JP2020046808A - Access management system and access management device and portable electronic device and program - Google Patents

Abstract

To shorten an unlocking time of a key for a door when accessing.SOLUTION: An access management system has a portable terminal that a user owns and an access management device conducting access management using the portable terminal. The portable terminal has a first authentication part 164B, a communication part, a second authentication part 164C, a storage part, and an unlock request part. The first authentication part performs person authentication with one or more authentication means corresponding to a door to be unlocked. The communication part communicates with the access management device. The second authentication part accesses the access management device with the communication part when the person authentication has succeeded, and conducts authentication of the portable terminal based on key information. The storage part stores authentication state information corresponding to the authentication means transmitted from the access management device when the authentication by the second authentication part has succeeded. The unlock request part unlocks the door by making a reader device connected to the access management device read out unlock information corresponding to the authentication state information.SELECTED DRAWING: Figure 3

Description

  Embodiments of the present invention relate to an access control system, an access control device, a portable electronic device, and a program.

  2. Description of the Related Art Conventionally, an IC card incorporating an IC (Integrated Circuit) chip having a card user authentication function is known. In connection with this, in the entry / exit management processing for managing entry / exit to / from a predetermined area such as a room or facility, based on the identification information of the IC card read by the card reader device installed near the entry / exit door. There is an entry / exit management system that determines whether a card user is allowed to enter / exit. However, in a situation where high security is required, there are cases where authentication is performed using a plurality of authentication means, and whether access is permitted or denied is determined using encrypted authentication data. For this reason, it sometimes takes time to unlock the door when entering and exiting.

JP 2010-34967 A JP 2003-248661 A JP 2010-61517 A

  An object of the present invention is to provide an entry / exit management system, an entry / exit management device, a portable electronic device, and a program capable of shortening a door unlocking time at entry / exit.

  The entry / exit management system according to the embodiment has a portable electronic device possessed by a user, and an entry / exit management device that performs entry / exit management using the portable electronic device. The portable electronic device has a first authentication unit, a communication unit, a second authentication unit, a storage unit, and an unlock request unit. The first authentication unit performs person authentication using one or a plurality of authentication units associated with the door to be unlocked. The communication unit communicates with the entry / exit management device. A second authentication unit that, when the person authentication by the first authentication unit is successful, accesses the entry / exit management device by the communication unit and authenticates the portable electronic device based on the key information; When the authentication of the portable electronic device by the second authentication unit is successful, the storage unit includes an authentication state including information on an unlockable door corresponding to the authentication unit, transmitted from the entry / exit management device. Store the information. The unlock requesting unit unlocks the door by causing a reader device connected to the entry / exit management device to read unlock information associated with the authentication state information stored in the storage unit. The entry / exit management device includes a third authentication unit, an information generation unit, and an unlock control unit. The third authentication unit authenticates the portable electronic device using the key information. The information generating unit, when the authentication by the third authentication unit is successful, generates the authentication state information based on an authentication unit used for the person authentication and an authentication result by the third authentication unit. The unlock control unit compares the unlock information received by the reader device with the authentication state information generated by the information generation unit, and unlocks the door when the result of the verification satisfies the unlock condition. Let it.

1 is a schematic configuration diagram of an entry / exit management system 1 according to an embodiment. FIG. 2 is a diagram illustrating an example of a hardware configuration of the mobile terminal 100 according to the embodiment. FIG. 2 is a diagram illustrating an example of a functional configuration of the mobile terminal 100 according to the embodiment. FIG. 4 is a diagram illustrating an example of the content of personal authentication information 166A according to the embodiment. FIG. 6 is a diagram illustrating an example of the content of key information 166B according to the embodiment. FIG. 9 is a diagram illustrating an example of the content of authentication status information 166C according to the embodiment. FIG. 2 is a diagram illustrating an example of a functional configuration of an entry / exit management server 200 according to the embodiment. FIG. 4 is a diagram illustrating an example of the content of registered terminal authentication information 262 according to the embodiment. FIG. 4 is a diagram illustrating an example of the content of door management information 264 according to the embodiment. FIG. 4 is a diagram illustrating an example of the content of authentication status information 266 according to the embodiment. FIG. 4 is a sequence diagram for explaining pre-authentication processing according to the embodiment. FIG. 4 is a diagram illustrating an example of an authentication unit selection screen IM1 according to the embodiment. FIG. 4 is a diagram illustrating an example of an authentication status screen IM2 according to the embodiment. FIG. 7 is a sequence diagram for explaining a token acquisition process according to the embodiment. FIG. 9 is a sequence diagram for explaining unlocking execution processing according to the embodiment. The figure which shows an example of the door selection screen IM3 of embodiment. FIG. 4 is a diagram illustrating an example of an authentication screen IM4 according to the embodiment.

  Hereinafter, an access control system, an access control device, a portable electronic device, and a program according to an embodiment will be described with reference to the drawings.

  FIG. 1 is a schematic configuration diagram of an access control system 1 according to the embodiment. The entry / exit management system 1 includes, for example, a wireless router (an example of a first communication unit) 10, a plurality of reader devices (an example of a second communication unit) 20-1 to 20-n, and a plurality of electronic locks 30-1 to 30-1. 30-n, a controller 40, a mobile terminal 100, and an entry / exit management server 200. In the following description, the reader devices 20-1 to 20-n have the same configuration, and when it is not necessary to distinguish between the reader devices, the symbols after the hyphen indicating which reader device are omitted are omitted. A description will be given by referring to the “reader device 20”. The same applies to other configurations described using hyphens. In addition, the entry / exit management system 1 illustrated in FIG. 1 illustrates the entry / exit management server 200 and the portable terminal 100 in a one-to-one relationship for convenience of explanation, but the M / N (M and N are each 1 or more). (A natural number). The entry / exit management server 200 may be provided for each building or facility where a door for locking and unlocking is provided, or may be provided for each floor of a building or the like. The portable terminal 100 is an example of a “portable electronic device”. The entry / exit management server 200 is an example of an “entry / exit management device”.

  The wireless router 10 is connected to the entry / exit management server 200 and communicates with the mobile terminal 100 via a wireless communication network. For example, the wireless communication network includes a communication network using a communication method such as Wi-Fi or Bluetooth (registered trademark). The wireless router 10 is a wireless communication unit having a longer communication distance than the reader device 20. When receiving the information transmitted by the mobile terminal 100, the wireless router 10 outputs the received information to the entry / exit management server 200. Further, the wireless router 10 transmits the information instructed from the entry / exit management server 200 to the mobile terminal 100.

  The reader device 20 is installed, for example, near a door D that performs one or both of entering and leaving a predetermined area such as a room or facility in a building. The reader device 20 is a wireless communication unit having a shorter communication distance than the wireless router 10. For example, the reader device 20 communicates with the mobile terminal 100 through an NFC (Near Field radio Communication) interface. Further, the reader device 20 may scan an image such as code information displayed on the display unit of the mobile terminal 100 and read information included in the image. The code information includes, for example, a one-dimensional barcode such as a QR code (registered trademark), a two-dimensional barcode such as DataMatrix and AztecCode, and a barcode. The reader device 20 outputs the information acquired from the mobile terminal 100 to the entry / exit management server 200.

