JP2009259189A - Entrance/exit management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To execute the maintenance of a gate controller for executing the locking/unlocking a door so as to prevent people from being confined when executing the maintenance in an entrance/exit management system. <P>SOLUTION: In the entrance/exit management system, whether there is people within an area is detected on the basis of information that the people enters/leaves to/from an area with respect to the area corresponding to the gate controller whose maintenance is executed. When there is people within the area, maintenance execution is not instructed. However, if there is another door that enables people to leave the area, that there is another gate controller corresponding to the another door, and that the maintenance of the another gate controller is not executed, maintenance is executed. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a gate control device that controls locking and unlocking of a door, and more particularly to execution of maintenance in the gate control device.

Conventionally, there is a gate control device that performs locking and unlocking of a door in order to manage a person's entrance and exit. This type of gate control device has a secondary battery that operates as a backup power source so that the door can be locked and unlocked for a certain period of time even if the power supply from the main power supply is cut off in the event of an emergency such as a power failure. Is provided.
Patent Document 1 discloses an exit management system that operates by switching from a main power source to a backup power source during a power failure.
Japanese Patent Laid-Open No. 11-110600

  By the way, since a battery deteriorates with age, it is necessary to periodically check whether the secondary battery can supply power for a certain period of time. The inspection of the secondary battery is performed by discharging the battery for a certain period of time, and it is determined whether or not the secondary battery has deteriorated depending on whether or not the discharge voltage value falls below a predetermined voltage value. And after discharging a secondary battery for a fixed time, a secondary battery will be charged and it will return to a full charge state.

  However, after performing the battery test, if the battery is not charged and a power failure occurs in that situation, the gate control device will not be able to unlock the door. If there is a person in the room, confinement will occur. It is conceivable that a thumb-turn lock is provided inside the door and unlocked manually, but this is a gate control device that manages entry / exit, considering the risk of taking out confidential information by a third party, etc. It is not preferable.

Further, the occurrence of confinement also occurs when updating the firmware that operates the gate control device. This is because the gate control device cannot perform authentication by updating the firmware.
Therefore, in view of the above problems, an object of the present invention is to provide an entrance / exit management system that performs maintenance in a gate control device so as not to confine people.

  In order to solve the above-described problems, the present invention provides a gate control device that performs locking and unlocking of a door for restricting entry into and exit from an area subject to entrance / exit control, and a management device that manages the gate control device. The gate control device is configured to include entrance / exit information related to entry / exit of a person into / from a target area that is one area that can be entered / exited by unlocking the gate control device. Transmission means for transmitting, and maintenance execution means for performing maintenance that makes entry into and exit from the target area impossible based on an instruction from the management apparatus, wherein the management apparatus obtains the entry / exit information. Means, detection means for detecting whether or not there is a person in the target area based on the entry / exit information, and the gate control device performs the maintenance based on a detection result of the detection means A determination means for determining whether or not the maintenance may be performed; and an instruction means for outputting an instruction to perform the maintenance to the gate control device when the determination means determines that the maintenance may be performed. Yes.

Thereby, the maintenance of the gate control device that performs locking and unlocking of the door lock can be executed depending on whether or not there is a person in the target area.
The gate control device includes an emergency battery that supplies power in place of the main power supply in an emergency, and the maintenance is a battery test of the emergency battery. A receiving unit that receives a battery test execution instruction that discharges the battery for a predetermined time and inspects whether or not the output voltage value of the emergency battery can maintain a constant voltage, and the receiving unit performs the execution A battery test execution unit that executes the battery test when an instruction is received. Thus, depending on whether or not there is a person in the area, the gate control device that performs locking and unlocking of the door lock holds A battery test can be carried out for the industrial battery.

Further, the determination unit determines that the battery test may be performed when there is no person in the target area, and determines that the battery test should not be performed when there is a person in the target area. It is good to do.
As a result, the management device does not output a battery test instruction if there is a person in the gate control device corresponding to the area where it is desired to instruct execution of the battery check, so that no human confinement occurs.

  Further, the target area is provided with another gate control device that performs locking and unlocking of another door that enables entry into and exit from the target area, and the detection means includes the gate control device and the gate control device. It is detected whether or not there is a person in the target area based on entry / exit information from another gate control device, and the determination means is a case where the detection means detects that a person is in the target area. When the instruction means does not instruct the other gate control device to perform a battery test, it may be determined that the battery test of the gate control device may be executed.

  Thus, even if there are people in the area, there are other doors that can enter and exit the area, and if the battery control of the gate control device that controls the door has not been executed, the management device The gate control device can be instructed to perform a battery test. Therefore, when there are a plurality of doors attached to one area, it is possible to prevent a situation in which the battery test cannot be performed indefinitely.

  The gate control device further includes a reading unit that reads the identification information, an identification information transmitting unit that transmits the read identification information to the management device, and availability information indicating whether or not a person can enter the target area. Receiving means for receiving the information, unlocking means for unlocking the door based on the availability information, and stopping means for canceling the battery test when unlocking during the battery test of the emergency battery; Display means for displaying information indicating that the battery test was in progress, and the management device further includes an identification information receiving means for receiving the identification information, and an association with the identification information to the target area. Based on the authentication information storage means for storing authentication information indicating whether entry / exit is possible and the identification information and the authentication information, the gate control device is provided with permission information indicating whether a person corresponding to the identification information is allowed to enter / exit. Send Nay good as possible and an information transmitting means.

Thereby, the gate control device can notify the user that the battery test was being performed when a person enters the area during the battery test, and there is a risk of confinement when a power failure occurs. You can be notified.
The display means may further display information on a remaining operation time that can be operated by the emergency battery of the own device based on a discharge amount discharged in the battery test.

As a result, the gate control device can notify the operating time when a power failure occurs when a person enters the area during a battery test. If you leave the area within the notified time, you can avoid the risk of being trapped.
In addition, the management device further includes storage means for storing schedule information indicating timing for instructing the gate control device to execute the battery test, and a predetermined time for a predetermined past period. Setting means for setting the schedule information so as to estimate a timing at which a person will not be present based on information on whether or not a person is present in the target area and to execute the battery test on the gate control device. It may be provided.

As a result, the management device can set schedule information for the next time when there is no person from the time zone when there was no person, thus avoiding the situation where a battery test execution instruction cannot be issued due to the person as much as possible. be able to.
The gate control device further includes a storage unit that stores a program that defines the operation of the gate control device, and an execution unit that executes the program stored in the storage unit. The maintenance execution means includes a reception unit that receives an execution instruction that instructs to update the program, and an update unit that executes the update of the program when the execution instruction is received. As good as

Thereby, the gate control device can be executed by the processor of the gate control device based on whether or not there is a person in the target area, and can update the program that defines the operation of the gate control device.
The determination unit may execute the update of the program when there is no person in the target area, and may determine that the update of the program is not executed when there is a person in the target area.

Thereby, when the person is not in the target area, the confinement does not occur, so that the program of the gate control device can be updated.
Further, the gate control device has two types: an entrance area gate control device for entering the target area and an exit area gate control device for exiting the target area, and the maintenance execution unit The update of the program of the entrance area gate control device may be executed prior to the update of the program of the exit area gate control device.

As a result, the program is updated from the entry area gate control device among the entry area gate control device and the exit area gate control device corresponding to the target area. Since the confinement of the person occurs when the exit area gate control device does not operate, the confinement does not occur even if the program of the entrance area gate control device is executed.
Further, the determination means is a program for at least one exit area gate control device when there is a person in the target area and the target area is provided with a plurality of exit area gate control devices. It is also possible to determine that the update of the program of the gate control device for the exit area other than the one gate control device for the exit area may be executed on the condition that the update is not executed.

Thus, if there are multiple exit area gate control devices for exiting the target area, any one of the operations, that is, if the door can be unlocked by executing authentication, confinement does not occur, Under such conditions, it becomes possible to update the program of the gate control device for the exit area.
In addition, the determination means is a case where there is a person in the target area, and the exit area gate control device of the target area opens the corresponding door on the condition that the corresponding area is unlocked. It may be determined that the program may be updated, and the instructing unit may instruct to update the program and instruct to unlock the door.

As a result, even if there are people in the target area, when the program is updated, the door corresponding to the gate control device that is updating the program is unlocked, so that no confinement occurs.
The management system further holds anti-passback control information indicating whether or not to execute anti-passback control for the target area, and the instruction unit controls the anti-passback control for the target area. If it is a target, it may be instructed to exclude the anti-passback control.

