JP2010055204A - Cooperation control system and cooperation controller - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a cooperation control system capable of registering an ID of an IC card as an ID of an IC card for setting, in an item to be set, without getting conscious. <P>SOLUTION: A cooperation controller 30 of this cooperation control system acquires an entrance and exit authentication ID included in entrance and exit information transmitted from an entrance and exit management system 2, by an entrance and exit authentication information acquiring part 33, followed to be authentication-processed, and acquires an equipment authentication ID included in authentication request information from a combined machine 21, by an equipment authentication part 34, followed to be authentication-processed. The cooperation controller 30 holds the entrance and exit authentication ID or the equipment authentication ID acquired by the entrance and exit authentication information acquiring part 33 or the equipment authentication part 34, as an authority changing ID for changing an authority, in an authority changing part 35, under the condition where the entrance and exit authentication ID is preliminarily correlated uniquely with the equipment authentication ID, and imparts a specified authority to the authority changing ID. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a cooperative control system and a cooperative control apparatus that perform joint management of entrance / exit of a security management area and use management of information processing devices installed in a predetermined security management area.

  In companies that frequently handle confidential information or specific departments within the company, leakage of confidential information is prevented in advance by applying an entry / exit management system that manages the entry / exit of workers who handle confidential information. I am doing so.

  In general, an entrance / exit management system uses information that uniquely identifies a user, such as a user ID (IDentification) incorporated in an IC (Integrated Circuit) card given to the user or biometric information (fingerprint, iris, voiceprint, etc.). Security that handles confidential information by unlocking the locked door for entry / exit when personal authentication is performed by the host computer for entrance / exit management and it is authenticated that the user is a registered valid user Management such as permitting entry into the management area.

In such an entrance / exit management system, it is necessary to perform a user registration operation for registering a valid user before operating the entrance / exit management system. However, since this user registration work is very complicated work, various methods for performing easy registration work have been devised (see, for example, Patent Document 1).
JP-A-6-108717

  By the way, by constructing a linkage control system that links such an entrance / exit management system and a network authentication system that manages confidential information, authentication processing at the time of entering / exiting into an area that handles confidential information, A method has been devised for associating with authentication processing at the start of use of a later information processing device. According to such a method, security can be further strengthened by linking the authentication process at the time of entering and leaving the room and the authentication process at the start of use of the information processing device after entering the room, so that leakage of confidential information can be further reduced. Can be prevented.

  For example, in a general office space, a multi-function device is permanently installed as an information processing device having a combination of functions such as a copying function, a network printing function, and a FAX function. In consideration of user convenience, such a multifunction machine is installed not only in a security non-management area that does not handle confidential information but also in a security management area that always handles confidential information.

  The above-described multi-function device can easily print information on a paper medium or transfer information to a remote place using a FAX function, and thus particularly handles confidential information. Strict usage management within the security management area is required.

  As described above, when a cooperative control system in which the entrance / exit management system and the network authentication system are linked is constructed, before the linked control system is operated and operated, other than user registration (setting) work for registering a valid user. In addition, it is necessary to execute a card reader setting registration work used during authentication processing in the entrance / exit management system and a setting registration work of information processing equipment installed in each security management area.

  Such various setting operations have been performed by a Web screen input or a command input using a personal computer or the like by a setting operator on the system operator side, so that the more complicated the input operation becomes, the larger the system becomes. As a result, the burden on the setter increases, and setting errors due to complicated linking settings frequently occur.

  In order to solve such a problem, it is conceivable to perform a setting mode process for performing a setting operation when a specific ID is acquired. A dedicated IC card having a specific ID for setting has the authority to enter and leave the security management area and is owned by the setter. Therefore, if the IC card is lost or stolen, the security management system of the client company may be damaged, and it is necessary to register the specified ID when reissuing the IC card. There was a problem of requiring.

  Therefore, an IC card delivered to the customer company or already owned by the customer company is used as an IC card for setting. However, the IC card of the customer company used at the time of setting has an ID that is a unique value. Since there is a case where the customer company does not know, there is a problem that it cannot be directly registered as an IC card for setting.

  Therefore, the present invention has been devised to solve the above-described problem, and registers the setting item as the ID of the IC card for setting without being conscious of the ID of the IC card. It is an object of the present invention to provide a cooperation control system and a cooperation control apparatus that can perform the above-described operation.

  The cooperative control system according to the present invention uniquely specifies an entrance / exit authentication ID included in the entrance / exit information transmitted from the entrance / exit management system, and a door for entering / exiting the security management area through which the entrance / exit authentication ID has passed. Information is acquired by the entry / exit authentication information acquisition means provided in the cooperation control device, performs authentication processing, and the device authentication ID provided in the authentication request information transmitted from the controlled device includes the device authentication means provided in the cooperation control device. The input / output authentication ID acquired by the input / output authentication information acquisition unit or the device authentication unit in a state where the input / output authentication ID and the device authentication ID are uniquely associated in advance. The device authentication ID is held by the authority changing means provided in the cooperation control device as the authority changing ID for changing the authority, and a specific authority is assigned to the authority changing ID. Azukasuru it is, to solve the problems described above.

