JP2008282299A - Entrance and exit control system, information terminal, and authentication information communication method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve a problem that carry-in/carry-out of confidential information or the like cannot be controlled by control of only a user, in a conventional entrance and exit control function by a cellular phone using a key device. <P>SOLUTION: This entrance and exit control system or the like is provided with a subject key communication part 13 for receiving identification information from the key device by a radio wave, and for executing an authentication by comparing it with identification information in a subject key ID storage part 11, a control object key communication part 14 for receiving identification information from the key device by a radio wave, and for executing an authentication by comparing it with identification information in a control object key ID storage part 12, and an electric lock communication part for transmitting authentication results obtained by the subject key communication part 13 and the control object key communication part 14, to an electric lock. The entrance and exit control system or the like can thereby control not only the entrance and exit control of the user but also the carry-in and carry-out of a control object such as a personal computer and a paper file with the confidential information. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an entrance / exit management system, an information terminal, an authentication information communication method, and a program for unlocking / locking an electric lock using an information terminal such as a mobile phone.

  Conventional entry / exit management systems include (1) a method of inputting a personal identification number using a numeric keypad, and (2) a method of causing a card reader to read personal identification information (user ID) stored in a card. In particular, (2) includes a contact type using a magnetic card and a non-contact type using radio. However, in (1), the user needs to memorize a personal identification number, and the personal identification number needs to be changed periodically. Further, (2) has a risk of unauthorized use when a card is skimmed, lost or stolen.

  In order to solve these problems and improve user convenience, a system for managing entrance / exit using a mobile phone has been proposed. For example, it is a structure like patent document 1 or patent document 2. FIG. 10 shows a schematic configuration of these systems.

  The system shown in FIG. 10 includes an electric lock 101 that opens and closes a door, a control unit 102 that controls the electric lock 101 by wireless communication with a mobile phone 103, and a central control device 104 that manages ID information such as a user ID. Consists of.

The mobile phone 103 receives information for identifying the door (electric lock) from the control unit 102 by wireless communication, and sends its own user ID (for example, a telephone number) and the received information to the central control device 104. The central control device 104 performs an authentication process from the received information and pre-registered information, determines whether or not to unlock the electric lock 101 of the door, and returns the result to the mobile phone 103. The mobile phone 103 wirelessly transmits the returned information to the control unit 102 and controls the electric lock 101.
JP 2002-161656 A JP-A-9-88391

  However, in the above-described conventional configuration, authentication communication is performed only between the mobile phone 103 and the control unit 102 of the electric lock 101. Therefore, even if the user can enter and exit the room, the accompanying management target can be taken out. There was a problem that it was not possible. The management object here refers to an object for which entry / exit (carrying out / carrying in) is to be managed, such as a personal computer or paper file (document) containing confidential information.

  In order to solve the above-described conventional problems, in the present invention, a key device that wirelessly transmits identification information at predetermined time intervals, a personal key device that is any one of the key devices, and a personal key device An information terminal that receives identification information wirelessly transmitted from a managed object key device that is at least one key device other than the above, performs authentication processing, and wirelessly transmits the authentication result to the electric lock; Therefore, an electric lock for unlocking or locking the door is provided. The user has a personal key device and attaches the key device for management object to the management target object such as a personal computer or document containing confidential information, so that both the user and the management target object can be entered / exited in the electric lock. Can manage.

  By using the entrance / exit management system, information terminal, authentication information communication method and program of the present invention, the following effects are produced.

  (1) To perform authentication communication between an information terminal such as a mobile phone and a key device for a managed object, and send the result to an electric lock, the managed object such as a personal computer or paper file containing confidential information Unauthorized take-out and carry-in can be prohibited at the same level as user entry / exit management.

  (2) In order to perform authentication communication between an information terminal such as a mobile phone and a personal key device possessed by the user, and send the authentication result to the electric lock, for example, even for a management object permitted to be taken out, It is possible to prohibit take-out by unregistered users.

