JP2009243129A - Access management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow a card for authentication to be used only while a company member is at work normally. <P>SOLUTION: This access management system comprises an access control device for controlling the passage between rooms in an area to be controlled and a check-in registration device for controlling entry into the area to be controlled. The access control device comprises a read-out section for reading out an identification code and an expiration date of a storage medium held by a user and a control section for releasing passage control when the identification code is normal and the present time is within the expiration date. The check-in registration device comprises a read-out device for reading out the identification code and the expiration date of the storage medium, a writing section for writing the expiration date on the storage medium, and a control section which, when receiving a request for passage, releases the passage control when the identification code is normal and the present time is within the expiration date, and when receiving a request for check-in, writes the expiration date on the storage medium when the identification code is normal. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an entrance / exit management system that restricts traffic using an authentication card when entering / exiting a building or moving within a building, and enables the use of the authentication card only during work.

  Conventionally, as disclosed in Patent Document 1, an entrance / exit management device having both a building entrance / exit management function and an attendance / exit management function has been proposed. Here, the entrance / exit management function refers to the door when the user is verified by checking the authentication card when entering / exiting the building or moving within the building, and confirming that the user is an authorized user. This is a function of unlocking the provided electric lock, and only a user who has an authentication card can enter and leave the room and move. On the other hand, the attendance / leaving management function is a function for managing the time when a user attends or leaves the company, and is used by the company to manage the attendance / leaving status of employees.

  Specifically, when a user uses the entrance / exit management function, when an authentication card possessed by the user is inserted, personal information is read from the authentication card, and the authorized user possesses it. Check if the authentication card is valid. After that, if the verification card verification is correct, the user selects the entry / exit management function, and if it matches the entry / exit conditions, the user unlocks the electric lock and enters / exits the user into the building. Is allowed to move. If the verification card is not verified correctly or if the entrance / exit conditions are not satisfied, the electric lock is maintained in the locked state to restrict the user's access to the building and movement within the building.

  In addition, when a user uses the time and attendance function, first, when an authentication card possessed by the user is inserted, the personal information is read from the authentication card, and the authentication user possessed by the authorized user. Check if the card is not. Thereafter, if the verification card verification is correct, the user selects the attendance / leaving management function, inputs attendance, leaving, and going out, and stores the type of attendance, etc. of the user, and the current time. If the verification card is not verified correctly, this is displayed because it is an incorrect card operation.

Japanese Patent Laid-Open No. 9-185740

  By the way, the entrance / exit management function and the attendance / exit management function are management-restricted on the behavior of the same person in the same building, and are therefore closely related to each other. Specifically, when a user goes to work, it is necessary to allow the user to freely enter and leave the room, but after the user leaves the office, the user moves in the building, re-enters the room, etc. Is not necessarily allowed. Therefore, it is desirable to validate the authentication card only while the user is at work.

To achieve the above purpose, when the user goes to work, he / she makes the device read the authentication card and activates the authentication card, and when he leaves the office, he / she makes the device read the authentication card and invalidates the authentication card. Therefore, it may be possible to use the authentication card only during work.
However, in this case, if the route to the room in which the device is installed is restricted by the entrance / exit management function, it will not be possible to move to the room in which the device is installed using an authentication card during work. Therefore, the route to the room where the device is installed cannot be restricted, which is not preferable in terms of security.

  SUMMARY OF THE INVENTION An object of the present invention is to provide an entry / exit management system with high security while enabling a user to use an authentication card used for entry / exit management only while the user is at work.

  In order to achieve the above object, an access management system according to the present invention includes an entrance / exit control device that restricts traffic between rooms in a restricted area and an attendance registration device that restricts entry into the restricted area. The access control apparatus includes a reading unit that reads an identification code and an expiration date of a storage medium possessed by a user, an identification code read from the storage medium is a regular identification code, and a current time is A control unit that cancels the traffic restriction when the expiration date read from the storage medium is within the limit, and the attendance registration apparatus reads the identification code and the expiration date of the storage medium, and sets the expiration date to the storage medium. When the writing unit for writing and the reading unit recognize the storage medium, it is determined whether the request is a traffic request or a work request by a user, and the traffic request is determined If the identification code read from the storage medium is a legitimate identification code and the current time is within the expiration date read from the storage medium, the traffic restriction is canceled, and if the attendance request is determined, the storage If the identification code read from the medium is a legitimate identification code, a control unit is provided that writes an expiration date to the storage medium to make it usable.

