JP2010198221A - Cooperative control system and cooperative control device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a cooperative control system for reducing engineering man-hours, and for smoothly performing a setting registration operation even when the construction trader of a room entry/leaving management system and the installation trader of information processing equipment are different. <P>SOLUTION: A cooperative control device 30 in a cooperative control system stores door information acquired by associating multifunction equipment ID as identification information to uniquely specify multifunction equipment 21 and user ID to make the multifunction equipment 21 corresponding to the multifunction equipment ID available and unavailable and the traveling direction in a memory 71. When acquiring an equipment authentication request, the cooperative control device 30 authenticates whether the multifunction equipment 21 is put in an available state by an equipment feedback part 74 based on an equipment authentication request and the door information, and returns the authentication results to the multifunction equipment 21. The multifunction equipment 21 restricts the use of the function in response to the returned authentication results. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention provides a cooperation control system and a cooperation control apparatus that perform user entry / exit and use management of controlled devices in cooperation.

  In companies that frequently handle confidential information or specific departments within the company, leakage of confidential information is prevented in advance by applying an entry / exit management system that manages the entry / exit of workers who handle confidential information. I am doing so.

  In general, an entrance / exit management system uses information that uniquely identifies a user, such as a user ID (IDentification) incorporated in an IC (Integrated Circuit) card given to the user or biometric information (fingerprint, iris, voiceprint, etc.). Security that handles confidential information by unlocking the locked door for entry / exit when personal authentication is performed by the host computer for entrance / exit management and it is authenticated that the user is a registered valid user Management such as permitting entry into the management area.

  In such an entrance / exit management system, it is necessary to perform a user registration operation for registering a valid user before operating the entrance / exit management system. However, since this user registration work is very complicated, various methods for performing easy registration work have been devised (for example, see Patent Documents 1 and 2).

JP-A-6-108717 JP 2009-20864 A

  By the way, the linkage control system links an entrance / exit management system and a device authentication system that manages confidential information. Thereby, the authentication process at the time of entering and leaving the area where confidential information is handled is associated with the authentication process at the start of use of the information processing device after entering the room. According to such a technique, security can be further strengthened by linking the authentication process at the time of entering and leaving the room and the authentication process at the start of use of the information processing device after entering the room. Can be prevented.

  For example, in a general office space, a multi-function device is permanently installed as an information processing device having a composite function such as a copying function, a network printing function, and a facsimile function. In consideration of user convenience, such a multifunction machine is installed not only in a security non-management area that does not handle confidential information but also in a security management area that always handles confidential information.

  The above-described multi-function peripheral can easily print information on a paper medium, or can transfer information to a remote location using a facsimile function. For this reason, the cooperation control system is particularly required to strictly manage the use in a security management area in which confidential information is often handled.

  As described above, when a cooperative control system in which the entrance / exit management system and the device authentication system are linked is constructed, user registration (setting) work for registering a valid user is performed before the cooperative control system is operated and operated. There is a need to do. In addition to user registration work, it is necessary to perform card reader setting registration work used at the time of authentication processing in the entrance / exit management system, and information processing equipment setting registration work installed in each security management area. In particular, in Patent Document 2 described above, based on the room information of the security management area where the information processing device is installed, the door information constituting the security management region and the information processing device installed in the security management region are described. It is necessary to perform an operation for associating information.

  Therefore, if the information processing equipment installer is different from the entrance / exit management system construction contractor, the information processing equipment installation contractor must perform the entry / exit management system It was necessary to obtain room information in the security management area from the contractor. This may lead to an increase in engineering man-hours and setting errors. In addition, when a plurality of sections on the same floor are set as rooms, there is a problem that the work becomes more complicated.

  Therefore, the present invention has been devised to solve the above-described problems, can reduce the setting man-hours of the cooperative control system, and install the entry / exit management system contractor and information processing equipment. It is an object of the present invention to provide a cooperative control system and a cooperative control device that can smoothly perform setting registration work even when they are different from contractors.

  The present invention is used by an entrance / exit control device connected to a traffic control device that controls user traffic for each door installed in a predetermined security space, and a user permitted to pass by the traffic control device. A cooperative control system comprising a controlled device, an entrance / exit control device, and a cooperative control device connected to the controlled device, wherein the entrance / exit control device acquires user information including a user ID from an information storage medium Entry / exit authentication that performs entry / exit authentication processing based on the acquired user ID and transmits the user ID and authentication information acquired by the user information acquisition unit to the cooperative control device A control means for controlling whether or not the passage control device can pass based on the result of the entrance / exit authentication processing by the entrance / exit authentication processing means, and the controlled device is a device user corresponding to the user ID It sends out a device authentication request including the D and device ID to the cooperation control device comprises a device control means for limiting the functions of the controlled device in accordance with the cooperation control device results in the transmitted device authentication processing from. In such a cooperative control system, the cooperative control device includes, for each door whose traffic is controlled by the traffic control device, authentication information that permits the device authentication processing result, and authentication information that prohibits the device authentication processing result, Storage means storing door information corresponding to the device ID, authentication information acquisition means for receiving the authentication information transmitted from the entry / exit authentication processing means and receiving a device authentication request from the device control means, When an authentication request is received, if the authentication information that permits the result of the device authentication process corresponding to the device ID included in the device authentication request has already been received from the entry / exit authentication processing means, the device corresponding to the device ID Notification means for transmitting an authentication processing result permitting the authentication processing result to the controlled device.