  Also, unlike the conventional example, the authentication process is performed on the information terminal, so that the process with the electric lock is simplified, and the function of the information terminal is restricted when the authentication communication between the personal key device and the information terminal fails. Additional services such as performing can also be realized.

  According to a first aspect of the present invention, there is provided an information terminal, a personal key device that performs authentication processing by wireless communication with the information terminal, a key device for management object that performs authentication processing by wireless communication with the information terminal, and unlocking the door. Alternatively, the information terminal includes an electric lock for locking, and when the information terminal receives a specific signal from the electric lock, a signal indicating an authentication result of the key device for the person and the key device for the management target is sent to the electric lock. This is an entry / exit management system for transmission.

  With this configuration, by attaching the key device for management object to the management object such as a personal computer or a document containing confidential information, it is possible to realize management of bringing in / out of the management object as well as user entry / exit management. .

  According to a second invention, in the first invention, wireless communication for performing authentication processing between the information terminal and the key device for personal use, and wireless for performing authentication processing between the information terminal and the key device for management object The frequency or signal transmission interval used in communication is set to a different value.

  Thereby, in the wireless reception processing at the information terminal, it is possible to easily discriminate between the wireless communication from the personal key device and the wireless communication from the management target key device, and the configuration can be simplified.

  According to a third aspect of the present invention, there is provided a personal key ID storage unit that stores identification information of a personal key device, a management object key ID storage unit that stores identification information of a management target key device, and the personal key. The identification information transmitted from the device and the identification information stored in the key ID storage unit for personal use are compared with the identification key stored in the personal key communication unit for authentication processing, and the identification information transmitted from the managed object key device The information is transmitted from the management object key communication unit that performs authentication processing by comparing the identification information stored in the management object key ID storage unit and the electric lock that unlocks or locks the door. It is an information terminal provided with the electric lock communication part which transmits the authentication result by the said key communication part for principals, and the said key communication part for managed objects with respect to the said electric lock when a specific signal is received.

  In the information terminal, by separating the part that communicates with the personal key device and the part that communicates with the managed object key device, the communication timing and communication procedure of both can be set independently.

In a fourth aspect based on the third aspect, the personal key communication unit performs authentication processing with the personal key device at a predetermined time interval, and the managed object key communication unit transmits a specific signal transmitted from the electric lock. Is received, the authentication process is performed with the key device for management object.

  According to this, by making the communication between the personal key device and the information terminal synchronous, the reception waiting time at the information terminal can be shortened, and the power consumption can be reduced at the information terminal. Further, since the authentication is always performed, it is possible to realize an additional service that restricts the function of the information terminal when the authentication with the personal key device fails.

  In a fifth aspect based on the third aspect, the personal key communication unit and the managed object key communication unit each perform an authentication process when receiving a specific signal transmitted from the electric lock. According to this, there is an advantage that authentication processing can be simplified by not using synchronous communication.

  According to a sixth invention, in any one of the third to fifth inventions, the management object key communication unit includes an authentication history storage unit that stores that the authentication process has failed. When the specific signal transmitted from the lock is received, the authentication history stored in the authentication history storage unit together with the authentication result by the key communication unit for the person and the key communication unit for the management object with respect to the electric lock Information indicating failure has been transmitted.

  Thereby, not only when the authentication result request is received from the electric lock, the information terminal 1 can always authenticate with the key device for management object. It is possible to manage the entry / exit of unauthorized users by recording unauthorized access to the management object (history of authentication failure) in the authentication history storage unit and transmitting this information to the electric lock.

  The seventh invention includes a step of performing authentication processing by comparing identification information transmitted from the personal key device with identification information associated with the personal key device stored in advance, and a management object Comparing the identification information transmitted from the key device with the identification information associated with the key device for management object stored in advance, and performing the unlocking process or unlocking the door Receiving a specific signal transmitted from the electric lock; and when receiving the specific signal transmitted from the electric lock, the personal key device and the management object key device for the electric lock; An authentication information communication method comprising a step of transmitting an authentication result by an authentication process performed between the two. By this method, an authentication result for a management object such as a personal computer or a document containing secret information can be transmitted to the electric lock in the same manner as the authentication result for the user.

