JP2014215984A - Authentication program, authentication device, and authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication program, an authentication device and an authentication system, that can achieve authentication service having high convenience.SOLUTION: When a first storage medium issued to a registered user who is registered in user information to be used at the time of use authentication and a second storage medium issued to an unregistered user not registered in the user information are read, an authentication program allows a computer to execute a user information management step of associating the read second storage medium with the registered user allocated to the read first storage medium and updating the user information.

Description

  The present invention relates to an authentication program, an authentication device, and an authentication system.

  Conventionally, a system for managing entrance / exit of facilities is known. Some of these systems have a mechanism (authentication function) that issues temporary authentication cards (hereinafter referred to as “guest cards”) to visitors (guests) and temporarily permits facility use. There is.

  However, in the conventional authentication function, the reception work for visitors is complicated. Usually, a visitor accepts at a predetermined window in the facility. At this time, a guest card is issued to the visitor. At that time, the reception person operates the dedicated terminal and adds information that associates the guest card with the employee corresponding to the visitor (hereinafter referred to as “person in charge”) to the issued guest card. Therefore, it takes time to issue a card in a scene where many visitors are received, and the work is complicated. On the other hand, for example, Patent Document 1 discloses a technique of reading a visitor's business card and adding the read information to the guest card. However, the technique described in Patent Document 1 dynamically adds visitor information to a guest card, does not associate the guest card with the employee in charge, and is related to the card issuing work of the receptionist. It does not reduce the load.

  As described above, with the conventional authentication function, the reception work for the visitor becomes complicated, and a highly convenient authentication service has not been realized.

  The present invention has been made in view of the above, and an object of the present invention is to provide an authentication program, an authentication device, and an authentication system that can realize a highly convenient authentication service.

  In order to solve the above-described problems and achieve the object, an authentication program according to the present invention includes a first storage medium issued to a registered user registered in user information used at the time of use authentication, When the second storage medium issued to an unregistered user that is not registered in the user information is read, the read second storage medium is assigned to the read first storage medium The computer is caused to execute a user information management step for updating the user information in association with the registered user.

  According to the present invention, it is possible to realize a highly convenient authentication service.

FIG. 1 is a diagram illustrating a configuration example of an authentication system according to the first embodiment. FIG. 2 is a diagram illustrating a configuration example of the authentication device according to the first embodiment. FIG. 3 is a diagram illustrating a configuration example of the authentication function according to the first embodiment. FIG. 4 is a diagram illustrating an example of user information data according to the first embodiment. FIG. 5 is a sequence diagram illustrating an example of a processing procedure during authentication according to the first embodiment. FIG. 6 is a flowchart showing an example (part 1) of an association processing procedure between an unregistered user card and a registered user according to the first embodiment. FIG. 7 is a flowchart illustrating an example (part 2) of an association processing procedure between an unregistered user card and a registered user according to the first embodiment. FIG. 8 is a flowchart illustrating an example (part 3) of an association processing procedure between an unregistered user card and a registered user according to the first embodiment. FIG. 9 is a flowchart showing an example (part 4) of an association processing procedure between an unregistered user card and a registered user according to the first embodiment. FIG. 10 is a flowchart illustrating an example of an association processing procedure between an unregistered user card and a registered user according to the first modification. FIG. 11 is a diagram illustrating an example of cache data according to the first modification. FIG. 12 is a sequence diagram illustrating a processing procedure example during authentication according to the second modification. FIG. 13 is a diagram illustrating a configuration example of an authentication system according to the third modification.

  Hereinafter, embodiments of an authentication program, an authentication apparatus, and an authentication system will be described in detail with reference to the accompanying drawings.

[First Embodiment]
<System configuration>
FIG. 1 is a diagram illustrating a configuration example of an authentication system 1000 according to the present embodiment. FIG. 1 shows a typical system configuration example of entrance / exit management introduced into a facility such as a company.

  As shown in FIG. 1, an authentication system 1000 according to the present embodiment includes an authentication device 100, an entrance / exit management device 200, a reading device 300, and the like. In the authentication system 1000, devices are connected to each other via a predetermined data transmission path N (for example, “network”).

  The authentication device 100 is a device that provides an authentication function for performing facility use authentication, and corresponds to an information processing device (for example, “PC: Personal Computer”). The entrance / exit management device 200 is a device that provides an entrance / exit management function for managing entrance / exit of a facility, and corresponds to an information processing device, like the authentication device 100. The reading device 300 is a device that provides a reading function for reading information from a storage medium such as an IC (Integrated Circuit) card, and corresponds to a card reader.

  In a facility that uses the authentication system 1000 according to the present embodiment, a visitor is received in the following procedure. First, the visitor goes to a predetermined window in the facility. At the counter, the receptionist confirms the visitor and hands over the guest card. The guest card handed over at this time has no information associated with the guest card and the employee in charge. That is, the receptionist may operate the dedicated terminal when issuing the card and do not add information to the guest card to be handed over, and may hand any card from a plurality of guest cards prepared in advance to the visitor. The visitor who has completed the reception in this way meets the employee in charge and enters the facility together with the employee in charge.

  At this time, the authentication system 1000 according to the present embodiment provides the following service. First, the reading device 300 reads the guest card of the visitor and the employee card of the employee in charge. The reading device 300 transmits the read card information to the entry / exit management device 200. In response to this, the entrance / exit management device 200 transfers the received card information to the authentication device 100. In response to this, the authentication apparatus 100 associates the guest card with the employee in charge based on the received card information. At this time, if the reading time of the guest card and the employee card is within a predetermined period, the authentication device 100 associates the guest card with the employee in charge. As a result, the authentication apparatus 100 updates the user information used at the time of facility use authentication based on the association result.

