JP2018055138A - Authentication system, authentication data management apparatus, gate management apparatus and authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication system configured to authenticate a person wishing to pass through a gate and to help reducing storage capacity at a gate management apparatus side.SOLUTION: The invention provides an authentication system configured to: store in an authentication data management apparatus a plurality of authentication data for authenticating a person wishing to pass through a gate; transfer part of the plurality of stored authentication data from the data management apparatus to a gate management apparatus prior to authenticating the person wishing to pass through the gate when predetermined conditions are satisfied; store in a partial data storage part provided with the gate management apparatus part of the authentication data transferred from the authentication data management apparatus; read in the gate management apparatus authentication information provided by the person wishing to pass through the gate; and authenticate the authentication information by checking the read authentication information against the authentication data stored in the partial data storage part.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a technique for managing a person who wants to pass through a gate.

  An entry / exit management system using a card reader or the like is known as a technique for managing entry / exit with respect to a site, a building, a facility, and the like. In such a management system, gates and doors (hereinafter simply referred to as gates) are provided for each area to be managed, and each card is authenticated by having a card reader or the like provided at the gate read the ID card. Manage entrances and exits. Of course, a configuration using a device that performs biometric authentication such as a fingerprint or a retina pattern instead of a card reader may be used, or a password may be input using a keyboard or the like. In any case, individuals entering and leaving are authenticated by a management device provided at a gate or the like. In this case, even if an individual is authenticated by a management device provided at a gate or the like, authentication data collated at the time of authentication is generally managed centrally on the server side connected via the network. (For example, see Patent Document 1).

JP 2014-214477 A

  However, when the number of objects to be authenticated increases and the number of gates entering and leaving the room increases, there is a problem that it takes time for the server to respond. For example, in a large-scale facility where there are a large number of gates and authentication of tens of thousands or more must be performed, authentication from a large number of gates may be requested to the server almost simultaneously. It takes time. When entering and leaving, like entrance gates, etc., if the walking speed is assumed to be about 1 meter / second, even if the response delay is less than 1 second, the flow of the entrance / exit There is a concern that the gate will become crowded.

  In order to cope with such a problem, it is conceivable that authentication data is stored in advance in a management device such as each gate, and authentication is performed in the management device such as each gate. However, in this case, there is a problem that the storage capacity on the management device side provided in each gate or the like must be increased. Further, since the authentication data is required to be collectively managed, it is necessary to periodically update all the authentication data of the management device such as each gate. Usually, such authentication data is updated during a time when there is no entry / exit, such as at night, but it may be necessary to update the authentication system while the authentication system is in operation due to security requirements. In this case, if the authentication data increases, the update process takes time. Further, if update processing is performed almost simultaneously on a plurality of management devices such as gates, the load on the network temporarily increases. Furthermore, it was considered that the use of gates and the like was restricted during the update of authentication data.

  SUMMARY An advantage of some aspects of the invention is to solve at least a part of the problems described above, and the invention can be implemented as the following forms or application examples.

(1) As a 1st aspect of this invention, the authentication system provided with the gate management apparatus provided in each of several gates and the authentication data management apparatus connected to the said gate management apparatus is provided. In this authentication system, the authentication data management device stores a plurality of authentication data for authenticating a person who wants to pass through the gate, and a plurality of authentication data stored in the storage unit. A transmission unit may be provided that transmits a part of the authentication data to the gate management device when a predetermined condition is satisfied prior to the authentication of the person who wants to pass. In addition, the gate management device includes a partial data storage unit that stores the partial authentication data transmitted from the authentication data management device, a reading unit that reads authentication information provided by the passer-by, and the reading unit. An authentication unit that authenticates the authentication information by collating the authentication information with the stored authentication data.

  In such an authentication system, an authentication data management device that stores authentication data of a person who wants to pass a part of the plurality of authentication data stored in the storage unit prior to authentication of the person who wants to pass. When a predetermined condition is satisfied, the data is transmitted to the gate management device, so that only a part of a plurality of authentication data needs to be stored on the gate management device side. For this reason, the storage capacity of the partial data storage unit in the gate management apparatus can be suppressed. In addition, since this authentication data is transmitted prior to the authentication of the person who wants to pass, there is a possibility that the authentication data of the person who wants to pass is stored on the gate management apparatus side at the time of authentication in the gate management apparatus. In this case, it is possible to complete authentication in a short time on the gate management apparatus side when the passerby passes through the gate. Further, in this authentication system, even when the entire authentication data is updated on the authentication data management apparatus side, it is not necessary to perform the authentication data update process on the gate management apparatus side again. This is because part of the authentication data is transmitted from the authentication data management device to the gate management device prior to the authentication of the passer-by.

(2) In such an authentication system, the authentication data management device is provided with specific data that is data that can identify the passer-by before the passer-by reaches the gate of the plurality of gates. A data receiving unit that receives from the person who wants to pass, and when the specific data is received, the transmission unit stores the authentication data of the person who wants to pass stored in the storage unit as the condition is satisfied. It is good also as what extracts based on specific data and transmits the said extracted authentication data to the said gate management apparatus. In such an authentication system, the gate management device can receive the authentication data of the person who wants to pass before the person who wants to pass reaches the gate, and can authenticate the person who wants to pass.

(3) In such an authentication system, the data receiving unit of the authentication data management device may receive the specific data by a signal from a transmitting device possessed by the passerby. In this way, the authentication data management device receives the specific data using the signal from the transmission device possessed by the passer-by, so that at least the authentication data of the passer-by who owns this transmission device is desired to pass. Can be transmitted to the gate management device before the person reaches the gate, and the gate management device can reliably and promptly authenticate the person who wants to pass.

(4) In this authentication system, the data reception unit of the authentication data management device may include the location information together with the specific data from the signal when the location information is included in the signal from the transmission device. And the transmission unit of the authentication data management device is configured to manage at least one of the gate management devices provided in each of the plurality of gates based on the position information read from the signal from the transmission device. A device may be specified, and the authentication data may be transmitted to the specified gate management device. In this way, authentication data for authenticating the person who wants to pass to any one of the gate management apparatuses provided in each of the plurality of gates based on the signal from the transmitting apparatus possessed by the person who wants to pass. Can be easily determined as a part of the authentication data.

(5) In this authentication system, the authentication data management device associates the location information with the authentication data when the passer-by who has the transmission device that has transmitted the signal passes the gate. A history information storage unit that stores history information may be provided. In this authentication system, the data receiving unit tries to read the specific data and the position information from the signal, and when the position information is read and the specific data cannot be read, the transmitting unit The authentication data associated with the read position information may be transmitted to at least one gate management device corresponding to the read position information with reference to history information. In this way, even if the specific data cannot be read due to reasons such as the specific data being damaged from the signal from the transmitting device, the authentication data of the passer-by who has previously transmitted the same location information is stored in the same way. Can be transmitted to at least one corresponding gate management apparatus in advance as authentication data for each section. For this reason, there is a high possibility that the authentication data of the person who wants to pass will reach the gate management device that the person who wants to pass is going to pass before the person who wants to pass, It can be done reliably and quickly.

(6) In the first embodiment, the authentication data management device is configured such that when the person who wants to pass passes through one of the plurality of gates after receiving the authentication, the person who wants to pass It is assumed that a data reception unit that receives passage data indicating that the gate has passed from the gate management device is provided, and that the condition is satisfied when the passage data is received, the transmission unit stores the passage data in the storage unit. The stored authentication data of the person who wants to pass is extracted based on the passage data, and the extracted authentication data is transmitted to the gate management device of another gate that can pass the person who wants to pass through the one gate. It is good also as what to do. In such an authentication system, the gate management device of another gate can receive the authentication data of the person who wants to pass before the person who wants to pass through one gate reaches the other gate where the person can pass. The gate management device of the gate can authenticate the person who wants to pass reliably and quickly.

(7) In the first embodiment, the authentication data management device determines that the condition is satisfied when a predetermined time is reached, and includes the authentication data stored in the storage unit by the transmission unit. The authentication data of a person who wants to pass that has the possibility of passing through the gate within a predetermined period from the time may be extracted, and the extracted authentication data may be transmitted to the gate management device. In such an authentication system, the gate management device can receive authentication data of a person who wishes to pass through the gate within a predetermined period from that time when the predetermined time arrives. Authentication can be easily performed.