  According to the above configuration, the attendance registration apparatus that validates the storage medium possessed by the user at the time of attendance can have a function of restricting the passage of the user at the entrance / exit of the restricted area. As a result, only users who have registered to attend work can pass through in the restricted area, and the entire area (for example, the entire building to be managed) in which restricted traffic is to be restricted can be designated as a restricted area. It is possible to realize an entrance / exit management system. In addition, when it is determined that the user is a legitimate user for the attendance request, if the traffic restriction is canceled at the same time as the expiration date of the storage medium is updated, the traffic request is reissued to enter the restricted area. It is possible to save time and effort.

  Moreover, as a preferred aspect of the above-described entry / exit management system, the attendance registration apparatus further includes a storage unit that records a working state of a user who owns the storage medium in association with an identification code of the storage medium, When the reading unit recognizes the storage medium, the control unit of the attendance registration apparatus determines the traffic request if the working state of the storage unit is already attended, and if the working state is not attended. The attendance request is determined. The work status of the user is updated according to the user's attendance / leaving time. For example, when the attendance registration device determines that the user is a regular user in response to the attendance request, the work status of the user is updated to attendance. Also, an operation unit is provided in the attendance registration device, and when it is determined that the user is a regular user in a state in which a request for leaving work is instructed by the operation unit, the work status of the user is updated to not attended.

  Further, as a preferred aspect of the above-described entry / exit management system, the storage unit further stores a work time zone which is a time zone where the user is scheduled to go to work, and the control unit of the attendance registration apparatus includes the reading unit When the storage medium is recognized, if the current time is the attendance time zone and the work status is not attendance, the attendance request is determined.

  The attendance registration device that validates the storage medium possessed by the user at the time of attendance can be provided with a function of restricting user traffic at the entrance / exit of the restricted area. As a result, only users who have registered to attend work can pass through in the restricted area, and the entire area (for example, the entire building to be managed) in which restricted traffic is to be restricted can be designated as a restricted area. It is possible to realize an entrance / exit management system.

  Hereinafter, as an embodiment of the present invention, a function of allowing an employee of an enterprise to possess an authentication card such as an ID card, reading the authentication card at the time of the employee's attendance, and registering the status of attendance / exit, An entrance / exit management system that cooperates with the function of reading the authentication card to determine whether or not to allow traffic and restricting the traffic will be described with reference to the drawings.

FIG. 1 is a diagram schematically showing an operation image of the access management system of the present embodiment. FIG. 2 is a diagram showing the overall configuration of the access management system of the present embodiment.
In this embodiment, the entrance / exit management system performs entrance / exit management and entrance / exit management of employees of a company that uses the building in the building to be managed. The inside of the building is an area (restricted area) where entry / exit by non-employees (persons without authority) should be restricted, and entry / exit to the restricted area and movement between areas within the restricted area are restricted.

  Employees who are allowed to enter and leave the restricted area are given in advance an authentication card for identifying the owner. The authentication card stores, as stored data, an identification code (ID code: Identification Code) unique to the card and information (expiration date) for determining the valid / invalid state of the card.

Access control devices M1-5, doors D1-5 with electric locks, and card readers CR11, 12-51, 52 are provided everywhere in the restricted area, and users can move between rooms in the restricted area. It is regulated. The door D with the electric lock is provided at the boundary between the regions, and is a means for physically restricting movement between the regions. The card reader CR is a means for reading the ID code and the expiration date attached to the authentication card possessed by the employee in a non-contact (or contact) manner, and is controlled by the door D with an electric lock. A pair is provided near the door of the area.
The access control device M is connected to the card reader CR to be controlled and the door D with the electric lock, and authenticates the validity of the user based on the ID code and the expiration date attached to the authentication card read by the card reader CR. Then, the door D with electric lock is controlled to be unlocked. This controls and manages user access between areas. The entry / exit control devices M1 to M5 (and the electric lock door D and the card reader CR to be managed) have the function of the entry / exit control device of the present invention.

  The attendance registration device S, the door D6 with electric lock, and the reader / writers RW11 and RW12 are provided at the entrance for entering the restricted area from the outside of the building, and the entry and exit of the user to the restricted area is restricted. The door D with the electric lock is provided at the boundary between the regions, and is a means for physically restricting movement between the regions. The reader / writer RW is provided in a pair near the doors of the two areas where movement is restricted by the door D with the electric lock, and the ID code and the expiration date attached to the authentication card held by the employee are contactless ( Or a contact), and the expiration date is written in the authentication card.

