JP2009060231A - Security system, management device, mobile terminal, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform utilization restrictions of each function of a mobile terminal which a user possesses, by each user. <P>SOLUTION: An ID controller 101 has terminal control policy information indicating the mode of utilization restriction of each function of the mobile terminal 104 by each user 105, when the user 105 who possesses the mobile terminal 104 attempts to pass either an entrance security gate device 102 or an exit security gate device 103; ID information about the user is transmitted from either of the gate devices to the ID controller 101, in the ID controller 101, terminal control policy information about the user is retrieved from the ID information about the user, terminal function control information indicating the utilization restriction mode of each function indicated in the retrieved terminal control policy information is generated, transmitted to the mobile terminal 104 via the gate device which the user 105 is attempting to pass, and in the mobile terminal 104, the utilization restriction of each function is performed in accordance with the terminal function control information. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a security system that performs entrance / exit management at an entrance of an office building, for example.

In order to improve security in office buildings, condominiums, hospitals, etc., gates are provided at the entrances and exits of spaces such as entrances, floors, and living rooms, and the ID (Identification) device is checked by the ID controller when passing through the gate. There is a security system that allows only a user who is given an ID device to enter the space.
At this time, the ID device is an RFID (Radio Frequency Identification), a contact / non-contact IC (Integrated Circuit) card, a mobile phone with a built-in non-contact IC card, etc., and ID information for each ID device is stored in these ID devices. It is held in a readable state from the ID control device.
The gate is a lane type flapper gate, a door provided with an electric lock, or an automatic door, and includes a reader that reads the ID information of the ID device and notifies the ID control device.
As this ID device, a non-contact IC card or a mobile terminal device with a built-in RFID can be used.
Here, the mobile terminal device refers to a mobile phone, a PHS (Personal Handy-PHONE System) (registered trademark), a smartphone, a PDA (Personal Digital Assistant) (registered trademark), or the like.

In such a security system, it is inevitable to bring a mobile terminal device into the security area. However, in response to recent information leakage prevention and privacy protection requirements, There was a need to restrict usage.
The usage restriction targets include the camera shooting function of the mobile terminal device, “SD (Secure Digital) (registered trademark)”, “Memory Stick (registered trademark)”, and “USB (Universal Serial Bus) memory”. External memory access function for reading and writing, USB and infrared communication, wireless LAN communication functions that enable communication between mobile terminal devices and external devices, telephone calls, data communication, electronic communication that enable communication with outside buildings There is a mail function or a function of the entire mobile terminal device.

The security area of the security system is managed by arranging a plurality of security areas independently or in a nested manner.
Authentication is performed based on the user ID for each security area, and only properly authenticated users can enter the security area.

As for the use restriction of the mobile terminal device, it must be possible to control the execution and stop of each function for each user registered in the security system.
For office buildings, there are different security policies for each user, such as managers, employees, visitors, or people who need to use business functions, and for hospitals doctors, patients, visitors, etc. This is because usage restrictions to be performed differ accordingly.
Furthermore, regarding the use restriction of the mobile terminal device, it must be possible to control execution and stop of each function for each security area.
This is also because an office building has different security policies for each security area, such as the office department, development department, and server department.

  A technique for restricting the use of a mobile terminal device in accordance with the entrance of a security area is disclosed in the following Patent Document 1.

  Japanese Patent Application Laid-Open Publication No. 2003-259542 discloses a technique for restricting the use of a mobile terminal device in accordance with the security area entry after authenticating the security area entry based on the ID information of the mobile terminal device.

A technique for restricting the use of one or more functions of a mobile terminal device in accordance with the entrance of a security area is disclosed in Patent Document 3 below.
JP 2000-287259 A JP 2006-279314 A JP 2007-60226 A

In Patent Document 1, a gate having an interrogator for exchanging the power control signal and ID number of the mobile terminal device is provided at the boundary between the usable area and the prohibited area of the mobile terminal device. It is disclosed that the device sends a power-off signal through a transponder provided in the mobile terminal device, and disables the mobile terminal device until the next pass through the gate.
Patent Document 1 discloses that an ID number of a mobile terminal device is registered in a base station at the same time to respond to an external connection request for which use is prohibited.

  Further, the mobile terminal control system disclosed in Patent Document 2 reads electronic information of the mobile terminal device, performs user ID confirmation processing and entry processing, and sends a function switching signal to the mobile terminal device. Turns off the power based on the function switching signal. The power-off state is canceled by a switching signal when performing a participation process, or the mobile terminal itself is canceled by a timer that is activated when the power is turned off.

  In Patent Document 3, when a mobile terminal device enters a specific space area, the mobile terminal device transmits a restriction signal of one or more functions to the mobile terminal device, and the mobile terminal device that has received the signal Stop the corresponding function.

The technology described in Patent Document 1 and the technology described in Patent Document 2 that restrict the use of mobile terminal devices in accordance with the entrance to the security area are permitted to enter by the authentication by the user ID when entering the security area. The use of mobile terminal devices is uniformly restricted for all users.
For this reason, there is a problem that it is not possible to restrict the use of the mobile terminal device based on different security policies for each user ID.

  In addition, since usage restrictions on mobile terminal devices in accordance with entry into the security area are performed independently for each security area, usage restrictions on mobile terminal devices are restricted based on different security policies for each security area of the security system. In doing so, there is a problem that usage restrictions based on the security policy cannot be distributed efficiently.

  Further, in Patent Document 3, since the security system uniformly limits the function of the mobile phone regardless of the function implemented by the mobile terminal device, the restriction status of each function of the mobile terminal device belonging to each security area is not known. The information necessary for security management could not be provided.

  In view of such circumstances, the present invention is a security system in which a user ID is stored in a mobile terminal device and used as an entry / exit token, and is linked to entry or exit from a plurality of security areas that are independent or nested. One of the main purposes is to set a security policy of the security system and control execution and stop of individual functions of the mobile terminal device for each user and security area based on the security policy.

  Furthermore, the present invention relates to a security system in which a user ID is stored in a mobile terminal device and used as an entry / exit token, in conjunction with entry or exit of a plurality of security areas independently or nested. One of the main purposes is to enable recording and browsing of control status and belonging to the security area.

The security system according to the present invention includes:
A gate device that controls at least one of entry into and exit from the security area where entry and exit are restricted; and
A security system having a management device for managing the gate device,
The management device
Terminal control that stores user IDs of a plurality of registered users, and stores terminal control policy information indicating a mode of use restriction for each function of the plurality of functions provided in the mobile terminal device for each user ID A policy information storage unit;
A management device receiving unit that receives the ID of the person who attempted to pass through the gate device and tries to enter the security area or leave the security area, transmitted from the gate device;
When the ID of the trial user who has passed through the gate received by the management device receiving unit matches any user ID indicated in the terminal control policy information, the mobile terminal according to the terminal control policy information for the user ID A terminal function control information generating unit that generates terminal function control information indicating a mode of use restriction for each function provided in the device;
A management device transmitter that transmits the terminal function control information generated by the terminal function control information generator;
The gate device is
A first gate device transmission unit that transmits an ID of a gate passage trial person who attempts to enter the security area through the gate device or to leave the security area;
A gate device receiver for receiving the terminal function control information transmitted from the management device;
And a second gate device transmitting unit that transmits the terminal function control information to a mobile terminal device possessed by the gate passage trial person.

  According to the present invention, it is possible to finely restrict the use of each function of the mobile terminal device for each user or for each user and each security area in correspondence with different security policies for each user and each security area. .

Embodiment 1 FIG.
1 shows a security system according to the present embodiment.
FIG. 1 is a diagram illustrating a configuration example of a security system 1 according to the present embodiment.
The security system 1 includes an ID control device 101, an entrance security gate device 102, and an exit security gate device 103. The security system 1 controls the entrance / exit of the user 105 with respect to the security area of the mobile terminal device 104 possessed by the user 105. Restrict functions.
The ID control device 101 is an example of a management device, and the entrance security gate device 102 and the exit security gate device 103 are examples of gate devices.