(8) In the authentication system described above, the reading unit includes, as the authentication information, information recorded on an ID card, biometric information such as a fingerprint, voice print, iris pattern, retinal pattern, vein pattern, etc. It is also possible to read at least one of a unique code and a personal identification number transmitted from. In such an authentication system, authentication can be performed using at least one of the above authentication information. When the information recorded on the ID card, the unique code transmitted from the portable terminal, or the personal identification number is used as the authentication information, it is easy to obtain the authentication information. In addition, when using biometric information such as fingerprints, since the biometric information of the person who wants to pass is used, high security can be realized against forgery or impersonation of authentication information.

(9) In the authentication system described above, the gate management device includes a deletion unit that deletes authentication data determined to be unnecessary from the partial authentication data stored in the partial data storage unit. May be. In this way, the gate management device of the authentication system deletes the authentication data determined to be unnecessary, so that the storage capacity of the partial data storage unit can be used effectively. Therefore, for example, even if the number of passers who want to authenticate with the gate management device increases, it is not necessary to increase the storage capacity of the partial data storage unit.

(10) In such an authentication system, the deletion unit
[1] The person who wants to pass passes through one of the gates after being authenticated by one of the gate management devices, and then passes again through one of the gates after receiving authentication from one of the gate management devices. Authentication data of the person who wishes to pass in the gate management device of the gate that passed first,
[2] Either after the person who wants to pass is authenticated by one of the gate management devices and passes through any gate, or after receiving the transmission of the authentication data from the authentication data management device Then, the authentication data of the person who wants to pass when the time equal to or longer than the data holding time which is a predetermined time has passed,
[3] Authentication data stored in the partial data storage unit when a predetermined time is reached [4] At least one of authentication data when the authentication data is specified and an deletion instruction is given by the operator Authentication data corresponding to one may be determined as unnecessary. In this way, authentication data to be deleted can be easily specified.

(11) As a second aspect of the present invention, an authentication data management device connected to a gate management device provided in each of a plurality of gates is provided. In this authentication data management device, a storage unit that stores a plurality of authentication data for authenticating a pass-through person who intends to pass through the gate, and a part of the plurality of authentication data stored in the storage unit A transmission unit may be provided that transmits authentication data to the gate management device when a predetermined condition is satisfied prior to authentication of the person who wants to pass by the gate management device.

  The authentication data management device includes a part of the plurality of authentication data stored in the storage unit when a predetermined condition is satisfied prior to authentication of the person who wants to pass in the gate management device. Is transmitted to the gate management device, the amount of data transmitted at a time can be reduced. For this reason, the storage capacity for storing the authentication data received in the gate management apparatus can be reduced.

(12) As a third aspect of the present invention, a gate management device provided for each of a plurality of gates is provided. The gate management device includes a plurality of authentication data management devices that store a plurality of pieces of authentication data for authenticating a person who wants to pass through the gate. A receiving unit that receives a part of the authentication data, and a partial data storage unit that stores the part of the authentication data received from the authentication data management device; / 5 partial data storage unit capable of storing a smaller number of authentication data, a reading unit for reading authentication information provided by the passer-by, the read authentication information, and the stored partial authentication data And an authentication unit that authenticates the authentication information.

  The partial data storage unit of such a gate management device can only store authentication data smaller than 1/5 of a plurality of authentication data stored in the authentication data management device, thereby reducing the storage capacity on the gate management device side. can do.

  The present invention can be implemented in various modes other than the above modes. For example, a person who wishes to pass the gate using a gate management device provided in each of the plurality of gates and an authentication data management device connected to the gate management device provided in the plurality of gates. It can be implemented as an authentication method for authenticating. Further, the present invention can be implemented as a program that realizes the authentication data management apparatus and the management method described above, or as a recording medium that records the program. Alternatively, the present invention can be implemented as a computer program that implements the above-described gate management apparatus and management method, or even by using a recording byte that records the program. Furthermore, the present invention can also be implemented as an authentication system control method, an authentication data management device control method, a gate management device control method, and the like.

The schematic block diagram of the authentication system of 1st Embodiment. 5 is a flowchart illustrating an authentication data management process performed by the authentication data management apparatus and a gate management pre-process performed by the gate management apparatus in the first embodiment. The flowchart which shows the detail of the process which receives specific data. The flowchart which shows the gate management process which a gate management apparatus performs. The flowchart which shows the modification of 1st Embodiment. The flowchart which shows the other modification of 1st Embodiment. The flowchart which shows the further another modification of 1st Embodiment. The schematic block diagram of the authentication system of 2nd Embodiment. 9 is a flowchart illustrating an authentication data management process performed by an authentication data management apparatus and a gate management pre-process performed by a gate management apparatus in the second embodiment. The flowchart which shows the data deletion process as 3rd Embodiment. The schematic block diagram of the authentication system of 4th Embodiment. 14 is a flowchart showing authentication data management processing performed by an authentication data management device in the fourth embodiment. 10 is a flowchart showing authentication data management processing performed by an authentication data management device in the fifth embodiment.

A. First embodiment:
<Device configuration>
The apparatus configuration of the first embodiment of the present invention will be described. FIG. 1 is a schematic configuration diagram showing the overall configuration of an authentication system 10 as the first embodiment. This authentication system 10 includes one authentication data management device 20, a plurality of gate management devices 40, 50, 60, 70, 80, 90, and a local area network (hereinafter abbreviated as a network) connecting them. NW. Since the gate management devices 40 to 90 and their peripheral devices have almost the same configuration as will be described later, the “gate management devices 40, 50, 60, 70, 80, 90” are displayed when they first appear. As described above, the symbols “,” are used for delimitation, but when they are collectively handled thereafter, the symbols “˜” are added as in “gate management devices 40 to 90”. Further, when the details of the inside of the gate management devices 40 to 90 are described, the gate management devices 40 to 90 will be used as a representative for the description.

  Each of the gate management devices 40 to 90 is provided with gate devices 49, 59, 69, 79, 89, and 99, and the gate management devices 40 to 90 control opening and closing of the gates 49 to 99. The gate management devices 40 to 70 are connected to reading units 41, 51, 61, and 71 for reading data for personal authentication of a pass-through person PS who desires to pass through the gates 49 to 79. The gates 49 to 79 are provided with gate driving units 48, 58, 68 and 78 for opening and closing the gates 49 to 79, and the gate devices 49 to 79 are opened and closed in response to instructions from the gate management devices 40 to 70. . In addition, in each gate apparatus 49-79, although the reading parts 41-71 are provided in the both sides (outside facility and inside a facility), since it became complicated, illustration was abbreviate | omitted. The gate management devices 80 and 90 are also provided with a reading unit and a gate driving unit. In any of the gate devices 49 to 99, it is identified by the reading unit to be used whether the person who wants to pass passes from the outside of the facility to the inside of the facility (or from the passage side to the room) or vice versa. can do. In each embodiment, description will be made on the assumption that a single gate device is used for two-way traffic. However, an entrance gate device and an exit gate device may be provided separately. In this case, gate management devices may be provided individually, or both may be managed by a single gate management device.

  Each of the gate devices 49 to 79 is provided at the entrance of the facility LB where the authentication system 10 is provided, and the entrance passages 11, 15, 16, and 17 are connected to the entrance. Therefore, the person who wants to enter the facility LB passes through one of the facilities LB, 15, 16, and 17. In addition, a passage 12 connected to the gate devices 49 and 59 is provided inside the facility LB, and after passing through the gate devices 49 and 59, enters the rooms 13 and 14 in the facility LB and the inside of the facility LB. A person who wants to go through this passage 12. On the other hand, the passage 18 is connected to the gate devices 69 and 79, and a person who wants to enter the facility LB after passing through the gate devices 69 and 79 passes through the passage 18.

