JP3835132B2 - Security system - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a technique for protecting the security of a security target in a security area where only a specific user can enter and leave.
[0002]
[Prior art]
For example, a technique described in Japanese Patent Application Laid-Open No. 09-198501 is known as a technique for managing entry / exit into a guarded area where only specific users can enter and leave. In this technology, the biometric information of the legitimate user recorded in the management device and the biometric information input at the time of entry are collated when passing through the door that leads to the guard area, and only the legitimate user enters the management area. By allowing the admission of admission, it prevents intruders from entering the security area.
[0003]
On the other hand, as a technique for protecting the security of a security target object when the security target is access to a computer system composed of a server and a client, for example, Japanese Patent Laid-Open No. 10-124668 and Japanese Patent Laid-Open No. 10-149446 The technology is known.
[0004]
In the technology described in Japanese Patent Application Laid-Open No. 10-124668, the biometric information of a legitimate user is centrally managed by the server, and the biometric information of the user accepted by the client when the use of the computer system is started is collated by the server. Thus, by allowing only authorized users to access the computer system, unauthorized persons can be prevented from accessing the computer system.
[0005]
On the other hand, in the technique described in Japanese Patent Laid-Open No. 10-149446, when a portable recording device such as an IC card that records the biological information of the user is issued to a legitimate user and the use of the computer system is started. An unauthorized person's computer system is obtained by reading the user's biometric information from the user's portable storage device and collating it at the client and allowing only authorized users to access the computer system. Prevent access to.
[0006]
[Problems to be solved by the invention]
When protecting the security of the security target in the security area where only specific users can enter and leave, according to each of the conventional technologies, the security of the security area and the security of the security target are not linked, that is, Only the person who entered the guarded area is not allowed to access the guarded object. Absent. For example, even if you want to ensure that only certain users can enter and leave the computer room, and want to allow access to the computer system installed in the computer room only to certain users who have entered the computer room properly In each of the conventional techniques, access to the computer system by a person who has illegally entered the computer room cannot be excluded.
[0007]
In addition, the technique using biometric information for personal authentication is a technique that can perform authentication with relatively high accuracy. However, in the technique described in Japanese Patent Laid-Open No. 10-124668, biometric information that is user-specific information is stored in a server. Because of centralized management, the user's psychological resistance is large, and a large amount of biological information may be stolen at one time. Further, when managing a large number of users, the cost for managing biometric information in the server increases.
[0008]
On the other hand, the technique described in Japanese Patent Laid-Open No. 10-149446 requires a reading device of a portable storage device such as an IC card and a biometric information collating function for each client, which increases the system construction cost.
[0009]
In addition, when protecting the security of a security target in a security area that covers a plurality of areas where only a specific user can enter and leave, according to each of the conventional techniques, the management of each door that leads to a plurality of security areas. There is a problem in that it is necessary to register biometric information of a legitimate user on the apparatus and servers in a plurality of security areas, which increases the management cost.
[0010]
Therefore, an object of the present invention is to increase security of a security target in a security area where only a specific user can enter and leave at a relatively low cost.
[0011]
Furthermore, this invention makes it a subject to raise security also at the comparatively low cost also with respect to the guard object in the guard area over a several area.
[0012]
[Means for Solving the Problems]
In order to achieve the above object, the present invention is a security system that permits only a legal person to perform a guarded action in a guarded area,
A portable device issued to the legitimate person, the authentication information enabling authentication of the legitimacy of the portable device and the information unique to the legitimate issuer of the portable device A portable device storing information;
Using the authentication information stored in the portable device possessed by the person who intends to enter the guarded area, the validity of the portable device is authenticated, and the possession of the portable device whose validity is authenticated Security zone security means for permitting a person to enter the security zone and refusing to enter the security zone of a portable device holder whose validity has not been authenticated;
Storage means;
Read the unique information stored in the portable device from the portable device possessed by the person who has entered the guarded area and has been authenticated by the authentication means, and read the unique information stored in the storage device Means,
Information input means for receiving input of information from a person who intends to act in the guard area;
When the specific information that matches the information received by the information input means is stored in the storage means, the specific information that permits the person to be guarded and that matches the information received by the information input means If the storage means is not stored in the storage means, the security target action security means for refusing the security target action of the person,
The portable device possessed by the person leaving the security area is accessed, the unique information reading means identifies the unique information read from the portable device and stored in the storage means, and the identified unique information is stored in the memory. There is provided a security system comprising exit management means for deleting from the means.
[0013]
According to such a security system, since the security system holds the unique information only while the user is in the guarded area, it is possible to prevent a large number of unique information from being stolen at one time. In addition, since the portable device is used only when entering or leaving the security area, there is no need to provide a portable device reading device or the like for each terminal, such as a terminal, which is subjected to a security target action in the security area. Therefore, the security system construction cost can be reduced. In addition, it is possible to eliminate an action to be guarded in the guarded area by a person who illegally entered the guarded area. Further, even when biometric information is used as the user's unique information, it can be ensured that it is permanently retained only on the portable device, so that the refusal of the user can be reduced.
