JP4081947B2 - Device security management system - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a system for controlling the operation of a device requiring security, such as copying a confidential document.
[0002]
[Prior art]
Confidential documents are usually indicated by stamping "confidential" or "no copying" on the document, and the user observes the display and pays due attention to copying the document. ing.
[0003]
In addition, there is a system in which each user has a counter for counting the number of copies for charging, and the copying machine does not operate unless the counter is set in the copying machine. This system provides a security effect in the sense that only insiders who have a counter can copy.
[0004]
In addition, as a method that relies on human resources, a room where confidential documents are stored is often managed by a guardman or similar person. In some cases, the document copy operation is performed only through the person in charge of copying.
[0005]
In recent years, confidential documents have also been printed using special inks that can only be read under invisible light such as ultraviolet rays and infrared rays. In this case, you can read confidential documents in a reading room with a dedicated light source, but even if you want to copy the confidential documents with an ordinary copier, the ordinary copier uses the reflected wave of visible light. Confidential documents using ink that does not reflect visible light cannot be copied.
[0006]
However, the inconvenience of being able to do anything at all, and the troublesomeness of creating such a special document, hinders general use.
[0007]
[Problems to be solved by the invention]
The method of displaying “confidential” or the like is a method that relies on the user's morality, and is often not sufficient in terms of security.
[0008]
In the method in which each user has a copy counter, any document can be copied as long as it has a counter. Therefore, it is difficult to say that sufficient security is ensured from the viewpoint of copy management of confidential documents.
[0009]
The method of managing by a guardman or the like has many problems in terms of cost, and in the end, it can be said that it depends on human morals.
[0010]
In addition, a method using special ink for a confidential document can provide high security from the viewpoint of preventing unauthorized copying, but has a problem that a legitimate user is inconvenienced. That is, when special ink is used, a special light source is required to read a confidential document, and a special copying machine is required to print the confidential document.
[0011]
As described above, all of the conventional confidential document copying management methods have problems. As described above, the case of copying confidential documents has been taken as an example. However, there are many situations where security management is required for the services provided to users. As many as management devices. For example, the operation management of the device related to security is performed by a method in which the user holds an IC card and the card is inserted into the device. However, there are cases where that alone is insufficient or inconvenient. is there. For example, in the case of copying, it is not sufficient to perform user management with an IC card or the like in order to perform detailed management such as to what level of copying is permitted depending on the degree of confidentiality of a document. In addition, for example, in the entrance / exit management device, there is an inconvenience that a person on the host side having a valid card has to accompany the visitor (temporary visitor).
[0012]
The present invention has been made in view of such problems, and an object thereof is to provide a mechanism for finely controlling the operation of an apparatus requiring security.
[0013]
[Means for Solving the Problems]
In order to achieve the above object, an apparatus security management system according to the present invention is a system for managing security operations required of a target apparatus, and is provided in the vicinity of the target apparatus and communicates with the RFID to hold the RFID RFID communication means that obtains the security information that has been acquired, and the security information substantially simultaneously obtained from two or more RFIDs by the RFID communication means satisfy the pre-registered permission condition for the security operation required for the target device A determination unit that determines whether or not to perform the operation, and permits the target device to execute the security operation only when the determination unit determines that the permission condition is satisfied. A combination of security information acquired from an RFID attached to a document set on the copying machine and security information acquired from a user's RFID, The RFID communication means includes one antenna for simultaneously reading the user's RFID and the document RFID, and the antenna is defined by the document reading surface of the copier. It is installed so as not to be parallel to both the horizontal plane and the vertical plane facing the user standing in front of the copier .
[0014]
According to this system, since the operation of the device can be controlled based on information of a plurality of RFIDs related to the target device, fine security management can be performed.
[0015]
In a preferred aspect of the present invention, the permission condition permits the execution of the required security operation when the relationship between the security level of the object of the required security operation and the security level of the user instructing the operation is determined. The determination means determines each security level from security information acquired from an RFID attached to an object set in the target device and security information acquired from an RFID carried by the user. It is determined whether or not the relationship between the security levels satisfies the permission condition.
[0016]
In this aspect, the respective security levels are acquired from the RFID of the object requiring security operation and the RFID of the user, and it is determined whether or not the operation can be permitted based on the relationship between the two. For example, when a copying machine is taken as an example, the copying machine corresponds to the target device, the copying operation of the confidential document corresponds to the operation requiring security, and the confidential document corresponds to the object. According to this aspect, it is possible to manage in detail the execution of the security required operation based on the relationship between the object and the user.
