JP2019169070A - User management system and user management method - Google Patents

Abstract

To allow an authorized user to efficiently prevent an office work rule violation which allows a third person to use an in-store device.SOLUTION: A management server includes: a user information acquisition unit 16a for acquiring a use state of a device and user information having user identification information to the device; a human flow information acquisition unit 16b for acquiring human flow information; a consistency determination unit 16c for determining consistency as to whether a user having use authority uses the device under a prescribed matching condition from the user information acquired by the user information acquisition unit 16a and the human flow information acquired by the human flow information acquisition unit; and an operation limit control unit 16d for limiting operation of the device in the case of determining the consistency determination unit 16c determines inconsistency by the consistency determination unit 16c.SELECTED DRAWING: Figure 4

Description

  The present invention provides a user management system capable of efficiently preventing violations of business rules that allow a third party to use various devices (hereinafter simply referred to as “in-store devices”) arranged in the store by authorized users. And a user management method.

  Conventionally, in a financial institution such as a bank, detailed rules regarding operations and operation of devices are set as office rules. These administrative rules are required to be strictly observed and are subject to audit by the audit department. For this reason, a system that supports the work in compliance with the business rules has been considered.

  For example, in Patent Document 1, when registering a user of various devices from a board terminal, the consistency with the business rules is confirmed. A business management system is disclosed that notifies a terminal and, when there is consistency, performs user registration and transmits information of a user who performs additional registration to a target device. By using this patent document 1, consistency between user registration and business rules can be ensured.

JP, 2006-042225, A

  However, for example, after a legitimate key user removes the key from the key management device, the key is delivered to another user who has not been registered and used by another user. We cannot cope with violations of administrative regulations such as

  Also, administrative regulations such as a user registered as a user handing his / her ID card to another user and using the ID card by another user (spoofing a legitimate user) Nor can they handle violations.

  In this way, even if the consistency between the user registration and the business rules is ensured, by passing the key or ID card, other users who have not been registered will be violated by the business rules. There is a problem that it can not cope.

  The present invention was made to solve the above-described problems of the prior art, and a user management system capable of efficiently preventing a violation of office rules that allows a legitimate user to use a device in a store by a third party. And to provide a user management method.

  In order to solve the above-described problems and achieve the object, the present invention provides a user information acquisition unit that acquires user information that can identify a use state of a predetermined in-store device and a user who uses the in-store device; Based on the user flow information acquisition means for acquiring the user flow information related to the user and the user information and the user flow information, it is determined whether or not the use of the in-store device by the user is consistent with a predetermined condition. And an operation restricting means for restricting the operation of the in-store device when it is determined that there is a mismatch.

  Also, in the present invention according to the above-mentioned invention, the predetermined condition includes a predetermined authority for the user who uses the in-store device and an action condition of the user before or after using the in-store device. It is characterized by that.

  In addition, the present invention is characterized in that, in the above-mentioned invention, the in-store device is a keyed device that requires locking and unlocking using a key.

  Further, the present invention is the above invention, wherein the in-store device is a cash management machine, and when the operation limiting means is determined to be inconsistent by the determination means, withdrawal of the cash management machine is stopped. It is characterized by performing.

  Further, the present invention is characterized in that in the above invention, an alert information output unit is further provided for outputting alert information when the determination unit determines that there is a mismatch.

  The present invention further includes a key management device that manages a key used for locking / unlocking the in-store device according to the above-described invention, wherein the operation restriction unit determines the determination when the key is returned to the key management device. If it is determined by the means that there is a mismatch, the key return process is completed on condition that the reason for the mismatch is input.

  Further, the present invention is characterized in that, in the above invention, the information processing apparatus further comprises a notification means for generating list information and notifying an administrator terminal when the determination means determines that there is an inconsistency.

  Further, the present invention provides a user information acquisition step for acquiring user information that can identify a use state of a predetermined in-store device and a user who uses the in-store device, and a human flow for acquiring human flow information relating to the user. An information acquisition step; a determination step for determining whether or not the use of the in-store device by the user is consistent with a predetermined condition based on the user information and the human flow information; and inconsistency by the determination step An operation restriction step for restricting the operation of the in-store device when it is determined that

  According to the present invention, it is possible to efficiently prevent violations of business rules that allow a legitimate user to use the in-store device by a third party.

