JP2008108136A - Authentication processing apparatus and cooperation setting apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To remove harmful effects due to setting of a plurality of overlapped access times to the same door of the same user while using personnel information. <P>SOLUTION: An authentication processing apparatus includes: a table which associates user specification information uniquely specifying users with user attribute information specifying users' belongings; a table which prescribes authentication permission time zones when entrance to arbitrary physical areas is permitted; a table which specifies door information specifying doors for partitioning of entering and leaving prescribed physical areas; and a table which associates user attribute information, authentication permission time zones, and door information with one another. Authentication processing is performed on the basis of the associated authentication permission time zone from user attribute information acquired on the basis of user specification information, and one of authenticated authentication permission time zones is determined on the basis of a prescribed rule when a plurality of pieces of user attribute information associated with the user specification information are present. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an entrance / exit management system that performs entrance / exit management based on information to be authenticated, and more particularly, to an authentication processing device and a linkage setting device that perform authentication processing in entrance / exit management using personnel information.

  Leakage of confidential information by applying an entry / exit management system (access control device) that manages the entry / exit of workers who handle confidential information in companies that frequently handle confidential information or specific departments within the company Is to prevent in advance.

  Generally, an entrance / exit management system uses information that uniquely identifies a user, such as a user ID (IDentification) incorporated in an IC (Integrated Circuit) card given to the user, or biometric information (fingerprint, iris, voiceprint, etc.). Advanced authentication that handles confidential information by unlocking the locked door for entry / exit when personal authentication is performed by the host computer for entrance / exit management and it is authenticated that the user is a registered valid user. Management such as permitting entry into the security level area.

Further, in such an access control device, it is necessary to set a passable place and a time zone for each individual for the information of the individual to be managed, so that access control that can simplify complicated setting operations is possible. An apparatus is disclosed (for example, refer to Patent Document 1).
JP-A-6-185249

  By the way, with the heightened security awareness in the office, there is an increasing demand for more detailed entry qualifications. For example, in an office set up in a building, all employees belonging to the office are allowed to enter the building during the daytime on weekdays. Only employees who belong to some departments that work at night are allowed to enter the building.

  As described above, it is easy to set up employee entry qualifications by utilizing personnel information that defines information related to employees. The personnel information is information that defines employee attributes such as the employee's department, gender, and position. In other words, if you set the access time that gives permission to enter the building for each department to which the employee belongs, using the personnel information, it is easy to set the employee entry permission for each department as described above. be able to.

  However, when personnel information is applied to the technique disclosed in Patent Document 1, there arises a problem that a plurality of overlapping access times are set for the same door of the same user. If multiple access times are set in this way, use is permitted even during times when the use permission should not be granted, or vice versa. Inconveniences such as not being permitted occur.

  Therefore, the present invention has been proposed in view of the above-described situation, and while using personnel information that defines employee attributes that make it easy for an administrator of an entry / exit management system, It is an object of the present invention to provide an authentication processing apparatus and a cooperation setting apparatus that can eliminate the adverse effects caused when a plurality of overlapping access times are set for the same door.

  The authentication processing apparatus of the present invention permits entry into a physical area, a first table that associates user identification information that uniquely identifies a user, and user attribute information that identifies the user's affiliation. A second table that prescribes an authentication permission time zone, a third table that specifies door information that specifies a door that separates the entrance to and exit from a predetermined physical area, and the user attribute information of the first table; From the fourth table that associates the authentication permission time zone of the second table with the door information of the third table, and the user attribute information acquired from the first table based on the user specifying information, the An authentication processing means for performing an authentication process based on an authentication permission time zone of the second table associated by a fourth table, and an association with user identification information in the first table; The authentication permission time zone determining means for determining the authentication permission time zone based on a predetermined rule among the authentication permission time zones authenticated by the authentication processing means when a plurality of user attribute information is present. The above-mentioned problem is solved.