[0014]
Furthermore, even in a security system that permits only a legitimate person to be guarded across a plurality of guard areas, the portable device issued to the legitimate person is assigned to each guard area of the plural areas. By providing the security action guard means in common, security can be maintained while similarly reducing construction costs and user management costs in each area.
[0015]
DETAILED DESCRIPTION OF THE INVENTION
In the following, an embodiment of the present invention will be described taking application to a bank office system requiring high security as an example.
[0016]
FIG. 1 shows the configuration of the security system according to the present embodiment.
[0017]
As shown in the figure, the office system to which this security system is applied is in the building 105, which is a guarded area where only authorized personnel can enter and leave, which is blocked by the door 130, and the office 115 that is normally used by employees. The computer room 110 is blocked by a door 140. In addition, the computer room 110 is equipped with a database that records important information such as customer information, and a host computer 150 that has an application for banking. The office 115 uses the resources of the host computer 105. A terminal 165 is installed for this purpose. The host computer 150 and the terminal 165 constitute a computer system.
[0018]
Here, entry / exit to the computer room 110 is a security target that is guarded with higher security than entry / exit to the building 105 (office 115), which is a security area. In addition, access to the computer system is a security target that is guarded with higher security than entering and leaving the building 105 (office 115), which is a security area.
[0019]
Next, the security system includes a door management device 125 that controls the opening and closing of the door 130 of the building 105, an IC card reader 120 set outside the building 105 of the door 130 of the building 105, and an inside of the building 105 of the door 130. The set IC card reader 121, the inner door management device 155 for controlling the opening and closing of the inner door 140 of the computer room 110, the fingerprint input device 135 installed outside the computer room 110 of the inner door management device 155, and each terminal The fingerprint input device 170 provided for each 165, the access management device 185 provided with the primary storage file 145 and the log file 180 set in the computer room 110, and personal authentication based on fingerprint information described later of each terminal 165 It consists of functional units that perform processing.
[0020]
Here, the IC card reader 120 and the IC card reader 121 are connected to the door management device 125, the fingerprint input device 135 is connected to the inner door management device 155, the fingerprint input device 170 is connected to the terminal 165, and the door management device 125, the inner door management device 155, and the terminal 165 are connected to the access management device 185 via a network 175.
[0021]
Now, in this security system, the IC card 200 in which the user information is recorded in advance is issued to an authorized user.
[0022]
FIG. 2 shows the configuration of the IC card 200 and information recorded on the IC card 200.
[0023]
As shown in the figure, the IC card 200 includes an authentication processing unit 250, an input / output processing unit 260, and a non-volatile storage unit 270. The non-volatile storage unit 270 includes employee personal information 205 such as an employee's name and affiliation, and employee information. 210, an electronic certificate 230 given by an electronic certificate authority to prove the validity of the IC card, an electronic certificate authority public key 235, a private key 240 unique to the IC card, and a public key 241 paired with the private key 240 To be recorded. Here, the staff information 210 includes a staff number 215 and fingerprint information 225 for identifying an IC card possessed by the staff. Here, it is assumed that the electronic certificate 230 is issued by the electronic certificate authority encrypting the public key 241 and staff number 215 unique to the IC card with a private key unique to the electronic certificate authority. As a hardware configuration of the IC card 2000, a general IC card having a CPU and a memory can be used.
[0024]
In this case, the memory functions as the nonvolatile storage unit 270, and the CPU functions as the processing units 250 and 260.
[0025]
Now, in such a configuration, this security system reads the staff information including the staff number and fingerprint information from the IC card 200 owned by the staff when the staff enters the building 105, and temporarily stores it in the access management device 185. Record temporarily in 145. When an employee logs on to the terminal 165 or uses a database or application of the host computer 150, the fingerprint of the employee is read using the fingerprint input device (LS) 170 and collated with the fingerprint information of the temporary storage file 145. When the staff enters the computer room 110, the fingerprint of the staff is read using the fingerprint input device (LS) 135 and collated with the fingerprint information of the temporary storage file 145 to perform the personal authentication. When leaving the building 105, the staff number is read from the IC card 200, and the staff information corresponding to the staff number is deleted from the temporary storage file 145.
[0026]
Details of the operation will be described below.
[0027]
First, a process when the staff enters the building 105 will be described.
[0028]
This process is started by the door management device 125 when the IC card reader / writer 120 recognizes the IC card 200. As a method for staff to make the IC card reader / writer 120 recognize the IC card 200, for example, when the IC card 200 is a proximity IC card, the IC card reader / writer 120 can be held by holding the IC card in front of the IC card reader / writer 120. it can.
[0029]
FIG. 3 shows the procedure of this process.
[0030]
As illustrated, the door management device 125 establishes encrypted communication with the access management device 185 in step 300 when processing is started. This enables communication between the access management device 185 and the door management device 125 without eavesdropping or tampering. For encryption communication, for example, a method described in ANSI / ITU X.509 is used. Can do.