[0017]
In another preferred aspect, the permission condition is a condition that stipulates that the operation requiring security is permitted based on the relationship between the number of RFIDs simultaneously communicated by the RFID communication means and the security level of each RFID. Yes, the determination unit determines whether or not the information of one or more RFIDs acquired simultaneously by the RFID communication unit satisfies the permission condition.
[0018]
In this aspect, for example, when a plurality of persons are expected to guarantee mutual trust, it is possible to execute a certain security operation, and a conventional management method that performs a security operation based on the authentication information of one person. Compared to, detailed operation permission conditions can be set to meet the needs of the site.
[0019]
In another preferred aspect, the RFID communication means reads a specific RFID including property information indicating that the security level can be copied simultaneously with a predetermined number of normal RFIDs including the security level information. The security level of the normal RFID is given to the specific RFID.
[0020]
In this aspect, the security information of the normal RFID can be copied to the specific RFID just by putting the specific RFID and a predetermined number of normal RFIDs within the communication range of the RFID communication means almost simultaneously. It becomes easy to write the security permission contents required by the person on the temporary card issued to the visitor or the person who forgot the ID card.
[0021]
DETAILED DESCRIPTION OF THE INVENTION
[Embodiment 1]
In the present embodiment, copy management of confidential documents by a copying machine is taken as an example. Therefore, in this embodiment, the copying machine corresponds to the “target device” in the claims. Here, for the sake of simplicity of explanation, it is assumed that the information processing apparatus and storage device for security management are constructed based on a personal computer separate from the copying machine. However, recent copying machines often have a high-performance MPU or a large-capacity storage device inside, and it is easy to incorporate the security management information processing function described below into the copying machine.
[0022]
In this embodiment, RFID (Radio Frequency Identification) is used for security management. The RFID is a non-contact reading type data carrier, and incorporates a memory IC chip and a communication antenna. RFID is generally in the form of a plastic card, but a flexible thin tag is also being developed. An RFID having a small storage capacity is sometimes called a transponder. RFIDs are mainly classified into four types according to the communication method (communication frequency used). This classification is named according to the communication distance between the RFID and the reader / writer that reads / writes it, and is called a contact type, a proximity type, a proximity type, and a microwave type in order of increasing communication distance. The close contact type uses short wave electrostatic induction, and its communication distance is several millimeters. The proximity type uses short-wave electromagnetic induction, and the communication distance is about 1 cm to 30 cm. The proximity type uses long-wave electromagnetic induction, and its communication distance is about 30 to 70 cm. The microwave type literally uses microwave electromagnetic induction, and the communication distance is about 3m to 10m. Microwave type IC cards often use batteries as a power source, but the other three types of cards are usually battery-free ones that obtain power by electromagnetic induction from a reader / writer. In this embodiment, it is assumed that a proximity type or a microwave type is used.
[0023]
As shown in FIG. 1, the system of this embodiment is constructed in one confidential room 100. Confidential documents subject to copy management are stored in the bookcase 108. As shown in FIG. 2, RFID 201 is attached to confidential document 200. The book shelf 108 and the copying machine 106 are in the same secret room 100, and the entrance is protected by a door 107 with a reader / writer 103.
[0024]
The reader / writer is provided not only in the door 107 but also in the copier 106 and the book shelf 108 (reader / writer 102 and reader / writer 109). Each reader / writer 102, 103, 109 is connected to the security management device 104. The security management device 104 is connected to a storage device 105 that stores the ID number of each user and each document, conditions for permitting copying of confidential documents, which will be described later, and the like. Each reader / writer emits an interrogation wave, for example, at regular intervals (for example, about several tens of milliseconds to several seconds) or when a specific event occurs. If there is an RFID within the communicable range of the reader / writer, the RFID returns a response wave modulated with data held by itself. Upon receiving this response wave, each reader / writer extracts data included in the response wave and transmits it to the security management device 104.
[0025]
As shown in FIG. 2, each user 202 carries an RFID 203. Even if a user who does not carry the RFID 203 wants to take out a confidential document, the security management apparatus 104 does not permit the opening operation of the door 107 unless the reader / writer 103 detects a valid RFID 203. Do not put in. Further, even if a user who carries an effective RFID does not satisfy the security level of a confidential document and tries to take the confidential document out of the confidential room 100, the security management device 104 prevents the door 107 from being opened. Of course, when entering the room, the security level of the RFID carried is checked to open and close the door.