  In the authentication processing device of the present invention, the second table has time information for specifying a time when the authentication permission time zone is set, and the authentication permission time zone determination means When there are a plurality of user attribute information associated with the user identification information, among the authentication permission time zones authenticated by the authentication processing means, the authentication permission time zone having the newest time information as the predetermined rule. By deciding, the above-mentioned problem is solved.

  In the authentication processing apparatus of the present invention, the second table gives priority to each authentication permission time zone, and the authentication permission time zone determination means associates with the user identification information in the first table. If there are a plurality of user attribute information, the authentication permission time zone having the highest priority as the predetermined rule among the authentication permission time zones authenticated by the authentication processing means, Solve the problem.

  In the authentication processing device of the present invention, the authentication permission time zone determining means may use the authentication rule as the predetermined rule when there are a plurality of user attribute information associated with the user specifying information in the first table. The above-described problem is solved by performing a logical operation on the authentication permission time zone authenticated by the processing means to determine the authentication permission time zone.

  Further, in the authentication processing device of the present invention, the fourth table has attribute information indicating an expiration date, and the authentication permission time zone determining means is associated with the user specifying information in the first table. When there are a plurality of user attribute information, the authentication permission time zone is determined based on the expiration date as the predetermined rule among the authentication permission time zones authenticated by the authentication processing means, thereby solving the above-described problem. To do.

  Further, the authentication processing apparatus of the present invention is a registered door information generating means for generating an authentication permission time zone for each of the user specifying information and for each of the door information when there is an update in information that changes the authentication permission time zone. By providing the above, the above-described problems are solved.

  The cooperation setting device of the present invention permits entry into a physical area, a first table that associates user identification information that uniquely identifies a user, and user attribute information that identifies the user's affiliation. A second table that prescribes an authentication permission time zone, a third table that specifies door information that specifies a door that separates the entrance to and exit from a predetermined physical area, and the user attribute information of the first table; When the authentication permission time zone of the second table and the fourth table that associates the door information of the third table with information that changes the authentication permission time zone, the user identification is performed. An authentication process that includes a registration door information generation unit that generates an authentication permission time zone for each piece of information and the door information, and performs an authentication process based on an original authentication permission time zone using the user identification information and the door information Equipment and By achieving cooperation, to solve the problems described above.

  In addition, the cooperation setting device of the present invention has a common that associates the authentication processing device's unique authentication permission time zone that has a common concept with the authentication permission time zone of another authentication processing device so that it can be recognized in common. By providing the means, the above-mentioned problems are solved.

  According to the present invention, when performing entrance / exit management using personnel information, even if there are a plurality of user attributes to which a user belongs due to concurrent duties, etc., a plurality of authentication permission time zones are defined as one. Make it possible. Further, it is possible to easily cope with a case where there are many changes in user attributes.

  Further, the search can be performed in a very short time, and the authentication processing speed can be increased.

  Further, it is possible to cope with strict conditions by setting priorities.

  In addition, it is possible to define a rule for determining a new authentication permission time zone in consideration of the overlapping condition.

  In addition, it is possible to easily change the setting even if it is a transfer or temporary assignment.

  Furthermore, according to the present invention, the authentication permission time zone for each user specifying information and each door information is generated in advance when information in various databases is updated, so that the actual authentication processing is reduced. It is possible to increase the speed.

  Furthermore, according to the present invention, when entering / exiting management using personnel information is performed, it is possible to cooperate with an existing authentication processing apparatus.

  Further, it is possible to facilitate centralized management of authentication information for a plurality of authentication processing devices without changing the settings of existing authentication processing devices.

  Embodiments of the present invention will be described below with reference to the drawings.

[First Embodiment]
First, an entrance / exit management system 1 will be described as a first embodiment of the present invention with reference to FIG. As shown in FIG. 1, the entrance / exit management system 1 includes an equipment system 10, an authentication processing device 20, and a personnel management system 30.

