JP2013140462A - Room entry/exit management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve security strength in remote authentication and also improve convenience of a user while properly maintaining a security level required as occasion arises in a whole system.SOLUTION: A room entry/exit management system 100 executes, by switching in accordance with a period of time, first authentication for checking by a controller 2 user identification information on a user entering or exiting a section and determining whether or not the user enters or exits and second authentication for checking by an authenticator the user identification information of the user and determining whether or not the user enters or exits. When the second authentication is performed, if the authenticator, who controls to open a gateway of the section by a remote operation, permits the entry or the exit of the user, before the operation is performed, it is authenticated whether or not the authenticator has the authority to perform the remote operation.

Description

  The present invention relates to an entrance / exit management system for controlling entrance / exit into a predetermined section such as a facility such as a building or an important area in the facility.

  Conventionally, when entering or leaving a predetermined section such as a facility such as a building or an important area within the facility, authentication processing is performed by an authentication device, and the entrance of the section is opened only when authentication is established. Exit management systems are widespread. In such an entrance / exit management system, in order to further improve the security strength, in addition to the authentication processing by the authentication device, a security guard (certifier) performs authentication by visual inspection from a remote location (guard room / guard room, etc.). A technique for performing remote authentication for opening / closing the doorway (opening control) is known. For example, PTL 1 described below uses the personal information including face image data to perform authentication in the authentication device, and determines whether the face image and the face of the person to be authenticated match by visual inspection of the authenticator. Permitted technology is disclosed.

  In addition, in the entrance / exit management system, a technique is known in which the entrance / exit conditions for the section are changed according to the type and time zone of the section. For example, Patent Document 2 below requires authentication of a plurality of persons upon entering a room, and in an entrance / exit management system in which entry is not permitted unless the certifier satisfies the entry conditions, for an area that normally requires two users to enter the room. A technique for permitting even one user to enter a room based on the judgment of a remote administrator is disclosed. Further, in Patent Document 3 below, before temporary confirmation of ID information distributed to a visitor or the like, before the person in charge accepts the visitor, the entrance / exit authority is not set, or security such as an entrance hall is set. There is disclosed a technique that can be restricted to entry to a low-level section, and that allows entry into and exit from another section according to the level that is confirmed for the first time after the identity is confirmed.

JP-A-9-319877 JP 2009-104325 A JP 2011-164675 A

  In the entrance / exit management system according to the above-described prior art, for remote authentication, after the visual authentication by the certifier, the operation of outputting the door opening / closing control signal is permitted from the remote (guard room) to permit entry. However, there is a problem that this operation can be performed by anyone in the security room. For this reason, for example, a new security guard may inadvertently open an entrance, an unauthorized person may open an entrance, or an unauthorized person may perform an opening operation by mistake. The security status cannot be kept high.

  Also, in the unlikely event that an unauthorized intrusion occurs, it is considered effective to improve the security of investigating the certifier who has been allowed to enter the room at a later date. Since there is no remote operation record, there is a problem that investigation may not be possible.

  Furthermore, in the entrance / exit management system according to the prior art, the authentication method at the time of entering the room (for example, authentication only by the authentication device or authentication + authentication by the authentication device) is fixed regardless of the day of the week or the time zone. It is. However, the amount of people entering the section managed by the entrance / exit management system varies greatly depending on the day of the week and the time zone. In addition, the amount of people in the compartment and the person who passes outside the compartment also changes depending on the day of the week and the time zone. For this reason, if a room entry operation (card ID + remote operation) such as authentication + remote authentication by the authentication device is performed during the day when there is a large amount of traffic, there is a possibility that a lot of waiting time will occur before entering the room. There is a problem that there is.

  In particular, in the case of an office building or the like, the number of entrances and exits during the daytime on weekdays is large, but since there are many passers-by and occupants around, it is considered that the security level may be relatively low. On the other hand, although the number of entrances and exits at night and on holidays is small, it is considered that there are almost no people around, so a high security level is required. The entrance / exit management system according to the prior art does not have a function for automatically canceling remote authentication depending on the day of the week or the time of day, so the required security level may not necessarily match the complexity of authentication. There is a point.

