 23, the relay device 22 sends a message notifying that the authentication is not permitted without releasing the line between the terminal device 21 and the network. Send to.

  When receiving an authentication permission notification from the authentication server 23, the terminal authentication unit 35 stores the network authentication result in the authentication state storage unit 33 </ b> C of the internal database 33. Information stored in the authentication status storage unit 33C includes, for example, an account ID, a device ID (IP address) that uniquely identifies the relay device 22 to which the terminal device 21 is connected, and a relay that is open to the network. For example, the port number of the device 22.

  Based on such a series of authentication sequences, the operation mode setting procedure by the cooperation control device 30 will be described below. FIG. 11 is an explanatory diagram showing a transition state of the operation mode set by the operation mode setting unit 39 of the cooperation control device 30. This operation mode is set by the operation mode setting unit 39 according to the check result by the parameter check unit 38 executed according to the setting of the operation parameter of the parameter setting unit 37.

  When the cooperation control device 30 is activated and the parameter setting unit 37 sets operation parameters as shown in step S2 of FIG. 10, the parameter check unit 38 executes parameter check processing. This parameter check process is a process executed for each of various operation parameters, and includes the above-described unset check process and consistency check process.

[Unset check processing]
In this unset check process, the parameter check unit 38 refers to the operation parameter set by the parameter setting unit 37, determines whether or not a value is set as the operation parameter, and sets any value as the operation parameter. If not, determine whether the operation parameter is set incorrectly (parameter not set). It should be noted that there are operation parameters that do not necessarily need to be set initially in the various operation parameters, so that each operation parameter is weighted and any value is set for the essential operation parameter. Only when no is input, it may be determined that the operation parameter is not set correctly.

[Consistency check processing]
In this consistency check process, the parameter check unit 38 refers to the operation parameters set by the parameter setting unit 37 and performs a parameter condition check process and a parameter relationship check process.

  In the parameter condition check process, it is determined whether or not the operation parameter set by the parameter setting unit 37 has a predetermined condition. Some operating parameters have predetermined conditions that can be set as parameters depending on the nature of the parameters. For example, the IP address and subnet mask are values in the range of 0 to 255, the shared key is one-byte alphanumeric characters and less than the upper limit number of characters, and the room ID does not exceed the set number of security management areas. It is. The parameter check unit 38 performs a parameter condition check process on the various operation parameters set by the parameter setting unit 37 as a processing target, and determines whether or not the corresponding operation parameter is not set when the operation parameter does not satisfy the condition. To do.

  In the parameter relationship check process, it is determined whether or not the operation parameters set by the parameter setting unit 37 are consistent. The parameter check unit 38 has a relationship between the operation parameters set by the parameter setting unit 37 and a relationship between the operation parameters set by the parameter setting unit 37 and the operation parameters stored in the internal database 33. On the other hand, a parameter relation check is performed.

  The parameter relationship check includes a duplication check and a link relationship check. In the overlap check, it is determined whether or not the operation parameters that should be inherently overlap each other. For example, the IP address, account ID, or card ID must each be a unique value.

  In the link relation check, it is determined whether or not there is a contradiction between the operation parameters associated with each other. For example, in the operation parameter setting of the system information storage unit 33D, an entrance door ID and an exit door ID that do not correspond to a room ID cannot be set, and a relay device ID that is assigned a relay area ID that does not correspond to a room ID is set. It seems that they cannot do it.

  The parameter check unit 38 performs a parameter relation check process on various operation parameters set by the parameter setting unit 37 as a processing target. If the operation parameters are not consistent, the parameter check unit 38 determines that the corresponding operation parameter is not set correctly. To do.

  When such a parameter check process is performed, the parameter check unit 38 specifies whether the operation parameter corresponding to any of the basic communication information, the area management information, and the terminal authentication information has a setting defect. As shown in FIG. 11, the operation mode setting unit 39 sets the operation mode as follows according to the processing result of the parameter check processing.