FIG. 1 is a diagram illustrating an example of an in-store configuration in which a user management system according to the present embodiment is arranged. FIG. 2 is a functional block diagram showing the system configuration of the user management system. FIG. 3 is a functional block diagram showing the configuration of the mobile terminal. FIG. 4 is a functional block diagram showing the configuration of the management server. FIG. 5 is an external configuration diagram showing an external configuration of the teller machine. FIG. 6 is a functional block diagram showing the configuration of the teller machine. FIG. 7 is a diagram illustrating an example of business regulation information. FIG. 8 is a diagram illustrating an example of inconsistency list information. FIG. 9 is an explanatory diagram for explaining an example of inconsistency when a key is used and processing for handling inconsistency. FIG. 10 is an explanatory diagram for explaining a correspondence process of mismatch with another example of mismatch when using a key. FIG. 11 is a flowchart showing a user management processing procedure by the management server.

  Exemplary embodiments of a user management system and a user management method according to the present invention will be described below in detail with reference to the accompanying drawings. In the following embodiment, a case will be described in which the present invention is applied to user management of work at a bank sales office.

  FIG. 1 is a diagram illustrating an example of an in-store configuration in which a user management system 1 according to the present embodiment is arranged. As shown in FIG. 1, in this embodiment, user authority is set for a teller machine 20, an important material management device 30, a safe room 40, a key management machine 50, etc. disposed in a store 100 of a financial institution such as a bank. A case of performing user management for various devices will be described. In the store 100, a seat of a user who is an employee is disposed at a front seat, and a two-tier seat is disposed behind the seat. A teller machine 20 is disposed at the middle side of the store 100. A safe room 40 is disposed behind the store 100, and the safe room 40 is provided with a door 40 a that opens and closes the safe room 40. Further, behind the store 100, an important material management device 30, a key management device 50, and a management server 10 are arranged.

<System configuration of user management system>
FIG. 2 is a functional block diagram showing the system configuration of the user management system 1.

  As shown in FIG. 2, the user management system 1 includes a cashier machine 20, an important material management device 30, a vault 40, a key management device 50, and portable terminals A1 and B1 via a network. 10 is connected. The mobile terminal A1 is a mobile terminal possessed by the user A. The mobile terminal B1 is a mobile terminal that the user B has. User A is an in-house certified level 1 user, and user B is an in-house certified level 3 user whose level is higher than in-house certified level 1. The mobile terminals A1 and B1 are examples of a plurality of mobile terminals, and a mobile terminal is assigned to each employee who is a user in the store 100.

  Further, at least the beacon 2 is arranged in the teller machine 20, the important material management apparatus 30, the safe room 40, and the key management machine 50. In addition, the beacon 2 is arrange | positioned in each place in the shop 100, for example, the some beacon 2 is arrange | positioned on a ceiling etc. Each user has an assigned ID card. For example, the user B has an ID card B2 on which user identification information of the user B is recorded.

  The teller machine 20, the important material management device 30, and the safe room 40 are devices used for predetermined work. Specifically, the teller machine 20 is an apparatus as a cash management machine that stores cash, inputs and outputs cash, and manages the bank balance. The cash management machine also includes a cash bus for managing cash for replenishing and collecting money in the cashier 20. The important material management device 30 is a device that stores important materials such as seals used by employees. The safe room 40 is a room for storing cash or various documents. The key management device 50 is a device that manages keys such as the teller machine 20, the important material management device 30, the safe room 40, and the like. In the key management machine 50, the user authority is set for each key to be stored. The management server 10 performs user management of the in-store device based on the business rules in the store.

  The mobile terminals A1 and B1 are mobile terminals such as smartphones that are given in the store 100 and possessed by the users A and B, and receive beacon information emitted by the beacon 2. When receiving the beacon information, the portable terminals A1 and B1 transmit the beacon identification information in the beacon information and the user identification information possessing the portable terminals A1 and B1 to the management server 10. The beacon identification information differs for each beacon 2 and indicates the position information of the beacon 2 that issued the beacon information.

  The beacon 2 is a small transmission module including a transmission circuit and a battery. The transmission circuit transmits a 2.4 GHz band beacon radio wave based on, for example, the Bluetooth (registered trademark) standard. Beacon radio waves are extremely weak, and their effective reach area is extremely narrow and high in directivity compared to WiFi (registered trademark) radio waves. In addition, although the transmission cycle of a beacon electric wave is arbitrary, it is about 0.02 second-1 second, for example.

<Overview of user management>
Next, an overview of user management by the user management system 1 will be described with reference to FIG. Here, a case will be described in which the user A is given the ID card B2 of the user B from the user B and makes a high amount payment from the cashier 20. The high-withdrawal of the cashier 20 is, for example, a withdrawal of 3 million yen, and can be performed only by a user with an in-house certification level 2 or higher. For this reason, what the user A at the in-house certification level 1 does is a violation of business rules.