The entrance security gate device 102 and the exit security gate device 103 are gate devices that physically limit the passage of people. The entrance security gate device 102 controls entry into the security area. The exit security gate device 103 controls exit from the security area.
The ID control device 101 communicates with the entrance security gate device 102 and the exit security gate device 103 and manages the entrance security gate device 102 and the exit security gate device 103.

As a person who is not restricted, the user 105 receives the distribution of the mobile terminal device 104 from the administrator of the security system and carries them.
The ID control device 101 confirms the validity of the mobile terminal device 104 of the user 105, and temporarily cancels the passage restriction of the entrance security gate device 102 or the exit security gate device 103 if it is valid.
The ID control device 101, the entrance security gate device 102, and the exit security gate device 103 are connected via a network so that they can communicate with each other.
The mobile terminal device 104 is connected to the entrance security gate device 102 and the exit security gate device 103 through a network so as to be able to communicate with each other. A network, a wired network, and contact type communication in which a device and a terminal of the device are in direct contact may be used.

FIG. 2 is a diagram illustrating a configuration example of the ID control device 101.
The ID control device 101 includes a control unit 201, a data storage unit 202, and an ID control device communication unit 203.
The control unit 201 controls input / output of the data storage unit 202 and the ID control device communication unit 203.
The data storage unit 202 stores data.
The ID control device communication unit 203 communicates with the security gate communication unit 304 of the entrance security gate device 102 and the exit security gate device 103.

Specifically, the data storage unit 202 indicates user IDs of a plurality of registered users, and usage restriction modes for each of a plurality of functions provided in the mobile terminal device for each user ID. Is stored. The terminal control policy information includes the terminal control policy information at the time of entry when entering the security area, and the terminal control policy information at the time of entry (when leaving) from the security area (terminal control policy information at the time of exit). There is.
In addition, the usage restriction mode for each function includes a usable state (execution, arbitrary user) and a use prohibited state (stopped).
Here, the execution in the usable state is to maintain the activated state of the function or to activate the function when the function is not activated. The user arbitrary state in the usable state is a state in which the user can arbitrarily determine whether the function is activated or not activated (whether the activated state is maintained or the function is stopped). Stopping means to maintain the stopped state of the function or to stop the function if the function has been activated.
The data storage unit 202 is an example of a terminal control policy information storage unit.

Further, the ID control device communication unit 203 passes through the entrance security gate device 102 or the exit security gate device 103 transmitted from the entrance security gate device 102 or the exit security gate device 103, or enters the security area or from the security area. The ID of a person who tries to enter (leave) is received (hereinafter referred to as a gate passer).
Further, the ID control device communication unit 203 transmits the terminal function control information generated by the control unit 201 to the entrance security gate device 102 or the exit security gate device 103.
The ID control device communication unit 203 is an example of a management device reception unit and a management device transmission unit.

When the ID of the person attempting to pass through the gate received by the ID controller communication unit 203 matches one of the user IDs indicated in the terminal control policy information, the control unit 201 determines the terminal control policy for the user ID. In accordance with the information, terminal function control information indicating a mode of use restriction for each function provided in the mobile terminal device is generated.
As described above, there are two types of terminal control policy information: entrance terminal control policy information and exit terminal control policy information. The control unit 201 determines that the gate device that transmitted the ID of the gate passer is the entrance security. It is determined whether it is the gate device 102 or the exit security gate device 103, and it is determined whether the person trying to pass through the gate is going to enter or enter. Then, based on the determination result, either terminal entry terminal control policy information or entry terminal control policy information is selected to generate terminal function control information.
The control unit 201 is an example of a terminal function control information generation unit.

FIG. 3 is a diagram illustrating a configuration example of the entrance security gate device 102 and the exit security gate device 103.
The entrance security gate device 102 and the exit security gate device 103 include an ID access wireless communication unit 301, an electric lock 302, an automatic door 303, and a security gate communication unit 304.
The ID access wireless communication unit 301 reads and writes data of the mobile terminal device 104.
The electric lock 302 is a key device that electrically restricts opening and closing of the automatic door 303.
The automatic door 303 is a door that detects a person and automatically opens and closes the door, and is connected to the electric lock 302. If the electric lock 302 is locked, the automatic door 303 is closed even if a person is detected. Will remain.
The security gate communication unit 304 is a communication unit for connecting to the ID access wireless communication unit 301 and the host device that controls the electric lock 302, in this case, the ID control device 101.
The entrance security gate device 102 and the exit security gate device 103 may have a configuration of a flapper gate that restricts passage of people by a passage and a flap installed in the passage instead of the automatic door 303.

The security gate communication unit 304 transmits the ID of the person attempting to pass through the gate to the ID control device 101 and receives terminal function control information from the ID control device.
The security gate communication unit 304 is an example of a first gate device transmission unit and a gate device reception unit.
Further, the ID access wireless communication unit 301 transmits terminal function control information to the mobile terminal device 104 possessed by the gate pass trial person.
The ID access wireless communication unit 301 is an example of a second gate device transmission unit.

FIG. 4 is a diagram illustrating a configuration example of the mobile terminal device 104.
The mobile terminal device 104 includes a key input unit 401, a display unit 402, a voice input / output unit 403, a mobile terminal device control unit 404, a power supply control unit 405, a telephone control unit 406, a wireless communication unit 407, a wireless LAN communication unit 408, a mobile terminal. A device storage unit 409, an infrared communication unit 410, a camera unit 411, an external memory access unit 412, a USB control unit 413, a non-contact IC card storage unit 414, and a non-contact IC card wireless communication unit 415 are included.
The key input unit 401 receives input by a key operation by the user 105.
The display unit 402 notifies the user of the state of the mobile terminal device 104 such as an input instruction, an input result, and an incoming call by displaying characters, pictures, and icons on a screen such as a liquid crystal display.
The voice input / output unit 403 inputs or outputs voice such as voice input and output for a telephone call or voice guidance and voice operation.
The mobile terminal apparatus control unit 404 performs calculation, data storage, reading, and input / output processing based on the stored program.
The power control unit 405 performs control such as switching to a low power consumption mode such as power-off of the display unit 402, returning to the normal mode, measuring the amount of remaining power, turning off the power, and turning on the power.
The telephone control unit 406 connects, maintains, and disconnects a mobile phone network and a telephone line for calls via a wireless LAN.
The wireless communication unit 407 establishes, maintains, and disconnects communication with a wireless base station for calls on the mobile phone network and data communication using the mobile phone network, converts voice, and transmits / receives data via radio.
The wireless LAN communication unit 408 authenticates, establishes, maintains, and disconnects a communication with a wireless LAN access point for calls via the wireless LAN and data communication using the wireless LAN, voice conversion, and wireless data transmission / reception. I do.
The mobile terminal device storage unit 409 stores calculation results of the mobile terminal device control unit 404, user data such as a telephone directory and incoming / outgoing history, and device data such as characters, pictures, and icons.
The infrared communication unit 410 performs communication establishment, maintenance, disconnection, data conversion, and data transmission / reception for data communication using infrared transmission.
The camera unit 411 performs external shooting by the camera, storage in the mobile terminal device storage unit 409, change of camera shooting conditions, analysis of a two-dimensional code such as a barcode, and character recognition.
The external memory access unit 412 has a function of accessing a memory external to the mobile terminal device 104.
The USB control unit 413 transmits / receives data to / from another device having a USB terminal.
The non-contact IC card storage unit 414 is a storage unit for a non-contact IC card, and includes the entrance security gate device 102 and the exit security gate device 103 via the mobile terminal device control unit 404 and the non-contact IC card wireless communication unit 415. Stores data to be read from and written to.
The non-contact IC card wireless communication unit 415 receives data to be written in the non-contact IC card storage unit 414 from the entrance security gate device 102 and the exit security gate device 103, and receives the data read from the non-contact IC card storage unit 414. The information is transmitted to the gate device 102 and the exit security gate device 103.