(A) When basic communication information, area management information, and terminal authentication information are not incompletely set The operation mode setting unit 39 selects the normal operation mode. In this mode, each of the area management unit 32 and the terminal authentication unit 35 operates, so that the cooperation control device 30 executes cooperation between the facility system 10 and the network authentication system 20 as in a series of operations shown in FIG. Is done.

(B) When it is determined that the basic communication information has a setting defect, or when it is determined that both the area management information and the terminal authentication information have a setting defect. The operation mode setting unit 39 sets the operation stop mode to select. In this mode, the operations of both the area management unit 32 and the terminal authentication unit 35 are stopped. Therefore, the facility system 10 and the network authentication system 20 are not linked by the linkage control device 30, and each of them functions individually. Execute. In the network authentication system 20, the relay device 22 sends the RADIUS packet at the time of authentication to the authentication server 23 via the cooperation control device 30 according to the IP address set as primary (IP address of the cooperation control device 30). However, when the terminal authentication unit 35 of the cooperation control device 30 stops operating, the RADIUS packet at the time of authentication is cooperated according to the IP address set as the secondary (the IP address of the authentication server 23). The data is transmitted to the authentication server 23 via the control device 30. Thereby, the authentication process in the network authentication system 20 is executed without using the cooperation control device 30.

(C) When it is checked that only the area management information has a setting deficiency The operation mode setting unit 39 selects the area management stop mode. In this mode, since the operation of the area management unit 32 is stopped in a state where only the terminal authentication unit 35 is operating, only the relationship between the network authentication system 20 and the cooperation control device 30 is the operation process shown in FIG. Once executed, the facility system 10 performs its function by itself.

(D) When it is checked that only terminal authentication information has a setting defect The operation mode setting unit 39 selects a terminal authentication stop mode. In this mode, since the operation of the terminal authentication unit 35 is stopped in a state where only the area management unit 32 is operated, only the relationship between the equipment system 10 and the cooperation control device 30 is the operation process shown in FIG. Once executed, the network authentication system 20 performs its function alone.

  While the operation stop mode, the area management mode, or the terminal authentication stop mode is selected, the administrator can check the current operation mode with the management terminal 40 as shown in FIG.

  When the operation terminal mode, the area management mode, or the terminal authentication stop mode is set, if the management terminal 40 requests the parameter setting unit 37 to set an operation parameter for the setting failure, the parameter setting unit 37 sets operating parameters. At this time, the parameter check unit 38 executes the parameter check process described above, permits setting to the parameter setting unit 37 on the condition that there is no setting defect in the operation parameter to be set, and restarts the cooperation control device 30. Allow startup. The newly set operation parameter becomes effective after the cooperation control device 30 is restarted.

  As described above, according to the present embodiment, the operation mode is selected according to the determination result of the setting defect of the operation parameter to be set, and the operation states of the area management unit 32 and the terminal authentication unit 35 are managed accordingly. The For this reason, it is possible to suppress a situation that may cause an operation failure due to an inadequate setting of the operation parameter, and thus it is possible to suppress such a situation in advance.

  Further, according to the present embodiment, when it is determined that there is a setting defect in the operation parameter, the operation stop mode is selected, so that the operation of at least one of the area management unit 32 and the terminal authentication unit 35 is stopped. be able to. Therefore, it is possible to suppress a situation in which an operation failure may occur in at least one of the area management unit 32 and the terminal authentication unit 35. If it is determined that there is no setting defect in the operation parameter, the normal operation mode is selected, and thus both the area management unit 32 and the terminal authentication unit 35 are operated. As a result, since the area management unit 32 and the terminal authentication unit 35 are operated in a situation where no operation failure can occur in the area management unit 32 or the terminal authentication unit 35, the facility system 10 and the network authentication system 20 Can improve the reliability of cooperation.

  Further, according to the present embodiment, the parameter check unit 38 can identify whether there is an operation parameter that is incompletely set in basic communication information, area management information, or terminal authentication information. As a result, it is possible to effectively identify a target portion where an operation failure may occur.

