JP2009116767A - Authority delegation system, and authority delegation method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authority delegation system or the like executable independently of control of entrance and leaving, capable of coping properly with a situation change such as the case where a manger goes out of a specific area, and capable of delegating a use authority of equipment from the manager to a general employee of a company, by the required minimum communication volume. <P>SOLUTION: This authority delegation system or the like includes a step of requesting the delegation of the authority for the equipment 7 to a master terminal 5a, when using the equipment 7 not holding authority information indicating information of the authority delegated from the master terminal 5a to a slave terminal 5b and containing an terminal ID 71 concerned in the master terminal 5a, and a step of retrieving an authority list that is a list of the equipment 7 having the authority usable independently by the master terminal 5a itself, and for replying the requested delegation of the authority for the equipment 7, when the master terminal 5a is requested to delegate the authority from the slave terminal 5b, and executes the step of requesting the delegation of the authority executed by the slave terminal 5b, only when the equipment 7 is used. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a device that can be used by an authorized person, a parent terminal held by a person who has the authority to use the device alone, and a child held by a person who can use the device by delegating authority from the parent terminal. The present invention relates to an authority delegation system comprising at least terminals, and an authority delegation method used therefor.

  In recent years, due to security problems such as information leakage, there is a need for a person who does not have the authority to use a device installed in a specific area such as a company office to not use the device. As conventional technology for such needs, terminals that can communicate wirelessly (such as IC cards in this case) are distributed to employees, and gates are installed at entrances and exits to specific areas to manage entry and exit. Then, there is a mechanism in which information regarding the use authority of the device stored in the terminal at the time of entry / exit is updated, and whether or not the device can be used is determined based on the information stored in the terminal when the device is used. In the case of this mechanism, not only the attribute information of the terminal holder but also the attribute information such as the administrator of the terminal holder who is already in the same specific area should be considered as information on the authority to use the device. it can. That is, when there is an administrator in the same specific area, the right to use the device can be delegated to the terminal holder of a general employee.

  However, in order to perform entrance / exit management to a specific area, the specific area must be a physically partitioned space. In addition, when an administrator leaves a specific area, there is a problem that it is impossible to transmit the situation to a terminal held by a general employee who remains inside. In order to solve these problems, a mechanism described in Patent Document 1 has been devised.

In the mechanism described in Patent Document 1, it is not necessary to update information regarding the authority to use the device in association with entrance / exit management. Further, when the manager leaves the specific area, it can be limited by switching to the use of the device within the range of the original use authority given to general employees in advance.
Japanese Patent Application No. 2007-071835

  However, in the mechanism described in Patent Document 1, in order to centrally manage all the terminals in the specific area and periodically read information on the use authority of the device stored in the terminals in the specific area, Communication frequently occurs and the terminal consumes a large amount of power.

  The present invention has been made in view of the above-described problems, and its purpose can be implemented independently of entrance / exit management, and appropriately responds to changes in the situation such as when the administrator leaves a specific area. It is possible to provide an authority delegation system or the like that can delegate the authority to use a device from an administrator to a general employee with a minimum amount of communication.

  In order to achieve the above-described object, the first invention can be used by an authorized person, and is held by a device assigned with a device ID and a person authorized to use the device alone, and assigned with a terminal ID. An authority delegation system comprising at least a parent terminal and a child terminal to which the device can be used by delegating authority from the parent terminal and having the terminal ID assigned thereto, The child terminal is means for transmitting / receiving arbitrary information to / from the parent terminal, and means for authority information delegated from the parent terminal, and holding authority information including a terminal ID related to the parent terminal And authority delegation requesting means for requesting the parent terminal to delegate authority to the apparatus when using a device that does not hold the authority information, and the parent terminal is optional with the child terminal. Information Means for receiving, means for holding an authority list that is a list of devices having authority that can be used independently by the parent terminal, and, when requested to delegate authority from the child terminal, searches the authority list, And an authority delegation request unit provided in the child terminal. The authority delegation request unit is executed only when the device is used. The authority delegation system according to the first invention can be implemented independently of entrance / exit management, can appropriately respond to changes in the situation such as when the administrator leaves a specific area, and is the minimum necessary Depending on the amount of communication, the administrator can delegate the authority to use the device to general employees. In particular, since the authority delegation request means included in the child terminal is executed only when the device is used, the power consumption of the child terminal and the parent terminal can be minimized.

  In the first invention, the child terminal further comprises means for transmitting / receiving arbitrary information to / from the device, and means for requesting the device to determine whether to use the device, wherein the device is connected to the child terminal. Means for transmitting / receiving arbitrary information, means for holding a usable terminal list that is a list of terminal IDs related to a parent terminal that can use the device itself, and authority information transmitted from a child terminal that requests the availability determination It may further comprise means for determining whether a terminal ID related to the included parent terminal is included in the usable terminal list and responding with a determination result. As a result, the general employee can use the device whose use authority has been delegated by the administrator.

  In the first invention, the child terminal further includes means for transmitting / receiving arbitrary information to / from the device, and means for requesting a device ID from the device, wherein the device includes the child terminal. And means for transmitting / receiving arbitrary information and means for responding to the request for the device ID. In the first invention, the information processing apparatus further includes means for presenting the authority information to the device, and the device further includes means for confirming the authority information presented and responding to the availability. It is desirable to be a thing. As a result, a general employee can use a device to which use authority has been delegated by an administrator without distributing the available terminal list to each device.