As described above, the mobile terminal device 104 has a plurality of functions such as a telephone function, a wireless LAN function, an external memory access function, a camera function, and the like, and each function can be used (execution, user is optional) or disabled. (Stop) is possible.
The non-contact IC card storage unit 414 stores terminal function control information indicating a usage restriction mode for each function. The non-contact IC card storage unit 414 is an example of a terminal function control information storage unit.
In addition, the mobile terminal apparatus control unit 404 sets the function permitted to be used in the terminal function control information stored in the non-contact IC card storage unit 414 to be usable, and prohibits the function that is prohibited from being used. State. The mobile terminal device control unit 404 is an example of a control unit.
When the mobile terminal device 104 passes through the entrance security gate device 102 or the exit security gate device 103, the non-contact IC card wireless communication unit 415 receives new terminal function control information from the entrance security gate device 102 or the exit security gate device 103. Receive. The non-contact IC card wireless communication unit 415 is an example of a terminal communication unit.
The non-contact IC card storage unit 414 updates the stored terminal function control information to new terminal function control information each time new terminal function control information is received by the non-contact IC card wireless communication unit 415. Then, every time the terminal function control information is updated by the non-contact IC card storage unit 414, the mobile terminal device control unit 404 updates the state of each function based on the updated terminal function control information.

FIG. 5 illustrates the security area 501.
The security area 501 is set so as to prevent unauthorized entry into spaces such as office buildings, condominiums, hospitals, and other buildings, floors, living rooms, hospital rooms, and the like. In this case, as shown in FIG. 5, the entrance and exit of the residence room are provided one by one, and the entrance security gate device 102 and the exit security gate device 103 are installed, respectively. Try to limit.
Since the ID access wireless communication unit 301 accesses the mobile terminal device 104 of the user 105 while the electric lock 302 is locked, the ID access wireless communication unit 301 of the entrance security gate device 102 is outside the security area 501. The ID access wireless communication unit 301 of the exit security gate device 103 is installed inside the security area.
In this embodiment, the security area 501 has only one entrance and one exit, but any number may be provided.

An operation of the security system 1 according to the first embodiment of the present invention will be described.
In the security system 1, the user 105 carrying the mobile terminal device 104 enters the security area 501 through the entrance security gate device 102 or exits from the security area 501 through the security gate device 103. Accordingly, the execution and stop of the terminal function of the mobile terminal device 104 are controlled based on the terminal function provided in the mobile terminal device 104 and the security policy defined in the ID control device 101.
When entering or leaving the security area 501, the entrance security gate device 102 or the exit security gate device 103 authenticates the mobile terminal device 104 held by the user 105, and the user 105 is authorized. The electric lock 302 is unlocked.
The security policy is an authority to execute and stop the terminal function of the mobile terminal device 104 permitted to the user 105 in the security area 501. If the user 105 is different, another authority is granted. Can do.

  Next, the terminal function of the mobile terminal device 104 includes a camera photographing function by the camera unit 411 of the mobile terminal device 104, a two-dimensional code and character string reading function by the camera unit 411, and an “SD ( (Registered Trademark) Memory Card (Registered Trademark) "," Memory Stick (Registered Trademark) ", External Memory Access Function for Reading and Writing" USB Memory ", Wireless LAN Communication Function by Wireless LAN Communication Unit 408, Communication with External Devices Infrared communication function by infrared communication unit 410, USB communication function by USB control unit 413, call function with other mobile terminal by wireless communication unit 407, data communication function, e-mail function, e-mail folder access function, internet access function , Phone book access function, or mobile terminal device 1 4 is the use of per se but not limited function or that of the mobile terminal apparatus 104 shown above.

  Next, tables and data existing in each device will be described.

  First, a table mounted on the ID control device 101 and data constituting the table are shown.

The ID collation information table is information indicating whether the user 105 may pass through the entrance security gate device 102 and the exit security gate device 103 in the security area 501, and corresponds to ID information that differs for each mobile terminal device 104. It consists of a list of permission information. This ID information is an identifier of the user 105.
The ID verification information table is stored in the data storage unit 202.

The terminal control policy information table defines a terminal control policy at the time of entry and entry for each mobile terminal device 104, and includes a list of ID information, terminal control policy information at entry, and terminal control policy information at entry. .
The ID information included in the terminal control policy information table matches the ID information included in the ID collation information table. That is, the ID information included in the terminal control policy information table is the ID information of a user permitted to pass in the ID verification information table.
The terminal control policy information sets three values for execution, stop, and user arbitrary values for each function of the mobile terminal device 104. It does not matter whether the mobile terminal device 104 is actually installed in the mobile terminal device 104. The functions installed for each mobile terminal device 104 are different, and the functions installed for changing the model are also different. Therefore, after creating functions uniformly for all mobile terminal devices 104, a policy is set for each mobile terminal device 104. Set it.
The function is represented by data such as a function name and a function identifier that can identify the function, and the ID control apparatus 101 and the mobile terminal apparatus 104 can identify each other.

An example of terminal control policy information is shown in FIG.
In FIG. 15, the user ID is an identifier of a registered user. For example, the identifier of the mobile terminal device 104 possessed by the user.
The terminal control policy is information indicating a usage restriction mode of the function of the mobile terminal device 104 for each user, and is divided into entry terminal control policy information and participation terminal control policy information.
In the example of FIG. 15, the usage restriction mode of each function of the mobile terminal device is shown as “O” for execution, “X” for stop, and “Δ” for user's option.
In the example of FIG. 15, the usage restriction mode of each function is changed in the terminal control policy information at the time of entry and the terminal control policy information at the time of participation, but the same is applied to the terminal control policy information at the time of entry and the terminal control policy information at the time of participation. It is good also as a use restriction aspect.

Next, data mounted on the mobile terminal device 104 will be shown.
The mobile terminal device 104 stores ID information, terminal function attribute information, and terminal function control information in the non-contact IC card storage unit 414.
The ID information is an identifier of the mobile terminal device 104.
The terminal function attribute information indicates a list of functions installed in the mobile terminal device 104.
The terminal function control information prescribes control of the terminal function of the mobile terminal device 104, and three values of execution, stop, and user are set for each function installed in the mobile terminal device 104.

ID information, terminal function attribute information is read-only, terminal function control information is read-only from the normal process of the mobile terminal device 104, privileged process and ID access wireless communication unit 301 of the entrance security gate device 102 and the exit security gate device 103 Can also be written.
The privileged process of the mobile terminal device 104 can be generated when the administrator authority such as the input of the administrator password can be confirmed.

With reference to FIG. 6, the operation of the ID control apparatus 101 constituting the security system 1 will be described.
The ID control apparatus 101 waits for detection of the mobile terminal apparatus 104 in step S601.
This is because when the user 105 carries the mobile terminal device 104 and passes through the automatic door 303 of the entrance security gate device 102 or the exit security gate device 103, the non-contact IC card wireless communication unit 415 of the mobile terminal device 104 is used. The ID access wireless communication unit 301 of the entrance security gate device 102 or the exit security gate device 103 detects the non-contact IC card wireless communication unit 415 by holding the ID access wireless communication unit 301 of each security gate so that it can communicate. The ID information and terminal function attribute information read by the ID access wireless communication unit 301 from the non-contact IC card wireless communication unit 415 are transmitted from the security gate communication unit 304, and the ID control device communication unit 203 transmits the ID information and terminal function attribute. Wait for information to be received.
If the ID control device 101 detects the mobile terminal device 104 in step S601, whether the mobile terminal device 104 enters or exits the security area 501 in step S602, whether the mobile terminal device 104 is the entrance security gate device 102, It is determined based on which of the exit security gate devices 103 has detected, and this information is stored as entrance / exit information.
Specifically, the control unit 201 determines whether the ID information and the terminal function attribute information received by the ID control device communication unit 203 are transmitted from the entrance security gate device 102 or the exit security gate device 103. The judgment result is used as entrance / exit information.
In S606, which will be described later, when the terminal function attribute information is not used for generating the terminal function control information, the ID control apparatus 101 may not receive the terminal function attribute information.

Next, in step S <b> 603, the ID control device 101 reads the ID information and terminal function attribute information recorded in the non-contact IC card storage unit 414 of the mobile terminal device 104.
That is, the control unit 201 analyzes the ID information and terminal function attribute information received by the ID control device communication unit 203.
Next, in step S604, the control unit 201 of the ID control apparatus 101 collates the ID collation information table from the ID information. If the passage permission information corresponding to the ID information is permitted, the ID collation is successful. The next step S605 is executed.
Otherwise, that is, when the ID information is not included in the ID collation information, when the permission information is not permitted, or when the ID information cannot be read, entry / exit is not permitted and step S601 is executed.