[0026]
Note that a reader / writer usually includes an antenna that communicates with RFID by radio waves, and a control unit that processes interrogation waves and response waves received by the antenna, and exchanges data with the security management device 104. . In the following, when details are not required, it is not distinguished from the reader / writer antenna, control unit, etc., but simply written as reader / writer.
[0027]
The reader / writer 102 attached to the copying machine 106 is arranged so that the RFID 201 of the confidential document set for copying and the RFID 203 of the user can be read substantially simultaneously.
[0028]
As shown in FIG. 3A, the antenna of the reader / writer 102 is embedded in a cover 302 that holds a document to be copied in the copying machine 300. FIG. 3B shows an example in which another shape (rectangular) antenna 305 of the reader / writer is provided on the pressing side surface of the cover 304 of the copying machine 300. The user places an original on the copy surface 301 and closes the cover 302, and then places his / her RFID 203 on the cover 302. Then, the reader / writer 102 communicates with the RFID attached to the document on the copy surface and the user RFID on the cover 302 (exchange of question wave and response wave), acquires security information held by each, The data is sent to the management device 104. The security management device 104 does not permit copying to the copying machine 106 when the RFID of the user is not detected (that is, the security information of the user RFID does not reach the reader / writer 102). That is, the copying machine 106 in the confidential room 100 is basically configured not to execute a copying operation unless an operation permission is received from the security management device 104.
[0029]
The data structure of the security information held by the RFID of the confidential document and the RFID of the user is as shown in FIG. 4, for example. That is, the security information is composed of a unique ID number 401 and a security level 402 of the RFID. The ID number 401 becomes the document to which the RFID is attached or the identification information of the user who carries the RFID. The security information may include various types of data other than this, but since these two data are related to the present embodiment, only these are listed here.
[0030]
In the case of a document, the security level 402 is, for example, a positive integer representing the degree of confidentiality of the document. For example, the greater the numerical value, the higher the sensitivity. On the other hand, the security level 402 of the user's RFID is a numerical value representing the highest sensitivity that the user is allowed to handle. Therefore, if the security level of the user's RFID is not higher than the security level of the document's RFID, the user is managed so that the document cannot be taken out or copied. That is, when the security level of the confidential document is K and the security level of the user is M, the copying machine operates only when M ≧ K.
[0031]
FIG. 5 shows a copy management process using RFID. The flowchart in FIG. 5 shows the processing operation of the management apparatus 104. When the user presses the start button of the copying machine 106, this event is transmitted from the controller of the copying machine 106 to the management apparatus 104. Upon receiving this, the management apparatus 104 sends an interrogation wave emission command to the reader / writer 102 of the copying machine 106 (step 1001). Upon receiving this command, the reader / writer 102 sends an interrogation wave from the antenna, and receives a response wave from the RFID of the confidential document placed on the copy surface 301 and the RFID of the user placed on the cover 302 (step). 1002). If there is no response wave (that is, if RFID security information is not transmitted from the reader / writer 102), the determination result in step 1002 is negative (N). In this case, the management apparatus 104 does not perform any processing. finish. Therefore, in this case, since the copying machine 106 is not permitted to perform the copying operation, the copying machine 106 does not perform copying and enters a standby state. If there is a response wave, the management device 104 obtains the security level of the document and the user from the security information of the response wave, and compares the two (step 1003). If the security level of the user is lower than the security level of the document, the determination result in step 1003 is negative (N). In this case, the management apparatus 104 ends the process without doing anything. That is, in this case, since the copying operation permission signal is not sent from the management apparatus 104 to the copying machine 106, the copying machine 106 stands by with the copying operation prohibited. If it is determined in step 1003 that the security level of the user is equal to or higher than the security level of the document, the process proceeds to step 1004, and the management apparatus 104 sends a copying operation permission command to the copying machine 106. As a result, the copying machine 106 is ready for a copying operation, and copies the document on the copy surface 301. When the copying is completed, the management apparatus 104 again waits for a notification from the copying machine 106 that reports a start button press event.
[0032]
Through the processing described above, fine copy management can be performed in consideration of both the confidentiality of the confidential document and the confidential access right given to the user.
[0033]
Further, in the system of the present embodiment, in addition to the copy management using the security level as described above, it is also possible to perform management that allows copying only for a specific user for each document. In this case, the management apparatus 104 is provided with a table as shown in FIG. FIG. 6 shows examples of three types of tables. In the table (a), for each confidential document, an ID and an ID of a user who is permitted to handle (copy or take out) the confidential document are registered. When performing management using this table, the management device 104 extracts the document and user ID numbers from the document and user RFID security information sent from the reader / writer 102 of the copying machine 106, and The table is referenced to determine whether the user is permitted to copy the document. Therefore, in the case of this method, only the ID number information needs to be included in the RFID, and the security level information is not necessary (compare with the example of FIG. 4).