  The facility system 10 of the entrance / exit management system 1 and the authentication processing device 20 manage the entry / exit of users from a low security level area (low security level area) to a high confidential information area (high security level area). To do.

  The personnel management system 30 is a system that manages personnel information such as employees who are users of the room entry / exit management system 1. The personnel information is information that defines employee attributes such as the employee's department, gender, and position. The personnel management system 30 provides personnel information as appropriate in response to a request from the authentication processing device 20.

  The entrance / exit management system 1 may be of any form as long as it manages the entry / exit from the low security level area to the high security level area, for example, the high security level area and the low security level area. The level area is separated by a door or the like, and movement to each area is permitted according to the authentication process.

  The entrance / exit management system 1 performs authentication processing for all users who wish to enter the advanced security level area, and authenticates only legitimate users registered in advance and permits entry into the advanced security level area. Further, the entrance / exit management system 1 performs an authentication process on a user who wants to leave the high security level area as necessary, and permits the user to leave the high security level area. The low security level region and the high security level region are separated by a door 12 having an electric lock that can be locked and unlocked by an electrical action.

  Specifically, the equipment system 10 is, for example, a non-contact IC card owned by the user by a card reader 11 provided outside the room R1 which is an advanced security level area provided outside the advanced security level area. (Integrated Circuit) Reads information stored in a semiconductor memory (not shown) 5. The authentication processing device 20 is an electric lock that is locked by an entrance / exit control unit (not shown) when it is authenticated as a valid user based on a card ID that is information to be authenticated among the information read by the card reader 11. Is allowed to enter the advanced security level area.

  The entrance / exit management system 1 uniquely identifies the IC card 5 among the information stored in the IC card 5 owned by the user when unlocking the locked electric lock by such an authentication process. The card ID, the door ID (DNO: door number) unique to the locked door, and information indicating whether the room is entered or exited are transmitted to the authentication processing device 20. The information indicating whether to enter or leave the room may be indicated by, for example, a device ID that uniquely identifies the card reader 11.

The authentication processing device 20 includes a personnel information database 21, an organization master database 22, a physical information database 23, an access time database 24, a linkage setting database 25, and information stored in various databases, and an entry / exit permission determination unit. 27, the linkage setting unit 26 for setting information used in the entrance / exit permission determination and the card reader 11
An entrance / exit permission determination unit 27 that determines entrance / exit determination permission based on information read from the card 5 is provided.

  The personnel information database 21 stores personnel information acquired from the personnel management system 30. For example, the employee basic information table ST1 that associates the employee number (No) and the employee's first and last name as shown in FIG. 2A, or the employee number and the employee affiliation code as shown in FIG. An employee affiliation information table ST2 is stored.

  The organization master database 22 stores an affiliation master table MT1 that associates affiliation codes and affiliation names as shown in FIG.

  The physical information database 23 includes a door information table TT1 that associates a door number (DNO) and a door name as shown in FIG. 4A, and a gate group registration door that associates a door number (DNO) with a gate group code. An information table GT1 and a gate group information table GT2 in which gate group codes and work districts are associated are stored.

  The access time database 24 and the linkage setting database 25 are subjected to setting processing by the linkage setting unit 26 before the entrance / exit management system 1 operates.

  Here, the setting processing operation of the database set in the access time database 24 and the cooperation setting database 25 by the cooperation setting unit 26 will be described using the flowchart shown in FIG. As a result of this processing operation, a database for determining the user entry qualification is constructed in the cooperation setting database 25.

  In step S1, the cooperation setting unit 26 acquires the affiliation master table MT1 from the organization master database 22 and the gate group information table GT2 from the physical information database 23. The gate group information GT2 is information for managing a gate group that is a set unit of doors managed by the authentication processing device 20. Specifically, a gate group defines a set of doors that are boundaries of a certain physical space such as a room, an entire building, or an entire door in a site.