  In addition, the cooperative control apparatus according to the present invention uniquely identifies the entrance / exit authentication ID included in the entrance / exit information transmitted from the entrance / exit management system and the entrance / exit door in the security management area through which the entrance / exit authentication ID has passed. The door information to be acquired is acquired by the entry / exit authentication information acquisition means to perform authentication processing, and the device authentication ID included in the authentication request information transmitted from the controlled device is acquired by the device authentication means to perform authentication processing. The authority is changed for the entry / exit authentication ID or the device authentication ID acquired by the entry / exit authentication information acquisition unit or the device authentication unit in a state where the input / output authentication ID and the device authentication ID are uniquely associated in advance. The authority changing means holds the authority changing ID to be performed, and the authority is assigned to the authority changing ID to solve the above-described problem.

  According to the cooperation control system and the cooperation control device according to the present invention, it is not necessary to give a specific authority to a specific IC card, and it becomes possible to give a specific authority to an ID of a general IC card. Therefore, according to the cooperation control system and the cooperation control apparatus according to the present invention, specific authority is given to the item to be set without being conscious of the ID of the IC card, and the setting is registered as the ID of the IC card for setting. can do.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[First Embodiment]
[Configuration of linkage control system]
First, the structure of the cooperation control system 1 shown as 1st Embodiment of this invention is demonstrated using FIG.1 and FIG.2. As shown in FIG. 1, the cooperation control system 1 changes from a low security level area (security non-management area) that does not handle confidential information to a high security level area (security management area) that handles confidential information. An entry / exit management system 2 that manages entry / exit of a device and a multi-function device 21 that is a controlled device installed in a security management area are connected to a communication network such as a LAN (Local Area Network) by a cooperative control device 30. They are connected to each other. Here, the security management area refers to a predetermined space partitioned by walls and doors managed by the entrance / exit management system 2 such as the room A and the room B shown in FIG. . In the following, “in-room” means being in this security management area.

  The entrance / exit management system 2 includes an entrance card reader 11, an exit card reader 12, and a control unit 13, performs authentication processing for all users who wish to enter the security management area, and registers them in advance. Only authorized users are authenticated and allowed to enter the security management area. Further, the entrance / exit management system 2 performs an authentication process on a user who wishes to leave the security management area as necessary, and permits the user to leave the security management area. The security non-management area and the security management area, and the security management areas of different security levels are separated by a door provided with an electric lock that can be locked and unlocked by electric action. .

  Specifically, as shown in FIG. 2, the entrance / exit management system 2 contacts or stores information stored in a semiconductor memory of an IC card (Integrated Circuit) 3 owned by the user by an entrance card reader 11. When the control unit 13 refers to the card ID that is the information to be authenticated among the read information and authenticates that the user is a valid user, the information is locked under the control of the control unit 13. Unlocking the electric lock allows entry into the security management area.

  Further, when leaving the security management area, the entrance / exit management system 2 reads the above-described information of the IC card 3 by the exit card reader 12 provided in the security management area, and determines that the user is a valid user. When 13 authenticates, the user is allowed to leave the security management area by unlocking the locked electric lock under the control of the control unit 13.

  In FIG. 2, the security levels of the security non-management area and the security management area are classified into level 0 (Lv0), level 1 (Lv1), and level 2 (Lv2) in order from the lowest security level. That is, the lowest security level 0 is set as the security non-management area, and the level 1 or higher is set as the security management area. The concept of entering and leaving the room differs depending on whether the security non-management area or the security management area is considered, so in the following, moving from a low security level area to a high area will be referred to as an entrance room. Moving from a high security area to a low area is defined as leaving the room.

  The entrance / exit management system 2 uniquely identifies the IC card 3 among the information stored in the IC card 3 owned by the user when unlocking the locked electric lock by such authentication processing. The control unit 13 transmits a card ID to be performed, a door ID unique to the unlocked door, and information indicating whether to enter or leave the room to the cooperation control device 30 described later. Here, the information indicating whether to enter or leave the room may be indicated by, for example, a device ID that uniquely identifies the entry card reader 11 or the exit card reader 12. In the following description, the door ID and the information indicating whether the room is entered or exited are used as a set. Therefore, when these are collectively referred to, they are simply referred to as door information.

  The multifunction device 21 is an information processing device having a composite function of finally printing on a paper medium, such as a copying function, a network printing function, a FAX function, and a scanner function. As shown in FIG. 2, the multi-function device 21 is installed in the security management area, and can be used when the use permission is given by the authentication processing by the cooperation control device 30 (use restriction function). The multi-function device 21 may be installed not only in the security management area but also in the security non-management area.

  The multifunction device 21 is connected to a multifunction device card reader 22 that reads information stored in the semiconductor memory of the IC card 3 owned by the user who has moved to the security management area where the multifunction device 21 is installed. . The multi-function device card reader 22 reads information stored in the IC card 3, and transmits a card ID, which is authentication information, of the read information to the multi-function device 21.