In step S605, the control unit 201 refers to the terminal control policy information table from the ID information and the entrance / exit information, and selects and extracts the terminal control policy information corresponding to the ID information and entrance / exit.
That is, according to the content of the entrance / exit information among the terminal control policy information indicating the user ID that matches the ID information received from the entrance security gate device 102 or the exit security gate device 103, the control unit 201 The terminal control policy information at the time of entry or the terminal control policy information at the time of entry is extracted.

In step S606, the control unit 201 extracts a control policy for each function corresponding to the function described in the terminal function attribute information from the terminal control policy information, and generates terminal function control information.
In step S606, the terminal function control information indicating the control policy for the function described in the terminal function attribute information is generated. However, the terminal function attribute information may not be used for generating the terminal function control information.
That is, the control unit 201 uses each function indicated in the entry terminal control policy information or the entry terminal control policy information extracted in S605 regardless of whether or not each function is actually provided in the mobile terminal device 104. You may make it produce | generate the terminal function control information by which a restriction | limiting aspect (execution, a stop, user's arbitrary) is shown as it is.

Next, the ID control apparatus 101 writes the terminal function control information in the non-contact IC card storage unit 414 of the mobile terminal apparatus 104 in step S607.
Specifically, the ID control device communication unit 203 transmits the terminal function control information to the security gate communication unit 304 of the entrance security gate device 102 or the exit security gate device 103, and the entrance security gate device 102 or the exit security gate device 103. Terminal function control information is written in the non-contact IC card storage unit 414 via the non-contact IC card wireless communication unit 415 of the mobile terminal device 104.

  Finally, in step S608, the control unit 201 temporarily sends only the user 105 who has permitted entry / exit from the ID control device communication unit 203 to the electric lock 302 of the security gate device corresponding to the entry / exit information. Send unlock signal.

When step S607 is performed, the mobile terminal apparatus 104 controls the terminal function according to the terminal function control information. If this control takes time, a lane for guiding the user 105 is provided in each security gate, and the start point of the lane The ID access wireless communication unit 301 is arranged at the end of the lane, and the automatic door 303 is arranged at the end of the lane, so that the lane passage time of the user 105 is sufficient for the terminal function control of the mobile terminal device 104 to be completed. Provide a length of.
Alternatively, a flag indicating the end of the control process is written in the non-contact IC card storage unit 414 when the mobile terminal device 104 completes the control of the terminal function, and the ID control device 101 executes the control process after step S607. A flag indicating the end is continuously read, and if this flag can be read, step S608 is executed.

The operation of the mobile terminal device 104 is shown in FIG. 7, FIG. 8, and FIG.
FIG. 7 shows the operation of the startup process when the mobile terminal device 104 is turned on, FIG. 8 shows the operation when the terminal function control information stored in the non-contact IC card storage unit 414 is changed, and FIG. 9 shows the mobile terminal A case where the function of the device 104 is operated is shown.
In the present embodiment, the functions subject to terminal function control are mobile terminal functions (power on / off of the mobile terminal device itself), camera shooting functions, external memory access functions, wireless LAN communication functions, infrared communication functions, USB communication Although described as a function, a telephone call function, a data communication function, and an electronic mail function, it is not restricted to this.

When the mobile terminal device 104 is activated, it is activated so that each function can be executed, stopped, and activated by the user based on the terminal function control rules of the terminal function control information stored in the non-contact IC card storage unit 414. Process.
FIG. 7 shows an operation when the mobile terminal device 104 is turned on.

The mobile terminal device 104 starts the activation process from step S701 when the user 105 turns on the power button or the like.
In step S702, the mobile terminal device control unit 404 of the mobile terminal device 104 reads the terminal function control information stored in the contactless IC card storage unit 414. In step S703, first, the mobile terminal function control rule of the terminal function control information is set. If it is referred to and stopped, step S704 is executed to stop the activation process.
If the control rules for the mobile terminal function are any other execution or user, the activation process is assumed to be continued, the power-on process is continued in step S705, and the function activation is performed according to the activation order of the functions to be installed. Start.
In step S706, the mobile terminal apparatus control unit 404 refers to the control rule of the mobile target function in the terminal function control information according to the order of functions to be activated, and does not start if the control rule is stopped in step S707. Returning to step S706, activation of the next function is continued.
In step S708, the mobile terminal apparatus control unit 404 activates and executes the function when the control rule is executed, and allows the user to use the function later when the user is optional. To start.
If the process has not been completed for all functions installed in step S709, the process returns to step S706 to continue the activation of the next function, and if completed, the activation process is terminated.

The mobile terminal device 104 changes the terminal function control information stored in the contactless IC card storage unit 414, changes the ID access wireless communication unit 301 of the entrance security gate device 102 or the exit security gate device 103, and the privileged process of the mobile terminal device 104. Accept from.
FIG. 8 shows an operation flow of the mobile terminal apparatus 104 when the terminal function control information is changed.

In step S801, the mobile terminal device control unit 404 of the mobile terminal device 104 detects the update of the terminal function control information, that is, the terminal function control information stored in the non-contact IC card storage unit 414 is stored in the entrance security gate device 102 or When it is detected that the terminal access control unit 301 of the exit security gate apparatus 103 has been updated to new terminal function control information from the privileged process of the mobile terminal apparatus 104, in step S802, the terminal function other than the terminal function is detected. The order of the functions to be controlled is determined, the control rule of the function for controlling the new terminal function control information is read in step S803, the state of the function in the mobile terminal device 104 is detected in step S804, and the control is performed in step S805. If there is a discrepancy with the rules, the machine is in step S806. It performs the control of.
The contradiction between the control rule and the state is either when the state of the function is stopped when the control rule is executed, or when the state of the function is executed when the control rule is stopped. When the control rules are arbitrary by the user, there is no contradiction in any state.
If there is no contradiction in step S805, the process returns to step S803 to continue control of the next function.
When the control of all functions is completed in the order determined in step S 802 in step S 807, the mobile terminal apparatus control unit 404 controls the mobile terminal function in step S 808, and if there is a contradiction with the control rules (at this time already Since the state is being executed, when the control rule is stopped), in step S809, a power-off process is performed to stop the mobile terminal function.

The mobile terminal device 104 can execute or stop the function of the mobile terminal device 104 by a user operation.
FIG. 9 shows a flow of processing for operating the functions of the mobile terminal device 104 by the user.
The mobile terminal apparatus control unit 404 of the mobile terminal apparatus 104 receives an operation for executing or stopping the terminal function from the user via the key input unit 401 in step S901.
Here, the function is a function installed in the mobile terminal device 104 described above.
The mobile terminal device control unit 404 reads out the control rules of the terminal function control information corresponding to the terminal function that the user tried to execute or stop in step S902 from the non-contact IC card storage unit 414, and controls the terminal function in step S903. In step S904, the function is executed or stopped in step S904. Otherwise, in step S905, the user cannot execute or stop the function via the display unit 402. Notice. At this time, it may be notified that it is prohibited by the building security policy.

  As described above, according to the present embodiment, it is possible to finely restrict the use of each function of the mobile terminal device for each user in correspondence with different security policies for each user.

As described above, in the present embodiment, the security gate that opens and closes at the entrance and exit of the security area, the mobile terminal device that stores the ID information in an outputable state, the ID information of the mobile terminal device that enters and exits the security area, The security system by the ID control device that controls the opening and closing of the security gate by collating based on the authentication information recording the entrance / exit permission for each ID information with respect to the security area has been described.
More specifically, the ID control device inputs the ID information and the terminal function attribute information on the entrance side and / or the entrance side of the security area, and when the authentication of the ID information is successful, for each ID information The terminal function control information generated in accordance with the terminal function attribute information from the terminal control policy information holding the arbitrary control regulations is output to the mobile terminal apparatus in response to the entry / exit of the mobile terminal apparatus. , A security gate release permission signal is output to the security gate, and the mobile terminal device holds ID information, terminal function attribute information indicating a terminal function to be mounted, and terminal function control information for controlling the function of the terminal, The terminal function attribute information is stored in a state where it can be output together with the ID information. When the terminal function control information is input, the terminal function control information is updated and the terminal function control information is updated. And it describes the security system for the execution or control of stopping with the update corresponding terminal functions.