  An eighth invention is a program for causing a computer to realize the information terminal according to the third to sixth inventions. Since it is a program, some or all of the functions of the present invention can be easily realized by using hardware resources such as electric / information equipment and a computer in cooperation. Also, program distribution and installation can be simplified by recording on a recording medium or distributing a program using a communication line.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. Note that the present invention is not limited to the present embodiment.

(Embodiment 1)
FIG. 1 is a diagram showing an outline of a system configuration according to Embodiment 1 of the present invention. The present invention is roughly composed of an information terminal 1, a key device (personal key device 2, managed object key device 3), and an electric lock 4.

The information terminal 1 is assumed to be a mobile phone, but may be a smartphone, a PDA, a portable personal computer, or the like. The information terminal 1 performs an authentication process by wireless communication with the personal key device 2 and the management object key device 3, and transmits an authentication result to the electric lock 4. The personal key device 2 is a wireless tag device owned by the user of the information terminal 1 and wirelessly transmits identification information (ID) to the information terminal 1 at a predetermined interval. The managed object key device 3 is a wireless tag to be attached to the managed object, and wirelessly transmits identification information (ID) to the information terminal 1 at a predetermined interval in the same manner as the personal key device 2. The management target is a personal computer or paper file / document containing confidential information, and indicates a target to be taken out / taken in with an electric lock. The personal key device 2 and the management target key device 3 are wireless tags that transmit identification information, and are key devices having the same hardware configuration. However, in this embodiment, it is assumed that the frequency (channel) used for communication and the communication interval are set to different values. By changing the frequency and communication interval, the processing of each unit can be simplified. The identification information (ID) is ID information for uniquely identifying the key device. The electric lock 4 is a device that is installed in a door or gate of a house, office, factory, or the like, and unlocks and locks the key with an electric signal.

  FIG. 2 is a diagram showing the configuration of the information terminal 1 in detail. The information terminal 1 is assumed to be a mobile terminal such as a mobile phone, but includes the configurations 11 to 17 shown in FIG. 2 in addition to basic functions such as calling and mail. This will be described in order below.

  (1) A personal key ID storage unit 11 that stores identification information of a key device registered as the personal key device 2. Only one piece of identification information can be registered in the personal key ID storage unit 11. The identification information here is a unique ID (code) for uniquely identifying the personal key device 2.

  (2) A management object key ID storage unit 12 that stores identification information (ID) of the key apparatus 2 registered as the management object key apparatus 3. Here, the IDs of a plurality of key devices other than the personal key device 2 can be stored.

  (3) The key device 2 having the ID stored in the personal key ID storage unit 11 and the personal key communication unit 13 that performs authentication processing by wireless communication (wireless synchronous communication) in which the timing of transmission and reception is synchronized. Since the personal key communication unit 13 needs to accurately match the communication timing between the transmission side and the reception side, the process of correcting the communication timing of the information terminal 1 in accordance with the communication timing of the personal key device 2 (synchronization) Correction).

  (4) The management object key communication unit 14 that performs authentication processing by asynchronous wireless communication with respect to the key device having the ID stored in the management object key ID storage unit 12.

  (5) The electric lock communication unit 15 that wirelessly transmits the result of the authentication process performed by the person key communication unit 13 and the management object key communication unit 14 to the electric lock 4.

  (6) The terminal-side wireless communication unit 15 that performs wireless communication with the key device 2 for the person, the key device 3 for the management target, and the electric lock 4 that are key devices. In this embodiment, communication is performed by specific low-power radio. However, other radio such as radio using a weak radio wave or a wireless LAN may be used. The terminal-side wireless communication unit 15 is an electronic circuit that transmits and receives a wireless signal. The terminal-side wireless communication unit 15 transmits a message input from another functional block in the information terminal 1 to the key device or the electric lock 4 as a wireless signal. And a function of receiving a radio signal from the electric lock 4 and outputting it to other functional blocks.