  In the present invention, when the cooperation control device receives the authentication information transmitted from the entry / exit authentication processing means, the cooperation control device collates the authentication information with the authentication information stored in the storage means to request a device authentication request. Device status changing means for changing the authentication information to be referred to when receiving the device, and when the notification means receives the device authentication request transmitted from the device control means, the device included in the received device authentication information It may be determined that the authentication information corresponding to the ID permits or disables the result of the device authentication process.

  Furthermore, in the present invention, when the operation mode of the cooperation control device is a setting mode for executing a setting process for setting door information, the cooperation control device acquires the authentication information or the device authentication request acquired by the authentication information acquisition unit. Door information generating means for generating door information based on the information, and the door information generating means stores an authentication processing pattern indicating a procedure for acquiring a user ID and a device ID, and based on the authentication processing pattern. It is desirable to generate first authentication information that permits the result of the device authentication process and second authentication information that prohibits the result of the device authentication process.

  Furthermore, in the present invention, the door information generation means registers the door information in the storage means by combining the authentication information corresponding to the incoming direction, the authentication information corresponding to the backward direction, and the device ID.

  Furthermore, in the present invention, the door information generation means copies the authentication information generated for the device ID of one controlled device as an authentication processing pattern and uses it as information corresponding to the device ID of another controlled device. It is desirable.

  Furthermore, in the present invention, it is desirable that the door information generating means includes an authentication processing pattern for deleting part or all of the door information registered in the storage means from the storage means.

  Furthermore, the present invention provides an entrance / exit control device connected to a traffic control device that controls the user's traffic for each door installed in a predetermined security space, and a user permitted to pass by the traffic control device. It is a cooperative control device connected to the controlled device to be used, and for each door whose traffic is controlled by the traffic control device, authentication information permitting the use of the controlled device and device authentication processing by the controlled device. Storage means for storing door information that associates authentication information that cannot be used with device IDs for each controlled device, and authentication information transmitted from the entrance / exit control device, as well as devices from controlled devices. Authentication information acquisition means for receiving a device authentication request including an ID, and authentication information that permits the result of device authentication processing corresponding to the device ID included in the device authentication request when the device authentication request is received. When it is receiving from the room access authentication processing unit, and a notifying means for sending an authentication processing result to the controlled device to permit the results of the device authentication processing for the device ID.

  According to the present invention, the relationship between the door and the controlled device can be set directly without using the area information where the controlled device exists. Therefore, in this cooperative control system, the engineering man-hours can be reduced, and even if the contractor for entering and leaving the room and the installer for the controlled device are different, the setting registration work can be smoothly performed. .

  In this invention, since the authentication process pattern which shows the procedure which acquires user ID and apparatus ID is memorized when shifting to the setting mode which sets door information, in order to set door information, Since the installer of the controlled device can input information using an actual system without connecting to the system using a PC or the like, the number of engineering steps can be reduced.

  Furthermore, in the present invention, the authentication processing patterns for the incoming direction and the backward direction are registered in the storage means in pairs, so that the authentication processing patterns for the incoming direction and the backward direction can be registered simultaneously. Thus, engineering man-hours can be reduced.

  Furthermore, in the present invention, by having a copy function for copying the door information generated for one controlled device as an authentication processing pattern and registered in the storage means and applying it to other controlled devices, Even when a plurality of controlled devices are installed at the same time, engineering man-hours can be reduced.

  In addition, in the present invention, by having a function of deleting part or all of the door information registered in the storage unit as an authentication processing pattern from the storage unit, the controlled device is temporarily registered by mistake. Even if it is a case, it becomes possible to carry out correction correspondence on-site without using a PC or the like.

It is a figure which shows the structure of the cooperation control system shown as embodiment of this invention. It is a figure which shows a mode at the time of installing the cooperation control system shown as embodiment of this invention in a security management area | region. It is a block diagram which shows the structure of the control unit with which the cooperation control system shown as embodiment of this invention, a multifunction device, and a cooperation control apparatus. (A) is a figure which shows door information, (b) is a figure which shows the table updated by a user's entrance / exit. It is a flowchart for demonstrating the operation | movement which the cooperation control system shown as embodiment of this invention performs.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[Configuration of linkage control system]
First, the structure of the cooperation control system 1 shown as embodiment of this invention is demonstrated using FIG.1 and FIG.2. As shown in FIG. 1, the cooperation control system 1 changes from a low security level area (security non-management area) that does not handle confidential information to a high security level area (security management area) that handles confidential information. The entrance / exit management system 2 for managing entrance / exit of The cooperation control system 1 includes a cooperation control device 30 in which the room entry / exit management system 2 and a multifunction device 21 that is a controlled device installed in a security management area are connected to a communication network such as a LAN (Local Area Network). Are connected to each other. The security management area refers to a predetermined space partitioned by a wall, a door, or the like that is managed by the entrance / exit management system 2 as in the rooms A and B shown in FIG. In the following, “in-room” means being in this security management area.

  The entrance / exit management system 2 includes an entrance card reader 11, an exit card reader 12, and a control unit 13, and performs authentication processing for all users who wish to enter the security management area. Then, the entrance / exit management system 2 permits authentication of only legitimate users registered in advance, and permits entry into the security management area. Further, the entrance / exit management system 2 performs an authentication process on a user who wishes to leave the security management area, and permits the user to leave the security management area. A traffic control device that controls user traffic for each security management area by locking and unlocking between security non-management areas and security management areas or between security management areas of different security levels by electrical action. 14 separated by a door (door).

