JP2008242580A - Entrance and exit authentication system, entrance and exit system, entering/leaving authentication method and program for entrance and exit authentication - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform individual authentication without using any personal information, and to prevent impersonation and manage entrance and exit. <P>SOLUTION: A user makes an authentication medium 400 communicate with an authentication unit 500 in advance in the case of performing an authenticating operation. When detecting the communication with the authentication unit 500, the authentication medium 400 encrypts member information with a cryptrographic key, and transmits the encrypted data to an entering/leaving system 100. Then, the entering/leaving system 100 transfers the encrypted data to an authentication institute server 30, and requests authentication to a third person authentication institute 300. The authentication institute server 30 decrypts the encrypted data by using a group authentication key, and restores the member information. When the encrypted data are decrypted, the authentication institute server 30 decides that the group authentication of the user has been successful. Then, the entering/leaving system 100 finally achieves the principal authentication of the user based on the decision result of the authentication institute server 30. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an entrance / exit authentication system for authenticating an individual at the time of entrance / exit, an entrance / exit authentication method, and an entrance / exit authentication program, and in particular, an entrance / exit authentication system that can authenticate by a third-party certification body and prevent impersonation. The invention relates to an entrance / exit authentication method and an entrance / exit authentication program. The present invention also relates to an entrance / exit system, a certification authority server, and an authentication medium included in the entrance / exit authentication system. The present invention also relates to a certificate authority program for a certificate authority server to perform authentication processing.

  Various entrance / exit authentication systems have been proposed that manage entrance / exit into a building or organization and authenticate the person at the entrance / exit. For example, Patent Literature 1 describes an entrance management system using an IC card that stores biometric information. In the entrance management system described in Patent Document 1, identity verification is performed based on biometric information from an IC card, and the electronic signature is decrypted using the private key of the IC card. Judgment is made whether there is a room or not.

  Further, for example, in Patent Document 2, the personal information of the worker is transmitted from each company side to the ASP system on the authentication processing side, and the authentication registration process is performed so that the worker of each company is authenticated on the ASP system side. A method is described.

JP 2002-89100 A (paragraphs 0015-0021, FIG. 4-5) JP 2004-334394 A (paragraphs 0008-0014, FIG. 1)

  FIG. 9 is a block diagram showing an example of the configuration of the entrance / exit authentication system. As shown in FIG. 9, the entrance / exit authentication system includes an entrance / exit system 910 and a personnel system 920. In addition, the user performs an authentication operation at the time of entry / exit using an authentication medium 940 (for example, an IC card).

  The personnel system 920 includes a member information database 921 that stores member information related to members in the organization, and functions as a means for managing member information. The entrance / exit system 910 functions as a means for controlling entrance / exit. The entrance / exit system 910 also functions as a means for executing processing for authenticating that the user is a member of the organization at the time of entrance / exit. The authentication medium 940 functions as a means for authenticating that the user is a member of an organization (for example, means for storing authentication information).

  The entrance / exit authentication system shown in FIG. 9 performs the following operation. First, the personnel system 920, which is a means for managing configuration information, generates an authentication medium unique to each member in the organization, and the generated authentication medium is assigned to each member. The member who has the authentication medium makes the authentication medium 940 as a means for authenticating that he / she is a member close to, for example, a reader provided in the entrance / exit system 910. The entrance / exit system 910 performs authentication processing based on the authentication information read from the authentication medium 940 and performs entrance / exit control.

  In the entrance / exit authentication system described in FIG. 9 and the like, generally, an entrance / exit system 910 including an authentication device directly accesses an authentication database (a database storing authentication information) and executes an authentication process. That is, the entrance / exit system 910 including an authentication device inquires of the database or system in which authentication information is stored whether the authentication information of the user who has requested authentication is registered. Therefore, when an authentication device is used for entry / exit, the entrance / exit authentication system needs to operate a user information database in which personal information of users including authentication information is registered. Therefore, it takes time to register and delete personal information, and it is necessary to take measures to prevent information leakage.

  Further, increasing the number of authentication devices in the entrance / exit authentication system increases the security risk, so it is difficult to increase the number of authentication devices positively. For this reason, it is difficult to make an authentication request from an authentication device in an organization other than the organization where the entrance / exit system 910 is installed, and it is possible to manage entrance / exit well between organizations when exchange between the organizations is desired. Can not.

  Even if an authentication request is issued from an authentication device in the organization where the entrance / exit system 910 is installed, there is a so-called “spoofing” problem when authentication is performed using an authentication medium. When managing exits, the problem of “spoofing” is more likely to occur.

  As a method of preventing impersonation, it is conceivable to acquire an image such as a face at the time of authentication and collate it with face information (face image) or the like registered in advance. However, when entering or leaving other organizations, the user's video cannot be acquired, and impersonation cannot always be prevented. In addition, in order to perform personal authentication from face information or the like, it is necessary to register face information in the database in advance, which is expensive and the management burden of the face information database is large.

  In addition, biometric authentication using face information (face image) or the like is often performed as a method for preventing impersonation, but since the data capacity is large, it cannot be stored and carried in an authentication medium, which is convenient for the user. The nature is low. In addition, since face information and the like may change with age, there is a possibility that a situation may occur in which entry into the room is rejected despite the identity of the user.

  In addition, if the systems and methods described in Patent Document 1 and Patent Document 2 are combined, the cost and management burden of the entrance / exit system on the organization side can be increased by performing authentication by a third-party certification organization outside the organization. It can be prevented to some extent. However, there is no change to authenticating the user's personal information, and information leakage may still occur.

  Therefore, the present invention is capable of authenticating an individual without using personal information, preventing impersonation, and managing entrance / exit, an entrance / exit system, a certification authority server, an authentication medium, an entrance / exit authentication method, The purpose is to provide an exit authentication program and a certification body program.

  The entrance / exit authentication system according to the present invention includes an authentication medium (for example, authentication medium 400) carried by the user and an entrance / exit system (for example, entrance / exit system 100) for managing entrance / exit, and the authentication medium is a predetermined medium. Based on communication detection means (for example, realized by the authentication device communication means 404) for detecting communication with the authentication device (for example, the authentication device 500) and detection of communication with the predetermined authentication device by the communication detection means. Identification information transmitting means (for example, realized by the entrance / exit system communication means 402) that transmits user identification information (for example, member information such as an employee number) that can identify the user to the entrance / exit system, The entrance / exit system converts the user identification information received from the authentication medium into a certificate authority server (for example, an authentication server) operated by a predetermined certificate authority (for example, the third party certificate authority 300). The identification information transfer means (for example, realized by the certification authority communication means 102) to be transmitted to the authority server 30) and the authentication result of the group authentication corresponding to the user identification information are received from the certification authority server, and the received authentication result is And a user authentication means (for example, realized by the authentication operation execution means 104) for authenticating the user.