  A detector 31 is provided in the passage 11. In the first embodiment, the detection unit 31 detects a beacon from the transmission device 32 worn by the passerby PS. The beacon includes an ID code as specific data. The detection unit 31 outputs the detected ID code to the authentication data management device 20. In the first embodiment, the detection unit 31 and the authentication data management device 20 are connected by a single wire, but the communication between them may be via the network NW, wireless (WiFi), or the like. Although the detection unit 31 is also provided in each of the passages 15, 16, and 17 leading to the facility LB, the illustration thereof is omitted. Further, the passer-by person PS has an authentication object 35 separately from the transmission device 32. The authentication object 35 provides authentication information for authenticating an individual to the reading unit 41, and is an ID card in which RFID is embedded in the first embodiment. The authentication object 35 is read by the reading units 41 to 71 with the authentication information written in the RFID. There are various variations of the combination of the detection unit 31 and the transmission device 32, and the combination of the authentication object 35 and the reading units 41 to 71. For this, some combinations are given as examples at the end of the embodiment. I will explain.

  The internal configuration of the gate management devices 40 to 90 will be described by taking the gate management device 40 as an example. The gate management device 40 includes an authentication unit 43, a RAM 44, an input unit (abbreviated as “IN” in the figure) 45, and an output unit (abbreviated as “OUT” in the figure) 46. The authentication unit 43 performs an authentication process, but is substantially composed of a CPU, a ROM, and a communication unit. The ROM stores a program executed by the CPU. The communication unit provides an interface for exchanging data with the authentication data management device 20 and, if necessary, other gate management devices 50 to 90 via the network NW. Processing based on a program executed by the authentication unit 43 will be described later with reference to a flowchart.

  The RAM 44 stores authentication data for authenticating the passer-by person PS. The capacity of the RAM 44 is about 1/100 to 1/5 of the capacity mv compared to the storage capacity MV required for the number N of persons who require authentication throughout the facility LB. That is, the RAM 44 corresponds to a subordinate concept of the partial data storage unit. The contents of the authentication data stored in the RAM 44 and the storage timing will be described later. The input unit 45 is an interface for inputting data from the reading unit 41, and the authentication unit 43 can read the authentication information of the authentication object 35 read by the reading unit 41 via the input unit 45. it can. The output unit 46 is an interface for outputting an instruction to the gate drive unit 48, and the authentication unit 43 instructs the gate drive unit 48 to open and close the gate device 49 via the output unit 46.

  The gate management devices 40 to 90 provided in the plurality of gate devices 49 to 99 are connected to the authentication data management device 20 via the network NW. The authentication data management device 20 includes a well-known CPU, ROM, and the like and operates as a server. Functionally, the authentication data management device 20 includes a data reception unit 21, a transmission unit 22, an NW communication unit 23, a storage unit 25, and the like. Yes. The data receiving unit 21 receives the ID code output from the detecting unit 31. The NW communication unit 23 provides an interface with the network NW. The storage unit 25 is a large-capacity storage device. In the first embodiment, the storage unit 25 has a capacity equal to or greater than the required capacity MV for storing the ID codes and authentication data of all the members who use the facility LB. Have.

  The transmission unit 22 searches the authentication data stored in the storage unit 25 based on the ID code received via the data reception unit 21, and if there is corresponding authentication data, the NW communication unit 23 sends it to the network NW. To one or more of the target gate management devices 40-90. Such processing performed by the authentication data management apparatus 20 centering on the transmission unit 22 will be described below.

<Authentication process>
The authentication process according to the first embodiment will be described with reference to FIGS. FIG. 2 is an explanatory diagram for explaining the exchange between the authentication data management device 20 and the gate management device 40. Here, a description will be given assuming that the person who wants to pass PS passes through the passage 11 and approaches the gate device 49 and then enters the inside of the facility LB, specifically, the passage 12 through the gate device 49. However, the same applies to the other passages 15-17.

  When the passer-by PS enters the passage 11, the detection unit 31 receives specific data from the passer-by PS (step S100). The detection unit 31 transmits this specific data to the authentication data management device 20. The authentication data management device 20 performs a process of receiving this specific data (step S110). As specific data, various data can be considered as described later. Details of the processing in this case are shown in FIG.

  In this case, the detection unit 31 detects a beacon from the transmission device 32 carried by the passer-by person PS and receives specific data (FIG. 3, step S102). In 1st Embodiment, ID code contained in the beacon which the transmission apparatus 32 transmits as specific data is used. The ID code is a unique code for each transmission device 32.

  The authentication data management apparatus 20 receives the specific data specified by the beacon, here the ID code (step S112 in FIG. 3), as the specific data reception process (step S110) shown in FIG. Subsequently, the authentication data management device 20 searches whether the authentication data corresponding to the specific data is stored in the storage unit 25 (step S120). If authentication data corresponding to the specific data is stored in the storage unit 25 (step S130), the authentication data management device 20 performs a process of transmitting the authentication data (step S140). On the other hand, if there is no corresponding authentication data in the storage unit 25, nothing is performed and the process is terminated by exiting to "NEXT".

  In the authentication data transmission process (step S140), the authentication data management device 20 transmits the authentication data to the gate management device 40 using the NW communication unit 23. At this time, the authentication data may be transmitted as it is, or may be transmitted after some encryption. The authentication data management device 20 transmits the authentication data to the gate management device 40 corresponding to the gate device 49 provided at the end of the passage 11 where the detection unit 31 that has transmitted the specific data exists. If there are a plurality of gate devices ahead of the passage 11, authentication data is transmitted to a gate management device corresponding to the plurality of gate devices.

  Upon receiving the authentication data, the gate management device 40 executes gate management preprocessing (FIG. 2). The reason why it is called “pre-processing” is that the passer-by PS has not yet reached the gate device 49 at this point. The gate management device 40 performs processing for receiving the authentication data transmitted from the authentication data management device 20 via the network NW (step S200). Specifically, authentication data is extracted from a packet received by the authentication unit 43 via the network NW and stored in a register or the like of the CPU.

  Subsequently, the authentication unit 43 of the gate management device 40 stores this authentication data in the RAM 44. At the time of storage, the authentication unit 43 first determines whether or not the storage capacity of the RAM is insufficient (step S210). As described above, the capacity of the RAM 44 is only about 1/10 to 1/5 of the capacity MV that stores all authentication data. Each time the passer-by PS passes the detection unit 31, if there is authentication data of the passer-by PS, authentication data is sent from the authentication data management device 20, which is sequentially stored in the RAM 44. If so, the capacity of the RAM 44 will eventually become insufficient.

  Therefore, in step S210, it is determined whether the storage capacity of the RAM 44 is insufficient with the authentication data received by the authentication unit 43 in the register (step S210). If the capacity is insufficient, the authentication data is stored in the RAM 44. After deleting a part of the data (step S220), the authentication data is stored in the RAM 44 (step S230). If the storage capacity of the RAM 44 is not insufficient, the data is not partially erased, the authentication data is stored in the RAM 44 as it is, the process goes to “NEXT”, and the gate management preprocessing is terminated.

  The process of partially erasing data in step S220 is performed as follows. An area for storing authentication data is predetermined in the RAM 44, and a tail pointer indicating the position where the authentication data is stored last is managed. The tail pointer advances its position by one each time new authentication data is written. When the end pointer reaches the end of the predetermined storage area, the end pointer is moved to the beginning of the predetermined storage area, and new authentication data is stored there. By doing so, the oldest written authentication data is overwritten with new authentication data in order. Of course, a FIFO stack may be provided, this stack pointer may be managed, and when the stacker becomes full, new authentication data may be stored after reading out the first entered data. Note that the gate management device 40 determines whether or not the storage capacity of the RAM 44 is insufficient at a timing before receiving the authentication data. You may be made to wait for transmission. In this case, the authentication data can be received and stored in the RAM 44 at the same time.

  The gate management device 40 that has completed the gate management preprocessing described above stores the authentication data of the pass-through person PS that is passing the passage 11 and is approaching the gate device 49. The gate management device 40 starts the gate management process shown in FIG. 4 when the passer-by PS passes the passage 11 and approaches the gate management device 40. The passer-by PS who intends to pass through the gate device 49 holds the authentication object 35 over the reading unit 41 to read the ID, which is authentication information recorded in the authentication object 35. In the first embodiment, an ID card using RFID is assumed as the authentication object 35, and the reading unit 41 performs near field communication, and authentication information is obtained from the RFID built in the authentication object 35. Is read (step S300).