[0031]
Next, in step 315, the door management device 125 performs mutual authentication with the IC card 200. Specifically, mutual authentication between the IC card and the door management device is performed by a method described in ANSI / ITU X.509. That is, for example, first, the authentication processing unit 250 of the IC card 200 sends the staff number 215, the public key 241 and the electronic certificate 230 stored in the nonvolatile storage unit 270 to the door management device 125. The door management device 125 decrypts the electronic certificate 230 with the public key of the electronic certificate authority stored in advance, and obtains the public key and staff number of the IC card. If the staff number and public key obtained match the staff number and public key sent from the IC card 200, an appropriate random number is generated, encrypted with the public key sent from the IC card 200, and used as challenge data. Send to IC card 200. The authentication processing unit 250 of the IC card 200 decrypts this with the secret key 240 stored in the nonvolatile storage unit 270 and returns the decryption result to the door management device 125 as response data. The door management device 125 compares the random number generated earlier with the response data, and if they match, authenticates the IC card 200 as a valid IC card. Next, on the contrary, the door management device 125 is the electronic device that the electronic certificate authority has encrypted and issued with the previously stored door management device number, the public key unique to the door management device 125, and the private key of the electronic certificate authority. Send the certificate to the IC card 200. The authentication processing unit 250 of the IC card 200 decrypts the electronic certificate with the public key of the electronic certificate authority recorded in the nonvolatile storage unit 270, and obtains the public key and staff number of the door management device 125. If the staff number and public key obtained match the staff number and public key sent from the door management device 125, an appropriate random number is generated, encrypted with the public key sent from the door management device 125, and challenged. The data is sent to the door management device 125 as data. The door management device 125 decrypts this with its own private key stored in advance, and returns the decryption result to the IC card 200 as response data. The authentication processing unit 200 of the IC card 200 compares the random number generated previously with the response data, and if they match, authenticates the door management device 125 as a valid door management device.
[0032]
In this way, if the mutual authentication is successful, the door management device 125 reads the staff information 210 from the IC card 200 in step 320, and transmits the staff information 210 read in step 327 to the access management device 185. Receiving this, the access management apparatus 185 records the staff number 215 and the fingerprint information 220 constituting the staff information 210 received in step 330 in the temporary storage file 145 as shown in FIG. The staff number 215 and the entrance of the staff are recorded in the log file 180.
[0033]
Finally, the door management device 125 opens the door 130 in step 340 and ends the process.
[0034]
On the other hand, if the mutual authentication is not successful in step 315, the processing is terminated as it is.
[0035]
In the above step 315, the door management device 125 not only authenticates the IC card 200, but the IC card 200 also performs mutual authentication to authenticate the door management device 125. Is to prevent. Therefore, if it is guaranteed that the IC card 200 is used only for the legitimate door management device 125, instead of mutual authentication, the door management device 125 only performs the process of authenticating the IC card 200. It may be.
[0036]
Next, processing when an employee logs on to the terminal 165 will be described.
[0037]
This process is started by the terminal 165 when the staff requests the terminal 165 to log on.
[0038]
FIG. 5 shows the procedure of this process.
[0039]
As shown in the figure, in this process, first, in step 505, the terminal 165 issues a staff authentication request to the access management apparatus. Next, in step 510, the terminal 165 establishes encrypted communication between the access management apparatus and the terminal. In step 515, the terminal 165 inputs a staff member's fingerprint from the fingerprint input device 170 connected to the terminal 165. In step 520, the terminal 165 transmits the input fingerprint to the access management device 185.
[0040]
In step 525, the access management device 185 that has received the fingerprint collates the fingerprint of the staff member received and the fingerprint information recorded in the temporary file 145. If the matching fingerprint information exists in the temporary file 145, the corresponding staff member If there is no matching fingerprint, a code indicating collation failure is output. In step 530, the collation result is recorded in the log file 180. In step 535, the access management apparatus 185 transmits a verification failure to the terminal 165 as a fingerprint verification result if the output code is a verification failure, and a verification success if the output code is a staff number.
[0041]
In step 540, the terminal 165 that has received the fingerprint collation result ends the process or issues an appropriate alarm if the fingerprint collation result is a collation failure.
[0042]
On the other hand, if the collation success is received as the fingerprint collation result, the staff is permitted to log on to the terminal 165 at step 545.
[0043]
Here, the fingerprint collation processing of the access management apparatus 185 in step 525 of FIG. 5 is performed by the procedure shown in FIG. 6, for example.
[0044]
That is, first, a counter indicating the staff information number recorded in the temporary storage file in step 705 is reset to 0, and in step 710, the counter is incremented by 1.
[0045]
In step 720, the fingerprint information of the staff information of the number indicated by the counter is read from the temporary storage file. Then, in step 725, the fingerprint information and the fingerprint transmitted from the terminal are collated. If they match, the staff number corresponding to the fingerprint information matched as the fingerprint collation result is used as the result code, and the process proceeds to step 730. If not, the process branches to step 735.
[0046]
In step 735, if the counter indicates the number of the staff information of the last staff member, the result code is determined to be unsuccessful, and the process branches to step 730. Otherwise, the process returns to step 710.
[0047]
In step 730, the code obtained in step 725 or 735 is output.
[0048]
Next, a process when a staff member enters the computer room 110 will be described.