  The present invention has been made in view of the above-described problems of the prior art, and while improving the security strength of remote authentication and maintaining the security level required from time to time in the entire system appropriately, An object is to provide an entrance / exit management system capable of improving convenience.

  In order to solve the above-described problem, the entrance / exit management system according to the present invention includes a first authentication for determining whether or not the user can enter and leave the room by collating user identification information of the user entering and exiting the section by the control unit. And a second authenticating unit that verifies the user identification information of the user by an authenticator and determines whether the user can enter or leave the room. The second authenticating unit is configured so that the authenticator is the user. Open / close control means for opening and closing the entrance / exit of the section by remote operation of the certifier, and when the certifier operates the open / close control means, the certifier performs the remote operation. Certifier authenticating means for authenticating whether or not there is an authority.

  According to the entrance / exit management system according to the present invention, the security strength of remote authentication can be improved, and the convenience of the user can be improved while appropriately maintaining the security level required from time to time in the entire system. .

It is a system configuration figure of an entrance / exit management system concerning an embodiment. It is explanatory drawing which shows an example of the schedule according to the time slot | zone of an authentication method. It is a flowchart which shows the procedure of the entrance / exit management process by an entrance / exit management system. FIG. 4 is a sequence diagram showing details of processing in steps S303 to S305 in FIG. 3. It is explanatory drawing which shows an example of the display screen of the face image data in a remote control terminal.

  Exemplary embodiments of an entrance / exit management system according to the present invention will be described below in detail with reference to the accompanying drawings. Note that this embodiment shows an example of an application form of the present invention, and the use of the present invention is not limited to this.

(Embodiment)
(System configuration of the entrance / exit management system 100)
FIG. 1 is a system configuration diagram of an entrance / exit management system 100 according to the embodiment. The entrance / exit management system 100 manages entrance / exit to a predetermined section, for example, a building building or each room in the building. The number of compartments in which the entrance / exit management system 100 performs entrance / exit management is not limited to one and may be plural. For example, entry / exit in each of a plurality of rooms in a building and entry / exit in each building of a plurality of buildings may be managed.

  The entrance / exit management system 100 includes a central monitoring device 1, a control unit 2, a control terminal 3, a monitoring terminal 5, biometric authentication devices 6 and 14, a card reader 7, interphones 8 and 10, a monitoring camera 11, a remote operation terminal 12, a desktop The card reader 13, the registration terminal 15, the imaging device 16, and the biometric information registration device 17 are connected by a network (Internet / Intranet) 4, a telephone line 9, or the like.

  The entrance / exit management system 100 includes a normal authentication unit (first authentication unit) that determines whether the user can enter or leave the room by collating user identification information of the user who enters and leaves the section by the authentication device, and the user by the authenticator. Remote authentication means (second authentication means) for checking whether the user can enter or leave the room by collating user identification information. Among the configurations described above, the normal authentication means is the central monitoring device 1, the control unit 2, the control terminal 3, the biometric authentication device 6, and the card reader 7. The remote authentication means is the central monitoring device 1, the intercoms 8 and 10, the monitoring camera 11, the remote operation terminal 12, the desktop card reader 13, and the biometric authentication device 14.

  In the entrance / exit management system 100, user identification information for identifying a user who enters or exits a compartment (allowed to enter or exit the compartment) is registered in advance. The user identification information in the normal authentication means is, for example, ID information recorded on an ID card held by the user, user finger vein information, or identification information (password or the like) arbitrarily set by the user. The remote authentication means registers user face image data in addition to the above-described user identification information.

  The registration terminal 15, the imaging device 16, and the biological information registration device 17 acquire these pieces of information. The imaging device 16 captures a user's face photo and outputs the face photo data to the registration terminal 15. In addition, the biometric information registration device 17 acquires biometric information such as finger vein information from the user and outputs it to the registration terminal 15. The registration terminal 15 stores information (user information) in which the information is associated with user ID information, name information, affiliation information indicating the department to which the user belongs, information indicating whether or not the user is a special user described later, and the like. Record in the database (DB) 1 a of the monitoring device 1.