  (7) A user interface unit 17 that receives input from the user and stores identification information in the personal key ID storage unit 11 and the management object key ID storage unit 12. The user interface unit 17 includes a push button (including a keyboard and a numeric keypad) that receives input from the user, a display device (liquid crystal display, LED, and the like) that performs display to the user, and a control device therefor.

  An example of the operation of the system configured as described above will be described with reference to FIGS.

  FIG. 3 is a flowchart showing an unlocking process procedure of the electric lock 4 in the present embodiment. First, before entering the operation of the flowchart of FIG. 3, it is necessary to carry out the following contents as pre-processing.

  (A) Personal key ID setting: It is necessary to input only one identification information of the personal key device 2 using the user interface unit 10 and store it in the personal key ID storage unit 11.

  (B) Key ID setting for management object: It is necessary to input using the user interface unit 10 and register the identification information in the key ID storage unit 12 for management object similarly to the key ID for the person. However, there is only one personal key ID, but a plurality of management object key IDs are registered as necessary.

  After the above setting, the authentication process is performed according to the procedure shown in FIG. Hereinafter, it demonstrates in order for every step.

  (Step A1) The personal key communication unit 13 in the information terminal 1 performs an authentication process with the personal key device 2 by wireless synchronous communication. As shown in FIG. 4, the wireless synchronous communication means a method in which the timing of wireless transmission and wireless reception is matched at a preset time interval (T1). By performing synchronous communication, authentication processing can be performed periodically. Further, the reception waiting time on the information terminal 1 side can be shortened, and the power consumption of the information terminal 1 can be reduced (in FIG. 4, the reception waiting period is indicated by a black rectangle).

  Note that immediately after the start of the activation of the information terminal 1 or the personal key device 2, the communication timings of the two are not synchronized, so a process of synchronizing timing (synchronization correction) is performed on the information terminal 1 side. The personal key device 2 always transmits a telegram repeatedly at a predetermined time interval (T1) (the radio telegram includes identification information unique to the personal key device 2). When the synchronous communication is not established, the personal key communication unit 13 of the information terminal 1 always waits for continuous reception and has a wireless telegram having an ID stored in the personal key ID storage unit 11 (that is, The wireless message transmitted from the personal key device 2) is received twice or more, the reception interval (T1) is measured, the next reception is waited at the time interval, and the process shifts to synchronous communication.

  The authentication process may be performed only by confirming that the identification information included in the wireless message received by the personal key communication unit 13 matches the identification information stored in the personal key ID storage unit 11. An authentication method may be used. If the authentication based on the identification information is successful and the electrolytic strength value at the time of reception of the wireless message is greater than or equal to a predetermined value, it is assumed that the authentication is successful. If the identification information does not match, the electrolytic strength is less than a predetermined value, or if a message from the personal key device cannot be received within the reception waiting time, it is considered that the authentication has failed. In this case, it is determined that the personal key device 2 is separated from the information terminal 1 by a predetermined distance or more. When the authentication process is successful, the personal key communication unit 13 returns a response to the personal key device 2 as shown in FIG. When the authentication here fails, the personal key communication unit 13 may determine that the information terminal 1 is separated from the personal key device 2 and stop the function of the information terminal 1. In this case, unauthorized use due to theft of the information terminal 1 and unauthorized entry / exit can be prevented.

  (Step A2) The electric lock communication unit 15 in the information terminal 1 waits for reception of an authentication result request from the electric lock 4. (In FIG. 4, the reception waiting period from the electric lock 4 is indicated by a white rectangle).

