JP3743234B2 - Gate management system - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a security check procedure using a card that records and possesses personal information such as an IC card or an IC chip related to a method for realizing a check gate that performs high-accuracy management of gate passers in entrance and exit of a specific facility. It is about.
[0002]
[Prior art]
Check gates are installed at places where an unspecified number of people come and go, such as airport boarding inspection gates and event venues, and entry / exit confirmation is required. Visual inspection by inspectors and X-ray irradiation of metal detectors and baggage Etc. to check illegally carried items and pass / fail judgment based on whether the ticket is correct or not.
[0003]
In addition, since the personal information necessary for the security check could not be recorded sufficiently from the security aspect, the check gate server or the check gate for each system was separately set for determining whether or not to pass, in addition to the data recorded in the ID card. He had a host and made a decision based on the information he searched for personal information.
[0004]
In addition, there are the following known examples describing known techniques related to the present invention.
[0005]
Known example (1)
JP-A-10-188056: General example (1) of airport integrated IC card system uses non-contact IC card to manage the movement of users in the airport, improve the flow of users, This is a shortening.
[0006]
[Problems to be solved by the invention]
The conventional technique has a problem that labor costs are required because an inspector relies on human hands such as visual inspection, inspection of a metal detector / baggage X-ray irradiation device, and determination of whether a ticket is correct or not.
[0007]
In addition, in the known example (1), registration of personal information and confirmation of authority at the airport is performed, and there is a problem that the passage permission condition cannot be changed with respect to the security level that changes depending on the situation. There was a problem that passage judgment that relied on manpower was added.
[0008]
In addition, due to security strength and privacy issues of the IC card, sufficient personal information cannot be recorded on the IC card, so that a security check server and host must be prepared independently.
[0009]
In addition, when the personal information of the IC card and the security check server or host is insufficient as information for determining the corresponding security level, there is a problem that it is not possible to determine whether or not it can pass.
[0010]
An object of the present invention is to automate security checks using an ID card that can record personal information such as a check gate and an IC card in the card, thereby improving efficiency (reducing labor costs).
[0011]
Another object of the present invention is that the personal information can be confirmed by going back to the personal history of the person in the past from the contents of "Do you have a dangerous thing" that can be checked in the physical security check that has been done only for the moment? It is to switch to the content “Is it a dangerous person?”.
[0012]
Another object of the present invention is to perform identity verification to determine whether the ID card holder and the personal information recorded on the ID card do not match, to ensure passability by confirming personal information, and by impersonation It is to prevent crime.
[0013]
[Means for Solving the Problems]
The present invention performs security checks for acts such as admission at a place where an unspecified number of people gather, by checking personal information with a check gate and an ID card in which personal information is recorded. The security check level is gradually changed. An example of changing the security check level is realized by increasing the judgment items for whether or not the gate can pass when there is an abnormality as compared with the normal case.
[0014]
In a first aspect, the present invention provides a gate management system that performs processing for determining a disclosure range of personal information in an ID card according to a security level of an inner area of the gate.
[0015]
In a second aspect, the present invention provides a gate management system characterized in that the passage permission condition is changed according to the security level, and the security level is changed as needed for each gate situation.
[0016]
In a third aspect, the present invention provides personal information recorded on a host computer or personal information of an external company only when information necessary for passing through a gate cannot be obtained from a card. Provided is a gate management system characterized by connecting to a database at any time, collecting information necessary for passability determination and determining passability.
[0017]
In a fourth aspect, the present invention relates to usage history information among personal information registered in a card, and a function for adding / updating information using logic of a CPU in the card every time it passes through a check gate And a gate management system characterized in that the use history information is used to determine whether or not to pass.
[0018]
In a fifth aspect, the present invention provides a gate management system characterized by having a function of authenticating whether or not personal information registered in a card matches the cardholder.
[0019]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be described. Note that the present invention is not limited thereby.