  The attendance registration device S is connected to the reader / writer RW to be controlled and the door D with an electric lock. When the attendance registration apparatus S receives the user authentication request by reading the authentication card with the reader / writer RW, the authentication request is sent to the employee who has attended the office (attendance request) ) Or whether the employee on duty requests to release the traffic regulation (traffic request). When it is determined that the request is a passage request, the legitimacy of the user is authenticated based on the ID code and the expiration date attached to the read authentication card, and the door D with electric lock is controlled to be unlocked. This controls and manages user access between areas. On the other hand, when it is determined that it is a work attendance request, employee attendance registration and work attendance registration are performed based on the read ID code attached to the authentication card. At the same time, the expiration date of the authentication card is renewed to enable entry / exit in the restricted area thereafter. The attendance registration device S (and the door D and the reader / writer RW to be managed) have the function of the attendance registration device of the present invention.

  The management device P is installed in any room in the restricted area and can be operated only by a system administrator. The management device P is connected to each entry / exit control device M and the attendance registration device S via a LAN, obtains employee entry / exit information in the restricted area from the attendance registration device M and each entry / exit control device M, and each employee is presently present. Record the location and entry / exit history of each employee. Also, employee attendance information is acquired from the attendance registration device S, and the daily attendance status and attendance time are recorded for each employee. The management device P includes a display unit such as a liquid crystal display and a printing unit such as a printer, and can display and print various recorded information.

  As described above, the entry / exit management system according to the present embodiment provides the attendance registration apparatus that validates the storage medium possessed by the user at the time of attendance with the function of restricting the passage of users at the entrance / exit of the restricted area. Therefore, while managing the expiration date of the authentication card in association with attendance and attendance registration, the entire area of the area where traffic is to be restricted (for example, the entire building to be managed) can be set as the restricted area, which provides high security. It is possible to realize an access control system having In addition, since the attendance registration device S discriminates between employees at work and those who are working, and performs attendance registration or entry / exit control, employees do not need to use specially and can provide a highly convenient system. It is.

Hereinafter, the configuration and operation of the authentication card C, the attendance registration apparatus S, and the entry / exit control apparatus M used in the entry / exit management system of this embodiment will be described in detail.
FIG. 3 is a diagram showing a configuration of an authentication card C possessed by an employee.
The authentication card C is an IC card (Integrated) that can be read and written by non-contact communication.
Circuit Card), which mainly includes a wireless communication unit 120, a storage unit 140, and a control unit 160.
The wireless communication unit 120 includes an antenna that transmits and receives a wireless signal having a predetermined frequency, a communication circuit that modulates or demodulates the transmitted and received signal, and performs wireless communication with the card reader CR and the attendance registration device S.

The storage unit 140 is a readable / writable RAM (Random Access).
Memory) is stored, and stored data used for authentication is stored. The storage unit 140 stores an ID code uniquely assigned to each authentication card C in order to identify an employee who possesses the authentication card C. Further, the storage unit 140 stores an expiration date indicating a period during which the use of the authentication card C is enabled. The expiration date is represented by the date and time, and the authentication card C is valid until the time arrives. Since this expiration date is used for user authentication by the access control device M, an employee who is a card holder can enter and leave the restricted area until the expiration date comes.

The control unit 160 is an MPU (Micro) that controls the wireless communication unit 120 and the storage unit 140.
Processing Unit). When the wireless communication unit 120 receives the inquiry signal from the card reader CR or the attendance registration device S, the control unit 160 reads the ID code and the expiration date from the storage unit 140, and wirelessly communicates the response signal modulated with these data. The data is sent from the unit 120. In addition, when the wireless communication unit 120 receives an expiration date write instruction signal from the attendance registration device S, the received expiration date is written in the storage unit 140.

The form of the expiration date stored in the storage unit 140 is not limited to the date and time, and only the time, the date and time, the valid time zone, and the like can be applied.
Further, the authentication card C is not limited to a non-contact type IC card, and a contact type IC card, a contact type magnetic card, an RFID tag, a mobile phone capable of RFID communication, and the like are applicable.