  The electronic lock 30 is a lock system incorporating a mechanism for electrically locking and unlocking so that the key of the door D can be remotely controlled from an external device. The electronic lock 30 unlocks or locks the door D based on control information obtained from the controller 40, for example.

  The controller 40 transmits the information acquired by the reader device 20 to the entry / exit management server 200. Further, the controller 40 acquires control information for locking / unlocking the door D by the electronic lock 30 from the entry / exit management server 200, and locks / unlocks the electronic lock 30 based on the acquired control information. Further, the controller 40 may generate control information to be locked after a predetermined time has elapsed after unlocking, and output the generated control information to the electronic lock 30. Further, a plurality of controllers 40 may be provided in association with the numbers of the reader devices 20 and the electronic locks 30.

  The mobile terminal 100 is, for example, a mobile phone such as a smartphone. The mobile terminal 100 communicates with the entry / exit management server 200 by performing wireless communication with the wireless router 10. The mobile terminal 100 communicates with the reader device 20 via the NFC interface. The mobile terminal 100 incorporates, for example, a UICC (Universal Integrated Circuit Card) 150 or a secure element. The secure element includes, for example, a storage unit, a cryptographic logic circuit, and the like that have security ability to withstand an external analysis attack or the like and that can safely store data. In addition, the secure element may have a tamper function that makes it impossible to use information, circuits, and the like in the storage unit if the internal storage unit or circuit is physically removed.

  The UICC 150 is, for example, an IC card such as a SIM (Subscriber Identity Module Card) card. The UICC 150 stores confidential information used for processing executed by the mobile terminal 100. The UICC 150 is formed, for example, by mounting an IC chip 152 (see FIG. 2 described later) connected to the contact portion 151 on a plastic base material.

  The UICC 150 can communicate with the mobile terminal 100 and the like via the contact unit 151 (or via a dedicated communication path in the case of a secure element). The UICC 150 receives, for example, a command (processing request) transmitted by the mobile terminal 100 via the contact unit 151, and executes processing (command processing) according to the received command. Then, the UICC 150 transmits a response (processing response) as an execution result of the command processing to the mobile terminal 100 via the contact unit 151.

  FIG. 2 is a diagram illustrating an example of a hardware configuration of the mobile terminal 100 according to the embodiment. The mobile terminal 100 includes, for example, a CPU (Central Processing Unit) 110, a RAM (Random Access Memory) 111, a nonvolatile memory 112, an input unit 113, a display unit 114, and a card I / F (interface) unit 115. , An NW (network) communication unit 116, an NFC controller 117, an antenna 117A, a camera (an example of an imaging unit) 118, a microphone (an example of an audio input unit) 119, and a UICC 150. The CPU 110, the RAM 111, the non-volatile memory 112, the input unit 113, the display unit 114, the card I / F unit 115, the NW communication unit 116, the NFC controller 117, the camera 118, the microphone 119, Are connected via a system bus BS1.

  The CPU 110 executes a program stored in the RAM 111 or the nonvolatile memory 112, for example, to perform various processes of the mobile terminal 100. The RAM 111 is, for example, a volatile memory such as a DRAM (Dynamic RAM) or an SRAM (Static RAM), and temporarily stores data and programs used when various processes of the mobile terminal 100 are performed. The nonvolatile memory 112 is, for example, a memory such as a mask ROM (Read Only Memory) or a flash memory, and stores a program for executing various processes of the mobile terminal 100 and the like.

  The input unit 113 is, for example, a key switch or a touch panel device, and receives information input by a user. The input unit 113 receives a request to execute a pre-authentication process or an unlocking process in the embodiment. The unlocking process includes, for example, a token acquisition process and an unlocking execution process. The input unit 113 also receives input of authentication information for user authentication of the user, terminal authentication of the mobile terminal 100, and other information. The display unit 114 is, for example, a display device such as a liquid crystal display, and displays various kinds of information necessary for a pre-authentication process and an unlocking process. The display unit 114 may be provided integrally with the input unit 113 as a touch panel device. The display unit 114 displays, for example, various screens for providing a pre-authentication service for unlocking the door D and an unlocking service.

  The card I / F unit 115 is a contact interface via a contact unit 151 for the UICC 150 (for example, for an IC card). Card I / F section 115 is used when portable terminal 100 communicates with UICC 150. The NW communication unit 116 is a communication module that communicates with the wireless router 10 by wireless communication such as Wi-Fi or Bluetooth. The NW communication unit 116 communicates with the entry / exit management server 200 via the wireless router 10.

  The NFC controller 117 is a non-contact I / F unit that communicates with the reader device 20 through a non-contact interface. The NFC controller 117 communicates with the reader device 20 via, for example, the antenna 117A. The antenna 117A is an antenna coil used for data communication with the reader device 20 in NFC, for example.

  The camera 118 is a digital camera using a solid-state imaging device such as a charge coupled device (CCD) or a complementary metal oxide semiconductor (CMOS). The camera 118 is attached to an arbitrary portion of the mobile terminal 100. The camera 118 captures, for example, a face image of the user, an eye of the user, a fingerprint, and the like according to an operation instruction from the user. The microphone 119 is attached to an arbitrary part of the portable terminal 100. The microphone 119 acquires a voice uttered by a user of the mobile terminal 100 as voice information.

  The UICC 150 includes, for example, a contact part 151 and an IC chip 152. The IC chip 152 includes, for example, a communication I / F unit 153, a CPU 154, a ROM 155, a RAM 156, and an EEPROM (Electrically Erasable Programmable ROM) 157. Further, the IC chip 152 may include a flash memory.

  The communication I / F unit 153 is a contact interface via the contact unit 151, and performs communication (command / response transmission / reception) between the UICC 150 and the portable terminal 100 via the contact unit 151. The CPU 154 executes a program stored in the ROM 155 or the EEPROM 157 to perform various processes of the UICC 150. The CPU 154 executes a command process according to a command received by the communication I / F unit 153 via the contact unit 151, for example.

  The ROM 155 is, for example, a non-volatile memory such as a mask ROM, and stores a program for executing various processes of the UICC 150 and data such as a command table. The program and the data such as the command table may be stored in the flash memory of the IC chip 152. The RAM 156 is a volatile memory such as a RAM, for example, and temporarily stores data used when performing various processes of the UICC 150. The EEPROM 157 is, for example, an electrically rewritable nonvolatile memory. The EEPROM 157 stores various data used by the UICC 150. The above various data may be stored in the flash memory of the IC chip 152.

  FIG. 3 is a diagram illustrating an example of a functional configuration of the mobile terminal 100 according to the embodiment. Each unit of the mobile terminal 100 shown in FIG. 3 is realized using the hardware of the mobile terminal 100 shown in FIG. Hereinafter, the same components as those shown in FIG. 2 are denoted by the same reference numerals, and description thereof will be omitted. In the example of FIG. 3, the mobile terminal 100 includes, for example, an input unit 113, a display unit 114, a control unit 120, a terminal-side storage unit 130, a communication unit 140, and a UICC 150. These functional units are software functional units that function when a processor such as the CPU 110 executes a program stored in the program memory.