  Next, the authentication unit 43 of the gate management device 40 performs processing for checking the read ID (authentication information) with the authentication data stored in the RAM 44 (step S310). If there is authentication data that matches the ID read by the reading unit 41 (step S320), a process of unlocking the gate device 49 is performed (step S330). Specifically, the gate management device 40 outputs a drive signal to the gate drive unit 48 via the output unit 46, operates the gate device 49, and permits the pass-through person PS to pass. In the present embodiment, the gate device 49 is normally closed, and is a type that is opened when a drive signal is output from the output unit 46 to the gate drive unit 48. Of course, the gate device 49 may be normally opened, and when the passerby PS passes, if there is no match with the authentication data, the gate device 49 may be driven to close. Further, the door of the gate device 49 may be automatically opened, or only the lock is released, and the door itself may be opened by the passerby PS.

  If “NO” in the determination of step S320, that is, if no match is obtained by comparing with the authentication data, an inquiry is made to the authentication data management device 20 (step S340). This is because not all people who intend to pass through the gate device 49 through the passage 11 have previously registered specific data. This is because there are also visitors in the facility LB, and even if the authentication object 35 in which the ID corresponding to the authentication data is recorded in advance is prepared, the transmission device 32 may not be prepared. In such a case, the gate management device 40 has not received the authentication data from the authentication data management device 20 in advance (FIG. 2, Step S130: “NO”). In such a case, an inquiry is made as to whether authentication data corresponding to the ID read by the reading unit 41 from the authentication object 35 exists in the authentication data management apparatus 20.

  If no match is obtained as a result of the inquiry, the process proceeds to an authentication error notification process (step S385) described later. On the other hand, if there is a match with the authentication data (step S350: “YES”), the process proceeds to step S330 described above, and the gate unlocking process is executed. If there is a match with the authentication data, the authentication data itself may be transmitted to the gate management device 40 and stored in the RAM 44, or the authentication process may be performed on the authentication data management device 20 side, and the authentication data is stored in the RAM 44. It is good also as what is not memorize | stored in. In the former case, there is a high possibility that the authentication data is stored in the gate management device 40 when the visitor or the like leaves, and authentication becomes easy when leaving. In the latter case, the storage capacity of the RAM 44 is not consumed.

  After performing the unlocking process of the gate (step S330), the gate management device 40 confirms whether the passer-by PS is passed within a predetermined time (steps S360 and S370). Passing of the pass-through person PS is performed by a human sensor (not shown) provided in the gate device 49. If the passage of the passer-by PS is confirmed within a predetermined time (step S370: “NO”, S360: “YES”), a passage process is performed (step S390). This passage process is a process of setting the gate device 49 in a locked state and notifying the authentication data management device 20 of the passage of the passage requester PS, assuming that the passage requester PS has passed the gate device 49.

  On the other hand, if the predetermined time has passed without the passage of the passer-by person PS being detected (step S360: “NO”, S370: “YES”), it is determined that some error has occurred, and the gate drive unit 48 is first driven. A signal is output to perform a locking process for locking the gate device 49 (step S380), and then a process for notifying an authentication error (step S385). In the authentication error process, it is confirmed that the person who wishes to pass the ID read by the reading unit 41 does not pass through the corresponding gate device 49 within a predetermined time, or there is no authentication data corresponding to the ID. This is a process of notifying outside. The outside includes lighting of a warning lamp in the gate management device 40, ringing of a buzzer, etc., and transmission of information regarding the passer-by person PS to the authentication data management device 20.

  After one of the above-described pass processing (step S390) or authentication error notification processing (step S385), the process exits to “NEXT” and ends this gate management processing.

  According to the authentication system 10 of the first embodiment described above, the authentication data management device 20 secures the storage capacity MV necessary for storing authentication data for people who require authentication in the entire facility LB. The gate management devices 40 to 70 need only have a smaller capacity, for example, a storage capacity mv of about 1/10 to 1/5 of the capacity MV. Since the gate management devices 40 to 70 prepare in advance the authentication data for the passer-by PS who intends to pass through the gate devices 49 to 79 in the RAM 44 having a small storage capacity, the gate management devices 40 to 70 can pass most of the traffic even with a small storage capacity The authentication of the person PS can be completed by the authentication data stored by himself / herself. Therefore, it is not possible to wait for the passerby PS who is going to pass through the gate devices 49 to 79. For this reason, it becomes difficult for the flow of people in the gate devices 49 to 79 to be hindered.

  Further, when authentication data exceeding the capacity of the RAM 44 is accumulated, old data is sequentially overwritten with authentication data corresponding to the specific data detected and specified by the detection unit 31. Since the authentication data to be overwritten is likely to have been used because the passer-by PS has already passed, the authentication process can be performed without any problem even if the capacity of the RAM 44 is small. When erasing data (FIG. 2, step S220), if it is unused authentication data, the data may be skipped and the end pointer may be advanced. Such simple processing can prevent unused authentication data from being erased. In this way, since the authentication data of the desired passer-by PS that has passed through remains in the gate management devices 40 to 90, the same passer-by PS passes through the gate device and exits unless it is deleted due to capacity restrictions. Authentication can be easily performed. Therefore, for example, it is assumed that there are many cases where the passer-by PS can leave the gate management devices 40 to 90 even when the power source on the data management device 20 side is lost or the network NW cannot be used. The

  Further, in the authentication system 10 of this embodiment, when the authentication data is not obtained in the gate management pre-process (FIG. 2), an inquiry is individually made to the authentication data management device 20 (FIG. 4, step). Therefore, even if the passer-by PS does not carry the transmission device 32 or the like, the gate management devices 40 to 70 can be authenticated and the gate devices 49 to 79 can be unlocked / locked.

<Modification of First Embodiment>
Several modifications of the first embodiment will be described. These modifications are different from each other in the processing of each device in the system configuration of the authentication system 10 shown in FIG. Of course, the system configuration may not be the same as that of the authentication system 10.

  FIG. 5 shows another example of the authentication data management process performed by the authentication data management apparatus 20 shown in FIG. In this process, the detection unit 31 receives specific data by a beacon or the like from the transmission device 32 carried by the passer-by person PS, but this specific data does not uniquely specify the passer-by person PS, but the passer-by. This specifies the department to which the PS belongs. In other words, one department or more belongs to one or more (usually a plurality) passers PS, and the detection unit 31 receives the same specific data for the passers PS.

  The detection unit 31 transmits this specific data to the authentication data management device 20. Upon receiving this specific data specifying the department to which the data belongs, the authentication data management apparatus 20 checks whether the authentication data of the department to which the department belongs is stored in the storage unit 25 (step S115), and the authentication data of the department to which the data belongs. If there is, the authentication data of all departments is transmitted to the gate management device 40 (step S116). As a result, the authentication data of all the departments to which the desired person PS belongs is transmitted to the gate management apparatus 40 in addition to the authentication data of the desired person PS that has passed through the passage 11 and issued a beacon by the transmitting device 32. It is stored in the RAM 44.

  Even in such a modification, each gate management device 40 to 70 is prepared by the RAM 44 having a small storage capacity with respect to the capacity MV necessary for the authentication data of the users of the entire facility LB, and the gate management devices 40 to 70 are configured. The passer-by PS can be authenticated without inquiring the authentication data management device 20 one by one. Such a configuration is particularly suitable when the gate devices 49 to 79 passing through each department are biased to some extent. For example, in the case of a factory or the like, there are many cases where gate devices to be used are determined to some extent for each production department. In such a case, since most of the authentication data necessary for authentication can be transmitted by one transmission, the number of times of communication via the network NW can be reduced.

  FIG. 6 is a flowchart showing an authentication data management process as another modification of the first embodiment. In this example, the detection unit 31 does not receive a beacon or the like from a specific device such as the transmission device 32 but is prepared as a camera that captures the face or the whole body of the passerby PS. The detection unit 31 performs image recognition from the captured face or whole body of the person who wants to pass PS, and accepts the recognized feature amount as specific data (step S107).