Alternatively, the management system further holds route control information indicating whether or not route control is to be executed on the target area, and the instruction unit is configured such that the target area is a target of route control. In some cases, it may be instructed not to be subject to the route control.
In the entrance / exit management system, anti-passback control and route control may be executed for management. Anti-passback is to authenticate to a certain area, if you exit from the same area, be sure to not authenticate, and if you perform authentication other than the next authentication to exit from that area, It is a control that makes an error, that is, authentication failure. Route control is also similar to anti-passback, and is intended to control the entrance / exit routes of the area (doors entering and exiting the area). Is not possible.

If the program is updated while these controls are executed, inconvenience may occur after the update, and the above configuration can avoid this inconvenience.
Moreover, when the door which the gate control apparatus controls locking / unlocking also restricts entry / exit of a person in an adjacent area adjacent to the target area, the detection means further has no person in the adjacent area. The determination unit may determine whether or not the maintenance may be performed according to a detection result of whether or not there is a person in the target area and the adjacent area.

As a result, if the door is also a door for exiting from the adjacent area, the firmware update of the gate control device may prevent the person from exiting the adjacent area. Firmware update can be determined depending on whether or not it is present.
Further, the management device further includes a recording means for recording a time zone in which the person in the target area is present and a time zone in which the person is absent in a predetermined period, and a time zone in which no person is indicated by the recording means. It is good also as providing the schedule production | generation means which produces | generates the schedule for performing the update of the said firmware.

  As a result, the management apparatus can automatically generate a schedule for determining the timing for updating the firmware, and the operator does not have to determine the timing for updating the firmware.

Hereinafter, an entrance / exit management system according to an embodiment of the present invention will be described with reference to the drawings.
<Overview>
In the entrance / exit management system, a gate control device that locks and unlocks an electric lock of the door is arranged for each door. The entrance / exit management system performs authentication when entering a room, and the gate control device executes the lock and unlocking of the electric lock of the door to limit the person's entry into the room. The record of authentication is left in the history data as an entry record or an exit record. In the entrance / exit management system according to the present invention, the history data is used to detect whether there is a person in the room, and the battery test of the secondary battery, which is a backup power source that operates at the time of a power failure held by the gate control device, is executed. Judge whether or not to do so. If there is a person in the room, the battery test is not performed because there is a possibility of confinement. However, when there are a plurality of doors in the room (X: an integer of 2 or more) and there is no possibility of confinement, a battery test may be performed for X-1 gate control devices.
<Embodiment 1>
FIG. 1 is a system diagram showing a system configuration of an entrance / exit management system. As shown in FIG. 1, the entrance / exit management system includes a management device 100, a gate control device 111, and a gate control device 112.

  The management device 100 has a function of managing the gate control device 111 and the gate control device 112, and opens the door corresponding to each gate control device based on the identification information read by the gate control device 111 and the gate control device 112. It has a function of executing authentication of whether or not the lock can be executed. In addition, the gate control device has a function of managing history data of locking / unlocking and a function of instructing execution of a battery test of a secondary battery included in the gate control device. Details of the management apparatus 100 will be described later with reference to FIG. In addition, the management device 100 also holds information indicating which gate control device corresponds to which area.

  The gate control device 111 is provided in the area A and has a function of executing the locking and unlocking of the electric lock 131 of the door 121 for entering and leaving the area A. Area A includes area B. The gate control device 111 transmits the identification information read by the authentication data reading terminals 141 and 142 to the management device 100, and unlocks the electric lock 131 provided on the door 121 based on the authentication result acquired from the management device 100. Has the function to execute. The authentication data reading terminal 141 is used to read identification information from the IC card held by the user when entering the area A, and the authentication data reading terminal 142 receives the identification information from the IC card when leaving the area B. Used for reading. The gate control device 111 also has a function of locking the electric lock 131. Details of the gate control device will be described later with reference to FIG.

  The gate control device 112 is provided in the area B and has a function of executing the locking and unlocking of the electric lock 132 of the door 122 for entering and leaving the area B. The gate control device 112 transmits the identification information read by the authentication data reading terminals 143 and 144 to the management device 100, and unlocks the electric lock 131 provided on the door 121 based on the authentication result acquired from the management device 100. Has the function to execute. The authentication data reading terminal 143 is used to read identification information from the IC card held by the user when entering the area B. The authentication data reading terminal 144 receives the identification information from the IC card when leaving the area B. Used for reading. The gate control device 111 also has a function of locking the electric lock 131.

Now, each device will be described in detail.
FIG. 2 is a functional block diagram illustrating a functional configuration of the management apparatus 100.
The management device 100 includes a gate control device I / F unit (Inter Face) 210, a data management unit 220, and a battery check instruction unit 250, and includes authentication data 230, history data 240, and a battery check schedule. 260.

  The gate control device I / F unit 210 has a function of executing communication with each gate control device in accordance with a predetermined standard. When the gate control device I / F unit 210 receives the identification information from the gate control device, the gate control device I / F unit 210 transmits the identification information to the data management unit 220 together with the information of the gate control device that has transmitted the identification information. Has a function of transmitting authentication enable / disable information indicating the authentication result to the gate control device. In addition, when state information including information such as an event (locking, unlocking) or the like that has occurred in the gate control device is received from the gate control device, it has a function of transmitting the state information to the data management unit 220. In addition, when a battery test instruction is received from the battery check instruction unit 250, the battery check instruction unit 250 has a function of transmitting the instruction to the designated gate control device, and information on the result of the battery test is transmitted to the battery check instruction unit. 250.

  The data management unit 220 has a function of managing the authentication data 230 and the history data 240 and executing authentication based on the identification information acquired from the gate control unit I / F unit 210 and the information of the gate control device. In addition, it has a function of updating the history data 240 based on the executed authentication and the state information of the gate control device obtained from the gate control unit I / F unit 210. The authentication data 230 is information for authenticating whether or not the user corresponding to the identification information read by the gate control device has the right to enter the room, and the history data 240 is the result of the authentication or the door unlocking / unlocking. Information and history information of the error that occurred. Details of the authentication data 230 and the history data 240 will be described later.

  The battery check instruction unit 250 determines whether or not there is a person in the area corresponding to the gate control device that designates the battery test based on the battery check schedule 260 that indicates the date and time for performing the battery check for each gate control device. It has a function of instructing execution of a battery test, and a function of transmitting a battery test instruction to the gate control device I / F unit 210. Further, it has a function of updating the battery inspection schedule 260 based on information related to the battery test (battery test completion report, battery test interruption report, error report, etc.) transmitted from the gate control device I / F unit 210. The battery check schedule 260 is information indicating the date and time when the battery test is executed in each gate control device, and also includes information on the result of the battery test. Details of the battery check schedule 260 will be described later.

  In addition, when there is a person in the area corresponding to the gate control device that is to instruct the battery test, the battery check instruction unit 250 does not issue the battery check instruction and the battery check schedule is not executed. However, for gate control devices with unexecuted information, it was not possible to instruct if there were no people by detecting whether or not there was a person periodically (for example, every 24 hours). Outputs battery check instructions.

  Here, determination of whether or not a person is present will be described. In the history data 240, information on entering and leaving the area is recorded for each user. That is, when a certain user enters the area, the entry record is left in the history data 240. If no exit record from the area is recorded in the history data 240 for the user after the entry timing, You can determine that you are in that area. If there is an exit record corresponding to the most recent entry record for all users in the area corresponding to the gate control device that executes the battery test, it can be determined that there is no person in the area.

The above is the description of each unit of the management apparatus 100.
Next, the gate control device will be described. The configuration of each gate control device is the same except for the electric lock to be managed and the authentication data reading terminal, and the functional configuration is the same. Therefore, here, the gate control device 111 will be described as an example.
FIG. 3 is a functional block diagram showing a functional configuration of the gate control device 111. As shown in FIG. 3, the gate control device 111 includes a communication unit 310, a reading unit 320, a locking / unlocking unit 330, and an emergency power unit 340. The gate control device 111 is normally driven by receiving power from the main power supply 341.

  The communication unit 310 has a function of executing communication with the management apparatus 100 in accordance with a predetermined standard. The communication unit 310 has a function of transmitting the identification information from the reading unit 320 to the management apparatus 100 when it is transmitted. In addition, it has a function of transmitting authentication propriety information transmitted from the management apparatus 100 to the locking / unlocking unit 330 according to the identification information. The communication unit 310 has a function of receiving a battery check instruction from the management device 100 and transmitting the power unit battery check instruction. In addition, it has a function of transmitting information on event information generated in the gate control device 111, information on door locking, unlocking, etc.) to the management device 300.