  According to a second aspect of the present invention, there is provided a device that can be used by an authorized person, a device assigned with a device ID, a parent terminal that is held by a person authorized to use the device alone, and is assigned a terminal ID, and the parent An authority delegation method used in an authority delegation system that is held by a person who can use the device by delegating authority from a terminal and is configured by at least a child terminal to which the terminal ID is allocated, When a terminal uses a device that indicates authority information delegated from the parent terminal and does not hold authority information including a terminal ID related to the parent terminal, delegation of authority to the device is performed. Requesting the parent terminal, and when the parent terminal is requested to transfer authority from the child terminal, the parent terminal searches for an authority list that is a list of devices that have authority to use independently Responding to delegation of authority to the requested device, and requesting delegation of authority performed by the child terminal is performed only when the device is used. is there. The authority delegation method according to the second invention can be carried out independently of entrance / exit management, can respond appropriately to changes in circumstances such as when the administrator leaves a specific area, and is the minimum necessary Depending on the amount of communication, the administrator can delegate the authority to use the device to general employees. In particular, since the authority delegation request means included in the child terminal is executed only when the device is used, the power consumption of the child terminal and the parent terminal can be minimized.

  2nd invention WHEREIN: The said child terminal concerns the parent terminal contained in the authority information transmitted from the child terminal which requests | requires the availability determination with respect to the said apparatus, and the said apparatus requests | requires availability determination Determining whether the terminal ID is included in an available terminal list, which is a list of terminal IDs related to a parent terminal that can use the device itself, and responding with a determination result. . As a result, the general employee can use the device whose use authority has been delegated by the administrator.

  In the second invention, the child terminal may further include a step of requesting a device ID from the device, and a step of the device responding to the request for the device ID. . In the second invention, the child terminal further presents the authority information to the device, and the device further confirms the authority information presented and responds to the availability. It is desirable to include. As a result, a general employee can use a device to which use authority has been delegated by an administrator without distributing the available terminal list to each device.

  According to the present invention, it can be carried out independently from entrance / exit management, can appropriately respond to changes in the situation, such as when the administrator leaves a specific area, and from the administrator with the minimum necessary traffic It is possible to provide an authority delegation system that can delegate the authority to use devices to general employees.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  First, the first embodiment will be described. FIG. 1 is a diagram showing an example of the inside of a specific area according to the embodiment of the present invention. As shown in FIG. 1, a parent employee 3a and a child employee 3b are present in the specific area. The specific area does not need to be a physically separated space. The parent employee 3a is, for example, an administrator who is in a position to manage general employees. The child employee 3b is, for example, a general employee. In the following description, “parent 3” and “child 3b” are described as “employee 3” when they are not distinguished. The parent employee 3a holds the parent terminal 5a, and the child employee 3b holds the child terminal 5b. Hereinafter, when the parent terminal 5a and the child terminal 5b are not distinguished, they are described as “terminal 5”.

  Further, a PC (Personal Computer) 7a, a printer 7b, a locker 7c, and the like are installed in the specific area. Hereinafter, when the PC 7a, the printer 7b, and the locker 7c are not distinguished, they are described as “device 7”. The device 7 can be used by an authorized person and is assigned a device ID that is information for uniquely identifying the device 7.

  The parent terminal 5a is held by a person who has the authority to use the device 7 alone, that is, the parent employee 3a, and is assigned a terminal ID which is information for uniquely identifying the terminal 5. The child terminal 5b is held by a person who can use the device 7 by delegating authority from the parent terminal 5a, that is, the child employee 3b, and is assigned a terminal ID in the same manner as the parent terminal 5a. As for the authority to use the device 7 of the child employee 3b, for example, the PC 7a and the printer 7b have the authority to use alone, but the locker 7c can be used by delegating the authority. It may be different for each type.

  FIG. 2 is a diagram showing a schematic configuration of the authority delegation system 1 according to the embodiment of the present invention. As shown in FIG. 2, the authority delegation system 1 includes a parent terminal 5a, a child terminal 5b, a device 7, and the like.

The parent terminal 5a and the child terminal 5b can transmit / receive arbitrary information to / from each other. Communication between the parent terminal 5a and the child terminal 5b is performed when the authority to use the device 7 is transferred. Further, the slave terminal 5b and the device 7 can transmit / receive arbitrary information to / from each other. Communication between the child terminal 5 b and the device 7 is performed when the child employee 3 b holding the child terminal 5 b uses the device 7. Details of transmission and reception of information will be described later.
Although not shown, the parent terminal 5a and the device 7 can also transmit / receive arbitrary information to / from each other. Communication between the parent terminal 5 a and the device 7 is performed when the parent employee 3 a holding the parent terminal 5 a uses the device 7.

  Next, the hardware configuration of the terminal 5 and the device 7 will be described with reference to FIGS. 3 and 4.

FIG. 3 is a hardware configuration diagram of the terminal 5. Note that the hardware configuration in FIG. 3 shows a configuration that is essential in the embodiment of the present invention. In practice, various configurations can be adopted depending on the application and purpose.
The terminal 5 is connected to a control unit 11, a storage unit 13, a first communication control unit 15, a second communication control unit 17, and the like via a bus 19.