FIG. 4 is a functional block diagram of the attendance registration device S and a diagram showing a connection relationship between the door D with the electric lock and the reader / writer RW. FIG. 5 is a diagram illustrating an example of management information stored in the storage unit of the attendance registration apparatus.
The attendance registration device S mainly includes an electric lock control unit 210, a reader communication unit 220, a clock unit 230, a LAN communication unit 240, a storage unit 250, and a control unit 260.
The electric lock control unit 210 is connected to the door D6 with an electric lock managed by the electric lock controller 210, and is a means for controlling the locking and unlocking by applying a current (voltage) to the electric lock provided on the electric lock door D6. The electric lock control unit 210 normally maintains the electric lock door D6 in the locked state, and controls the door D6 with electric lock to be temporarily switched to the unlocked state in accordance with an instruction from the control unit 260.

The reader communication unit 220 is connected to the reader / writers RW11 and RW managed by the reader communication unit 220, receives an authentication request signal from the reader / writer RW, and sends an authentication card C to the reader / writer RW according to an instruction from the control unit 260. It is a communication interface which transmits the control signal which instruct | indicates the writing process of the expiration date.
Here, the reader / writer RW includes an antenna that transmits / receives a radio signal of a predetermined frequency and a communication circuit that modulates / demodulates the transmission / reception signal. The reader / writer RW wirelessly communicates with the authentication card C to perform card information (storage). Data). The reader / writer RW transmits an inquiry signal within a predetermined distance and receives a response signal transmitted from the authentication card C. The received response signal is demodulated to extract the ID code and expiration date of the authentication card C, and the extracted card information is sent to the attendance registration device S as an authentication request signal. Further, when the reader / writer RW receives the write control signal for the expiration date from the attendance registration device S, the reader / writer RW designates the authentication card C using the ID code and sends it to a predetermined range using the ID code. The card information is updated in the authentication card C. Further, the reader / writer RW12 installed inside the restricted area is provided with an operation button for instructing the retirement registration when the employee leaves the office, and the authentication card is in a state where the relocation registration is instructed by the operation button. When C is read, information indicating that it is a work leave request is attached to the authentication request signal and transmitted to the attendance registration apparatus S.

The clock unit 230 is a means for measuring the current time. It is timed according to regular time data received via the LAN communication unit 240 periodically.
The LAN communication unit 240 performs communication with the management apparatus P in a LAN (Local Area Network) constructed based on the Ethernet (registered trademark) standard or the like.

  The storage unit 250 includes a ROM, a RAM, and the like that store various programs and data. The storage unit 250 stores the attendance and attendance history and management information, and the control unit 260 reads and writes as needed. The attendance / leaving history is history information of each employee's attendance and attendance, and is information indicating the working status (whether or not attending) of each employee. The attendance / leaving history includes data in which an employee number for identifying an employee, an ID code of an authentication card C possessed by the employee, attendance time, and attendance time are associated with each individual. Information management information is necessary for each employee's attendance and attendance registration process, and the ID code (verification ID code) of the authentication card possessed by the employee and the information related to the employee's working hours are associated with each individual. Data. The information related to working hours includes a working time zone H that indicates a time zone in which an employee normally works, and a basic upper time T that indicates an upper limit time for the employee to take a normal working time (with a time margin).

  The control unit 260 is configured by an MPU or the like, and performs overall control of each unit. When the control unit 260 receives the authentication request signal from the reader / writers RW 11 and 12 via the reader communication unit 220, the ID code of the authentication card C included in the authentication request signal is an ID code registered in the storage unit 250. Whether the authentication card C is valid or not is determined by comparing the expiration date of the authentication card C with the current time indicated by the clock unit 230 to determine whether the authentication card C has expired. Determine the legitimacy of the employee who requested authentication. In addition, the control unit 260 determines whether the received authentication request signal is an authentication request signal related to a traffic request for an employee who is working to cancel the traffic restriction, or an employee who has attended the office requests an attendance request for registration of attendance. It is determined whether this is an authentication request signal or an authentication request signal related to a work leave request for a work employee requesting work registration, and processing for traffic control, work attendance registration, and work attendance registration is executed.

  When the control unit 260 receives an authentication request signal from the reader / writer 11 installed outside the restricted area, the control unit 260 refers to the attendance / leaving history stored in the storage unit 250, and the ID code included in the authentication request signal It is determined whether or not it has been registered. If the attendance has been registered, that is, because the working status of the employee who requested authentication is already attended, it is determined that the authentication request is a normal traffic request by an employee who goes through the entrance / exit of the restricted area. On the other hand, if the attendance has not been registered, that is, the working status of the employee who has requested authentication is not yet attended, it is determined that the attendance request has been made by the employee at the time of attendance.