<Device configuration>
FIG. 2 is a diagram illustrating a configuration example of the authentication device 100 according to the present embodiment. FIG. 2 shows a configuration example of a general information processing apparatus.

  As shown in FIG. 2, the authentication device 100 according to the present embodiment includes a CPU (Central Processing Unit) 101, a main storage device 102, and the like. The authentication device 100 includes an auxiliary storage device 103, a communication IF (interface) 104, an external IF 105, a drive device 107, and the like. In the authentication apparatus 100, devices are connected to each other via a bus B.

  The CPU 101 is an arithmetic device for realizing control of the entire apparatus and mounting functions. The main storage device 102 is a storage device (memory) that holds programs, data, and the like in a predetermined storage area. The main storage device 102 is, for example, a ROM (Read Only Memory) or a RAM (Random Access Memory). The auxiliary storage device 103 is a storage device having a storage area with a larger capacity than the main storage device 102. The auxiliary storage device 103 is a non-volatile storage device such as an HDD (Hard Disk Drive) or a memory card. Therefore, for example, the CPU 101 reads out programs and data from the auxiliary storage device 103 to the main storage device 102 and executes processing, thereby realizing control and mounting functions of the entire device.

  The communication IF 104 corresponds to, for example, a NIC (Network Interface Card) or the like, and is an interface that connects the apparatus to the data transmission path N. Thereby, the authentication device 100 can perform data communication with the entrance / exit management device 200 and the reading device 300. The external IF 105 is an interface for transmitting and receiving data between the device and the external device 106. The external device 106 includes, for example, a display device (for example, “liquid crystal display”) that displays various types of information such as processing results, an input device (for example, “ten-key”, “keyboard”, or “touch panel”) that receives operation inputs. . The drive device 107 is a control device that writes or reads the storage medium 108. The storage medium 108 is, for example, a flexible disk (FD), a CD (Compact Disk), a DVD (Digital Versatile Disk), or the like.

  As described above, the authentication system 1000 according to the present embodiment can provide an authentication function for performing facility use authentication by associating the guest card of the visitor with the employee in charge when reading the card. it can.

<Authentication function>
An authentication function according to the present embodiment will be described. The authentication apparatus 100 according to the present embodiment includes a registered user card (employee card) of a registered user (employee) and an unregistered user card (guest card) temporarily issued to an unregistered user. When read by the reading device, the unregistered user card is associated with the registered user. At this time, the authentication device 100 assigns the unregistered user card to the registered user card if the read elapsed time until the registered user card and the unregistered user card are read is within a predetermined period. Correspond to registered users. The authentication device 100 according to the present embodiment has such a function.

  In a conventional system, when a card is issued, a reception person operates a dedicated terminal, and information that associates the guest card with the employee in charge is added to the guest card issued to the visitor. Therefore, it takes time to issue a card in a scene where many visitors are received, and the work is complicated. The reason for associating the guest card with the employee in charge is, for example, to realize facility management that manages the usage history of the facility facilities of the visitor (equipment provided in the facility) in association with the employee in charge. .

  Therefore, the authentication function according to the present embodiment is configured to associate the guest card issued to the visitor with the employee in charge at the time of card reading.

  As a result, the authentication function according to the present embodiment provides an environment in which the visitor person in charge associates the visitor's guest card with the employee in charge without operating the dedicated terminal. As a result, the person in charge of the reception can finish the card issuing work by handing an arbitrary card from a plurality of guest cards prepared in advance to the visitor. As described above, with the authentication function according to the present embodiment, the load of accepting work for visitors is reduced, and a highly convenient authentication service can be realized.

  The configuration and operation of the authentication function according to this embodiment will be described below.

  FIG. 3 is a diagram illustrating a configuration example of the authentication function according to the present embodiment. As shown in FIG. 3, the authentication function according to the present embodiment includes a user information management unit 11, an authentication unit 12, an entrance / exit information management unit 21, a reading unit 31, a display unit 32, an entrance / exit information storage unit 91, and A user information storage unit 92 and the like are included. Specifically, the authentication device 100 includes a user information management unit 11, an authentication unit 12, and a user information storage unit 92. Further, the entrance / exit management device 200 includes an entrance / exit information management unit 21 and an entrance / exit information storage unit 91. The reading device 300 includes a reading unit 31 and a display unit 32. In the following description, each of the functional units will be described according to the operation order of the authentication function according to the present embodiment.

<< Function of Reader 300 >>
The reading unit 31 reads a registered user card or an unregistered user card. The reading unit 31 acquires card information as a reading result. The card information acquired at this time includes, for example, card identification information for identifying the card and user identification information for identifying the user. The reading unit 31 transmits the acquired card information (read information) to the entrance / exit management device 200. The registered user card according to the present embodiment is a card (registered user storage medium; first storage) that is issued to a registered user who is permitted to use the facility in advance and is registered in the user information. Medium), for example, an employee card. On the other hand, the unregistered user card according to the present embodiment is a card issued to an unregistered user who is temporarily permitted to use the facility and is not registered in the user information (storage medium for unregistered users). A second storage medium), for example, a guest card.

  The display unit 32 displays various information of the registered user card or the unregistered user card. The information displayed at this time includes, for example, card information and a use authentication result based on the card information.