  When detecting the unlock request from the user, the electric lock 4 transmits an authentication result request message to the information terminal 1 by radio. As an unlock request from the user, for example, when the user presses the “open” button of the electric lock 4 on the door or when the user stands immediately in front of the door, the sensor of the electric lock 4 (infrared sensor, weight sensor, etc.) For example, when a user is detected. These unlocking requests have different configurations depending on the location and application of the door.

  As shown in FIG. 4, the reception waiting from the electric lock 4 is not continuous but intermittent. Therefore, in order to reliably receive the information terminal 1, the authentication result request message to be transmitted repeats the transmission contents. It is necessary to make the message length longer than the interval T1 by waiting for the message length.

  (Step A3) The information terminal 1 branches the processing depending on whether or not the authentication result request is received from the electric lock 4 in the reception waiting performed in Step A2. If the information terminal 1 receives the authentication result request, the process proceeds to step A4. If not received, the process returns to step A1, and the synchronous communication process with the personal key device 2 and the reception waiting process from the electric lock 4 are repeated.

  (Step A <b> 4) Upon receiving the authentication result request from the electric lock 4, the electric lock communication unit 15 activates the managed object key communication unit 14 and waits for reception of identification information from the managed object key device 3. I do. The managed object key device 3 transmits the identification information at a predetermined time interval as shown in FIG. Therefore, the management object key communication unit 14 can receive all the identification information from the plurality of management object key devices 3 held by the user by waiting for reception longer than the transmission interval. This communication is asynchronous communication in which the transmission timing from the key device and the reception timing from the information terminal 1 are not synchronized, unlike the synchronous communication in Step A1 described above.

  The managed object key communication unit 14 performs an authentication process on each received identification information. Specifically, the measurement of the electric field strength value at the time of receiving the identification information and whether or not the received identification information matches the identification information in the key ID storage unit 12 for management object are examined. If the field strength value at the time of reception is equal to or greater than a predetermined value and all the received identification information exists in the management object key ID storage unit 12, it is determined that the authentication has been successful.

  (Step A5) The electric lock communication unit 15 notifies the electric lock 4 of the result of the authentication processing performed in step A1 and step A4. Specifically, (1) the authentication result of the personal key communication unit 13 (flag information indicating whether the authentication process was successful in the synchronous communication immediately before receiving the authentication result request from the electric lock 4) and (2) the management target The authentication result of the object key communication unit 14 (flag information indicating whether or not the authentication is successful in the management object key communication unit 14) is transmitted to the electric lock 4.

  (Step A6) In the electric lock 4, the door is unlocked or locked based on the authentication result notification transmitted from the electric lock communication unit 15 in the information terminal 1.

  Specifically, the electric lock 4 unlocks the door when authentication of both the person key communication unit 13 and the managed object key communication unit 14 is successful, and locks the other.

  Only the user who correctly holds the personal key device 2 and the management object key device 3 registered in the information terminal 1 can enter and leave the room by the operations of the above steps A1 to A6. For example, even if an unauthorized user steals confidential material with the information terminal 1 and the key device for management object 3 and tries to leave the room, the user cannot leave the room unless he / she has the personal key device 2. Further, even if an attempt is made to take out a managed object with the managed object key device 3 that is not registered in the information terminal 1, it is not unlocked. As described above, by using the present invention, management / take-out management of an object to be managed can be performed in the same manner as user entry / exit management.

  In addition, as described above, in the present invention, authentication is not performed between “electric lock 4 to key device”, but authentication is performed between “information terminal 1 to key device”, and information terminal 1 receives the authentication result. Is transmitted to the electric lock 4. Therefore, the information terminal 1 is the center of authentication processing. For example, when the information terminal 1 (such as a mobile phone) can access a public line such as the Internet, the information terminal 1 communicates with the electric lock 4 using its download function. The message format and communication procedure can be changed each time. Further, instead of inputting the personal key ID and the management object key ID on the user interface unit 17, it is also possible to obtain them by a download function. Accordingly, it is possible to improve the security of authentication communication and the convenience for the user.