  Upon receiving this card ID, the multifunction device 21 transmits the card ID to the cooperation control device 30 together with the multifunction device ID (multifunction device information) that is identification information for uniquely identifying itself. In response to receiving the card ID and the MFP ID, the cooperation control apparatus 30 starts an authentication process for granting the use permission to the MFP 21. The MFP ID can be, for example, the IP (Internet Protocol) address of the MFP 21.

  Further, a personal computer (PC) 23 is connected to the multifunction device 21. The user inputs an instruction to use the network printing function, the FAX function, and the scanner function of the multifunction device 21 when the use of the multifunction device 21 is permitted by the cooperation control device 30 via the PC 23. be able to.

  Next, the configuration of the cooperation control device 30 will be described with reference to FIG. As shown in FIG. 3, the cooperation control device 30 includes an entrance / exit information reception I / F (interface) 31, an authentication information transmission / reception I / F (interface) 32, an entrance / exit authentication information acquisition unit 33, and a device authentication unit 34. And an authority changing unit 35, a candidate ID storage unit 36, and a database 37.

  When the control unit 13 of the entrance / exit management system 2 authenticates the movement to the predetermined security management area and the security non-management area, the cooperation control device 30 determines the predetermined security management area and security of the authenticated user. By updating the stay status in the non-management area, it functions as a cooperative control device that controls the entrance / exit management system 2 and the multifunction device 21 in a coordinated manner.

  Specifically, the cooperation control device 30 uses the entrance / exit information transmitted from the entrance / exit management system 2 to enter / exit the user in the entrance / exit management system 2 such as moving from the non-security management area to the security management area. The change of the state is grasped, and it is determined whether or not the use of the multifunction device 21 is permitted according to the change of the user's entry / exit state.

  The entrance / exit information reception I / F 31 is a communication interface for connecting the entrance / exit management system 2 and the cooperation control device 30. Communication between the entry / exit management system 2 and the cooperation control device 30 via the entry / exit information reception I / F 31 can use a communication standard such as Ethernet (registered trademark), for example. Communication between the entrance / exit management system 2 and the link control device 30 via the entrance / exit information reception I / F 31 is not limited to TCP / IP (Transmission Control Protocol / Internet Protocol) -based communication, but a non-IP fieldbus. Etc. can also be used. The cooperation control device 30 receives the entry / exit information including the card ID and the door information transmitted when the user is authenticated by the control unit 13 of the entry / exit management system 2 via the entry / exit information reception I / F 31. To do.

  The authentication information transmission / reception I / F 32 is a communication interface for performing communication between the cooperation control device 30 and the multifunction device 21. Communication between the cooperation control device 30 and the multifunction device 21 via the authentication information transmission / reception I / F 32 can use a communication standard such as Ethernet (registered trademark), for example. Communication between the cooperation control device 30 and the multi-function device 21 via the authentication information transmission / reception I / F 32 is not limited to TCP / IP-based communication, and a non-IP field bus or the like can be used. The cooperation control device 30 receives the authentication request information including the card ID and the MFP ID transmitted as an authentication process request for requesting the start of the authentication process from the MFP 21 via the authentication information transmission / reception I / F 32, The authentication result by the device authentication unit 34 is transmitted to the multifunction device 21.

  The entrance / exit authentication information acquisition unit 33 includes an entrance / exit authentication ID such as a card ID used in the entrance / exit management system 2 included in the entrance / exit information transmitted from the entrance / exit management system 2, and a security management area through which the entrance / exit authentication ID has passed. And door information for uniquely identifying the door for entering and leaving the room. When the entry / exit authentication information acquisition unit 33 refers to the database 37 and determines that the target entry / exit authentication ID is in the target room (security management area), the entrance / exit authentication information acquisition unit 33 is in the target room. Assuming that there is an entry / exit authentication ID, it is stored in the user occupancy state storage unit 37D.

  The device authentication unit 34 includes a device authentication ID such as a card ID read by the multi-function device 21 included in the authentication request information transmitted from the multi-function device 21 and the user presence state of the database 37 using the device authentication ID as a key. The authentication process is executed using the information indicating the user's occupancy state stored in the storage unit 37D, and the authentication result is transmitted to the multifunction device 21. Specifically, when the device authentication unit 34 determines that the request is for use of the multifunction device 21 by a legitimate user authenticated by the entry / exit management system 2 as a result of executing the authentication process, Grant usage permission. Alternatively, in addition to the authentication processing with the information indicating the occupancy status, even if the MFP ID of the authentication request information matches the MFP ID associated with the occupancy status room information, permission to use the MFP 21 may be granted. Good.