[0020]
(1) Configuration of Gate Management System FIG. 1 shows the configuration of a gate management system according to an embodiment of the present invention.
[0021]
The gate management system includes a gate 100 that secures the security level of the inner area, and a card 110 possessed by the user.
[0022]
The gate 100 includes a processing unit 101 that processes information, a memory 102 that stores information for checking a gate security level and card validity, and processing procedure information, and a reader / writer unit 103 that communicates with the card 110. And a display device 104 (including opening / closing of the gate) that displays whether the gate can pass or not.
[0023]
The card 110 includes a processing unit 111 that processes information, a memory 112 that stores processing procedure information, personal information, and authority information, and an input / output unit 113 that communicates with the gate 100 and inputs / outputs information. Has been.
[0024]
FIG. 2 shows a processing flow of one embodiment of the present invention.
[0025]
Step 200: The following process is started by presenting the user's ID card to the gate. 210 shows processing and possession information on the gate side, and 220 shows processing and possession information on the card side.
[0026]
Steps 201 and 202: Communication is performed between the gate and the ID card to confirm the validity of the ID card. As a method for confirming the validity, a method using public key cryptography is conceivable. Specifically, it is possible to confirm the validity by decrypting the electronic certificate 221 registered in the ID card using the public key information 211 of the ID card issuer and confirming the electronic signature.
[0027]
Step 203: The information disclosure range is determined from the pass / fail condition parameter 221 determined by the security level, and sent from the gate to the card.
[0028]
Step 204: In the ID card, the disclosed information is limited from the personal information 222, the authority information 223, the credit information 224, and the history information 225 according to the information disclosure range.
[0029]
Step 205: The information limited in 204 is transmitted to the gate.
[0030]
Step 206: The data sent in 205 is checked against the pass / fail condition, and pass / fail is determined.
[0031]
Step 207: The gate displays the result, and the result is digitally signed and transmitted to the card.
[0032]
Step 208: The card updates / adds the result to the history information. Specifically, “pass permission (non-permission) at y gate of security level x” is written with the electronic signature of the gate.
[0033]
Step 209: Open and close the gate door.
[0034]
FIG. 3 shows a configuration of a gate management system connected to an external DB which is an embodiment of the present invention.
[0035]
The gate management system connected to the DB includes a gate 100, a DB system 320 connected via the LAN 324 to which the gate 100 is connected, and a DB system 310 connected via the Internet 314 to which the DB system 320 is connected. It is composed of
[0036]
The DB system 320 connected to the gate 100 via the LAN 324 searches the personal information DB 322 holding personal information supplementing the card information, the DB 323 holding various ID card information, and searches for more appropriate information from these information. The server computer 321 is made up of.
[0037]
The DB system 310 includes a personal information DB 312 that holds card information and information that supplements the personal information DB 322, a cautionary person DB 3123 that holds information such as a cautionary person, and a server that searches for appropriate information from these information. The computer 311 is configured.
[0038]
FIG. 4 shows a processing flow of the gate management system connected to the external DB.
[0039]
Step 400: The following processing is started by presenting the user's ID card to the gate. 420 shows processing and possession information on the gate side, 430 side shows processing and possession information on the card side, and 430 shows possession information on the external DB.
[0040]
Steps 401 and 402: Communication is performed between the gate and the ID card to confirm the validity of the ID card. As a method for confirming the validity, a method using public key cryptography is conceivable. Specifically, the validity can be confirmed by decrypting the electronic certificate 431 registered in the ID card using the public key information 421 of the ID card issuer and confirming the electronic signature. At this time, if the gate does not have the private key information of the card issuer, the ID card DB 323 is searched to obtain information.
[0041]
Step 403: The information disclosure range is determined from the pass / fail condition parameter 422 determined by the security level, and is sent to the card from the gate.
[0042]
Step 404: In the ID card, the disclosure information is limited from personal information 432, authority information 433, credit information 434, and history information 435 according to the information disclosure range.