  In the entrance / exit authentication system, the certificate authority server includes an authentication execution unit (for example, realized by the group authentication execution unit 304) that executes group authentication processing based on the user authentication information received from the entrance / exit system. It may include an authentication result transmission unit (for example, realized by the entrance / exit system communication unit 303) that transmits the authentication result of the group authentication by the authentication execution unit to the entrance / exit system.

  Further, in the entrance / exit authentication system, the authentication medium is a communication control means (for example, a communication control means for controlling communication with the entrance / exit system not to be performed when the communication detection means cannot detect communication with a predetermined authenticator). (Which is realized by the entrance / exit system communication control means 405).

  In the entrance / exit authentication system, the authentication medium is an authentication information storage unit (for example, realized by the authentication information storage unit 401) that stores user authentication information and a predetermined encryption key (for example, a secret key Xq); Encryption means for encrypting user authentication information using a predetermined encryption key stored in the authentication information storage means (for example, realized by the entrance / exit system communication means 402). The user authentication information encrypted by the encryption means is transmitted to the entrance / exit system, and the certification authority server stores a decryption key storage for storing a predetermined decryption key (for example, a group authentication key (for example, group public key Xp)). Means (for example, realized by the group authentication key database managed by the group authentication key management means 301) and the encryption received from the entrance / exit system Decryption means (for example, realized by the group authentication execution means 304) for decrypting the user authentication information that has been performed using a predetermined decryption key stored in the decryption key storage means, The decryption unit may determine whether or not the authentication is successful based on whether or not the user authentication information received from the entrance / exit system has been decrypted.

  In the entrance / exit authentication system, the authentication medium is realized by organization specifying information storage means (for example, authentication information storage means 401) that stores organization specifying information (for example, organization code A1) that can specify the organization to which the user belongs. And, based on the fact that the communication detecting means detects communication with a predetermined authenticator, the tissue specifying information transmitting means for transmitting the tissue specifying information stored in the authentication information storing means to the entrance / exit system (for example, entrance / exit) The system for entering and leaving the system includes an organization specifying information determining unit (for example, determining whether the organization specifying information received from the authentication medium matches the previously stored organization specifying information). And the user authentication means are adapted to the organization specifying information stored in advance by the organization specifying information determining means. If it is determined not to not perform the authentication of the user, or the user of it may be one which is judged unsuccessfully authentication.

  The entrance / exit system according to the present invention is realized by identification information transfer means (for example, certification authority communication means 102) that transmits user identification information received from an authentication medium carried by a user to a certification authority server operated by a predetermined certification authority. The authentication result of the group authentication corresponding to the user identification information is received from the certification authority server, and based on the received authentication result, the user authentication unit (for example, the authentication operation execution unit 104) performs user authentication. An organization specifying information receiving means (for example, realized by the authentication medium communication means 101) for receiving organization specifying information capable of specifying the organization to which the user belongs from an authentication medium, and an organization specifying information receiving means. Organization identification information determination means for determining whether the received organization identification information matches the organization identification information stored in advance (for example, If the user authentication unit determines that the organization identification information determination unit does not match the organization identification information stored in advance, the user identification is not performed, or the user identification is not performed. It is characterized by determining that it failed.

  The certificate authority server according to the present invention is a certificate authority server operated by a predetermined certificate authority, and performs an authentication execution unit (for example, group authentication execution) based on the user authentication information received from the entrance / exit system. An authentication result transmitting means for transmitting the authentication result of the group authentication by the authentication execution means to the entrance / exit system (for example, realized by the entrance / exit system communication means 303), predetermined decryption Decryption key storage means for storing a key (for example, realized by a group authentication key database managed by the group authentication key management means 301), and encrypted user authentication information received from the entrance / exit system Decryption means (for example, group authentication execution means) for decryption using a predetermined decryption key stored in the storage means The authentication execution means determines whether or not the authentication is successful based on whether or not the decryption means has been able to decrypt the user authentication information received from the entrance / exit system. It is characterized by.

  An authentication medium according to the present invention includes an authentication information storage unit (for example, realized by the authentication information storage unit 401) that stores user authentication information that can identify a user and a predetermined encryption key, and a predetermined authenticator. Communication detecting means for detecting communication (for example, realized by the authenticator communication means 404) and encryption means for encrypting user authentication information using a predetermined encryption key stored in the authentication information storage means (for example, Based on the fact that the communication detecting means detects communication with a predetermined authenticator, the user identification information encrypted by the encrypting means is transmitted to the entrance / exit system. It is characterized by comprising identification information transmitting means (for example, realized by the entrance / exit system communication means 402).

  The entrance / exit authentication method according to the present invention includes a step in which an authentication medium carried by a user detects communication with a predetermined authenticator, and the authentication medium detects communication with a predetermined authenticator. Transmitting user identification information that can be identified to an entrance / exit system that manages entrance / exit, and the entrance / exit system transmits user identification information received from an authentication medium to a certification authority server operated by a predetermined certification authority And an entrance / exit system includes a step of receiving an authentication result of group authentication corresponding to the user identification information from the certification authority server, and performing user authentication based on the received authentication result. To do.

  An entrance / exit authentication program according to the present invention is an entrance / exit authentication program for authenticating an individual at the time of entrance / exit, and the user identification information received from the authentication medium carried by the user is stored in the computer by a predetermined authentication. A user who performs identification information transfer processing to be transmitted to the certification authority server operated by the institution and a group authentication authentication result corresponding to the user identification information from the certification authority server, and performs user authentication based on the received authentication result. Authentication processing, organization identification information reception processing for receiving organization identification information that can identify the organization to which the user belongs from the authentication medium, and whether the organization identification information received from the authentication medium matches previously stored organization identification information If the user identification process determines that it does not match the previously stored organization identification information, the user identification process is executed. The person does not perform the authentication, or is intended for executing a process for determining the failed user authentication.

  A certificate authority program according to the present invention is a certificate authority program for performing authentication processing by a certificate authority server operated by a predetermined certificate authority, and includes a decryption key storage means for storing a predetermined decryption key. Based on the user authentication information received from the entrance / exit system, an authentication execution process for executing the group authentication process, an authentication result transmission process for transmitting the authentication result of the executed group authentication process to the entrance / exit system, and A decryption process for decrypting the encrypted user authentication information received from the exit system using a predetermined decryption key stored in the decryption key storage means is executed. This is to execute a process of determining whether or not the authentication is successful based on whether or not the received user authentication information has been decrypted.