  In step S <b> 2, the cooperation setting unit 26 generates an access time table AT <b> 1 for designating the entry / exit permitted day of the week and the entry / exit permitted time zone for each access time ID, as shown in FIG. 6, and stores it in the access time database 24. Let

  In step S3, the cooperation setting unit 26 associates the affiliation code of the affiliation master table MT1, the zone code obtained by hierarchizing the gate group information table GT2, and the access time ID of the access time master table AT1 with reference to FIG. ) And an access zone table Z1 classified by affiliation shown in FIG.

  A zone is a concept in which gate groups that define a set of doors are further hierarchized, and a plurality of gate groups are defined for each zone code as in the zone registration gate group information table Z2 shown in FIG. 7B. It is a logical set unit that can. The access zone table Z1 classified by affiliation shown in FIG. 7A enables an administrator who manages the entrance / exit management system 1 to manage the physical configuration information in a hierarchical manner.

  Next, the entrance / exit permission determination processing operation by the entrance / exit permission determination unit 27 will be described using the flowchart shown in FIG. For explanation, at 20:00 on April 3, 2006 (nighttime on weekdays), the user No. Assume that the user of “M0001” tries to enter the door of the door number (DNO) “D00001”.

  In step S <b> 11, the user causes the card reader 11 to read the IC card 5. The card reader 11 acquires the card ID stored in the IC card 5, the door number (DNO) of the door where the card reader 11 is installed, and the reading time, and sends it to the entrance / exit permission determination unit 27 of the authentication processing device 20. Send out and inquire about admission qualification. If the time when the card reader 11 reads the card ID of the IC card 5 and the time when the card reader 11 inquires the entrance / exit permission determination unit 27 are short enough that the authentication determination process is not hindered, the reading time is unnecessary. Become.

  Further, the entrance / exit management system 1 may be provided with a time management server system (not shown) that manages accurate time in order to obtain time consensus between the card reader 11 and the authentication processing device 20.

  In step S12, the entrance / exit permission determination unit 27 refers to the card information table CT1 as shown in FIG. 2C from the acquired card ID, and determines whether the IC card 5 is within the expiration date. The entry / exit permission determination unit 27 advances the process to step S13 when the IC card 5 is within the expiration date, and advances the process to step S20 when the IC card 5 is not within the expiration date.

  In step S <b> 13, the entrance / exit permission determination unit 27 refers to the personnel information database 21 using the card ID as a key, and acquires the affiliation code of the user holding the IC card 5. For example, the entrance / exit permission determination unit 27 acquires the employee affiliation code from the employee affiliation information table ST2 shown in FIG. 2B using the user ID of the card information table CT1 as a key.

  In step S14, the entrance / exit permission determination unit 27 refers to the gate group registration door information table GT1 shown in FIG. 4B of the physical information database 23 using the door number (DNO) as a key, and the gate group including the corresponding door. Get the code.

  In step S15, the entrance / exit permission determination unit 27 uses the combination of the affiliation code acquired in step S13 and the gate group code acquired in step S14, as shown in FIG. Refer to the access zone table Z1 by affiliation, and obtain corresponding linkage setting information. For example, when the user belongs to a plurality of departments or the door is included in a plurality of gate groups, a plurality of pieces of cooperation setting information can be acquired.

  In step S <b> 16, the entrance / exit permission determination unit 27 determines whether there is valid linkage setting information. The entry / exit permission determination unit 27 advances the process to step S17 when the valid cooperation setting information exists, and advances the process to step S20 when the effective cooperation setting information does not exist.

  For example, the user No. In the case of the user “M0001”, referring to the employee affiliation information table ST2 shown in FIG. 2B, it can be seen that the user belongs to the affiliation codes “S0001”, “S0002”, and “S9999”.

  On the other hand, referring to the gate group registered door information table GT1 shown in FIG. 4B, the door with the door number (DNO) “D0001” belongs to the gate group represented by the gate group code “G0001”. I understand. Therefore, it can be seen from the zone registration gate group information table Z2 of FIG. 7B that the zone groups “Z0001” and “Z9999” belong.

