JP2009059130A - Order data management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an order data management system having a biometrics function such as fingerprint authentication, and enabling a plurality of necessary persons to safely execute a chief task while suppressing the processing capability or memory capacity of a central processing unit of an order input device. <P>SOLUTION: An order input device 101 transmits biometrics information acquired by a biological sensor to an order data management device 103. An order data management device 103 receives the biometrics information from the order input device 101. The order data management device 103 compares the received biometrics information with preliminarily stored biometrics information, and determines whether or not the both biometrics information coincide with each other. The order data management device 103 determines whether or not to permit access from the order input device 101 based on the result of the determination. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an order data management system used for managing products ordered by customers and information associated therewith at restaurants such as restaurants and hotels.

  Conventionally, order data management systems have been used in restaurants, pubs, hotels, and the like (hereinafter referred to as restaurants). Hereinafter, an example of the order data management system will be outlined. When receiving a food order from a customer, the customer service representative inputs each order menu received with the table number and the like into a portable handy terminal (order input device) and creates order data. In the order input device, a menu list provided at a restaurant or the like is stored in advance, and the customer service representative selects and inputs from the stored menu list when inputting the order menu. A similar menu list also stores an order data management device. In addition, in order to maintain consistency between the menu lists stored in the order input device and the order data management device, a version is added to the menu list, and when the menu list is changed, the versions are also different versions. In addition, in order to maintain the consistency of the order data, if the version of the menu list stored in the order input device is different from the version of the menu list stored in the order data management device, the order data management device determines the order data of the order input device. Do not register.

  The created order data is wirelessly transmitted from the order input device. The wirelessly transmitted order data is received by a wireless control device installed at each corner or the like in the store, and output to a data management device that performs various data processing, centralized management, and the like. The data management device stores information such as the order data, the time when the order data is received, and a number identifying the customer service representative in the storage device.

  The data management device causes a restaurant printer installed in the kitchen to print out a cooking instruction slip. The person in charge of cooking receives a voucher for cooking instructions printed out from the restaurant printer. Further, the data management apparatus causes the restaurant printer to print out the accounting slip. The customer service representative hands over the accounting slip printed out from the restaurant printer to the customer. The person in charge of cooking starts cooking according to the received slip for cooking instructions, and notifies the customer service representative when cooking is completed. As a result, the customer service representative will serve the dish ordered by the customer.

  In addition, in restaurants and the like, there are operations that must be carried out only by managers or store managers, such as browsing, updating, and changing management data, and changing the system configuration (hereinafter referred to as store manager operations). It would be convenient if such a store manager's duties could be carried out using an order input device. However, since the order input device is also used by ordinary employees and part-time workers, it can be viewed and altered by ordinary employees and part-time workers. Need to prevent. As a method for preventing browsing and falsification, it is possible to restrict access by accepting ID input and password input and allowing access only by authorized persons when carrying out store manager duties from the order input device. There is a problem that anyone can access the password once the information is leaked.

Recently, personal authentication by biometric authentication has been put to practical use as an authentication method other than ID and password. Biometric authentication is to authenticate a person by using a part of the body and the characteristics of behavior that are different for each human individual, and the following technologies are mainly researched and put into practical use. In the fingerprint authentication, the person is authenticated using the feature points (branches, end points, etc.) of the fingerprint (for example, see Patent Document 1). In signature authentication, the identity of the person is authenticated by the signature shape, stroke order, how to carry the brush, and writing pressure. In finger vein authentication, the person is authenticated using the shape of a finger vein. In the palm print authentication, the person is authenticated by the size and shape of the palm. In the retina authentication, the person is authenticated by the shape of the retina of the fundus. In the iris authentication, authentication is performed with an iris iris pattern. In voice authentication, the user is authenticated using a voice waveform, voice rate, and the like.
JP 2004-126765 A

  However, when the order input device has a biometric authentication function such as fingerprint authentication, there are the following problems. Here, fingerprint authentication will be described as a representative method of biometric authentication. First, if the order input device used by the store manager is uniquely determined in the store, it is necessary to prepare a special order input device for the store manager. There may be a request to be able to implement it. If this request is to be realized, it is necessary to register the manager's fingerprint in all the order input devices in the store, which is troublesome.

  Secondly, if the store manager is not in the store, the store manager's agent may be acting as the store manager's business, but it is not possible for all of the candidate agents to register fingerprints on all order entry devices. Unrealistic. For example, taking a chain of restaurants as an example, there is a person with a position called an area manager who manages multiple stores in a specific area as a senior manager of each store manager. It can be considered that the store manager has the authority to execute the store manager's duties. In addition, there are multiple people who have authority to execute store manager duties, such as senior managers of area managers and sub (representatives) of area managers, and all these people enter each order input device managed by themselves. It is virtually impossible to register a fingerprint.