  The present invention proposes a service model in which authentication is performed via a third-party certification organization using group authentication technology that does not directly handle personal information. In the present invention, a third-party certification body authenticates that it is a member of an organization in response to an inquiry from an entry / exit authentication device. Further, if the authentication medium carried by the user does not have a predetermined authenticator nearby, control is performed so as not to communicate with the entrance / exit system. By doing so, the user himself / herself is not authenticated by authenticating the user personally, but by authenticating that the user who uses the authentication medium is the person himself / herself. It is possible to perform authentication without handling personal information.

  According to the present invention, the authentication medium transmits user identification information capable of identifying a user to the entrance / exit system based on detection of communication with a predetermined authenticator, and the entrance / exit system includes the user identification information. Is transmitted to the certification authority server, and the authentication result corresponding to the user identification information is received from the certification authority server to authenticate the user. Accordingly, personal authentication can be performed without using personal information, spoofing can be prevented, and entrance / exit can be managed.

  For example, if the authentication medium can be directly communicated with only the authentication medium, if the authentication medium is stolen, the authentication operation using the authentication medium may be possible due to “spoofing”. is there. In the present invention, since communication with the entrance / exit system is possible after confirming communication with a predetermined authenticator in advance, an authentication operation cannot be performed only by possessing an authentication medium. Can be effectively prevented. In addition, since authentication is performed using only user identification information without using user personal information, the risk of personal information leakage can be reduced.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. First, an application concept of the entrance / exit authentication system according to the present invention will be described. FIG. 1 is an explanatory diagram showing an application concept of an entrance / exit authentication system according to the present invention. In the present embodiment, the entrance / exit authentication system is used, for example, in a company including a plurality of organizations (business departments, etc.) for managing entrance / exit to buildings, rooms, and facilities.

  Note that the entrance / exit authentication system is not limited to a company as long as it is a group composed of a plurality of organizations, and may be used, for example, for purposes of managing entrance / exit in local governments, educational institutions, and the like. Also, for example, in a building where multiple companies are occupying, the tenant company that occupies the building may be used for the purpose of authenticating the entrance. You may use for the use which authenticates.

  In this embodiment, the entrance / exit authentication system does not directly authenticate the user using the user's personal information, but can request the authentication from the third-party authentication organization 300 and allow the user to enter / exit. Group authentication is performed to determine whether the user belongs to an organization. And based on having succeeded in group authentication by the third party authentication organization 300, it determines with having succeeded in the user's identity authentication.

  As shown in FIG. 1, the entrance / exit authentication system includes an entrance / exit system 100 and a personnel system 200 for each organization. As shown in FIG. 1, in the entrance / exit authentication system, authentication is performed by the third-party certification body 300, and the user enters / exits the organization (specifically, entrance / exit to a building or floor). At this time, an authentication operation is performed using the authentication medium 400 and the authenticator 500.

  In this embodiment, the user may perform an authentication operation when entering or leaving the organization to which the user belongs, or may enter or leave an organization other than the organization to which the user belongs within a group such as a company. It is assumed that an authentication operation may be performed at this time. FIG. 1 shows a case where a user registered in the personnel system 200 of the organization to which he belongs performs an authentication operation on the entrance / exit system 100 of an organization other than the organization to which he belongs. In this sense, the entrance / exit system 100 is also called an authenticated organization entrance / exit system, and the personnel system 200 is also called an authenticated organization personnel system.

  First, the third-party certification authority 300 assigns an organization code A1 to the organization A to which the user belongs in advance. Next, the organization A (specifically, the personnel system 200) generates a group public key Xp and a secret key Xq for authentication for the member X of the organization A that is a user. Next, the organization A registers the group public key Xp with the third-party certification authority 300. Further, the organization A generates an authentication medium 400 (for example, an IC card) in which the secret key Xq is recorded in combination with the organization code A1 and the employee number Xi, and makes the member X possess it. In addition, the organization A also has the authenticator 500 in the member X.

  Next, the member X uses the authentication medium 400 to perform an authentication operation on the entrance / exit system 100 and requests personal authentication. In this case, the member X causes the authenticator 500 and the authentication medium 400 possessed to communicate with each other, and causes the authentication medium 400 to confirm the presence of the authenticator 500. The authentication medium 400 performs an authentication operation only when the presence of the authentication device 500 can be confirmed, and does not perform an authentication operation when the presence of the authentication device 500 cannot be confirmed. By doing so, “spoofing” due to theft of the authentication medium 400 can be prevented.

  If the presence of the authenticator 500 can be confirmed, the authentication medium 400 confirms whether the entrance / exit system 100 is a pre-registered system. If the system is registered in advance, the authentication medium 400 transmits the employee number Xi as it is to the entrance / exit system 100 without encryption. For example, when the user (member X) enters or leaves the organization A to which the user belongs, the authentication medium 400 determines that the entrance / exit system 100 is registered in advance, and uses the employee number Xi as it is. Transmit to system 100. Then, the entrance / exit system 100 performs personal authentication based on the received employee number Xi. Note that the authentication medium 400 may transmit the employee number Xi by wired communication or may transmit by wireless communication.

  If the entrance / exit system 100 is not registered in advance, the authentication medium 400 creates encrypted data Yi obtained by encrypting the employee number Xi with the secret key Xq, and enters / exits the encrypted data Yi and the organization code A1. 100 is transmitted. For example, when the user enters / exits the organization B other than the organization A to which the user belongs, the authentication medium 400 determines that it is not the pre-registered entrance / exit system 100 and encrypts the employee number Xi to enter / exit. Transmit to system 100.

  Next, the entrance / exit system 100 determines whether or not the received organization code A1 is registered in the organization database 110. If it is not registered, the entrance / exit system 100 performs control so as not to perform the user authentication determination, or determines (denied) that the user authentication has failed. When the received organization code A1 is registered in the organization database 110, the entrance / exit system 100 transfers the organization code A1 and the encrypted data Yi received from the authentication medium 400 to the third-party certification authority 300. To do.