  When the control unit 260 determines that the received authentication request signal is due to a traffic request, the control unit 260 is a valid authentication card C on the condition that the read authentication card C is a valid ID code and has not expired. It judges that there is, and unlocks the door D6 with an electric lock via the electric lock control part 210, and permits the passage of the employee. At this time, the reader / writer RW is notified that the passage is permitted, and the reader / writer RW is caused to display the authentication success. On the other hand, if it is an unregistered unjustified ID code or if the expiration date has expired, it is determined that it is an unauthenticated authentication card C, and the door D with the electric lock maintains the locked state and is unjustified. Prevent users from entering and leaving the room. At this time, the reader / writer RW is notified that entry / exit is not permitted, and the reader / writer RW displays an authentication failure indication.

  If the control unit 260 determines that the received authentication request signal is due to an attendance request, the control unit 260 refers to the management information registered in the storage unit 250 and determines whether or not the current time is a time slot in which the employee normally attends. Determine. If the current time is not in the attendance time zone H, it is determined that the request is an unauthorized attendance, and the door D with the electric lock maintains the locked state and prevents unauthorized users from entering and leaving the room. At this time, the reader / writer RW is notified that entry / exit is not permitted, and the reader / writer RW displays an authentication failure indication. On the other hand, if the current time is the work time zone H, it is determined that the employee is a legitimate requesting employee regardless of whether it is within the validity period, and the employee who has the authentication card C is allowed to attend work. Then, the attendance time is registered in the attendance record of the storage unit 250. At the same time as attendance registration, an expiration date (future time) is calculated based on the basic upper limit time T of the basic management information and the current time, and the validity stored in the authentication card C via the light unit 220 is calculated. Update the deadline. At the same time, the door D6 with the electric lock is unlocked via the electric lock control unit 210 to allow the employee to pass. At this time, the reader / writer RW is notified that the attendance has been registered and the passage has been permitted, and the reader / writer RW is caused to display the authentication success. Referring to FIG. 5 as an example, when an employee with an ID code “12345” registers attendance at “9:00”, “18:00”, which is obtained by adding the upper limit time T to the attendance time, is set as a new expiration date. Calculate and update the expiration date of the authentication card C. Thereby, the employee can enter and leave the restricted area using the authentication card C from the time when attendance registration is performed until the expiration date comes.

  In addition, when the control unit 260 receives an authentication request signal from the reader / writer 12 installed inside the restricted area, if the authentication request signal does not include information indicating that the employee is leaving the work, the authentication request is restricted. Judged as a normal traffic request by an employee passing through the area entrance. On the other hand, if the authentication request signal includes information indicating that the request is for leaving work, it is determined that the request is for a leave by the employee at the time of leaving work.

If the control unit 260 determines that the received authentication request signal is due to a traffic request, the control unit 260 checks whether the authentication code is within the valid ID code and validity period, and whether or not it is a valid authentication card C. judge.
If the control unit 260 determines that the received authentication request signal is due to a work leave request, the control unit 260 registers the work time in the time and work history stored in the storage unit 250. Also, at the same time as the relocation registration, the current time or a time obtained by subtracting a predetermined time from the current time (past time) or the current time is calculated as the expiration date, and the validity stored in the authentication card C via the write unit 220 Update the deadline. As a result, the employee cannot enter or leave the restricted area using the authentication card C at the time when the employee is registered for retirement.

  In addition, when the employee is allowed to enter and leave the room and when the employee is registered for attendance / exit, the control unit 260 uses the ID code of the used authentication card C via the LAN communication unit 350 that performs LAN communication. In addition, a record (log) of entry / exit or a work attendance history is transmitted to the management apparatus P. Thereby, the management apparatus P can centrally manage the employee's attendance / leaving history, the current position of the employee in the restricted area, and the past entry / exit history.

FIG. 6 is a functional block diagram of the access control apparatus M and a diagram showing a connection relationship between the door D with an electric lock and the card reader CR.
The access control apparatus M mainly includes an electric lock control unit 310, a reader communication unit 320, a storage unit 330, a clock unit 340, a LAN communication unit 350, and a control unit 360.
The electric lock control unit 310 is connected to the door D with the electric lock managed by itself, and is a means for controlling the locking and unlocking by applying a current (voltage) to the electric lock provided on the door D with the electric lock. The electric lock control unit 310 normally maintains the door D with the electric lock in the locked state, and controls the door D with the electric lock to be temporarily switched to the unlocked state in accordance with an instruction from the control unit 360.