  Therefore, referring to the affiliation access zone table Z1 shown in FIG. 7A, the access authority code “A0001” is obtained from the affiliation codes “S0001”, “S0002”, “S9999” and the zone codes “Z0001”, “Z9999”. , “A0002” and “A9001” correspond to the three pieces of cooperation setting information.

  In step S <b> 17, the entrance / exit permission determination unit 27 acquires a time zone in which the user can enter the room from the valid cooperation setting information. Specifically, the entrance / exit permission determination unit 27 refers to the access zone table Z1 by affiliation and acquires the access time ID of the valid cooperation setting information. As described above, in the access zone table Z1 by affiliation shown in FIG. 7A, the access authority codes of the valid linkage setting information are “A0001”, “A0002”, and “A9001”. It can be seen that the access time IDs are “T0001” and “T0002”.

  The entry / exit permission determination unit 27 refers to the access time master table AT1 of the access time database 24, and acquires a time zone in which entry is possible from the access time ID.

  In step S18, the entrance / exit permission determination unit 27 determines whether or not the room can be entered by comparing the acquired time zone when the room can be entered with the time for inquiring about the entry qualification or the time when the card ID of the IC card 5 is read. To do. The entry / exit permission determination unit 27 proceeds to step S19 to give entry permission when it is a time zone in which entry is possible, and proceeds to step S20 to enter the room if it is not in a time zone in which entry is possible. Not allowed.

  At this time, when there are a plurality of access time IDs, the entrance / exit permission determination unit 27 selects any one access time ID based on a predetermined rule.

  Therefore, by selecting any one of the access time IDs in the access time master table AT1 of the access time database 24, the result of the room permission with respect to the room entry time is changed.

  The predetermined rules will be described below. First, it is possible to define a rule that a determination is made based on data having the earliest registration date and time registered in the access time master table AT1. As shown in FIG. 6, since the data with the earliest registration date / time exists in the upper part of the access time master table AT1, there is an advantage that it can be searched in a very short time. Therefore, the authentication processing speed can be increased.

  Subsequently, as shown in FIG. 6, for each access time ID of the access time master table AT1, a priority is set as attribute information, and a rule is selected so that an access time with a high priority is selected. Also good. By setting the priority in this way, it becomes possible to cope with a stricter condition.

  Further, by calculating the logical sum or logical product of the access times, specifically, the logical sum or logical product of the entry / exit permission days of the access time master table AT1 shown in FIG. A rule for determining a new authentication permission time zone in consideration can also be defined.

  Further, by setting the start date when the data in the table becomes valid and the end date when it becomes invalid as an attribute of the access zone table Z1 by affiliation shown in FIG. 7, for example, the affiliation code “S0002” Even if the user in the department of the office has changed the work location from “G0001” to “G0002” from October 1, 2006, it is not necessary to individually change the entry qualifications of all employees It is possible to set in advance. Therefore, the setting can be easily changed even if it is a transfer or temporary assignment.

  As described above, the entrance / exit management system 1 shown as the first embodiment of the present invention, when executing the entrance / exit management using the personnel information by the authentication processing device 20, the user attribute to which the user belongs due to concurrent duties or the like Even if there are a plurality of authentication permission periods, a plurality of authentication permission time zones can be defined as one. Moreover, even if there are many changes in user attributes, it can be easily handled.

[Second Embodiment]
Next, the entrance / exit management system 2 will be described as a second embodiment of the present invention with reference to FIG. As shown in FIG. 9, the entrance / exit management system 2 includes a card registration door information generation unit 28 and a card registration in the authentication processing device 20 of the entrance / exit management system 1 described as the first embodiment with reference to FIG. The door database 29 is added. Accordingly, overlapping portions are denoted by the same reference numerals, and description thereof is omitted.