  Further, in the present embodiment, it has been described that the mobile terminal device can communicate the terminal function attribute information and the terminal function control information with the same communication medium as the ID information used for security area entry / exit authentication. .

  Further, in the present embodiment, it has been described that the mobile terminal device can change and update the terminal function control information by the mobile terminal device itself, and performs administrator authentication when the terminal control information is changed.

  Further, in the present embodiment, terminal function attribute information indicating a terminal function to be mounted, terminal function control information that specifies execution or stop of the corresponding terminal function, or any three types of control, and ID information are held. When terminal function attribute information, terminal function control information, and ID information are communicable in the same communication medium, the terminal function attribute information is stored in a state where the terminal function attribute information can be output together with the ID information, and the terminal function control information is input, the terminal function A mobile terminal apparatus that performs control to update control information and execute or stop the corresponding terminal function or maintain the current state in accordance with the update of the terminal function control information has been described.

  Further, in the present embodiment, when the ID information and the terminal function attribute information are input on the entrance side and / or the entrance side of the security area and the authentication of the ID information is successful, the mobile terminal device for each ID information The terminal function control information generated in accordance with the terminal function attribute information from the terminal control policy information holding any control regulations is output to the mobile terminal device in response to the entry / exit of An ID control device that outputs a security gate release permission signal has been described.

Embodiment 2. FIG.
The security system according to the present embodiment is shown as a difference from the first embodiment.
FIG. 12 is a layout diagram of security areas in a building, which is composed of a security area a501a and a plurality of security areas including a security area b501b and a security area c501c nested therein.
Security area b501b and security area c501c are arranged independently of each other.
Each security area includes an entrance security gate device 102 and an exit security gate device 103.

FIG. 10 is a system configuration diagram constituting the security system 1.
The security system 1 includes a mobile terminal management device 1001, an ID control device 101 corresponding to each security area, an entrance security gate device 102, and an exit security gate device 103.
The mobile terminal management device 1001 distributes the terminal function control information to the ID control devices 101 in a plurality of security areas, and at the same time, the function of the mobile terminal device 104 that has passed through the entrance security gate device 102 and the exit security gate device 103. Record the control status and affiliation to the security area.

  In this embodiment, the mobile terminal management device 1001 is an example of a management device, the ID control device 101 is an example of a relay device, and the entrance security gate device 102 and the exit security gate device 103 are examples of gate devices. is there.

FIG. 11 is a diagram illustrating a configuration example of the mobile terminal management apparatus 1001.
The mobile terminal management device 1001 includes a key input unit 1101, a display unit 1102, a mobile terminal management device control unit 1103, a program storage unit 1104, a data storage unit 1105, and a mobile terminal management device communication unit 1106.
The key input unit 1101 is an input unit, and accepts inputs such as changes in numbers, characters, and input targets.
The display unit 1102 displays information.
The mobile terminal management device control unit 1103 performs an operation based on the program stored in the program storage unit 1104, stores and reads data in the data storage unit 1105, and inputs to the key input unit 1101, the display unit 1102, and the mobile terminal management device communication unit 1106. Perform output processing.
The mobile terminal management device communication unit 1106 communicates with the ID control device 101.

The mobile terminal management apparatus control unit 1103 performs the same processing as the control unit 201 (FIG. 2) of the ID control apparatus 101 shown in Embodiment 1, and each function of the mobile terminal apparatus 104 is based on the terminal control policy information. The terminal function control information indicating the usage restriction mode is generated.
The mobile terminal management apparatus control unit 1103 is an example of a terminal function control information generation unit.

The mobile terminal management device communication unit 1106 receives the ID information of the gate passer transmitted from the entrance security gate device 102 or the exit security gate device 103 via the ID control device 101, and receives the gate information from the ID control device 101. An identifier that recognizes the security area in which the passer attempts to pass through the gate device is received.
In addition, the mobile terminal management apparatus communication unit 1106 transmits terminal function control information to the entrance security gate apparatus 102 or the exit security gate apparatus 103 via the ID control apparatus 101.
The mobile terminal management device communication unit 1106 is an example of a management device reception unit and a management device transmission unit.

Similar to the data storage unit 202 of the ID control apparatus 101 shown in the first embodiment, the data storage unit 1105 stores terminal control policy information indicating a usage restriction mode of each function of the mobile terminal apparatus 104.
Unlike the first embodiment, the terminal control policy information stored in the data storage unit 1105 indicates the terminal control policy for each user and for each security area. Details of the terminal control policy information according to the present embodiment will be described later.
Further, in the present embodiment, the data storage unit 1105 associates the ID of the gate passage trial person received by the mobile terminal management apparatus communication unit 1106 with the identifier representing the security area, and locates the gate passage trial person. It is stored as mobile terminal management information (gate pass trial person location information) indicating the location (location security area).
The data storage unit 1105 is an example of a terminal control policy information storage unit and a gate passage trial person location information storage unit.

  Next, tables and data existing in each device will be described.

First, data mounted on the ID control device 101, a table, and data constituting the table are shown.
The ID collation information table is information indicating whether the user 105 may pass through the entrance security gate device 102 and the exit security gate device 103 in the security area 501, and corresponds to ID information that differs for each mobile terminal device 104. It consists of a list of permission information.
The ID control device identifier is a unique identifier for each ID control device 101. The mobile terminal management device 1001 that communicates with the ID control device 101 uses the ID control device identifier to identify which security area the ID control device 101 of the communication partner has. An identifier that can be configured or distinguished.
That is, the ID control device identifier is an identifier that represents a security area that the ID control device 101 has jurisdiction over, and the mobile terminal management device 1001 uses the ID control device identifier to identify a security area in which a gate passer attempts to pass through the gate device. Can be identified.

Next, a table mounted on the mobile terminal management apparatus 1001 and data constituting the table are shown.
The terminal control policy information table defines the terminal control policy at the time of entry and participation for each mobile terminal device 104 and security area. ID information, ID control device identifier, terminal control policy information at entry, and at entry It consists of a list of terminal control policy information.
The terminal control policy information sets three values for execution, stop, and user arbitrary values for each function of the mobile terminal device 104.
The mobile terminal management information table indicates the terminal control status to the security area to which the mobile terminal device 104 belongs at each point of time, and ID control indicating the ID information of the mobile terminal device 104 and the security area to which the mobile terminal device 104 belongs. It consists of a device identifier, its entry / exit information, and terminal function control information set in the mobile terminal device 104.
When the mobile terminal device 104 searches for the security area to which the mobile terminal device 104 belongs at that time, the ID control device identifier and entrance / exit information can be obtained by searching the mobile terminal device information information in the mobile terminal management information table. The corresponding security area is known, and the control state of the mobile terminal device 104 (a mode of use restriction of each function of the mobile terminal device 104) is also known.
Further, when it is desired to obtain a list of mobile terminal devices 104 belonging to the security area, a list of ID information can be obtained by searching from the ID control device identifier and entry / exit information corresponding to the security area.

An example of terminal control policy information according to the present embodiment is shown in FIG.
The terminal control policy information according to the present embodiment indicates a terminal control policy for each user and for each security area.
FIG. 16 shows the terminal control policy information for the user ID: AAA, in which the terminal control policy information at entry and the terminal control policy information at entry are described for each security area.
Also in the terminal control policy information for other users, entry terminal control policy information and entry terminal control policy information are described for each security area.
The terminal control policy information according to the present embodiment is the same as the terminal control policy information (FIG. 15) shown in the first embodiment except that the terminal control policy information is divided for each security area.