  Third, fingerprint authentication requires three functional elements: fingerprint image input, fingerprint feature extraction, and fingerprint feature comparison and collation. Generally, the central processing unit installed in an order input device is a fingerprint feature extraction / In order to execute comparison and collation of fingerprint features, the processing capability is low, and there is a problem that it takes a long time from inputting a fingerprint image to outputting a conversion result. In addition, in order to perform comparison and collation of fingerprint features, it is necessary to store a plurality of input fingerprint feature data on the memory of the order input device. In general, the memory installed in the order input device holds the above information. In order to do so, there is a problem that the capacity is small. As one means for solving this problem, a method of sufficiently increasing the processing capacity of the central processing unit mounted on the order input device and sufficiently increasing the memory capacity mounted on the order input device can be considered. However, this means has a problem that the price of the order input device becomes high.

  The present invention has been made to solve the above-described problem, and performs biometric authentication such as fingerprint authentication while suppressing the processing capacity and memory capacity of the central processing unit of the order input device to the same level as before. It is an object of the present invention to provide an order data management system in which a plurality of necessary persons can safely execute a store manager's business without excess or deficiency.

  The present invention stores a menu list that associates at least a menu name and a menu code, accepts order data including the menu code selected from the menu list by an operator, the number, and customer identification information; An order data management system comprising: an order input device that transmits to an order data management device; and an order data management device that receives the order data transmitted from the order input device and stores and manages the received order data The order input device includes a biometric sensor that acquires biometric authentication information of the operator, and an input device transmission unit that transmits the biometric authentication information acquired by the biometric sensor. A storage unit for storing the biometric authentication information and the biometric authentication information transmitted from the order input device A determination unit that determines whether or not the biometric authentication information received by the reception unit, the biometric authentication information received by the reception unit, and the biometric authentication information stored in the storage unit match, and based on a result determined by the determination unit An order data management system comprising: a permission determination unit that determines whether or not access from an order input device is permitted.

  In the order data management system of the present invention, the order data management device further includes a transmission unit, the storage unit further stores an application dedicated to security data access, and the permission determination unit permits access from the order input device. If it is determined, the transmission unit transmits the security data access dedicated application stored in the storage unit to the order input device, and the order input device includes an input device reception unit and an input device execution unit. The input device receiving unit receives the security access dedicated application transmitted from the order data management device, and the input device executing unit executes the security data access dedicated application received by the input device receiving unit, Accessing the order data management device; And features.

  The order data management device of the present invention includes an ID generation unit that generates a security data access dedicated application ID and an execution unit that executes the management device application, and the security data access dedicated application includes the ID generation unit. Includes a combination of the security data access dedicated application ID and a predetermined management device application ID, and the management device application includes a combination of the security data access dedicated application ID and the management device application ID, The input device execution unit includes the security data access dedicated application ID and the management device application included in the security data access dedicated application. A combination with the application ID transmitted to the order data management device via the input device transmission unit, and the execution unit receives the security data access dedicated application ID received from the order input device via the reception unit; It is determined whether the combination of the management apparatus application ID matches the combination of the security data access dedicated application ID and the management apparatus application ID included in the management apparatus application, and based on the determination result, It is characterized by judging whether or not to permit access from the order input device.

  The order input device of the present invention includes a temporary storage unit, and the input device execution unit stores the security data access dedicated application in the temporary storage unit when executing the security data access dedicated application, The input device execution unit further deletes the security data access dedicated application from the temporary storage unit when the execution of the security data access dedicated application is terminated.

  The execution unit of the present invention further transmits end instruction information for instructing to end execution of the security data access dedicated application after a predetermined execution time of the security data access dedicated application has elapsed. And the input device executing unit deletes the security data access dedicated application from the temporary storage unit when the termination instruction information is received via the input device receiving unit. It is characterized by doing.

  The execution unit of the present invention further includes end instruction information for instructing the end of execution of the security data access dedicated application when the order data management device is accessed beyond a predetermined number of accesses. The order data input device via the transmission unit, and when the input device execution unit receives the end instruction information via the input device reception unit, the security data access dedicated from the temporary storage unit It is characterized by deleting an application.

  According to the present invention, it is possible to perform biometric authentication such as fingerprint authentication while suppressing the processing capacity and memory capacity of the central processing unit of the order input device to the same level as before, and there are too many necessary persons. The store manager's duties can be carried out safely.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a configuration diagram showing the configuration of the order data management system in the present embodiment. In the example illustrated, the order data management system includes an order input device 101, an order data management device 103, a wireless control device 104, a printer 105, and a wired network 106. The order data management device 103 and the wireless control device 104 are connected by a wired network 106. The wireless control device 104 and the order input device 101 are connected by a wireless network. The wireless control device 104 and the printer 105 are connected via a wireless network.