  In addition, the registration terminal 15 accepts not only information on users who enter and leave the section, but also information on certifiers (certifier identification information) such as security guards who perform remote operations in remote authentication. The certifier identification information is identification information in an ID card held by an certifier who has been given the authority to operate the remote operation terminal 12 described later, finger vein information of the certifier, and the like. The authenticator identification information registered in the registration terminal 15 is recorded in the database (DB) 1a of the central monitoring device 1.

  The central monitoring device 1 includes a computing device, a storage device, a display output device, and the like, and includes a database (DB) 1a that records user identification information of a user who is permitted to enter and leave the section (permitted user identification information record). means). In this database (DB) 1a, face image data of the user is also recorded in association with the user identification information (face image recording means).

  The central monitoring device 1 records information such as user identification information and entry time of the user who entered the compartment as entry history information. Thereby, it is possible to refer to the entry / exit history information indicating the time when the user entered the section last time, the number of times of entry, and the like. The central monitoring apparatus 1 records the authenticator identification information and operation history information of the authenticator who performed the opening / closing operation in the remote authentication described later (operation recording means).

  The control unit 2 determines whether or not the user identification information acquired by the biometric authentication device 6 and / or the card reader 7 which will be described later matches the user identification information of the user who is permitted to enter and leave the compartment ( Judgment means). The control unit 2 acquires information of a user who is permitted to enter and leave the section from the central monitoring device 1 in advance, and immediately after the user identification information is acquired in the biometric authentication device 6 and / or the card reader 7. The above judgment is made. That is, the control unit 2 is an autonomous distributed control device that can operate even if the central monitoring device 1 is not activated. When the control unit 2 determines that the user identification information matches, the control unit 2 transmits a control signal instructing the control terminal 3 to perform the opening / closing control of the entrance / exit.

  The control terminal 3 is provided at the entrance / exit of the section where the entrance / exit management system 100 manages the entrance / exit, and controls the opening / closing of the entrance / exit by a control signal from the control unit 2 (opening control means) and elapses a predetermined time after opening. Lock the doorway immediately or after passing by a person. Here, the term “opening” means that the doorway that was in the locked state is unlocked, and the compartment can be entered and exited. The control terminal 3 is, for example, an electric lock, an automatic door, a flapper gate, a rotating gate, a parking lot gate, a shutter or the like.

  The biometric authentication device 6 and the card reader 7 are provided in the vicinity of the entrance to the compartment, and acquire user identification information (biometric information and card ID information) that identifies a user who enters and exits the compartment (user identification information acquisition). means). Specifically, the biometric authentication device 6 acquires finger vein information, and the card reader 7 acquires ID information recorded on an ID card. Although not shown, a numeric keypad device may be installed as an acquisition unit, and the user identification information (password or the like) may be input by the user to acquire the user identification information. The biometric authentication device 6 and the card reader 7 are connected to the control unit 2.

  An intercom 8 and a monitoring camera 11 are also provided in the vicinity of the entrance / exit of the section. The intercom 8 is connected to an interphone 10 in a remote place (security room) via a telephone line 9 or the like. Between the intercoms 8 and 10, a conversation can be made in real time. In the present embodiment, the interphones 8 and 10 are used to have a conversation between a user who enters the section and an authenticator in the security room.

  The monitoring camera 11 is installed to remotely confirm / monitor a person near the entrance / exit. That is, the monitoring camera 11 is a face image acquisition unit that acquires a face image of a user who enters and leaves the section. Note that an interphone with a camera or the like may be installed as the interphone 8 and the monitoring camera 11. An image captured by the monitoring camera 11 is displayed on the monitoring terminal 5 in the security room.

  The monitoring terminal 5 is provided in a security room that is remote from the entrance. The monitoring terminal 5 is provided with a display screen, and an image taken by the monitoring camera 11 is displayed. In addition, the monitoring terminal 5 monitors the operation state of the control terminal 3 and other monitoring terminals 5 (not shown). As the monitoring terminal 5, for example, a personal computer can be used.