[0043]
Step 405: The information limited in 404 is transmitted to the gate.
[0044]
Step 406: The information of 405 is confirmed, the presence / absence of missing information is confirmed, and if there is missing information, go to Step 407. Otherwise, go to step 408.
[0045]
Step 407: The personal information deficient from the internal personal information DB 322 and the external personal information 312 and the person to be watched DB 313 are searched according to the security level, and the deficient information such as personal information is collected.
[0046]
Step 408: The data sent in 405, the supplementary information collected in 407, the passage permission condition are checked, and passage permission is determined.
[0047]
Step 409: The gate displays the result, and the result is digitally signed and transmitted to the card.
[0048]
Step 410: The card updates / adds the result to the history information. Specifically, “pass permission (non-permission) at y gate of security level x” is written with the electronic signature of the gate.
[0049]
Step 411: Open and close the gate door.
[0050]
FIG. 5 shows an improved configuration of the gate management system connected to the external DB of FIG. 4 which is an embodiment of the present invention.
[0051]
At the gate, the cache DB 502 prepares information collected from the external DB in place of the memory 102.
[0052]
The following information is secured in the cache DB 502.
[0053]
・ Personal information that needs to be matched according to the security level of the gate ・ Supplementary personal information of people who frequently pass the gate ・ Supplementary personal information of people who are expected to pass in advance This will shorten the condition collection time This makes it possible to determine whether or not the vehicle can pass smoothly.
[0054]
(2) Setting Example of Passability Conditions FIG. 6 shows a setting example of the security level for each situation as an example of use in a concert hall.
[0055]
The level of the pass / fail judgment at the check gate can be changed according to the conditions such as when and where the pass is judged. Examples of security level settings are level 1 for normal times, level 2 for concerts of popular artists, level 2 for enhanced vigilance, level 3 for special vigilance such as watching VIPs, etc. Set to level 4 for emergency situations.
[0056]
In the case of Level 1, confirmation of the validity of the ID card, admission ticket and confirmation, and confirmation of the authority of persons involved in the venue are performed.
[0057]
In the case of level 2, in addition to the level 1 pass / fail judgment, the identity (address, name, age, etc.) is confirmed with personal information, identity verification is performed to see if it matches the holder of the ID card, and the pass / fail judgment is made. Do. Furthermore, the usage history of the facility is also read, and comprehensive pass / fail judgment is made based on the presence or absence of past unauthorized records.
[0058]
In the case of level 3, in order to avoid danger, in addition to level 2 pass / fail judgment, the pass / fail condition for personal information is strengthened, credit information is queried, and comprehensive pass / no pass judgment is performed.
[0059]
In the case of level 4, taking into consideration personal information of a person who needs to be appointed (terrorist) or the like, a comprehensive pass / fail judgment is made for a personal information holder similar to the person who has arranged the person.
[0060]
In this way, even in the same security check gate, the check level is gradually adjusted according to the security level for each situation.
[0061]
The following usage examples can be considered for the history information of the ID card.
[0062]
・ If there is a record of passage refusal at the same security level within the same security policy area, refusal to pass.
[0063]
-If there is a record of denial of passage at a low security level within the same security policy area, it will be denied.
[0064]
・ If there is a passage rejection record for the same passage permission / rejection conditions, the passage is rejected.
[0065]
-If there is a passage permission record for the same passage permission / inhibition condition, the passage determination is performed without collecting insufficient information.
[0066]
Such a determination is additionally determined in the gate passage permission determinations 206 and 408 only when the above condition is added to the passage permission condition according to the security level.
[0067]
(3) Personal Authentication Gate Management System FIG. 7 shows the configuration of a personal authentication gate management system according to an embodiment of the present invention.
[0068]
The personal authentication gate management system is obtained by adding a personal information input unit 701 for personal authentication to the gate 100 in each of the gate management systems of FIG. 1, FIG. 3, and FIG.