  In the present embodiment, since the information terminal 1 periodically performs authentication communication with the personal key device 2, when the authentication with the personal key device 2 fails, the function restriction of the information terminal 1 is performed. Additional services such as This is a case where the information terminal 1 has been stolen. In this case, the unauthorized use of the information terminal 1 can be prevented by stopping the functions of the information terminal 1, such as a call, mail, and a payment function. . In addition, the personal key device 2 has a notification function (buzzer, LED, etc.), and the authentication communication with the information terminal 1 has failed by notifying the user when authentication fails (the personal key that the information terminal 1 possesses by the user). The user can know that he / she has left the device 2.

  Similar to the personal key device 2, the authentication communication may be periodically performed on the management target key device 3. In this case, since the information terminal 1 periodically performs authentication communication with the managed object key device 3 regardless of the electric lock 4, for example, a personal computer or a paper file with the managed object key device 3 is stolen. When the user is away from the user (more precisely, the information terminal 1 possessed by the user) due to misplacement or the like, the information terminal 1 can notify the user that the authentication communication has failed. Thereby, the information terminal 1 can notify the user of the theft or misplacement of the management target.

  In the above-described embodiment, the communication between the personal key communication unit 13 and the personal key device 2 in the information terminal 1 uses synchronous communication. As with the managed object key device 3, asynchronous communication is performed. But it ’s okay. A flowchart showing the operation in this case and a communication procedure are shown in FIGS. 5 and 6, respectively. The flowchart of FIG. 5 is the same as the flowchart of FIG. 3 except that Step A1 is deleted and Step B1 is newly added after Step A3. As shown in FIG. 5, the information terminal 1 is waiting to receive an authentication result request from the electric lock 4 in a normal state (step A2 and step A3). When the authentication result request is received, the process proceeds from step A3 to step B1, and the electric lock communication unit 15 activates the personal key communication unit 13 and waits for reception of the identification signal from the personal key device 2. After receiving the identification signal, authentication processing is performed, and the process proceeds to step A4. The authentication process is the same as step A1 described above, and it is determined that the authentication is successful when the field strength value at the time of reception is equal to or greater than a predetermined value and the received identification information is included in the personal key ID storage unit 11. In this method, since the personal key communication unit 13 does not perform synchronous communication, there is an advantage that processing such as synchronization correction is unnecessary, and the processing of the personal key communication unit 13 is simplified, but it is not synchronous communication. Therefore, as shown in FIG. 6, there is a demerit that the period of waiting for reception becomes longer and the power consumption becomes larger.

(Embodiment 2)
FIG. 7 is a diagram showing the configuration of the information terminal 1 according to Embodiment 2 of the present invention. The second embodiment is a system that manages authentication history by periodically performing authentication communication with the key device 3 for management object, not only when the information terminal 1 unlocks the electric lock 4.

The configuration of FIG. 7 is different from the configuration diagram of the information terminal 1 in the first embodiment (FIG. 2) in that an authentication history storage unit 21 is added. (In addition, the same number is given to the component which has the same function as Embodiment 1, and description is abbreviate | omitted.) In the authentication log | history memory | storage part 21, it is by the authentication process in the key communication part 14 for managed objects. The identification information of the key device 3 for management object for which the authentication has failed and the field strength value of the wireless communication when the authentication has failed are recorded and transmitted to the electric lock 4.

  In the configuration of the first embodiment, the management target object key device 3 is pasted on the management target object such as a personal computer or paper file containing secret information. For example, the user tries to take the management target object illegally. In this case, it is conceivable to peel (or destroy) the management target key device 3 from the management target.

  In this case, since the identification signal is not transmitted wirelessly from the managed object, the information terminal 1 cannot receive the identification signal from the managed object when an authentication result request is issued by the electric lock 4. Therefore, even if the user illegally possesses a management object that is not registered in the information terminal 1, the user correctly has the registered personal key device 2 and the registered management object key device 3. If so, the electric lock 4 is unlocked, and the user can take out the management object that cannot be taken out originally.