<< Function of Entrance / Exit Management Device 200 >>
The entrance / exit information management unit 21 manages entrance / exit information for recording the entrance / exit of the user. The entrance / exit information includes entrance / exit date / time information indicating the entrance / exit date / time of the facility, and is stored in the entrance / exit information storage unit 91. The entrance / exit information storage unit 91 corresponds to, for example, a predetermined storage area of a storage device included in the entrance / exit management device 200. For example, when the card information is received from the reader 300, the entrance / exit information management unit 21 accesses the entrance / exit information storage unit 91, records the reception date / time of the card information as the entrance / exit date / time information, and updates the entrance / exit information. At this time, the entry / exit information management unit 21 records date / time information indicating the date / time of entering or leaving the facility for each user based on the user identification information included in the card information. When the entry / exit information management unit 21 updates the entry / exit information, the entry / exit information management unit 21 transfers the card information received from the reading device 300 to the authentication device 100.

<< Function of Authentication Device 100 >>
The user information management unit 11 manages user information for registering users who are permitted to use the facility in advance. User information is held in the user information storage unit 92. The user information storage unit 92 corresponds to a predetermined storage area of a storage device provided in the authentication device 100, for example.

  FIG. 4 is a diagram illustrating a data example of the user information 92D according to the present embodiment. As shown in FIG. 4, the user information 92D according to the present embodiment has information items such as card identification, user identification, and expiration date, and item values of the information items are associated with each other. The card identification item is an information item for registering and holding card identification information, and the item value is an ID (card identifier) uniquely assigned to the card, such as an employee card ID. The user identification item is an information item for registering and holding user identification information, and the item value is an ID (user identifier) uniquely assigned to the user, such as an employee ID. is there. The expiry date item is an information item for registering / holding expiry date information indicating the expiry date of a card that can be used for use authentication, and the item value is an expiry date assigned to the card, such as date and time, for example. Date and time.

  Returning to the description of FIG. When the user information management unit 11 accepts the setting value of each information item via, for example, a predetermined GUI (Graphical User Interface), the user information management unit 11 accesses the user information storage unit 92 and uses the received setting value as the user information. It is registered as an item value of each information item of 92D.

  In addition, when receiving the card information from the entrance / exit management device 200, the user information management unit 11 associates the unregistered user card with the registered user and updates (registers) the user information 92D. Therefore, the user information management unit 11 includes a determination unit 111 and an association unit 112.

  The determination unit 111 determines whether the card user is a registered user or an unregistered user. The determination unit 111 searches the user information 92D based on the user identification information included in the card information received from the entry / exit management device 200, and obtains a determination result of whether the user is registered from the search result. As a result, the user information management unit 11 executes a process of associating the unregistered user card with the corresponding registered user based on the determination result of the determination unit 111. The user information management unit 11 performs user confirmation by the determination unit 111.

  The associating unit 112 associates an unregistered user card with a registered user. The associating unit 112 associates the unregistered user card with the registered user determined by the determining unit 111 based on the reading date / time of the unregistered user card and the reading date / time of the registered user card. Specifically, the associating unit 112 calculates the elapsed reading time until the registered user card and the unregistered user card are read from the read date and time of the registered user card and the read date and time of the unregistered user card. calculate. The associating unit 112 associates an unregistered user card with a registered user when the calculated elapsed reading time is within a predetermined period. There are mainly two reading elapsed times at this time. Specifically, these are the elapsed reading time from reading the unregistered user card to reading the registered user card, and the elapsed reading time from reading the registered user card to reading the unregistered user card. The associating unit 12 calculates at least one of these elapsed reading times. The predetermined period indicates a period set in advance for associating an unregistered user card with a registered user, and corresponds to time information indicating a range of the period, for example, the number of seconds. . The card reading date and time corresponds to the reception date and time when the card information is received from the entry / exit management device 200.

  As a result, the user information management unit 11 updates the user information 92D based on the association result by the association unit 112. Specifically, the user information management unit 11 updates the user information 92D as shown in FIG.

  FIG. 4A shows a data example of the user information 92D before the association, and FIG. 4B shows a data example of the user information 92D after the association. FIG. 4B shows a visitor (unregistered user) who has received a guest card (unregistered user card) with a card ID: “C0111” and an employee in charge with a user ID: “U0001” ( An example of entering the facility with registered users) is shown. In this case, the user information management unit 11 uses the card information of the employee card (registered user card) read by the determination unit 111 to register and use the employee in charge of the user ID “U0001” assigned to the employee card. A determination result is obtained. In response to this, the user information management unit 11 uses the association unit 112 to read the employee card and read the guest card with the card ID “C0111” read within a predetermined period of time to the user assigned to the employee card. A result associated with the employee in charge of ID: “U0001” is obtained. As a result, the user information management unit 11 newly registers the card ID “C0111” of the guest card as the card identification information of the user information 92D based on the association result. The user information management unit 11 registers the user ID “U0001” of the employee in charge as the user identification information of the user information 92D in association with the card identification information of the registered guest card. Also, the user information management unit 11 registers a value “1 day” indicating that the expiration date of the card is one day as the expiration date information in association with the card identification information of the registered guest card. The user information management unit 11 updates such user information 92D based on the result of the association unit 112. Thereby, the user information 92D is updated to the content in which the guest card of the visitor is associated with the employee in charge when the card is read.

  The authentication unit 12 performs facility use authentication for the user. Based on the card information received from the entrance / exit management device 200, the authentication unit 12 determines whether or not the card user is registered in the user information 92D, confirms authentication information (for example, “password”, etc.), and the like. And use authentication from the confirmation result. The authentication unit 12 transmits the use authentication result to the reading device 300 via the entrance / exit management device 200. As a result, in the reading device 300, the use authentication result is displayed on the display unit 32.

  As described above, the authentication function according to the present embodiment is realized by software implementation. Specifically, in each device included in the authentication system 1000, a program (authentication program) that realizes an authentication function is executed, and the above-described functional units perform a cooperative operation.