The reader communication unit 320 is a communication interface that is connected to a pair of card readers CR managed by the reader communication unit 320 and receives an authentication request signal from the card reader CR. Here, the card reader CR demodulates the response signal received from the authentication card C, extracts the ID code and the expiration date, and sends the extracted card information to the access control device M as an authentication request signal. The reader communication unit 320 acquires an ID code and an expiration date that are card information (stored data) of the authentication card C included in the received authentication request signal.
The storage unit 330 includes a ROM, a RAM, and the like that store various programs and data. The storage unit 330 stores an ID code to which the authority to enter and leave the room is given.
The clock unit 340 is a means for measuring the current time. The time is adjusted by regular time data periodically received via the LAN communication unit 350.
The LAN communication unit 350 communicates with the management apparatus P in a LAN constructed based on the Ethernet (registered trademark) standard or the like.

  The control unit 360 is configured by an MPU or the like, and performs overall control of each unit. The control unit 360 checks whether the ID code of the authentication card C is an ID code registered in the storage unit 330. In addition, the control unit 360 compares the expiration date of the authentication card C with the current time indicated by the clock unit 340, and determines whether the authentication card C is valid or invalid.

When the ID code received via the reader communication unit 320 is registered and the expiration date has not expired, the control unit 360 determines that the card is a valid authentication card C. If it is determined that the card is a valid authentication card C, the door D with the electric lock is unlocked via the electric lock control unit 310 to allow the employee to enter and leave the room. At this time, the card reader CR is notified that entry / exit has been permitted, and the card reader CR displays a successful authentication. On the other hand, if the ID code is not registered or if the expiration date has expired, it is determined that the authentication card C is not valid. If it is determined that the authentication card C is not valid, the door D with the electric lock maintains the locked state and prevents the unauthorized user from entering or leaving the room. At this time, the card reader CR is notified that entry / exit is not permitted, and the card reader CR displays an authentication failure.
In addition, when the employee is allowed to enter and leave the room, the control unit 360 manages the ID code of the used authentication card C and a record (log) of the entry and exit through the LAN communication unit 350 that performs LAN communication. Transmit to device P. Thereby, the management apparatus P can centrally manage the current position of the employee in the restricted area and the past entry / exit history.

Next, processing of the attendance registration apparatus S and the entry / exit control apparatus M when the entry / exit management system of this embodiment is operated will be described.
First, the operation when the attendance registration apparatus S receives an authentication request will be described with reference to FIGS. FIG. 7 is a flowchart showing processing of the attendance registration apparatus S when an authentication request signal is received from the reader / writer RW11.
When an employee who is engaged in a managed building enters the restricted area when going to work, or enters the restricted area again after going out of the restricted area during work, the authentication card C is brought close to the reader / writer RW11. Let me read.

  When the attendance registration apparatus S receives the authentication request signal from the reader / writer RW11, the attendance registration apparatus S starts an authentication process. First, it is verified whether or not the read ID code of the authentication card C matches the ID code registered in the storage unit 250 (S500). If they do not match (No in S500), it is determined that the user is not a legitimate user, notifies the reader / writer RW11 that the authentication has failed, and ends the processing (S502).

If the ID codes match (Yes in S500), the attendance / attendance history corresponding to the ID code in the storage unit 250 is referred to and it is determined whether the employee who has requested authentication has been registered for attendance (S504). If the sunrise time is registered in the attendance history, it is determined that the attendance has been registered (already attended) (Yes in S504), and the authentication request is recognized as a traffic request. Then, in order to determine whether or not the employee can pass, it is determined whether or not the current time is within the expiration date of the read authentication card C (S506).
If it is determined that the current time has passed the expiration date (No in S506), it is determined that the user is not a valid user, the reader / writer RW11 is notified that the authentication has failed, and the process is terminated (S502). ). On the other hand, if it is determined that the current time is within the expiration date (Yes in S506), it is determined that the user is an authorized user who has the usable authentication card C and the reader / writer RW11 is authenticated. A notification of success is sent (S508). At the same time, the door D6 with electric lock is unlocked to allow the user to pass physically (S510), and the process ends.

  Further, in the determination process of S504, if the current working hours are not registered in the attendance history, it is determined that the attendance has not been registered (no attendance) (No in S504), and this authentication request is related to the attendance request. Recognize. Then, with reference to the attendance time zone H corresponding to the ID code registered in the storage unit 250, it is determined whether or not the current time is the attendance time zone of the employee requesting the authentication (S512). If it is determined that the current time is not in the attendance time zone H (No in S720), it is determined that the user is not a valid user, notifies the reader / writer RW11 that the authentication has failed, and the process ends (S502). .