[0049]
The processing in this case is almost the same as the operation when the staff requests the computer system to log on from the terminal 165 shown in FIGS. 5 and 6, but the authentication request in step 505 in FIG. Will be issued to the access management device 185. Further, in step 535 of FIG. 5, the fingerprint collation result is transmitted from the access management apparatus 185 to the inner door management apparatus 155. Then, in step 545 of FIG. 5, the inner door management device 155 permits or rejects entry into the computer room 110 according to the fingerprint collation result, that is, if the collation result is a collation failure, the inner door 140 is opened. If the collation success is received as the fingerprint collation result, the inner door 140 is opened.
[0050]
Next, processing when a staff member uses a database or application of the host computer 150 will be described.
[0051]
The processing in this case is almost the same as the operation when the staff requests logon to the computer system from the terminal 165 shown in FIGS. 5 and 6, but the authentication request in step 505 in FIG. Issued to the management device 185.
[0052]
Also, in step 535 of FIG. 5, the fingerprint collation result is transmitted from the access management apparatus 185 to the host computer 150. Then, in step 545 of FIG. 5, the host computer 150 permits or rejects the use of the application or database according to the fingerprint collation result, that is, permits the use if the collation result is a collation failure, and the fingerprint collation result When the verification success is received, the use is rejected.
[0053]
Next, processing when the staff leaves the building 105 will be described.
[0054]
This process is started by the door management device 125 when the IC card reader / writer 121 recognizes the IC card 200.
[0055]
FIG. 7 shows the procedure of this process.
[0056]
As shown in the figure, the door management device 125 first performs mutual authentication between the IC card 200 and the door management device 125 as described above in step 805. If the mutual authentication is successful, the staff number 215 is read from the IC card 200 in step 810. Then, in step 815, the door management device 125 opens the door 130 and leaves the staff. On the other hand, when the authentication fails, predetermined abnormality processing such as issuing an alarm is performed.
[0057]
If the mutual authentication is successful, the door management device 125 then establishes encrypted communication with the access management device 185 at step 820, and the staff previously read into the access management device 185 at step 825. Send the number.
[0058]
The access management device 185 notified of the staff number deletes the staff information corresponding to the staff number received, that is, the staff number and the fingerprint information from the temporary storage file 145 in step 830, and logs the staff leaving the log file 189. To record.
[0059]
Now, during each processing as described above, based on the information notified from each device, the access management device 185 is used to enter / exit personnel into the building 105 or the computer room, log on / log off the terminal 165, host The use status of the application and database of the computer 150 is recognized, and the history is accumulated in the log file 180 as shown in FIG. However, the access management device 185 cannot recognize the end of use of the application or database of the host computer 150 or the logoff from the terminal 165 only from the information notified to the access management device 185 during each processing as described above. The host computer 150 and the terminal 165 notify the access management apparatus 185 of logoff from the staff terminal 165 and the end of use of the database or the like.
[0060]
The embodiment of the present invention has been described above.
[0061]
In the processing shown in FIG. 5 in the above embodiment, the fingerprint input at the terminal 165 is transmitted to the access management device 185, and the access management device 185 collates with the fingerprint information of the temporary storage file 145. 9 accepts the input of the staff number from the staff member who requests logon at the terminal 165 by the procedure shown in FIG. 9, etc., reads the fingerprint information of this staff number from the access management device 185, and collates the fingerprint of the staff member at the terminal 165. You may do it.
[0062]
Here, in the procedure shown in FIG. 9, first, the terminal 165 issues an authentication request to the access management apparatus 185 in step 905, and establishes encrypted communication with the access management apparatus 185 in step 910. Then, terminal 165 accepts the input of the staff number at step 915, and transmits the staff number to access management apparatus 185 at step 920.
[0063]
The access management device 185 searches for a staff number corresponding to the temporary storage file 145 in step 925, and transmits fingerprint information corresponding to the staff number corresponding to the staff number in step 930 to the terminal 165. If there is no corresponding staff number, the terminal 165 is notified that there is no corresponding person.
[0064]
If the terminal 165 is notified of the absence of the person in step 932, the terminal 165 performs a process such as terminating the process or issuing an appropriate alarm.
[0065]
On the other hand, when the fingerprint information is received, the terminal 165 inputs the fingerprint of the staff using the fingerprint input device 170 in step 935, and collates the fingerprint input in step 940 with the fingerprint information received from the access management device 185. If the verification fails, the process is terminated. If the verification is successful, in step 945, the staff is permitted to log on.
[0066]
In the above embodiment, in the process of FIG. 3, if the mutual authentication between the IC card 200 and the door management device 125 is successful, the door 130 is opened and the staff is allowed to enter. A fingerprint input device is installed outside 130 building 105, step 315 in FIG. 3 is replaced with the procedure shown in FIG. 10, and the fingerprint input from the fingerprint input device is compared with the fingerprint information recorded on IC card 200, The door 130 may be opened only when the verification is successful, and the staff may be allowed to enter.
[0067]
Here, in the procedure of FIG. 10, first, the door management device 125 performs mutual authentication with the IC card 200 in step 1005. If the mutual authentication is not successful, the process of FIG. If so, the fingerprint information 225 is read from the IC card 200 in step 1010. In step 1015, the door management device 125 inputs a fingerprint from the fingerprint input device provided outside the building 105. In step 1020, the input fingerprint is compared with the read fingerprint information. When the process is completed and the two match, the process proceeds to step 320 in FIG.