  In the order data management system, when a food order is received from a customer, the customer service representative inputs the ordered menu and quantity together with the table number into the portable order input device 101. The order input device 101 creates order data with a slip number based on the input table number, menu, and quantity. The slip number is different for each input and is identification information for uniquely determining a customer. The order input device 101 stores in advance a menu list including a menu name, menu code, and unit price provided at a restaurant or the like, and the customer service representative stores the menu list when inputting the ordered menu. Select and enter the menu name from the current menu list. A similar menu list also stores the order data management apparatus 103. The menu list has a version in order to maintain consistency between the menu lists stored in the order input device 101 and the order data management device 103.

  The created order data is wirelessly transmitted from the order input device 101 to the wireless control device 104. Subsequently, the wireless control device 104 transmits the received order data to the order data management device 103 via the wired network 106. The order data management apparatus 103 stores the received order data in the storage unit. Further, the order data management apparatus 103 causes the printer 105 installed in the kitchen to print out a cooking instruction slip. The person in charge of cooking receives the cooking instruction slip printed out from the printer 105. Further, the order data management apparatus 103 causes the printer 105 to print out the accounting slip. The customer service person hands over the accounting slip printed out from the printer 105 to the customer. The person in charge of cooking starts cooking according to the received slip for cooking instructions, and notifies the customer service representative when cooking is completed. As a result, the customer service representative will serve the dish ordered by the customer.

  Further, the order input device 101 includes a fingerprint sensor 306 that reads a fingerprint. By placing the finger 102 on the fingerprint sensor 306, the fingerprint of the finger 102 can be read. Further, the store manager can use the order input device 101 of the present embodiment to view, update, and change management data stored in the order data management device 103, change the system configuration, and the like.

  FIG. 2 is a block diagram showing the configuration of the order input device 101 in this embodiment. The order input device 101 includes a CPU 301 (central processing unit, central processing unit), a ROM 302 (read only memory, read only memory), a RAM 303 (random access memory, random access memory), a keyboard unit 304, and a keyboard. An input circuit 305, a fingerprint sensor 306, a fingerprint image input circuit 307, a display unit 308, a display control circuit 309, a wireless circuit 310, and a wireless control unit 311 are provided.

  FIG. 3 is a block diagram showing the configuration of the order data management apparatus 103 in this embodiment. The order data management apparatus 103 includes a CPU 401, a ROM 402, a RAM 403, a communication control unit 404, a communication circuit 405, and a hard disk device 406.

  Hereinafter, the authentication method in the present embodiment will be described with reference to FIGS. 4 and 5. FIG. 4 is a flowchart illustrating processing performed by the order input device 101 when the order data management device 103 determines whether the user using the order input device 101 has the authority to perform store manager duties. FIG. 5 is a flowchart showing processing performed by the order data management apparatus 103 when the order data management apparatus 103 determines whether or not the user using the order input apparatus 101 has the authority to perform store manager duties.

First, a processing procedure in the order input device 101 shown in the flowchart of FIG. 4 will be described.
(Step S101) The user of the order input device 101 places a finger on the fingerprint sensor 306 provided in the order input device 101. When the fingerprint sensor 306 senses a finger, the fingerprint image input circuit 307 reads the fingerprint via the fingerprint sensor 306 and stores it in the RAM 303 as a fingerprint image.
(Step S102) The CPU 301 reads a fingerprint image stored in the RAM 303, and determines whether or not a fingerprint is included in the read fingerprint image. If the CPU 301 determines that the fingerprint image includes a fingerprint, the process proceeds to step S103. If the CPU 301 determines that the fingerprint image does not include a fingerprint, the process returns to step S101.
(Step S103) The CPU 301 sends the fingerprint image read in step S102 to the wireless control unit 311. The wireless control unit 311 transmits the fingerprint image to the order data management apparatus 103 via the wireless circuit 310.
(Step S104) The radio circuit 310 receives a response message for the fingerprint image transmitted to the order data management apparatus 103 in step S103. The wireless control unit 311 stores the response message received by the wireless circuit 310 in the RAM 303. Note that the response message includes information indicating whether or not the authentication is successful.
(Step S <b> 105) The CPU 301 reads the response message stored in the RAM 303 and acquires information indicating whether or not the authentication is successful, which is included in the read response message. Further, the CPU 301 determines whether or not the user of the order input device 101 can perform the store manager operation based on the acquired information indicating whether or not the authentication is successful. For example, if the information indicating whether or not the authentication is successful is “authentication successful”, it is determined that the store manager operation can be performed. If the information indicating whether or not the authentication is successful is “authentication failure”, the store manager operation is determined. Judgment is impossible. If the CPU 301 determines that the store manager operation can be performed, the process proceeds to step S106. If the CPU 301 determines that the store manager operation cannot be performed, the process proceeds to step S107.
(Step S106) The order input device 101 permits the user to perform store manager duties. Specifically, the management data stored in the order data management apparatus 103 is permitted to be browsed / updated / changed or the system configuration is changed. Therefore, the user of the order input device 101 can perform store manager duties.
(Step S107) The order input device 101 does not permit the user to perform store manager duties. Therefore, the user of the order input device 101 cannot perform store manager duties. In addition, the display control circuit 309 causes the display unit 308 to display an error message. For example, the display control circuit 309 causes the display unit 308 to display an “authentication failure” message.