  The entrance / exit management system 1 shown as the first embodiment described above requires the processing shown in the flowchart of FIG. 8 for each IC card 5 every time the user executes entrance / exit, but belongs to a plurality of departments. When there are many concurrent workers, there is a problem that it takes a lot of processing time because it is necessary to complicate data access at the time of authentication.

  Therefore, card registration door information is generated in advance in the card registration door database 29 by the card registration door information generation unit 28 according to the procedure described using the flowchart shown in FIG.

  In step S21, the card registration door information generation unit 28 belongs from the personnel information database 21, the physical information database 23, the access time database 24, and the cooperation setting database 25, belonging, gate group, door number (DNO), access time, cooperation setting information. All the various data is acquired.

  In step S22, the card registration door information generation part 28 calculates | requires the entrance time of each door for every affiliation from the acquired data, and implements the deletion of a duplicate item.

  In step S <b> 23, the card registration door information generation unit 28 acquires all the card and employee data from the personnel information database 21.

  In step S24, the card registration door information generation part 28 calculates | requires the entrance time slot | zone of each door for every card | curd from the acquired data, and implements the deletion of a duplicate item.

  In step S25, the card registration door information generation unit 28 generates a card registration door information table CT2 that defines an authentication permission time zone for each door number (DNO) and each card ID as shown in FIG. Store in the registered door database 29.

  Next, the entrance / exit permission determination processing operation by the entrance / exit permission determination unit 27 will be described using the flowchart shown in FIG.

  In step S31, the user causes the card reader 11 to read the IC card 5. The card reader 11 acquires the card ID stored in the IC card 5, the door number (DNO) of the door where the card reader 11 is installed, and the reading time, and sends it to the entrance / exit permission determination unit 27 of the authentication processing device 20. Send out and inquire about admission qualification. If the time when the card reader 11 reads the card ID of the IC card 5 and the time when the card reader 11 inquires the entrance / exit permission determination unit 27 are short enough that the authentication determination process is not hindered, the reading time is unnecessary. Become.

  In step S32, the entrance / exit permission determination unit 27 refers to the card registration door database 29 using the card ID as a key, refers to the card registration door information table CT2 shown in FIG. 11, and acquires the card registration door information.

  In step S33, the entrance / exit permission determination unit 27 determines whether the IC card 5 is within the expiration date. The entrance / exit permission determination unit 27 advances the process to step S34 when the IC card 5 is within the expiration date, and advances the process to step S38 when the IC card 5 is not within the expiration date.

  In step S34, the entrance / exit permission determination unit 27 determines whether or not the entry qualification information within the expiration date is managed for the card ID and the door number (DNO). The entrance / exit permission determination unit 27 advances the process to step S36 if the entry qualification information within the expiration date is managed, and advances the process to step S35 if not.

  In step S35, the entrance / exit permission determination unit 27 shifts the processing to the card registration door information generation unit 28, and again performs the processing of the flowchart shown in FIG. 10 described above, and the card registration door information table shown in FIG. Instruct to update CT2.

  The processing of step S34 and step S35 corresponds to the update of various databases such as the user affiliation in the personnel information database 21 and the cooperation setting database 25 after the card registration door information table CT2 is set in the card registration door database 29. It is a process to do.

  Specifically, the card registration door information generation unit 28 updates the contents of the personnel information database 21, organization master database 22, physical information database 23, access time database 24, linkage setting database 25, and card registration door database 29. The card registration door database 29 may be updated every time the information giving a change in the authentication permission time zone is updated or periodically. Alternatively, the card registration door information generation unit 28 describes the “start date” and “end date” indicating the validity period of the setting data in the card registration door database 29 so that the entrance / exit permission determination unit 27 can register the card. The validity period of the door information table is determined (step S34), and if the information of the IC card 5 is not the validity period, the card registration door information generation unit 28 updates the card registration door information table CT2.