  The control unit 120 is realized by, for example, the CPU 110. The control unit 120 includes, for example, an application execution unit (an example of an unlock request unit) 122 and a display control unit 124. The application execution unit 122 is realized by, for example, a processor such as the CPU 110 executing an application such as the pre-authentication application 132 or the unlock application 134 stored in the terminal-side storage unit 130. For example, by executing the pre-authentication application 132, the application execution unit 122 executes pre-authentication for unlocking the door D for the user to enter and exit a predetermined area. The pre-authentication is, for example, person authentication or terminal authentication performed by a predetermined time before the reader device 20 reads the unlock information of the portable terminal 100 and executes the process of unlocking the door D. The application executing unit 122 executes the unlocking application 134 to perform the unlocking process of the door D based on the pre-authentication result by the pre-authentication application 132. Note that the pre-authentication application 132 and the unlock application 134 may be configured as one application.

  The display control unit 124 controls the display unit 114 to output an image corresponding to the processing executed by the application execution unit 122 and terminates the display of the image.

  The terminal-side storage unit 130 is realized by, for example, the RAM 111 and the nonvolatile memory 112. The terminal-side storage unit 130 stores, for example, information used for various processes of the pre-authentication application 132, the unlock application 134, and the mobile terminal 100.

  The communication unit 140 includes, for example, a card communication unit 142, an NFC communication unit 144, and an NW communication unit 116. The card communication unit 142 is realized using the card I / F unit 115, and communicates with the UICC communication unit 162 of the UICC 150 using the contact interface. The NFC communication unit 144 is realized using the NFC controller 117 and the antenna 117A, and communicates with the reader device 20 using a non-contact interface.

  The UICC 150 includes, for example, a UICC communication unit 162, a UICC control unit 164, and a data storage unit 166. The UICC control unit 164 and the data storage unit 166 are examples of a secure element. The UICC communication unit 162 is realized using the contact unit 151 and the communication I / F unit 153 shown in FIG. 2 and communicates with the card communication unit 142 using a contact interface.

  The UICC control unit 164 is realized by, for example, the CPU 154. The UICC control unit 164 includes, for example, an authentication information registration unit 164A, a first authentication unit 164B, a second authentication unit 164C, and a terminal-side authentication state management unit 164D. The authentication information registration unit 164A stores the personal authentication information 166A and the key information 166B in the data storage unit 166, for example, before the pre-authentication process is performed by the application execution unit 122. For example, the authentication information registration unit 164A causes the data storage unit 166 to store a personal ID (password) for identifying an individual received via the UICC communication unit 162, biometric information, and the like as personal authentication information 166A. FIG. 4 is a diagram illustrating an example of the content of the personal authentication information 166A according to the embodiment. The personal authentication information 166A is, for example, information in which biometric information is associated with a personal ID. The biological information is, for example, fingerprint information, face information, iris information, and voiceprint information. The fingerprint information is, for example, information such as the shape, pattern, and color of a fingerprint analyzed from an image captured by the camera 118, or information obtained by converting the information into a predetermined feature amount. The face information is, for example, a contour of a user's face analyzed from an image captured by the camera 118, a shape pattern of a characteristic part (for example, eyes, nose, and mouth), a layout pattern of the characteristic part, a color, and the like. Or information obtained by converting them into a predetermined feature amount. The iris information is, for example, information such as a characteristic pattern pattern or color appearing in the iris portion of the user's eye analyzed from an image captured by the camera 118, or information obtained by converting them into a predetermined feature amount. is there. The voiceprint information is, for example, information such as the loudness and intonation of the voice analyzed from the voice information of the user acquired by the microphone 119, the distribution of the intensity of the frequency component of the voice, and the manner of change with time, or the like. This is the information converted into the feature amount. Note that the personal authentication information 166A may be information in which a PIN (Personal Identification Number) or a terminal ID is associated with a personal ID instead of (or in addition to) biometric information. In addition, since the personal ID and the terminal ID often coincide as long as the same user uses the same terminal, the personal authentication information 166A may be managed separately by each ID, or may be managed by the terminal ID. You may.

  Further, the authentication information registration unit 164A causes the data storage unit 166 to store, for example, key information 166B for performing authentication of the mobile terminal 100 with the entry / exit management server 200. FIG. 5 is a diagram illustrating an example of the content of the key information 166B according to the embodiment. In the key information 166B, for example, authentication key information is associated with a terminal ID for identifying the mobile terminal 100. The authentication key information includes, for example, a common key and a public key. The key information 166B only needs to store at least one of a common key and a public key.

  In the pre-authentication process by the application execution unit 122, the first authentication unit 164B receives the personal ID, biometric information, a password such as a PIN received via the UICC communication unit 162, and the personal information stored in the data storage unit 166. Based on the authentication information 166A, a person authentication process is performed by one or more authentication units. The person authentication process is, for example, a process for confirming the validity of a user. When it is determined that the user is a valid user, it is determined that the authentication is successful, and when it is determined that the user is not a valid user. It is determined that the authentication has failed. When the person authentication has failed, the first authentication unit 164B causes the display control unit 124 to display information indicating the failure on the display unit 114.

  The second authentication unit 164C performs mutual authentication with the entry / exit management server 200 using the key information 166B when the user authentication of the user is successful. The mutual authentication is, for example, an authentication process in which the mobile terminal 100 and the entry / exit management server 200 mutually confirm that the devices are properly authenticated before performing communication. For example, when the receiving side can decrypt information encrypted by the transmitting side with respect to each other's key, the validity of both sides is authenticated. For example, the second authentication unit 164C encrypts predetermined authentication data using a common key or a public key included in the key information 166B stored in the data storage unit 166, and encrypts the predetermined authentication data with the encrypted authentication data. The terminal authentication information including the terminal ID, the person authentication result (information indicating which authentication means has been successfully authenticated), and the PIN is transmitted to the entry / exit management server 200 via the communication unit 140. In addition, the second authentication unit 164C decrypts the encrypted data transmitted from the entry / exit management server 200 using the common key or the public key, and performs a process when the decrypted data is predetermined authentication data. It is determined that the mutual authentication has succeeded. When the terminal authentication has failed, the second authentication unit 164C causes the display control unit 124 to display information indicating the failure on the display unit 114.

  When the personal authentication by the first authentication unit 164B and the terminal authentication by the second authentication unit 164C succeed, the terminal-side authentication state management unit 164D stores the authentication state information 166C including the authentication state of the user in the data storage unit 166. Let it. FIG. 6 is a diagram illustrating an example of the content of the authentication status information 166C according to the embodiment. In the authentication status information 166C, for example, an authentication status, an authentication status holding period, and a session key are associated with a personal ID and a terminal ID. The authentication state is, for example, an authentication method in which the person authentication has succeeded, or information on information about a door D that can be unlocked (for example, a door ID that is door identification information). For example, when the person authentication is successful, the authentication method in which the authentication is successful is stored as authentication information in the authentication state, and when the terminal authentication is also successful, the authentication method for the unlockable door D obtained from the entry / exit management server 200 The information is stored as authentication information. The authentication state holding period is, for example, a period during which the authentication information is valid. The session key is, for example, a key for encrypting or decrypting information communicated between the mobile terminal 100 and the entry / exit management server 200. The session key is information obtained from the entry / exit managed 200 after the terminal authentication succeeds. Further, the terminal-side authentication state management unit 164D performs management such as deleting the authentication state information 166C for which the authentication state holding period has elapsed from the data storage unit 166.