Next, a processing procedure in the order data management apparatus 103 shown in the flowchart of FIG. 5 will be described.
(Step S201) The communication circuit 405 receives the fingerprint image transmitted by the order input device 101. The communication control unit 404 stores the fingerprint image received by the communication circuit 405 in the RAM 402.
(Step S202) The CPU 401 reads a fingerprint image stored in the RAM 402, and extracts a fingerprint feature from the read fingerprint image.
(Step S203) The CPU 401 compares the fingerprint feature extracted in step S202 with the fingerprint feature stored in advance in the hard disk device 406, and the same fingerprint feature as the extracted fingerprint feature extracted in step S202. Is stored in the hard disk device 406.
(Step S204) On the basis of the result of the determination in Step S203 whether or not the same fingerprint characteristic as the fingerprint characteristic extracted in Step S202 is stored in the hard disk device 406, the CPU 401 accesses the order input device 101. Judge whether to allow or not. Specifically, if it is determined that the same fingerprint characteristics as the fingerprint characteristics extracted in step S202 are stored in the hard disk device 406, the CPU 401 determines that access from the order input device 101 is permitted, and the step The process proceeds to S205. If the CPU 401 determines that the same fingerprint feature as the fingerprint feature extracted in step S202 is not stored in the hard disk device 406, the CPU 401 determines that access from the order input device 101 is not permitted, and proceeds to step S206.
(Step S <b> 205) Via the communication circuit 405, the communication control unit 404 transmits “authentication successful” information to the order input device 101 as information indicating whether or not the authentication is successful.
(Step S <b> 206) Via the communication circuit 405, the communication control unit 404 transmits information of “authentication failure” to the order input device 101 as information indicating whether or not the authentication is successful.

  As described above, according to the present embodiment, by performing fingerprint authentication, a necessary person can safely perform store manager duties. Further, since the processing of extracting the fingerprint characteristics is performed by the CPU of the order data management apparatus 103, fingerprint authentication can be performed while the processing capacity of the central processing unit of the order input apparatus 101 is suppressed to the same level as in the past. Further, since the hard disk device 406 of the order data management device 103 stores the characteristics of the fingerprint of the user who is permitted for the store manager's business, the memory capacity of the central processing unit of the order input device 101 is suppressed to the same level as before. Fingerprint authentication can be performed. Further, since the hard disk device 406 of the order data management device 103 manages the characteristics of the fingerprint of the user to be authorized for the store manager's work in one place, it is also possible to store the fingerprint features in advance on the hard disk of the order data management device 103. Only the device 406 is sufficient. Therefore, even when there are a plurality of order input devices, it is possible to perform fingerprint authentication without previously storing the fingerprint characteristics in all the order input devices.

  In addition, the security level is set to three levels of login to the order input device 101, login to the order data management device 103, and login to the security area, and management data stored in the order data management device 103 is browsed. -Implementation of store manager duties such as update / change and system configuration change may be possible only from the order input device 101 logged in the security area. The login to the order input device 101 and the login to the order data management device 103 are authentications using a user ID and password, and the login to the security area is biometric authentication such as fingerprint authentication. In this embodiment, in order to log in to the order data management apparatus 103, the user must be logged in to the order input apparatus 101, and to log in to the security area, the user must be logged in to the order data management apparatus 103. Suppose you don't.

  FIG. 6 is a diagram showing accessibility / impossibility when security levels are set in three stages: login to the order input device 101, login to the order data management device 103, and login to the security area. is there. In step S301, the login to the order input device 101 is rejected. In step S <b> 302, the login to the order input device 101 is successful, but the login to the order data management device 103 is rejected. In step S303, the login to the order input device 101 and the login to the order data management device 103 are successful, but are rejected due to the login to the security area. In step S304, the login to the order input apparatus 101, the login to the order data management apparatus 103, and the login to the security area have succeeded.

  As described above, the security level can be set in three stages: login to the order input device 101, login to the order data management device 103, and login to the security area, so that manager operations can be performed more safely. It becomes.

  In addition, a flag that can skip the login to the order input device 101 and the login to the order data management device 103 is stored in the RAM 303 of the order input device 101 and the RAM 402 of the order data management device 103 in advance. It may be possible to log in to the security area only by authentication of the security layer.

  FIG. 7 is a diagram showing login to the security area by authentication of only the security layer. In step S401, the software that controls the login to the order data management apparatus 103 and the software that controls the login to the order input apparatus 101 monitor the login to the security area. Log-in to the order input device 101 and log-in to the order data management device 103 are possible, so that the login to the order input device 101 and the order data management device 103 can be performed at once. Login and login to the security area are possible.