  As shown in FIG. 2, when the user A receives the ID card B2 of the user B from the user B and performs an operation of making a high withdrawal from the cashier 20, the management server 10 reads the cashier 20 The user information having the user identification information of the ID card B2 and the usage state of the high-value withdrawal is acquired (step S1).

  On the other hand, the management server 10 acquires the beacon identification information and the user identification information of the portable terminals A1 and B1 from the portable terminals A1 and B1 in almost real time, and includes the current positions of the portable terminals A1 and B1. History lines L1 and L2 are acquired as human flow information. The management server 10 acquires the human flow information of the user who is located in the teller machine 20 when the user information for the teller machine 20 is acquired (step S2). Specifically, the management server 10 acquires user identification information of the mobile terminal A1 located in the teller machine 20.

  Thereafter, the management server 10 determines the consistency of whether or not a user authorized to use the teller machine 20 is using the acquired user information and human flow information with reference to the business rules (step) S3). In FIG. 1, the user A who makes a high withdrawal from the cashier 20 is at the in-house certification level 1 based on the human flow information and is prohibited from making a high withdrawal. For this reason, the management server 10 determines that the user A who operates the teller machine 20 is not a user authorized to use the teller machine 20 and is inconsistent. In other words, it is determined that the high-value withdrawal operation by the user A is a violation of the business rules.

  If the management server 10 determines that the operation of the teller machine 20 by the user A is inconsistent, the management server 10 performs a withdrawal stop to stop the high withdrawal from the teller machine 20 as an operation restriction (step S4). As a result, the user A cannot make a high withdrawal from the cashier 20.

  In addition, when the management server 10 determines that the operation of the teller machine 20 by the user A is inconsistent, the management server 10 transmits alert information indicating that the operation is inconsistent or a business rule is violated to the mobile terminal A1. Then, the alert information is displayed on the portable terminal A1 (step S5). The user A who has the portable terminal A1 that has received the alert information recognizes that the high-value withdrawal from the cashier 20 is an operation that violates the business rules. In addition, the management server 10 may display and output the alert information on the display operation unit of the teller machine 20 instead of the mobile terminal A1. Further, the management server 10 may transmit alert information to the mobile terminal B1 in addition to the mobile terminal A1. Moreover, you may make it transmit alert information only with respect to not the portable terminal A1 but portable terminal B1.

  Note that the management server 10 has different user identification information read from the ID card B2 by the teller machine 20 and the user identification information of the portable terminal A1 even if the user A is in-house certified level 2 or higher. Judged as inconsistent. In this case, the business rules prescribe not only whether or not the user authority exists but also that the user identification information is the same as the matching condition. Further, even if the user identification information is the same, the time from when the user passes through a device other than the user device through the flow path of the human flow information or when the key is extracted from the key management device 50 until the key is used. May be determined to be inconsistent when a predetermined time is exceeded. Thereby, it can also be determined whether the user is performing suspicious behavior.

  Thereby, it is possible to prevent the use of the device in violation of the business rules due to the impersonation of the user, which occurs when the ID card or the like in which the user identification information is registered is transferred.

<Configuration of mobile terminal>
FIG. 3 is a functional block diagram showing the configuration of the mobile terminal A1. As illustrated in FIG. 3, the mobile terminal A <b> 1 includes a display operation unit 3, a communication unit 4, a beacon receiving unit 5, a storage unit 6, and a control unit 7. The display operation unit 3 is a touch panel display or the like, and accepts an operation input by a user and displays various information.

  The communication unit 4 is a communication interface that performs communication with the management server 10. The beacon receiving unit 5 is a receiving unit that receives a beacon radio wave from the beacon 2. The storage unit 6 is a storage device including a non-volatile memory and stores user identification information 6a. The user identification information 6a is user identification information of the user A who possesses the mobile terminal A1.

  The control unit 7 is a control unit that controls the entire mobile terminal A1, and includes a human flow information notification unit 7a. In practice, programs corresponding to human flow information notification processing are stored in a storage device such as a nonvolatile memory, and these programs are loaded into the memory and executed by a CPU (Central Processing Unit). The process will be executed.

  The human flow information notification unit 7a notifies the management server 10 of human flow information that is a pair of the beacon identification information received by the beacon receiving unit 5 and the user identification information 6a. The human flow information acquisition unit 16b of the management server 10 specifies the position of the mobile terminal A1 from the received human flow information, and obtains the flow line L1 of the mobile terminal A1.