[0068]
In the procedure of FIG. 10, the door management device 125 transmits the fingerprint information read from the IC card and the inputted fingerprint to the access management device 185 and collates them with the access management device 185, and then performs the door management device 124. You may correct so that a collation result may be transmitted to.
[0069]
Further, the mutual authentication at the time of leaving in step 805 in FIG. 7 may be modified so as to perform the same processing as in FIG.
[0070]
Further, in the above embodiment, access authority information indicating an access destination accessible by the staff is added to the staff information 210 of the IC card 200, and this is stored in the primary storage file 145 of the access management apparatus 185 in the same manner as the fingerprint information. It is also possible to store the data in accordance with the access authority according to the access authority of each employee. In addition, when the staff information is recorded in the primary storage file 145 in the access management device 185, the expiration date of the staff information is set, and the fingerprint information whose expiration date has passed the current time is regarded as invalid. You may make it delete from. This prevents the staff information from being stored in the primary storage file 145 all the time when the staff leaves, for example, from an unauthorized exit, that is, an exit where exit cannot be managed.
[0071]
Note that these access authority information and expiration date may be stored and managed in the primary storage file together with the staff number and fingerprint information, as shown in FIG. 11, for example. The access authority of each employee may be recorded in the access management device 185 instead of being stored in the IC card 200.
[0072]
Further, in the above embodiment, a determination parameter used for determining whether the fingerprint and the fingerprint information match or does not match, such as step 725 in FIG. 6, is provided, and by changing this, an error that erroneously rejects the person (person rejection) Rate) or error (acceptance rate of others) that erroneously accepts others may be reduced.
[0073]
Here, FIG. 12 shows an example in which a relationship between a general identity rejection rate and a stranger acceptance rate is plotted while changing a determination parameter. As shown in the figure, it is possible to control the error by changing the determination parameter. The determination parameter may be changed depending on the combination with the staff, the security level of the terminal, the environment such as season, temperature and humidity, and other personal authentication means such as a password. Further, this determination parameter may be recorded in advance in the access management apparatus 185 as a determination parameter table as shown in FIG. 13, FIG. 14, FIG. 15, and FIG. In the example shown in the figure, the security parameters of the staff, the database of the host computer, the environment, and other authentication methods used in combination are changed. The percentage of the verification parameter values in the figure is what percentage. Indicates that if the fingerprint and fingerprint information are matched, they are regarded as matching.
[0074]
When such a determination parameter is used, the fingerprint collation procedure in step 725 in FIG. 7 can be realized by the procedure shown in FIG.
[0075]
That is, first, the access management device 185 reads the determination parameter table in step 1705, and in step 1710, the target staff, the security level of the database to be used, the current environment, fingerprint verification and the like. The collation parameter used for the determination is set from the other personal authentication means used in combination and the determination parameter table. In step 1715, the fingerprint and the fingerprint information are collated in accordance with the determination parameter, and a match / mismatch is determined in accordance with the matching ratio of the collation parameter, the fingerprint and the fingerprint information.
[0076]
In the above embodiment, for example, by attaching the electronic signature to the fingerprint information recorded on the IC card 200 by the technology described in Japanese Patent Application No. 11-16628, and verifying the electronic signature at the time of fingerprint verification, You may make it prevent falsification of fingerprint information.
[0077]
In this case, verification of the electronic signature may be performed when the building 105 is entered, and if this is successful, the verification of the electronic signature may not be performed when performing fingerprint verification.
[0078]
Further, in the present embodiment, the personal authentication is performed using the fingerprint, but this may be biometric information other than the fingerprint. The information is not limited to biometric information, and may be any information that can be held by a legitimate user and cannot be held by an unauthorized person. For example, the information may be information that a legitimate user holds as a memory and cannot be held by an unauthorized person, such as a combination of a staff number and a password.
[0079]
Further, instead of the IC card 200, other appropriate storage media may be used.
[0080]
As described above, according to the present embodiment, since the access management device 185 holds staff information such as fingerprint information only while the user is in the guarded area, a large number of staff information is stolen at one time. Can be prevented.
[0081]
Further, since the IC card is used only when entering or leaving the security area, it is not necessary to provide an IC card reader or the like for each terminal 165, and the system construction cost can be reduced.
[0082]
Further, it is possible to eliminate fraudulent acts on the guarded object in the guarded area, such as use of a computer system, by a person who illegally enters the guarded area.
[0083]
Further, since it is possible to guarantee that biometric information such as the user's fingerprint information is permanently retained only on the IC card, the user's feeling of refusal can be reduced.
[0084]
In addition, by recording the entry / exit of the user and the history of access to the computer system, it becomes possible to easily track the fraud in case of fraud.
[0085]
Hereinafter, the second embodiment of the present invention will be described with respect to an example of protecting the security of a security target (for example, a computer system) in a security area (for example, a branch office) that spans a plurality of areas.
[0086]
FIG. 18 shows an overall configuration of a security system for a guarded object in a guarded area extending over a plurality of areas.