  On the other hand, when it is determined that the current time is the attendance time zone H (Yes in S512), it is determined that the request is a valid attendance request. The currently valid expiration date is not written in the authentication card C possessed by the employee who makes a valid attendance request. Therefore, without determining whether or not the current time is within the expiration date, the current time is registered as the attendance time corresponding to the ID code of the attendance history, and the attendance is registered (S514). Subsequently, the expiration date is calculated by adding the upper limit time T corresponding to the ID code to the current time, the obtained expiration date is written from the reader / writer RW11 to the authentication card C, and the read authentication card C is validated. (S516). At the same time, the reader / writer RW11 is notified that the authentication has been successful (S508), and the door D6 with electric lock is controlled to be physically permitted to pass the user (S510), and the process is terminated. From this point in time until the expiration date arrives, the authentication card C can be used by the access control device M arranged in the restricted area.

FIG. 8 is a flowchart showing the processing of the attendance registration apparatus S when an authentication request signal is received from the reader / writer RW12.
When the employee who is engaged in the building to be managed goes out of the restricted area during work or leaving the office, the reader / writer RW12 is caused to read the authentication card C in the vicinity. In addition, when leaving the office, the operation button of the reader / writer RW12 is operated to instruct that the request is for leaving.

  When the attendance registration device S receives the authentication request signal from the reader / writer RW12, the attendance registration device S starts an authentication process. First, it is verified whether or not the read ID code of the authentication card C matches the ID code registered in the storage unit 250 (S600). If they do not match (No in S600), it is determined that the user is not a valid user, the reader / writer RW12 is notified that the authentication has failed, and the process is terminated (S602).

If the ID codes match (Yes in S600), it is determined whether or not the received authentication request signal is related to a leave request, that is, whether or not the authentication request signal includes information indicating the leave request (S604). ). When the information indicating the leaving request has not been received (No in S604), it is recognized that this authentication request is related to the traffic request. Then, in order to determine whether or not the employee can pass, it is determined whether or not the current time is within the expiration date of the read authentication card C (S606).
When it is determined that the current time has passed the expiration date (No in S606), it is determined that the user is not a valid user, the reader / writer RW12 is notified that the authentication has failed, and the process is terminated (S602). ). On the other hand, if it is determined that the current time is within the expiration date (Yes in S606), it is determined that the user is an authorized user who has the usable authentication card C, and the reader / writer RW12 is authenticated. A notification of success is sent (S608). At the same time, the door D6 with electric lock is unlocked to allow the user to pass physically (S610), and the process ends.

  In the determination process of S604, when it is determined that the authentication request signal includes information indicating the leave request (No in S604), the authentication request is recognized as being related to the leave request. Then, the current time is registered as the work time corresponding to the ID code of the work history, and the work is registered (S612). Subsequently, the expiration date is calculated by subtracting a predetermined time from the current time, the obtained expiration date is written into the authentication card C from the reader / writer RW11, and the read authentication card C is invalidated (S614). At the same time, the reader / writer RW11 is notified that the authentication has been successful (S608), and the door D6 with electric lock is controlled to be physically allowed to pass through the user (S610), and the process is terminated. At this time, the authentication card C is made unusable by the access control device M arranged in the restricted area. Note that the current time may be a new expiration date instead of the past time as the expiration date.

Next, the pass / fail determination process in the access control apparatus M will be described. FIG. 9 is a flowchart showing passability determination processing by the access control apparatus M when receiving an authentication request signal from the card reader CR.
Employees engaged in the building under management are allowed to read the card information by bringing the authentication card C close to the card reader CR provided near the door D with the electric lock when entering and leaving each room in the restricted area. An authentication request is made to the control device M.

When the card reader CR receives an authentication request signal (including an ID code and an expiration date) when the card reader CR reads the card information of the authentication card C, the access control device M starts a pass / fail determination process.
First, it is verified whether or not the ID code of the read authentication card matches the ID code registered in the storage unit 330 (S700). If they do not match (No in S700), it is determined that the user is not a valid user, the card reader CR is notified that the authentication has failed, and the process is terminated (S710).