  Examples of the traffic control device 14 include a flapper gate, an electric lock, a device with a display function using a wireless tag, and the like. The control unit 13 performs authentication processing with the traffic control device 14 by performing, for example, wired communication using a so-called Ethernet (registered trademark) or RS485 cable or wireless communication using infrared rays. Do.

  Specifically, as shown in FIG. 2, the entrance / exit management system 2 contacts or stores information stored in a semiconductor memory of an IC card (Integrated Circuit) 3 owned by the user by an entrance card reader 11. Read without contact. When the entrance / exit management system 2 refers to the user ID in the read information by the control unit 13 and authenticates the user as a valid user, the control unit 13 causes the traffic control device 14 to operate. This unlocks the locked door and allows entry into the security management area.

  Further, when leaving the security management area, the entrance / exit management system 2 reads the above-described information of the IC card 3 by the exit card reader 12 provided in the security management area. The entrance / exit management system 2 operates the traffic control device 14 with the control unit 13 when the control unit 13 authenticates that the user is a valid user. This unlocks the locked door and allows the user to leave the security management area.

  In FIG. 2, the security levels of the security non-management area and the security management area are classified as level 0 (Lv0), level 1 (Lv1), and level 2 (Lv2) in order from the lowest security level. That is, the lowest security level 0 is set as the security non-management area, and the level 1 or higher is set as the security management area. The concept of entering and leaving the room differs depending on whether the security non-management area or the security management area is considered, so in the following, moving from a low security level area to a high area will be referred to as an entrance room. Moving from a high security area to a low area is defined as leaving the room.

  The entrance / exit management system 2 transmits a user ID and authentication information from the control unit 13 to the linkage control device 30 when unlocking or locking the locked door by such an authentication process. This authentication information is a controller ID that uniquely identifies the control unit 13 including the traveling direction information indicating the direction of travel (incoming direction and backward direction) of the user who owns the IC card 3. Here, when the IC card 3 is trapped against the entry card reader 11, authentication information including the entry direction is transmitted as the traveling direction, and when the IC card 3 is trapped against the exit card reader 12, Authentication information including the retreat direction as the travel direction is transmitted. Here, the information indicating the traveling direction may be, for example, a card reader ID that uniquely identifies the entry card reader 11 or the exit card reader 12.

  In the following description, it is assumed that the authentication information transmitted from the control unit 13 to the cooperative control apparatus 30 is a controller ID including the traveling direction information. However, the control unit 13 includes a controller ID including a user ID. May be transmitted as authentication information, and the direction of travel may be determined by the cooperation control device 30. In this case, the cooperation control device 30 may store the user's traveling direction associated with the controller ID in advance, and determine the user's traveling direction based on the received controller ID.

[Configuration of each part]
Next, the configuration of the control unit 13, the multifunction device 21, and the cooperation control device 30 will be described with reference to FIG.

  First, the configuration of the control unit 13 will be described. As shown in FIG. 3, the control unit 13 includes a user information acquisition unit (user information acquisition unit) 51 that acquires information about a user including a user ID, and an authentication processing unit (entrance / exit) that executes user authentication processing. An authentication processing unit) 52 and a control unit (control unit) 53 that controls the traffic control device 14.

  The user information acquisition unit 51 acquires the user ID stored in the IC card 3 read by the entrance card reader 11 or the exit card reader 12 and supplies the user ID to the authentication processing unit 52. The user information acquisition unit 51 is broadly divided into an entry user information acquisition unit 51 a and an exit user information acquisition unit 51 b in order to distinguish between “entrance” and “exit”.

  In the authentication processing unit 52, a valid user ID is registered in advance. When acquiring the user ID supplied from the user information acquisition unit 51, the authentication processing unit 52 compares the user ID registered in advance with the user ID supplied from the user information acquisition unit 51. Then, when the user ID supplied from the user information acquisition unit 51 is a registered user ID, the authentication processing unit 52 authenticates the user as a valid user, and performs “authentication permission”. Is supplied to the control unit 53. On the other hand, if the user ID supplied from the user information acquisition unit 51 is not a registered user ID, the authentication processing unit 52 authenticates the user as an unauthorized user and “authentication is impossible”. Is supplied to the control unit 53. Further, the authentication processing unit 52 is authentication information that is a controller ID including a user ID supplied from the user information acquisition unit 51 and traveling direction information indicating which of the user information acquisition units 51a and 51b has been operated. Is transmitted to the cooperation control device 30.

  The control unit 53 controls the traffic control device 14 based on the authentication result supplied from the authentication processing unit 52. For example, when the traffic control device 14 is an electric lock, the control unit 53 unlocks the electric lock when the authentication result is “authentication successful”, and when the authentication result is “authentication impossible”. Keep the electric lock as it is without unlocking it.

  Next, the configuration of the multifunction machine 21 will be described. The multi-function device 21 is an information processing device having a composite function of finally executing printing on a paper medium such as a copying function, a network printing function, a facsimile function, and a scanner function. As shown in FIG. 2, the multi-function device 21 is installed in the security management area and can be used when the use permission is given by the authentication processing by the cooperation control device 30 (use restriction function). The multi-function device 21 may be installed not only in the security management area but also in the security non-management area.