  In the security room, in addition to the monitoring terminal 5, a remote operation terminal 12, a desktop card reader 13, and a biometric authentication device 14 are provided. The remote operation terminal 12 is a terminal for performing an operation for instructing the opening control of the control terminal 3, and is operated by a guard in the security room. That is, the remote operation terminal 12 is an opening / closing control means for controlling the opening / closing of the section by remote operation when the authenticator permits the user to enter and leave the room.

  The remote operation terminal 12 is provided with a display screen, and the user identification information acquired by the biometric authentication device 6 or the card reader 7 and the database (DB) 1a of the central monitoring device 1 corresponding to the user identification information. The recorded face image data, name information, affiliation information, entry / exit history information, and the like are displayed. That is, the face image data in the database (DB) 1a (face image recording means) associated with the user identification information of the user who enters the section by the display screen of the monitoring terminal 5 and the display screen of the remote operation terminal 12. The display unit displays the face image acquired by the monitoring camera 11 (face image acquisition unit) so that the certifier can visually recognize the face image.

  The authenticator compares the face image displayed in real time on the monitoring terminal 5 with the face image data displayed on the remote operation terminal 12, and determines whether or not they are the same person. When it is determined that the certifier is the same person, remote authentication is executed and the remote operation terminal 12 is operated. The remote operation terminal 12 is connected with a desktop card reader 13 and a biometric authentication device 14 for confirming the remote operation authority of the certifier. Note that either the desktop card reader 13 or the biometric authentication device 14 may be connected to the remote operation terminal 12.

  The ID information read by the desktop card reader 13 (ID information of the ID card held by the authenticator) and the finger vein information of the authenticator read by the biometric authentication device 14 are output to the remote operation terminal 12. The remote operation terminal 12 refers to the certifier identification information recorded in the database of the central monitoring device 1 and determines whether or not the certifier performing this operation is authorized to perform the remote operation. To do. That is, the remote operation terminal 12 determines whether or not the certifier identification information of the certifier matches the certifier identification information to which the authority to perform the remote operation is granted. Allows operation of the means. Thus, the remote operation terminal 12 also has a function of authenticator authentication means for authenticating whether or not the authenticator has the authority to perform remote operation before the authenticator operates the opening / closing control means. Thereby, it is possible to prevent the remote operation of the entrance / exit from being performed by an unauthorized person, and the security strength of the entrance / exit management system 100 can be improved.

  In addition, when performing remote authentication, if there are multiple users entering and leaving the section, in this example, the authenticator collates the user identification information (face image data) for all members and determines whether the user can enter or leave the room. To do. In addition, when entering a room in a predetermined section, it may be confirmed that a plurality of people always enter the room and that the same number of people leave the room when leaving the room. As a result, for example, it is possible to prevent an unauthorized person from entering the compartment with a legitimate user, or to restrict entry into and exit from a more important compartment.

The difference between normal authentication and remote authentication is whether or not an authenticator is present. Usually, authentication is performed without an authenticator, but remote authentication is performed with an authenticator.
Here, the information required for normal authentication and remote authentication is summarized as shown in the following table. Note that the face image data is not information essential for remote authentication, but is used when the certifier checks the user's face to ensure higher security.

(Switching of authentication methods by the entrance / exit management system 100)
In the entrance / exit management system 100, normal authentication and remote authentication can be performed, but in this embodiment, the authentication method to be performed when entering / leaving a section is switched according to a time zone. In other words, the entrance / exit to the section is permitted only when both the authentication period by the normal authentication means and the authentication by the remote authentication means are established when the authentication by the normal authentication means is established and the authentication by the normal authentication means and the authentication by the remote authentication means are established Setting means for setting the time zone is provided. This setting is performed by the central monitoring device 1. When a plurality of entrances / exits are provided in a section, a time zone may be set for each of the plurality of entrances / exits.