  In the present embodiment, in order to deal with this unauthorized take-out, the information terminal 1 receives the identification information from the managed object key device 3 at predetermined time intervals, and the authentication history storage unit 21 identifies that the authentication has failed. Record the information and the field strength value in that communication. Thereby, not only when the authentication result request is issued from the electric lock 4, but also the authentication with the management target object key device 3 can be performed periodically, and the user having the information terminal 1 can take out of himself / herself. In the case of contact with a management object that cannot be managed, the state is recorded in the certificate history storage unit 21 as an authentication failure history (for example, when the management target key device 3 is peeled off from the management object that cannot be taken out). In addition, when destroying the managed object key device 3, the user needs to approach the managed object key device 3 once.In the present embodiment, this unauthorized access is stored in the authentication history storage unit 21. Record). In the electric lock 4, the information in the authentication history storage unit 21 can be acquired to restrict entry / exit to a user who has illegally accessed the management target.

  An example of the operation of this system configured as shown in FIG. 7 will be described with reference to FIGS. FIG. 7 is a flowchart showing the operation of the second embodiment. This flowchart and the flowchart of the first embodiment (FIG. 3) are the same except for step A2 and step A5. Only the different parts will be described here.

  (Step A2 ′) In Step A2 (FIG. 3) of the first embodiment, the information terminal 1 waits for reception of an authentication result request from the electric lock 4, but in Step A2 ′ (FIG. 7) of the second embodiment. ), In addition to this, an authentication process by asynchronous communication is performed between the managed object key communication unit 12 and the managed object key device 3 in the information terminal 1, and the managed object key device 3 in which the authentication has failed. , The date and time when the identification information was received, and the electric field strength value are recorded in the authentication history storage unit 21. FIG. 9 shows this communication procedure. It can be seen that the communication with the management object key device 3 is added after the synchronous communication with the personal key device 2 and is performed periodically.

  (Step A5 ') In Step A5 (FIG. 3) of the first embodiment, the electric lock communication unit 15 transmits the result of the authentication processing performed in Step A1 and Step A4 to the electric lock 4. In step A5 ′ (FIG. 7) of the second embodiment, in addition to this, the authentication history storage unit 21 transmits the identification information, date / time, and electric field strength at the time of authentication failure recorded in step A2 ′ to the electric lock 4. Perform the process.

In the electric lock 4, from the received history information, when there is a managed object key device 3 that has failed authentication within a preset period, and the electric field strength value at the time of the failure is a predetermined value or more (that is, information When the terminal 1 is very close to the management object for which the authentication has failed, the unlocking is not performed even if the authentication results obtained in step A1 and step A4 are successful.

  By the operations in steps A2 ′ and A5 ′, the access history of the user having the information terminal 1 to the management target can be recorded, and this information restricts the entry / exit of the user who has illegally accessed the management target. can do.

  In the present embodiment, the process of transmitting the identification information at the time of authentication failure, the date and time, and the electric field strength to the electric lock 4 is performed in step A5 ′, but the electric lock communication unit 15 performs the authentication history storage unit 21. From this information, it is searched whether or not there is a key device 3 for management object having an authentication failure within a predetermined period and the electric field strength value is equal to or greater than a predetermined value, and information on the result (whether or not exists) is obtained. You may transmit to the electric lock 4. In this case, processing with the electric lock 4 is simplified.

  Further, in the present embodiment, when authentication communication between the managed object key device 3 and the information terminal 1 fails, the information terminal 1 may notify the user. Since the information terminal 1 and the managed object key device 3 periodically perform authentication communication, the managed object key device 3 is connected to the user (accurately, for example, when a personal computer or paper file is stolen or misplaced). If the user is away from the information terminal 1) of the user, the information terminal 1 can notify the user that the authentication communication has failed. Thereby, the information terminal 1 can notify the user of the theft or misplacement of the management target.