[0087]
As shown in the figure, an IC card issuance site 1801 for issuing an IC card in which staff information including biometric information of the present invention is registered, and a plurality of security areas 1810 in which the staff who issued the IC card work. The IC card issuing site and the access management device 1811 in each guard area are connected via a dedicated line or a public information transmission means 1802.
[0088]
FIG. 19 shows a functional configuration diagram of the IC card issuing site.
[0089]
As shown in the figure, the IC card issuance site decrypts the IC card issuance unit 1920 having the IC card R / W 1910, the signature key recording unit 1925 made with a tamper-resistant device, and the digital signature by the signature key A verification key management unit 1930 that manages the verification key to be used, an invalid card information management unit 1950 that manages a list 1955 of invalid cards among already issued IC cards, and information such as verification key information and invalid card information It consists of a communication unit 1940 that communicates to each guard area.
[0090]
FIG. 20 shows a device configuration diagram in each guard area.
[0091]
As shown in the figure, the computer system consisting of the host computer 2050 and the terminal 2065, which is the subject of security in this security system, is blocked by the door 2030, and inside the security area 2005 where only employees who have been issued IC cards in advance can enter and exit. It is in. The host computer 2050 provides a database in which highly confidential information is recorded and business applications, and there are a plurality of terminals 2065 that use the resources of the host computer 2050. Each terminal 2065 has a fingerprint input device 2070. is set up.
[0092]
Here, the security system includes a door management device 2025 that controls the opening and closing of the door 2030 in the security area 2005, an IC card reader 2020 installed outside the door 2030, and an IC card reader installed inside the door 2030. 2021, a connection with the dedicated line 2002 connected to the IC card issue site, and an access management device 185 having a temporary storage file 2045 and a log file 2080.
[0093]
FIG. 21 shows a functional configuration diagram of the access management apparatus.
[0094]
As shown in the figure, the access management device includes a communication unit 2110 for communicating information with each device and IC card issuing site in the security area, an IC card validity checking unit 2120 for checking the validity of the IC card, and a temporary storage file. The staff information management unit 2130 provided with 2135, the biometric information collation unit 2140, and the log management unit 2150 that comprises the log file 2155 and manages the collation log.
[0095]
FIG. 22 shows an IC card issuance flowchart executed at the IC card issuance site.
[0096]
Step 2210: Collect the information of the staff who issues the IC card, create a verification key / signature key pair for the IC card to be issued, and receive a certificate for the verification key.
[0097]
Here, the verification key / signature key pair specifically uses public key cryptography such as RSA or elliptic cryptography. A public key is applied to the verification key, and a secret key is applied to the signature key.
[0098]
Moreover, the following information etc. are as staff information to collect. In collecting these information, high security is required so that fraud is not performed. Also, the creation of the verification key / private key may be performed in the IC card in order to ensure the confidentiality of the signature key.
[0099]
・ ID information (public key certificate serial number, staff number, name, date of birth, etc.) ・ Business information (affiliation, position, authority, year of employment, etc.)
・ Biological information
Step 2220: Create a signature of the entire staff information with the signature key.
[0100]
The signature result is obtained by creating a message digest for the entire staff information using a predetermined message digest function and encrypting the created message digest using the signature key of the IC card issuing site.
[0101]
Step 2230: Register the staff information, certificate, and signature result obtained in Step 2220 in the IC card.
[0102]
Step 2240: Distribute the IC card of Step 2230 to the corresponding users.
[0103]
Here, registered mail may be used to ensure distribution to users who match the employee information registered on the IC card.
[0104]
FIG. 23 shows an entrance flow diagram for each guard area.
[0105]
Step 2310: A verification key for confirming the validity of IC card registration information and an invalid IC card list are acquired.
[0106]
Here, the verification key and the invalid IC card list are acquired by using a network such as a dedicated line or encrypted communication (mail), and the validity of the information is confirmed.
[0107]
This process is performed periodically (for example, every morning or every night) to acquire the latest invalid IC card list.
[0108]
The invalid IC card list is an IC card issued to the user by the IC card issuing site that has become invalid due to employee retirement, transfer, loss or theft, and is collected by the IC card issuing site. This is a list of IC cards that are not used. Only when the list has an IC card expiration date, it is also possible to limit the list to uncollected IC cards that have not been invalidated due to the expiration date.
[0109]
Step 2315: Establishing encrypted communication between the door management device and the access management device. Specifically, the method described in FIG.
[0110]
Step 2320: Start the staff entry process.
[0111]
Step 2325: The door management device performs mutual authentication between the IC cards. Specifically, the method described in FIG. If the validity of the IC card is not confirmed by this mutual authentication, the room entry process is terminated. If it is authenticated as a valid IC card, the process proceeds to step 2330.
[0112]
Step 2330: The door management device reads staff information and signature information from the IC card.
[0113]
Step 2335: The staff information and signature information read in Step 2330 are transferred to the access management apparatus.
[0114]
Step 2340: The access management apparatus confirms the validity of the staff information using the verification key acquired in step 2310. Specifically, the staff information is confirmed by creating a message digest by the same method performed in Step 2220 and comparing and verifying the signature information decrypted with the verification key. If they match, the validity can be confirmed.