  The authority change unit 35 has a function of issuing an instruction to transmit the entry / exit authentication ID and the device authentication ID (card ID) acquired by the entry / exit authentication information acquisition unit 33 or the device authentication unit 34 to the authority change unit 35. When such an instruction is issued, the entry / exit authentication ID or the device authentication ID acquired by the entry / exit authentication information acquisition unit 33 or the device authentication unit 34 is held as the authority change ID, and a specific authority is given to the authority change ID. Specifically, the authority changing unit 35 stores the input / output authentication ID and device authentication ID acquired by the input / output authentication information acquiring unit 33 or the device authentication unit 34 in the setting card information storage unit 37B as the card ID of the setting card. Remember. At this time, the authority changing unit 35 refers to the database 37 and stores both the entry / exit authentication ID and the device authentication ID that are uniquely associated in advance in the setting card information storage unit 37B. Further, the authority changing unit 35 changes authority when detecting that the input / output authentication ID or device authentication ID having a specific pattern has been acquired, and the acquired input / output authentication ID or device authentication ID is used for setting. The card ID of the card may be stored in the setting card information storage unit 37B, so that candidates for changing the authority can be narrowed down and the target ID can be easily specified. . Further, when an operation is performed from the multifunction device 21, the authority changing unit 35 specifies a multifunction device ID that uniquely identifies the multifunction device 21 such as an IP address or a MAC (Media Access Control) address of the multifunction device 21. It can also be stored in the setting card information storage unit 37B.

  The candidate ID storage unit 36 temporarily stores the entry / exit authentication ID and the device authentication ID managed by the authority changing unit 35 as candidate IDs.

  The database 37 is a database that stores various types of information used in the cooperation control device 30. The card information storage unit 37A, the setting card information storage unit 37B, the entry / exit device information storage unit 37C, and the user occupancy state storage Unit 37D, room information storage unit 37E, door information storage unit 37F, and device setting storage unit 37G.

  The card information storage unit 37A is an identification number that uniquely identifies an IC card 3 owned by a user registered in advance using the cooperation control system 1, and stores a card ID that is authentication target information. . This card ID also includes an account ID that is transmitted to the multi-function device 21 when the user operates the PC 23 to use the multi-function device 21. The card ID indicates the above-described entry / exit authentication ID and device authentication ID, and these entry / exit authentication ID and device authentication ID are associated with each other.

  The setting card information storage unit 37B is a process for grasping a change in the entry / exit state in a predetermined security management area or a non-security management area of the user authenticated by the entry / exit management system 2 and an authentication process performed when using the multifunction device 21 The setting used when switching from the operation mode in which the normal process is performed to the setting mode in which the setting process of the database 37 such as registration and deletion of various setting information required in advance for operating the cooperation control system 1 is performed. A setting card ID, which is identification information for uniquely identifying a business card, is stored. The setting card ID is an entry / exit authentication ID or device authentication ID acquired as a setting card ID by the authority changing unit 35, and indicates whether the setting information set in the database 37 is registered in the database 37 or deleted. Is included. That is, the setting cards include a registration setting card used when registering setting information in the database 37 and a deletion setting card used when deleting setting information from the database 37.

  Further, in the setting card information storage unit 37B, when setting door information that needs to be set for each security management area in the setting information, and a multifunction machine ID, a room change for switching a plurality of security management areas is set. A room change card ID, which is identification information for uniquely identifying the card, is also stored.

  The entry / exit device information storage unit 37 </ b> C stores communication setting information of the entry / exit management system 2 to which the cooperation control device 30 is connected.

  The user occupancy state storage unit 37D stores the card ID included in the entry / exit information notified when the door entry state change (closed state → open state) is performed in the entry / exit management system 2, The door information included in the leaving information is stored as a key in association with the security management area where the moved user is currently in the room.

  The room information storage unit 37E stores information related to a room serving as a security management area managed in the cooperation control system 1. The room-related information is configured by distinguishing between the entrance card reader 11 or the exit card reader 12 of a pair of door information (card reader information) installed in the room.

  The door information storage unit 37F stores a door ID, which is information for uniquely specifying each room, that is, a physical door separating the security management area, in association with the security management area. At this time, in the door ID, for example, as the information indicating whether to enter or leave the room, for example, a device ID that uniquely identifies the entry card reader 11 or the exit card reader 12 is also stored in association with each other.

  The device setting storage unit 37G stores an IP address, a multifunction device ID, a password for authentication communication associated with the multifunction device ID, and the like necessary for transmitting / receiving authentication request information from the multifunction device 21. The IP address and the MFP ID can be set as the same value. In addition, the device setting storage unit 37G can be stored in association with the installed room information.

[Operation of linkage control system]
[Normal processing]
In such a cooperative control system, normal processing is performed according to a series of procedures as shown in FIG.

  First, the user puts the IC card 3 possessed by the user into the entrance card reader 11 or the exit card reader 12 of any door provided in a room which is a security management area.

  When the IC card 3 is inserted into the entry card reader 11 or the exit card reader 12, the control unit 13 of the entrance / exit management system 2 executes an authentication process of the card ID read from the IC card 3, and the authentication is performed. As shown in FIG. 4, the entry / exit information including the entry / exit authentication ID (card ID) and the door information is sent to the cooperation control device 30 via the entry / exit information reception I / F 31 in step S1. Send to.