<Configuration of management server>
FIG. 4 is a functional block diagram showing the configuration of the management server 10. As illustrated in FIG. 4, the management server 10 includes an input unit 11, a display unit 12, a communication unit 13, a printing unit 14, a storage unit 15, and a control unit 16.

  The input unit 11 is an input device such as a keyboard or a mouse. The display unit 12 is a display device such as a liquid crystal panel or a display device. The communication unit 13 is an interface unit for performing data communication with the mobile terminals A1 and B1, the teller machine 20, the important material management device 30, the safe room 40, the key management device 50, and the like via the network. The printing unit 14 is used for printing inconsistency list information.

  The storage unit 15 is a storage device such as a hard disk device or a nonvolatile memory, and stores business regulation information 15a and inconsistency list information 15b.

  The control unit 16 is a control unit that controls the entire management server 10, and includes a user information acquisition unit 16a, a human flow information acquisition unit 16b, a consistency determination unit 16c, an operation restriction control unit 16d, an alert information output processing unit 16e, and the like. An inconsistency list information generation unit 16f is included. Actually, the programs corresponding to the user information acquisition unit 16a, the human flow information acquisition unit 16b, the consistency determination unit 16c, the operation restriction control unit 16d, the alert information output processing unit 16e, and the inconsistency list information generation unit 16f are nonvolatile. The program is stored in a storage device such as a memory, and these programs are loaded into the memory and executed by a CPU (Central Processing Unit), thereby executing a corresponding process.

  The user information acquisition unit 16a acquires user information having a use state of a device such as the teller machine 20 and user identification information for the device. For example, when the user A receives the user B's ID card B2 from the user B and performs an operation of making a large withdrawal from the cashier 20, the user information acquisition unit 16a reads the ID read by the cashier 20 User information having the user identification information of the card B2 and the usage state of the high-value withdrawal is acquired.

  The human flow information acquisition unit 16b acquires beacon identification information transmitted from the mobile terminals A1 and B1 in substantially real time and user identification information of the mobile terminals A1 and B1, and determines the current positions of the mobile terminals A1 and B1. The flow lines L1 and L2, which are route histories, are acquired as human flow information. The human flow information acquisition unit 16b acquires human flow information located in the teller machine 20 when the user information acquisition unit 16a acquires user information. Specifically, the human flow information acquisition unit 16b acquires the user identification information of the mobile terminal A1 located in the teller machine 20.

  In addition, the human flow information acquisition means of this invention is a means containing the human flow information acquisition part 16b, the beacon 2, and portable terminal A1, B1.

  Whether the consistency determination unit 16c is used by a user who is authorized to use the teller machine 20 based on the user information acquired by the user information acquisition unit 16a and the human flow information acquired by the human flow information acquisition unit 16b. The consistency is determined with reference to the business rules.

  The operation restriction control unit 16d performs operation restriction control of the determined device when the consistency determination unit 16c determines that there is a mismatch.

  The alert information output processing unit 16e, when the consistency determining unit 16c determines that there is an inconsistency, transmits alert information indicating that there is an inconsistent operation or an office rule violation to the mobile terminals A1 and B1. The alert information is displayed on the portable terminals A1 and B1.

  The inconsistency list information generation unit 16f generates the use contents and handling processing determined by the consistency determination unit 16c as inconsistency, registers them as inconsistency list information, and prints out the inconsistency list information as necessary. Alternatively, the data is output to a terminal device or a host device (not shown) via a network.

<Composition of cashier>
FIG. 5 is an external configuration diagram showing an external configuration of the teller machine 20. The teller machine is configured by arranging the coin processing unit 23 and the banknote processing unit 24 side by side. The coin processing unit 23 includes a coin input unit 23a that accepts coins, a coin throwing unit 23b that dispenses coins, a coin reject unit 23c that returns unidentifiable coins, and the like. The banknote processing unit 24 includes a banknote insertion unit 24a that accepts banknotes, a rose banknote ejection unit 24b that dispenses loose banknotes, and a bundled banknote ejection unit 24c that dispenses bundled banknotes. Moreover, the display operation part 21, the printing part 22, etc. are provided in the coin processing unit 23 side as an example.

  FIG. 6 is a functional block diagram showing the configuration of the teller machine 20. As illustrated in FIG. 6, the teller machine 20 includes a display operation unit 21, a card reader 21 a, a printing unit 22, a coin processing unit 23, a banknote processing unit 24, a communication unit 25, a storage unit 26, and a control unit 27.