  Next, the third-party certification authority 300 decrypts the encrypted data Yi using the group public key Xp corresponding to the received organization code A1, and restores the employee number Xi. Then, the third-party certification authority 300 authenticates that the user having the authentication medium 400 that transmitted the encrypted data Yi is a member to which the organization A belongs based on the restored employee number Xi (group authentication). )

  Next, when the authentication is successful, the third-party authentication organization 300 transmits an authentication result (authentication OK) indicating that the authentication has been successful to the entrance / exit system 100. Then, the entrance / exit system 100 determines that the user authentication has been successful, and performs entrance / exit control such as opening the gate. If the authentication fails, the third-party certification authority 300 transmits an authentication result (authentication NG) indicating that the authentication has failed to the entrance / exit system 100. Then, the entrance / exit system 100 performs control so as not to perform the user authentication determination, or determines (denies) that the user authentication has failed. Further, the entrance / exit system 100 does not perform entrance / exit control such as opening the gate.

  Next, the configuration of the entrance / exit authentication system will be described. FIG. 2 is a block diagram showing an example of the configuration of the entrance / exit authentication system according to the present invention. As shown in FIG. 2, the entrance / exit authentication system includes an entrance / exit system 100, a personnel system 200, and a certification authority server 30. The entrance / exit system 100, the personnel system 200, and the certification authority server 30 are connected via a communication network 600 including the Internet and a LAN. As shown in FIG. 1, in the entrance / exit authentication system, the authentication medium 400 and the authenticator 500 are used by the user when entering / leaving into the organization.

  The entrance / exit system 100 is a system installed in an organization such as a company, and specifically, an information processing device such as a personal computer that operates according to a program, and an entrance / exit device such as a gate or an ID card reader / writer. It is realized by. 1 shows one entrance / exit system 100, the entrance / exit authentication system includes an entrance / exit system 100 for each organization.

  FIG. 3 is a block diagram showing an example of the configuration of the entrance / exit system 100. As shown in FIG. 3, the entrance / exit system 100 includes an authentication medium communication unit 101, a certification authority communication unit 102, an organization code management unit 103, an authentication operation execution unit 104, and an organization database 110.

  Specifically, the authentication medium communication means 101 is realized by a CPU of an information processing apparatus that operates according to a program and a reading / writing device such as an IC card reader / writer provided in the entrance / exit system 100. When the authentication medium 400 such as an IC card approaches, the authentication medium communication unit 101 uses identification information (hereinafter also referred to as an entrance / exit system ID) for identifying the entrance / exit system 100 with respect to the authentication medium 400. A function to transmit (write) is provided.

  In this embodiment, the entrance / exit system 100 stores an entrance / exit system ID that can identify the entrance / exit system 100 in advance in a storage device (not shown) such as a hard disk device or a memory. And the authentication medium communication means 101 writes the entrance / exit system ID memorize | stored beforehand in the authentication medium 400 as identification information.

  Further, the authentication medium communication unit 101 has a function of receiving (reading) information from the authentication medium 400. In the present embodiment, the authentication medium communication unit 101 reads member information (for example, employee number Xi) that identifies members of the organization from the authentication medium 400. Alternatively, the authentication medium communication unit 101 reads the organization code for specifying the organization and the encrypted data obtained by encrypting the member information from the authentication medium 400.

  Specifically, the certification authority communication unit 102 is realized by a CPU and a network interface unit of an information processing apparatus that operates according to a program. The certificate authority communication unit 102 has a function of transmitting the organization code and encrypted data read from the authentication medium 400 to the certificate authority server 30 via the communication network 600. Further, the certification authority communication means 102 has a function of receiving an authentication result from the third party certification authority 300 from the certification authority server 30 via the communication network 600.

  Specifically, the organization database 110 is realized by a database device such as a magnetic disk device or an optical disk device. The organization database 110 stores the organization code assigned to each organization from the third party certification organization 300. In the present embodiment, it is assumed that the organization database 110 stores organization codes assigned to all organizations that constitute a group such as a company. In addition, the organization database 110 stores each member information (for example, employee number) in the organization B where the entrance / exit system 100 is installed.

  Specifically, the organization code management means 103 is realized by a CPU of an information processing apparatus that operates according to a program. The organization code management means 103 has a function of managing the organization code stored in the organization database 110. For example, when a new organization code is given by the third party certification authority 300 and, for example, a new organization code is received from the certification authority server 30, the organization code management means 103 stores the organization database 110 based on the received organization code. Update the organization code to be stored. Further, the organization code management unit 103 has a function of determining whether or not the organization code read from the authentication medium 400 by the authentication medium communication unit 101 is stored in the organization database 110.

  Specifically, the authentication operation execution unit 104 is realized by a CPU of an information processing apparatus that operates according to a program. The authentication operation execution unit 104 has a function of executing user authentication processing based on information read from the authentication medium 400 by the authentication medium communication unit 101.

  Specifically, the authentication operation execution unit 104 determines that the organization code read from the authentication medium 400 by the organization code management unit 103 is not stored in the organization database 110, or fails in authentication from the certification authority server 30. If the authentication result to the effect is received, it is determined that the user authentication is not controlled or the user authentication is failed.

  In addition, when the authentication operation execution unit 104 directly reads unencrypted member information (for example, employee number) from the authentication medium 400, the member information stored in the organization database 110 is stored. The user is authenticated based on the information. In this case, if the member information stored in the organization database 110 matches the read member information, the authentication operation execution unit 104 determines that the user has been successfully authenticated. Otherwise, the authentication operation execution unit 104 determines that the user authentication has failed.

  Further, the authentication operation execution unit 104 authenticates the user himself / herself based on the group authentication authentication result received from the certificate authority server 30. In this case, if the authentication operation execution unit 104 receives an authentication result indicating that the authentication is successful from the certification authority server 30, the authentication operation executing unit 104 determines that the authentication of the user is successful. Further, when receiving an authentication result indicating that the authentication has failed, the authentication operation executing unit 104 determines that the authentication of the user has failed.

  The personnel system 200 is a system installed in an organization such as a company, and is specifically realized by an information processing device such as a personal computer that operates according to a program and a writing device such as an IC card writer. . Although FIG. 1 shows one HR system 200, the entrance / exit authentication system includes a HR system 200 for each organization.

  FIG. 4 is a block diagram illustrating an example of the configuration of the personnel system 200. As shown in FIG. 4, the personnel system 200 includes member information management means 201, key generation means 202, group authentication key registration means 203, secret key registration means 204, and personnel database 210.

  Specifically, the personnel database 210 is realized by a database device such as a magnetic disk device or an optical disk device. The member information management means 201 stores each member information (for example, employee number) in the organization where the personnel database 210 is installed. The personnel database 210 may store a group public key and a secret key generated for each member in the organization in association with the member (for example, member information). Further, the personnel database 210 may store an organization code (for example, an organization code A1) given in advance by the third-party certification authority 300.