  The data storage unit 166 is realized by, for example, the ROM 155, the RAM 156, and the EEPROM 157. The data storage unit 166 stores, for example, personal authentication information 166A, key information 166B, authentication status information 166C, token 166D, and other information. The token is, for example, a password with use restriction used when the door D is unlocked. The usage restriction may be, for example, a restriction by the number of times (for example, usable up to two times) or a restriction by a period (for example, a specific date limitation or usable for three days after a token is generated).

  Next, a functional configuration of the entry / exit management server 200 will be described. FIG. 7 is a diagram illustrating an example of a functional configuration of the entry / exit management server 200 according to the embodiment. The entry / exit management server 200 includes, for example, a communication control unit 210, a terminal authentication unit (an example of a third authentication unit) 220, a management unit 230, a token generation unit 240, and an unlock / unlock control unit (an example of an unlock control unit). ) 250 and a server-side storage unit 260. These functional units are software functional units that function when a processor such as a CPU executes a program stored in a program memory. Further, some or all of these functional units may be hardware functional units such as an LSI and an ASIC.

  The communication control unit 210 performs control for communicating with the mobile terminal 100 via the wireless router 10 using a wireless communication method such as Wi-Fi or Bluetooth. In addition, the communication control unit 210 receives, for example, information (for example, second unlock information described later) regarding the mobile terminal 100 read by the reader device 20, and locks and unlocks the door D from the lock and unlock control unit 250. The control information for unlocking or unlocking is transmitted to the controller 40.

  The terminal authentication unit 220 performs mutual authentication based on, for example, terminal authentication information from the mobile terminal 100 received by the wireless router 10 and registered terminal authentication information 262 stored in the server-side storage unit 260. FIG. 8 is a diagram illustrating an example of the content of the registered terminal authentication information 262 according to the embodiment. In the registered terminal authentication information 262, for example, a common key and a public key are associated with a terminal ID. For example, the terminal authentication unit 220 refers to the terminal ID of the registered terminal authentication information 262 based on the terminal ID included in the terminal authentication information, and acquires a common key or a public key associated with the matching terminal ID. Further, the terminal authentication unit 220 decrypts the encrypted authentication data included in the terminal authentication information with the acquired common key or public key, and when the decrypted data matches the predetermined authentication data, It is determined that the mobile terminal 100 is valid. When the mobile terminal 100 is valid (when the terminal authentication is successful), the authentication data is encrypted with the common key or the public key of the registered terminal authentication information 262, and the encrypted data is transmitted via the wireless router 10. Output to the mobile terminal 100.

  The management unit 230 includes, for example, a server-side authentication state management unit (an example of an information generation unit) 232 and a session key management unit 234. When the mutual authentication with the mobile terminal 100 is successful in the authentication result by the terminal authentication unit 220, the server-side authentication state management unit 232 determines the terminal ID included in the terminal authentication information, the personal authentication result of the mobile terminal 100, and the PIN. The authentication state information 266 is generated based on the above, and the generated authentication state information 266 is stored in the server-side storage unit 260. Further, the server-side authentication state management unit 232 refers to the door management information 264 based on the person authentication result, and extracts a door that can be unlocked based on the person authentication result.

  FIG. 9 is a diagram illustrating an example of the content of the door management information 264 according to the embodiment. The door management information 264 includes, for example, a door ID including a reader ID as identification information of the reader device 20, an electronic lock ID as identification information of the electronic lock 30, a controller ID 40 as identification information of the controller 40, and authentication means information. Are associated. In the example of FIG. 9, it indicates that password authentication (for example, authentication with a PIN) must succeed in unlocking the door D1, and password authentication and fingerprint authentication require unlocking of the door D2. It is necessary to succeed in two authentications. For example, the number and type of authentication means for the door are set in accordance with, for example, the importance and confidentiality of a room to be entered (for example, confidential documents and important devices are placed).

  The server-side authentication state management unit 232 refers to the authentication means information of the door management information 264 based on the person authentication result, and stores the information of the matching door ID in the authentication state of the authentication state information 266 as a releasable door. I do. Further, the server-side authentication state management unit 232 stores the validity period of the authentication state information 266 corresponding to the terminal ID and the PIN in the authentication state holding period. The server-side authentication state management unit 232 may set the authentication state holding period to a fixed period, and may set a variable period based on the type of door that can be unlocked, an access right that is previously associated with the terminal ID or PIN, or the like. May be set. By setting the variable period, it is possible to perform entry control with appropriate security for each door. Further, the server-side authentication status management unit 232 causes the communication control unit 210 to transmit the authentication status information 266 corresponding to the mobile terminal 100 to the mobile terminal 100 via the wireless router 10.

  When mutual authentication with the mobile terminal 100 by the terminal authentication unit 220 succeeds, the session key management unit 234 generates a session key, and stores the generated session key in the authentication state information 266. Further, the session key management unit 234 encrypts the generated session key with a common key or a public key of the mobile terminal 100, and causes the communication control unit 210 to transmit the generated session key to the mobile terminal 100 via the wireless router 10. Thereby, the mobile terminal 100 and the entry / exit management server 200 can exchange and share the session key, and can transmit / receive information after encrypting information in the subsequent communication with the session key. Further, the session key management unit 234 may exchange and share session keys by using a key exchange algorithm such as DH (Diffie Hellman) or ECDH (Elliptic Curve Diffie Hellman). The key exchange by DH uses, for example, a one-way function based on the discrete logarithm problem to transmit and receive information calculated from the session key instead of the session key itself. The key exchange by ECDH means, for example, key exchange by DH using elliptic curve encryption. As a result, even if the session key is eavesdropped by a third party, the session key is not immediately known unless the eavesdropper solves the discrete logarithm problem, so that key exchange can be performed more securely. The session key is discarded, for example, after a series of communication between the mobile terminal 100 and the entry / exit management server 200 is completed, or after an authentication state holding period has elapsed.

  FIG. 10 is a diagram illustrating an example of the content of the authentication status information 266 according to the embodiment. In the authentication state information 266, for example, an authentication state, an authentication state holding period, and a session key are associated with a terminal ID and a PIN. The server-side authentication state management unit 232 manages the authentication state holding period, and performs management such as deleting the authentication state information 266 after the holding period from the server-side storage unit 260.

  For example, when a token acquisition request from the mobile terminal 100 is acquired, the token generation unit 240 is configured to unlock the unlockable door included in the authentication state or the specific door for which the unlock request has been issued. A token is generated, and the generated token is transmitted to the mobile terminal 100 via the wireless router 10 by the communication control unit 210. In addition, the token generation unit 240 stores the generated token in the server-side storage unit 260 as the token 268 in association with the terminal ID.