[0115]
Here, if the validity cannot be confirmed, the room entry process is terminated. If the validity of the staff information can be confirmed, the process proceeds to step 2345.
[0116]
Step 2345: The access management device records the staff information in a temporary storage file. In addition, record staff numbers and staff entry in a log file.
[0117]
Step 2350: The door is opened by the door management device, and the room entry process is terminated.
[0118]
The staff terminal login is performed in accordance with the procedures described in FIGS.
[0119]
The staff leaving process is performed according to the procedure shown in FIG.
[0120]
As described above, it is possible to allow access only to users who have an IC card and enter the security area through regular procedures for a security area in a security area that spans multiple areas. is there. For example, the present invention can be applied to finance, securities, insurance fields, general companies, etc. that have a plurality of branches and handle information that should be kept secret. By using the present invention, it is possible to promote personnel fluidization between branch offices and utilize human resources while maintaining high security at a relatively low cost.
[0121]
Moreover, it can be applied to each floor of a building such as a tenant building where different business owners occupy each floor and an unspecified user can come and go. By applying the present invention to occupied floors in accordance with the security level of each business owner of such a tenant building, high security can be maintained at a relatively low cost even when the occupied floor extends over a plurality of floors.
[0122]
The second embodiment of the present invention has been described above.
[0123]
In the embodiment described above, FIG. 24 shows an example in which the entrance / exit restriction function is omitted for each guard area shown in FIG.
[0124]
As shown in the figure, the door management device linked with the IC card is omitted when entering and leaving each base, and instead, an access management device equipped with a temporary storage file 2445 with an IC card reader 2420 and a log file 2380. Have 2485.
[0125]
Here, the access management device 2485 has a function of managing the attendance and leaving of the staff, and the staff presents the IC card 2460 to the card reader 2420 of the access management device 2485 at the time of attendance, and the validity of the IC card 2460 and the staff information is confirmed. After confirming, the staff information is recorded in the temporary storage file 2445. Similarly, when leaving work, the IC card 2460 is presented to the card reader 2420 of the access management apparatus, and the employee information of the corresponding employee is deleted from the temporary storage file 2445.
[0126]
Further, FIG. 25 shows an example in which attention is paid to management of access authority for staff information.
[0127]
As shown in FIG. 24, the door management device linked to the IC card is omitted at the time of entry / exit as in FIG. 24. Instead, a temporary holding device having an IC card reader 2520 and a biometric information input device 2525 (for example, a fingerprint input device) is provided. An access management device 2585 having a storage file 2545 and a log file 2580 is provided. Moreover, the biometric input device provided in the terminal is also omitted, and instead, personal authentication information such as a password is provided in the staff information.
[0128]
Here, the staff dispatched from other bases presents the IC card to the IC card reader 2520 connected to the access management device 2585, and the access management device 2585 confirms the validity of the IC card 2560 and the staff information. The employee's biometric information (for example, fingerprint) is input from the biometric information input device 2525, compared with the biometric information contained in the employee information, and the validity of the owner of the IC card is confirmed. To record. Also, the personal authentication process in the terminal is executed with the password information stored in the temporary storage file.
[0129]
By adopting the embodiment as described above, it becomes possible to confirm the legitimacy and business authority of staff dispatched from other bases. It is possible to utilize resources.
[0130]
【The invention's effect】
As described above, according to the present invention, it is possible to increase security of a security target in a security area where only a specific user can enter and leave at a relatively low cost.
[0131]
Furthermore, according to the present invention, security can be enhanced at a relatively low cost even for a security target in a security area that spans multiple areas.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration of a security system.
FIG. 2 is a block diagram showing a configuration of an IC card.
FIG. 3 is a flowchart showing processing performed when a building enters.
FIG. 4 is a diagram showing the contents of a temporarily saved file.
FIG. 5 is a flowchart showing processing performed when logging on to a terminal.
FIG. 6 is a flowchart showing a fingerprint matching process.
FIG. 7 is a flowchart showing processing performed when a building leaves.
FIG. 8 is a diagram showing the contents of a log file.
FIG. 9 is a flowchart illustrating processing performed when logging on to a terminal.
FIG. 10 is a flowchart showing a process for performing fingerprint collation when entering a building.
FIG. 11 is a diagram showing the contents of a temporarily saved file.
FIG. 12 is a diagram illustrating a relationship between a determination parameter and a collation error.
FIG. 13 is a diagram showing determination parameters set for each staff member.
FIG. 14 is a diagram illustrating determination parameters set for each access destination.
FIG. 15 is a diagram illustrating determination parameters set for each season.
FIG. 16 is a diagram showing collation parameters set for other individual authentication means used in combination.
FIG. 17 is a flowchart illustrating processing when fingerprint matching is performed using a determination parameter.
FIG. 18 is a diagram showing an overall configuration of a security system when a guarded area extends over a plurality of areas in the second embodiment.
FIG. 19 is a diagram showing a functional configuration of an IC card issuing site in the second embodiment.
FIG. 20 is a diagram showing a device configuration of each guard area in the second embodiment.
FIG. 21 is a diagram illustrating a functional configuration of an access management apparatus according to the second embodiment.
FIG. 22 is a flowchart showing IC card issuance processing in the second embodiment.