  Further, according to the present embodiment, when the basic communication information, or both the area management information and the terminal authentication information are imperfectly set, the operation stop mode is selected. For this reason, it is possible to suppress a situation in which a malfunction may occur in the operations of both the area management unit 32 and the terminal authentication unit 35. Thereby, the malfunction which may generate | occur | produce in a system can be suppressed beforehand.

  Further, according to the present embodiment, when there is a setting defect only in the area management information, the area management stop mode is selected, so that it is possible to suppress a situation in which a malfunction may occur in the operation of the area management unit 32. it can. In addition, by operating only the terminal authentication unit 35, which is not a situation in which a malfunction may occur, it is possible to realize a function of cooperation control even though it is incomplete while suppressing a malfunction that may occur in the system. it can. For example, since the internal database 33 reflects the network authentication state of the user in the network authentication system 20, even if the area management information is reset and the operation of the area management unit 32 is resumed, the cooperation between the systems Can be realized effectively.

  In addition, according to the present embodiment, when only the terminal authentication information has a setting defect, the terminal authentication stop mode is selected, so that it is possible to suppress a situation in which a malfunction may occur in the operation of the terminal authentication unit 35. it can. In addition, by operating only the area management unit 32, which is not a situation in which a malfunction may occur, it is possible to realize a cooperation control function even though it is incomplete while suppressing a malfunction that may occur in the system. it can. For example, since the internal database 33 reflects a change in the state of the user in the facility system 10, even if the terminal authentication information is reset and the operation of the terminal authentication unit 35 is restarted, the cooperation between the systems is It can be realized effectively.

  In addition, according to the present embodiment, the parameter check unit 38 can perform non-setting check processing and consistency check processing to determine operation parameter setting deficiencies in various ways. It is possible to determine effectively that the setting of the operation parameter due to the cause is inadequate. This also makes it possible to easily identify the cause of the setting failure.

  Further, according to the present embodiment, since the consistency check process includes the parameter condition check process and the parameter relation check process, it is possible to determine the setting deficiency of the operation parameter from various aspects. It is possible to effectively determine that the operation parameters are not set correctly. This also makes it possible to easily identify the cause of the setting failure.

  Furthermore, according to the present embodiment, the setting deficiency that occurred before the restart is permitted by permitting the restart in which the set operation parameter is valid on the condition that the set operation parameter has no setting deficiency. Can be prevented from being repeated again.

The conceptual diagram which shows the whole structure of the network management system 1 concerning 1st Embodiment. The block diagram which shows the structure of the cooperation control apparatus 30 Explanatory drawing which shows an example of the information memorize | stored and held by the user information storage part 33A, and its content Explanatory drawing which shows an example of the information memorize | stored in the occupancy state memory | storage part 33B, and its content Explanatory drawing which shows an example of the information memorize | stored in the authentication status memory | storage part 33C, and its content Explanatory drawing which shows an example of the information memorize | stored and hold | maintained by the system information storage part 33D, and its content Explanatory diagram showing an example of parameter information and operation parameters included in basic communication information Explanatory drawing which shows an example of the parameter information and operation parameter which are included in area management information Explanatory drawing which shows an example of the parameter information and operation parameter which are contained in terminal authentication information Timing chart showing the operation of the cooperation control device 30 of the present embodiment Explanatory drawing which shows the transition state of the operation mode set by the operation mode setting part 39 of the cooperation control apparatus 30 Explanatory drawing which shows the example of a display which displays an operation mode

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Network management system 2 IC card 10 Equipment system 11 Entrance card reader 12 Exit card reader 13 Entrance / exit control unit 20 Network authentication system 21 Terminal device 22 Relay device 22a Port 23 Authentication server 30 Cooperation control device 31 External system I / F
32 area management unit 33 internal database 33A user information storage unit 33B occupancy state storage unit 33C authentication state storage unit 33D system information storage unit 33E setting information storage unit 34 network I / F
35 Terminal Authentication Unit 36 Setting I / F
37 Parameter setting section 38 Parameter check section 39 Operation mode setting section 40 Management terminal