  In step S36, the entrance / exit permission determination unit 27 determines whether or not the room can be entered by comparing the acquired time period when the room can be entered and the time when the inquiry about the entry qualification or the card ID of the IC card 5 is read. To do. The entry / exit permission determination unit 27 proceeds to step S37 to give entry permission when it is a time zone in which entry is possible, and proceeds to step S38 if entry is not allowed in the entry time zone. Not allowed.

  As described above, the entrance / exit management system 2 shown as the second embodiment of the present invention uses the authentication processing device 20 to update the authentication permission time zone for each user identification information and each door number in various databases. In this case, it is generated in advance, so that it is possible to increase the speed by reducing the actual authentication process.

[Third Embodiment]
Next, an entrance / exit management system 3 shown as a third embodiment of the present invention will be described with reference to FIG. The entrance / exit management system 3 shown as the third embodiment has a configuration for dealing with a case where an existing authentication processing device is used. As shown in FIG. 13, an authentication processing device 20A having an entrance / exit permission determination unit 27, a card registration door database 29, and an individual access time database 43, a personnel information database 21, an organization master database 22, a physical information database 23, an access time. The database 24, the linkage setting database 25, the linkage setting unit 26, the card registration door information generation unit 28, the common access time generation unit 41, and the linkage setting device 40 having the access time linking database 42 are separated and configured. An authentication processing device can be used.

  In addition, the part which overlaps with the entrance / exit management system 1 shown as 1st Embodiment mentioned above and the entrance / exit management system 2 shown as 2nd Embodiment attaches | subjects the same code | symbol, and abbreviate | omits description.

  In addition, by providing the cooperation setting device 40 with various databases that are updated as needed in this way, a system configuration with a plurality of authentication processing devices 20A and one cooperation setting device can be formed. However, when the system configuration is such that a plurality of authentication processing devices 20A are provided in this way, it is assumed that the access time differs for each existing authentication processing device 20A. For example, as shown in FIGS. 14A and 14B, in different regions (Tokyo and Osaka), the standard working hours of the access time IDs “t0004” and “t0006” are the access time name, the entry / exit permitted day of the week. It can be seen that even if they are the same, the entrance / exit permission time zones are different. These are stored in the individual access time database 43 of the authentication processing device 20A in each region.

  Therefore, the common access time generation unit 41 of the cooperation setting device 40 generates an access time association information table HT1 as shown in FIG. 14C and stores it in the access time association database 42. As a result, the data in the individual access time database 43 as shown in FIGS. 14A and 14B managed by each authentication processing device 20A and the access time database 24 as shown in FIG. Can be associated with the data of the access time master table AT1. This makes it easy to centrally manage authentication information for a plurality of authentication processing devices 20A without changing the settings of the existing authentication processing device 20A.

  As described above, the entrance / exit management system 3 shown as the third embodiment of the present invention performs the entrance / exit management using the personnel information by the cooperation setting device 40, and the existing authentication processing device 20A. Cooperation can be achieved.

  The above-described embodiment is an example of the present invention. For this reason, the present invention is not limited to the above-described embodiment, and various modifications can be made depending on the design and the like as long as the technical idea according to the present invention is not deviated from this embodiment. Of course, it is possible to change.

It is a figure for demonstrating the structure of the entrance / exit management system shown as the 1st Embodiment of this invention. It is the figure which showed the table regarding personnel information. It is the figure which showed the table regarding affiliation. It is the figure which showed the table regarding physical information. It is a flowchart for demonstrating the production | generation process operation | movement of the table set to a cooperation setting database. It is the figure which showed the access time master table. It is the figure which showed the table set to a cooperation setting database. It is a flowchart for demonstrating the processing operation of the entrance / exit management system shown as a 1st Embodiment of this invention. It is a figure for demonstrating the structure of the entrance / exit management system shown as the 2nd Embodiment of this invention. It is a flowchart for demonstrating the registration processing operation | movement to a card registration door database. It is the figure shown about the card registration door information table. It is a flowchart for demonstrating the processing operation of the entrance / exit management system shown as the 2nd Embodiment of this invention. It is a figure for demonstrating the structure of the entrance / exit management system shown as the 3rd Embodiment of this invention. It is the figure which showed the access time table.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Entrance / exit management system 2 Entrance / exit management system 3 Entrance / exit management system 5 IC card 10 Equipment system 11 Card reader 12 Door 20 Authentication processing apparatus 20A Authentication processing apparatus 21 Personnel information database 22 Organization master database 23 Physical information database 24 Access time Database 25 Cooperation setting database 26 Cooperation setting part 27 Entrance / exit permission determination part 28 Card registration door information generation part 29 Card registration door database 30 Personnel management system 40 Cooperation setting apparatus 41 Common access time generation part 42 Access time linking database 43 Individual access Time database