  FIG. 2 is an explanatory diagram showing an example of a time-based schedule of the authentication method. FIG. 2 shows an authentication method setting screen 200 in which an entry / exit name 201 to be set, a setting content 202, a registration button 203, and the like are displayed. In the example shown in FIG. 2, the authentication method is set differently for each day of the week and the time zone, and holidays and special days are also set independently. In the setting content 202, in the time zone shown in white, when both normal authentication and remote authentication are established, the doorway indicated by the doorway name 201 is opened. On the other hand, in the setting content 202, the entrance / exit indicated by the entrance / exit name 201 is opened if normal authentication is established in the shaded time zone.

  In other words, in the example shown in FIG. 2, at 6 am to 2 pm on weekdays, 6 am to 12 pm on Saturday, and 6 am to 6 pm on special day (special day) 1, entry / exit is possible only with normal authentication. It is possible, and in other time zones, entry and exit are not possible unless both normal authentication and remote authentication are established. Such setting takes into consideration the number of users who pass through the entrance / exit, the number of passers-by, the number of people in the room, and the like. For example, if an authentication method that requires time such as normal + remote authentication is performed during work hours on weekdays when there are a large number of passers-by, it may cause a lot of waiting time before entering or leaving the room. May have an effect. In particular, in the case of an office building or the like, the number of entrances and exits during the daytime on weekdays is large, but since there are many passers-by and occupants around, it is considered that the security level may be relatively low. For this reason, during normal daytime (operating hours) on weekdays, entry / exit is possible only with normal authentication. On the other hand, although the number of entrances and exits at night and on holidays is small, it is considered that there are almost no people around, so a high security level is required. For this reason, at night and on holidays, it is set so that entry and exit are not possible unless both normal authentication and remote authentication are established.

  In addition, even when both normal authentication and remote authentication are established, the user who permits entry / exit into the section only with normal authentication even in the time period (time indicated by white in FIG. 2) in which the entry / exit into the section is permitted. (Special user) may be settable. In this case, for example, a specific user is set as a special user for each doorway. Thereby, for example, the entrance / exit management system 100 can be smoothly operated, such as enabling a user who normally resides in the room to enter / exit without remote authentication during patrol of the guard.

(Entry / exit management processing by the entry / exit management system 100)
FIG. 3 is a flowchart showing the procedure of the entry / exit management process by the entry / exit management system 100. This process starts when a user entering or leaving the section performs an operation on the card reader 7 or the biometric authentication device 6. In the flowchart of FIG. 3, the entrance / exit management system 100 first refers to the schedule according to the time zone of the authentication method set by the central monitoring apparatus 1 (see FIG. 2), and the current time is the normal authentication and the remote authentication. It is determined whether it is a time zone in which entry / exit into the section is permitted only when both are established, or a time zone in which entry / exit into the section is permitted when normal authentication is established (step S301).

  When it is a time zone in which entry / exit into the section is permitted only when both normal authentication and remote authentication are established (step S301: Yes), the user who enters / exits into the section is guided to the intercom 8 (step S302). The guidance to the intercom 8 is, for example, when a message “Remote authentication is required” or “Please press the intercom” is displayed on the liquid crystal screen provided in the card reader 7 or when an ID card is held over the card reader 7. This is done by outputting an error sound to inform the user that remote authentication is required.

  In addition, the user who enters the room is a special user (a user who allows entry / exit into the section only with normal authentication even in a time zone in which entry / exit into the section is permitted only when both normal authentication and remote authentication are established). In this case, even if the user does not operate the intercom 8 and directly operates the card reader 7 or the biometric authentication device 6, the process proceeds to step S306 without outputting an error sound. Here, whether or not the user who enters the room is a special user is determined based on the user information recorded in the database (DB) 1a of the central monitoring device 1 or the database (DB) of the central monitoring device 1 by the control unit 2. This is performed based on the user information acquired from 1a.

  After guiding to the intercom 8 in step S302, the entrance / exit management system 100 performs remote authentication and normal authentication for the user (step S303). The process in step S303 will be described in detail later with reference to FIG. When the remote authentication and the normal authentication are established (step S304: Yes), the remote opening operation of the entrance / exit by the authenticator is performed (step S305). On the other hand, when the remote authentication and the normal authentication are not established (step S304: No), the process proceeds to step S310 to notify the user that the authentication is not established (step S310).