  Subsequently, the entrance / exit authentication information acquisition unit 33 of the cooperation control device 30 acquires the entrance / exit authentication ID and door information from the received entrance / exit room information in step S2, and in step S3, refers to the database 37 to Based on the information, the target entrance / exit authentication ID is registered as the occupancy state or the exit state for the corresponding room, and the series of processing ends.

  In the cooperative control system, processing according to such a series of procedures is normally performed.

[Process for registering input / output authentication ID as setting card ID]
In the cooperation control system, the input / output authentication ID can be registered as a setting card ID under the control of the authority changing unit 35 of the cooperation control device 30. Specifically, in the cooperation control system, the setting card ID is registered according to a series of procedures as shown in FIG.

  First, as shown in FIG. 5, the authority changing unit 35 gives an instruction in advance to transmit the input / output authentication ID acquired by the input / output authentication information acquiring unit 33 to the authority changing unit 35 in step S <b> 11. . The trigger of such an instruction can be performed by a setting operation by the setting person, such as a predetermined user operating a predetermined Web screen displayed on a display screen of a personal computer (not shown) connected to the cooperation control device 30.

  When such an instruction is issued, the entrance / exit authentication information acquisition unit 33 of the cooperation control device 30 receives the entrance / exit authentication ID (card ID) and door information from the control unit 13 of the entrance / exit management system 2 in step S12. In step S13, the entry / exit authentication ID and the door information are acquired from the received entry / exit information, and in step S14, the acquired entry / exit authentication ID is sent to the authority changing unit 35. To send.

  In step S15, the authority changing unit 35 registers the received entry / exit authentication ID in the setting card information storage unit 37B of the database 37 as a setting card ID, and ends the series of processes.

  In the cooperative control system, the entrance / exit authentication ID received from the entrance / exit management system 2 can be registered as a setting card ID under the control of the authority changing unit 35 according to such a series of procedures.

  The authority changing unit 35 does not directly register the received entry / exit authentication ID as the setting card ID in the setting card information storage unit 37B of the database 37, but the received entry / exit authentication ID as the candidate ID. In the case where it is stored in the candidate ID storage unit 36 as a candidate ID, it is temporarily stored in the candidate ID storage unit 36. The candidate ID may be registered in the setting card information storage unit 37B of the database 37 as a setting card ID.

[Process of registering device authentication ID as setting card ID]
Furthermore, in the cooperation control system, the device authentication ID can be registered as a setting card ID under the control of the authority changing unit 35 of the cooperation control device 30. Specifically, in the cooperative control system, the setting card ID is registered according to a series of procedures as shown in FIG.

  First, as shown in FIG. 6, the authority changing unit 35 instructs in advance to transmit the device authentication ID acquired by the device authenticating unit 34 to the authority changing unit 35 in step S <b> 21. As described above, the instruction trigger is also performed by a setting operation by the setting person such as a predetermined user operating a predetermined Web screen displayed on a display screen of a personal computer (not shown) connected to the cooperation control device 30. Can do.

  When such an instruction is issued, the device authentication unit 34 of the cooperation control device 30 transmits authentication request information including a device authentication ID (card ID) and a multifunction device ID from the multifunction device 21 in step S22. In step S23, the device authentication ID and the multifunction device ID are acquired from the received authentication request information. In step S24, the acquired device authentication ID is transmitted to the authority changing unit 35.

  In step S25, the authority changing unit 35 registers the received device authentication ID as a setting card ID in the setting card information storage unit 37B of the database 37, and ends the series of processes.

  In the cooperative control system, the device authentication ID received from the multifunction device 21 can be registered as the setting card ID under the control of the authority changing unit 35 according to such a series of procedures.

  As in the case of the entry / exit authentication ID, the authority changing unit 35 does not directly register the received device authentication ID as the setting card ID in the setting card information storage unit 37B of the database 37, but receives the received device authentication. It is confirmed whether or not the ID is temporarily stored as a candidate ID in the candidate ID storage unit 36. If the ID is not stored, the device authentication ID is temporarily stored as a candidate ID in the candidate ID storage unit 36. On the other hand, if stored, the candidate ID may be registered in the setting card information storage unit 37B of the database 37 as a setting card ID.

[Overall processing operation]
In the cooperation control system that performs the normal process and the registration process of the setting card ID as described above, the setting card ID is set under the control of the cooperation control device 30 according to a series of procedures as shown in FIG. Set in the database 37.

  That is, as shown in FIG. 7, when the cooperation control device 30 receives the entry / exit information or the authentication request information via the entry / exit information reception I / F 31 or the authentication information transmission / reception I / F 32 in step S31, in step S32 Then, it is confirmed whether or not the received information is set to be transmitted to the authority changing unit 35.

  Here, when the received information is not set to be transmitted to the authority changing unit 35, the cooperation control device 30 executes the normal process described above with reference to FIG. 4 in step S33.