  Specifically, the member information management means 201 is realized by a CPU of an information processing apparatus that operates according to a program. The member information management unit 201 has a function of managing member information stored in the personnel database 210. For example, as the number of members in the organization increases or decreases, the member information management unit 201 newly generates or deletes member information according to the operation of the system administrator, and the member information stored in the personnel database 210 is stored. Update.

  Specifically, the key generation unit 202 is realized by a CPU of an information processing apparatus that operates according to a program. The key generation unit 202 generates a unique secret key (for example, secret key Xq) for each member in the organization, and uses a group authentication key (for example, group disclosure) that is commonly used for each member in the organization. A function of generating a key Xp). For example, the key generation unit 202 generates a group public key Xp and a secret key Xq using a public key cryptosystem such as RSA.

  Specifically, the group authentication key registration unit 203 is realized by a CPU and a network interface unit of an information processing apparatus that operates according to a program. The group authentication key registration unit 203 sends the generated group authentication key (for example, the group public key Xp) through the communication network 600 together with the organization code (for example, the organization code A1) given in advance by the third party authentication organization 300. The group authentication key is registered in the third-party certificate authority 300 by being transmitted to the certificate authority server 30.

  Specifically, the secret key registration unit 204 is realized by a CPU of an information processing apparatus that operates according to a program and a writing device such as an IC card writer provided in the personnel system 200. The secret key registration unit 204 has a function of writing the generated secret key (for example, the secret key Xq) in the authentication medium 400 together with the organization code (for example, the organization code A1). The authentication medium 400 in which the secret key and the organization code are written is given to the member X in the organization.

  The certification authority server 30 is a server operated by the third-party certification authority 300, and is specifically realized by an information processing apparatus such as a personal computer that operates according to a program. FIG. 5 is a block diagram illustrating an example of the configuration of the certification authority server 30. As shown in FIG. 5, the certification authority server 30 includes group authentication key management means 301, organization code management means 302, entrance / exit system communication means 303, and group authentication execution means 304.

  Specifically, the group authentication key management unit 301 is realized by a CPU of an information processing apparatus that operates according to a program. The group authentication key management unit 301 has a function of managing the group authentication key received from the personnel system 200 of each organization in association with the organization code. For example, the certification authority server 30 includes a group authentication key database (specifically, realized by a database device such as a magnetic disk device or an optical disk device) that stores a group authentication key in association with an organization code. When the certificate authority server 30 newly receives a group authentication key and an organization code from any one of the personnel systems 200, the certificate authority server 30 updates the group authentication key database based on the received group authentication key and organization code.

  Specifically, the organization code management unit 302 is realized by a CPU of an information processing apparatus that operates according to a program. The organization code management means 302 has a function of generating unique information (organization code) for each organization (authenticated organization). The organization code management means 302 has a function of managing each generated organization code. For example, the certification authority server 30 includes an organization code database (specifically, realized by a database device such as a magnetic disk device or an optical disk device) that stores issued organization codes. When the certification authority server 30 issues a new organization code to any organization, the certification organization server 30 updates the organization code database based on the issued organization code.

  Specifically, the entrance / exit system communication unit 303 is realized by a CPU and a network interface unit of an information processing apparatus that operates according to a program. The entrance / exit system communication means 303 has a function of receiving an organization code and encrypted data (encrypted member information) from the entrance / exit system 100 via the communication network 600. The entrance / exit system communication unit 303 has a function of transmitting the authentication result of the group authentication execution unit 304 to the entrance / exit system 100 via the communication network 600.

  Specifically, the group authentication execution unit 304 is realized by a CPU of an information processing apparatus that operates according to a program. The group authentication execution unit 304 has a function of executing group authentication processing based on the organization code and the encrypted data received from the entrance / exit system 100.

  In the present embodiment, the group authentication execution unit 304 extracts a group authentication key corresponding to the received organization code from the group authentication key database managed by the group authentication key management unit 301. Then, the group authentication execution unit 304 decrypts the received encrypted data using the extracted group authentication key, and restores member information (for example, employee number). If the member information can be restored using the group authentication key, the group authentication execution unit 304 determines that the authentication is successful. If the member information cannot be restored, the group authentication execution unit 304 determines that the authentication has failed.

  The authentication medium 400 is a medium carried by the user (member X in the organization), and is realized by, for example, a non-contact type or contact type IC card equipped with a CPU. FIG. 6 is a block diagram illustrating an example of the configuration of the authentication medium 400. As shown in FIG. 6, the authentication medium 400 includes an authentication information storage unit 401, an entrance / exit system communication unit 402, an entrance / exit system identification unit 403, an authenticator communication unit 404, and an entrance / exit system communication control unit 405.

  Specifically, the authentication information storage unit 401 is realized by a storage unit such as a memory provided in the authentication medium 400. The authentication information storage unit 401 includes the organization code A1 of the organization to which the user belongs, the member information of the user (for example, employee number Xi), the unique secret key, and the entrance / exit system 100 of the organization to which the user belongs. Save the exit system ID.

  Specifically, the entrance / exit system communication unit 402 is realized by a CPU and a communication unit included in the authentication medium 400. The entrance / exit system communication means 402 has a function of receiving an entrance / exit system ID from the entrance / exit system 100 in accordance with, for example, a user's reading operation. The entrance / exit system communication means 402 has a function of transmitting member information, organization code, and encrypted car data to the entrance / exit system 100 in accordance with a user's writing operation.

  Specifically, the entrance / exit system identification unit 403 is realized by a CPU included in the authentication medium 400. The entrance / exit system identification unit 403 has a function of determining whether the entrance / exit system ID received from the entrance / exit system 100 matches the entrance / exit system ID stored in the authentication information storage unit 401.

  Specifically, the authenticator communication unit 404 is realized by a CPU and a communication unit included in the authentication medium 400. The authenticator communication unit 404 has a function of performing communication with the authenticator 500. The authenticator communication unit 404 has a function of receiving identification information (hereinafter also referred to as an authenticator ID) for identifying the authenticator 500 from the authenticator 500.

  Specifically, the entrance / exit system communication control means 405 is realized by a CPU provided in the authentication medium 400. The entrance / exit system communication control means 405 has a function of determining whether or not communication with the authenticator 500 has been detected. Further, for example, the entrance / exit system communication control unit 405 stores the authentication device ID in advance in a storage unit such as a memory included in the authentication medium 400, and the authentication device ID received from the authentication device 500 matches the authentication device ID stored in advance. It is determined whether or not to do.