  In step S301, when it is a time zone in which entry / exit to the section is permitted when authentication by normal authentication is established (step S301: No), the user identification information of the user is obtained by the card reader 7 and the biometric authentication device 6. Is acquired (step S306). The acquired user identification information is transmitted to the control unit 2, and the control unit 2 verifies whether or not it matches the identification information of the user permitted to enter and leave the room (step S307).

  When it coincides with the identification information of the user permitted to enter / exit (step S308: Yes), the control unit 2 transmits a control signal instructing the control terminal 3 to perform the opening / closing control of the entrance (step S309). On the other hand, when it does not correspond with the identification information of the user permitted to enter / exit (step S308: No), the control unit 2 notifies the user that the authentication has not been established (step S310).

  The entry / exit management system 100 records entry / exit history information including the user identification information of the user who has been authenticated this time, whether authentication is possible, the entry time (authentication processing time), and the like in the central monitoring device 1. When the entrance is opened by the operation, the operation history information including the authenticator identification information and the operation time of the authenticator who performed the opening operation of the remote operation terminal 12 is recorded (step S311), and the processing according to this flowchart is performed. finish.

  FIG. 4 is a sequence diagram showing details of the processing in steps S303 to S305 in FIG. In the sequence diagram of FIG. 4, processing in the remote authentication target door side where the user is located, the security room side where the authenticator is located, and processing in the control unit 2 are shown. First, at the remote authentication target door side, the surveillance camera 11 is operating (Step A-1), and the appearance of the user who is going to enter the compartment is photographed. On the security room side, the face image of the user taken by the monitoring camera 11 is displayed on the monitoring terminal 5 (Step B-1). 3 is displayed on the display screen of the monitoring terminal 5 and / or the display screen of the remote control terminal 12 to indicate to the certifier in the security room that the user has been guided to the intercom 8 by step S302 in FIG. Inform. Note that it is not necessary to notify the certifier in the security room that the user has been guided to the intercom 8.

  When the user on the doorway side contacts the security room with the intercom 8 (Step A-2), the authenticator responds on the security room side (Step B-2). At this time, the authenticator instructs the user to read the user identification information from the card reader 7 and / or the biometric authentication device 6. When the user reads the user identification information in response to this instruction (Step A-3), the control unit 2 collates the user identification information (normal authentication) (Step C-1), and the result is the security room side. It is transmitted to the monitoring terminal 5. The user identification information is also transmitted to the remote control terminal 12 on the security room side. At this time, the user identification information may be encrypted and transmitted. The remote operation terminal 12 reads the face image data corresponding to the user identification information from the central monitoring device 1 and displays it on the display screen (Step B-3). Further, the result of normal authentication by the control unit 2 may also be displayed.

  The authenticator compares the face image of the user displayed on the monitoring terminal 5 with the face image data displayed on the remote operation terminal 12, and determines whether or not they are the same person (remote authentication: Step B-4). ). Whether or not they are the same person (face authentication) is generally an automatic authentication method in which features are extracted automatically from face image data captured in advance and the face image captured this time, and automatically identified. Or by security guards. In addition, the certifier may finally determine both of these together.

  As a result of the collation, if the person is the same person (Step B-4: Yes), the authenticator identification information of the authenticator is read from the desktop card reader 13 and / or the biometric authentication device 14 in order to confirm the remote operation authority of the authenticator. It is determined whether or not the remote operation terminal 12 has the authority for remote operation (Step B-5). When there is a remote operation authority (Step B-5: Yes), the opening / closing operation of the entrance / exit by the authenticator is performed (Step B-6). On the entrance / exit side, this opening operation controls the entrance / exit (control terminal 3) so that the user can pass through the entrance / exit (Step A-4). Thereafter, the process proceeds to step S311 in FIG. Note that the processing of Step B-5 takes time if performed each time, and may be performed in advance.