[0069]
The following is conceivable as a means for authenticating whether or not the ID card holder matches.
[0070]
(B) Information that is known only to the person is registered as personal information, and it is confirmed whether or not it is the person by collating the information. The personal information input unit (for example, a password) is a keyboard such as a numeric keypad or a voice input device.
[0071]
(B) The person's biometric information is registered as personal information, and the biometric information is verified to determine whether the person is the person. Examples of biometric information that can identify a person and others include a fingerprint, a palm shape, an iris, a retina, an ear shape, a facial appearance, a signature, a voiceprint, DNA, and a vein shape. The personal information input unit is a scanner, a camera, a pen tablet, a voice input device, a DNA testing device, or the like for each biological information.
[0072]
Depending on the security level, if the person is authenticated with the personal information registered in the card or the personal information registered in the database and the validity of the card holder is confirmed, this person is added. The result of the authentication process is additionally determined in the gate pass / fail determinations 206 and 408.
[0073]
【The invention's effect】
According to the gate management system of the present invention, only the information corresponding to the security level of the gate among the information registered in the ID card is disclosed, so that privacy protection can be realized. In addition, since the pass / fail judgment condition is changed depending on the gate security level, an appropriate security level can be maintained. Further, when there is a shortage of information registered in the ID card with respect to the security level of the gate, personal information can be collected from an external database, and whether or not the gate can be passed can be determined. Further, since the history information is held in the ID card, it can be used as a judgment criterion for passage determination under a certain passage permission condition. Further, by performing identity authentication based on the information of the owner of the ID card, misuse of the card by others can be prevented.
[Brief description of the drawings]
FIG. 1 is a functional configuration diagram of a gate management system according to an embodiment of the present invention.
FIG. 2 is a flowchart of processing of the gate management system of FIG. 1;
FIG. 3 is a functional configuration diagram of a gate management system connected to an external database according to an embodiment of the present invention.
4 is a flowchart of processing of a gate management system connected to the external database of FIG.
5 is a functional configuration diagram obtained by improving the gate management system connected to the external database in FIG. 3. FIG.
FIG. 6 is a diagram showing an example of confirmation items according to the security level in the gate management system of the present invention.
FIG. 7 is a functional configuration diagram of a personal authentication gate management system according to an embodiment of the present invention.
[Explanation of symbols]
100 ... Gate, 101 ... Gate processing device, 102 ... Gate memory, 103 ... Card information reader / writer device, 104 ... Result display unit (including gate opening / closing operation), 110 ... ID card, 111 ... Card processing unit, 112 ... Card Memory, 113... Card information input / output unit.

Claims (5)

A card having an input / output unit for communicating with a non-volatile memory for recording personal information and a gate and a CPU for processing, a device for communicating with the card, and the individual transferred from the card In a gate management system comprising a processing device that determines whether or not to pass according to information and contents of a security level of the inner area, and a gate that has a display device that displays the determination result of whether or not to pass, the inner area of the gate A gate management system, wherein processing is performed by the CPU in the card according to a security level, disclosure information of personal information in the card is determined and transferred to the gate. 2. The gate management system according to claim 1, wherein a passage permission condition is set according to a security level, and the security level is changed as needed for each gate status. 2. A database for providing personal information recorded in a host computer or personal information of an external company only when information necessary for passing through the gate cannot be obtained from the card in the gate management system according to claim 1. A gate management system characterized in that it is connected to the terminal and obtains shortage information to determine whether or not it can pass. 2. The gate management system according to claim 1, wherein the personal information registered in the card has a function of adding / updating information using the logic of the CPU in the card every time it passes through the gate with respect to usage history information. A gate management system, wherein the use history information is used to determine whether or not to pass. 2. The gate management system according to claim 1, wherein the gate management system has a function of authenticating whether or not the personal information registered in the card matches the card owner.

Images