  In order to extract a facial feature amount from an image captured by a camera, for example, a “Viola-Jones method” or the like may be used. When extracting from a whole-body image, human recognition may be performed and simple parameters such as height and width may be used as a feature.

  The feature quantity obtained in this way is transmitted from the detection unit 31 to the authentication data management apparatus 20, and the authentication data management apparatus 20 receives such feature quantity as specific data (step S117). The authentication data management device 20 searches the authentication data stored in the storage unit 25 in advance using the feature quantity as an index (step S118). One piece of authentication data associated with the feature quantity closest to the feature quantity extracted from the received face-to-pass PS image of the face or whole body, or a plurality of features having values close to the feature quantity obtained from the pass-through person PS The authentication data is searched and the corresponding authentication data is transmitted to the gate management devices 40 to 70 (step S119).

  According to the authentication system 10, the passer-by person PS does not need to carry a device such as the transmission device 32. The authentication data management device 20 stores the feature quantity extracted from the face or whole body image of the person who wants to pass and the authentication data in association with each other, so that the person who wants to pass passes through the passage 11 and detects it. By performing imaging of the face or the whole body by the unit 31, authentication data of a person who passes through the passage 11 and approaches the gate device 49 can be prepared in advance in the corresponding gate management device 40. Therefore, the storage capacity mv of the RAM 44 in the gate management device 40 can be significantly reduced from the capacity MV for storing authentication data necessary for authenticating all users of the entire facility LB.

  In this case, if face recognition or whole body image recognition is performed by deep learning using a multi-stage neural network, the accuracy of the feature quantity obtained by the recognition is low at first, and it is determined in step S119 for one passer-by PS. Even if the authentication data to be transmitted is for a large number of people, the recognition rate is gradually improved, and it becomes possible to reduce the number of authentication data that are deemed relevant by the search.

  Next, still another modification of the first embodiment will be described with reference to FIG. In this example, it is assumed that the person who wants to pass through the vehicle passes through one of the gate devices 49 to 79 using the above-described mechanism and enters the facility LB. FIG. 7 shows the pass processing (steps S500 and S510) by the gate management devices 40 and 50 of the gate through which the passer wants to pass PS and the distribution of the authentication data management device 20 that operates in response to the signal from the gate management device 80. The processing (steps S400 and 410) and the reception processing (steps S200 to S230) of the other gate management devices 80 and 90 are shown together. The processing of the other gate management devices 80 and 90 is the same as the processing of the gate management device 40 described with reference to FIG. 2 and is therefore indicated using the same reference numerals S200 to S230.

  As shown in FIG. 1, a person who passes through the gate device 49 or 59 and enters the passage 12 inside the facility LB can enter the room 13 or 14 through the gate device 89 or 99. Therefore, the gate management device 40 that manages the gate device 49 and the gate management device 50 that manages the gate device 59 lock the gate when the passer-by person PS passes the gate devices 49 and 59 (step S500). The data management device 20 is notified of the ID of the person who wishes to pass through the gate (step S510).

  The authentication data management device 20 receives the ID of the person who wishes to pass through the gate via the network NW (step S400). Since the authentication data management device 20 knows in advance the arrangement of the entire gate device of the facility LB, when receiving the ID of the pass-through candidate PS from the gate-management device through which the pass-through applicant PS has passed, this pass-through request is received. The gate through which the person PS can pass is specified, and the authentication data of the person who wants to pass is transmitted to the gate management apparatus of the gate, in this example, the gate management apparatuses 80 and 90 (step S410).

  When receiving the authentication data (step S200), the gate management devices 80 and 90 delete a part of the data if the RAM storage capacity is insufficient (steps S210 and S220). Is stored in the RAM (step S230).

  That is, in this modified example, for the gate management devices 80 and 90 existing inside the facility LB, the gate management devices 40 to 70 installed at the place where the facility LB enters, as if detecting a beacon from the transmission device 32. It will behave like the detection part 31 to do. As a result, the gate management devices 80 and 90 receive the authentication data necessary for authentication of the passer-by PS before the passer-by PS tries to pass through the gate devices 89 and 99, and pass the passer-by PS. Can be prepared. Therefore, as with the first embodiment described above, only by providing a RAM with a small storage capacity, it is possible to authenticate the passer-by person PS without inquiring the authentication data management device 20 one by one without delay.

  In the above modified example, it is assumed that the authentication data is transmitted to the internal gate management devices 80 and 90 when the passer wants to pass through the gate management devices 40 to 70 provided at the entrance of the facility LB. As described above, the relationship between the gate management devices need not be limited to this. For example, if the passage 12 and the passage 18 are connected, the gate management devices 60 and 70 that can pass the authentication data from the passage 18 when the passing person PS passes through the gate devices 49 and 59. It is also possible to configure to transmit to. Of course, the same applies to the inside of the facility.

  In this way, when the passer-by PS reaches the gate management device inside the facility, the passer-by PS that can reach the gate device is known by the authentication system 10. Therefore, not only can the user who wishes to pass through the gate management apparatus be easily authenticated, but also the security of the authentication system 10 can be enhanced. For example, if the authentication data of the person who wishes to pass the gate management apparatus 80 for authentication is not transmitted to the gate management apparatus 80 up to that point, the person who wants to pass the PS sends the facility LB to the facility LB. It means that none of the gate devices 49 to 79 that have entered pass through. Accordingly, such a passer-by PS is an improper intruder, or a person who has forged the authentication object 35 or the like and impersonated another passer-by PS, and unlocks the gate device. In addition to not doing so, it is possible to notify the security center etc. and encourage the response.

  Also, different security levels may be set in areas inside the facility. In this case, when a person with a certain security level enters the facility LB, the authentication data is transmitted only to the gate management apparatus in the security level room that the person enters, and the gate management apparatus in the room with a higher security level includes: The authentication data should not be transmitted.

  In the first embodiment, the facility LB is assumed to be a facility such as a company, a factory, or a laboratory. However, it is possible to detect the visit of the passerby PS by using the detection unit 31. For example, it can be applied to other types of facilities. For example, in the case of trains, subways, etc., the settlement is performed using a traffic IC card with built-in RFID at the ticket gate, but a detection unit is provided at the gate on the home side when getting off the vehicle, and a beacon is sent from the person getting off If it is received and the authentication data of the traffic IC card of the person is transmitted in advance to the gate device at the ticket gate, every time the person with the traffic IC card passes the ticket gate, There is no need to communicate with the authentication data management device of the management center that manages the traffic IC card. In the case of a person who is going to get on, if a beacon is received by providing a detection unit at the entrance of a station, an underground passage of a subway, or the like, the same operation can be performed.

B. Second embodiment:
<Device configuration>
Next, a second embodiment of the present invention will be described. FIG. 8 is a schematic configuration diagram showing the configuration of the authentication system 100 as the second embodiment. The authentication system 100 according to the second embodiment is the same as the authentication system 10 according to the first embodiment except that the gate management devices 40 to 70 do not have the detection unit 31. Since the detection unit 31 does not exist, the authentication data management device 120 corresponding to the authentication data management device 20 of the first embodiment does not have a data reception unit, and is provided with a transmission start unit 121 instead. The other configuration of the authentication data management device 120 is the same as that of the first embodiment, and includes a transmission unit 22, an NW communication unit 23, and a storage unit 25. Further, since the gate management device and the gate device constituting the authentication system 100 are the same as those in the first embodiment, the same reference numerals are given. In the second and subsequent embodiments, the authentication object 35 is not shown, but the pass-through person PS is carrying the authentication object 35 as in the first embodiment.

<Authentication process>
An authentication process according to the second embodiment will be described with reference to FIG. FIG. 9 is a flowchart showing both authentication data management processing executed by the authentication data management device 120 and gate management pre-processing executed by the gate management devices 40 to 90. The authentication data management device 120 repeatedly executes the authentication data management process shown in FIG. 9 at predetermined intervals.