  On the other hand, when the face image displayed at Step B-4 and the face image data are not the same person (Step B-4: No), or when the certifier does not have remote control authority at Step B-5 (Step B-5: No) Therefore, authentication is not established (Step B-7), and the process proceeds to step S310 in FIG. When the displayed face image and face image data are not the same person in Step B-4 (Step B-4: No), the authenticator answers the user with his / her name, company name, affiliation name, etc. via the intercom 8. And check again whether you are the person. As a result, if it can be confirmed with the person, the process proceeds to Step B-5, and if it cannot be confirmed with the person, the certifier goes to the user's place or the employee of the security company contracted on behalf of that person goes to that place. Talk directly to the user to confirm that you are the person.

  FIG. 5 is an explanatory diagram illustrating an example of a display screen of face image data on the remote operation terminal 12. In the display window 101, face image data 104 corresponding to the user identification information acquired by the biometric authentication device 6 or the card reader 7 is displayed. The entrance / exit name display unit 102 displays the name of the entrance / exit to be subjected to the remote authentication this time. When the door change button 103 is pressed, the entry / exit to be displayed can be changed.

  In addition to the face image data 104, the display window 101 includes the user's name information 105, company name information 106, affiliation name information 107, the date and time when the user passed through the entrance / exit last time (the biometric authentication device 6 or the card reader 7 The history information 108 indicating the time when the identification information was acquired is displayed.

  The authenticator compares the information displayed on the display window 101 with the face image displayed on the monitoring terminal 5 to determine whether or not they are the same person. When determining that they are the same person, the authenticator presses the unlock execution button 109 of the display window 101. When the unlock execution button 109 is pressed, a remote operation (remote authentication) dialog 110 is displayed on the display screen of the remote operation terminal 12. In accordance with the remote operation dialog 110, the authenticator holds the owned ID card over the desktop card reader 13 (or biometric authentication device 14). The desktop card reader 13 (or biometric authentication device 14) reads the certifier identification information recorded on the ID card and outputs it to the remote operation terminal 12.

  The remote operation terminal 12 refers to the database of the central monitoring device 1 and determines whether or not the remote control authority is granted to this authenticator. When the remote operation authority is granted, the remote operation terminal 12 outputs an opening control signal to the target entrance and exit, and displays an execution dialog 112 indicating that the opening control has been performed. On the other hand, if the certifier does not have the remote control authority, the error control 111 is displayed without outputting the release control signal.

  As described above, according to the entry / exit management system 100 according to the embodiment, only a pre-registered certifier (remote operation authority) can perform remote operation. It is possible to keep the level high. Specifically, for example, new security guards may inadvertently open an entrance, an unauthorized person may open an entrance, or an unauthorized person may perform an opening operation. Since there is no such thing, unauthorized entry into the compartment can be prevented.

  Further, according to the entrance / exit management system 100, the certifier identification information and operation time of the certifier who performed the remote operation are recorded as operation history information. Can be used to pursue responsibility and prevent recurrence.

  Furthermore, according to the entrance / exit management system 100, since the authentication method performed at the time of entering / exiting a section at each entrance / exit is switched according to the time zone, both the security strength in the entrance / exit and the convenience of the user can be achieved. For example, in a time zone (operation time zone) with a large amount of traffic at the entrance / exit, it is possible to pass only with normal authentication, thereby reducing the waiting time until entering the room. In addition, during times when traffic at the entrance and exit is small (nighttime, holidays, etc.), remote authentication is performed in addition to normal authentication to improve security in an environment where there are few people around and easy to perform fraud. be able to.

  In addition, by making it possible to set a special user who can only pass through normal authentication even during times when remote authentication is required, for example, there is no remote authentication for patrols of users who are normally in the room. The entrance / exit management system can be operated smoothly.

  INDUSTRIAL APPLICABILITY The present invention is effective for an entrance / exit management system that controls entrance / exit to a predetermined section such as a building or an important area in the facility, and in particular, an occupant in an office building or the like depending on a day of the week or a time zone. It is suitable for entrance / exit management systems for facilities where the number and number of passersby fluctuate.