  For example, when the authentication apparatus 100 is an execution environment, the program is stored and provided in a storage medium 108 readable by the authentication apparatus 100 (computer) in a file that can be installed or executed. The program has a module configuration including the above-described functional units, and the functional units are generated on the RAM of the main storage device 102 when the CPU 101 reads the program from the storage medium 108 and executes the program. Note that the program providing method is not limited to this. For example, the program may be stored in a device connected to the Internet or the like and downloaded via the communication IF 104 via the data transmission path N. The program providing method may be a method of providing the program by incorporating it in advance in the ROM of the main storage device 102 or the HDD of the auxiliary storage device 103.

  Hereinafter, processing at the time of program execution according to the present embodiment (cooperation operation of each functional unit) will be described with reference to a sequence diagram and a flowchart.

《Authentication processing》
FIG. 5 is a sequence diagram illustrating an example of a processing procedure during authentication according to the present embodiment. FIG. 5 shows a processing example when a guest card corresponding to an unregistered user card is read after reading an employee card corresponding to a registered user card (hereinafter referred to as “authentication scene 1”). ing.

<Processing of authentication scene 1>
As shown in FIG. 5, first, the reading device 300 reads a registered user card (employee card) by the reading unit 31 (step S11). Thereafter, the reading device 300 transmits the card information of the registered user card acquired as a reading result to the entrance / exit management device 200 (step S12).

  In response to this, the entrance / exit management device 200 records the entrance / exit information of the registered user (employee) by the entrance / exit information management unit 21 (step S13). At this time, the entry / exit information management unit 21 records the reception date / time of the card information of the registered user card as the entry / exit date / time information of the registered user, and updates the entry / exit information. Thereafter, the entrance / exit management device 200 transfers the card information of the registered user card to the authentication device 100 (step S14).

  In response to this, the authentication apparatus 100 performs data processing of the user information 92D by the user information management unit 11 based on the card information of the registered user card (step S15). At this time, since the card associated with the registered user has not been read, the user information management unit 11 temporarily stores the card information of the registered user card in a predetermined storage area (caches it on the memory). The temporarily held card information is erased under the following conditions. For example, there are cases where an unregistered user card is not associated with a registered user, or a predetermined time has elapsed.

  Further, the reading device 300 reads an unregistered user card (guest card) by the reading unit 31 (step S16). Thereafter, the reading device 300 transmits the card information of the unregistered user card acquired as the reading result to the entrance / exit management device 200 (step S17).

  In response to this, the entrance / exit management device 200 records the entrance / exit information of the unregistered user (visitor) by the entrance / exit information management unit 21 (step S18). At this time, the entry / exit information management unit 21 records the reception date / time of the card information of the unregistered user card as the entry / exit date / time information of the unregistered user, and updates the entry / exit information. Thereafter, the entrance / exit management device 200 transfers the card information of the registered user card to the authentication device 100 (step S19).

  In response to this, the authentication apparatus 100 performs data processing of the user information 92D by the user information management unit 11 based on the card information of the unregistered user card (step S20). At this time, since the card associated with the registered user is read, the user information management unit 11 is based on the card information of the unregistered user card and the card information of the registered user card that is temporarily held. Associate unregistered user cards with registered users. As a result, the user information management unit 11 updates the user information 92D based on the association result.

  Hereinafter, in the authentication scene 1, the association processing between the unregistered user card and the registered user by the user information management unit 11 (detailed processing in steps S15 and S20) will be described.

<< Data Processing of User Information 92D in Authentication Scene 1: Part 1 >>
FIG. 6 is a flowchart showing an example (part 1) of an association processing procedure between an unregistered user card and a registered user according to the present embodiment.

  As shown in FIG. 6, the user information management unit 11 receives card information from the entrance / exit management device 200 (step S101). In response to this, the determination unit 111 of the user information management unit 11 searches the user information 92D stored in the user information storage unit 92 based on the user identification information included in the received card information (step S102). ). The determination unit 111 determines whether the card user is a registered user from the search result (step S103).

  As a result, when the determination unit 111 determines that the card user is a registered user (step S103: YES), the user information management unit 11 determines that the received card information is the registered user card reading information (first information). 1 reading information). As a result, the user information management unit 11 temporarily holds the card information of the registered user card (step S104). Thereby, the authentication device 100 caches the card information of the employee card of the employee in charge read immediately before the guest card of the visitor on the memory.

  On the other hand, when the determination unit 111 determines that the card user is an unregistered user (step S103: NO), the user information management unit 11 receives the unregistered user card read information (NO in step S103). Second reading information). As a result, the associating unit 112 of the user information managing unit 11 associates the unregistered user card with the registered user assigned to the registered user card read immediately before the unregistered user card (step S105). . At this time, the user information management unit 11 updates the user information 92D as follows based on the association result. The user information management unit 11 includes the card identification information of the unregistered user card included in the received card information (second reading information) and the registered user's information included in the temporarily held card information (first reading information). The user identification information is registered in association with each other, and the user information 92D is updated. As a result, the authentication apparatus 100 associates the guest card read immediately after the employee card with the employee in charge of the employee card read immediately before.

<< Data Processing of User Information 92D in Authentication Scene 1: Part 2 >>
FIG. 7 is a flowchart showing an example (part 2) of an association processing procedure between an unregistered user card and a registered user according to the present embodiment. The difference from the processing example shown in FIG. 6 is that the unregistered user card is determined based on the determination result whether the elapsed time until the unregistered user card and the registered user card are read is within a predetermined period. It is a point to associate with registered users.