  Connected to such a multi-function device 21 is a multi-function device card reader 22 that reads information stored in the semiconductor memory of the IC card 3 owned by the user who has moved to the security management area where the multi-function device 21 is installed. (See FIG. 2). The multi-function device card reader 22 reads the device user ID stored in the IC card 3 and transmits a device authentication request including the read device user ID and device ID (multi-function device ID) to the multi-function device 21. . In this description, the user ID read by the entrance / exit management system 2 and the device user ID read by the multi-function device card reader 22 are the same, but they may be different. In this case, the device user ID may be an ID corresponding to the user ID.

  Upon receiving the user ID, the multifunction device 21 transmits a device authentication request including a multifunction device ID (multifunction device information), which is identification information for uniquely identifying itself, to the cooperation control device 30. The multifunction device 21 includes both the user ID and the multifunction device ID as a device authentication request. In response to receiving the device authentication request including the user ID and the MFP ID, the cooperation control apparatus 30 starts an authentication process for granting the use permission to the MFP 21. The MFP ID can be, for example, the IP (Internet Protocol) address of the MFP 21.

  Further, a personal computer (PC) 23 is connected to the multifunction device 21. The user inputs an instruction to use the network printing function, facsimile function, and scanner function of the multifunction device 21 when the multifunction device 21 is permitted to use the multifunction device 21 via the PC 23. be able to.

  Specifically, as illustrated in FIG. 3, the multifunction device 21 includes a device user information acquisition unit 61 that acquires information about the user including a user ID of the user who intends to use the multifunction device 21, and a device A device authentication processing unit 62 that executes use authentication processing and a device control unit 63 that restricts the use of the function of the multifunction device 21 are provided.

  The device user information acquisition unit 61 reads the user ID stored in the IC card 3 of the user after passing through the traffic control device 14 that intends to use the multifunction device 21, which is read by the multifunction device card reader 22. And the user ID is supplied to the device authentication processing unit 62.

  The device authentication processing unit 62 uses the user ID supplied from the device user information acquisition unit 61 and the MFP ID uniquely set in advance in the MFP 21 as a device authentication request to the device control unit 63. Supply.

  The device control unit 63 transmits the device authentication request supplied from the device authentication processing unit 62 to the cooperation control device 30. When the device control unit 63 receives the authentication result of the device authentication process from the cooperation control device 30, if the authentication result is “authentication successful”, the device control unit 63 permits the user to use the multifunction device 21. On the other hand, when the authentication result is “authentication impossible”, the device control unit 63 restricts the use of the function of the multifunction device 21 so as not to permit the use of the multifunction device 21. Thereby, the device control unit 63 functions as a device control means.

  Next, the configuration of the cooperation control device 30 will be described. The cooperation control device 30 controls the use of the multifunction device 21 based on the user authentication state by the entrance / exit management system 2. When the control unit 13 of the entrance / exit management system 2 authenticates the movement to the predetermined security management area and the non-security management area, the cooperation control device 30 determines the predetermined security management area and security of the authenticated user. Update stay status in unmanaged areas. Then, the cooperation control device 30 controls the entrance / exit management system 2 and the multifunction device 21 in cooperation.

  Specifically, the cooperation control device 30 uses the authentication information (controller ID) transmitted from the entrance / exit management system 2 to use the user in the entrance / exit management system 2 such as moving from the non-security management area to the security management area. Understand changes in entrance / exit status of. Then, the cooperation control device 30 determines whether to permit or restrict (including prohibition) the use of the multi-function device 21 according to a change in the user's entry / exit state.

  As shown in FIG. 3, such a cooperation control device 30 includes a storage unit (storage unit) 71 that stores various information, and an authentication information acquisition unit (authentication information acquisition unit) 72 that acquires authentication information (controller ID). A device state changing unit (device state changing unit) 73 that changes the usable state of the multifunction device 21, and a device feedback unit (notifying unit) that returns (feeds back) an authentication processing result to the multifunction device 21 in response to a device authentication request. ) 74 and a door information generating unit (door information generating means) 75 for generating door information.

  The storage unit 71 includes a controller ID including a first passage direction that permits the result of the device authentication process and a second passage direction that disables the result of the device authentication process for each door whose passage is controlled by the passage control device 14. Is stored in the door information in which the controller ID including the machine ID and the multifunction machine ID are associated with each other. Accordingly, the storage unit 71 stores a plurality of pieces of door information corresponding to the number of doors in which the entrance card reader 11 and the exit card reader 12 are installed in the entrance / exit management system 2.

  Specifically, as illustrated in FIG. 4A, in the storage unit 71, a controller ID that sets the device authentication process to “authentication permitted”, a controller ID that sets the device authentication process to “authentication disabled”, and a device Door information including a multifunction machine ID as an ID is stored. Here, the controller ID is information in which an ID for identifying the control unit 13 and “incoming direction or backward direction” as traveling direction information are paired. Therefore, the ID including the traveling direction information transmitted from the entrance / exit management system 2 can be used as the controller ID.

  Such door information does not include the identifier of the security management area in which the multifunction machine 21 is installed. That is, this door information is set regardless of the security management area in which the entrance card reader 11 and the exit card reader 12 are installed in the entrance / exit management system 2. Further, the usable multifunction device 21 and the unavailable multifunction device 21 are directly associated with the door through which the user enters and exits. As will be described later, the door information is set by the installer of the multifunction device 21 when the multifunction device 21 is installed.

  The authentication information acquisition unit 72 acquires the controller ID from the control unit 13 and the device authentication request from the multifunction device 21.