  The display operation unit 21 is an input / output device such as a touch panel display. The display operation unit 21 receives various operations related to deposit / withdrawal processing and displays various information. The card reader 21a reads information such as user identification information registered in the ID card. The printing unit 22 is used for printing output of stock amount and processing history. The coin processing unit 23 is a unit that performs coin depositing, identification, denomination storage, withdrawal, and the like. The banknote processing unit 24 is a unit that performs banknote depositing, identification, denomination storage, withdrawal, and the like. The communication unit 25 is a communication interface unit that communicates with the management server 10 and the like via a network.

  The storage unit 26 is a storage device such as a hard disk device or a nonvolatile memory, and includes authentication information 26a and deposit / withdrawal information 26b. The authentication information 26a is information for authenticating whether the user identification information read by the card reader 21a is valid. The deposit / withdrawal information 26b is information for managing the amount of money deposited / withdrawn by the depositing / dispensing machine 20.

  The control unit 27 is a control unit that controls the entire teller machine 20, and includes an authentication processing unit 27a, a deposit / withdrawal control unit 27b, and an operation restriction receiving unit 27c. Actually, programs corresponding to the authentication processing unit 27a, the deposit / withdrawal control unit 27b, and the operation restriction receiving unit 27c are stored in a storage device such as a nonvolatile memory, and these programs are loaded into the memory, and the CPU ( By executing in the Central Processing Unit, the corresponding process is executed.

  The authentication processing unit 27a is a processing unit that determines whether the user identification information read by the card reader 21a is valid with reference to the authentication information 26a. The deposit / withdrawal control unit 27b causes the coin processing unit 23 and the banknote processing unit 24 to perform processing for the deposit / withdrawal command input from the display operation unit 21, and updates the deposit / withdrawal information 26b. The operation restriction receiving unit 27c receives the operation restriction process instructed by the operation restriction control unit 16d. The operation restriction receiving unit 26c forcibly stops the deposit / withdrawal process of the depositing / dispensing machine 20, for example, when receiving an operation restriction process for prohibiting withdrawal.

<Example of business rules information>
FIG. 7 is a diagram illustrating an example of the business regulation information 15a. As shown in FIG. 7, in the business regulation information 15a, for example, “High-value withdrawals from cashiers must be at or above the internal certification level 2”, “Vault door opening / closing is at or above the internal certification level 3”. Matching conditions such as “Do not drop in to other devices for more than a certain period of time from when the vault is unlocked until the door is opened” are registered. Note that “High-value withdrawals from the cashier must be at or above the internal certification level 2” is the matching condition used for user management shown in FIG.

<Example of inconsistency list information>
FIG. 8 is a diagram illustrating an example of the inconsistency list information 15b. As shown in FIG. 8, the inconsistency list information 15 b is obtained by sequentially adding and registering, in the storage unit 15, events determined by the consistency determination unit 16 c and corresponding processing by the inconsistency list information generation unit 16 f. is there.

  The inconsistency list information 15b includes items of inconsistency number, inconsistency occurrence time, device identification information, user information, human flow information, determination, and response processing. The user information includes user identification information and a usage state for the device to be used. The human flow information includes user identification information and flow line information of the portable terminals A1 and B1. The response processing includes operation restriction performed by the operation restriction control unit 16d and presence / absence of notification of alert information by the alert information output processing unit 16e.

  The inconsistency corresponding to the inconsistency number “1” is the content shown in FIG. 2, “Teller” as the device identification information, “B” as the user identification information of the user information, “ Using an “ID card”, it can be seen that the usage state is “high withdrawal”. Further, as human flow information, the user identification information of the mobile terminal is the user “A”, and the flow line information is held as D1. This flow line information is the flow lines L1 and L2 in FIG. The response processing is “withdrawal stop”, the alert information is “completed”, and the alert information is transmitted.

<Example of inconsistency when using keys>
Next, an example of mismatch when using the key corresponding to the number “2” in the mismatch list information 15b shown in FIG. 8 will be described. FIG. 9 is an explanatory diagram for explaining an example of inconsistency when a key is used and processing for handling inconsistency. In FIG. 9, the user B extracts the key C1 of the safe room 40 from the key management machine 50 using the ID card B2 of the user B, and then the user B passes the key C1 to the user A, A case is shown in which A uses the key C1 for inconsistent use that opens the door of the safe room 40 (violating business rules). The flow line L11 indicates the trajectory of the user A based on the human flow information, and the flow line L12 indicates the trajectory of the user B based on the human flow information.