  The reading unit 320 is connected to the authentication data reading terminals 141 and 142, and has a function of reading identification information from the IC card and transmitting the read identification information to the communication unit 310. FIG. 5 shows an external view of an authentication data reading terminal 141 as an example of the authentication data reading terminal. The authentication data reading terminal 141 uses the sensor unit 501 to read identification information held by the IC card from the IC card. The authentication data reading terminal 141 includes an LED for indicating the state of the terminal itself, and the LED includes an LED 503 that blinks when the battery is being checked. Furthermore, the authentication data reading terminal 141 is also provided with a monitor 502 for showing the state of the own terminal in more detail. The reading unit 320 reads the identification information even during the battery test.

The locking / unlocking unit 330 is connected to the electric lock 131 and has a function of unlocking the electric lock 131 if the authentication propriety information indicates unlocking based on the authentication propriety information from the communication unit 310. In addition, when the electric lock 131 is unlocked, it has a function of detecting that the door is closed again and locking the electric lock 131.
The emergency power unit 340 has a function of supplying drive power to each unit of the gate control device 111 in an emergency, that is, when the power supply from the main power supply 341 cannot be received. The emergency power unit 340 is required to be able to supply enough power to drive the gate control device 111 for at least 10 minutes in an emergency. The emergency power unit 340 is configured to include the secondary battery 342, and in normal times, the power supply is obtained from the main power supply 341, and the power is transmitted to each part, and the power supply is obtained from the main power supply 341 such as during a power failure. If not, the secondary battery 342 is used as a backup power source, and power is transmitted to each unit.

In addition, the emergency power unit 340 has a function of receiving a battery inspection instruction transmitted from the communication unit 310 and executing a battery test of the secondary battery 342. The battery test will be described with reference to the circuit diagram shown in FIG.
FIG. 4 is a circuit diagram showing a configuration of a battery test circuit included in emergency power unit 340. The secondary battery 342 is connected to the discharge resistor 402 by turning on the switch 404 during a battery test. The voltage detector 401 detects whether the voltage value applied to the discharge resistor 402 does not fall below a predetermined threshold for 10 minutes after the discharge is started. After the battery test is completed, the switch 404 is turned off and the switch 403 is turned on instead. When the switch 403 is turned on, the secondary battery 342 is connected to the charging device 405 and charged until it is fully charged. Although not shown in FIG. 4, the emergency power unit 340 includes a mechanism for transmitting power from the secondary battery 342 to each unit of the gate control device 111.

  If the discharge voltage of the secondary battery 342 does not fall below the threshold value, the emergency power unit 340 transmits a completion report indicating that the battery test has ended and that the battery has not deteriorated over time to the communication unit 310. In addition, when the discharge voltage of the secondary battery 342 falls below the threshold value, the emergency power unit 340 sends a deterioration report to the communication unit 310 indicating that the battery test is completed and the secondary battery 342 has deteriorated over time. introduce. Further, the emergency power unit 340 transmits a charging completion report to the communication unit 310 when the charging of the secondary battery 342 is completed.

Further, the emergency power unit 340 interrupts the battery test when the gate control device 111 executes the unlocking of the door during the battery test, and transmits an interruption report indicating that the battery test is interrupted via the communication unit 310. To the management apparatus 100.
The above is the description of each part of the gate control device 111.
<Data>
From here, data used in the entrance / exit management system will be described.

First, the authentication data 230 will be described with reference to FIG.
FIG. 6 is a data conceptual diagram showing a data configuration example of the authentication data 230. As shown in FIG. 6, the authentication data 230 includes a management number column 601, a name column 602, identification information 603, and a room entry area column 604.
The management number column 601 includes number information for the management apparatus 100 to manage authentication information.

The name column 602 includes information on the user name corresponding to the management number.
The identification information column 603 includes identification information of the IC card held by the user corresponding to the management number.
The entry permission area column 604 includes information on areas where the user corresponding to the management number can enter.

The management device 100 indicates the permission to unlock when the identification information received from the gate control device matches the area corresponding to the gate control device and the identification information based on the information of the gate control device. Authentication availability information including is output.
In FIG. 6, for example, the name of the user corresponding to the management number “3101” is “Taro Yamada”, the identification information is “12289690”, and the area that can be entered is “Area A, Area B”. It has become.

FIG. 7 is a data conceptual diagram showing a data configuration example of the history data 240.
As illustrated in FIG. 7, the history data 240 includes a management history column 701, a name column 702, a location column 703, a status column 704, and a date / time column 705.
The management history column 701 includes management number information for the management apparatus 100 to manage history data.

The name column 702 includes the name of the user who has performed authentication when the history data relates to authentication. If it is not related to authentication, “-” is recorded as no information.
The location column 703 includes information on an area where the authentication is executed and entry / exit is permitted. Further, in the case of history data when authentication fails or an error occurs, information on the gate control device in which the event has occurred is included.

The status column 704 includes information on the content of the event that has occurred. The contents of the event that has occurred include the entry / exit of the user, the occurrence of an authentication error, and the opening of the prying.
The date / time column 705 includes information on when the event occurred.
In FIG. 7, for example, according to the management history “20191”, “Kanako Suzuki” has entered “area B” and “entered” at “11:29:12 on March 13, 2008”. Also, according to the management history “20193”, “Kanako Suzuki” has “leaved” from “Area B” at “11:48:42 on March 13, 2008”, and there are people from Area B. If no more, the battery control of the gate control device 112 that controls entry / exit into the area B is possible. On the other hand, in the history data shown in FIG. 7, the area A has at least “Hajime Tanaka” and “Kanako Suzuki”, so that the battery check of the gate control device 111 that controls entry / exit into the area cannot be performed. It has become.

FIG. 8 is a data conceptual diagram showing a configuration example of the battery inspection schedule 260.
As shown in FIG. 8, the battery check schedule 260 includes an execution scheduled date / time column 801, a target device column 802, and an execution information column 803.
The scheduled execution date and time column 801 includes information on the date and time when the battery test is scheduled to be executed.
The target device column 802 includes information on a gate control device that holds a battery to be subjected to a battery test.

In the execution information column 803, if the battery test is executed, the information on the date and time when the battery test is executed cannot be executed even when the scheduled execution date and time arrives. When the scheduled execution date / time has not arrived, information “−” is included.
In FIG. 8, the battery test of “gate control device 112” was to be executed at “23:00 on March 12, 2008”, but “unexecuted” for some reason. In this case, the management apparatus 100 periodically detects (for example, every 24 hours) whether or not there is a person in the area B to which the gate control apparatus 112 corresponds. Instruct the execution of the test.
<Operation>
From here, the operation | movement in the battery check of an entrance / exit management system is demonstrated. Other operations related to authentication are the same as those in the conventional entrance / exit management system, and the description thereof is omitted.

Next, the operation of the management apparatus 100 in the present embodiment will be described using the flowchart shown in FIG.
The battery check instruction unit 250 detects that the timer (not shown) that measures the date and time provided in the battery check instruction unit 250 matches the scheduled execution date and time indicated in the battery check schedule 260, and executes the battery test. It is recognized that the date and time has arrived (step S901).

  The battery check instructing unit 250 refers to the history data 240 and indicates whether or not there is a person in the area corresponding to the gate control device that is scheduled to instruct the battery test in the location column 703 of the history data 240. The area corresponding to the gate control device to be scheduled is determined based on whether or not there is exit information corresponding to all rooms (step S902). This depends on whether the information that the user with the same name has left the area is recorded after the date and time when the entry information was recorded for the information that the user entered the room for the area. Determined.

  When there is a person in the area corresponding to the gate control device that is to instruct the battery test (YES in step S902), the battery check instruction unit 250 does not execute the battery test instruction, The information that the battery test is “not executed” is added. Then, the battery check instruction unit 250 periodically detects whether or not there is a person in the area, and instructs the battery test at a timing when there is no person.

If there is no person in the area corresponding to the gate control device that is to instruct the battery test, the battery inspection instruction unit 250 outputs an instruction for the battery test (step S904).
The battery check instruction unit 250 receives a report regarding the battery test from the gate control device via the gate control device I / F unit 210 (step S905).

The battery check instruction unit 250 determines whether the received report is a battery test completion report, a battery test interruption report, or an error report (step S906). This is determined by adding header information indicating each report to each report.
When the received report is a battery test interruption report (step S906: interruption report), the battery inspection instruction unit 250 records “not executed” in the battery inspection schedule 260 (step S903).

When the received report is a battery test completion report (step S906: completion report), the battery check instructing unit 250 provides information on the date and time when the battery check was executed in the battery check schedule 260 to the date and time when the completion report was received. Based on this, recording is performed (step S907).
When the received report is an error report (step S906: error report), the battery check instruction unit 250 records information indicating that the battery check schedule 260 has deteriorated over time (step S908), and the management apparatus 100 Informs the operator of information indicating that the secondary battery of the gate control device has deteriorated on a display or the like.