  Further, the entrance / exit system communication control means 405, when communication with the authenticator 500 cannot be detected, or when the received authenticator ID does not match the pre-stored authenticator ID, the entrance / exit system communication control means. 405 has a function of controlling so as not to perform communication with the entrance / exit system 100.

  The authenticator 500 is a device carried by the user, and is realized by, for example, a handy terminal type IC card reader / writer. FIG. 7 is a block diagram illustrating an example of the configuration of the authenticator 500. As shown in FIG. 7, the authenticator 500 includes an authentication medium communication unit 501.

  Specifically, the authentication medium communication unit 501 is realized by a CPU and a communication unit included in the authentication device 500. The authentication medium communication unit 501 has a function of communicating with the authentication medium 400 according to a user operation. Further, for example, the authentication device 500 stores an authentication device ID in a storage unit such as a memory in advance, and the authentication medium communication unit 501 has a function of transmitting the authentication device ID stored in advance to the authentication medium 400.

  In this embodiment, the authentication medium 400 is an IC card, and the authenticator 500 is a handy terminal type IC card reader / writer. However, the authentication medium 400 and the authenticator 500 are the same as those in the present embodiment. It is not restricted to what was shown with the form of. For example, a mobile terminal such as a mobile phone may be used as the authentication medium 400. In this case, the portable terminal may be provided with an IC card reader / writer or an RFID reader / writer externally or internally, and as the authenticator 500, for example, an IC card or an RFID tag may be used.

  In the present embodiment, the storage device of the information processing apparatus that realizes the entrance / exit system 100 stores various programs for performing personal authentication at the time of entrance / exit. For example, the storage device of the information processing apparatus that realizes the entrance / exit system 100 transfers the identification information transferred from the authentication medium carried by the user to the computer to the certification authority server operated by a predetermined certification authority. Processing and group authentication corresponding to the user identification information is received from the certification authority server, and the user authentication process for authenticating the user based on the received authentication result, and the organization to which the user belongs from the authentication medium Organization identification information reception processing for receiving organization identification information that can identify the organization identification information, and organization identification information determination processing for determining whether the organization identification information received from the authentication medium matches the organization identification information stored in advance. If the user authentication process determines that the information does not match the organization identification information stored in advance, the user authentication is not performed, or the user book Stores entrance and exit authentication program for executing the process of determining that the authentication fails.

  In the present embodiment, the storage device of the certification authority server 30 stores various programs for the certification authority server 30 to perform authentication processing. For example, the storage device of the certification authority server 30 stores the authentication execution process for executing the group authentication process and the authentication result of the executed group authentication process on the computer based on the user authentication information received from the entrance / exit system. An authentication result transmission process to be transmitted to the system and a decryption process to decrypt the encrypted user authentication information received from the entrance / exit system using a predetermined decryption key stored in the decryption key storage means And storing a program for a certification authority for executing a process for determining whether or not the authentication is successful based on whether or not the user authentication information received from the entrance / exit system has been decrypted in the authentication execution process. ing.

  Next, the operation will be described. In the present embodiment, an organization such as a company has signed a contract with a third-party certification body 300 in advance to receive provision of an authentication service. Further, the third-party certification body 300 issues an organization code in advance to each organization in the organization such as a company.

  FIG. 8 is a flowchart showing an example of personal authentication processing performed by the entrance / exit authentication system. First, the key generation unit 202 of the personnel system 200 generates a secret key and a group authentication key for each member in the organization A. The group authentication key registration unit 203 transmits the generated group authentication key to the certification authority server 30 via the communication network 600 and registers it with the third party certification authority 300. Also, the secret key registration unit 204 registers the generated secret key in the authentication medium 400 (Step A1).

  In step A1, the secret key registration unit 204 writes the secret key in the authentication medium 400 using, for example, an IC card reader / writer included in the personnel system 200. The secret key registration unit 204 also includes an entrance / exit system ID that can identify the entrance / exit system 100 corresponding to the organization of the personnel system 200, an organization code A1, and member information (for example, employee number Xi) along with the secret key. Write to the authentication medium 400. Then, the organization A provides the authentication medium 400 and the authentication device 500 to each member.

  When the member X who is a user enters or leaves the organization A to which he or she belongs, or the other organization, he / she carries the authentication medium 400 and the authenticator 500 and enters the entrance / exit system 100 of the organization he / she wants to enter / exit. An authentication operation is performed by approaching the device for exit operation (step A2).

  When performing an authentication operation, the user first performs a communication operation between the authentication medium 400 and the authenticator 500 to confirm that information can be transmitted and received. For example, when the authentication medium 400 is an IC card and the authenticator 500 is a handy terminal type IC card reader / writer, the user inserts the authentication medium 400 into the reading unit of the authenticator 500. In this case, the authenticator communication unit 404 of the authentication medium 400 determines whether or not communication with the authenticator 500 has been detected (step A3). The authenticator communication unit 404 reads the authenticator ID from the authenticator 500, and determines whether or not the authenticator ID received from the authenticator 500 matches the prestored authenticator ID.

  Next, when communication with the authenticator 500 cannot be detected in step A3, or when the received authenticator ID does not match the pre-stored authenticator ID, the entrance / exit system communication control means 405 enters / exits the entrance / exit system. Control is performed not to perform communication with 100 (step B1). That is, in this case, entrance / exit control such as opening the gate by the entrance / exit system 100 is not performed.

  If communication with the authenticator 500 can be detected and the received authenticator ID matches the pre-stored authenticator ID, the authentication medium 400 proceeds to the authentication process after step A4 according to the user's authentication operation. To do.

  The entrance / exit system communication means 402 of the authentication medium 400 communicates with the entrance / exit system 100 according to the user's operation, and receives the entrance / exit system ID from the entrance / exit system 100 (step A4). In this case, for example, when the authentication medium 400 is a contact type IC card, when the user inserts the authentication medium 400 into the reading unit of the entrance / exit system 100, the entrance / exit system communication means 402 starts from the entrance / exit system 100. The entrance / exit system ID is read by wired communication. For example, when the authentication medium 400 is a non-contact type IC card, the entrance / exit system communication unit 402 may read the entrance / exit system ID from the entrance / exit system 100 by wireless communication.

  Next, the entrance / exit system identification unit 403 of the authentication medium 400 determines whether the entrance / exit system ID read from the entrance / exit system 100 matches the entrance / exit system ID stored in the authentication information storage unit 401. .