  The control unit 11 includes a CPU, a RAM, and the like. The CPU calls and executes a program stored in the storage unit 13 or the like in the work memory area on the RAM, drives and controls each device connected via the bus 19, and realizes processing to be described later performed by the terminal 5. . The RAM is a volatile memory, and temporarily holds a program, data, and the like loaded from the storage unit 13 and the like, and includes a work area used by the control unit 11 for performing various processes.

  The storage unit 13 is an HD (hard disk) or an EPROM (Erasable Programmable ROM) or the like, and stores a program executed by the control unit 11, data necessary for program execution, and the like. As for the program, an application program or the like corresponding to the processing described later is stored. Each of these program codes is read by the control unit 11 as necessary, transferred to the RAM, read by the CPU, and executed as various means.

  The first communication control unit 15 is a wireless communication interface related to wireless communication between the terminals 5, and performs communication control with the terminals 5. Examples of the wireless communication method between the terminals 5 include UWB (Ultra Wide Band), ZigBee, and Bluetooth. UWB has low power consumption and can perform high-speed communication at a short distance (assuming a radius of about 10 m). Although ZigBee has a low communication speed, it is inexpensive and consumes less power, and the maximum transmission distance can be adjusted (about 1 to 100 m) by the transmission output. In the case of ZigBee, a node terminal for controlling the network called a PAN (Personal Area Network) coordinator is required. Bluetooth can perform wireless communication with a radius of about 10 to 100 m, but consumes much power and needs to be charged regularly. In view of the object of the present invention, UWB or ZigBee is desirable, but the present invention is not limited to this, and a configuration based on a wireless communication system defined in the future may be adopted.

  The second communication control unit 17 is a wireless communication interface related to wireless communication with the device 7, and performs communication control with the device 7. Since communication between the terminal 5 and the device 7 is performed when the holder of the terminal 5 uses the device 7, it is desirable to perform proximity wireless communication. Examples of the wireless communication method between the terminal 5 and the device 7 include NFC (Near Field Communication). NFC is standardized as a communication standard for contactless IC cards, and is a proximity wireless communication standard (communication distance is about several millimeters to several tens of millimeters). It should be noted that the present invention is not limited to NFC, and other proximity wireless communication standards that have already been defined may be employed, or proximity wireless communication standards that will be defined in the future may be employed.

FIG. 4 is a hardware configuration diagram of the device 7. Note that the hardware configuration in FIG. 4 shows a configuration that is essential in the embodiment of the present invention. In practice, various configurations can be adopted depending on the application and purpose.
The device 7 is connected to a control unit 21, a storage unit 23, a communication control unit 25, a function execution unit 27, and the like via a bus 29.

  The control unit 21 includes a CPU, a RAM, and the like. The CPU calls and executes a program stored in the storage unit 23 or the like in the work memory area on the RAM, drives and controls each device connected via the bus 29, and realizes processing to be described later performed by the device 7. . The RAM is a volatile memory, and temporarily holds a program, data, and the like loaded from the storage unit 23 and the like, and includes a work area used by the control unit 21 to perform various processes.

  The storage unit 23 is an HD (hard disk) or an EPROM (Erasable Programmable ROM) or the like, and stores a program executed by the control unit 21, data necessary for program execution, and the like. As for the program, an application program or the like corresponding to the processing described later is stored. Each of these program codes is read by the control unit 21 as necessary, transferred to the RAM, read by the CPU, and executed as various means.

  The communication control unit 25 is a wireless communication interface related to wireless communication with the terminal 5, and performs communication control with the terminal 5. Since communication between the terminal 5 and the device 7 is performed when the holder of the terminal 5 uses the device 7, it is desirable to perform proximity wireless communication. Examples of the wireless communication method between the terminal 5 and the device 7 include NFC (Near Field Communication).

  The function execution unit 27 executes an original function of the device 7. For example, the information processing function is executed for the PC 7a, the printing function is executed for the printer 7b, and the door opening / closing function is executed for the locker 7c.

  Next, data according to the embodiment of the present invention will be described with reference to FIGS.

  FIG. 5 is a diagram illustrating an example of the terminal data 101. The terminal data 101 is information related to the terminal 5 and is stored in the storage unit 13 of the terminal 5. The number of stored data is one for each terminal 5. As shown in FIG. 5, the terminal data 101 includes, for example, a terminal ID 71, an employee ID 72, parent terminal information 73, and the like. The employee ID 72 and the parent terminal information 73 are not essential data items.

  The terminal ID 71 is information for uniquely identifying the terminal 5 and is assigned to each terminal 5. The employee ID 72 is information for uniquely identifying the employee 3, and is assigned to each employee 3. When the terminal 5 is the child terminal 5b, the parent terminal information 73 is information specifying the manager of the child employee 3b holding the child terminal 5b, that is, the parent terminal 5a held by the parent employee 3a (for example, the terminal of the parent terminal 5a) ID71).