The above is the operation of the management apparatus 100 in the battery check.
Next, as the operation of the gate control device according to the present embodiment, the operation of the gate control device 111 during battery inspection will be described with reference to the flowchart shown in FIG. The other gate control devices are assumed to perform the same operation and will not be described.
The emergency power unit 340 of the gate control device 111 receives a battery check instruction from the management device 100 via the communication unit 310 (step S1001).

In response to the battery check instruction, the emergency power unit 340 turns off the switch 403, turns on the switch 404, and causes the secondary battery 342 to start discharging (step S1002).
The gate control device 111 is still reading the identification information at the authentication data reading terminal while the discharge start is being executed. When the reading unit 320 reads the identification information and authentication is accepted (YES in step S1003), the emergency power unit 340 turns off the switch 403 and discharges the secondary battery 342. Stop (step S1004).

As shown in FIG. 5, the emergency power unit 340 turns on the LED during the battery test to indicate that the battery is being checked, and the secondary battery is based on the time during which the battery test was performed. The operable time is displayed on the monitor 502 (step S1005).
Then, the emergency power unit 340 transmits a battery test interruption report to the management apparatus 100 via the communication unit 310 (step S1006), and ends the processing in this flow.

If 10 minutes have elapsed since the reading unit 320 did not read the identification information (YES in step S1007), it is determined whether or not the voltage value detected by the voltage detector has exceeded a predetermined voltage value (step S1008).
If the voltage value exceeds the predetermined voltage value (YES in step S1008), a battery test completion report indicating that the secondary battery 342 has not deteriorated over time is transmitted to the management apparatus 100 via the communication unit 310. (Step S1009), and the “procedure in this flow” is terminated.

If the voltage value does not exceed the predetermined voltage value (NO in step S1008), an error report indicating that the secondary battery 342 has deteriorated over time is transmitted to the management apparatus 100 via the communication unit 310. (Step S1010), the “treatment in this flow” is terminated.
The above is the operation when the battery test of the gate control device is executed.
Thereby, in the entrance / exit management system according to the present invention, based on the entrance / exit history information, it is determined whether there is a person in the area corresponding to the gate control device that executes the battery test. Since no execution of the battery test is instructed, no human confinement occurs.
<Embodiment 2>
In the first embodiment, when there is a person in the area, the management device does not instruct the corresponding gate control device to perform a battery test. This is to eliminate the risk of containment, but if there is no possibility of containment, a battery test may be instructed. In the present embodiment, a case will be described in which execution of a battery test is instructed even if there is a person in the area.
<Configuration>
FIG. 11 is a system diagram showing a configuration of the entrance / exit management system in the second embodiment.

Unlike the system diagram shown in the first embodiment, a door 123 capable of entering and leaving the area A is further provided, and a gate control device 113 for locking and unlocking the electric lock 133 of the door 123 is provided. .
The gate control device 113 is connected to the authentication data reading terminals 145 and 146, transmits the identification information read by each to the management device 100, and has a function of unlocking the electric lock 133 based on the authentication result of the management device 100. Have. Further, it has a function of executing a battery test of a secondary battery to be held in accordance with an instruction from the management apparatus 100. The functional configuration of the gate control device 113 is substantially the same as that of the gate control device 111 shown in the first embodiment except that the control target is different, and thus the description thereof is omitted here.

The management device 100 is not described in detail because the area and the gate control device have a one-to-one relationship in the first embodiment, but the area information shown in FIG. 1200 is held.
FIG. 12 is a data conceptual diagram showing a configuration example of the area information 1200. As shown in FIG. 12, the area information 1200 includes an area column 1201 and an arrangement gate control device column 1202.

The area column 1201 includes information for identifying each area managed by the entrance / exit management system.
In the arrangement gate control device column 1202, information for identifying the gate control device corresponding to the area is shown as information indicating which gate control device corresponds to the door provided in the area. Is included.

According to FIG. 12, it can be seen that, for example, two gate control devices, “gate control device 111” and “gate control device 112”, are provided in “area A”.
Whether or not there is a person, the management apparatus 100 determines whether or not there is a person based on whether or not there is a history of leaving the room corresponding to the entry in the area of the history data, as in the first embodiment.
In addition to the function shown in the first embodiment, the battery check instruction unit 250 of the management device 100 further determines whether or not there is a person, and after determining that there is a person, the gate that is instructing the battery test The area information 1200 is searched for whether another gate control device does not correspond to the area to which the control device corresponds.

  If there is another gate control device, whether or not the management device 100 is executing a battery test based on whether the other gate control device has not instructed the battery test within 24 hours. Determine whether. This is because the battery check instructing unit 250 of the management apparatus 100 instructs each gate control device to perform a battery test, and therefore holds a history of when and which gate control device has been instructed to check the battery. The determination can be executed by referring to the history information.

If another gate control device has not performed the battery test, there is no possibility of confinement if the other gate control device is driven even if an emergency occurs. Instruct execution.
In addition, when another gate control device is executing the battery test, or when the time has not elapsed since the execution, the battery test is not instructed.
<Operation>
From here, the operation | movement at the time of the battery check of the management apparatus 100 in Embodiment 2 is demonstrated.

FIG. 13 is a flowchart illustrating the operation of the management device 100 according to the second embodiment when checking the battery. Since it is basically the same as the flowchart showing the operation of the management apparatus 100 shown in FIG. 9 in the first embodiment, only the parts different from the operation shown in the first embodiment will be described here.
The operations different from those in the first embodiment of the management apparatus 100 in the second embodiment are the operations in step S1301 and step S1302 in FIG. 13, and the operation of the management apparatus 100 in steps S1301 and S1302 will be described here.

When the battery check instruction unit 250 determines in step S902 in FIG. 13 that there is a person in the area corresponding to the gate control device to be instructed to perform the battery test (YES in step S902), another gate control device in the area. A search is performed with reference to the area information 1200 (step S1301).
If there is another gate control device in the area (YES in step S1301), the battery inspection instruction unit 250 determines whether or not a battery test has been performed on the other gate control device within 24 hours. .

If the battery test is not in progress (NO in step S1302), the battery test instruction unit 250 can be removed from the door controlled by the other gate control device, so there is no risk of confinement. Instructs execution of the battery test (step S904).
If there is no other control device in step S1301 or if a battery test is being performed in step S1302, information indicating that the battery test has not been executed is registered in the battery check schedule 260 (step S903). ).

As described above, even if there is a person in the area corresponding to the gate control device that is about to instruct the battery test, the management device 100 may have another gate control device corresponding to the area. Since there is no possibility of confinement, it is determined that the battery test may be performed.
<Embodiment 3>
From now on, as a maintenance of the gate control device, a case of updating firmware for controlling a card reader (hereinafter referred to as “CR”) which is a gate control device will be described. The firmware functions by being executed by the processor in the CR, and is a program that defines the operation of the CR.

  FIG. 14 is a system diagram showing a system configuration of an entrance / exit management system according to the third embodiment. As shown in FIG. 14, the entrance / exit management system includes a management device 1000, entrance CRs 1001, 1004, 1006, 1008, 1009, 1011, 1013, exit CRs 1002, 1007, 1010, 1012, 1014, and entrance / exit rooms. CR1003 and 1005 are comprised.

The entry / exit management system includes Z0001, Z0002, Z0003, and Z0004 as areas that restrict entry / exit.
Each room entry CR, each room exit CR, and each room entry / exit CR each have a function of performing locking and unlocking of an electronic lock corresponding to a door on a one-to-one basis. In the drawing, there is a door at a position where each CR is shown.
For example, the room entry CR 1001 executes locking and unlocking of an electronic lock of a door for entering Z0001.

The exit CR 1002 performs locking and unlocking of the electronic lock of the door for exiting from Z0001.
The entrance / exit CR 1003 executes locking and unlocking of an electronic lock of the door for exiting from Z0001. At the same time, the entry / exit CR 1003 locks and unlocks the electronic lock of the door for entering Z0002.

The CR1004 for entering the room performs locking and unlocking of the electronic lock of the door for entering Z0001.
The entrance / exit CR 1005 locks and unlocks the electronic lock of the door for exiting from Z0002. At the same time, the entry / exit CR 1005 locks and unlocks the electronic lock of the door for entering Z0001.

The CR1006 for entering the room executes locking and unlocking of the electronic lock of the door for entering Z0002.
The exit CR 1007 performs locking and unlocking of an electronic lock on the door for exiting from Z0002.
The entry CR 1008 executes locking and unlocking of an electronic lock of a door for entering a small room in Z0002.

The CR1009 for entering the room executes locking and unlocking of the electronic lock of the door for entering Z0003.
The exit CR 1010 performs locking and unlocking of an electronic lock on the door for exiting from Z0003.
The entry CR 1011 is for locking and unlocking the electronic lock of the door for entering Z0003.