  As shown in FIG. 7, the user information management unit 11 receives card information from the entry / exit management device 200 (step S201). In response to this, the determination unit 111 of the user information management unit 11 searches the user information 92D stored in the user information storage unit 92 based on the user identification information included in the received card information (step S202). ). The determination unit 111 determines whether the card user is a registered user from the search result (step S203).

  As a result, if the determination unit 111 determines that the card user is a registered user (step S203: YES), the user information management unit 11 determines that the received card information is the registered user card reading information (first information). 1 reading information). As a result, the user information management unit 11 temporarily holds the card information of the registered user card (step S204). As a result, the authentication device 100 caches the card information of the employee card of the employee in charge read before the visitor's guest card on the memory.

  On the other hand, when the determination unit 111 determines that the card user is an unregistered user (step S203: NO), the user information management unit 11 receives the unregistered user card read information (NO in step S203). Second reading information). As a result, the associating unit 112 of the user information managing unit 11 has a read elapsed time T from reading a registered user card to reading an unregistered user card within a predetermined period (T ≦ X [seconds]). Whether or not (step S205). At this time, the associating unit 112 calculates the reading elapsed time T based on the reading date / time of the registered user card and the reading date / time of the unregistered user card.

  When the association unit 112 determines that the elapsed reading time T is within the predetermined period (step S205: YES), the associating unit 112 converts the unregistered user card into a registered user card read before the unregistered user card. Corresponding to the assigned registered user (step S206). At this time, the user information management unit 11 updates the user information 92D as follows based on the association result. The user information management unit 11 includes the card identification information of the unregistered user card included in the received card information (second reading information) and the registered user's information included in the temporarily held card information (first reading information). The user identification information is registered in association with each other, and the user information 92D is updated. As a result, the authentication apparatus 100 associates the guest card read after the employee card with the employee in charge of the employee card read earlier.

  In addition, when the associating unit 112 determines that the read elapsed time T has exceeded a predetermined period (step S205: NO), the user information management unit 11 sets the unregistered user card to the registered user. Do not associate. Usually, a visitor enters a facility together with an employee in charge. For this reason, if the reading elapsed time T from reading the employee card to reading the guest card is long, the employee of the employee card that was read first corresponds to the employee (responsible for the guest card visitor read later) There is a high possibility that it is not an employee. Therefore, the user information management unit 11 assigns the guest card to the employee card read first when the read elapsed time T from reading the employee card to reading the guest card is longer than a predetermined period X [seconds]. It does not correspond to the employee who was given.

  As described above, the authentication device 100 according to the present embodiment associates the guest card with the employee in charge of the employee card read before the guest card when the employee card of the employee in charge and the guest card of the visitor are read in this order. .

<< Processing other authentication scenes >>
Further, the authentication scene assumed by the authentication system 1000 according to the present embodiment is not limited to the authentication scene 1 described above. For example, when the card reading order assumed in FIG. 5 is reversed, such as reading the employee card corresponding to the registered user card after reading the guest card corresponding to the unregistered user card (for the sake of convenience, hereinafter referred to as “authentication scene”). 2 ”).

  Hereinafter, in the authentication scene 2, a process for associating an unregistered user card with a registered user by the user information management unit 11 will be described.

<< Data Processing of User Information 92D in Authentication Scene 2: Part 1 >>
FIG. 8 is a flowchart showing an example (part 3) of an association processing procedure between an unregistered user card and a registered user according to the present embodiment.

  As shown in FIG. 8, the user information management unit 11 receives card information from the entrance / exit management device 200 (step S301). In response to this, the determination unit 111 of the user information management unit 11 searches the user information 92D stored in the user information storage unit 92 based on the user identification information included in the received card information (step S302). ). The determination unit 111 determines whether the card user is an unregistered user from the search result (step S303).

  As a result, when the determining unit 111 determines that the card user is an unregistered user (step S303: YES), the user information management unit 11 receives the unregistered user card reading information as the received card information. (Second reading information) is determined. As a result, the user information management unit 11 temporarily holds the card information of the unregistered user card (step S304). Thereby, the authentication device 100 caches the card information of the guest card of the visitor read immediately before the employee card of the employee in charge on the memory.

  On the other hand, when the determination unit 111 determines that the card user is a registered user (step S303: NO), the user information management unit 11 determines that the received card information is read information of the registered user card (first information). Read information). As a result, the association unit 112 of the user information management unit 11 associates the unregistered user card with the registered user assigned to the registered user card read immediately after the unregistered user card (step S305). . At this time, the user information management unit 11 updates the user information 92D as follows based on the association result. The user information management unit 11 includes user identification information of a registered user included in the received card information (first reading information) and an unregistered user card included in the temporarily held card information (second reading information). Is registered in association with the card identification information, and the user information 92D is updated. As a result, the authentication apparatus 100 associates the guest card read immediately before the employee card with the employee in charge of the employee card read immediately after.

<< Data Processing of User Information 92D in Authentication Scene 2: Part 2 >>
FIG. 9 is a flowchart showing an example (part 4) of an association processing procedure between an unregistered user card and a registered user according to the present embodiment. The difference from the processing example shown in FIG. 8 is that the unregistered user card is determined based on the determination result whether the elapsed time until the unregistered user card and the registered user card are read is within a predetermined period. It is a point to associate with registered users.

  As shown in FIG. 9, the user information management unit 11 receives card information from the entrance / exit management device 200 (step S401). In response to this, the determination unit 111 of the user information management unit 11 searches the user information 92D stored in the user information storage unit 92 based on the user identification information included in the received card information (step S402). ). The determination unit 111 determines whether the card user is an unregistered user from the search result (step S403).