If the ID codes match (Yes in S700), it is then determined whether or not the read authentication card C expiration date is a valid time (S720). If it is determined that the current time has passed the expiration date (No in S720), it is determined that the user is not a valid user, the card reader CR is notified that the authentication has failed, and the process is terminated (S710). ).
On the other hand, if it is determined that the ID codes match and the current time is within the expiration date (Yes in S720), it is determined that the user is a legitimate user who has the usable authentication card C. Then, the card reader CR is notified that the authentication has succeeded (S730). At the same time, the door D with the electric lock is unlocked to allow the user to pass physically (S740), and the process ends.

  As described above, the entry / exit management system of the present embodiment has a function of restricting user traffic at the entrance / exit of the restricted area in the attendance registration device that validates the storage medium possessed by the user at the time of attendance. Can be made. As a result, only users who have registered to attend work can pass through in the restricted area, and the entire area (for example, the entire building to be managed) in which restricted traffic is to be restricted can be designated as a restricted area. It is possible to realize an entrance / exit management system. In addition, the attendance registration device that has received the authentication request determines whether it is a normal attendance request or attendance request according to the current attendance status and time, so that the user can authenticate whether he / she is attending or attending. It is only necessary to read the card, and a highly convenient system can be realized.

In the above embodiment, the attendance time zone is set for each ID code, that is, for each employee. However, a common attendance time zone may be set for all employees. In addition, it may be configured not to use the attendance time zone, and in this case, the processing of S512 in FIG. 7 is omitted.
Moreover, in the said embodiment, although the upper limit time T is made into the upper limit time number which can work continuously, you may use an upper limit end time. In this case, the calculation of the expiration date at the time of attendance registration is omitted, and the upper limit time T is directly written in the authentication card as the expiration date.

It is a figure which shows the operation image of the entrance / exit management system of this embodiment. It is a figure which shows the whole structure of the entrance / exit management system of this embodiment. It is a figure which shows the structure of the card | curd for authentication which the employee has. It is a functional block diagram of an attendance registration device, and a diagram showing a connection relationship with a door with an electric lock and a reader / writer. It is a figure which shows an example of the management information memorize | stored in the memory | storage part of an attendance registration apparatus. It is a figure which shows the connection relationship with the functional block diagram of an access control apparatus, a door with an electric lock, and a card reader. It is a flowchart which shows the process of the attendance registration apparatus when an authentication request signal is received. It is a flowchart which shows the process of the attendance registration apparatus when an authentication request signal is received. 5 is a flowchart showing a pass / fail determination process in the access control apparatus M.

Explanation of symbols

S ... attendance registration device M ... access control device CR ... card reader RW ... reader / writer D ... door P with electric lock ... management device 210 ... electric lock control unit 220 ..Reader communication unit 230 ... clock unit 240 ... LAN communication unit 250 ... storage unit 260 ... control unit 310 ... electric lock control unit 320 ... reader communication unit 330 ... memory Unit 340 ... Clock unit 350 ... LAN communication unit 360 ... Control unit

Claims (3)

An entry / exit management system comprising an entry / exit control device that restricts traffic between rooms in a restricted area, and an attendance registration device that restricts entry into the restricted area,
The access control device
A reading unit for reading the identification code and expiration date of the storage medium possessed by the user;
A controller that cancels the traffic restriction when the identification code read from the storage medium is a regular identification code and the current time is within the expiration date read from the storage medium;
The attendance registration device is:
A reading unit for reading the identification code and expiration date of the storage medium;
A writing unit for writing an expiration date to the storage medium;
When the reading unit recognizes the storage medium, it determines whether the request is a traffic request or a work attendance request by a user, and if it is determined to be the traffic request, the identification code read from the storage medium is a regular identification. If it is a code and the current time is within the expiration date read from the storage medium, the traffic restriction is canceled, and if it is determined that the attendance request is received, the identification code read from the storage medium should be a legitimate identification code. And an entry / exit management system comprising: a control unit that writes an expiration date to the storage medium to make it usable. The attendance registration device further includes a storage unit that records a working state of a user who owns the storage medium in association with the identification code of the storage medium,
The control unit of the attendance registration device is:
When the reading unit recognizes the storage medium, if the working state of the storage unit is already attended, it is determined as the traffic request, and if the working state is not attended, it is determined as the attendance request. The access control system according to 1. The storage unit further stores an attendance time zone that is a scheduled time zone of the user,
The control unit of the attendance registration device is:
The entrance / exit management system according to claim 2, wherein when the reading unit recognizes the storage medium, if the current time is the attendance time zone and the work status is not attendance, the attendance request system is determined.

Images