  In this case, first, when the user information acquisition unit 16a extracts the key C1 from the key management device 50, the user when the key C1 is extracted and used based on the reading result of the ID card B2 used by the user B. As information, the user identification information of the user “B” and the key withdrawal time are acquired (step S11a), and the use state of “door opening / closing” when the door using the key C1 is opened for the vault 40. Is acquired (step S11b).

  On the other hand, the human flow information acquisition unit 16b acquires the human flow information of the portable terminal A1 in the safe room 40 when the door using the key C1 is opened to the safe room 40 (step S12). In this human flow information, the user “A” is indicated from the user identification information of the portable terminal A1 as the user who opened the door of the safe room 40.

  Since the user who extracted the key C1 from the key management machine 50 is the user B and the user who opened the door of the vault 40 using the key C1 is the user A, the consistency determination unit 16c It is determined that there is a mismatch (step S13).

  When the key C1 is returned to the key management machine 50, the operation restriction control unit 16d accepts the return of the key C1, but performs operation restriction that does not accept the completion of the return of the key C1 (step S14). This operation restriction is an additional process for forcing the key manager 50 to input the reason for opening the vault 40 using the key C1 of the user A who does not have the use authority. When this addition process is completed, the return of the key C1 is completed.

  The alert information output processing unit 16e notifies the alert information to the mobile terminal A1 when the safe room 40 is opened using the key C1 of the user A who does not have use authority (step S15). Then, the inconsistency list information generation unit 16f additionally registers the contents of the number “2” in FIG. 8 as the inconsistency list information 15b.

  In this way, it is possible to prevent the use of the device in violation of the business rules, such as the use of a key by impersonation of a user without use authority, which occurs due to the delivery of the key C1 properly extracted from the key management device 50.

<Another example of inconsistency when using keys>
Next, another example of mismatch when using the key corresponding to the number “3” in the mismatch list information 15b shown in FIG. 8 will be described. FIG. 10 is an explanatory diagram for explaining a correspondence process of mismatch with another example of mismatch when using a key. In FIG. 10, the user B extracts the key C1 of the safe room 40 from the key management machine 50 using the ID card B2 of the user B, and then the user B uses the key C1 of the safe room to remove the safe room 40. Although the door is opened, the case where the user B has stopped at a position P1 of the teller machine 20 unrelated to the key C1 for a predetermined time or more is shown. In addition, the flow line L22 has shown the locus | trajectory of the user B based on human flow information.

  In this case, when the user information acquisition unit 16a extracts the key C1 from the key management device 50, the user information acquisition unit 16a uses the result of reading the ID card B2 used by the user B as user information when the key C1 is extracted and used. The user identification information of the user “B” and the key extraction time are acquired (step S21a), and the usage status of “door open / close” is acquired when the door using the key C1 is opened for the safe room 40. (Step S21b).

  On the other hand, the human flow information acquisition unit 16b acquires the human flow information of the portable terminal B1 in the safe room 40 when the door using the key C1 is opened to the safe room 40 (step S22). In the human flow information, the user “B” is indicated from the user identification information of the portable terminal B1 as the user who opened the door of the safe room 40.

  Since the user who extracted the key C1 from the key management device 50 is the user B and the user who opened the door of the vault 40 using the key C1 is the user B, the consistency determination unit 16c Although it is temporarily determined that the use of the key C1 for the vault 40 is consistent, referring to the flow line L22 of the user B's human flow information, the user B has stopped at the position P1 of the teller machine 20 for a certain time or more. It is determined that the behavior is suspicious, and the use of the key C1 of the user B is determined to be inconsistent (step S23). In the business rules, a predetermined authority regarding a user who uses the in-store device and conditions regarding the user's behavior before or after using the in-store device are defined as “behavioral conditions”. This behavior condition includes “conditions regarding behavior such as prohibiting contact with other users before using the in-store device”. In addition, the behavior condition also includes a point that it is prohibited to stop at a position P1 of a device other than the safe room 40 for a certain period of time when the key C1 is used.

  When the key C1 is returned to the key manager 50, the operation restriction control unit 16d accepts the return of the key C1, but performs the operation restriction that does not accept the completion of the return of the key C1 (step S24). This operation restriction is an additional process that forces the key manager 50 to input the reason for the violation of the business rules. When this addition process is completed, the return of the key C1 is completed.

  The alert information output processing unit 16e notifies the alert information to the portable terminal B1 when the user B who has violated the business rules opens the vault 40 (step S25). Then, the inconsistency list information generation unit 16f additionally registers the contents of the number “3” in FIG. 8 as the inconsistency list information 15b.