Claims (8)

A first table that associates user identification information that uniquely identifies a user with user attribute information that identifies the user's affiliation;
A second table defining an authentication permission time zone for allowing entry into an arbitrary physical area;
A third table for identifying door information for identifying a door separating the entrance to and exit from a predetermined physical area;
A fourth table associating the user attribute information of the first table, an authentication permission time zone of the second table, and door information of the third table;
Authentication processing means for performing an authentication process based on an authentication permission time zone of the second table associated with the fourth table from user attribute information acquired from the first table based on the user specifying information;
In the first table, when there are a plurality of user attribute information associated with the user identification information, the authentication permission time zone is determined based on a predetermined rule among the authentication permission time zones authenticated by the authentication processing means. An authentication processing apparatus comprising: an authentication permission time zone determination unit. The second table has time information for specifying a time when the authentication permission time zone is set,
In the first table, when there are a plurality of pieces of user attribute information associated with the user identification information, the authentication permission time zone determination unit is configured to select the predetermined time among the authentication permission time zones authenticated by the authentication processing unit. The authentication processing device according to claim 1, wherein a rule is determined as an authentication permission time zone having the newest time information. The second table gives a priority for each authentication permission time zone,
In the first table, when there are a plurality of pieces of user attribute information associated with the user identification information, the authentication permission time zone determination unit is configured to select the predetermined time among the authentication permission time zones authenticated by the authentication processing unit. The authentication processing device according to claim 1, wherein a rule is determined to be an authentication permission time zone having the highest priority. In the first table, the authentication permission time zone determining means, when there are a plurality of user attribute information associated with the user specifying information, as the predetermined rule, the authentication permission time zone authenticated by the authentication processing means. The authentication processing device according to claim 1, wherein an authentication permission time zone is determined by performing a logical operation on the authentication processing device. The fourth table has attribute information indicating an expiration date,
In the first table, when there are a plurality of pieces of user attribute information associated with the user identification information, the authentication permission time zone determination unit is configured to select the predetermined time among the authentication permission time zones authenticated by the authentication processing unit. The authentication processing apparatus according to claim 1, wherein an authentication permission time zone is determined based on the expiration date as a rule. The registration door information generation means for generating an authentication permission time zone for each of the user specifying information and the door information when information giving a change in the authentication permission time zone is updated. The authentication processing device described. A first table that associates user identification information that uniquely identifies a user with user attribute information that identifies the user's affiliation;
A second table defining an authentication permission time zone for allowing entry into an arbitrary physical area;
A third table for identifying door information for identifying a door separating the entrance to and exit from a predetermined physical area;
A fourth table associating the user attribute information of the first table, an authentication permission time zone of the second table, and door information of the third table;
When there is an update in the information that changes the authentication permission time zone, for each of the user identification information, a registered door information generating means for generating an authentication permission time zone for each door information,
A cooperation setting device characterized in that the user setting information and the door information are used to cooperate with an authentication processing device that performs authentication processing based on a unique authentication permission time zone. The authentication processing device further comprises a common means for associating the authentication processing device with an authentication permission time zone of another authentication processing device that has a common concept with a common concept. 7. The cooperation setting device according to 7.

Images