FIG. 23 is a flowchart showing entrance processing for each guard area in the second embodiment.
FIG. 24 is a diagram illustrating a device configuration of each site when the site spans multiple sites in the second embodiment.
FIG. 25 is a diagram showing a device configuration at each site focusing on cost reduction of user registration in the second embodiment.
[Explanation of symbols]
120, 121 IC card reader / writer, 125 door management device, 125 door management device, 135, 170 fingerprint input device, 150 host computer, 155 door management device, 165 terminal, 175 network, 185 access management device, 200 IC card

Claims (10)

Predetermined operations on devices installed in a security zone, a security system to allow for the legitimate,
The authentication information stored in the portable device possessed by the person who intends to enter the security zone and authenticating the validity of the portable device can be used to verify the validity of the portable device. the relative person authenticating the sex, validity allow entrance to the security area in respect person carrying the portable device is authenticated, carrying the portable device the validity is not authenticated A security zone security means for refusing to enter the security zone;
Storage means;
From the portable device the validity is authenticated, a unique information stored in the portable device reads the unique information enabling the authentication of the legitimacy of the person who owns the portable device, in the storage means Memorized unique information reading means;
Information input means for receiving input of unique information of the person from a person who intends to perform a predetermined operation on the device in the guard area;
When the unique information matching the unique information received by the information input means is stored in the storage means, the person is allowed to perform a predetermined operation on the device , and the unique information received by the information input means when said specific information is not stored in the storage means, the security system characterized by having a security target acts security means to refuse a predetermined operation to the device with respect to the person matching the information. The security system according to claim 1, wherein
By using the authentication information stored in the portable device the person intended to exit to the security extramural possessed, it authenticates the validity of the portable device, carrying the portable device the validity is authenticated A leaving management means for permitting a person who leaves the guarded area to leave, and for a person possessing a portable device whose validity has not been authenticated, to leave the guarded area. A featured security system. The security system according to claim 1 or 2,
The security system, wherein the unique information is biometric information of the person . The security system according to any one of claims 1, 2, and 3,
Said predetermined operation on the device, use of the installed computer systems in the security zone, or, which is the entrance request for a particular zone in to the device for managing admission to a particular area within the security zone Security system characterized by Predetermined operations on devices installed in a security zone, the security system to allow for the legitimate, a method for realizing the security,
Previously, the legitimate person, the portable authentication information that allows authentication of the validity of the apparatus, a portable device that stores the specific information to the validity of a person who owns the portable device can be authenticated A step of issuing
In the security system, using the authentication information stored in the portable device possessed by the person who intends to enter the guarded area, the validity of the portable device is authenticated, and the portable device whose validity is authenticated allow entrance to the security area in respect person carrying the mold apparatus, and the step of denying entry to the security zone in the person carrying the portable device the validity is not authenticated,
The security system, the steps of the validity is stored from the portable device is authenticated, reads the unique information stored in the portable device, the internal security system,
In the security system, from a person who intends to perform a predetermined operation on the device in the guard area, receiving an input of specific information of the person ;
In the security system, when the unique information that matches the received unique information is stored in the security system, the person is allowed to perform a predetermined operation on the device , and the unique information that matches the received unique information If the information is not stored in the internal security system, method for realizing security in the security system characterized by having a step of denying predetermined operation to the device relative to the person. A predetermined operation to the device installed in a security zone extending over a plurality of zones, a security system to allow for the legitimate,
Using the authentication information stored in the portable device possessed by the person who intends to enter each guarded area of the plurality of areas and using the authentication information that can authenticate the validity of the portable device, A portable device that authenticates the legitimacy of the mold device and permits the person who possesses the portable device with the legitimate certification to enter the respective guarded areas of the plurality of areas, and the legitimacy is not certified rejecting security area security means entry to the security zone in the plurality areas against persons carrying the,
Storage means;
Wherein the validity PORTABLE device authenticated, a unique information stored in the portable device reads the unique information enabling the authentication of the legitimacy of the person who owns the portable device, the storage means Specific information reading means stored in
Information input means for receiving input of the specific information of the person from a person who intends to perform a predetermined operation on the device in each guard area of the plurality of areas;
When the unique information matching the unique information received by the information input means is stored in the storage means, the person is allowed to perform a predetermined operation on the device , and the unique information received by the information input means when said specific information is not stored in the storage means, the security system and having a warning Bei subject Acts security means rejects the predetermined operation to the device with respect to the person matching the information. The security system according to claim 1 , wherein
Exit management means for accessing a portable device possessed by a person leaving the security area, specifying the unique information read from the portable device and stored in the storage means, and deleting the specified unique information from the storage means A security system characterized by comprising: The security system according to claim 6,
The portable device possessed by a person who leaves the security area of the plurality of areas is accessed, and the unique information reading means identifies the unique information read from the portable device and stored in the storage means, and the identified unique A security system comprising exit management means for erasing information from the storage means . The security system according to claim 6,
The security system, wherein the unique information is biometric information of the person . The security system according to any one of claims 6 and 9 ,
The security system according to claim 1, wherein the predetermined operation on the device is use of a computer system installed in the plurality of areas.

Images