  The employee ID 72 is a data item that assumes an operation in which the terminal 5 is distributed to each employee 3. The parent terminal information 73 is a data item that assumes a case where a specific parent employee 3a is determined as an administrator for a certain child employee 3b. Therefore, depending on the operation, the employee ID 72 and the parent terminal information 73 are not necessary.

  FIG. 6 is a diagram illustrating an example of the device data 102. The device data 102 is information related to the device 7 and is stored in the storage unit 23 of the device 7. The number of data to be stored is one for each device 7. As shown in FIG. 6, the device data 102 includes, for example, a device ID 81, a device type 82, an installation location 83, and the like. The device type 82 and the installation location 83 are not essential data items.

  The device ID 81 is information for uniquely identifying the device 7 and is assigned to each device 7. The device type 82 is information indicating the type of the device 7 such as the PC 7a, the printer 7b, and the locker 7c. The installation location 83 is information indicating a location where the device 7 is installed.

  The device type 82 is a data item assuming an operation in which the authority to use the device 7 is determined for each type of the device 7. The installation location 83 is a data item that assumes an operation in which the device 7 is installed where it is known. Accordingly, depending on the operation, the device type 82 and the installation location 83 are not necessary.

  FIG. 7 is a diagram illustrating an example of the current authority data 103. The current authority data 103 is information indicating which device 7 the terminal 5 has authority to use at the present time, and is stored in the storage unit 13 of the terminal 5. The number of stored data is plural for each terminal 5. As shown in FIG. 7, the current authority data 103 includes, for example, a device ID 81, an expiration date 91, an effective count 92, an authority delegation certificate 93, and the like. The item serving as the primary key is a device ID 81. Note that the expiration date 91, the effective count 92, and the authority delegation certificate 93 are not essential data items.

  The expiration date 91 is information indicating a time limit during which the device 7 can be used by the target current authority data 103. The valid count 92 is information indicating the number of times the device 7 can be used by the target current authority data 103. When the terminal 5 is the child terminal 5b, the authority delegation certificate 93 is information certifying that authority has been delegated from the parent terminal 5a, and includes at least the terminal ID 71 of the parent terminal 5a.

  If the terminal 5 is the parent terminal 5a, the current authority data 103 may be only the device ID 81. When the terminal 5 is the parent terminal 5a, the authority list data 104, which will be described later, may be referred to as information indicating which apparatus 7 is authorized to use without holding the current authority data 103. On the other hand, when the terminal 5 is the child terminal 5b, the current authority data 103 necessarily includes the device ID 81 and the authority delegation certificate 93, and includes the expiration date 91 or the effective count 92 depending on the operation.

  FIG. 8 is a diagram illustrating an example of the authority list data 104. The authority list data 104 is information stored in the storage unit 13 of the parent terminal 5a, and is a list of devices 7 having authority to be used by the parent terminal 5a. The number of stored data is plural for each parent terminal 5a. As shown in FIG. 8, the authority list data 104 includes, for example, a device ID 81, an expiration date 91, an effective count 92, and the like. The item serving as the primary key is a device ID 81. The expiration date 91 and the effective count 92 are not essential data items.

  The parent terminal 5a can delegate the authority to use the device 7 related to the authority list data 104 to the child terminal 5b. At that time, the authority to use can be limited according to the contents of the expiration date 91 or the effective count 92 according to the operation.

  In both the current authority data 103 and the authority list data 104, the main key item is the device ID 81, but instead of the device ID 81, the device type 82 may be used as the main key. Hereinafter, in order to avoid confusion, an item serving as a primary key will be described as a device ID 81.

  FIG. 9 is a diagram illustrating an example of the usable terminal list data 105. The usable terminal list data 105 is information stored in the storage unit 23 of the device 7 and is a list of parent terminals 5 a having authority to use the device 7. The number of data to be stored is plural for each device 7. As shown in FIG. 9, the usable terminal list data 105 includes, for example, a terminal ID 71 and the like. The item that becomes the primary key is the terminal ID 71.

  The device 7 can determine that the parent terminal 5a related to the usable terminal list data 105 and the child terminal 5b to which the authority is delegated from the parent terminal 5a are permitted to use the terminal 7a.

  Next, a configuration for realizing the functions of the terminal 5 and the device 7 will be described with reference to FIGS. 10 and 11.

  FIG. 10 is a block diagram illustrating an outline of functions of the terminal 5 according to the first embodiment. As shown in FIG. 10, the terminal 5 includes a control unit 31, a current authority holding unit 33, an authority list holding unit 35, an information transmission / reception unit 37, an availability determination requesting unit 39, an inter-terminal authentication unit 41, and an authority delegation requesting unit 43. , Authority delegation response means 45 and the like. It is assumed that the terminal data 101 is stored in the storage unit 13 of the terminal 5.

  The parent terminal 5a may include at least the control unit 31, the authority list holding unit 35, the information transmission / reception unit 37, the availability determination request unit 39, the inter-terminal authentication unit 41, and the authority delegation response unit 45. On the other hand, the child terminal 5b may include at least the control unit 31, the current authority holding unit 33, the information transmission / reception unit 37, the usability determination request unit 39, the inter-terminal authentication unit 41, and the authority delegation request unit 43. In the following, means that only the parent terminal 5a needs to have will be described for the case of the parent terminal 5a. Similarly, means that only the child terminal 5b needs to have will be described for the case of the child terminal 5b.