Claims (9)

An entry / exit management system that manages the entry / exit of the user in the security management area in accordance with the processing result of the user authentication based on the first authenticated information for uniquely identifying the user;
A network that restricts access to a network according to a result of user authentication processing by an authentication server based on second authenticated information that uniquely identifies a user, with a terminal device provided in the security management area as a processing target In the linkage control device that links the authentication system with each other,
Area management means for managing the staying state of the user in the security management area based on the entering / exiting information indicating the change in the state of the user in the security management area, transmitted from the entry / exit management system;
The user's staying state managed by the area management means while relaying the access request to the network using the second authenticated information made to the authentication server from the user via the terminal device Terminal authentication means for authenticating the use of the terminal device for the user,
Parameter setting means for setting operation parameters necessary for operating the area management means and the terminal authentication means;
Parameter checking means for determining whether or not the operation parameter set by the parameter setting means has a setting defect;
An operation mode corresponding to the determination result by the parameter check unit is selected from a plurality of different operation modes, and the operation state of the area management unit and the terminal authentication unit is managed based on the selected operation mode. And an operation mode setting means. The plurality of operation modes include an operation stop mode for stopping operation of at least one of the area management means and the terminal authentication means, and a normal operation mode for operating the area management means and the terminal authentication means, respectively.
The operation mode setting means selects the operation stop mode when the parameter check means determines that the operation parameter is incompletely set, and the parameter check means does not have the operation parameter incompletely set. 2. The cooperation control apparatus according to claim 1, wherein when the determination is made, the normal operation mode is selected. The operating parameters are:
Basic communication information including operating parameters used to communicate with the entry / exit management system and the network authentication system;
Area management information including operation parameters used by the area management means to manage the staying state of the user in the security management area;
Terminal authentication information including operation parameters used by the terminal authentication means to perform use authentication of the terminal device for a user,
3. The cooperative control according to claim 2, wherein the parameter check unit determines whether any of the basic communication information, the area management information, or the terminal authentication information includes an operation parameter that is not set correctly. apparatus. The operation stop mode includes an operation stop mode for stopping the operations of both the area management unit and the terminal authentication unit,
The operation mode setting unit determines that the parameter check unit determines that the basic communication information has a setting failure, or determines that both the area management information and the terminal authentication information have a setting failure. The cooperation control device according to claim 3, wherein the operation stop mode is selected when the operation is stopped. The operation stop mode includes an area management stop mode in which the terminal authentication unit is operated to stop the operation of the area management unit,
The operation mode setting means selects the area management stop mode when the parameter check means determines that the area management information is incompletely set in the area management information and the terminal authentication information. The cooperation control device according to claim 3 or 4, characterized by the above-mentioned. The operation stop mode includes a terminal authentication stop mode in which the area management unit is operated to stop the operation of the terminal authentication unit,
The operation mode setting means selects the terminal authentication stop mode when the parameter check means determines that the terminal authentication information is incompletely set in the area management information and the terminal authentication information. The cooperation control device according to any one of claims 3 to 5, wherein The parameter check means includes
When the operation parameter set by the parameter setting means does not exist, unset check processing for determining the setting deficiency of the operation parameter;
7. A consistency check process for determining incomplete setting of the operation parameter when the operation parameter set by the parameter setting unit is inconsistent. The cooperation control apparatus described in the item. The consistency check process includes:
A parameter condition check process for determining whether or not the operation parameter set by the parameter setting means has a predetermined condition;
The cooperative control apparatus according to claim 7, further comprising: a parameter relationship check process for determining whether or not there is a contradiction between the operation parameters set by the parameter setting unit.   9. The parameter check unit according to claim 1, wherein the parameter check unit permits the restart in the operation stop mode on condition that the operation parameter set by the parameter setting unit has no setting defect. The cooperation control device described in one item.

Images