The exit CR 1012 locks and unlocks the electronic lock of the door for exiting from Z0003.
The CR1013 for entering the room performs locking and unlocking of the electronic lock of the door for entering Z0004.
The exit CR 1014 locks and unlocks the electronic lock of the door for entering Z0001.

  Each CR reads the ID held by the IC card, and the ID corresponding to the ID held by the IC card is included in the authentication information that is an ID group for permitting unlocking the door corresponding to each CR. If there is, unlock the electronic lock. Each CR outputs, to the management apparatus 1000, authentication information indicating successful authentication with an ID match and authentication information indicating an authentication failure with an ID mismatch. In addition, various kinds of error information, for example, the occurrence of prying out, is output to the management apparatus 1000. Each CR includes an update unit for acquiring update data in accordance with an instruction from the management apparatus 1000 and updating its own firmware. Each CR holds information on whether it is a CR for entering a room, a CR for leaving a room, or a CR for entering / leaving a room.

From here, the management apparatus 1000 is demonstrated using FIG. FIG. 2 is a functional block diagram showing a functional configuration of the management apparatus 1000.
As illustrated in FIG. 15, the management apparatus 1000 includes an I / F unit 1510, a data management unit 1520, a firmware update unit 1530, an update data acquisition unit 1540, and a storage unit 1550.

The I / F unit 1510 has a function of executing communication with each CR via the network. The I / F unit 1510 has a function of transmitting information received from the CR to the data management unit 1520, a function of transmitting firmware update data to the CR instructed by the firmware update unit 1530, and an update execution instruction. .
The data management unit 1520 has a function of managing various data stored in the storage unit 1550. In particular, the data management unit 1520 has a function of updating the occupancy information 1552 when receiving from the I / F unit 1510 authentication information in the CR, which indicates that authentication has been successful. Although not shown in FIG. 15, it also has a function of receiving authentication information and error information from the CR and recording the history.

When the firmware update unit 1530 acquires new firmware update data from the update data acquisition unit 1540, the firmware update unit 1530 refers to the occupancy information 1552 in the storage unit 1550 and determines whether there is a person in the zone. It has a function of instructing execution of updating of installed CR firmware. Details will be described later.
The update data acquisition unit 1540 has a function of acquiring a new version of firmware or update data thereof. For example, the update data acquisition unit 1540 acquires update data by inputting update data over a network by an operator or reading update data recorded on a recording medium such as a CD.

The above is the description of the management apparatus 1000.
Next, CR will be described with reference to FIGS. Since the functions held by the CRs are the same, a description will be given here of the exiting CR 1002 as an example.
FIG. 16 is an overview diagram of the exit CR 1002, and the exit CR 1002 includes an authentication information acquisition unit 1730 that reads an ID held by the IC card and a display unit 1750, and shows other self-operational states. Various LEDs are provided.

FIG. 17 is a functional block diagram showing a functional configuration of the leaving room CR 1002. As shown in FIG. 17, the exit CR 1002 includes a communication unit 1710, an authentication processing unit 1720, an authentication information acquisition unit 1730, a lock / unlock unit 1740, and a display unit 1750.
The communication unit 1710 has a function of communicating with the management apparatus 1000 via the network. The communication unit 1710 has a function of transmitting authentication information indicating a result of authentication in itself and error information when an error occurs. It has a function of receiving update data for firmware update.

The authentication processing unit 1720 holds authentication information (not shown) indicating the ID of the IC card that the leaving CR 1002 may pass, the ID acquired by the authentication information acquiring unit 1730, and the authentication information held by itself. Authentication is executed based on whether or not the IDs indicated by and match, and if they match, a function of outputting an instruction to execute unlocking to the locking and unlocking unit 1740 is provided.
The authentication information acquisition unit 1730 has a function of reading the ID held by the IC card, and has a function of transmitting the read ID to the authentication processing unit 1720.

The locking / unlocking unit 1740 has a function of performing locking and unlocking of the electronic lock of the door based on an instruction from the authentication processing unit 1720. The locking / unlocking unit 1740 also has a function of locking after a predetermined time when the electronic lock is unlocked.
The display unit 1750 includes a monitor and has a function of displaying the state of the room for exit 1002. For example, it displays that the firmware is being updated.
<Data>
From here, the various data used in this Embodiment are demonstrated.

FIG. 18 is a data conceptual diagram showing card information 1551 stored in the storage unit 1550 of the management apparatus 1000.
The card information 1551 is information for the management device 1000 to recognize which ID card is held on the entrance / exit management system, and the ID of the IC card being used is registered. Yes.

FIG. 19 is a data conceptual diagram showing occupancy information 1552 stored in the storage unit 1550 of the management apparatus 1000.
As shown in FIG. This is information in which the in-room card column 1902 is associated with the column 1901. By referring to this, the management apparatus 1000 can determine whether or not there is a person in each zone. If card information is registered in the in-room card column 1902 corresponding to the zone, it is determined that there is a person, and if not registered, it is determined that there is no person.

In FIG. 19, for example, Z0001 has a person holding an IC card corresponding to ID0001, and Z0002 has a person holding an IC card corresponding to ID0002.
FIG. 20 is a data conceptual diagram showing CR information 1553 stored in the storage unit 1550 of the management apparatus 1000.

The CR information 1553 is information for the management apparatus 1000 to recognize the CR operated in the entry / exit management system.
The CR information 1553 includes a card reader No. Column 2001, corresponding room name column 2002, and firmware version column 2003 are associated with each other.
Card reader No. In the column 2001, information indicating the ID assigned to each CR is registered.

In the corresponding room name column 2002, a name given by the operator for the zone corresponding to the CR is registered.
In the firmware version column 2003, information indicating which version of firmware the CR is operating is registered. By registering the firmware version, it is possible to determine whether the firmware needs to be updated.

FIG. 21 is a data conceptual diagram showing the zone information 1554 stored in the storage unit 1550 of the management apparatus 1000.
The zone information 1554 includes a zone number. Column 2101 and CRNo. Column 2102 and the CRNo. Column 2103 and the CRNo. A column 2104, an anti-passback column 2105, and a route control column 2106 are configured.

Zone No. In the column 2101, zone information is registered.
CRNo. In a column 2102, a CR that performs authentication when entering the zone is registered. By referring to this, it is possible to recognize which CR is a room entry CR for entering the zone.
CRNo. In a column 2103, a CR for executing authentication when leaving the zone is registered. By referring to this, it is possible to recognize which CR for leaving the room is in that zone.

In addition, CRNo. Column 2102 and the CRNo. The CR registered in both of the columns 2103 is the entrance / exit CR.
In zone CRNo. In the column 2104, there is another room in the zone, and a CR for executing authentication when entering the room is registered.
The anti-passback column 2105 is information indicating whether or not anti-passback control is being executed in the thorn. Anti-passback control is a control that manages entry and exit strictly in association with each other. When a certain zone is authenticated with a CR, it is authenticated with the CR in that zone. It controls to have to leave the room. Then, when the user leaves the room without performing authentication with the CR in the zone and tries to enter a different zone and performs the authentication, the authentication is an authentication failure and the room entry is impossible.

The route control column 2106 is information indicating whether route control is being executed in the zone. Route control is a control in which the order of CRs to be passed by performing authentication with the CR when passing through the zone is determined, and entry / exit cannot be performed unless the order is observed.
<Operation>
From here, the operation in the entrance / exit management system will be described.

First, the operation of the management apparatus 1000 when the authentication is executed by the CR and the authentication is successful, that is, the update operation of the occupancy information 1552 will be described with reference to FIG. When authentication fails, authentication failure information is simply registered in the authentication history. FIG. 22 is a flowchart showing a flow of updating the occupancy information 1552 by the management apparatus 1000.
The I / F unit 1510 of the management apparatus 1000 receives authentication success information from the CR, and transmits the received information to the data management unit 1520 (step S2201). The information includes the ID of the IC card that has been successfully authenticated and the information of the CR that has been authenticated.

The data management unit 1520 searches the zone information 1554 for zone information corresponding to the CR information from the CR information included in the transmitted information (step S2202).
The data management unit 1520 indicates that the zone information 1554 indicates that the CR information transmitted from the I / F unit 1510 is the CRNo. Column 2102 and the CRNo. Whether it is a CR for entering or leaving the room is detected based on whether it is in both of the columns 2103 (step S2203).