  The control unit 31 appropriately includes a current authority holding unit 33, an authority list holding unit 35, an information transmission / reception unit 37, an availability determination request unit 39, an inter-terminal authentication unit 41, an authority delegation request unit 43, an authority delegation response unit 45, and the like. Call and control the operation of the terminal 5.

  The current authority holding means 33 included in the child terminal 5b indicates the authority delegated from the parent terminal 5a at the present time, and holds authority information including the terminal ID 71 related to the parent terminal 5a. Details of the authority information are the current authority data 103 described above.

  The authority list holding means 35 provided in the parent terminal 5a holds an authority list that is a list of devices 7 having the authority that the parent terminal 5a itself can use independently. Details of the authorization list are the authorization list data 104 described above.

  The information transmission / reception means 37 transmits / receives arbitrary information to / from the terminals 5 by the first communication control unit 15. The information transmitting / receiving unit 37 transmits / receives arbitrary information to / from the device 7 by the second communication control unit 17.

  When using the device 7, the usability determination requesting means 39 transmits authority information to the device 7 and requests the usability determination. The authority information transmitted to the device 7 is information held by the current authority holding means 33 in the case of the child terminal 5b. On the other hand, in the case of the parent terminal 5a, information held by the authority list holding unit 35 may be used.

  The inter-terminal authentication means 41 performs mutual authentication when performing communication between terminals. When communication is performed between the parent terminal 5a and the child terminal 5b, if necessary, the inter-terminal authentication unit 41 refers to the parent terminal information 73 related to the terminal data 101 stored in the storage unit 13 of the child terminal 5b. It may be confirmed whether or not there is a relationship between the manager and the manager.

  The authority delegation request means 43 provided in the child terminal 5b requests the parent terminal 5a to delegate authority to the device 7 when using the device 7 that does not hold the authority information. The authority delegation request unit 43 is executed only when the device 7 is used. Therefore, the occurrence of communication between the parent terminal 5a and the child terminal 5b occurs when the child employee 3b holding the child terminal 5b uses the device 7 and the child terminal 5b holds valid authority information related to the device 7. Only if not.

  When authority delegation response means 45 provided in the parent terminal 5a is requested to delegate authority from the child terminal 5b, the authority delegation response means 45 searches the authority list and responds to authority delegation to the requested device 7.

  FIG. 11 is a block diagram illustrating an outline of functions of the device 7 according to the first embodiment. As shown in FIG. 11, the device 7 includes a control unit 51, an available terminal list holding unit 53, an information transmission / reception unit 55, an availability determination response unit 57, a function execution unit 59, and the like. The device data 102 described above is assumed to be stored in the storage unit 23 of the device 7.

  The control unit 51 appropriately calls the available terminal list holding unit 53, the information transmission / reception unit 55, the availability determination response unit 57, the function execution unit 59, and the like, and controls the operation of the device 7.

  The available terminal list holding unit 53 holds an available terminal list that is a list of terminal IDs 71 related to the parent terminal 5a that can use the device 7 itself. The details of the usable terminal list are the usable terminal list data 105 described above.

  The information transmission / reception means 55 transmits / receives arbitrary information to / from the terminal 5 by the communication control unit 25.

  The availability determination response means 57 determines whether or not the terminal ID 71 related to the parent terminal 5a included in the authority information transmitted from the terminal 5 requesting the availability determination is included in the available terminal list, and the determination result is obtained. respond. When the terminal 5 is the child terminal 5b, if necessary, the availability determination response unit 57 verifies that the right has been correctly delegated based on the authority delegation certificate 93 transmitted from the child terminal 5b.

  The function execution unit 59 executes the original function of the device 7 by the function execution unit 27. For example, the information processing function is executed for the PC 7a, the printing function is executed for the printer 7b, and the door opening / closing function is executed for the locker 7c.

  Next, details of the authority delegation process in the authority delegation system 1 according to the first embodiment will be described with reference to FIG.

  FIG. 12 is a sequence diagram illustrating details of authority delegation processing according to the first embodiment. As shown in FIG. 12, in the authority delegation process, the parent terminal 5a, the child terminal 5b, and the device 7 perform their own processing (indicated by a box) while exchanging messages (indicated by arrows) with each other. . FIG. 12 is based on the assumption that the current authority holding means 33 of the child terminal 5b does not hold valid authority information of the device 7 to be used. If the current authority holding means 33 of the child terminal 5b holds valid authority information of the device 7 to be used, the authority is not transferred from the parent terminal 5a, that is, communication with the parent terminal 5a is performed. The device 7 can be used.

  As shown in FIG. 12, the control means 31 of the child terminal 5b uses the availability determination request means 39 to make a request for availability determination to the device 7 (step 101). Here, the child terminal 5 b transmits the terminal ID 71 of the child terminal 5 b itself to the device 7.

  Next, the control means 51 of the device 7 determines the availability by the availability determination response means 57 (step 102). Here, the device 7 checks whether or not the terminal ID 71 of the child terminal 5b exists in the usable terminal list held by the usable terminal list holding unit 53. Since only the terminal ID 71 of the parent terminal 5a exists in the usable terminal list, the terminal ID 71 of the child terminal 5b does not exist, resulting in a determination result that the terminal cannot be used.