  As a result, when the determination unit 111 determines that the card user is an unregistered user (Step S403: YES), the user information management unit 11 receives the unregistered user card reading information as the received card information. (Second reading information) is determined. As a result, the user information management unit 11 temporarily holds the card information of the unregistered user card (step S404). As a result, the authentication apparatus 100 caches the card information of the visitor's guest card read before the employee card of the employee in charge on the memory.

  On the other hand, when the determination unit 111 determines that the card user is a registered user (step S403: NO), the user information management unit 11 determines that the received card information is read information on the registered user card (first information). Read information). As a result, the associating unit 112 of the user information management unit 11 has an elapsed reading time T from reading the unregistered user card to reading the registered user card within a predetermined period (T ≦ X [seconds]). Is determined (step S405). At this time, the associating unit 112 calculates the elapsed reading time T based on the reading date / time of the unregistered user card and the reading date / time of the registered user card.

  When the association unit 112 determines that the read elapsed time T is within the predetermined period (step S405: YES), the association unit 112 assigns the unregistered user card to the registered user card read after the unregistered user card. The registered user is associated (step S406). At this time, the user information management unit 11 updates the user information 92D as follows based on the association result. The user information management unit 11 includes user identification information of a registered user included in the received card information (first reading information) and an unregistered user card included in the temporarily held card information (second reading information). Is registered in association with the card identification information, and the user information 92D is updated. As a result, the authentication device 100 associates the guest card read before the employee card with the employee in charge of the employee card read later.

  In addition, when the associating unit 112 determines that the read elapsed time T has exceeded a predetermined period (step S405: NO), the user information management unit 11 sets an unregistered user card to the registered user. Do not associate. Usually, a visitor enters a facility together with an employee in charge. For this reason, if the read elapsed time T from when the guest card is read until the employee card is read is long, the employee of the employee card that was read later is the employee (responsible responsible) There is a high possibility that it is not an employee. Therefore, when the read elapsed time T from reading the guest card to reading the employee card is longer than the predetermined period X [seconds], the user information management unit 11 assigns the guest card to the employee card read later. Do not correspond to the employees.

  As described above, the authentication device 100 according to the present embodiment associates the guest card with the employee in charge of the employee card read after the guest card when the guest card of the visitor and the employee card of the employee in charge are read in this order.

<Summary>
As described above, according to the authentication device 100 according to the present embodiment, when the registered user card and the unregistered user card are read by the reading device 300, the user information management unit 11 performs the unregistered use. The user card is associated with the registered user assigned to the registered user card. At this time, the user information management unit 11 determines that the unregistered user if the associating unit 112 reads the elapsed time T until the unregistered user card and the registered user card are read within a predetermined period. The card is associated with the registered user assigned to the registered user card.

  Thus, the authentication apparatus 100 according to the present embodiment provides an environment in which a visitor person in charge associates a visitor's guest card with a person in charge without operating a dedicated terminal. As a result, in the authentication system 1000 according to the present embodiment, the load of reception work for visitors is reduced, and a highly convenient authentication service can be realized.

  In the above embodiment, the system configuration example including the authentication device 100, the entrance / exit management device 200, and the reading device 300 has been described. For example, a system configuration including the authentication device 100 and the reading device 300 may be used. In this case, the authentication device 100 directly receives the card information from the reading device 300, and sets the reception date / time of the card information as the reading date / time of the card.

  In the above embodiment, an example in which the authentication function is realized by executing a program (software) has been described. For example, some or all of the functional units of the authentication function may be realized by mounting hardware (such as “dedicated circuit” or “dedicated processor”).

[Modification 1]
In the above-described embodiment, the example in which the process at the time of authentication is performed according to the reading order of the guest card of the visitor and the employee card of the employee in charge has been described. In the first modification, regardless of the card reading order, a process at the time of authentication in which the guest card is associated with the employee in charge is proposed. In the following description, matters different from the above-described embodiment will be described, and the same matters will be denoted by the same reference numerals, and description thereof will be simplified or omitted.

<< Data processing of user information 92D >>
FIG. 10 is a flowchart illustrating an example of a procedure for associating an unregistered user card with a registered user according to the first modification. FIG. 11 is a diagram illustrating an example of the cache data CD1 and CD2 according to the first modification.

  As shown in FIG. 10, the user information management unit 11 receives card information from the entrance / exit management device 200 (step S501). In response to this, the determination unit 111 of the user information management unit 11 searches the user information 92D stored in the user information storage unit 92 based on the user identification information included in the received card information (step S502). ). The determination unit 111 determines whether or not the card user is a registered user from the search result (step S503).

  As a result, if the determination unit 111 determines that the card user is a registered user (step S503: YES), the user information management unit 11 determines that the received card information is information on the registered user card. to decide. As a result, the associating unit 112 of the user information management unit 11 uses the reading device (same reading device) 300 that has read the registered user card within a predetermined period (within Y [seconds]). It is determined whether or not the card has been read (step S504). At this time, the associating unit 112 makes a determination based on the reading device identification information for identifying the reading device 300 and the reading date and time of the unregistered user card. The reading device identification information is transmitted together with the card information from the reading device 300 and is received by the authentication device 100 via the entrance / exit management device 200.

  When the association unit 112 determines that the unregistered user card is not read within a predetermined period in the same reading device 300 (step S504: NO), the association unit 112 temporarily holds the card information of the registered user card. (Step S505). As a result, the authentication device 100 caches the card information of the employee card of the employee in charge read before the visitor's guest card on the memory.