  In this way, it is possible to prevent a violation of business rules such as key usage due to impersonation of a user who does not have usage rights, which occurs when the key C1 properly extracted from the key management machine 50 is delivered. Here, after the user B removes the key C1 of the safe room 40 from the key management machine 50 and the user B opens the door of the safe room 40 using the key C1 of the safe room, Although the case where the user stops at a position P1 of the teller machine 20 unrelated to C1 for a certain period of time or more is shown, the user is not at the teller machine 20 but stops at another position (for example, his seat) for a certain period of time. Can also handle violations.

<User management processing by the management server>
Next, a user management processing procedure by the management server 10 will be described. FIG. 11 is a flowchart showing a user management processing procedure by the management server 10. As shown in FIG. 11, first, the user information acquisition unit 16a monitors each device such as the teller machine 20, and acquires user information having the use status of the device and user identification information for the device (step). S101). Thereafter, the human flow information acquisition unit 16b acquires the human flow information when the user information acquisition unit 16a acquires the user information (step S102). In addition, the human flow information acquisition part 16b receives the beacon identification information and user identification information from portable terminal A1, B1, and produces | generates human flow information continuously.

  After that, the consistency determination unit 16c uses the user information acquired by the user information acquisition unit 16a and the human flow information acquired by the human flow information acquisition unit 16b so that a user who has the authority to use the device stores the business regulation information 15a. It is determined whether or not it is being used under the registered predetermined matching conditions (step S103). If it is determined that it is the use of a device that matches the business regulation information 15a (step S104; Yes), this process is terminated.

  On the other hand, if it is determined that it is not the use of a device that matches the business regulation information 15a (Step S104; No), the operation restriction control unit 16d executes an operation restriction process that restricts the operation of the determined device (Step S104). S105). For example, when the determined apparatus performs a high amount payment with the cashier 20, the cashier 20 is instructed to stop withdrawing.

  Thereafter, the alert information output processing unit 16e notifies the alert information indicating that the device inconsistent with the business rules is being used to the mobile terminal of the user using the device (step S106). Further, the inconsistency list information generation unit 16f generates information related to the use of the device that is inconsistent with the business rules, additionally registers the information in the inconsistency list information (step S107), and ends this processing. The above process is repeated every predetermined time.

  In the user management according to the above embodiment, in addition to the conventional consistency determination using the usage authority information, the consistency determination using the human flow information is performed, so the device by impersonating the user without the user authority Can be reliably grasped and prevented, and suspicious behavior of the user based on human flow information can also be managed.

  In the above embodiment, the human flow information acquisition unit 16b always acquires the human flow information and obtains the flow line of the user's mobile terminal. Although this flow line may not directly contribute to the determination process by the consistency determination unit 16c, it becomes useful reference information when analyzing a violation of business rules.

  In the above embodiment, when a user who does not have the authority to use the safe room 40 opens the door of the safe room 40 using the key C1, alert information is notified to the user's portable terminal B1. Thereafter, when the key C1 is returned to the key manager 50, an operation restriction process is performed in which the reason for inconsistency is input. Here, when the vault 40 has an inner door and has an electromagnetic lock function for opening and closing the inner door, the operation restriction control unit 16d restricts the operation so that the inner door cannot be opened and closed by locking the electromagnetic lock function. May be performed.

  Further, when collecting money in the teller machine 20, the front door of the teller machine 20 is opened using the key of the teller machine 20 extracted from the key management machine 50, and the user who opens this front door is authorized. If it is a user who does not, it is determined that the use is inconsistent. In this case, the alert information is notified to the user's mobile terminal. However, in the case of having an electromagnetic lock mechanism that locks the drawer of the money handling unit that accompanies the money collection, the operation restriction for locking the electromagnetic lock mechanism is performed. The money handling unit may not be pulled out even by performing a key operation for pulling out the money handling unit.

  In addition, although the portable terminal which can receive a beacon electric wave is possessed by each user, in order to prevent the replacement of the portable terminal between users, each portable terminal is provided with a biometric authentication processing function, The authentication process with the user who possesses the portable terminal may be performed. When the biometric authentication process matches, the mobile terminal may activate the human flow information notification unit 7a and transmit the beacon identification information.

  In order to prevent unauthorized use of the mobile terminal, the attendance information may not be updated unless the portable terminal is stored in a predetermined storage position, for example, the important material management device 30, when leaving the office. Furthermore, the user may not be able to operate each device unless the user takes out the portable terminal from the predetermined storage position and activates the human flow information notifying unit 7a of the portable terminal at work. The user may permit the operation of the device when the device recognizes the portable terminal, or the terminal device receives the beacon identification information of the device, and the reception result is transmitted from the management server 10 to the device side. You may make it carry out by transmission.