  The locking / unlocking control unit 250 generates control information for unlocking the corresponding door based on the unlocking information from the mobile terminal 100 read by the reader device 20, and sends the generated control information to the target door. Output.

  The server-side storage unit 260 is realized by, for example, an HDD, an SSD, a ROM, a RAM, and the like. The server-side storage unit 260 stores, for example, registered terminal authentication information 262, door management information 264, authentication status information 266, token 268, and information used for various processes of the entry / exit management server 200.

  Next, the pre-authentication processing of the embodiment will be specifically described. FIG. 11 is a sequence diagram illustrating a pre-authentication process according to the embodiment. The process illustrated in FIG. 11 is, for example, a process executed before the mobile terminal 100 is held over the reader device 20 and the unlocking process is executed, and the execution operation of the pre-authentication application 132 is received by the user input unit 113. In this case, the pre-authentication application 132 is activated, and the function of the application execution unit 122 is realized.

  First, the application execution unit 122 performs a person authentication process using one or a plurality of authentication units set in advance (step S100). Specifically, the display control unit 124 causes the display unit 114 to display an authentication unit selection screen for selecting one or a plurality of authentication units from the plurality of authentication units. FIG. 12 is a diagram illustrating an example of the authentication unit selection screen IM1 according to the embodiment. The screen layout shown in FIG. 12 is not limited to this, and the same applies to the following screen examples. The authentication means selection screen IM1 includes a plurality of icons IC1 to IC5. In the example of FIG. 12, the application execution unit 122 executes password authentication when the icon IC1 is selected by the user, and executes fingerprint authentication when the icon IC2 is selected. The application executing unit 122 performs face authentication when the icon IC3 is selected, performs iris authentication when the icon IC4 is selected, and performs voiceprint authentication when the icon IC5 is selected. When the icon IC6 is selected, the application executing unit 122 ends the person authentication.

  For example, when the icon IC1 is selected and authentication using a password is performed, the application execution unit 122 controls the display control unit 124 to display an image for inputting a PIN on the display unit 114. Next, the application execution unit 122 performs communication with the UICC communication unit 162 of the UICC 150 by the card communication unit 142 based on the PIN input by the input unit 113, and causes the first authentication unit 164B to execute person authentication. When the PIN is received by the UICC communication unit 162, the first authentication unit 164B obtains the PIN included in the personal authentication information 166A and determines whether the obtained PIN matches the received PIN. If the two PINs match, the first authentication unit 164B determines that the person authentication using the password has succeeded, and if not, determines that the person authentication using the password has failed. Then, the first authentication unit 164B outputs the authentication result to the application execution unit 122.

  When the icon IC2 is selected and the authentication is performed using the fingerprint, the application executing unit 122 activates the camera 118 and causes the display unit 114 to display an image captured by the camera 118. Next, the display control unit 124 superimposes an image including a message prompting photographing of a fingerprint on the image captured by the camera 118 and displays the image. The application execution unit 122 analyzes the image captured by the camera 118 and acquires fingerprint information. Next, the application execution unit 122 communicates with the UICC communication unit 162 of the UICC 150 by the card communication unit 142 based on the fingerprint information, and causes the first authentication unit 164B to execute person authentication. Instead of using UICC, personal authentication may be internally performed using a CPU of a mobile phone or the like and fingerprint information stored in advance in a memory.

  When the UICC communication unit 162 receives the fingerprint information, the first authentication unit 164B acquires the fingerprint information included in the personal authentication information 166A, and determines whether the acquired fingerprint information matches the received fingerprint information. judge. The first authentication unit 164B determines that the person authentication based on the fingerprint information has succeeded when the two pieces of fingerprint information match, and determines that the person authentication based on the fingerprint information has failed when the two pieces of fingerprint information do not match. Then, the first authentication unit 164B outputs the authentication result to the application execution unit 122.

  When the icon IC3 is selected and authentication by face authentication is performed, the application execution unit 122 activates the camera 118 and causes the display unit 114 to display an image captured by the camera 118. Next, the display control unit 124 generates an image including a message urging the photographing of the face, and superimposes the generated image on the image captured by the camera 118 and causes the display unit 114 to display the image. The application execution unit 122 analyzes the image captured by the camera 118 and acquires face information. Next, the application execution unit 122 communicates with the UICC communication unit 162 of the UICC 150 by the card communication unit 142 based on the face information, and causes the first authentication unit 164B to execute person authentication. Instead of using UICC, person authentication may be internally performed using a CPU of a mobile phone or the like and information corresponding to face information stored in a memory in advance. When the UICC communication unit 162 receives the fingerprint information, the first authentication unit 164B acquires the face information included in the personal authentication information 166A, and determines whether the acquired face information matches the received face information. judge. When the two pieces of face information match, the first authentication unit 164B determines that the person authentication based on the face information has succeeded, and when the two face information do not match, determines that the person authentication based on the face information has failed. Then, the first authentication unit 164B outputs the authentication result to the application execution unit 122. In the same manner as described above, a voiceprint is obtained from the voice input from the microphone 119, and the voiceprint is obtained by using the information corresponding to the voiceprint information previously stored in the memory with the CPU of a UICC or a mobile phone or a mobile phone. The personal authentication may be performed in a targeted manner. As described above, person authentication can be performed using all kinds of biometric information.

  When the icon IC4 is selected and authentication is performed using iris information, similar authentication is performed using iris information instead of the face information in the above-described authentication method using face information. Omitted. When the icon IC5 is selected and authentication is performed using voiceprint information, the application execution unit 122 activates the microphone 119 and causes the display control unit 124 to display an image including a message prompting utterance on the display unit 114. In this case, the application execution unit 122 may cause the display unit 114 to display an image including a message for uttering a specific character or sentence. Next, the application execution unit 122 analyzes the voice information obtained by the microphone 119 and obtains voiceprint information. Next, the application execution unit 122 communicates with the UICC communication unit 162 of the UICC 150 by the card communication unit 142 based on the voiceprint information, and causes the first authentication unit 164B to execute person authentication. When the UICC communication unit 162 receives the voiceprint information, the first authentication unit 164B obtains the voiceprint information included in the personal authentication information 166A, and determines whether the obtained voiceprint information matches the received voiceprint information. judge. When the two pieces of voiceprint information match, the first authentication unit 164B determines that the person authentication based on the voiceprint information has succeeded, and when the two pieces do not match, determines that the person authentication based on the voiceprint information has failed. Then, the first authentication unit 164B outputs the authentication result to the application execution unit 122. The application execution unit 122 may cause the display control unit 124 to display each authentication result on the display unit 114.

  Next, in the processing of step S100, if the authentication is successful, the application execution unit 122 sets an authentication method for unlocking the door D (step S102). In the process of step S102, the application execution unit 122 may set one authentication method at random from the plurality of authentication methods authenticated in the process of step S100, for example. do. Next, the application execution unit 122 causes the data storage unit 166 in the UICC 150 to store the authentication status information including the authentication result (Step S104). In the process of step S104, the authentication method at the time of unlocking set in step S102 may be stored in the data storage unit 166. Next, the second authentication unit 164C transmits the terminal authentication information including the key information 166B and the like stored in the data storage unit 166 to the entry / exit management server 200, and executes the mutual authentication (Step S106).