  In addition, for manager operations such as viewing / updating / changing management data stored in the order data management device 103 and changing the system configuration, the security data stored in the hard disk device 406 of the order data management device 103 is accessed. There is a need. In order to access the security data from the order input device 101, a dedicated application may be downloaded from the order data management device 103 to the order input device 101 and accessed only through the downloaded security data access dedicated application. Good. The order data management apparatus 103 may also start the management apparatus application and exchange commands and data with the security data access dedicated application.

FIG. 8 is a diagram illustrating a procedure in which the order input device 101 downloads a security data access dedicated application from the order data management device 103.
(Step S501) The order input device 101 transmits authentication data to the order data management device 103.
(Step S502) The order data management apparatus 103 authenticates the order input apparatus 101 based on the authentication data transmitted from the order input apparatus 101. Steps S501 and S502 are performed by the method shown in FIGS.
(Step S <b> 503) The order data management apparatus 103 transmits a security data access dedicated application stored in the hard disk device 405 to the order input apparatus 101.
(Step S504) The order input device 101 stores the security data access dedicated application transmitted from the order data management device 103 in the RAM 303.
(Step S <b> 505) The CPU 301 of the order input device 101 reads and activates a security data access dedicated application stored in the RAM 303.
(Step S506) The CPU 301 of the order input apparatus 101 executes a command described in the activated security data access dedicated application, and exchanges commands and data with the order data management apparatus 103 via the wireless circuit 310. Further, the CPU 401 of the order data management apparatus 103 executes a command described in a management apparatus application that has been activated in advance, and exchanges commands and data with the order input apparatus 101 via the communication circuit 405.

  As described above, the CPU 301 of the order input device 101 executes a command described in the activated security data access dedicated application, and exchanges commands and data with the order data management device 103 via the wireless circuit 310. Only in this case, the order input device 101 can access the security data. Therefore, the order data management system according to the present embodiment can more securely perform store manager duties.

  Further, the CPU 401 of the order data management apparatus 103 randomly creates a security data access dedicated application ID, and the hard disk device 406 of the order data management apparatus 103 has a security data access dedicated application ID and a preset management apparatus application ID. 9 may be stored in the security data access dedicated application and the management apparatus application as shown in FIG.

  FIG. 9 is a diagram illustrating an example in which the CPU 401 of the order data management apparatus 103 transmits a security data access dedicated application to the order input apparatus 101 via the communication circuit 405. In the example illustrated, the hard disk device 406 of the order data management device 103 includes a security data access dedicated application including a management device application ID and a security data access dedicated application ID, a management device application ID, and a security data access dedicated application ID. Is stored in the management device application. The RAM 303 of the order input device 101 stores a security data access dedicated application including the management device application ID and the security data access dedicated application ID transmitted from the order data management device 103 and received via the wireless circuit 310. .

  In step S506, the CPU 301 of the order input device 101 executes a command described in the activated security data access dedicated application, and exchanges commands and data with the order data management device 103 via the wireless circuit 310. The set of the management device application ID and the security data access dedicated application ID included in the security data access dedicated application is transmitted simultaneously. The CPU 401 of the order data management apparatus 103 that has received the combination of the management apparatus application ID and the security data access dedicated application ID via the communication circuit 405 determines the transmitted combination of the management apparatus application ID and the security data access dedicated application ID. It may be confirmed whether the set of the management device application ID and the security data access dedicated application ID included in the management device application match, and exchange of commands and data may be permitted only when they match.

  In step S506, the CPU 401 of the order data management apparatus 103 executes a command described in the management apparatus application that is activated in advance, and exchanges commands and data with the order input apparatus 101 via the communication circuit 405. At this time, a set of a management device application ID and a security data access dedicated application ID included in the management device application is also transmitted at the same time. The CPU 301 of the order input device 101 that has received the set of the management device application ID and the security data access dedicated application ID via the wireless circuit 310, and the transmitted set of the management device application ID and the security data access dedicated application ID, It may be confirmed whether or not the set of the management apparatus application ID and the security data access dedicated application ID included in the security data access dedicated application match, and the exchange of commands and data may be permitted only when they match.

  As described above, the CPU 301 of the order input device 101 and the CPU 401 of the order data management device 103 simultaneously transmit a set of a management device application ID and a security data access dedicated application ID every time a command and data are exchanged. In addition, the CPU 301 of the order input device 101 and the CPU 401 of the order data management device 103 include a combination of the received management device application ID and a security data access dedicated application ID, and a security data access dedicated application or a management device application in advance. The pair of the management device application ID and the security data access dedicated application ID is compared, and the command and data exchange is permitted only when they match. Therefore, the order data management system according to the present embodiment can more securely perform store manager duties.