  If the CR is an entry / exit CR (step S2204), the data management unit 1520 searches the zone information 1554 for a zone in which the CR is the entry CR, and the occupancy corresponding to the searched zone. The occupancy information 1552 is updated by registering the card ID transmitted from the I / F unit 1510 in the occupancy card column 1902 of the information 1552. In addition, the data management unit 1520 searches the zone information 1554 for a zone in which the CR is a room leaving CR, and from the occupancy card column 1902 of the occupancy information 1552 corresponding to the searched zone, the I / F unit 1510 Is deleted (step S2204), and the process ends.

On the other hand, if the CR is not the entrance / exit CR (NO in step S2203), the data management unit 1520 indicates that the CR information transmitted from the I / F unit 1510 is the entry CRNo. It is determined whether or not it is a CR for entering depending on whether or not it is in the column 2102 (step S2205).
If the CR is a room entry CR (YES in step S2205), the data management unit 1520 reads the zone corresponding to the CR from the zone information 1554, and then the in-room card column 1902 corresponding to the zone. The occupancy information 1552 is updated by adding the card ID received from the I / F unit 1551 (step S2206), and the process is terminated.

  If the CR is not a room entry CR (NO in step S2205), the data management unit 1520 reads the zone corresponding to the CR from the zone information 1554, and then the in-room card column 1902 corresponding to the zone. The occupancy information 1552 is updated by deleting the card ID received from the I / F unit 1551 (step S2207), and the process is terminated.

Next, the firmware update operation will be described. FIG. 23 is a flowchart showing an operation when the CR of the management apparatus 1000 is instructed to update the firmware. Here, the update of the CR firmware for a certain zone will be described. This operation is executed for each zone.
When the update data acquisition unit 1540 acquires the update data, the firmware update unit 1530 arbitrarily selects a zone having a CR whose version information does not match the update data in the CR information 1553, and sets the information of the selected zone as the zone information. It acquires from 1554 (step S2301).

The firmware update unit 1530 acquires occupancy information corresponding to the zone to which the CR whose firmware is to be updated belongs (step S2302).
The firmware update unit 1530 detects whether there is a person in the zone from the acquired occupancy information (step S2303).
If there is no person in the zone (NO in step S2303), the firmware update unit 1530 locks the electronic locks that each CR is responsible for unlocking and unlocking to all CRs corresponding to the zone via the communication unit 1510. In this state, an instruction to stop the authentication process is output, and then an instruction to update the firmware and update data are transmitted (step S2304). Thus, the firmware is updated in the CR, and the CR restarts the authentication process after the firmware is updated.

  If there is a person in the zone (YES in step S2303), the firmware update unit 1530 changes the entrance CR corresponding to the zone to the entrance CRNo. A search is made from the column 2102, and the corresponding entry CR is instructed to execute firmware update (step S2305). Because the situation that we want to prevent during the firmware update is the confinement of people, even if there is a person in the zone, the CR for exit will operate, and no confinement will occur. There is no problem even if is executed.

When the firmware update for the entry room CR is completed, the firmware update unit 1530 determines whether there are a plurality of exit room CRs corresponding to the zone. A search is made from the column 2103 (step S2306).
If there are a plurality of room leaving CRs (YES in step S2306), an instruction is issued to update firmware for the room leaving CRs in order. If there are multiple exit CRs, it is possible to exit from the doors corresponding to the other exit CRs even if the firmware of one CR is updated. Absent. Here, updating firmware in order means updating firmware one by one, or updating the CR firmware belonging to one group by dividing the leaving CR into two or more groups. In some cases, the firmware of the CR belonging to another group is updated after executing the above. In other words, it is only necessary that the firmware is updated in such a manner that at least one exit CR does not update the firmware and is in an operating state.

  When there are not a plurality of leaving CRs (NO in step S2306), the firmware is not updated here, and it is detected again whether there is a person in the zone after a predetermined time, and the timing when there is no person Update the firmware with. Whether or not the firmware for the leaving room CR is updated can be determined by referring to the version information of the CR information 1553 and determining whether or not it is the latest version.

When the firmware update is executed in the CR, the CR transmits information indicating that the firmware update has been executed to the management apparatus 1000, and the data management unit 1520 of the management apparatus 1000 receives the information to thereby obtain the CR information. The version information 1553 is updated.
If there are not a plurality of leaving CRs (NO in step S2306), it is detected whether or not there is a person again after a predetermined time (for example, after 3 hours), and if there is no person, the firmware is updated. However, if the firmware must be updated immediately, the firmware is updated according to the following procedure. The firmware update unit 1530 causes the leaving CR to unlock the electronic lock until the firmware update is completed. Then, the stop CR authentication process is instructed, and the firmware is instructed to be updated. When the firmware update is completed, the electronic lock is locked. By doing so, there is a problem in the management of entrance and exit, but it is possible to prevent people from being trapped. In this case, the execution of the process may be left as a history.

The above is the operation when the firmware of the management apparatus 1000 is updated.
By the way, the entry CR may be the exit CR at the same time. In the system diagram of FIG. 14, the entry / exit CRs 1003 and 1005 correspond. In such a case, it is necessary to update the firmware in consideration of adjacent zones. The operation of the management apparatus 1000 taking such a case into consideration is shown in the flowchart of FIG.

When the update data acquisition unit 1540 acquires the update data, the firmware update unit 1530 arbitrarily selects a zone having a CR whose version information does not match the update data in the CR information 1553, and sets the information of the selected zone as the zone information. It acquires from 1554 (step S2401).
The firmware update unit 1530 acquires the occupancy information corresponding to the zone to which the CR whose firmware is to be updated and the information of other CRs that belong to the zone to which the CR belongs from the zone information 1554 (step S2402).

  The firmware update unit 1530 determines whether the acquired other CR information is included in a zone other than the zone to be updated by the entry entry CRNo. Column 2102 and the CRNo. Search with reference to column 2103. When a CR is included in a zone other than the firmware update target zone, the occupancy information corresponding to the other zone is read (step S2403). The other zone is a zone adjacent to a zone for updating firmware (referred to as a target zone), and is referred to as an adjacent zone here.

The firmware update unit 1530 detects whether there is a person in either the target zone or the adjacent zone from the acquired occupancy information (step S2404).
If there is no person in the target zone and the adjacent zone (NO in step S2404), the firmware update unit 1530 is responsible for locking and unlocking all CRs corresponding to the target zone via the communication unit 1510. The instruction to stop the authentication process is output while the electronic lock is locked, and then the firmware update execution instruction and the update data are transmitted (step S2409). Thus, the firmware is updated in the CR, and the CR restarts the authentication process after the firmware is updated.

If there is a person in the target zone or the adjacent zone (YES in step S2404), whether there is a person in the adjacent zone is detected with reference to the occupancy information of the adjacent zone (step S2405).
When there is a person in the adjacent zone (YES in step S2405), the firmware update unit 1530 assigns the entrance CR excluding the entrance / exit CR to the entry zone CRNo. A search is made from the column 2102 and the corresponding entry CR is instructed to execute firmware update (step S2406).

When there is no person in the adjacent zone (NO in step S2405), the firmware update unit 1530 converts the all entrance CRs including the entrance / exit CR corresponding to the target zone to the entrance CRNo. A search is made from the column 2102, and the corresponding entry CR is instructed to execute firmware update (step S2407).
When the firmware update for the entry room CR is completed, the firmware update unit 1530 determines whether there are a plurality of exit room CRs corresponding to the zone. A search is made from the column 2103 (step S2408).

  If there are a plurality of leaving CRs (YES in step S2408), an instruction is issued to update the firmware of the leaving CRs in order. Here, updating firmware in order means updating firmware one by one, or updating the CR firmware belonging to one group by dividing the leaving CR into two or more groups. In some cases, the firmware of the CR belonging to another group is updated after executing the above.

  If there are not a plurality of leaving CRs (NO in step S2408), the firmware is not updated here, and detection of whether there is a person in the zone again after a predetermined time (for example, 3 hours) is performed. Go and update the firmware when no one is present. Whether or not the firmware for the leaving room CR is updated can be determined by referring to the version information of the CR information 1553 and determining whether or not it is the latest version.

  By the way, when updating the firmware of the exit CR, the anti-passback control may be executed in the zone corresponding to the exit CR. In anti-passback control, when entering a zone from the door controlled by the entrance CR, if the exit CR contained in that zone does not authenticate and then exit the room, an error, that is, authentication, will occur in the next authentication. Impossibility is control that does not perform unlocking of the door, and has the effect of preventing entry / exit due to sharing. When there is only one CR for leaving the room and the firmware is updated despite the presence of a person in the zone, the firmware is updated by opening the electronic lock so that the person in the zone can leave the room. Will cause an error if the person leaves the room while the firmware is being updated, and the person next authenticates somewhere. This is because the user exited without performing authentication at the exit CR that is updating the firmware. This is a situation that occurs because the firmware is updated, and it is inconvenient for the user to invite this situation. Therefore, the process shown in FIG. 25 is executed.