  As described above, the entrance / exit management system, information terminal, authentication information communication method, and program according to the present invention use not only a user's entrance / exit but also a personal computer containing confidential information using an information terminal such as a mobile phone. It is also possible to manage bring-in / take-out of management objects such as documents. This can be applied not only to the office door described in the embodiment, but also to the doors and gates of factories and stores, safes, server racks, and automobile doors.

The figure which shows the whole structure of Embodiment 1 of this invention. Configuration diagram of information terminal 1 in Embodiment 1 of the present invention The flowchart which shows operation | movement of Embodiment 1 of this invention. Explanatory drawing of the communication procedure of Embodiment 1 of this invention The flowchart which shows the asynchronous communication operation | movement of Embodiment 1 of this invention. Explanatory drawing of the asynchronous communication procedure of Embodiment 1 of the present invention Configuration diagram of information terminal 1 according to Embodiment 2 of the present invention The flowchart which shows operation | movement of Embodiment 2 of this invention. Explanatory drawing of the communication procedure of Embodiment 2 of this invention Diagram showing conventional configuration

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information terminal 2 Key apparatus for 3 persons Key apparatus for management objects 4 Electric lock 11 Key ID memory | storage part for 12 persons Key ID storage part for management objects 13 Key communication part for persons 14 Key communication part for management objects 15 Electricity Lock communication unit 16 Terminal side wireless communication unit 17 User interface unit 21 Authentication history storage unit

Claims (8)

An information terminal,
A personal key device for performing an authentication process by wireless communication with the information terminal;
A key device for a management object that performs authentication processing by wireless communication with the information terminal;
With an electric lock that unlocks or locks the door,
When the information terminal receives a specific signal from the electric lock, the entry / exit management system transmits a signal indicating an authentication result of the key device for the principal and the key device for management object to the electric lock. A frequency or signal transmission interval used in wireless communication for performing authentication processing between the information terminal and the key device for personal use and for wireless communication performing authentication processing between the information terminal and the key device for management object. The entrance / exit management system according to claim 1, wherein different values are used. A personal key ID storage unit for storing identification information of the personal key device;
A management object key ID storage unit for storing identification information of the management object key device;
A personal key communication unit that performs authentication processing by comparing the identification information transmitted from the personal key device with the identification information stored in the personal key ID storage unit;
A managed object key communication unit that performs authentication processing by comparing the identification information transmitted from the managed object key device with the identification information stored in the managed object key ID storage unit;
Electricity for transmitting an authentication result by the key communication unit for the person and the key communication unit for the management target to the electric lock when a specific signal transmitted from the electric lock for unlocking or locking the door is received. A lock communication unit;
Information terminal equipped with. The personal key communication unit performs authentication processing with the personal key device at predetermined time intervals,
4. The information terminal according to claim 3, wherein the managed object key communication unit performs authentication processing with the managed object key device when receiving a specific signal transmitted from the electric lock. 4. The information terminal according to claim 3, wherein the personal key communication unit and the managed object key communication unit each perform an authentication process when receiving a specific signal transmitted from the electric lock. An authentication history storage unit for storing that the key communication unit for the management object has failed in the authentication process;
When the electric lock communication unit receives a specific signal transmitted from the electric lock, the authentication history storage unit together with the authentication result by the key communication unit for the person and the key communication unit for the management object with respect to the electric lock The information terminal according to any one of claims 3 to 5, which transmits information indicating that the authentication processing stored in the server has failed. Comparing the identification information transmitted from the personal key device with the identification information associated with the personal key device stored in advance, and performing an authentication process;
A step of performing an authentication process by comparing the identification information transmitted from the key device for management object with the identification information associated with the key device for management object stored in advance;
A step of receiving a specific signal transmitted from an electric lock for unlocking or locking the door; and the key device for the person for the electric lock when the specific signal transmitted from the electric lock is received; An authentication information communication method comprising: a step of transmitting an authentication result by an authentication process performed with the management object key device. The program for making a computer implement | achieve the information terminal of any one of Claims 3-6.

Images