When this process is started, the authentication data management apparatus 120 first determines whether a predetermined condition is satisfied (step S600). Whether the predetermined condition is satisfied is determined by the transmission start unit 121. In the second embodiment, the transmission start unit 121 determines that a predetermined condition is satisfied when a predetermined time is reached. In this embodiment, the predetermined time is
(A) Time A 10 minutes before the time set as the time at which employees can go to the facility LB (the time at which each gate device 49-79 is allowed to pass),
(B) Thereafter, the time B every 10 minutes until the time b set as the end time of the attendance time,
(C) Time C, which is 10 minutes before the time set for leaving the employee of the facility LB,
(D) Thereafter, a time D every 30 minutes until a final leaving time (time when the gate devices 49 to 79 of the facility LB are closed) d,
It is determined that the predetermined condition is satisfied.

  Subsequently, the authentication data management apparatus 120 searches the authentication data stored in the storage unit 25 for authentication data that satisfies the condition (step S610). In the second embodiment, the authentication data is managed by being grouped for each average time of employee attendance at the facility LB. When the above conditions (A) to (D) are satisfied, search for authentication data of a group of employees who reach an average attendance time immediately after the conditions are satisfied, and transmit the corresponding authentication data. (Step S620). At this time, the authentication data management device 120 may transmit the authentication data corresponding to all the gate management devices 40 to 70, and further manage the information of the gate device normally used for each employee. Authentication data to be transmitted may be transmitted separately for each normally used gate device.

  The gate management devices 40 to 70 that have received the transmission of the authentication data execute the gate management pre-processing (steps S200 to S230). Since this processing is the same as that already described in the first embodiment, a detailed description will be given. Omitted. Moreover, the gate management which the pass-through person PS who is an employee approaches the gate management apparatuses 40-70, reads the authentication target object 35 using the reading parts 41-71, and controls the gate apparatuses 49-79. Since the process (FIG. 4) is the same, the description thereof is also omitted.

  In the authentication system 100 as the second embodiment described above, a part of the authentication data managed by the authentication data management device 120 is transmitted to the gate management devices 40 to 70 with time as a trigger. Accordingly, the gate management devices 40 to 70 can smoothly authenticate the pass-through person PS only by including a RAM having a capacity that is a fraction of the capacity MV of all authentication data. Of course, not all employees pass through the gate devices 49 to 79 at the same time, so in some cases, the authentication data of the person who wants to pass is sent to the gate management devices 40 to 70. It is possible that the data is not stored in the RAM 44. In that case, the authentication data management device 120 is inquired and authenticated (FIG. 4, step S340). However, the frequency of the necessity is low, and the gate device 49-79 has a problem in passing the person who wants to pass. It is easy to make it less than moderate.

<Modification of Second Embodiment>
Several modifications of the second embodiment will be described. In the second embodiment, the establishment of the predetermined condition is determined in accordance with the employee's attendance / leaving time at the facility LB. However, depending on the relationship with the facility and the nature of the facility, etc. It is possible to judge. For example, in the case of an employee, the timing of sending a part of the authentication data can be set according to the average time of attendance and leaving, but in the case of a visitor, a part of all the authentication data of all prospective visitors of the day is visited. What is necessary is just to make it transmit to a gate management apparatus according to scheduled time. The visit schedule of a visitor can also be set from the reservation time etc. of a meeting room.

  Regarding the nature of the facility, in the case of a hotel or amusement facility, ask the scheduled visit time in advance, and part of all authentication data prepared for the scheduled visitor on the day according to the scheduled visit time of the reserved person To the gate management device. In addition, when there is a specific subgroup (class, seminar) in a facility, such as a school, prep school, training facility, etc., events (classes, seminars), etc. for that subgroup The authentication data (a part of all the authentication data) of persons belonging to the subgroup may be transmitted to the gate device and stored at the scheduled start / end time. In this case, at least regarding the end of the event, it may be determined that the predetermined condition is satisfied (FIG. 9, step S600) not by the scheduled time but by the event of the actual end.

C. Third embodiment:
In combination with the first and second embodiments and various modifications, the following processing can be performed on the gate management device side. FIG. 10 is a flowchart showing data deletion processing performed in the gate management apparatus. Each gate management apparatus 40-90 repeatedly performs the process shown in FIG. 10 at a predetermined interval. When this process is started, it is first determined whether or not an authentication data deletion condition is satisfied (step S650). Since the capacity of the RAM 44 built in the gate management devices 40 to 90 is small, if the storage capacity is insufficient when receiving the authentication data from the authentication data management devices 20 and 120, the data is partially deleted. (For example, steps S210 and S220 in FIGS. 2, 7, and 9).

On the other hand, in the data deletion process shown in FIG. 10, it is determined that the authentication data can be deleted at a timing different from the reception of the authentication data. Specifically, it is determined that the deletion condition is satisfied in the following two cases.
(A) Individual deletion: When a person who wishes to pass through the gate devices 49 to 99 passes the same gate devices 49 to 99 in the reverse direction.
(Ii) Collective deletion: When the normal use time of the facility LB ends or when all passers-by PS entering the facility LB leave.
If these conditions are established, it is determined that the deletion condition for the authentication data is satisfied.

  In addition, if it is determined that the (a) individual deletion condition is satisfied, a process for deleting the corresponding authentication data of all passers-by PS from the RAM 44 is performed (step S660). When the authentication data is deleted, the area (address) where the deleted authentication data is stored is stored as a free area in a pointer or the like, and the authentication data is transmitted later from the authentication data management device 20, 120 In addition, an empty area may be searched and used by using this pointer as a clue. Of course, when the authentication data is deleted, the data may be moved so as to fill the empty area.

  On the other hand, if it is determined that the (ii) collective deletion condition is satisfied, the authentication data stored in the RAM 44 is collectively deleted (step S670), and then the gate devices 49 to 99 are closed. Is performed (step S680). Due to the closing process, subsequent passage of the gate devices 49 to 99 becomes impossible. In a general facility, in such a case, employees who remain until after the use time of the facility LB is withdrawn from a manned security center or the like. In this case, since the authentication data management devices 20 and 120 can recognize employees who have not left the facility LB, a list of employees who should remain for the purpose of checking the exit at the security center or the like. Etc. may be provided.

In the above embodiment, the deletion of the authentication data has been described in two cases. However, the authentication data may be deleted when various conditions other than this are satisfied. For example,
(Iii) Passage applicant PS receives authentication by any of the gate management devices 40 to 70 and passes through any of the gate devices 49 to 79, and then receives authentication by any of the gate management devices 40 to 70 Authentication data of a person who wants to pass, which is stored in the gate management device 40 to 70 of the gate that has passed first when passing again through any one of the gates;
(E) Passage applicant PS receives authentication by any of the gate management devices 40 to 90 and passes through any of the gate devices 49 to 99, or transmits authentication data from the authentication data management devices 20 and 120. The authentication data of the person who wants to pass PS when the time equal to or longer than the data retention time, which is a predetermined time, has passed,
(O) It is also possible to specify authentication data and delete the authentication data, etc. when the administrator gives a deletion instruction. Such a deletion process corresponds to a subordinate concept of the deletion unit.

D. Fourth embodiment:
Next, a fourth embodiment of the present invention will be described. As shown in FIG. 11, the authentication system 200 according to the fourth embodiment includes an authentication data management device 220 and a plurality of gate management devices 40 to 90. The authentication data management device 220 of the fourth embodiment has almost the same configuration as the authentication data management device 20 of the first embodiment, but the signal received by the data reception unit 21 is replaced with the detection unit 31A instead of the detection unit 31. It is different in that it is sent from. In the fourth embodiment, the detection unit 31A is not provided in the specific passage 11, but is provided as a whole facility LB so as to receive a signal from the transmission device. Therefore, for example, as illustrated in FIG. 11, the detection unit 31A includes a transmission device 32a possessed by the passer-by person PS1 passing through the passage 11, a transmission device 31ba possessed by the passer-by person PS2 passing through the passage 15, All signals are received from the transmission device 31c and the like possessed by the passer-by person PS3 passing through the passage 16, and transmitted to the data reception unit 21 of the authentication data management device 220. In the fourth embodiment, the transmitting devices 32a, 32b, 32c, and the like are assumed to be mobile terminals such as mobile phones with a built-in GPS function. Passengers who wish to pass, such as PS1, PS2, PS3, etc., install an application dedicated to entry in advance in the transmitting devices 32a, 32b, 32c, etc. such as mobile phones, and activate that application when entering the facility LB. Shall.