  The terminal authentication unit 220 of the entry / exit management server 200 performs authentication (mutual authentication) of the mobile terminal 100 using the key information based on the terminal authentication information received from the mobile terminal 100 (Step S108). When the authentication of the mobile terminal 100 is successful, the server-side authentication status management unit 232 generates authentication status information (Step S110), and transmits the generated authentication status information to the mobile terminal 100 (Step S112). Next, the server-side authentication state management unit 232 stores the generated authentication state information in the server-side storage unit 260 (Step S114).

  Next, the application execution unit 122 of the mobile terminal 100 receives the authentication status information transmitted by the entry / exit management server 200 in the process of step S114, and stores the authentication status information in the data storage unit 166 based on the received authentication status information. The authentication status information 166C is updated (step S116). In the process of step S116, the application execution unit 122 may replace the authentication status information 166C stored in the data storage unit 166 with the received authentication status information, or may rewrite and update only the difference information.

  In the process of step S116, the application execution unit 122 may cause the display control unit 124 to display the information on the authentication status included in the received authentication status information on the display unit 114. FIG. 13 is a diagram illustrating an example of the authentication status screen IM2 according to the embodiment. The authentication status screen IM2 illustrated in FIG. 13 includes information on a door that can be unlocked due to the current authentication status. The example in FIG. 13 shows that the doors D1 and D4 can be unlocked by the person authentication and the terminal authentication. The display control unit 124 displays on the authentication status screen IM2 icons IC11 and IC12 for selecting one of the unlockable doors D1 and D4, and an icon IC13 for terminating the authentication status screen IM2. You may. In addition, the above merely indicates that the door can be unlocked, and in some cases, it is necessary to select a door further, or even without selecting, approach the door and hold the portable terminal over the reader device, for example. Even so, it is possible to clarify which door has been designated.

  Next, when the person authentication and the terminal authentication are successful, the session key management unit 234 of the entry / exit management server 200 generates a session key (Step S118), and transmits the generated session key to the mobile terminal 100 (Step S120). ). Next, the session key management unit 234 stores the generated session key in the authentication status information 266 (Step S122).

  The application execution unit 122 receives the session key transmitted from the entry / exit management server 200 in the process of step S120, and stores the received session key in the authentication state information 166C (step S124). Thus, the processing of this sequence ends.

  Next, the token acquisition processing of the embodiment will be specifically described. FIG. 14 is a sequence diagram illustrating the token acquisition processing according to the embodiment. The process shown in FIG. 14 is executed by the pre-authentication application 132, and shows, for example, a process when a specific door is selected by the user on the authentication status screen IM2 shown in FIG.

  First, the application execution unit 122 encrypts the terminal ID and the authentication status included in the authentication status information 166C with the session key (Step S200). In the process of step S200, information on the door to be unlocked (for example, door ID) selected on the authentication status screen IM2 may be used instead of the authentication status. Further, the encryption processing in step S200 may be performed in a secure element such as the UICC 150. Next, the application execution unit 122 transmits the encrypted information to the entry / exit management server 200 via the wireless router 10 (Step S202).

  The server-side authentication status management unit 232 of the entry / exit management server 200 decrypts the information received by the wireless router 10 with the session key, and acquires the terminal ID and the authentication status (Step S204). Next, the token generation unit 240 generates a token based on the terminal ID and the authentication state, and stores the generated token in the server-side storage unit 260 (Step S206). Next, the server-side authentication state management unit 232 encrypts the generated token with the session key (Step S208), and transmits the encrypted token to the portable terminal 100 by the wireless router 10 (Step S210). Next, when the authentication state holding period (for example, 5 hours, 1 day, etc.) included in the authentication state information 266 has elapsed, the server-side authentication state management unit 232 stores the authentication state stored in the server-side storage unit 260. The information 266 and the token 268 are deleted (step S212).

  Next, the application execution unit 122 of the mobile terminal 100 decrypts the token with the session key (Step S214), and stores the token 166D obtained by the decryption in the data storage unit 166 (Step S216). Next, when the authentication state holding period included in the authentication state information 166C has elapsed, the terminal-side authentication state management unit 164D deletes the authentication state information 166C and the token (step S218). Thus, the processing of this sequence ends. The process executed by the pre-authentication application 132 described above may acquire a token and unlock the door when entering or leaving a predetermined area, for example. Both doors may be unlocked when leaving.

  Next, the unlocking execution process of the embodiment will be specifically described. FIG. 15 is a sequence diagram for explaining the unlocking execution process according to the embodiment. In the following processing, the execution processing at the time of entering a room will be described, but the processing is performed similarly at the time of leaving the room. In the process illustrated in FIG. 15, for example, when the execution operation of the unlock application 134 is received by the input unit 113 of the user, the function of the application execution unit 122 by the unlock application 134 is realized.

  First, the application execution unit 122 performs person authentication using the authentication method set in the process of step S102 (step S300). In the process of step S300, the burden on the user when executing unlocking can be reduced by using one set authentication method instead of a plurality of authentication methods. By the process of step S300, for example, even after the portable terminal 100 is stolen after the token is acquired, it is possible to suppress the third party from easily unlocking the door using the token, Security can be further improved. Note that the processing in step S102 and step S300 described above may be omitted.

  When the person authentication has failed, the application execution unit 122 causes the display control unit 124 to display information indicating that fact on the display unit 114, and does not execute the subsequent processing. When the personal authentication is successful, the application execution unit 122 reads the token 166D stored in the data storage unit 166, generates first unlock information including the read token 166D and a random number (step S302), and generates The first unlock information is transmitted to the access management server 200 via the wireless router 10 (step S304). Next, the application execution unit 122 generates second unlock information in which the random number used in the process of step S302 is encrypted using the session key (step S306). In the process of step S306, the application execution unit 122 converts the second unlock information obtained by encrypting the random number using the session key into a one-dimensional barcode such as a two-dimensional barcode such as a QR code, DataMatrix, and AztecCode. Or the like, and the process of generating the second unlock information may include a process of converting to the code information. Next, the application execution unit 122 causes the reader device 20 to read the generated second unlock information (step S308). In the process of step S308, for example, the user may cause the mobile terminal 100 to approach the reader device 20 so that the second unlock information is read by NFC communication. The second unlock information may be read by the reader device 20 by displaying the code information of the unlock information on the display unit 114 and holding the displayed code information over the reader device 20. The reader device 20 transmits the acquired second unlock information to the access management server 200.