This process is a process in the case where there is a person in the zone with only one exit CR in step S2306 of FIG.
The firmware update unit 1530 updates the firmware of the leaving room CR (step S2501).
At this time, the firmware update unit 1530 searches the anti-passback column 2105 of the zone information 1554 to determine whether or not anti-passback control is being executed in the zone where the firmware is being updated (step S2502).

If the anti-passback control has been executed (YES in step S2502), the firmware update unit 1530 changes the anti-passback of the zone information 1554 from implementation to non-execution, and also performs anti-pass on each CR in the corresponding zone. Instructing the execution of the back control to be in an unexecuted state (step S2503).
When the firmware update unit 1530 receives information indicating that the firmware update has been completed from the CR, the firmware update unit 1530 instructs the anti-passback control to be executed (step SS2504). However, for the first authentication after updating the firmware for all card IDs on the system, control by anti-passback is not executed.

If the anti-passback control has not been executed (NO in step S2502), the firmware is updated as it is and the process ends.
As a result, even if the anti-passback control is executed, no error occurs in the authentication after the firmware update. Further, the anti-passback control can be executed even after the firmware is updated.

  In this zone, route control may be executed instead of anti-passback control. The route control is to control the entrance and exit routes to be restricted by separating the entrance and exit doors when entering and exiting a certain zone. For example, in the system diagram of FIG. The entrance door and the exit door are controlled separately. Similarly to the anti-passback control, if the entrance CR 1013 authenticates and enters the zone Z0004, the exit CR 1014 authenticates. If the user does not leave the room, this is a control that causes an error when the next authentication is performed by a person other than the CR 1014 for leaving the room.

In this case as well, it is necessary to execute the same processing as in the case of anti-passback control. FIG. 26 shows the operation of the firmware update unit 1530 in this case. As can be seen by comparing FIG. 26 with FIG. 25, the difference is the processing in steps S2502, S2503, and S2504 in FIG.
The firmware update unit 1530 searches the route information column 2106 of the zone information 1554 to determine whether route control is being executed in the zone where the firmware is being updated (step S2602).

If the route control has been executed (YES in step S2602), the firmware update unit 1530 changes the route control of the zone information 1554 from the implementation to the non-execution and executes the route control on each CR of the corresponding zone. An instruction is given to enter an unexecuted state (step S2603).
When the firmware update unit 1530 receives information indicating that the firmware update has been completed from the CR, the firmware update unit 1530 instructs the route control to be in an execution state (step SS2604). However, route control is not executed for the first authentication after updating the firmware for all card IDs on the system.

If route control has not been executed (NO in step S2502), the firmware is updated as it is and the process ends.
As a result, even if route control is executed, no error occurs in authentication after updating the firmware. Further, the anti-passback control can be executed even after the firmware is updated.

By the way, if the firmware is updated, the CR that is updating the firmware cannot be authenticated, so the user may recognize that it is out of order. Therefore, each CR executes the following process shown in FIG. 27 while updating the firmware.
The CR executes firmware update (step S2701).
The CR displays information indicating that the firmware is being updated on the display unit on the display unit 1750 (step S2702). For example, “Firmware is being updated. Authentication cannot be executed” is displayed.

At this time, the CR searches whether the self is a room leaving CR based on the setting information indicating which type (room entry, room leaving, room entering / leaving) the CR is (step S2703).
When the self is a room leaving CR, the management apparatus 1000 is inquired whether there is another room leaving CR in the corresponding zone. The management apparatus 1000 refers to the zone information 1554, detects whether there is another leaving CR, and outputs the detection result to the leaving CR (step S2704).

  If there is another leaving CR (YES in step S2704), the management apparatus 1000 reads the corresponding room name corresponding to the other leaving CR from the CR information 1553 and notifies the CR. Using the notified corresponding room name, for example, “Firmware is being updated. Authentication cannot be executed. Please exit from the second door of the second conference room” is displayed on the display unit 1750 (step S2705). This display is performed during firmware update.

On the other hand, if there is no other room leaving CR (NO in step S2704), the management apparatus 1000 notifies the CR that there is no other room leaving CR, and the received CR is a firmware update. Continue.
Thus, the convenience of the entry / exit management system can be improved by presenting the entry / exit from another door while notifying the user that the CR is updating the firmware.
<Supplement>
In the above embodiment, the method of implementing the present invention has been described, but it is needless to say that the embodiment of the present invention is not limited to this. Hereinafter, various modified examples included in the concept of the present invention other than the above embodiment will be described.
(1) Although not specifically described in the above embodiment, the history data 240 may record information other than information related to entry / exit as long as it is information on an event related to the entry / exit system. Information such as authentication error information and occurrence of prying may be included.
(2) Although not particularly described in the above embodiment, the gate control device may hold history information relating to events occurring in the device itself.
(3) In the above embodiment, when the battery test has not been executed, it was checked whether or not an instruction can be given every 24 hours. However, this need not be every 24 hours, for example, every 1 hour. There may be. However, when the battery test has not been executed, it includes the case where the battery test is interrupted. In this case, it takes time to charge the secondary battery. At the same time, it is also a condition that the secondary battery is fully charged. The management device can detect whether or not the battery is fully charged by receiving a charge completion signal indicating that the secondary battery is fully charged from the emergency power unit of the gate control device. In the gate control device, the charge completion signal is sent to the secondary battery after a situation where the power of the secondary battery is consumed (for example, power supply during a power failure or power consumption due to battery check) occurs. It is output from the gate control device to the management device at the timing of charging.
(4) The battery check schedule 260 shown in the above embodiment may be set by an operator or the management device 100. At that time, a battery check schedule may be set using the following method.

For example, the battery check instruction unit 250 can detect a time zone in which there is a person and a time zone in which there is no person for each area by taking a history for one month. This may detect a time zone in which no people are present in the area for one day, or may detect a time zone in which no people are present for each day of the week.
Then, the battery check schedule 260 may be created so that the battery test is executed in a time zone corresponding to the time zone in which no person is obtained.

For example, Mondays from 0:00 to 2 o'clock, 2 o'clock to 4 o'clock, ... 10 o'clock to 12 o'clock, 12 o'clock to 14 o'clock, ..., 22 o'clock to 24 o'clock, Tuesdays from 0 o'clock to 2 o'clock, The time zone is divided like 2 o'clock to 4 o'clock, and so on, and the number of people in each time zone is totaled based on the history data for a predetermined period, for example, one month. Then, if it is found as a result of the aggregation that there is no person between 22:00 and 24:00 on Tuesday for an area corresponding to a certain gate control device, the battery check instruction unit 250 determines that the gate control device 250 With regard to the battery check, the schedule is set so that a battery check instruction can be issued between 22:00 and 24:00 on any Tuesday within two months after the next month.
(5) In the above embodiment, the gate control device can be operated by the secondary battery for 10 minutes in an emergency, but this time is an example, and may vary depending on the specification, for example, 20 minutes. . In this case, the battery test is discharged for 20 minutes to check whether the voltage value falls below a predetermined threshold value.
(6) In the third embodiment, the firmware update is performed on the CR included in the zone. For each CR, it is determined whether there is a person in the zone corresponding to the CR, and the firmware is updated. It may be determined whether or not to perform the update.
(7) In the third embodiment, the CR displays on the display unit 1750 that the firmware is being updated and notifies the user. However, other notification methods may be used. For example, it may be notified by a specific beep indicating that the firmware is being updated, or may be notified by voice such as “Firmware is being updated. Authentication cannot be performed”.
(8) In the third embodiment, the management apparatus 1000 has instructed each CR to update the firmware, but this may be output according to a schedule stored in advance. It is possible to detect whether or not there is a person in the zone at a predetermined timing, and to update the firmware if there is no person.

Furthermore, the management apparatus 1000 may include a schedule generation unit that automatically generates a schedule for determining the timing for updating firmware, and there is no person in the zone at the timing determined by the schedule generated by the schedule generation unit. It is also possible to instruct the update of the firmware by performing such detection. In generating the schedule, the management apparatus 1000 includes a recording unit that counts a time period in which each person is present and a time period in which no person is present in each zone for a predetermined period (for example, one week), Based on the information recorded by the recording means, a schedule is generated that defines the time zone of the day of the week when there was no person as the firmware update timing in that zone.
(9) Control composed of program codes for causing a processor such as a management device and a gate control device, and various circuits connected to the processor to perform operations related to maintenance, maintenance instruction processing, and the like shown in the above-described embodiment. The program can be recorded on a recording medium, or can be distributed and distributed via various communication paths. Such recording media include IC cards, hard disks, optical disks, flexible disks, ROMs, and the like. The distributed and distributed control program is used by being stored in a memory or the like that can be read by the processor, and the processor executes the control program, thereby realizing various functions as shown in the embodiment. Will come to be.