  FIG. 12 is a flowchart showing a transmission device process executed by the transmission device 32a and the like, and an authentication data management process executed by the authentication data management device 220. When the person who wants to pass PS1 who has the transmission device 32a enters the passage 11 and starts an application built in the transmission device 32a, the transmission device 32a acquires the current position data using the built-in GPS ( Step S700). The transmitting device 32a transmits a signal including the position data and the specific data (step S705). This process corresponds to the process (step S100) of receiving specific data from the person who wants to pass in the first embodiment (FIG. 2). However, in the present embodiment, a signal including specific data and position data from the transmission device 32a is detected by the detection unit 31A and sent to the data reception unit 21 of the authentication data management device 220. A signal including these data output from the transmission device 32a to the detection unit 31A is transmitted using a beacon or wireless LAN function.

  When a signal including the specific data and the position data is sent via the detection unit 31A, the authentication data management device 220 performs a process of receiving this signal using the data reception unit 21 (step S710). Then, the specific data and the position data are read from the received signal (step S720). Subsequently, as in the first embodiment, it is searched whether authentication data corresponding to the specific data is stored in the storage unit 25 (step S730). If authentication data corresponding to the specific data is stored in the storage unit 25 (step S740), a pair of authentication data and position data, that is, both data are associated and stored in the history table HT (step S750). . The history table HT is stored in the storage unit 25. Subsequently, a process of transmitting the retrieved authentication data to at least one gate management device corresponding to the position data is performed (step S760).

  Here, in order to specify at least one gate management device corresponding to the position data, the table LG in which the correspondence relationship between the position data and the gate management devices 40 to 90 is registered is referred to. This table LG is created in advance and stored in the storage device 25. By referring to this table LG, the gate management device corresponding to the position data can be specified. If the accuracy of the position data is low, two or more gate management devices may be specified and the same data may be transmitted to both. Therefore, based on the signal received from the transmission device 32a by the process of step S760, at least one gate management device to which the passer-by PS1 who has the transmission device 32a will pass from the position of the transmission device 32a. Further, it is possible to identify the gate management devices 40 to 90 and transmit in advance the authentication data of the person who wants to pass PS1 who owns the transmission device 32a to the gate management device. The gate management device that has received the authentication data performs the gate management pre-processing shown in FIG. 2, the gate management processing shown in FIG.

  If there is no corresponding authentication data in the storage unit 25 in step S740, nothing is performed and the process is terminated by exiting to "NEXT". Accordingly, in this case, the storage process in the history table HT (step S750), the transmission of authentication data to the gate management apparatus (step S760), etc. are not performed.

  According to the fourth embodiment described above, the effects similar to those of the first embodiment can be obtained, and the transmitting devices 32a to 32c possessed by the passers PS1 to PS3 can specify their own positions. Since the position data is transmitted to the authentication data management apparatus 220 together with the specific data, it is not necessary to provide the detection unit 31A for each passage. Since the correspondence relationship between the position data and the gate management device is known in advance, it can be easily known to which gate management device the authentication data is transmitted by referring to the table LG storing the correspondence relationship. it can.

  In the fourth embodiment, the position of the person who wants to pass PS1 and the like is specified using the GPS function built in the transmitter 32a and the like possessed by the person who wants to pass PS1 and the like. It need not be limited to GPS. For example, an application such as the oscillation device 32a may display a plan view of the facility LB on the screen, and the person who wants to pass PS1 may specify the location by tapping his / her position on the plan view of the facility LB. Alternatively, the position may be specified by receiving a unique signal from the beacon oscillator provided in each passage by the oscillation device 32a or the like. According to these methods, it is possible to use the oscillation device 32a or the like that does not have a GPS function, and it is also possible to specify the position with high accuracy from the GPS.

  In the fourth embodiment described above, in step S750, the searched combination of authentication data and position data is stored in the history table HT. If authentication data and position data are stored in the history table HT, the correspondence relationship between the authentication data and position data can be examined by analyzing this table later. However, this process is not necessarily required for the process itself of the fourth embodiment. This history table HT is used in the fifth embodiment described below.

E. Fifth embodiment:
Next, a fifth embodiment of the present invention will be described. The authentication system 200 of the fifth embodiment includes the same hardware configuration (see FIG. 11) as that of the fourth embodiment, and a part of the authentication data management process is different. The authentication data management process in the fifth embodiment is shown in FIG. The authentication data management process shown in FIG. 13 differs from the fourth embodiment in that steps S725 and S727 are added.

  In the fifth embodiment, as in the fourth embodiment, the specific data and the position data are read from the signal received from the transmitting device 32a or the like (step S720). At this time, it is determined whether the specific data is damaged (step S720). Step S725). The signal from the transmitting device 32a and the like includes specific data and position data. However, signal transmission performed via radio or wire may cause data corruption. Of course, redundant signals and error correction signals are added to signal transmission, and errors within a certain range can be corrected. If an error is detected, techniques such as packet retransmission are widely used. ing. However, even with such a process for ensuring reliability, it is difficult to completely avoid data corruption. For example, if the specific data is damaged by the transmitting device 32a or the like before the signal transmission, the erroneous specific data is transmitted as it is. In this case, signal transmission error detection does not work.

  If the specific data read from the received signal is damaged, a process of reading all authentication data corresponding to the position data from the history table HT is performed (step S727). Thereafter, the process proceeds to step S760, and authentication data is transmitted to the gate management apparatus corresponding to the position data. The identification of the gate management device in step S760 is performed in the same manner as in the fourth embodiment.

  In the fifth embodiment in which such processing is performed, when specific data included in a signal received from the transmission device 32a or the like cannot be read accurately due to damage or the like, position data that is another data included in the signal is used. Then, the past authentication data stored in association with the position data is read from the history table HT and transmitted to at least one gate management device corresponding to the position data. Accordingly, when the pass-through person PS1 or the like whose authentication data is registered in the history table HT requests authentication by the gate management device 40 or the like, the authentication can be easily performed using the transmitted authentication data. it can. Of course, in this case, since the specific data is damaged and not specified, there is a possibility that the passer-by person PS1 or the like is a completely new passer-by. However, in the case of a person who desires to pass through the gate device corresponding to the gate management device once, the authentication data has arrived and it is easy to perform the authentication. If the authentication data of the person who wishes to pass is not delivered in advance, the authentication data management device 220 is individually processed by the processing on the gate management device side shown in the first embodiment (for example, step S340 in FIG. 4). The authentication data may be queried and the authentication process executed.

F. Other embodiments:
In addition to the first to fifth embodiments described above, an authentication system for updating authentication data may be provided as another embodiment. In each embodiment described above, authentication data to be authenticated is managed by the data management devices 20, 120, and 220. Accordingly, the authentication data may be updated with respect to the authentication data stored in the storage unit 25 of the authentication data management device 20, 120, 220. If the authentication data is updated after the gate devices 49 to 99 of the facility are closed, when the operation of each gate management device 40 to 90 is started next, a part of the updated authentication data is necessary. Accordingly, since the data is transmitted to each of the gate management devices 40 to 90, data inconsistency associated with authentication does not occur.

  Further, when it becomes necessary to update the authentication data during operation of the authentication system 10, 100, 200 due to a security requirement, it is first stored in the storage unit 25 of the authentication data management device 20, 120, 220. The authentication data is updated, and then the authentication data stored in the RAM 44 of each of the gate management devices 40 to 90 may be deleted once. In this case, the authentication data stored in the RAM 44 of each of the gate management devices 40 to 90 is temporarily lost. However, in the authentication system 10 of the first, fourth, and fifth embodiments, the specific data of the passer-by person PS is stored. Each time it is received via the detection unit 31, the corresponding authentication data is sequentially stored in the corresponding gate management devices 40 to 70, so that the authentication in the gate management devices 40 to 70 can be performed reliably and quickly. .