  Next, the control means 51 of the device 7 uses the availability determination response means 57 to make a response of availability determination to the child terminal 5b (step 103). As described above in step 102, the response content of the availability determination is unusable. Note that the response of the availability determination includes the device ID 81 of the device 7 itself.

  Next, the control means 31 of the child terminal 5b and the control means 31 of the parent terminal 5a perform inter-terminal authentication by the inter-terminal authentication means 41 of the child terminal 5b and the inter-terminal authentication means 41 of the parent terminal 5a (step 104). ).

  Next, the control means 31 of the child terminal 5b uses the authority delegation request means 43 to request authority delegation to the parent terminal 5a (step 105). The authority transfer request includes the device ID 81 of the target device 7.

  Next, the control means 31 of the parent terminal 5a searches the authority list by the authority delegation response means 45 (step 106). The authorization list is searched using the device ID 81 transmitted from the child terminal 5b as a search key.

  Next, the control means 31 of the parent terminal 5a makes an authority delegation response by the authority delegation response means 45 (step 107). The authority transfer response may include an expiration date 91, an effective count 92, and the like in addition to the terminal ID 71 of the parent terminal 5a itself.

  Next, the control means 31 of the child terminal 5b uses the availability determination request means 39 to make a request for availability determination to the device 7 (step 108). Here, the child terminal 5b indicates the authority delegated from the parent terminal 5a, and transmits the authority information including the terminal ID 71 related to the parent terminal 5a to the device 7.

  Next, the control means 51 of the device 7 determines the availability by using the availability determination response means 57 (step 109). Here, the device 7 confirms whether or not the terminal ID 71 related to the parent terminal 5a transmitted from the child terminal 5b exists in the usable terminal list held by the usable terminal list holding unit 53. Then, in the usable terminal list, the terminal ID 71 of the parent terminal 5a is present, and the use permission is determined. When the expiration date 91 is used, either the control unit 31 of the parent terminal 5a or the control unit 51 of the device 7 checks the validity of the authority information by comparing the expiration date 91 with the current date and time.

  Next, the control means 51 of the device 7 uses the availability determination response means 57 to make a response of availability determination to the child terminal 5b (step 110). The response content of the usability determination is use permission as described above in step 109. Accordingly, the child employee 3b holding the child terminal 5b can use the device 7. When the effective number 92 is used, the control unit 31 of the child terminal 5b performs an update to decrease the effective number 92 by one every time the device 7 is used. When the valid count 92 becomes 0, the control means 31 of the child terminal 5b deletes the authority information.

  Next, a second embodiment will be described. In the description according to the first embodiment, the same reference numerals are given to those already described, and overlapping description is avoided.

  In the first embodiment and the second embodiment, the parts related to the description of FIGS. 1 to 9 are the same. On the other hand, in the second embodiment, the device 7 does not include the usable terminal list holding unit 53, and the authority delegation system 1 is realized without distributing the usable terminal list to each device 7. is there.

  A configuration for realizing the functions of the terminal 5 and the device 7 will be described with reference to FIGS. 13 and 14.

  FIG. 13 is a block diagram illustrating an outline of functions of the terminal 5 according to the second embodiment. As shown in FIG. 13, the terminal 5 includes a control unit 31, a current authority holding unit 33, an authority list holding unit 35, an information transmitting / receiving unit 37, a device ID request unit 40, an inter-terminal authentication unit 41, an authority delegation request unit 43, It includes authority delegation response means 45, authority information presentation means 47, and the like. It is assumed that the terminal data 101 is stored in the storage unit 13 of the terminal 5.

  The parent terminal 5a may include at least the control unit 31, the authority list holding unit 35, the information transmission / reception unit 37, the device ID request unit 40, the inter-terminal authentication unit 41, the authority delegation response unit 45, and the authority information presentation unit 47. On the other hand, the child terminal 5b includes at least the control unit 31, the current authority holding unit 33, the information transmission / reception unit 37, the device ID request unit 40, the inter-terminal authentication unit 41, the authority delegation request unit 43, and the authority information presentation unit 47. good. In the following, means that only the parent terminal 5a needs to have will be described for the case of the parent terminal 5a. Similarly, means that only the child terminal 5b needs to have will be described for the case of the child terminal 5b.

  The device ID request unit 40 requests the device 7 for the device ID 81. Further, the authority information presentation unit 47 presents authority information to the device 7. The device ID request means 40 and the authority information presentation means 47 are provided in the terminal 5 in place of the usability determination request means 39 because the device 7 does not include the usable terminal list holding means 53.

  FIG. 14 is a block diagram illustrating an outline of functions of the device 7 according to the second embodiment. As shown in FIG. 14, the device 7 includes a control unit 51, an information transmission / reception unit 55, a device ID response unit 56, an authority information confirmation unit 58, a function execution unit 59, and the like. The device data 102 described above is assumed to be stored in the storage unit 23 of the device 7.

  The device ID response means 56 responds to the request for the device ID 81 from the terminal 5. Further, the authority information confirmation unit 58 confirms the authority information presented from the terminal 5 and responds with the availability. The device ID response means 56 and the authority information confirmation means 58 are provided in the device 7 instead of the usability determination response means 57 because the device 7 does not include the usable terminal list holding means 53.