  Next, the locking / unlocking control unit 250 of the entry / exit management server 200 specifies the terminal ID from the token included in the first unlocking information received from the wireless router 10, and refers to the authentication status information 266 from the specified terminal ID. The session key is specified (step S310). Next, the lock / unlock control unit 250 generates authentication data by encrypting the random number included in the first unlock information using the session key (step S312). Next, the locking / unlocking control unit 250 compares the generated authentication data with the second unlocking information (step S314), and when they match, identifies the terminal ID from the token and the authentication state information from the identified terminal ID. 266 is specified to check the authentication state, the authentication state holding period, and the like, and when a predetermined unlocking condition is satisfied, control is performed to unlock the electronic lock 30 of the corresponding door D (step S316). In the process of step S316, the locking / unlocking control unit 250, for example, if the door requested to be unlocked is a door that can be unlocked in the authentication state, and if the authentication state holding period has not passed, It is determined that the lock condition is satisfied. When the unlocking condition is satisfied, the locking / unlocking control unit 250 refers to the door management information 264 based on the door ID for which the unlocking is requested, and acquires an electronic lock ID and a controller ID corresponding to the matching door ID, The unlock control for the acquired electronic lock ID is executed for the acquired controller ID.

  Next, the lock / unlock control unit 250 transmits information indicating that the lock has been unlocked to the mobile terminal 100 (step S318). If the predetermined unlocking condition is not satisfied in the process of step S316, the locking / unlocking control unit 250 transmits information indicating that unlocking is not possible to the portable terminal 100 by the process of step S318.

  Next, the display control unit 124 causes the display unit 114 to display the information transmitted by the process of step S318 (step S320). Next, the entry / exit management server 200 performs control to lock the electronic lock 30 after a lapse of a predetermined time from unlocking (step S322). Thereby, it is possible to suppress a state where the user is left unlocked, and it is possible to prevent a third party from entering a predetermined area. Thus, the present sequence processing ends.

  Here, a modified example of the embodiment will be described. For example, in the process of FIG. 15, the application execution unit 122 sets information including a token and a random number as first unlock information, and sets information obtained by encrypting a random number using a session key as second unlock information. Instead, the information included in the token and the authentication information included in the authentication status information 166C may be used as the first unlock information, and the token may be used as the second unlock information. In this case, the locking / unlocking control unit 250 of the entry / exit management server 200 checks the tokens included in the first unlocking information and the tokens included in the second unlocking information, and when the tokens match, the tokens are included in the first unlocking information. Control is performed to unlock the unlockable door included in the authentication information. In this manner, even if wiretapping of communication or the like is performed by using a token, it is difficult to identify an individual, so that security can be further improved. In addition, unlocking control with high security can be performed without performing encryption processing.

  In the above-described embodiment, the first authentication unit 164B performs, as the pre-authentication process, authentication by one or a plurality of authentication units selected on the authentication unit selection screen IM1 shown in FIG. 13 is displayed on the authentication status screen IM2 shown in FIG. 13, but instead, the selection of the door to be unlocked may be received first, and the authentication means corresponding to the received door may be executed. .

  FIG. 16 is a diagram illustrating an example of the door selection screen IM3 according to the embodiment. After starting the pre-authentication application 132, the application execution unit 122 causes the display control unit 124 to generate the door selection screen IM3, and causes the display unit 114 to display the generated door selection screen IM3. On the door selection screen IM3, a list of doors of rooms and facilities for which entry and exit are managed by the entry and exit management server 200 is displayed. The list of doors may be displayed hierarchically for each floor of the building, or only the doors for entering and exiting the room specified by the search function may be displayed. In the example of FIG. 16, icons IC21 to IC23 associated with the doors D1 to D3 are displayed on the door selection screen IM3.

  When the user selects a door from the door selection screen IM3, the application execution unit 122 inquires of the entry / exit management server 200 about authentication means information corresponding to the selected door, and reads the door from the door management information 264 of the entry / exit management server 200. To acquire authentication means information corresponding to. Note that the door management information 264 may be stored in the terminal storage unit 130 in advance, or the corresponding authentication unit information may be acquired from the door management information 264 stored in the terminal storage unit 130. Then, the application execution unit 122 causes the display control unit 124 to generate an authentication screen IM4 for notifying the acquired authentication means information, and causes the display unit 114 to display the generated authentication screen IM4.

  FIG. 17 is a diagram illustrating an example of the authentication screen IM4 according to the embodiment. In the example of FIG. 17, when the icon IC22 of the door D2 is selected on the door selection screen IM3, two authentication means (password authentication and fingerprint authentication) for unlocking the door D2 are displayed on the authentication screen IM4. Is displayed. In the example of FIG. 17, an icon IC31 for executing password authentication and an icon IC32 for executing fingerprint authentication are displayed as person authentication for unlocking the door D2. As a result, the user performs pre-authentication by the authentication means displayed on the authentication screen IM4. According to the above-described modification, since only the authentication method corresponding to the door to be unlocked needs to be performed, the pre-authentication can be performed efficiently.

  In the above-described embodiment, the secure element is provided in the mobile terminal 100. However, a similar configuration may be provided in the entry / exit management server 200. In this case, when performing pre-authentication, the application execution unit 122 of the mobile terminal 100 accesses the secure element of the entry / exit management server 200 to acquire information for performing person authentication, and uses the acquired information to perform person authentication. Execute Further, the application execution unit 122 may transmit input information for performing authentication by one or a plurality of authentication units to the entry / exit management server 200, and may execute the person authentication based on the input information and the personal authentication information on the server side. Good. Thus, by managing information required for personal authentication in the secure element of the entry / exit management server 200, personal authentication information can be managed in an integrated manner.

  According to at least one embodiment described above, the entry / exit management system 1 includes the portable terminal 100 owned by the user and the entry / exit management server 200 that performs entry / exit management using the portable terminal 100. The mobile terminal 100 includes a first authentication unit 164B that performs personal authentication by one or a plurality of authentication units associated with a door to be unlocked, an NW communication unit 116 that communicates with the entry / exit management device, and a first authentication unit. When the person authentication by the unit 164B is successful, the NW communication unit communicates with the entry / exit management server 200 to perform terminal authentication of the mobile terminal 100 based on the key information, and the mobile phone by the second authentication unit 164C. A data storage unit that stores authentication state information transmitted from the entry / exit management server 200 and including information on a releasable door corresponding to the authentication unit executed by the first authentication unit 164B when the authentication of the terminal 100 is successful. 166 and the reader device 20 connected to the entry / exit management server 200 reads the unlock information associated with the authentication status information stored in the data storage unit 166. Provided with, and unlocking app 134 to unlock the door at the. The entry / exit management server 200 includes a terminal authentication unit (third authentication unit) 220 for authenticating the mobile terminal 100 based on the key information, and an authentication unit executed by the first authentication unit 164B when the authentication by the terminal authentication unit 220 is successful. And the server-side authentication state management unit 232 that generates authentication state information based on the authentication result by the terminal authentication unit 220 and the unlock information received by the reader device 20 and the server-side authentication state management unit 232. A lock / unlock control unit that checks the authentication state information and unlocks the door when the check result satisfies a predetermined unlocking condition. Thereby, the unlocking time of the door at the time of entry and exit can be reduced.

  Further, according to at least one embodiment described above, by performing person authentication by a plurality of authentication units, security in entrance / exit management can be improved, and the authentication unit can be used before the door is actually unlocked. By succeeding, the time for unlocking can be reduced. According to at least one embodiment, the pre-authentication process is performed using a wireless communication method such as Wi-Fi or Bluetooth having a relatively long communication distance, so that the reader device 20 installed near the door can be visited. Without prior authentication. In addition, according to at least one embodiment, authentication can be performed using biometric information acquired by using the camera 118, the microphone, or the like provided in the mobile terminal 100. Therefore, the biometric information is read by the reader device 20. There is no need to provide a mechanism, and costs on the entry / exit management side (for example, costs of the reader device 20) can be reduced.