  FIG. 11A shows an example of the cache data CD1 according to the first modification. In the process of step S505, for example, cache data CD1 as shown in FIG. 11A is generated on the memory. More specifically, cache data CD1 is generated in which user identification information of a registered user, reading device identification information of the reading device 300 that has read the registered user card, and reading date and time of the registered user card are associated with each other. Is done.

  On the other hand, when the association unit 112 determines that the unregistered user card is read within the predetermined period in the same reading device 300 (step S504: YES), the association unit 112 associates the unregistered user card with the registered user. (Step S506). At this time, the associating unit 112 associates the unregistered user card read first with the registered user assigned to the registered user card read later. In response to this, the user information management unit 11 updates the user information 92D as follows based on the association result. The user information management unit 11 registers the user identification information of the registered user included in the received card information and the card identification information of the unregistered user card included in the cache data CD2 in association with each other. Information 92D is updated. As a result, the authentication device 100 associates the guest card read before the employee card with the employee in charge of the employee card read later.

  Also, when the determination unit 111 determines that the card user is an unregistered user (step S503: NO), the user information management unit 11 receives the unregistered user card information. Judge. As a result, the associating unit 112 of the user information management unit 11 uses the reading device (same reading device) 300 that has read the unregistered user card within a predetermined period (within X [seconds]). It is determined whether or not the card has been read (step S507). At this time, the associating unit 112 makes a determination based on the reading device identification information for identifying the reading device 300 and the reading date and time of the registered user card. The reading device identification information is transmitted together with the card information from the reading device 300 and is received by the authentication device 100 via the entrance / exit management device 200.

  When the matching unit 112 determines that the registered user card is not read within a predetermined period in the same reading device 300 (step S507: NO), the association unit 112 temporarily holds the card information of the unregistered user card. (Step S508). As a result, the authentication apparatus 100 caches the card information of the visitor's guest card read before the employee card of the employee in charge on the memory.

  FIG. 11B shows an example of the cache data CD2 according to the first modification. In the process of step S508, for example, cache data CD2 as shown in FIG. 11B is generated on the memory. More specifically, cache data in which card identification information of an unregistered user card, reading device identification information of the reading device 300 that has read the unregistered user card, reading date and time of the unregistered user card, and the like are associated with each other. CD2 is generated.

  On the other hand, when the association unit 112 determines that the registered user card has been read within a predetermined period in the same reading device 300 (step S507: YES), the association unit 112 associates the unregistered user card with the registered user ( Step S509). At this time, the association unit 112 associates the unregistered user card read later with the registered user assigned to the registered user card read earlier. In response to this, the user information management unit 11 updates the user information 92D as follows based on the association result. The user information management unit 11 registers the card identification information of the unregistered user card included in the received card information and the user identification information of the registered user included in the cache data CD1 in association with each other. Information 92D is updated. As a result, the authentication apparatus 100 associates the guest card read after the employee card with the employee in charge of the employee card read earlier.

  As described above, the authentication device 100 according to the first modification associates the guest card with the employee in charge regardless of the card reading order. Therefore, in the authentication system 1000 according to the first modification, the same effects as those in the above embodiment can be obtained, and flexible system operation can be realized.

[Modification 2]
In the second modification, a process for displaying the association result of the guest card of the visitor and the employee card of the employee in charge on the reading device 300 is proposed. In the following description, matters different from the above-described embodiment will be described, and the same matters will be denoted by the same reference numerals, and description thereof will be simplified or omitted.

  FIG. 12 is a sequence diagram illustrating a processing procedure example during authentication according to the second modification. The process from step S21 to S30 shown in FIG. 12 is the same as the process from step S11 to S20 shown in FIG. 5 described in the above embodiment.

  As illustrated in FIG. 12, the authentication device 100 transmits the association result (association result between the unregistered user card and the registered user) by the user information management unit 11 to the entry / exit management device 200 (step). S31). In response to this, the entrance / exit management device 200 uses the entrance / exit information management unit 21 to transfer the received association result to the reading device 300 (step S32). In response to this, the reading apparatus 300 displays the received association result on the display unit 32 (step S33).

  In this way, the authentication system 1000 according to the second modification notifies the employee in charge of information on the associated guest card. Therefore, in the authentication system 1000 according to the second modification, the same effect as the above embodiment can be obtained, and before the visitor uses the facility equipment, the correspondence to the employee in charge can be confirmed, and accurate facility management is performed. realizable.

[Modification 3]
In the above embodiment, the system configuration example including the authentication device 100, the entrance / exit management device 200, and the reading device 300 has been described. In the third modification, a system configuration example that further includes an image processing apparatus 400 that is an example of facility equipment is proposed. In the following description, matters different from the above-described embodiment will be described, and the same matters will be denoted by the same reference numerals, and description thereof will be simplified or omitted.

  FIG. 13 is a diagram illustrating a configuration example of the authentication system 2000 according to the third modification. The authentication system 2000 according to the third modification can provide the following service in addition to the authentication service described in the above embodiment.

  First, the reading device 300 reads the guest card of the visitor and the employee card of the employee in charge. The reading device 300 transmits the read card information to the entry / exit management device 200. In response to this, the entrance / exit management device 200 transfers the received card information to the authentication device 100. In response to this, the authentication apparatus 100 associates the guest card with the employee in charge based on the received card information. At this time, if the reading time of the guest card and the employee card is within a predetermined period, the authentication device 100 associates the guest card with the employee in charge. As a result, the authentication apparatus 100 updates the user information 92D used at the time of facility use authentication based on the association result.