  Further, the CPU 301 of the order input device 101 may completely delete the security data access dedicated application from the RAM 303 after the store manager's work is completed.

  FIG. 10 is a diagram showing a security data access dedicated application loaded on the RAM 303 of the order input device 101. In the illustrated example, a business application and a security data access dedicated application are loaded in the RAM 303. The security data access dedicated application is called from the business application by a technique such as a subroutine call or sub-process activation. In addition, the security data access dedicated application has an activation part, a main part, an end process part, and an OS-dependent end process. In addition, the starting portion and the main portion are loaded between the offset 0 and the obset N.

FIG. 11 is a flowchart showing a procedure in which the CPU 301 of the order input device 101 deletes the security data access dedicated application from the RAM 303.
(Step S <b> 601) The CPU 301 of the order input device 101 executes a security data access dedicated application and performs store manager duties.
(Step S602) The CPU 301 of the order input device 101 calls a termination process when terminating the security data access dedicated application. Note that the trap processing is set so that the termination processing is called even when the security data access dedicated application is forcibly terminated by exception processing. When the termination process is called, the CPU 301 performs the termination process. In the termination process, the CPU 301 fills the program from the offset 0 to the offset N of the RAM 303 with specific data. For example, the specific data is 0 data, FF clear, or a value that does not adversely affect even when executed by the CPU 301.
(Step S603) The CPU 301 performs an OS-dependent end process. With OS-dependent processing, the CPU 301 executes a return instruction in response to a subroutine call. Alternatively, the CPU 301 executes a process end command with respect to subprocess activation.

  If the security data access dedicated application remains on the RAM 303, the security data access dedicated application may be restarted or analyzed by a reverse engineer method by a third party. In the present embodiment, as described above, the CPU 301 of the order input device 101 completely erases the security data access dedicated application from the RAM 303 after the store manager's business is completed. for that reason. It is possible to prevent a third party from restarting the security data access dedicated application or analyzing it by a reverse engineer technique.

  Further, the time during which the security data access dedicated application can be activated may be limited. FIG. 12 is a diagram showing a distribution time table that records the distribution time of the security data access dedicated application stored in the hard disk device 406 of the order data management apparatus 103. In the illustrated example, the distribution time table stores the terminal application ID and the distribution time when the security data access dedicated application is distributed from the order data management apparatus 103 to the order input apparatus 101.

  For example, one hour from the distribution time when the security data access dedicated application is distributed from the order data management apparatus 103 to the order input apparatus 101 is set as the valid time. For the security data access dedicated application whose valid time has passed, the CPU 301 of the order input apparatus 101 deletes the security data access dedicated application from the RAM 303 as described above. The determination of the valid time is sent from the order input device 101 by the CPU 401 of the order data management device 103 every time the order input device 101 accesses the terminal application ID stored in the distribution time table, the distribution time, and the order input device 101. From the terminal application ID and the current time, it is determined whether the current time exceeds one hour from the distribution time. If it is determined that the time has exceeded one hour, the CPU 401 of the order data management apparatus 103 transmits a security data access dedicated application deletion command to the order input apparatus 101 via the communication circuit 405.

  Further, the valid time may be determined as follows. The CPU 301 of the order input device 101 stores the effective time and the distributed time in the RAM 303. The CPU 301 of the order input device 101 reads the valid time and the distributed time from the RAM 303 every time the order input device 101 accesses the order data management device 103 from the order input device 101. The CPU 301 of the order input device 101 may determine whether or not it has exceeded one hour since the security data access dedicated application was distributed based on the read valid time, the distributed time, and the current time. . If it is determined that the time has exceeded one hour, the CPU 301 of the order input device 101 issues a security data access dedicated application deletion command.

  As described above, the expiration date of the security data access dedicated application is determined in advance, and when the determined effective time has elapsed, the CPU 301 of the order input device 101 deletes the security data access dedicated application from the RAM 303. Therefore, after the expiration date of the security data access dedicated application, the order input device 101 cannot access the security data stored in the hard disk device 406 of the order data management device 103. Therefore, store manager duties can be implemented more safely.

  Further, the number of communications of the security data access dedicated application may be limited. FIG. 13 is a diagram showing the number of communications between the security data access dedicated application and the management apparatus application. In the example shown in the figure, the limit on the number of communication of the security data access dedicated application is four times, and when it is five times or more, the CPU 401 of the order data management apparatus 103 denies access from the order input apparatus 101. Further, the CPU 401 of the order data management apparatus 103 transmits a security data access dedicated application deletion command to the order input apparatus 101 via the communication circuit 405.

  In order to prevent unauthorized counting of the communication count, the CPU 301 of the order input device 101 using a security data access dedicated application and the CPU 401 of the order data management device 103 using a management device application respectively. And it is not included in the communication data.