  Communication between the entry / exit management system 2 or the multifunction device 21 and the cooperation control device 30 via the authentication information acquisition unit 72 can use a communication standard such as Ethernet (registered trademark), for example. Further, the communication between the entrance / exit management system 2 or the multifunction device 21 and the cooperation control device 30 via the authentication information acquisition unit 72 is not limited to TCP / IP (Transmission Control Protocol / Internet Protocol) -based communication, but is also non-IP. A field bus or the like can also be used.

  When receiving the controller ID from the control unit 13, the authentication information acquiring unit 72 supplies the controller ID to the device state changing unit 73. On the other hand, when receiving the device authentication request from the multifunction device 21, the authentication information acquisition unit 72 supplies the device authentication request to the device feedback unit 74.

  Moreover, the authentication information acquisition part 72 transfers to setting mode at the time of the setting of door information. The authentication information acquisition unit 72 supplies the received controller ID authentication information and device authentication request to the door information generation unit 75 when the mode is shifted to the setting mode. Note that examples of means for shifting to the setting mode include remote operation via web communication and operation on a physical operation switch.

  The device state changing unit 73 changes the usable state of the multifunction device 21 for the controller ID based on the door information stored in the storage unit 71 during normal operation that is not in the setting mode.

  The device state changing unit 73 receives the controller ID transmitted from the control unit 13. Then, the device state changing unit 73 collates the controller ID including the traveling direction with the controller ID including the traveling direction stored in the storage unit 71. As a result, the controller ID including the traveling direction in the storage unit 71 collated with the controller ID including the received traveling direction is changed to the controller ID including the traveling direction referred to when the device authentication request is received.

  Specifically, when the device state changing unit 73 receives the controller ID including the ID “123456” for identifying the control unit 13 and the traveling direction “ON” shown in FIG. When corresponding to the identified ID “123456” and the traveling direction “On”, the MFP 21 having the device ID “192.168.0.1” shown in FIG. For this reason, as shown in FIG. 4B, the device state changing unit 73 represents the user ID transmitted together with the controller ID in association with the device ID “192.168.0.1” and “available”. Create table data that contains available flags.

  The device feedback unit 74 acquires the MFP ID included in the device authentication request transmitted from the MFP 21, and determines the MFP 21 corresponding to the MFP ID based on the door information stored in the storage unit 71. Authenticates whether it is available. That is, when the device feedback unit 74 receives a device authentication request from the multi-function device 21, the controller includes a user ID and a traveling direction that permit the result of device authentication processing corresponding to the device ID included in the device authentication request. When the ID has already been received from the entry / exit management system 2, an authentication processing result for permitting the result of the device authentication processing for the device ID is transmitted to the multifunction device 21. On the other hand, when the device feedback unit 74 receives the device authentication request, the device feedback unit 74 has already received from the entrance / exit management system 2 the user ID that permits the device authentication processing result corresponding to the MFP ID and the controller ID including the traveling direction. If not, “Authentication not possible” is set. Then, the device feedback unit 74 returns the result of device authentication processing in response to the device authentication request to the multifunction device 21.

  Specifically, when the table data shown in FIG. 4B is created by the device state changing unit 73, a device authentication request including the user ID and the multifunction device ID “192.168.0.1” is issued from the multifunction device 21. Suppose it is received. In this case, the device feedback unit 74 determines whether or not the received user ID and MFP ID “192.168.0.1” are included in the table data shown in FIG. When the user ID and the MFP ID are not included in the table data of FIG. 4B, the result of the device authentication process is set to “authentication impossible”. On the other hand, when the user ID and the MFP ID are included in the table data of FIG. 4B, the available flag registered corresponding to the user ID and the MFP ID is referred to. If the referenced availability flag is “Available”, the result of the device authentication process is “Available”. On the other hand, when the referenced availability flag is “unusable”, the result of the device authentication process is “unusable”. In this way, the device feedback unit 74 generates a result of device authentication processing for the device authentication request based on the user ID whose state has been changed by the device state changing unit 73, and the authentication information acquisition unit 72 sends the result to the MFP 21. Can be sent to.

  The result of the device authentication process is received by the device control unit 63 in the multifunction device 21. If the authentication result is “authentication successful”, the user is permitted to use the multifunction device 21. On the other hand, when the authentication result is “authentication impossible”, the device control unit 63 restricts the use of the function of the multifunction device 21 so as not to permit the use of the multifunction device 21.

  The door information generation unit 75 generates door information based on the controller ID supplied from the authentication information acquisition unit 72 when shifting to a setting mode for setting door information, and stores the generated door information in the storage unit 71. Remember. The door information generation unit 75 stores an authentication processing pattern indicating a procedure for acquiring a controller ID and a multifunction machine ID. In the setting mode, the door information generation unit 75 does not accept the controller ID including the first passage direction (entrance / exit) that permits the result of the device authentication processing and the result of the device authentication processing based on the authentication processing pattern. And a controller ID including the second traffic direction (entrance / exit).

  Specifically, the door information generation unit 75 stores a setting worker authentication process pattern (action pattern) for setting a controller ID for the multifunction device 21. Based on this authentication processing pattern, the door information generation unit 75 generates information indicating whether the MFP 21 can be authenticated or cannot be authenticated for the controller ID. Note that the authentication processing pattern causes the storage unit 71 to register a controller ID that pairs the incoming direction and the backward direction.