  Thereafter, a visitor who enters the facility uses a reading device (not shown) included in the image processing apparatus 400 to read the guest card and uses the image processing apparatus 400. As a result, the image processing apparatus 400 transmits usage history information indicating the history of device usage, such as the number of printed sheets, to the authentication apparatus 100 together with the card identification information of the read guest card. In response to this, the authentication device 100 records the received usage history information as the usage history of the employee in charge associated with the guest card of the visitor using the image processing device 400. At this time, the authentication device 100 refers to the user information 92D based on the card identification information received together with the usage history information, and the employee in charge of recording the usage history from the user identification information associated with the corresponding card identification information. Is identified.

  As described above, the authentication system 2000 according to the third modification manages the facility equipment usage history of the visitor permitted to use the facility in association with the employee in charge by the authentication process at the time of card reading. Therefore, in the authentication system 2000 according to the third modification, the same effects as those of the above embodiment can be achieved, and appropriate facility management can be realized for the use of the facility facilities of the visitor. Specifically, it is possible to manage the upper limit of use of facility equipment.

  In the third modification, the authentication apparatus 100 has described the system configuration example in which the facility maintenance use history information is received. However, the present invention is not limited to this. For example, when the authentication system 2000 includes a usage history management device (log management device; not shown) that manages the usage history of facility maintenance, the usage history information is sent from the image processing device 400 to the usage history management device. You may make it transmit.

  Finally, the present invention is not limited to the requirements shown here, such as combinations of other elements with the shapes and configurations described in the above embodiments. With respect to these points, the present invention can be changed within a range that does not detract from the gist of the present invention, and can be appropriately determined according to the application form.

DESCRIPTION OF SYMBOLS 11 User information management part 111 Determination part 112 Associating part 12 Authentication part 21 Entrance / exit information management part 31 Reading part 32 Display part 91 Entrance / exit information storage part 92 User information storage part (92D: User information)
DESCRIPTION OF SYMBOLS 100 Authentication apparatus 200 Entrance / exit management apparatus 300 Reading apparatus 400 Image processing apparatus 1000,2000 Authentication system

JP 2009-187105 A

Claims (10)

  A first storage medium issued to registered users registered in user information used at the time of use authentication, and a second storage medium issued to unregistered users not registered in the user information Is read, the user information management step of updating the user information by associating the read second storage medium with the registered user assigned to the read first storage medium, An authentication program that causes a computer to execute. The user information management step includes:
Determining whether the user assigned to the read storage medium is the registered user or the unregistered user;
The read information read from the storage medium is temporarily stored based on the determination result, or the second storage medium is associated with the registered user assigned to the first storage medium. The certification program described. The user information management step includes:
Read elapsed time from reading the first storage medium to reading the second storage medium, or read elapsed time from reading the second storage medium to reading the first storage medium within a predetermined period 2. The authentication program according to claim 1, wherein the second storage medium is associated with the registered user assigned to the first storage medium. The user information management step includes:
When the second storage medium is read after the first storage medium, the first storage information read from the first storage medium is retained,
The second storage medium is associated with the registered user assigned to the first storage medium based on the first read information to be held and the second read information read from the second storage medium. The authentication program according to claim 1. The user information management step includes:
When the second storage medium is read before the first storage medium, the second storage medium holds second read information read from the second storage medium,
The second storage medium is associated with the registered user assigned to the first storage medium based on the second read information to be held and the first read information read from the first storage medium. The authentication program according to claim 1. The user information management step includes:
When the second storage medium is read after the first storage medium, the first storage information read from the first storage medium is retained,
When the elapsed reading time from reading the first storage medium to reading the second storage medium is within a predetermined period, the first read information to be held and the second read from the second storage medium 2. The authentication according to claim 1, wherein the second storage medium is associated with the registered user assigned to the first storage medium read before the second storage medium based on read information. program. The user information management step includes:
When the second storage medium is read before the first storage medium, the second storage medium holds second read information read from the second storage medium,
When the elapsed reading time from reading the second storage medium to reading the first storage medium is within a predetermined period, the second read information to be held and the first read from the first storage medium The authentication program according to claim 1, wherein the second storage medium is associated with the registered user assigned to the first storage medium read after the second storage medium based on the read information. . The user information management step includes:
When the user assigned to the read storage medium is the registered user, the read storage medium determines that the read storage medium is the first storage medium, and the reading device that reads the first storage medium Whether or not the second storage medium is read within the period of
When the second storage medium is not read by the reading device, the first reading information read from the first storage medium is held,
When the second storage medium is read by the reading device, the second storage medium is changed to the first read information based on the first read information to be held and the second read information read from the second storage medium. 2 associated with the registered user assigned to the first storage medium read later by the storage medium,
When the user assigned to the read storage medium is the unregistered user, the read storage medium determines that the read storage medium is the second storage medium and reads the second storage medium. Determining whether or not the first storage medium is read within a predetermined period;
When the first storage medium is not read by the reading device, the second reading information read from the second storage medium is held,
When the first storage medium has been read by the reading device, the second storage medium is changed based on the second read information to be held and the first read information read from the first storage medium. The authentication program according to claim 1, wherein the authentication program is associated with the registered user assigned to the first storage medium read previously by the second storage medium.   A first storage medium issued to registered users registered in user information used at the time of use authentication, and a second storage medium issued to unregistered users not registered in the user information And a user information management unit that updates the user information by associating the read second storage medium with the registered user assigned to the read first storage medium, An authentication apparatus comprising: A reading unit for reading information from a storage medium;
A first storage medium issued to registered users registered in user information used at the time of use authentication, and a second storage medium issued to unregistered users not registered in the user information And a user information management unit that updates the user information by associating the read second storage medium with the registered user assigned to the read first storage medium, An authentication system comprising:

Images