  When performing update processing in the second embodiment, even if the authentication data stored in the RAM 44 of each of the gate management devices 40 to 70 is once deleted for update, the times A to D of the conditions (A) to (D) , The authentication data corresponding to the condition is transmitted to the gate management devices 40 to 70 and stored in the RAM 44, so that it is possible to authenticate the person who wants to pass through the gate management devices 40 to 70 without delay.

  Although several embodiments and modifications of the present invention have been described above, the present invention is not limited to these embodiments and modifications, and various forms are possible without departing from the scope of the invention. Of course, it can be implemented. First, it can be said that each of the above embodiments is not only implemented as an authentication system but also implemented as an authentication method. In the first embodiment, the specific data may be transmitted using Bluetooth (registered trademark) or a wireless LAN instead of the beacon transmitted by the transmission device 32. Further, the reading of the authentication information of the person who wants to pass PS by the reading unit 41 or the like may be performed by a fingerprint, a voice print, an iris pattern, a retina pattern, a vein pattern, or the like, instead of using an ID card. If such biometric authentication is used, an individual can be reliably identified. Alternatively, a specific code may be sent as authentication information to the reading unit by infrared communication or the like from a mobile phone or the like carried by the person who wants to pass, and authentication may be performed using this code. Further, the one-dimensional or two-dimensional barcode may be displayed on the screen of the mobile phone and read by the reading unit 41 to obtain the authentication information.

  In this specification, elements other than those specified as essential requirements can be excluded as elements constituting the invention. In addition, various elements described in the present specification can be understood as an invention alone or in combination as long as at least a part of the problem can be solved, and can be described in the claims.

DESCRIPTION OF SYMBOLS 10 ... Authentication system 11, 12, 15-18 ... Passage 13, 14 ... Room 20 ... Authentication data management apparatus 21 ... Data reception part 22 ... Transmission part 23 ... NW communication part 25 ... Storage part 31 ... Detection part 32, 32a, 32b, 32c ... transmitting device 35 ... authentication object 40-90 ... gate management device 41 ... reading unit 43 ... authentication unit 44 ... RAM
45 ... Input unit 46 ... Output unit 48 ... Gate drive unit 49-99 ... Gate device 100 ... Authentication system 120 ... Authentication data management device 121 ... Transmission start unit 200 ... Authentication system 220 ... Authentication data management device LB ... Facility NW ... Network PS, PS1, PS2, PS3 ... Passers

Claims (13)

An authentication system comprising a gate management device provided in each of a plurality of gates, and an authentication data management device connected to the gate management device,
The authentication data management device includes:
A storage unit for storing a plurality of authentication data for authenticating a person who wants to pass through the gate;
A transmission unit that transmits a part of the plurality of authentication data stored in the storage unit to the gate management device when a predetermined condition is satisfied prior to the authentication of the person who wants to pass And
The gate management device
A partial data storage unit for storing the partial authentication data transmitted from the authentication data management device;
A reading unit for reading the authentication information provided by the person who wants to pass;
An authentication system comprising: an authentication unit that authenticates the authentication information by comparing the read authentication information with the stored part of the authentication data. The authentication system according to claim 1,
The authentication data management device includes:
A data receiving unit for receiving, from the requester, specific data, which is data capable of specifying the passer-by, before the passerby reaches one of the plurality of gates;
When the specific data is received, assuming that the condition is satisfied, the transmitting unit extracts the authentication data of the person who wants to pass stored in the storage unit based on the specific data, and the extracted authentication data Is sent to the gate management device. The authentication system according to claim 2,
The data receiving unit of the authentication data management device receives the specific data by reading a signal from a transmitting device possessed by the person who wants to pass. An authentication system according to claim 3, wherein
The data reception unit of the authentication data management device reads the location information together with the specific data from the signal when the location information is included in the signal from the transmission device,
The transmission unit of the authentication data management device identifies at least one gate management device from among the gate management devices provided in each of the plurality of gates based on position information read from a signal from the transmission device And an authentication system for transmitting the authentication data to the identified gate management device. The authentication system according to claim 4,
The authentication data management device includes:
A history information storage unit that stores history information in which the location information and the authentication data are associated with each other when the person who wants to pass the transmission device that has transmitted the signal passes through the gate;
The data receiving unit tries to read the specific data and the position information from the signal,
When the position information can be read and the specific data cannot be read, the transmission unit refers to the history information and sends the read position information to at least one gate management device corresponding to the read position information. An authentication system for transmitting the authentication data associated with the authentication data. The authentication system according to claim 1,
The authentication data management device includes:
When the person who wants to pass passes one gate of the plurality of gates after receiving the authentication, passage data indicating that the person who wants to pass has passed the one gate is received from the gate management device. With a data receiver
When the passage data is received, assuming that the condition is satisfied, the transmission unit extracts the authentication data of the person who wants to pass stored in the storage unit based on the passage data, and the one gate is An authentication system that transmits the extracted authentication data to a gate management device of another gate that can be passed by a person who wants to pass. The authentication system according to claim 1,
The authentication data management device includes:
Assuming that the condition is satisfied when a predetermined time comes, the transmission unit has a possibility of passing through the gate within a predetermined period from the time among the authentication data stored in the storage unit. An authentication system for extracting authentication data of a person who wants to pass and transmitting the extracted authentication data to the gate management device. The authentication system according to any one of claims 1 to 7,
The reading unit includes, as the authentication information, information recorded on an ID card, biometric information such as a fingerprint, voice print, iris pattern, retinal pattern, vein pattern, etc. of a person who wants to pass through, a unique code transmitted from a portable terminal, a password An authentication system that reads at least one of the numbers.   The said gate management apparatus is provided with the deletion part which deletes the authentication data judged to be unnecessary among the said one part authentication data memorize | stored in the said partial data storage part. The authentication system described in the section. The authentication system according to claim 9, wherein the deletion unit includes:
[1] The person who wants to pass passes through one of the gates after being authenticated by one of the gate management devices, and then passes again through one of the gates after receiving authentication from one of the gate management devices. Authentication data of the person who wishes to pass in the gate management device of the gate that passed first,
[2] Either after the person who wants to pass is authenticated by one of the gate management devices and passes through any gate, or after receiving the transmission of the authentication data from the authentication data management device Then, the authentication data of the person who wants to pass when the time equal to or longer than the data holding time which is a predetermined time has passed,
[3] Authentication data stored in the partial data storage unit at a predetermined time [4] At least one of authentication data when the authentication data is specified and an deletion instruction is given by the operator An authentication system for determining that authentication data corresponding to one is not necessary. An authentication data management device connected to a gate management device provided in each of a plurality of gates,
A storage unit for storing a plurality of authentication data for authenticating a person who wants to pass through the gate;
When a part of the authentication data stored in the storage unit satisfies a predetermined condition prior to authentication of the passer-by in the gate management device, the gate management device An authentication data management device comprising: a transmission unit that transmits data to A gate management device provided in each of a plurality of gates,
From an authentication data management device that stores a plurality of authentication data for authenticating a person who wants to pass through the gate, prior to the authentication of the person who wants to pass, one of the stored plurality of authentication data Receiving unit for receiving the authentication data of the unit,
A partial data storage unit for storing the partial authentication data received from the authentication data management device, the partial data having a capacity capable of storing authentication data smaller than 1/5 of the plurality of authentication data A storage unit;
A reading unit for reading the authentication information provided by the person who wants to pass;
A gate management device comprising: an authentication unit that authenticates the authentication information by comparing the read authentication information with the stored part of the authentication data. Using a gate management device provided at each of the plurality of gates and an authentication data management device connected to the gate management device provided at the plurality of gates, the person who wants to pass the gate is authenticated. Authentication method,
Storing a plurality of authentication data for authenticating a person who wants to pass through the gate in the authentication data management device;
A part of the plurality of stored authentication data is transferred from the authentication data management device to the gate management device when the predetermined condition is satisfied prior to the authentication of the person who wants to pass. Send
Storing the partial authentication data transmitted from the authentication data management device in a partial data storage unit provided in the gate management device;
In the gate management device, read the authentication information provided by the person who wants to pass,
An authentication method for authenticating the authentication information by comparing the read authentication information with a part of the stored authentication data.

Images