  Further, the door information generation unit 75 may have a copy function of copying a controller ID generated for one multifunction device 21 as an authentication processing pattern and registered in the storage unit 71 and applying it to the other multifunction device 21. desirable. Further, the door information generation unit 75 desirably has a function of deleting a part or all of the door information registered in the storage unit 71 as an authentication processing pattern from the storage unit 71. These copy function and delete function will be described later.

[Operation of linkage control system]
In such a cooperative control system 1, processing according to a series of procedures as shown in FIG. 5 is performed under the control of the cooperative control device 30.

  First, the user connected the IC card 3 possessed by the user to the entrance card reader 11 or the exit card reader 12 of any door provided in the room which is the security management area, or to the multifunction device 21. Put it on the card reader 22 for the multifunction machine. In response to this, the control unit 13 or the multi-function device 21 of the entrance / exit management system 2 executes authentication processing of the user ID read from the IC card 3. Then, the entrance / exit management system 2 or the multifunction device 21 transmits a controller ID including the user ID and the traveling direction information or a device authentication request including the user ID and the multifunction device ID to the cooperation control device 30.

  In response to this, the cooperation control device 30 determines to receive a controller ID or a device authentication request from the control unit 13 or the multifunction device 21 in step S1, as shown in FIG.

  In next step S <b> 2, the cooperation control device 30 confirms whether or not the current mode is the setting mode by the authentication information acquisition unit 72. Here, when the cooperation control apparatus 30 is not in the setting mode but in the normal operation state, in step S3, the cooperation control apparatus 30 determines whether or not a mode setting operation has been performed. When the mode setting operation is performed, the cooperation control device 30 shifts the current mode of the cooperation control device 30 to the setting mode in step S4. On the other hand, when the mode setting operation has not been performed, the device feedback using the device status change unit 73 using the controller ID received in step S1 or the device authentication request received in step S1. The result of the device authentication process by the unit 74 is generated. Then, the process returns to step S1.

  On the other hand, if it is determined in step S2 that the current mode is the setting mode, the process proceeds to step S4. In step S5, whether or not the information received in step S1 by the authentication information acquisition unit 72 is the same as the information immediately before received and registered in the storage unit 71 during this setting mode. Check. Here, if the information received in step S1 is the same as the previous registration information, the cooperation control device 30 advances the process to step S6.

  In step S <b> 6, the door information generation unit 75 deletes the target registered information stored in the storage unit 71 or deletes all information registered during the setting mode. That is, in step S5, it is determined whether or not the authentication process pattern indicates that the same controller ID or device authentication request has been continuously received during the setting mode. In the case of this authentication processing pattern, the controller ID or device authentication request input continuously is deleted, or all information registered during the setting mode is deleted. When the authentication processing pattern is determined in step S5 by the user's setting operation, the controller ID or device authentication request that is continuously input is deleted, or all information registered during the setting mode is deleted. The processing can be selected.

  On the other hand, if it is determined in step S5 that the information does not match the information registered immediately before in step S5, it is determined in step S7 whether or not the information received by the authentication information acquisition unit 72 is a controller ID. Check. When the received information is the controller ID, the cooperation control device 30 proceeds to step S9, and otherwise proceeds to step S8.

  In step S9, since the cooperation control apparatus 30 has determined in step S7 that the controller ID has been received in step S1, the MFP ID corresponding to the user ID included in the controller ID received in step S1 is It is confirmed whether or not it is already registered in the storage unit 71 during the setting mode. If the MFP ID is not registered, the cooperation control device 30 has already registered the user ID and the direction of travel (door information) in the storage unit 71 in step S10 in this setting mode. Confirm whether or not.

  And when the door information of an ingress direction is not registered, the cooperation control apparatus 30 acquires controller ID received by the authentication information acquisition part 72 in step S11, and registers this as door information of an ingress direction. Then, the process proceeds to step S1. On the other hand, if the door information in the entry direction has already been registered, the cooperation control device 30 does nothing and shifts the process to step S1. Note that the process of step S10 is not necessarily performed. When the process of step S10 is not performed, the cooperation control device 30 registers the controller ID received by the authentication information acquisition unit 72 as it is in the storage unit 71 as door information for the incoming direction. On the other hand, if the same information has already been registered, nothing is done or overwriting is performed.

  On the other hand, in step S9, if the MFP ID has already been registered in the storage unit 71 in correspondence with the controller ID received in step S1 during the setting mode in step S9, step S10 is performed. The process is transferred to. In step S10, the controller ID received by the authentication information acquisition unit 72 is acquired, registered as door information in the backward direction, and the process proceeds to step S1.

  As described above, when the door information generation unit 75 receives the controller ID from the entry / exit management system 2 during the setting mode, the door information generation unit 75 first registers the controller ID in the entry direction, and then registers the MFP ID. Registers the controller ID in the backward direction. Therefore, the cooperation control device 30 can register door information in which the incoming direction and the backward direction are paired.

  If the information received by the authentication information acquisition unit 72 is not the controller ID in step S7, that is, if the received information is a device authentication request, the cooperation control device 30 proceeds to step S8. Proceed.

  In step S <b> 8, the cooperation control device 30 confirms whether or not the incoming direction controller ID is already registered in the storage unit 71 in this setting mode. If the incoming direction controller ID is not registered, the cooperation control device 30 does nothing and shifts the process to step S1. On the other hand, if the incoming direction controller ID has already been registered, it is checked in step S13 whether or not the multifunction machine ID has already been registered in the storage unit 71 during this setting mode. If the MFP ID is not registered, the cooperation control apparatus 30 acquires the MFP ID from the device authentication request received by the authentication information acquisition unit 72 in step S14, and the MFP ID has already been acquired. Registration is performed in association with the registered controller ID, and the process proceeds to step S1. As a result, the door information generation unit 75 can register the multifunction machine ID in association with the previously registered controller ID of the incoming direction.