  In the above-described embodiment, user management is performed for each device in the bank store. However, the present invention is not limited to this. For example, the present invention can be applied to user management for each device in the game hall. In this embodiment, since the user's flow line and the current position can be acquired, it is possible to give an instruction to the optimum user (employee) for the customer's call. In addition, it is possible to monitor the movement of the user by managing the flow line of the user, and perform the work assessment management of the user including the work time of the user. In addition, when a surveillance camera is installed in the store, the user's flow line and current position are ascertained. For example, when the user is stationary for a predetermined time, the user is watched through the surveillance camera and works. The status can be monitored.

  Further, in the above embodiment, the information on the flow of people in the store is acquired. However, the present invention is not limited to this, and when the mobile terminal is taken out of the store, the mobile terminal has a GPS (Global Positioning System) reception function. The position of the portable terminal may be measured, and the position information of the portable terminal may be replaced with the beacon identification information and notified to the management server 10.

  In addition, each configuration illustrated in the above embodiment is functionally schematic and does not necessarily need to be physically configured as illustrated. That is, the form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed / integrated in an arbitrary unit according to various loads or usage conditions. Can be configured.

  The user management system and the user management method of the present invention are useful for efficiently preventing violations of business rules that allow a legitimate user to use a device in a store by a third party.

DESCRIPTION OF SYMBOLS 1 User management system 2 Beacon 3,21 Display operation part 4,13,25 Communication part 5 Beacon reception part 6,15,26 Storage part 6a User identification information 7,16,27 Control part 7a Human flow information notification part 10 Management Server 11 Input unit 12 Display unit 14, 22 Printing unit 15a Office regulation information 15b Inconsistency list information 16a User information acquisition unit 16b Human flow information acquisition unit 16c Consistency determination unit 16d Operation restriction control unit 16e Alert information output processing unit 16f Matching list information generation unit 20 Teller machine 21a Card reader 23 Coin processing unit 23a Coin insertion unit 23b Coin insertion unit 23c Coin rejection unit 24 Banknote processing unit 24a Banknote insertion unit 24b Bulk banknote ejection unit 24c Bundling banknote ejection unit 26a Authentication Information 26b Deposit / withdrawal information 27a Authentication processing section 27b Deposit / withdrawal system Part 27c operation restriction accepting unit 30 important object management unit 40 vault 40a door 50 key management unit 100 stores A, B user A1, B1 mobile terminal B2 ID card L1, L2, L11, L12, L22 flow line P1 position

Claims (8)

User information acquisition means for acquiring user information that can identify a use state of a predetermined in-store device and a user who uses the in-store device;
Human flow information acquisition means for acquiring human flow information relating to the user;
Determination means for determining whether or not the use of the in-store device by the user is consistent with a predetermined condition based on the user information and the human flow information;
An operation restricting means for restricting the operation of the in-store device when it is determined that the inconsistency is detected by the determining means.   2. The predetermined condition includes a predetermined authority for a user who uses the in-store device and an action condition of the user before or after using the in-store device. User management system.   The user management system according to claim 1 or 2, wherein the in-store device is a keyed device that requires locking and unlocking using a key. The in-store device is a cash management machine,
3. The user management system according to claim 1, wherein the operation restricting unit stops the withdrawal of the cash management machine when the determination unit determines that there is an inconsistency. 4.   The user management system according to any one of claims 1 to 4, further comprising alert information output means for outputting alert information when the determination means determines that there is a mismatch. . A key management device for managing a key used for locking and unlocking the in-store device;
When the key is returned to the key management device, the operation restriction unit returns the key on condition that an input of the reason for the inconsistency is made if the determination unit determines that the key is inconsistent. The user management system according to claim 1, wherein the user management system is completed.   The information processing apparatus according to claim 1, further comprising a notification unit configured to generate list information and notify an administrator terminal when the determination unit determines that there is a mismatch. User management system. A user information acquisition step of acquiring user information that can identify a use state of a predetermined in-store device and a user who uses the in-store device;
Human flow information acquisition step for acquiring human flow information relating to the user;
A determination step of determining whether or not the use of the in-store device by the user is consistent with a predetermined condition based on the user information and the human flow information;
An operation restriction step for restricting the operation of the in-store device when it is determined that the inconsistency is determined by the determination step.

Images