1 is a system diagram of an entrance / exit management system according to Embodiment 1. FIG. It is the functional block diagram which showed the function structure of the management apparatus. It is the functional block diagram which showed the function structure of the gate control apparatus. It is a circuit diagram of a battery inspection circuit. It is an external view of an authentication data reading terminal. It is a data conceptual diagram of the schedule information which a management apparatus hold | maintains. It is a data conceptual diagram of the entrance / exit history information which a gate control apparatus hold | maintains. It is a data conceptual diagram of a battery check schedule. 3 is a flowchart illustrating an operation of the management device in Embodiment 1 when checking a battery. 3 is a flowchart showing an operation of the gate control device in Embodiment 1 when checking a battery. It is a system diagram of the entrance / exit system which concerns on Embodiment 2. FIG. It is the data conceptual diagram which showed the structural example of area information. 6 is a flowchart illustrating an operation of the management device according to Embodiment 2 when checking a battery. FIG. 10 is a system diagram of an entrance / exit management system according to Embodiment 3. 10 is a functional block diagram illustrating a functional configuration of a management device according to Embodiment 3. FIG. 6 is an external view of a card reader according to Embodiment 3. FIG. 6 is a functional block diagram showing a functional configuration of a card reader according to Embodiment 3. FIG. It is a data conceptual diagram which shows card information. It is a data conceptual diagram which shows occupancy information. It is a data conceptual diagram which shows card reader information. It is a data conceptual diagram which shows zone information. It is a flowchart which shows the operation | movement which concerns on the update of occupancy information in a management apparatus. It is a flowchart which shows the operation | movement which concerns on the update of the firmware of the card reader in a management apparatus. It is a flowchart which shows the operation | movement which concerns on the update of firmware when there exists CR for entrance / exit. It is a flowchart which shows the operation | movement which concerns on the update of the firmware in case antipass back control is implemented. It is a flowchart which shows the operation | movement which concerns on the update of the firmware in the case of implementing route control. It is a flowchart which shows operation | movement of CR concerning the update of firmware.

Explanation of symbols

100 Management devices 111, 112, 113 Gate control devices 121, 122, 123 Doors 131, 132, 133 Electric locks 141, 142, 143, 144, 145, 146 Authentication data reading terminal 210 Gate control device I / F unit 220 Data management Unit 230 authentication data 240 history data 250 battery inspection instruction unit 260 battery inspection schedule 310 communication unit 320 reading unit 330 locking / unlocking unit 340 emergency power unit 341 main power source 342 secondary battery 1000 management device 1001, 1004, 1006, 1008, 1009, 1011, 1013 CR for entering the room
1002, 1007, 1010, 1012, 1014 Exit CR
1003, 1005 CR for entrance / exit
1510 I / F unit 1520 Data management unit 1530 Firmware update unit 1540 Update data acquisition unit 1550 Storage unit 1710 Communication unit 1720 Authentication processing unit 1730 Authentication information acquisition unit 1740 Locking / unlocking unit 1750 Display unit

Claims (16)

An entrance / exit management system comprising a gate control device that performs locking and unlocking of a door for restricting entry / exit to an area subject to entrance / exit control, and a management device that manages the gate control device. There,
The gate control device
A transmission means for transmitting entry / exit information relating to entry / exit of a person to / from a target area that is one area that can be entered / exited by unlocking the own device;
Maintenance execution means for performing maintenance that makes entry into and exit from the target area impossible based on an instruction from the management device;
The management device
Obtaining means for obtaining the entry / exit information;
Detecting means for detecting whether there is a person in the target area based on the entry / exit information;
Determination means for determining whether or not the gate control device may perform the maintenance based on a detection result of the detection means;
An entry / exit management system comprising: an instruction unit that outputs an instruction to perform the maintenance to the gate control device when the determination unit determines that the maintenance may be performed. The gate control device includes an emergency battery that supplies power instead of the main power supply in an emergency, and the maintenance is a battery test of the emergency battery.
The maintenance execution means includes
A receiving unit that receives a battery test execution instruction for discharging the emergency battery for a predetermined time and checking whether the output voltage value of the emergency battery can maintain a constant voltage;
The entrance / exit management system according to claim 1, further comprising: a battery test execution unit that executes the battery test when the reception unit receives the execution instruction. The determination means determines that the battery test may be performed when there is no person in the target area, and determines that the battery test should not be performed when there is a person in the target area. The entrance / exit management system according to claim 1. The target area is provided with another gate control device that performs locking and unlocking of another door that enables entry into and exit from the target area.
The detection means detects whether or not there is a person in the target area based on entry / exit information from the gate control device and the other gate control device,
The determination means is when the detection means detects that there is a person in the target area, and when the instruction means does not instruct the other gate control device to perform a battery test, the gate The entrance / exit management system according to claim 1, wherein it is determined that the battery test of the control device may be performed. The gate control device further includes:
A reading unit for reading the identification information;
Identification information transmitting means for transmitting the read identification information to the management device;
Availability information receiving means for receiving availability information indicating whether or not a person is allowed to enter the target area;
Unlocking means for unlocking the door based on the availability information;
In the case of unlocking during the battery test of the emergency battery, stop means for stopping the battery test,
Display means for displaying information indicating that the battery test was in progress,
The management device further includes:
Identification information receiving means for receiving the identification information;
Authentication information storage means for storing authentication information indicating whether or not to enter / exit the target area in association with identification information;
2. A permission information transmitting unit that transmits permission information indicating whether or not a person corresponding to the identification information can be entered / exited to the gate control device based on the identification information and the authentication information. The entry / exit management system described. The entry / exit room according to claim 4, wherein the display means further displays information on a remaining operation time that can be operated by the emergency battery of the device based on a discharge amount discharged in the battery test. Management system. The management device further includes:
Storage means for storing schedule information indicating timing for instructing the gate control device to execute the battery test;
Based on information on whether or not there was a person in the target area every predetermined time for a predetermined period in the past, a timing at which there would be no person is estimated and the battery test is performed on the gate control device. The entrance / exit management system according to claim 1, further comprising setting means for setting the schedule information. The gate control device further includes:
Storage means for storing a program defining the operation of the gate control device;
Execution means for executing a program stored in the storage means,
The maintenance is updating the program,
The maintenance execution means includes
A receiving unit for receiving an execution instruction for instructing update of the program;
The entrance / exit management system according to claim 1, further comprising: an update unit configured to update the program when the execution instruction is received. The determination unit performs update of the program when there is no person in the target area, and determines not to execute update of the program when there is a person in the target area. 8. The entrance / exit management system according to 8. The gate control device has two types: an entrance area gate control device for entering the target area and an exit area gate control device for exiting the target area,
The entrance / exit management system according to claim 8, wherein the maintenance execution unit updates the program of the entrance area gate control device before the update of the exit area gate control device. The determination unit updates the program of at least one exit area gate control device when there is a person in the target area and the target area includes a plurality of exit area gate control devices. The entry / exit management according to claim 10, wherein it is determined that the update of the program of the gate control device for the exit area other than the one gate control device for the exit area may be executed on the condition that the control is not executed. system. The determination means is a case where there is a person in the target area, and on the condition that the gate control device for the exit area of the target area unlocks the corresponding door, the program of the gate control device for the exit area Determine that the update can be performed,
The entry / exit management system according to claim 10, wherein the instructing unit instructs updating of the program and instructing unlocking of the door. The management device further includes:
Holding anti-passback control information indicating whether or not to execute anti-passback control on the target area;
The entrance / exit management according to claim 12, wherein when the target area is an object of anti-passback control, the instructing unit also instructs to exclude the target area from the target of the anti-passback control. system. The management device further includes:
Holding route control information indicating whether or not to perform route control on the target area;
The entrance / exit management system according to claim 12, wherein the instruction unit also instructs to exclude the target area from the target of route control when the target area is a target of route control. When the gate that the gate control device controls locking / unlocking also restricts entry / exit of people in the adjacent area adjacent to the target area,
The detection means further detects whether there is a person in the adjacent area,
9. The input according to claim 8, wherein the determination unit determines whether or not the maintenance may be performed according to a detection result of whether or not there is a person in the target area and the adjacent area. Exit management system. The management device further includes:
Recording means for recording a time zone in which the person in the target area is present and a time zone in which the person is absent in a predetermined period;
The entrance / exit management system according to claim 8, further comprising: a schedule generation unit that generates a schedule for executing the firmware update in a time zone in which no one is indicated by the recording unit.

Images