  As described above, the effective communication count is determined in advance, and when the determined effective communication count is exceeded, the CPU 301 of the order input device 101 deletes the security data access dedicated application from the RAM 303. Therefore, after the number of effective communications is exceeded, the order input device 101 cannot access the security data stored in the hard disk device 406 of the order data management device 103. Therefore, store manager duties can be implemented more safely.

  In addition, for manager operations such as viewing / updating / changing management data stored in the order data management device 103 and changing the system configuration, it is possible to access data and operations stored in the order data management device 103. It is also possible to subdivide the access level that is the right authority and assign the access level for each position of the store clerk.

  FIG. 14 is a diagram showing management data stored in the order data management apparatus 103. In the illustrated example, the management data includes four data including sales data (daily report to monthly report), exception handling data, employee management data, and other data. Sales data (daily report to monthly report) includes sales value, sales by person in charge, sales by time zone, residence time by time zone during which customers are staying, customer base by time zone, Sales by day of the week, ABC analysis by menu, sales by type, and number of items by price range are included. The customer base for each time zone is male / female / family / couple. The type of sales by type is a type of drink.

  The exception processing data includes the number of overtime provided, the number of order mistakes, the return / correction accounting breakdown, the account receivable accounting breakdown, and the out-of-stock order list (chance loss). The provision overtime count is used when managing the time from receipt of an order to serving food. The reversal / correction accounting breakdown records mistakes in the cash register. Accounts receivable breakdown records data that has not been collected. The out-of-stock order list records the number of food orders that have been sold out and refused to customers.

  The employee management data includes sales by employee, employee meals, breakdown of accounts receivable by employee, overtime provided by employee, number of orders missed by employee, and return / correction by employee. Accounting breakdown. Other data includes sales promotion information. The sales promotion information is management data such as the contents to be printed and the number of sheets to be printed when a message for sales promotion is printed on a slip handed over to the customer.

  FIG. 15 is a diagram showing an access level that is an authority that can access data stored in the order data management apparatus 103 and operations that are subdivided for each position of the store clerk. In the example shown in the figure, there are five access levels: manager, area manager, store manager, vice store manager, and time zone manager. When the management access level is granted, all operations can be performed. The data that can be browsed are sales data of all stores, exception data of all stores, and employee (including area manager) management data of all stores. The data that can be edited includes discount / service information common to all stores and sales promotion information common to all stores.

  When the access level of the area manager is given, the work that can be performed is work shift management for mutual support between stores. The data that can be browsed are sales data in the jurisdiction area, exception data in the jurisdiction area, and employee (including store manager) management data in the jurisdiction area. Data that can be edited includes discount / service information specific to the jurisdiction area and sales promotion information specific to the jurisdiction area.

  When the store manager's access level is given, the work that can be carried out is attendance management (including deputy store manager), work shift management (including deputy store manager), and ordering work for foods and the like. The data that can be viewed are store sales data, store exception data, and store employee (including vice store manager) management data. The data that can be edited includes store-specific discount / service information and store-specific sales promotion information.

  When the access level of the deputy store manager is given, the work that can be carried out is attendance management (not including the deputy store manager), work shift management (not including the deputy store manager), and ordering operations for ingredients and the like. The data that can be browsed are store sales data, store exception data, and store employee (not including vice store manager) management data. The data that can be edited includes store-specific discount / service information and store-specific sales promotion information.

  When the access level of the person in charge of the time zone is given, the work that can be performed is shift management of the management time zone. The data that can be viewed are sales data in the management time zone and exception data in the management time zone. There is no data that can be edited.

  The assignment of the subdivided access level to the store clerk is stored in the employee management data stored in the hard disk device 406 of the order data management device 103. FIG. 16 shows employee management data. In the illustrated example, the employee management data includes an employee ID, a name, a title, an access level, and fingerprint feature data.

  In the fingerprint authentication method described with reference to FIGS. 4 and 5, the CPU 401 of the order data management apparatus 103 determines whether the user who uses the order input apparatus 101 has the authority to perform store manager duties. 14, FIG. 15, and FIG. 16, the user who uses the order input device 101 has not only the authority to perform the store manager's business but also the authority to perform the business of the manager. Whether or not he / she has the authority to perform the duties of the area manager, whether or not he / she has the authority to perform the duties of the store manager, or has the authority to perform the duties of the deputy store manager, It may be determined whether or not there is authority.

  As described above, the order data management device of the present embodiment can perform biometric authentication such as fingerprint authentication while suppressing the processing capacity and memory capacity of the central processing unit of the order input device to the same level as in the past, A plurality of necessary persons can carry out store manager operations safely without excess or deficiency.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes designs and the like that do not depart from the gist of the present invention.