  On the other hand, if the cooperation control device 30 is set to transmit the received information to the authority changing unit 35, the entry / exit authentication information acquiring unit is controlled under the control of the authority changing unit 35 in step S34. Based on the entrance / exit authentication ID or the device authentication ID included in the entry / exit information or the authentication request information acquired by the device authentication unit 34 or the device authentication unit 34, the other ID associated in advance is searched and acquired.

  In step S35, the cooperation control device 30 stores the acquired ID in the candidate ID storage unit 36 within a predetermined time period or in response to a predetermined operation under the control of the authority changing unit 35. Confirm whether or not.

  Here, in a case where the acquired ID is not stored in the candidate ID storage unit 36, the cooperation control device 30 sets the target ID as a candidate ID storage unit under the control of the authority changing unit 35 in step S36. 36. On the other hand, when the acquired ID is stored in the candidate ID storage unit 36, the cooperation control device 30 sets the target ID as a setting card ID under the control of the authority changing unit 35 in step S37. The data is stored in the setting card information storage unit 37B of the database 37.

  In the cooperative control system, the setting card ID can be set in the database 37 according to such a series of procedures.

  In the cooperation control system, the setting card ID is stored in the database 37 under the control of the cooperation control device 30 according to a series of procedures as shown in FIG. 8 instead of the series of procedures shown in FIG. It can also be set.

  That is, as shown in FIG. 8, the cooperation control device 30 performs the same processes as steps S31 to S34 in FIG. 7 in steps S41 to S44. When the received control information is set to be transmitted to the authority changing unit 35, the cooperation control device 30 is controlled by the authority changing unit 35 to enter / exit authentication information acquisition unit 33 or device authentication unit. When the other ID associated in advance is retrieved and acquired based on the entrance / exit authentication ID or the device authentication ID included in the entrance / exit information or the authentication request information obtained by 34, the control of the authority changing unit 35 is performed in step S45. The obtained ID is temporarily stored in the candidate ID storage unit 36.

  Thereafter, in step S46, the cooperation control device 30 changes the authority temporarily stored in the candidate ID storage unit 36 in accordance with a predetermined operation by the setter, such as a predetermined user operating a predetermined Web screen. If specified by the unit 35, the target ID is stored in the setting card information storage unit 37B of the database 37 as a setting card ID under the control of the authority changing unit 35 in step S47.

  As described above, in the cooperative control system, by appropriately storing the acquired ID in the candidate ID storage unit 36, it is possible to maintain appropriate security without increasing the number of IDs whose authority is changed indefinitely.

  In the cooperation control system, the card ID stored in the IC card 3 owned by the user is used as the authentication target information. However, the present invention is not limited to this, and the user is uniquely identified. Therefore, for example, the authentication processing may be performed by performing biometric authentication processing using biometric information such as fingerprint information or iris information as authentication target information.

[Effect of the first embodiment]
As described above in detail, in the cooperative control system according to the first embodiment of the present invention, the entrance / exit authentication ID included in the entrance / exit information transmitted from the entrance / exit management system 2 and the entrance / exit authentication ID have passed. The door information that uniquely specifies the door for entering and leaving the security management area is acquired by the entrance / exit authentication information acquisition unit 33 of the cooperation control device 30 to perform authentication processing, and authentication request information transmitted from the multifunction device 21 Can be acquired by the device authentication unit 34 of the cooperation control device 30 to perform the authentication process. In this cooperative control system, the input / output authentication ID or device authentication ID acquired by the input / output authentication information acquisition unit 33 or the device authentication unit 34 in a state where the input / output authentication ID and the device authentication ID are uniquely associated in advance. Is stored as the authority change ID for changing the authority, and the authority changing unit 35 of the cooperation control apparatus 30 assigns a specific authority to the authority changing ID to obtain a setting card ID.

  In such a cooperative control system, it is possible to give a specific authority to an ID of a general IC card without creating an undesirable environment from the viewpoint of security of giving a specific authority to a specific IC card. It becomes. Therefore, in this cooperation control system, a specific authority can be given to an item to be set without being conscious of the ID of the IC card and registered as the ID of the IC card for setting.

  Further, in this cooperative control system, when the authority changing unit 35 of the cooperative control device 30 detects that the input / output authentication ID or device authentication ID having a specific pattern has been acquired, the acquired input / output authentication ID or device By setting the authentication ID as the authority change ID and assigning a specific authority, candidates that become IDs whose authority is to be changed can be narrowed down, so that the target ID can be easily specified.

  Furthermore, in this cooperation control system, only when the authority changing unit 35 of the cooperation control device 30 stores the acquired entry / exit authentication ID or device authentication ID as a candidate ID in the candidate ID storage unit 36, the entry / exit authentication is performed. By assigning the ID or the device authentication ID as the authority change ID and granting the specific authority, it is possible to maintain appropriate security without increasing the ID for changing the authority without limitation.

[Second Embodiment]
Next, a second embodiment of the present invention will be described.

  In the second embodiment, the cooperation control system shown as the first embodiment is improved, and an instruction to change the authority is issued from a multifunction peripheral that is a controlled device. Therefore, in the second embodiment, the same parts as those described in the first embodiment are denoted by the same reference numerals, and detailed description thereof is omitted.