  Next, the details of the authority delegation process in the authority delegation system 1 according to the second embodiment will be described with reference to FIG.

  FIG. 15 is a sequence diagram illustrating details of authority delegation processing according to the second embodiment.

  As shown in FIG. 15, the control means 31 of the child terminal 5b makes a request for the device ID 81 to the device 7 by the device ID requesting means 40 (step 201).

  Next, the control means 51 of the device 7 responds to the request for the device ID 81 by the device ID response means 56 (step 202). Here, the device 7 transmits the device ID 81 of the device 7 itself to the child terminal 5b.

  Next, the control means 31 of the child terminal 5b confirms the presence / absence of authority information related to the received device ID 81 (step 203). When the current authority holding means 33 of the child terminal 5b holds the authority information related to the received device ID 81, the process proceeds to step 208 and the processing is continued. On the other hand, if the current authority holding means 33 of the child terminal 5b does not hold the authority information related to the received device ID 81, the process proceeds to step 204 in order to delegate authority from the parent terminal 5a.

  Next, the control means 31 of the child terminal 5b and the control means 31 of the parent terminal 5a perform inter-terminal authentication by the inter-terminal authentication means 41 of the child terminal 5b and the inter-terminal authentication means 41 of the parent terminal 5a (step 204). ).

  Next, the control means 31 of the child terminal 5b requests the authority delegation to the parent terminal 5a by the authority delegation request means 43 (step 205). The authority transfer request includes the device ID 81 of the target device 7.

  Next, the control means 31 of the parent terminal 5a searches the authority list by the authority delegation response means 45 (step 206). The authorization list is searched using the device ID 81 transmitted from the child terminal 5b as a search key.

  Next, the control means 31 of the parent terminal 5a makes an authority delegation response by the authority delegation response means 45 (step 207). The authority transfer response may include an expiration date 91, an effective count 92, and the like in addition to the terminal ID 71 of the parent terminal 5a itself.

  Next, the control means 31 of the child terminal 5b presents authority information to the device 7 by the authority information presenting means 47 (step 208). Here, the child terminal 5b indicates the authority delegated from the parent terminal 5a, and transmits the authority information including the terminal ID 71 related to the parent terminal 5a to the device 7.

  Next, the control means 51 of the device 7 confirms the authority information by the authority information confirmation means 58 (step 209). Here, the device 7 may confirm whether or not the authority information is legitimately delegated from the parent terminal 5a. When the expiration date 91 is used, either the control unit 31 of the parent terminal 5a or the control unit 51 of the device 7 checks the validity of the authority information by comparing the expiration date 91 with the current date and time.

  Next, the control means 51 of the device 7 uses the authority information confirmation means 58 to make a response to the child terminal 5b to determine whether it can be used (step 210). If the response content of the availability determination is permission for use, the child employee 3b holding the child terminal 5b can use the device 7. When the effective number 92 is used, the control unit 31 of the child terminal 5b performs an update to decrease the effective number 92 by one every time the device 7 is used. When the valid count 92 becomes 0, the control means 31 of the child terminal 5b deletes the authority information.

  Next, an example according to the first embodiment will be described with reference to FIG. The present embodiment shows an example of processing when authority is transferred from the parent employee 3a when the child employee 3b uses the locker 7c that does not have valid authority information.

  First, when using the locker 7c, the child employee 3b brings the child terminal 5b closer to the target locker 7c. Here, communication is established between the child terminal 5b and the target locker 7c, and the child terminal 5b requests the availability determination. On the other hand, the locker 7c responds that it cannot be used because the terminal ID 71 of the child terminal 5b does not exist in the available terminal list.

  Next, the child terminal 5b mutually authenticates with the parent terminal 5a held by the parent employee 3a, and requests authority transfer to the parent terminal 5a. On the other hand, the parent terminal 5a searches for authority information related to the device ID 81 of the target locker 7c from the authority list and transmits it to the child terminal 5b.

  Next, the child terminal 5b requests the locker 7c to determine whether or not it can be used based on the authority information transmitted from the parent terminal 5a. On the other hand, since the terminal ID 71 of the parent terminal 5a included in the authority information exists in the available terminal list, the locker 7c responds as a use permission. Thereby, the child employee 3b can use the locker 7c.

  As described above, according to the embodiment of the present invention, it can be performed independently of entrance / exit management, can appropriately respond to changes in the situation such as when the administrator leaves a specific area, and It is possible to provide an authority delegation system or the like that can delegate the authority to use a device from an administrator to a general employee with a minimum amount of communication.

  The preferred embodiments of the authority delegation system and the like according to the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to such examples. It will be apparent to those skilled in the art that various changes or modifications can be conceived within the scope of the technical idea disclosed in the present application, and these naturally belong to the technical scope of the present invention. Understood.