Next, with reference to FIG. 13, the operation of the ID control apparatus 101 constituting the security system is shown.
The ID control apparatus 101 waits for detection of the mobile terminal apparatus 104 in step S1301.
When the ID control device 101 detects the mobile terminal device 104 in step S601, it is determined in step S1302 whether the mobile terminal device 104 enters or exits the security area 501 and stores this information as entrance / exit information. .
Next, in step S1303, the ID control device 101 reads the ID information and the terminal function attribute information recorded in the non-contact IC card storage unit 414 of the mobile terminal device 104.
In step S1304, if the ID control apparatus 101 successfully collates the ID collation information table from the ID information, it executes the next step S1305.
Otherwise, since entry / exit is not permitted, step S1301 is executed.
In step S1305, the mobile terminal management apparatus 1001 is inquired of the terminal function control information from the ID information, the entrance / exit information, the ID control apparatus identifier, and the terminal function attribute information. That is, ID information, entrance / exit information, ID control device identifier, and terminal function attribute information are transmitted to the mobile terminal management device 1001.
As will be described later, if the mobile terminal management apparatus 1001 does not use terminal function attribute information for generating terminal function control information, the terminal function attribute information need not be transmitted.

If there is a response of the terminal function control information from the mobile terminal management apparatus 1001 in step S1306, the terminal function control information is written in the contactless IC card storage unit 414 of the mobile terminal apparatus 104 in step S1306.
Specifically, the ID control device communication unit 203 transmits the terminal function control information to the security gate communication unit 304 of the entrance security gate device 102 or the exit security gate device 103, and the entrance security gate device 102 or the exit security gate device 103. Terminal function control information is written in the non-contact IC card storage unit 414 via the non-contact IC card wireless communication unit 415 of the mobile terminal device 104.

  Finally, in step S1307, the control unit 201 temporarily sends only the user 105 who has permitted entry / exit from the ID control device communication unit 203 to the electric lock 302 of the security gate device corresponding to the entry / exit information. Send unlock signal.

FIG. 14 shows the operation of the mobile terminal management apparatus 1001.
In step S1401, the terminal controller waits for an inquiry about terminal function control information from the ID control device 101. When the inquiry is received (ID information of the gate pass trial person (mobile terminal device 104), entry / exit information, ID control device identifier of the ID control device 101 ( When the mobile terminal management apparatus communication unit 1106 receives the terminal function attribute information) from the ID control apparatus 101), in step S1402, the mobile terminal management apparatus control unit 1103 displays the ID information of the gate pass trial person (mobile terminal apparatus 104). The terminal control policy information matching the terminal control policy information table is selected from the entrance / exit information and the ID control device identifier of the ID control device 101, and the function described in the terminal function attribute information from the terminal control policy information in step S1403 The control policy for each function that falls under It is formed.
That is, the mobile terminal management apparatus control unit 1103 matches the ID information of the trial person who has passed through the gate received by the mobile terminal management apparatus communication unit 106 with one of the user IDs shown in the terminal control policy information (FIG. 16). In the case of doing so, based on the ID control device identifier of the ID control device 101, the security area in which the user is trying to pass through the gate device is identified, and the terminal control policy corresponding to the corresponding user ID and security area In addition to specifying the information, the terminal control policy information at the time of entry or the terminal control policy information at the time of entry of the specified terminal control policy information is extracted according to the entry / exit information.
And the mobile terminal management apparatus control part 1103 produces | generates the terminal function control information which shows a use restriction aspect based on the extracted terminal control policy information at the time of entrance or terminal control policy information at the time of participation.
Note that the mobile terminal management apparatus control unit 1103 according to the present embodiment does not use the terminal function attribute information for generating the terminal function control information, like the control unit 201 of the ID control apparatus 101 shown in the first embodiment. May be.
That is, the mobile terminal management apparatus control unit 1103 is described in the extracted terminal control policy information at entry or terminal control policy information at entry regardless of whether the mobile terminal apparatus 104 actually has each function. You may make it produce | generate the terminal function control information which shows the use restriction | limiting aspect (execution, stop, user arbitrary) of each function as it is.

  Next, in the mobile terminal management apparatus 1001, the mobile terminal management apparatus communication unit 106 transmits the generated terminal function control information to the ID control apparatus 101 in step S1404, and the data storage unit 1105 manages the mobile terminal management in step S1405. As an update of information (gate pass trial person location information), ID information, an ID control device identifier, and terminal function control information are recorded in association with each other, and there is mobile terminal management information of the ID information from the mobile terminal management information. Delete it.

In the present embodiment, ID authentication may be performed at the upper level.
That is, in the above description, the ID control apparatus 101 has the ID collation information table and collates ID information. However, the mobile terminal management apparatus 1001 has the same table and collates ID information. You may make it carry out by 1001.

  As described above, according to the present embodiment, it is possible to finely restrict the use of each function of the mobile terminal device for each user and each security area in correspondence with different security policies for each user and each security area. .

  As described above, in the present embodiment, the mobile terminal management apparatus is provided, and the ID control apparatus controls the mobile terminal management apparatus in accordance with ID information and entry / exit when the authentication of the mobile terminal apparatus ID information is successful. The mobile terminal management apparatus makes the terminal function attribute information from the terminal control policy information holding the execution or stop of the terminal function or holding any control rule corresponding to the entry / exit of the mobile terminal apparatus for each ID information. A security system that generates terminal function control information and responds with terminal function control information has been described.

  In the present embodiment, a plurality of ID control devices constituting a plurality of security areas that are independent or nested are provided, the ID control device holds a unique ID control device identifier, and ID information of the mobile terminal device If the authentication of the mobile terminal management device succeeds, the mobile terminal management device is inquired of the terminal function control information corresponding to the ID information, the terminal function attribute information, the entrance / exit, and the ID control device identifier. The terminal function control information generated according to the terminal function attribute information from the terminal control policy information that holds the execution or stop of the terminal function corresponding to the ID information and entry / exit or any control rule has been described.

  In the present embodiment, the mobile terminal management device generates terminal function control information based on the mobile terminal device ID information, terminal function attribute information, entry / exit, and terminal function control information corresponding to the ID control device. In the above description, the ID information of the mobile terminal device and the terminal function control information are recorded in association with the ID control device identifier.

  In this embodiment, in a security system that stores a user ID in a mobile terminal device and uses it as an entry / exit token, it is used in conjunction with entry or exit from multiple security areas that are independent or nested. Based on a security policy that defines the execution and stop states of functions of the mobile terminal device for each user ID and security area, the individual functions actually mounted on the mobile terminal device are executed and stopped, and the mobile terminal device is controlled. A mobile terminal management device that records status and affiliation to a security area has been described.

Here, a hardware configuration example of the ID control device 101 and the mobile terminal management device 1001 described in the first and second embodiments will be described.
FIG. 17 is a diagram illustrating an example of hardware resources of the ID control device 101 and the mobile terminal management device 1001 described in the first and second embodiments.
Note that the configuration in FIG. 17 is merely an example of the hardware configuration of the ID control device 101 and the mobile terminal management device 1001, and the hardware configuration of the ID control device 101 and the mobile terminal management device 1001 is described in FIG. It is not limited to this configuration, and other configurations may be used.

In FIG. 17, the ID control device 101 and the mobile terminal management device 1001 include a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, and a processor) that executes a program. .
The CPU 911 is connected to, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901, a keyboard 902, a mouse 903, and a magnetic disk device 920 via a bus 912. Control hardware devices.
Further, the CPU 911 may be connected to an FDD 904 (Flexible Disk Drive), a compact disk device 905 (CDD), a printer device 906, and a scanner device 907. Further, instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card (registered trademark) read / write device may be used.
The RAM 914 is an example of a volatile memory. The storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are an example of a nonvolatile memory. These are examples of the storage device.
A communication board 915, a keyboard 902, a mouse 903, a scanner device 907, an FDD 904, and the like are examples of input devices.
The communication board 915, the display device 901, the printer device 906, and the like are examples of output devices.

  As shown in FIG. 1, the communication board 915 is connected to a network. For example, the communication board 915 may be connected to a LAN (local area network), the Internet, a WAN (wide area network), or the like.