[Configuration and operation of cooperative control system]
[Process of registering device authentication ID as setting card ID]
The cooperative control system 1 shown as the second embodiment of the present invention has the configuration shown in FIGS. Moreover, the cooperation control apparatus 30 is set as the structure previously shown in FIG. In the cooperation control system, the setting card ID is registered according to a series of procedures as shown in FIG. 9 under the control of the authority changing unit 35 of the cooperation control device 30.

  First, as shown in FIG. 9, when the authority changing unit 35 receives an instruction from the multi-function device 21 in step S51 to transmit the authentication request information to the authority changing unit 35, in step S52, the authentication request is issued. The device authentication unit 34 is instructed to transmit information to the authority changing unit 35. At this time, the authority changing unit 35 acquires the MFP ID unique to the MFP 21 that issued the instruction, and stores it in the setting card information storage unit 37B. The instruction from the multifunction device 21 can be performed by communication based on http (Hypertext Transfer Protocol).

  Thereafter, when authentication request information including a device authentication ID (card ID) and door information is transmitted from the multi-function device 21 in step S53, the device authentication unit 34 of the cooperation control device 30 receives the received authentication request in step S54. A device authentication ID and a multifunction device ID are acquired from the information, and the acquired device authentication ID is transmitted to the authority changing unit 35 in step S55.

  In step S56, the authority changing unit 35 stores the device authentication ID in the setting card information storage unit 37B of the database 37 with the device authentication ID as the setting card ID when the received MFP ID matches the operated MFP ID. Register and end the series of processing. That is, the authority changing unit 35 registers only the device authentication ID included in the authentication request information from the multifunction device 21 that issued the instruction as the setting card ID.

  In the cooperative control system, the device authentication ID received from the multifunction device 21 is set based on an instruction from the multifunction device 21 under the control of the authority changing unit 35 according to such a series of procedures. It can be registered as an ID.

  As described above, the authority changing unit 35 does not register the received device authentication ID as the setting card ID as it is in the setting card information storage unit 37B of the database 37, but the received device authentication ID is the candidate ID. Is stored temporarily in the candidate ID storage unit 36. If not stored, the device authentication ID is temporarily stored in the candidate ID storage unit 36 as a candidate ID. If it is, the candidate ID may be registered in the setting card information storage unit 37B of the database 37 as a setting card ID.

[Overall processing operation]
In the cooperation control system that performs the setting card ID registration process as described above, the setting card ID is stored in the database 37 under the control of the cooperation control device 30 according to a series of procedures as shown in FIG. Set.

  That is, as shown in FIG. 10, when there is no operation from the multifunction device 21 to the authority changing unit 35 in step S61, the cooperation control device 30 shifts the processing to step S63 while there is an operation. In step S62, the MFP ID of the MFP 21 that has been operated is acquired and stored in the setting card information storage unit 37B.

  Thereafter, in step S63, when the cooperation control apparatus 30 receives the authentication request information via the authentication information transmission / reception I / F 32, in step S64, the cooperation control device 30 transmits the received information to the authority changing unit 35. Check if it is.

  Here, if the received information is not set to be transmitted to the authority changing unit 35, the cooperation control device 30 executes the normal processing described above with reference to FIG. 4 in step S65.

  On the other hand, in the case where it is set to transmit the received information to the authority changing unit 35, the cooperation control device 30 is controlled by the device authentication unit 34 under the control of the authority changing unit 35 in step S66. Based on the device authentication ID included in the acquired authentication request information, the other ID associated in advance is searched and acquired.

  In step S <b> 67, the cooperation control device 30 confirms the MFP ID of the MFP 21 that has received the target authentication request under the control of the authority changing unit 35, and the MFP ID is for setting. If the device authentication ID is stored in the card information storage unit 37B, it is determined that the device authentication ID is acquired from the designated multifunction device 21, and in step S68, the device authentication ID is used as a setting card ID for setting the database 37. The information is stored in the card information storage unit 37B.

  In this way, in the cooperative control system, the MFP 21 that issued the instruction can be specified, so that the ID for changing the authority can be reliably acquired and set in the database 37 as the setting card ID.

[Effects of Second Embodiment]
As described above in detail, in the cooperative control system according to the second embodiment of the present invention, when a predetermined operation is performed via the multifunction device 21, the authority changing unit 35 of the cooperative control device 30 performs the operation. When a multifunction device ID that uniquely identifies the multifunction device 21 is acquired and it is confirmed that the acquired device authentication ID is transmitted from the multifunction device 21 based on the multifunction device ID, the device authentication is performed. The ID is an authority change ID and a specific authority is given.

  Therefore, in this cooperative control system, since the multifunction device 21 can be specified, an ID for changing the authority can be acquired with certainty.

  The above-described embodiment is an example of the present invention. For this reason, the present invention is not limited to the above-described embodiment, and various modifications can be made depending on the design and the like as long as the technical idea according to the present invention is not deviated from this embodiment. Of course, it is possible to change.