  If they match, the entrance / exit system communication unit 402 determines that the user is going to enter or leave the organization A to which the user belongs, for example, and the member information (eg, employee number Xi) from the authentication information storage unit 401. ) Is transmitted to the entrance / exit system 100 without encryption. In this case, for example, if the member information stored in the organization database 110 matches the read member information, the entrance / exit system 100 determines that the user has been successfully authenticated. Otherwise, the authentication operation execution unit 104 determines that the user authentication has failed.

  If the entrance / exit system ID does not match, the entrance / exit system communication unit 402 determines that the user is going to enter / exit an organization other than the organization A to which the user belongs, for example. Read out the organization code, secret key and member information. Then, the entrance / exit system communication means 402 encrypts the member information together with the organization code using a secret key, and transmits the encrypted information to the entrance / exit system 100.

  Next, the organization code management means 103 of the entrance / exit system 100 determines whether or not the organization code read from the authentication medium 400 is stored in the organization database 110 (step A5). If it is not stored in the organization database 110, the authentication operation execution means 104 performs control so as not to perform user authentication determination, or determines that user authentication has failed (step B2). The entrance / exit system 100 performs control so as not to perform entrance / exit control such as opening the gate.

  If stored in the organization database 110 in step A5, the certification authority communication means 102 sends the organization code and encrypted data (encrypted member information) read from the authentication medium 400 via the communication network 600. It transmits to the certification authority server 30 of the third party certification authority 300 (step A6).

  Next, the group authentication execution unit 304 of the certification authority server 30 extracts the group authentication key corresponding to the received organization code from the group authentication key database managed by the group authentication key management unit 301. Then, the group authentication execution means 304 decrypts the encrypted data received from the entrance / exit system 100 using the read group authentication key. When the decryption is successful and the member information can be restored, the group authentication execution unit 304 has succeeded in the authentication (that is, it has been confirmed that the user belongs to the organization corresponding to the received organization code). judge. If the member information cannot be restored due to failure in decryption, the group authentication execution unit 304 failed in authentication (that is, could not confirm that the user belongs to the organization corresponding to the received organization code). (Step A7).

  When the authentication is successful, the entrance / exit system communication unit 303 transmits an authentication result indicating that the authentication is successful (authentication is possible) to the entrance / exit system 100 via the communication network 600. Then, the authentication operation execution means 104 of the entrance / exit system 100 determines that the user has been successfully authenticated based on the authentication result received from the certification authority server 30 (step A8). The entrance / exit system 100 performs entrance / exit control such as opening the gate.

  When the authentication fails, the entrance / exit system communication unit 303 transmits an authentication result indicating that the authentication has failed (authentication is impossible) to the entrance / exit system 100 via the communication network 600. Then, the authentication operation executing means 104 of the entrance / exit system 100 determines that the user authentication is not controlled or the user authentication has failed (step B3). The entrance / exit system 100 performs control so as not to perform entrance / exit control such as opening the gate.

  As described above, according to the present embodiment, the authentication organization entrance / exit system 100 makes an authentication request to the certification authority server 30 of the third-party certification authority 300, and uses the organization code without using the user's personal information. And authentication is performed using only identification information such as member information (for example, employee number). Therefore, it is possible to eliminate the need to hold member information on the authenticated organization side on the authenticated organization side. Further, it is possible to perform authentication even if the authentication medium 400 does not directly communicate with the certification authority server 30 of the third party certification authority 300.

  Further, according to the present embodiment, the authentication medium 400 first confirms communication with the authenticator 500 before performing communication with the entrance / exit system 100, and if the communication cannot be detected, the authentication medium 400 uses the entrance / exit system 100. Control not to communicate with. Therefore, it is possible to prevent so-called “spoofing”.

  That is, if the authentication medium 400 can be directly communicated with the entry / exit system 100 only, if the authentication medium 400 is stolen, the authentication operation using the authentication medium 400 can be performed by “spoofing”. There is a risk that. In the present embodiment, since communication with the entrance / exit system 100 is possible after confirming communication with the authenticator 500 in advance, an authentication operation cannot be performed only by possessing the authentication medium 400. , “Spoofing” can be effectively prevented.

  Accordingly, personal authentication can be performed without using personal information, spoofing can be prevented, and entrance / exit can be managed.

  Further, according to the present embodiment, the certification authority server 30 of the third party certification authority 300 authenticates that the user is a member of the organization to be authenticated, so that the user uses one authentication medium 400. The authentication operation can be performed by the entrance / exit system 100 in a plurality of organizations. In addition, according to the present embodiment, since the affiliation to the organization is authenticated based on the encrypted member information, it is not necessary to handle personal information for authentication, and the risk of leakage of personal information is reduced. Can do.

  Further, according to the present embodiment, the entrance / exit system 100 receives an authentication request from the authentication medium 400, and the entrance / exit system 100 communicates with the certification authority server 30 of the third-party certification authority 300 for authentication. Do. Therefore, it is possible to eliminate the need for the authentication medium 400 to directly communicate with the certification authority server 30 of the third party certification authority 300.

  Further, according to the present embodiment, the authentication organization entrance / exit system 100 only needs to manage the organization code given from the third-party authentication organization 300, and it is necessary to manage the member information of the authenticated organization. Absent. Further, the personnel system 200 of the authenticated organization does not need to directly communicate with the entrance / exit system 100 of the authenticated organization. Therefore, it is possible to easily increase or decrease the organization to be authenticated.

  INDUSTRIAL APPLICABILITY The present invention can be applied to an application for performing authentication when entering or leaving a building managed by an organization such as a company or entering or leaving a specific room or facility. In addition, the present invention relates to the use of an entry / exit system in which a tenant company occupying a building in a building in which a plurality of companies are occupying, or for employees of a specific company in a commercial facility. It can be applied to use for entrance / exit authentication.

It is explanatory drawing which shows the application concept of the entrance / exit authentication system by this invention. It is a block diagram which shows an example of a structure of the entrance / exit authentication system by this invention. It is a block diagram which shows an example of a structure of an entrance / exit system. It is a block diagram which shows an example of a structure of a personnel system. It is a block diagram which shows an example of a structure of a certification authority server. It is a block diagram which shows an example of a structure of an authentication medium. It is a block diagram which shows an example of a structure of an authentication device. It is a flowchart which shows an example of the process of the personal authentication which an entrance / exit authentication system performs. It is a block diagram which shows an example of a structure of an entrance / exit authentication system.