  The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

The ROM 913 stores a BIOS (Basic Input Output System) program, and the magnetic disk device 920 stores a boot program.
When the ID control device 101 and the mobile terminal management device 1001 are activated, the BIOS program in the ROM 913 and the boot program in the magnetic disk device 920 are executed, and the operating system 921 is activated by the BIOS program and the boot program.

  The program group 923 stores programs that execute the functions described as “˜units” in the description of the first and second embodiments. The program is read and executed by the CPU 911.

In the file group 924, in the description of the first and second embodiments, “determination of”, “determination of”, “calculation of”, “comparison of”, “update of”, and “setting of” are set. ”,“ Registering ”, etc., information, data, signal values, variable values, and parameters indicating the results of the processing are stored as“ ˜file ”and“ ˜database ”items.
The “˜file” and “˜database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for CPU operations such as calculation, processing, editing, output, printing, and display.
Information, data, signal values, variable values, and parameters are stored in the main memory, registers, cache memory, and buffers during the CPU operations of extraction, search, reference, comparison, calculation, processing, editing, output, printing, and display. It is temporarily stored in a memory or the like.
In addition, the arrows in the flowcharts described in the first and second embodiments mainly indicate input / output of data and signals, and the data and signal values are the RAM 914 memory, the FDD 904 flexible disk, the CDD 905 compact disk, and the magnetic field. Recording is performed on a recording medium such as a magnetic disk of the disk device 920, other optical disks, mini disks, DVDs, and the like. Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In addition, what is described as “˜unit” in the description of the first and second embodiments may be “˜circuit”, “˜device”, “˜device”, and “˜step”, It may be “˜procedure” or “˜processing”. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, only hardware such as elements, devices, substrates, wirings, etc., or a combination of software and hardware, and further a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes the computer to function as “to part” in the first and second embodiments. Alternatively, the computer executes the procedure and method of “to unit” in the first and second embodiments.

  As described above, the ID control device 101 and the mobile terminal management device 1001 described in the first and second embodiments output a CPU as a processing device, a memory as a storage device, a magnetic disk, etc., a keyboard as an input device, a mouse, a communication board, etc. The computer includes a display device, a communication board, and the like, and implements the functions indicated as “to unit” using the processing device, the storage device, the input device, and the output device as described above.

Also, a hardware configuration example of mobile terminal apparatus 104 according to Embodiments 1 and 2 will be described.
FIG. 18 is a diagram illustrating an example of hardware resources of the mobile terminal device 104 illustrated in the first and second embodiments.
18 is merely an example of the hardware configuration of the mobile terminal device 104, and the hardware configuration of the mobile terminal device 104 is not limited to the configuration illustrated in FIG. Also good.

In FIG. 18, the same elements as those in FIG. 17 are denoted by the same reference numerals, and the essence of the operation is the same as that described in FIG.
The mobile terminal device 104 includes a CPU 911 that executes a program. The CPU 911, for example, includes a ROM 913, a RAM 914, a communication board 915, a display device 901 such as an LCD (Liquid Crystal Display), a numeric keypad 802, and a microphone 804 via a bus 912. Are connected to a speaker 805, a non-contact IC card 806, and a flash memory 820 to control these hardware devices.
The mobile terminal device 104 may include a keyboard, a camera, a vibrator, an acceleration sensor, and the like in addition to these hardware devices.
Storage media such as the ROM 913, the RAM 914, the flash memory 820, and the non-contact IC card are examples of storage devices.
A communication board 915, a numeric keypad 802, a keyboard, a non-contact IC card 806, and the like are examples of an input device.
The communication board 915, the display device 901, the non-contact IC card 806, and the like are examples of output devices.

  The communication board 915 may have an interface corresponding to wireless LAN, infrared communication, Bluetooth (registered trademark) communication, etc. in addition to public wireless network communication.

  The flash memory 820 can store an operating system 921 (OS), a window system 922, a program group 923, a file group 924, and the like. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

The ROM 913 stores a BIOS (Basic Input Output System) program, and the flash memory 820 stores a boot program.
When the mobile terminal device 104 is activated, the BIOS program in the ROM 913 and the boot program in the magnetic disk device 820 are executed, and the operating system 921 is activated by the BIOS program and the boot program.

  The program group 923 stores a program that executes at least the functions described in the first and second embodiments. The program is read and executed by the CPU 911.

  In the above description, the file group 924 includes “determination of”, “calculation of”, “comparison of”, “extraction of”, “conversion of”, “setting of”, “ Information, data, signal values, variable values, and parameters indicating the results of the processing described as “registration” and the like are stored as items of “˜file” and “˜database”.

  In addition, what is described as “to part” in the above description may be “to circuit”, “to device”, “to device”, and “to step”, “to procedure”, It may be “to treatment”.

  As described above, the mobile terminal device 104 described in this embodiment includes a CPU as a processing device, a memory as a storage device, a flash memory, a numeric keypad as an input device, a keyboard, a communication board, and a display device as a output device, a communication board, A non-contact IC card or the like is provided, and the functions indicated as “to part” are realized using these processing devices, storage devices, input devices, and output devices.

1 is a diagram illustrating a configuration example of a security system according to Embodiment 1. FIG. FIG. 3 is a diagram illustrating a configuration example of an ID control device according to the first embodiment. The figure which shows the structural example of the entrance security gate apparatus and exit security gate apparatus which concern on Embodiment 1. FIG. FIG. 2 shows a configuration example of a mobile terminal apparatus according to Embodiment 1. FIG. 3 shows an example of a security area according to the first embodiment. FIG. 3 is a diagram illustrating an operation example of the ID control device according to the first embodiment. [Fig. 3] Fig. 3 is a diagram illustrating an operation example of the mobile terminal apparatus according to the first embodiment. [Fig. 3] Fig. 3 is a diagram illustrating an operation example of the mobile terminal apparatus according to the first embodiment. [Fig. 3] Fig. 3 is a diagram illustrating an operation example of the mobile terminal apparatus according to the first embodiment. FIG. 4 is a diagram illustrating a configuration example of a security system according to a second embodiment. The figure which shows the structural example of the mobile terminal management apparatus which concerns on Embodiment 2. FIG. FIG. 10 shows an example of a security area according to the second embodiment. FIG. 10 is a diagram illustrating an operation example of the ID control device according to the second embodiment. The figure which shows the operation example of the mobile terminal management apparatus which concerns on Embodiment 2. FIG. FIG. 6 is a diagram showing an example of terminal control policy information according to the first embodiment. The figure which shows the example of the terminal control policy information which concerns on Embodiment 2. FIG. The figure which shows the hardware structural example of the ID control apparatus which concerns on Embodiment 1 and 2, and a mobile terminal management apparatus. The figure which shows the hardware structural example of the mobile terminal device which concerns on Embodiment 1 and 2. FIG.

Explanation of symbols

  101 ID control device, 102 entrance security gate device, 103 exit security gate device, 104 mobile terminal device, 105 user, 201 control unit, 202 data storage unit, 203 ID control device communication unit, 301 ID access wireless communication unit, 302 Electric lock, 303 Automatic door, 304 Security gate communication unit, 401 Key input unit, 402 Display unit, 403 Voice input / output unit, 404 Mobile terminal device control unit, 405 Power supply control unit, 406 Telephone control unit, 407 Wireless communication unit, 408 Wireless LAN communication unit, 409 Mobile terminal device storage unit, 410 Infrared communication unit, 411 Camera unit, 412 External memory access unit, 413 USB control unit, 414 Non-contact IC card storage unit, 415 Non-contact IC card wireless communication unit, 501 Security area, 001 mobile terminal management unit, 1101 a key input unit, 1102 display portion, 1103 mobile terminal management apparatus control unit, 1104 a program storage unit, 1105 data storage unit, 1106 mobile terminal management apparatus communication unit.