  If the multifunction device ID has already been registered in step S13, the cooperation control device 30 proceeds to step S15. In step S <b> 15, the cooperation control device 30 confirms whether the MFP ID included in the device authentication request received by the authentication information acquisition unit 72 matches the MFP ID already registered in the storage unit 71. . Here, when the MFP IDs match, the cooperation control device 30 does nothing and shifts the process to step S1. On the other hand, if the MFP IDs do not match, in step S16, the user ID and the traveling direction corresponding to the MFP ID registered during this setting mode are copied and the newly input MFP is entered. The information is registered in the storage unit 71 in association with the ID, and the process proceeds to step S1. Note that the coordination controller 30 automatically copies and registers the backward controller ID registration processing that occurs after this operation.

  In the cooperative control system 1, according to such a series of procedures, the door (traffic control device 14) and the multifunction device 21 are directly used without using the room information of the security management area where the multifunction device 21 exists. Can be set. Therefore, in the cooperation control system 1, the user ID entry direction input to the entry / exit management system 2, the user ID entry to the multifunction device 21, the user ID entry direction to the entry / exit management system 2 is set. The door information can be generated by the authentication processing pattern (action pattern) of the setting operator in the order of input. Thereby, it is not necessary to collate the room information set in the entrance / exit management system 2 with the room information where the multifunction machine 21 is installed, and the engineering man-hour can be reduced. Even if the installation company of the multifunction device 21 is different, the setting registration work can be performed smoothly.

  In the cooperation control system 1, the user ID stored in the IC card 3 possessed by the user is used. However, the present invention is not limited to this, and the user can be specified uniquely. Therefore, for example, the biometric authentication process is executed by using the biometric information of the user such as fingerprint information or iris information as the ID read by the entrance / exit management system 2 and the ID read by the multifunction machine 21. Good.

  That is, if the user ID is different from the ID included in the device authentication request, a database that associates the user ID and the ID included in the device authentication request may be registered in the cooperation control device 30. good. Thus, when a device authentication request is received after receiving the user ID, the identity of the user can be determined by associating the ID included in the device authentication request with the user ID. Similarly, the above-described operation can be realized by associating the user's biological information such as ID, fingerprint information, and iris information input by the entrance / exit management system 2 and the multifunction device 21.

[Effect of the embodiment]
As described above in detail, the cooperative control system 1 according to the embodiment of the present invention is configured to allow the first authentication direction (on / off) that permits the result of the device authentication process for each door that is controlled by the traffic control device 14. Door information in which the controller ID including “retreat”, the controller ID including the second passage direction (entering, retreating) that makes the result of the device authentication processing impossible, and the device ID are stored. When the cooperation control system 1 receives the controller ID from the entry / exit management system 2 and the device authentication request from the multi-function device 21 by the cooperation control device 30, it refers to the door information and receives the received controller ID. Can be transmitted to the multi-function device 21.

  As described above, according to the cooperation control system 1, the relationship between the door (traffic control device 14) and the multifunction device 21 can be directly established without using the room information of the security management area where the multifunction device 21 exists. Can be set. Therefore, in this cooperative control system 1, it is possible to reduce the number of engineering man-hours, and even if the contractor of the entrance / exit management system 2 and the installer of the multifunction machine 21 are different, the setting registration work can be performed smoothly. It can be carried out. Also, by reducing the room information, the authentication processing time can be shortened and setting errors can be reduced.

  Moreover, according to this cooperation control system 1, when the controller ID transmitted from the entrance / exit management system 2 is received by the cooperation control apparatus 30, the controller ID and the controller ID stored in the storage unit 71 are collated. Then, the controller ID that is referred to when the device authentication request is received is changed. When the cooperation control device 30 receives the device authentication request transmitted from the entry / exit management system 2, the controller ID corresponding to the MFP ID included in the received device authentication request is the result of the device authentication process. Is permitted or not permitted.

  Furthermore, in this cooperation control system 1, when the door information generation part 75 in the cooperation control apparatus 30 shifts to a setting mode for setting door information, the controller ID or device authentication acquired by the authentication information acquisition part 72 is obtained. When generating door information based on a request, an authentication processing pattern indicating a procedure for acquiring a user ID and a device ID is stored, and the result of the device authentication processing is permitted based on the authentication processing pattern. A controller ID and a controller ID that disables the result of the device authentication process are generated. Thereby, according to the cooperation control system 1, in order to set door information, the installer of the multifunction machine 21 can input information using an actual system without connecting to the system using a PC or the like. Therefore, engineering man-hours can be reduced.

  Further, in this cooperative control system 1, the door information generation unit 75 in the cooperative control device 30 registers the authentication processing patterns of the incoming direction and the backward direction in the traffic control device 14 in pairs in the storage unit 71. Is desirable. Thereby, in this cooperation control system 1, it becomes possible to register each authentication process pattern of the incoming direction and the backward direction in the traffic control apparatus 14, and can reduce an engineering man-hour.