It is a figure which shows the structure of the cooperation control system shown as 1st Embodiment of this invention. It is a figure which shows a mode at the time of installing the cooperation control system shown as 1st Embodiment of this invention in a security management area | region. It is a block diagram which shows the structure of the cooperation control apparatus with which the cooperation control system shown as 1st Embodiment of this invention is provided. 5 is a timing chart for explaining an operation when performing a normal process in the cooperative control system shown as the first embodiment of the present invention. In the cooperation control system shown as 1st Embodiment of this invention, it is a timing chart for demonstrating the operation | movement at the time of registering entrance / exit authentication ID as setting card ID. In the cooperation control system shown as a 1st embodiment of the present invention, it is a timing chart for explaining operation at the time of registering device authentication ID as card ID for setting. It is a flowchart for demonstrating the whole operation | movement of the cooperation control system shown as 1st Embodiment of this invention. It is a flowchart for demonstrating other whole operation | movement of the cooperation control system shown as 1st Embodiment of this invention. It is a timing chart for demonstrating the operation | movement at the time of registering apparatus authentication ID as setting card ID in the cooperation control system shown as 2nd Embodiment of this invention. It is a flowchart for demonstrating the whole operation | movement of the cooperation control system shown as 2nd Embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Cooperation control system 2 Entrance / exit management system 3 IC card 11 Entrance card reader 12 Exit card reader 13 Control unit 21 Multifunction device 22 Multifunction device card reader 30 Cooperation control device 31 Entrance / exit information reception I / F
32 Authentication information transmission / reception I / F
33 entry / exit authentication information acquisition unit 34 device authentication unit 35 authority change unit 36 candidate ID storage unit 37 database 37A card information storage unit 37B setting card information storage unit 37C entrance / exit device information storage unit 37D user occupancy state storage unit 37E room information Storage unit 37F Door information storage unit 37G Device setting storage unit

Claims (5)

An entrance / exit management system that manages entrance / exit of a security management area according to an authentication processing result based on authentication target information that uniquely identifies a user, and a non-control device that is installed in the security management area and has a use restriction function; Are coordinated control systems that cooperate with each other through control by a coordinated control device,
The cooperation control device
Authenticate by acquiring the entrance / exit authentication ID included in the entrance / exit information transmitted from the entrance / exit management system and the door information that uniquely identifies the entrance / exit door of the security management area through which the entrance / exit authentication ID has passed. Entry / exit authentication information acquisition means for processing;
A device authentication ID included in the authentication request information transmitted from the controlled device is acquired and an authentication process is performed, and it is determined that the request is for a use of the controlled device by a legitimate user authenticated by the entry / exit management system. If so, device authentication means for granting permission to the controlled device,
In a state where the entry / exit authentication ID and the device authentication ID are uniquely associated in advance, the entry / exit authentication information or the device authentication ID obtained by the entry / exit authentication information obtaining unit or the device authentication unit, A cooperation control system comprising: an authority change unit that holds an authority change ID for changing an authority and grants a specific authority to the authority change ID. When the authority changing unit detects that the entry / exit authentication ID or the device authentication ID having a specific pattern is acquired, the acquired entry / exit authentication ID or the device authentication ID is used as the authority change ID, and the identification The cooperative control system according to claim 1, wherein the authority is given. Candidate ID storage means for temporarily storing the authority change ID managed by the authority change means as a candidate ID;
The authority changing means changes the authority only when the acquired entry / exit authentication ID or the device authentication ID is stored as the candidate ID in the candidate ID storage means. The linkage control system according to claim 1, wherein the specific authority is given as an ID. The authority changing unit acquires a device ID that uniquely identifies the controlled device when a predetermined operation is performed via the controlled device, and acquires the device authentication ID based on the device ID. When the device is confirmed to be transmitted from the controlled device, the device authentication ID is used as the authority change ID, and the specific authority is given. The linkage control system according to any one of the above. An entrance / exit management system that manages entrance / exit of a security management area according to an authentication processing result based on authentication target information that uniquely identifies a user, and a non-control device that is installed in the security management area and has a use restriction function; Is a cooperative control device provided in the cooperative control system for mutual cooperation,
Authenticate by acquiring the entrance / exit authentication ID included in the entrance / exit information transmitted from the entrance / exit management system and the door information that uniquely identifies the entrance / exit door of the security management area through which the entrance / exit authentication ID has passed. Entry / exit authentication information acquisition means for processing;
A device authentication ID included in the authentication request information transmitted from the controlled device is acquired and an authentication process is performed, and it is determined that the request is for a use of the controlled device by a legitimate user authenticated by the entry / exit management system. If so, device authentication means for granting permission to the controlled device,
In a state where the entry / exit authentication ID and the device authentication ID are uniquely associated in advance, the entry / exit authentication information or the device authentication ID obtained by the entry / exit authentication information obtaining unit or the device authentication unit, A cooperation control apparatus comprising: an authority change unit that holds an authority change ID for changing an authority and grants a specific authority to the authority change ID.

Images