Claims (14)

A gate device that controls at least one of entry into and exit from the security area where entry and exit are restricted; and
A security system having a management device for managing the gate device,
The management device
Stores terminal control policy information indicating user IDs (Identifications) of a plurality of registered users and indicating usage restriction modes for each of a plurality of functions provided in the mobile terminal device for each user ID. A terminal control policy information storage unit,
A management device receiving unit that receives the ID of the person who attempted to pass through the gate device and tries to enter the security area or leave the security area, transmitted from the gate device;
When the ID of the trial user who has passed through the gate received by the management device receiving unit matches any user ID indicated in the terminal control policy information, the mobile terminal according to the terminal control policy information for the user ID A terminal function control information generating unit that generates terminal function control information indicating a mode of use restriction for each function provided in the device;
A management device transmitter that transmits the terminal function control information generated by the terminal function control information generator;
The gate device is
A first gate device transmission unit that transmits an ID of a gate passage trial person who attempts to enter the security area through the gate device or to leave the security area;
A gate device receiver for receiving the terminal function control information transmitted from the management device;
A security system, comprising: a second gate device transmission unit that transmits the terminal function control information to a mobile terminal device possessed by the gate passage trial person. In the management device,
The terminal control policy information storage unit
As the terminal control policy information, storing terminal control policy information at the time of entry to be applied when entering the security area, and terminal control policy information at the time of exit to be applied when leaving the security area,
The terminal function control information generation unit
It is determined whether the person trying to pass through the gate is trying to enter the security area or leave the security area, and based on the determination result, the terminal control policy information upon entry and the terminal control policy information upon exit are determined. The security system according to claim 1, wherein the terminal function control information is generated according to any one of them. In the gate device,
The first gate device transmission unit includes:
Transmitting terminal function attribute information indicating a function of a mobile terminal device possessed by the gate passage trial person along with the ID of the gate passage trial person;
In the management device,
The management device receiver
The terminal function attribute information is received together with the ID of the gate passer,
The terminal function control information generation unit
In the case where the ID of the person attempting to pass through the gate received by the management device receiving unit matches any user ID indicated in the terminal control policy information, according to the terminal control policy information for the user ID, the terminal 3. The security system according to claim 1, wherein terminal function control information indicating a usage restriction mode for each function indicated in the function attribute information is generated. The management device
Manage multiple gate devices that are subject to entrance / exit control in multiple security areas,
The terminal control policy information storage unit
For each user ID, for each security area, store terminal control policy information indicating a mode of use restriction for each function provided in the mobile terminal device,
The terminal function control information generation unit
The terminal control policy information for the user ID when the ID of the gate pass trial person received by the management device receiving unit matches any user ID indicated in the terminal control policy information, The security system according to any one of claims 1 to 3, wherein the terminal function control information is generated according to terminal control policy information for a security area in which the user is trying to pass through a gate device. The security system further comprises:
Each of the plurality of security areas is subject to jurisdiction, and the gate pass trial person's ID is received from a gate device that performs entrance / exit control of the security area subject to jurisdiction. A plurality of relay devices that transmit an identifier representing a security area to the management device;
In the management device,
The management device receiver
Receiving the ID of the person attempting to pass through the gate and the identifier transmitted from any of the relay devices;
The terminal function control information generation unit
When the ID of the gate pass trial person received by the management device receiving unit matches any user ID indicated in the terminal control policy information, based on the identifier, the user The security system according to claim 4, wherein a security area attempting to pass is identified. A management device that manages a gate device that controls at least one of entry into and exit from a security area where entry / exit is restricted,
Terminal control that stores user IDs of a plurality of registered users, and stores terminal control policy information indicating a mode of use restriction for each function of the plurality of functions provided in the mobile terminal device for each user ID A policy information storage unit;
A management device receiving unit that receives the ID of the person who attempted to pass through the gate device and tries to enter the security area or leave the security area, transmitted from the gate device;
When the ID of the trial user who has passed through the gate received by the management device receiving unit matches any user ID indicated in the terminal control policy information, the mobile terminal according to the terminal control policy information for the user ID A terminal function control information generating unit that generates terminal function control information indicating a mode of use restriction for each function provided in the device;
The terminal function control information generated by the terminal function control information generating unit is transmitted to the gate device, and the terminal function is transmitted to the mobile terminal device possessed by the gate passage trial person via the gate device. A management apparatus comprising: a management apparatus transmission unit that transmits control information. The terminal control policy information storage unit
As the terminal control policy information, storing terminal control policy information at the time of entry to be applied when entering the security area, and terminal control policy information at the time of exit to be applied when leaving the security area,
The terminal function control information generation unit
It is determined whether the person trying to pass through the gate is trying to enter the security area or leave the security area, and based on the determination result, the terminal control policy information upon entry and the terminal control policy information upon exit are determined. The management apparatus according to claim 6, wherein the terminal function control information is generated according to any one of them. The management device receiver
The terminal function attribute information indicating the function of the mobile terminal device possessed by the gate passage trial person is received together with the ID of the gate passage trial person,
The terminal function control information generation unit
In the case where the ID of the person attempting to pass through the gate received by the management device receiving unit matches any user ID indicated in the terminal control policy information, according to the terminal control policy information for the user ID, the terminal 8. The management apparatus according to claim 6, wherein terminal function control information indicating a usage restriction mode for each function indicated in the function attribute information is generated. The management device
Manage multiple gate devices that are subject to entrance / exit control in multiple security areas,
The terminal control policy information storage unit
For each user ID, for each security area, store terminal control policy information indicating a mode of use restriction for each function provided in the mobile terminal device,
The terminal function control information generation unit
The terminal control policy information for the user ID when the ID of the gate pass trial person received by the management device receiving unit matches any user ID indicated in the terminal control policy information, 9. The management apparatus according to claim 6, wherein the terminal function control information is generated according to terminal control policy information for a security area in which the user is trying to pass through the gate apparatus. The management device
Each of the plurality of security areas is subject to jurisdiction, and the gate pass trial person's ID is received from a gate device that performs entrance / exit control of the security area subject to jurisdiction. Connected to a plurality of relay devices that transmit an identifier representing a security area to the management device;
The management device receiver
Receiving the ID of the person attempting to pass through the gate and the identifier transmitted from any of the relay devices;
The terminal function control information generation unit
When the ID of the gate pass trial person received by the management device receiving unit matches any user ID indicated in the terminal control policy information, based on the identifier, the user The management apparatus according to claim 9, wherein a security area that is attempting to pass is identified. The management device
A gate passage trial person location information storage unit that associates the ID of the gate passage trial person received by the management device reception unit with an identifier representing a security area and stores it as gate passage trial person location information; The management apparatus according to claim 10. A mobile terminal device having a plurality of functions and capable of making each function usable or prohibited.
A terminal function control information storage unit for storing terminal function control information indicating a mode of use restriction for each function;
A control unit that sets a function that is permitted to be used in the terminal function control information to a usable state, and sets a function that is prohibited to be used to a disabled state;
A terminal communication unit that receives new terminal function control information from the gate device when the mobile terminal device passes through the gate device arranged in a security area where entry / exit is restricted,
The controller is
Each time new terminal function control information is received by the terminal communication unit, the state of each function is updated based on the new terminal function control information,
The terminal function control information storage unit is
A mobile terminal apparatus that updates stored terminal function control information to the new terminal function control information each time new terminal function control information is received by the terminal communication unit. The terminal function control information storage unit is
Storing terminal function attribute information indicating a function of the mobile terminal device;
The terminal communication unit is
The mobile terminal apparatus according to claim 12, wherein the terminal function attribute information is transmitted to the gate apparatus before receiving the terminal function control information from the gate apparatus. Managing a gate device that controls at least one of entry into and exit from a security area where entry and exit are restricted;
Terminal control that stores user IDs of a plurality of registered users, and stores terminal control policy information indicating a mode of use restriction for each function of the plurality of functions provided in the mobile terminal device for each user ID In a computer having a policy information storage unit,
A receiving process transmitted from the gate device and receiving an ID of a gate passer who attempts to enter the security area through the gate device or to leave the security area; and
When the ID of the trial user who has passed through the gate received by the reception process matches any user ID indicated in the terminal control policy information, the mobile terminal apparatus is in accordance with the terminal control policy information for the user ID. Terminal function control information generation processing for generating terminal function control information indicating a mode of use restriction for each function provided;
The terminal function control information generated by the terminal function control information generation process is transmitted to the gate device, and the terminal function is transmitted to the mobile terminal device possessed by the gate passage trial person via the gate device. A program for executing transmission processing for transmitting control information.

Images