  Furthermore, in this cooperation control system 1, the door information generation unit 75 in the cooperation control device 30 copies the door information that is generated for one MFP 21 as an authentication processing pattern and registered in the storage unit 71. It is desirable to have a copy function applicable to other multifunction devices 21. Thereby, in this cooperation control system 1, even if it is a case where the some multifunctional device 21 is installed simultaneously, an engineering man-hour can be reduced.

  Furthermore, in this cooperation control system 1, the door information generation part 75 in the cooperation control apparatus 30 deletes a part or all of the door information registered in the storage part 71 as an authentication processing pattern from the storage part 71. It is desirable to have also. Thereby, in this cooperation control system 1, even if the multifunction device 21 is registered by mistake, it is possible to perform correction on site without using a PC or the like.

  The above-described embodiment is an example of the present invention. For this reason, the present invention is not limited to the above-described embodiment, and various modifications can be made depending on the design and the like as long as the technical idea according to the present invention is not deviated from this embodiment. Of course, it is possible to change.

DESCRIPTION OF SYMBOLS 1 Cooperation control system 2 Entrance / exit management system 3 IC card 11 Entrance card reader 12 Exit card reader 13 Control unit 14 Traffic control device 21 Multifunction machine 22 Multifunction machine card reader 23 PC
DESCRIPTION OF SYMBOLS 30 Coordination control apparatus 51 User information acquisition part 51a User information acquisition part 51a User information acquisition part 51b User information acquisition part 52 Authentication process part 53 Control part 61 User information acquisition part 62 Device authentication process part 63 Device control part 71 Storage part 72 Authentication information acquisition unit 73 Device state change unit 74 Device feedback unit 75 Door information generation unit

Claims (7)

An entrance / exit control device connected to a traffic control device that controls the user's traffic for each door installed in a predetermined security space, and a controlled device used by a user permitted to pass by the traffic control device And a cooperation control system comprising a cooperation control device connected to the entry / exit control device and the controlled device,
The entrance / exit control device includes:
User information acquisition means for acquiring user information including a user ID from an information storage medium;
An entrance / exit authentication processing unit that performs entrance / exit authentication processing based on the acquired user ID and transmits authentication information including the user ID acquired by the user information acquisition unit to the cooperation control device;
Control means for controlling whether or not the passage control device can pass based on a result of the entrance / exit authentication processing by the entrance / exit authentication processing means;
The controlled device is
A device authentication request including a device user ID corresponding to a user ID and a device ID is sent to the cooperation control device, and the function of the controlled device is determined according to the result of device authentication processing transmitted from the cooperation control device. Equipment control means to limit
The cooperation control device
For each door whose traffic is controlled by the traffic control device, a door that associates authentication information that permits the result of the device authentication process, authentication information that disallows the result of the device authentication process, and the device ID. Storage means for storing information;
An authentication information acquisition unit that receives the authentication information transmitted from the entry / exit authentication processing unit and receives a device authentication request from the device control unit;
When receiving the device authentication request, if the authentication information permitting the result of the device authentication processing corresponding to the device ID included in the device authentication request has already been received from the entry / exit authentication processing means, A cooperation control system comprising: notification means for transmitting an authentication processing result permitting the result of the device authentication processing for the device ID to the controlled device. When the cooperation control device receives the authentication information transmitted from the entry / exit authentication processing means, the cooperation control device compares the authentication information with the authentication information stored in the storage means and receives the device authentication request. Device status change means for changing authentication information to be referred to when
When the notification unit receives the device authentication request transmitted from the device control unit, the authentication information corresponding to the device ID included in the received device authentication information permits or disables the result of the device authentication process. The cooperative control system according to claim 1, wherein the cooperative control system is determined. When the operation mode of the cooperation control device is a setting mode for executing a setting process for setting the door information, the cooperation control device responds to the authentication information or the device authentication request acquired by the authentication information acquisition means. Door information generating means for generating the door information based on
The door information generation means stores an authentication processing pattern indicating a procedure for acquiring the user ID and the device ID, and permits the result of the device authentication processing based on the authentication processing pattern. The cooperation control system according to claim 1 or 2, wherein authentication information and second authentication information that disables the result of the device authentication processing are generated.   4. The door information generation unit registers door information in the storage unit by combining authentication information corresponding to an entry direction, authentication information corresponding to a retraction direction, and a device ID. The linkage control system described.   The door information generation means copies authentication information generated for the device ID of one controlled device as the authentication processing pattern and uses it as information corresponding to the device ID of another controlled device. The cooperation control system according to claim 3 or 4.   The said door information production | generation means contains the authentication process pattern which deletes a part or all of the door information registered into the said memory | storage means from the said memory | storage means, Any one of Claim 3 thru | or 5 characterized by the above-mentioned. The linkage control system described in the section. An entrance / exit control device connected to a traffic control device that controls the user's traffic for each door installed in a predetermined security space, and a controlled device used by a user permitted to pass by the traffic control device Connected control device connected to
For each door whose traffic is controlled by the traffic control device, authentication information permitting use of the controlled device, authentication information disabling use of device authentication processing by the controlled device, and for each controlled device Storage means for storing door information corresponding to the device IDs of
Authentication information acquisition means for receiving authentication information transmitted from the entry / exit control device and receiving a device authentication request including a device ID from the controlled device;
When receiving the device authentication request, if the authentication information permitting the result of the device authentication processing corresponding to the device ID included in the device authentication request has already been received from the entry / exit authentication processing means, And a notification means for transmitting to the controlled device an authentication processing result that permits the device authentication processing result for the device ID.

Images