1 Central monitoring device (first authentication means, second authentication means)
2 Control unit (first authentication means)
3 Control terminal (first authentication means)
4 Internet / Intranet 5 Monitoring terminal (second authentication means)
6 Biometric authentication device (first authentication means)
7 Card reader (first authentication means)
8 Intercom (door side) (second authentication means)
9 Telephone line 10 Intercom (security room side) (second authentication means)
11 surveillance camera (second authentication means)
12 Remote operation terminal (second authentication means)
13 Desktop card reader (second authentication means)
14 Biometric authentication device (second authentication means)
DESCRIPTION OF SYMBOLS 15 Registration terminal 16 Imaging device 17 Biometric information registration apparatus 100 Entrance / exit management system

Claims (11)

An entrance / exit management system for managing entrance / exit to a predetermined section,
A first authenticating means for collating user identification information of a user entering and leaving the compartment by the control unit and determining whether or not the user can enter and exit;
A second authenticating unit that verifies the user identification information of the user by an authenticator and determines whether the user can enter or leave the room;
The second authentication means includes
When the certifier permits the user to enter and leave, the open / close control means for controlling the opening / closing of the compartment by remote operation of the certifier,
When the authenticator operates the open / close control means, authenticator authenticating means for authenticating whether or not the authenticator has the authority to perform the remote operation;
An entrance / exit management system comprising:   The certifier authentication means determines whether or not the certifier identification information of the certifier matches the certifier identification information to which the authority to perform the remote operation is granted. The entrance / exit management system according to claim 1, wherein the opening / closing control means can be operated. The second authentication means includes
The operation recording means for recording authenticator identification information of the authenticator who performed the operation and history information of the operation when the open / close control means is operated by the authenticator. The entrance / exit management system according to claim 2. The second authentication means includes
Face image recording means for preliminarily recording face image data of the user in association with the user identification information;
User identification information acquisition means for acquiring the user identification information of the user entering or leaving the section;
Facial image acquisition means for acquiring a facial image of the user entering or leaving the compartment;
The face image data in the face image recording means associated with the user identification information acquired by the user identification information acquisition means and the face image acquired by the face image acquisition means Display means for displaying on a display screen that can be visually recognized,
Determining whether the user can enter or leave the room by allowing the authenticator to determine whether the face image data displayed on the display means and the face image are the same person or not. The entrance / exit management system according to any one of claims 1 to 3. In addition to the face image data of the user, the face image recording means records at least one of the user's name information, affiliation information, and entry / exit history information to the section,
The entrance / exit management system according to claim 4, wherein the display unit displays information recorded in the face image recording unit together with the face image data.   The second authentication means, when there are a plurality of users entering or leaving the section, checks whether or not the user can enter or leave the room by collating the user identification information for all the users. The entrance / exit management system according to any one of claims 1 to 5. The first authentication means includes
Permitted user identification information recording means for recording user identification information of the user permitted to enter and leave the compartment;
User identification information acquisition means for acquiring the user identification information of the user entering or leaving the section;
Determining means for determining whether or not the user identification information acquired by the user identification information acquiring means matches the user identification information recorded in the permitted user identification information recording means;
7. An opening unit that controls opening of the entrance / exit of the section when the determination unit determines that the user identification information matches, 7. The method according to claim 1, further comprising: Entrance / exit management system.   When the authentication by the first authentication means is established, the time zone in which entry / exit into the section is permitted, and the authentication by the first authentication means and the authentication by the second authentication means are both established. The entrance / exit management system according to any one of claims 1 to 7, further comprising setting means for setting a time zone during which entry / exit into the section is permitted. The compartment is provided with a plurality of the entrances and exits,
The entrance / exit management system according to claim 8, wherein the setting means sets the time zone for each of the plurality of entrances.   The setting means performs authentication by the first authentication means even in a time zone in which entry into and exit from the section is permitted when both authentication by the first authentication means and authentication by the second authentication means are established. The entrance / exit management system according to claim 8 or 9, wherein the user who allows entry / exit into the section can be set.   The user identification information is at least one of identification information recorded on an ID card, user finger vein information, and identification information input by a key input operation of the user. The entrance / exit management system according to any one of claims 1 to 10.

Images