  Further, according to at least one embodiment, the personal authentication information and the authentication status information are managed in a secure element such as the UICC, so that even when the portable terminal 100 is stolen, the personal authentication information and the authentication status information are stored. Or tampering can be suppressed. Also, by using a token or a random number in the unlocking process, it becomes difficult to identify an individual by eavesdropping on communication or the like, so that security can be further improved. The above-described embodiment can be applied, for example, in a case where a plurality of authentications are required, or in a case where authentication means is different depending on a situation or the like.

  Note that a program for realizing the functions of the components included in the UICC 150 in the embodiment is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into a computer system and executed to execute the above-described operation. The processing in each configuration included in the UICC 150 may be performed. Here, "to make the computer system read and execute the program recorded on the recording medium" includes installing the program in the computer system. The “computer system” here includes an OS and hardware such as peripheral devices. The “computer-readable recording medium” refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a storage device such as a hard disk built in a computer system.

  Although several embodiments of the present invention have been described, these embodiments are provided by way of example and are not intended to limit the scope of the invention. These embodiments can be implemented in other various forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. These embodiments and their modifications are included in the scope and gist of the invention, and are also included in the invention described in the claims and equivalents thereof.

  DESCRIPTION OF SYMBOLS 1 ... Entry / exit management system, 10 ... Wireless router, 20 ... Reader device, 30 ... Electronic lock, 40 ... Controller, 100 ... Portable terminal, 113 ... Input unit, 114 ... Display unit, 116 ... NW communication unit, 118 ... Camera, 119: microphone, 120: control unit, 122: application execution unit, 124: display control unit, 130: terminal storage unit, 132: pre-authentication application, 134: unlocking application, 140: communication unit, 142: card communication unit , 144: NFC communication unit, 150: UICC communication unit, 162: UICC communication unit, 164: UICC control unit, 164A: authentication information registration unit, 164B: first authentication unit, 164C: second authentication unit, 164D: terminal-side authentication state Management unit, 166: data storage unit, 200: entry / exit management server, 210: communication control unit, 220: terminal authentication unit, 230: management unit, 240: token generation Department, 250 ... unlocking control unit, 260 ... server-side storage unit

Claims (10)

In an entry / exit management system including a portable electronic device possessed by a user and an entry / exit management device that performs entry / exit management using the portable electronic device,
The portable electronic device comprises:
A first authentication unit that performs personal authentication by one or more authentication units associated with the door to be unlocked,
A communication unit that communicates with the entry / exit management device;
A second authentication unit that, when the person authentication by the first authentication unit is successful, accesses the access control device by the communication unit and authenticates the portable electronic device based on key information;
When the authentication of the portable electronic device by the second authentication unit is successful, authentication state information transmitted from the entry / exit management device and including information on an unlockable door corresponding to the authentication unit is stored. A storage unit,
An unlock request unit that unlocks the door by reading unlock information associated with the authentication state information stored in the storage unit by a reader device connected to the entry / exit management device,
The entry and exit management device,
A third authentication unit that authenticates the portable electronic device based on the key information;
An information generating unit configured to generate the authentication state information based on an authentication unit used for the person authentication and an authentication result by the third authentication unit when the authentication by the third authentication unit is successful;
Unlock information received by the reader device, the authentication state information generated by the information generation unit is compared, and if the result of the comparison satisfies the unlock condition, an unlock control unit that unlocks the door. Comprising,
Access control system. The portable electronic device includes a secure element,
The first authentication unit performs a person authentication using information input in association with the one or more authentication units and authentication information stored in the secure element.
The access control system according to claim 1. The second authentication unit performs mutual authentication between the portable electronic device and the entry / exit management device based on a common key or a public key included in the key information.
The entry / exit management system according to claim 1. The portable electronic device, when the authentication state holding period included in the authentication state information has elapsed, deletes the authentication state information stored in the storage unit,
The access control system according to any one of claims 1 to 3. The portable electronic device obtains a token for unlocking an unlockable door included in the authentication status information from the access management device,
The unlock request unit transmits the token and the random number to the entry / exit management device by the communication unit, and then causes the reader device to read unlock information obtained by encrypting the random number, thereby unlocking the door. Make a lock request,
The entry / exit management system according to claim 1. The unlock control unit encrypts the random number from the key information associated with the token, checks the encrypted data against the unlock information, and, when the result of the check satisfies the unlock condition, Unlock the door,
The access control system according to claim 5. In an access control device that performs access control using a portable electronic device possessed by a user,
A communication unit that communicates with the portable electronic device;
A terminal authentication unit that authenticates a portable electronic device for which personal authentication has succeeded in advance by using key information received by the communication unit,
An information generating unit configured to generate authentication state information including information on an unlockable door based on the authentication result in the person authentication and the authentication result by the terminal authentication unit when the authentication by the terminal authentication unit is successful; When,
The unlock information from the portable electronic device read by the reader device connected to the entry / exit management device is compared with the authentication status information generated by the information generating unit, and the result of the comparison is unlocked. An unlock control unit that unlocks the door when the condition is satisfied,
An entry / exit management device comprising: A first authentication unit that performs personal authentication by one or more authentication units associated with the door to be unlocked,
A communication unit that communicates with an entry / exit management device that performs entry / exit management of the door;
A second authentication unit that, when the person authentication by the first authentication unit is successful, accesses the access control device by the communication unit and performs terminal authentication of the portable electronic device based on the key information;
When the terminal authentication by the second authentication unit is successful, a storage unit that stores authentication state information transmitted from the entry / exit management device and includes information on an unlockable door corresponding to the authentication unit,
An unlock request unit that unlocks the door by reading unlock information associated with the authentication state information stored in the storage unit by a reader device connected to the access control device;
A portable electronic device comprising: The computer of the entry / exit management device that performs entry / exit management using the portable electronic device owned by the user,
Causing the portable electronic device to communicate with a communication unit,
A portable electronic device for which personal authentication has been successful in advance is authenticated by the key information received by the communication unit,
When the authentication by the key information is successful, based on the authentication result in the person authentication and the authentication result by the key information, generate authentication state information including unlockable door information,
The unlock information from the portable electronic device read by the reader device connected to the entry / exit management device is compared with the authentication status information, and when the result of the check satisfies the unlock condition, the Unlock the door,
program. In the computer of the portable electronic device,
Causing the person to be authenticated by one or more authentication means associated with the door to be unlocked,
Communication with an access control device and a communication unit for performing access control of the door,
When the person authentication is successful, the communication unit allows the access control device to access,
Causing the portable electronic device to perform terminal authentication based on the key information received by the communication unit,
When the terminal authentication is successful, the storage unit stores authentication state information transmitted from the entry / exit management device and including information on an unlockable door corresponding to the authentication unit,
Unlocking the door by reading the unlock information associated with the authentication state information stored in the storage unit with a reader device connected to the access control device,
program.

Images