Diagram showing an example of the inside of a specific area The figure which shows schematic structure of the authority delegation system 1 Hardware configuration diagram of terminal 5 Hardware configuration diagram of device 7 The figure which shows an example of the terminal data 101 The figure which shows an example of the apparatus data 102 The figure which shows an example of the current authority data 103 The figure which shows an example of the authority list data 104 The figure which shows an example of the usable terminal list data 105 The block diagram which shows the outline | summary of the function of the terminal 5 in 1st Embodiment. The block diagram which shows the outline | summary of the function of the apparatus 7 in 1st Embodiment Sequence diagram showing details of authority delegation processing according to the first embodiment The block diagram which shows the outline | summary of the function of the terminal 5 in 2nd Embodiment. The block diagram which shows the outline | summary of the function of the apparatus 7 in 2nd Embodiment Sequence diagram showing details of authority delegation processing according to the second embodiment

Explanation of symbols

1 ……… Delegation of authority 3 ……… Employee 3a ……… Parent employee 3b ……… Child employee 5 ……… Terminal 5a ……… Parent terminal 5b ……… Child terminal 7 ……… Device 7a ……… PC
7b ......... Printer 7c ......... Locker 11 ......... Control unit 13 ......... Storage unit 15 ......... First communication control unit 17 ......... Second communication control unit 19 ......... Bus 21 ... ... Control unit 23 ......... Storage unit 25 ......... Communication control unit 27 ......... Function execution unit 29 ......... Bus 31 ......... Control means 33 ......... Current authority holding means 35 ......... Authority list holding means 37... Information transmission / reception means 39... Usability determination request means 40... Device ID request means 41... Terminal authentication means 43 .... Authority delegation request means 45. …… Authority information presenting means 51... Control means 53... Usable terminal list holding means 55... Information transmitting and receiving means 56... Device ID response means 57. Authority information confirmation means 59 ......... Function execution means 71 ... Terminal ID
72 ……… Employee ID
73 ......... Parent terminal information 81 ... …… Device ID
82 ......... Device type 83 ......... Installation location 91 ......... Expiration date 92 ......... Number of validity 93 ......... Authority delegation certificate 101 ......... Terminal data 102 ......... Device data 103 ......... Current authority data 104 ......... Authority list data 105 ......... Useable terminal list data

Claims (8)

An authorized person can use the device to which the device ID is allocated, the person having the authority to use the device alone, the parent terminal to which the terminal ID is allocated, and the authority is transferred from the parent terminal. An authority delegation system that is held by a person who can use the device and configured by at least a child terminal to which the terminal ID is assigned,
The child terminal is
Means for transmitting and receiving arbitrary information to and from the parent terminal;
Means for indicating authority information delegated from the parent terminal, and means for holding authority information including a terminal ID related to the parent terminal;
When using a device that does not hold the authority information, authority delegation request means for requesting the parent terminal to delegate authority to the device;
Comprising
The parent terminal
Means for transmitting and receiving arbitrary information to and from the child terminal;
Means for holding an authorization list that is a list of devices having authority that can be used independently by the parent terminal itself;
Means for retrieving the authorization list when requested to delegate authority from the child terminal and responding to the authority delegation for the requested device;
Comprising
The authority delegation request unit included in the child terminal is executed only when the device is used. The child terminal is
Means for transmitting and receiving arbitrary information with the device;
Means for requesting availability determination for the device;
Further comprising
The equipment is
Means for transmitting and receiving arbitrary information to and from the child terminal;
Means for holding a usable terminal list that is a list of terminal IDs related to a parent terminal that can use the device itself;
Means for determining whether the terminal ID related to the parent terminal included in the authority information transmitted from the child terminal requesting the availability determination is included in the available terminal list, and responding the determination result;
The authority delegation system according to claim 1, further comprising: The child terminal is
Means for transmitting and receiving arbitrary information with the device;
Means for requesting a device ID from the device;
Further comprising
The equipment is
Means for transmitting and receiving arbitrary information to and from the child terminal;
Means for responding to the request for the device ID;
The authority delegation system according to claim 1, further comprising: The child terminal is
Means for presenting the authority information to the device;
Further comprising
The equipment is
A means of confirming the authority information presented and responding to the availability,
The authority delegation system according to claim 3, further comprising: An authorized person can use the device to which the device ID is allocated, the person having the authority to use the device alone, the parent terminal to which the terminal ID is allocated, and the authority is transferred from the parent terminal. An authority delegation method used in an authority delegation system that is held by a person who can use the device and is configured by at least a child terminal to which the terminal ID is assigned,
When the child terminal indicates the authority information delegated from the parent terminal and uses a device that does not hold the authority information including the terminal ID related to the parent terminal, Requesting the parent terminal for delegation;
When the parent terminal is requested to transfer the authority from the child terminal, the parent terminal searches the authority list that is a list of devices having the authority that can be used independently, and the authority is transferred to the requested device. Responding step;
Including
The step of requesting delegation of authority performed by the child terminal is executed only when the device is used. The child terminal requesting the device to determine whether it can be used;
In the available terminal list, the terminal ID related to the parent terminal included in the authority information transmitted from the child terminal that requests the availability determination of the device is a list of terminal IDs related to the parent terminal that can use the device itself. Determining whether it is included and responding with the determination result;
The authority delegation method according to claim 5, further comprising: The child terminal requesting a device ID from the device;
The device responding to the request for the device ID;
The authority delegation method according to claim 5, further comprising: The child terminal presenting the authority information to the device;
The device confirms the presented authority information and responds with availability;
The authority delegation method according to claim 7, further comprising:

Images