It is the block diagram which showed the structure of the order data management system in one Embodiment of this invention. It is the block diagram which showed the structure of the order input device in this embodiment. It is the block diagram which showed the structure of the order data management apparatus in this embodiment. It is the flowchart shown about the process which the order input device in this embodiment performs. It is the flowchart shown about the process which the order data management apparatus in this embodiment performs. It is the figure which showed the accessibility at the time of setting to three steps, the login to the order input apparatus in this embodiment, the login to an order data management apparatus, and the login to a security area. It is the figure which showed the login to a security area | region by the authentication of only the security layer in this embodiment. It is the figure which showed the procedure in which the order input device in this embodiment downloads a security data access exclusive application from an order data management device. It is the figure which showed the example which the order data management apparatus in this embodiment transmits a security data access exclusive application with respect to an order input device. It is the figure which showed the security data access exclusive application loaded on RAM of the order input device in this embodiment. It is the flowchart which showed the procedure which erases the security data access exclusive application in this embodiment from RAM. It is the figure which showed the delivery time table which records the delivery time of the application only for security data access which the order data management apparatus in this embodiment has. It is the figure which showed the frequency | count of communication with the security data access exclusive application and management apparatus application in this embodiment. It is the figure which showed the management data which the order data management apparatus in this embodiment memorize | stores. It is the figure which showed the access level which is the authority which can access the data which the order data management apparatus divided | segmented for every position of the salesclerk in this embodiment, and a business. It is the figure which showed the employee management data in this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 101 ... Order input device, 103 ... Order data management device, 104 ... Wireless control device, 105 ... Printer, 106 ... Wired network, 301, 401 ... CPU, 302, 402 ..ROM, 303, 403... RAM, 304... Keyboard part, 305 .. keyboard input circuit, 306 .. fingerprint sensor, 307 .. fingerprint image input circuit, 308. 309 ... Display control circuit, 310 ... Radio circuit, 311 ... Radio control unit, 404 ... Communication control unit, 405 ... Communication circuit, 406 ... Hard disk device

Claims (6)

An order data management device that stores at least a menu list in which a menu name and a menu code are associated, receives order data including the menu code selected from the menu list by an operator, the number, and customer identification information; An order data management system comprising: an order input device that transmits data to the device; and an order data management device that receives the order data transmitted from the order input device and stores and manages the received order data.
The order input device includes a biometric sensor that acquires biometric information of the operator, an input device transmission unit that transmits the biometric information acquired by the biometric sensor,
With
The order data management device includes a storage unit that stores the biometric information, a receiving unit that receives the biometric information transmitted from the order input device, the biometric information received by the receiving unit, A determination unit that determines whether or not the biometric authentication information stored in the storage unit matches, and a permission determination unit that determines whether or not to permit access from the order input device based on a result determined by the determination unit When,
An order data management system characterized by comprising: The order data management device includes a transmission unit, the storage unit further stores an application dedicated to security data access, and when the permission determination unit determines to permit access from the order input device, the transmission unit stores the order. Send the security data access dedicated application stored in the storage unit to the input device,
The order input device includes an input device reception unit and an input device execution unit, the input device reception unit receives the security access dedicated application transmitted from the order data management device, the input device execution unit, The order data management system according to claim 1, wherein the security data access dedicated application received by the input device reception unit is executed to access the order data management device. The order data management device includes an ID generation unit that generates a security data access dedicated application ID, and an execution unit that executes a management device application.
The security data access dedicated application includes a combination of the security data access dedicated application ID generated by the ID generation unit and a predetermined management device application ID,
The management device application includes a combination of the security data access dedicated application ID and the management device application ID,
The input device execution unit transmits a combination of the security data access dedicated application ID and the management device application ID included in the security data access dedicated application to the order data management device via the input device transmission unit. ,
The execution unit includes a combination of the security data access dedicated application ID and the management device application ID received from the order input device via the receiving unit, and the security data access dedicated application ID included in the management device application. 3. It is determined whether or not the combination of the management device application ID and the management device application ID matches, and based on the determination result, it is determined whether or not access from the order input device is permitted. Order data management system. The order input device includes a temporary storage unit,
The input device execution unit, when executing the security data access dedicated application, stores the security data access dedicated application in the temporary storage unit,
4. The input device execution unit further deletes the security data access dedicated application from the temporary storage unit when the execution of the security data access dedicated application is terminated. An order data management system according to claim 1. The execution unit further sends end instruction information for instructing the end of execution of the security data access-dedicated application via the transmission unit after a predetermined execution time of the security data access-dedicated application has elapsed. To the order data input device,
The order according to claim 4, wherein the input device execution unit deletes the security data access dedicated application from the temporary storage unit when the termination instruction information is received via the input device reception unit. Data management system. The execution unit further includes end instruction information for instructing the end of execution of the security data access dedicated application when the order data management device is accessed beyond a predetermined access count determined in advance. To the order data input device via
The order according to claim 4, wherein the input device execution unit deletes the security data access dedicated application from the temporary storage unit when the termination instruction information is received via the input device reception unit. Data management system.

Images