Explanation of symbols

30 certification authority server 100 entrance / exit system 101 authentication medium communication means 102 authentication agency communication means 103 organization code management means 104 authentication operation execution means 110 organization database 200 personnel system 201 member information management means 202 key generation means 203 group authentication key registration means 204 Private key registration means 210 Personnel database 300 Third party authentication organization 301 Group authentication key management means 302 Organization code management means 303 Entrance / exit system communication means 304 Group authentication execution means 400 Authentication medium 401 Authentication information storage means 402 Entrance / exit system communication means 403 Entrance / exit system identification unit 404 Authentication unit communication unit 405 Entrance / exit system communication control unit 500 Authentication unit 501 Authentication medium communication unit 600 Communication network

Claims (11)

An authentication medium carried by the user;
And an entrance / exit system for managing entrance / exit,
The authentication medium is
Communication detection means for detecting communication with a predetermined authenticator;
Identification information transmission means for transmitting user identification information capable of identifying a user to the entrance / exit system based on the fact that the communication detection means detects communication with the predetermined authenticator,
The entrance / exit system is:
Identification information transfer means for transmitting user identification information received from the authentication medium to a certification authority server operated by a predetermined certification authority;
An entrance / exit authentication system comprising: an authentication result of group authentication corresponding to the user identification information received from the certification authority server; and user authentication means for authenticating a user based on the received authentication result. . The certificate authority server
Authentication execution means for executing group authentication processing based on user authentication information received from the entrance / exit system;
The entrance / exit authentication system according to claim 1, further comprising authentication result transmission means for transmitting an authentication result of group authentication by the authentication execution means to the entrance / exit system.   3. The authentication medium according to claim 1 or 2, wherein the authentication medium includes communication control means for performing control so that communication with the entrance / exit system is not performed when the communication detecting means cannot detect communication with a predetermined authenticator. Entrance / exit authentication system. The authentication medium is
Authentication information storage means for storing user authentication information and a predetermined encryption key;
Encryption means for encrypting the user authentication information using the predetermined encryption key stored in the authentication information storage means,
The authentication information transmitting means transmits the user authentication information encrypted by the encryption means to the entrance / exit system,
The certificate authority server
Decryption key storage means for storing a predetermined decryption key;
Decryption means for decrypting the encrypted user authentication information received from the entrance / exit system using the predetermined decryption key stored in the decryption key storage means,
The authentication execution means determines whether or not the authentication is successful based on whether or not the decryption means can decrypt the user authentication information received from the entrance / exit system. The entrance / exit authentication system according to any one of the above. The authentication medium is
Organization identification information storage means for storing organization identification information capable of identifying the organization to which the user belongs;
Organization identification information transmitting means for transmitting the organization identification information stored in the authentication information storage means to the entrance / exit system based on detection of communication with the predetermined authenticator by the communication detection means,
The entrance / exit system includes organization identification information determination means for determining whether or not the organization identification information received from the authentication medium matches the organization identification information stored in advance,
5. The user authentication unit, when determining that the organization identification information determination unit does not match the organization identification information stored in advance, determines that the user authentication is not performed or that the user authentication has failed. Exit authentication system. Identification information transfer means for transmitting user identification information received from an authentication medium carried by the user to a certification authority server operated by a predetermined certification authority;
User authentication means for receiving an authentication result of group authentication corresponding to the user identification information from the certificate authority server, and performing user authentication based on the received authentication result;
Organization identification information receiving means for receiving organization identification information capable of identifying the organization to which the user belongs from the authentication medium;
Including tissue identification information determination means for determining whether or not the tissue identification information received by the organization identification information receiving means matches the organization identification information stored in advance.
If it is determined that the organization identification information determination unit does not match the organization identification information stored in advance, the user authentication unit determines that the user authentication is not performed or that the user authentication has failed. Entrance / exit system. A certification authority server operated by a predetermined certification authority,
Authentication execution means for executing group authentication processing based on user authentication information received from the entrance / exit system;
An authentication result transmitting means for transmitting an authentication result of group authentication by the authentication executing means to the entrance / exit system;
Decryption key storage means for storing a predetermined decryption key;
Decryption means for decrypting the encrypted user authentication information received from the entrance / exit system using the predetermined decryption key stored in the decryption key storage means,
The authentication execution server determines whether or not the authentication has succeeded based on whether or not the decryption unit has successfully decrypted the user authentication information received from the entrance / exit system. . User authentication information capable of identifying a user, and authentication information storage means for storing a predetermined encryption key;
Communication detection means for detecting communication with a predetermined authenticator;
Encryption means for encrypting the user authentication information using the predetermined encryption key stored in the authentication information storage means;
An identification information transmitting means for transmitting the user identification information encrypted by the encryption means to the entrance / exit system based on the fact that the communication detecting means has detected communication with the predetermined authenticator. An authentication medium characterized by An authentication medium carried by the user detecting communication with a predetermined authenticator;
Transmitting user identification information capable of identifying a user to an entrance / exit system for managing entrance / exit based on the fact that the authentication medium has detected communication with the predetermined authenticator;
The entrance / exit system transmits the user identification information received from the authentication medium to a certification authority server operated by a predetermined certification authority,
The entrance / exit system includes a step of receiving an authentication result of group authentication corresponding to the user identification information from the certification authority server, and performing user authentication based on the received authentication result. Entrance / exit authentication method. An entrance / exit authentication program for authenticating the person at the time of entry / exit,
On the computer,
Identification information transfer processing for transmitting user identification information received from an authentication medium carried by the user to a certification authority server operated by a predetermined certification authority;
A user authentication process that receives an authentication result of group authentication corresponding to the user identification information from the certificate authority server, and performs user authentication based on the received authentication result;
Organization identification information reception processing for receiving organization identification information that can identify the organization to which the user belongs, from the authentication medium;
Organization identification information determination processing for determining whether or not the tissue identification information received from the authentication medium matches the organization identification information stored in advance,
An entry / exit authentication program for executing a process of determining that the user authentication is not performed or that the user authentication is failed when it is determined in the user authentication process that the information does not match the organization identification information stored in advance. A certification body program for performing certification processing by a certification body server operated by a predetermined certification body,
In a computer provided with a decryption key storage means for storing a predetermined decryption key,
Based on user authentication information received from the entrance / exit system, authentication execution processing for executing group authentication processing;
An authentication result transmission process for transmitting the authentication result of the group authentication of the executed authentication process to the entrance / exit system;
A decryption process for decrypting the encrypted user authentication information received from the entrance / exit system using the predetermined decryption key stored in the decryption key storage unit;
A program for a certification authority for executing a process of determining whether or not the authentication is successful based on whether or not the user authentication information received from the entrance / exit system has been successfully decrypted in the authentication execution process.

Images