[0034]
In the table of FIG. 6B, the ID of a user who is allowed to handle a document at that level is registered for each security level of the document. In this case, the management apparatus 104 refers to this table based on the security level information of the document received from the reader / writer 102 and the user ID number information to determine whether the user is permitted to copy the document. judge.
[0035]
In the table of FIG. 6C, for each document, the ID and the conditions of the security level of the user who is allowed to handle the document are registered. In this case, the management apparatus 104 determines from the document ID number received from the reader / writer 102 and the user security level whether the user satisfies the conditions shown in the table.
[0036]
If the result of determination based on such a table indicates that the copying permission condition is satisfied, the management apparatus 104 sends a copying operation permission signal to the controller of the copying machine 106. Otherwise, the management device 104 does nothing and as a result the copier 106 remains stationary.
[0037]
As one method, each time copying is performed, the controller of the copying machine 106 sets the default copying operation disabled state. Each time the user presses the copy start button, the RFID added to the document and the user's RFID are read again. This is just an example.
[0038]
Note that a higher level of confidentiality can be maintained by providing a door and a reader / writer 109 in the bookcase 108 for storing confidential documents, and controlling the opening and closing of the door by the security management device 104. That is, the reader / writer 109 identifies the RFID ID number of the user who came near the bookshelf 108, and prevents the door from being opened if the ID number cannot be detected. In this method, the ID of the user who opened the book shelf 108 can be recorded by the management device 104. Furthermore, the reader / writer 109 reads the RFID of the document that the user is trying to take out from the book shelf 108, checks the security level of the user and the user who is trying to take out the document as in the case of copy management, and the user accesses If it is determined that the document is not permitted, an action such as issuing an alarm to the appropriate administrator from the management apparatus 104 can be taken.
[0039]
As described above, in the present embodiment, regarding confidential document copying, detailed confidential management can be performed from both the user and document sides, and unnecessary leakage of confidential matters can be prevented.
[0040]
[Embodiment 2]
This embodiment relates to handling of user RFIDs in copy management, and is related to claim 5.
[0041]
In this embodiment, as shown in FIG. 7, the reader / writer antenna 502 of the copying machine 500 (only the upper structure is shown) is mounted on the document tray of the document feeder 501. In this configuration, the reader / writer antenna 502 is attached so as to cover the portion of the document scanning position below the feeder. The user's RFID is placed in a recess 503 provided in the tray of the feeder 501. If a document to be copied is placed on this, both the user and the RFID of the document can be read without hindering the copying operation. In this case, if even one sheet cannot be read, it cannot be copied. To check whether each photo can be copied one by one, do the following:
[0042]
That is, as another antenna arrangement, it is also preferable to provide an antenna at a position covering the corner portion 504 of the feeder 501 that rotates and passes when the document on the tray is conveyed to the copy surface (platen). In this case, the user's RFID may be placed on the corner portion 504 of the feeder 501. Also in this case, the document and the user's RFID can be read without interfering with the document conveyance during copying.
[0043]
The security management process of this embodiment is basically the same as that of the first embodiment. However, since the document feeder 501 that automatically feeds the document is used, the security management apparatus 104 performs control in consideration of this point.
[0044]
In other words, the control state of the copying machine is reset to a copy prohibited state every time one copy is made. When the document is fed and read, the RFID of the document is read to check its security level. Here, when it is determined in the security level check that the user cannot copy the document, for example, it is preferable to discharge the document without copying and feed the next document. . In this case, only those that can be copied can be copied without interrupting the reading of the document.
[0045]
In the processing procedure, in the processing procedure algorithm of the first embodiment shown in FIG. 5, a step of “sending an instruction to feed a document to the copy surface to the copying machine controller” is added before step 1001. This can be realized by creating a loop instead of the end process and returning the algorithm control before the above feed process. The algorithm may be terminated when nothing is sent even if the document is fed.
[0046]
According to this embodiment, a plurality of documents can be continuously copied while being confidentially managed.
[0047]
[Embodiment 3]
This embodiment relates to another form of the antenna configuration of the reader / writer of the copying machine, and relates to claims 6 and 7.
[0048]
In the first and second embodiments, the user has to place the portable RFID on the copying machine. In this example, the antenna is arranged so that the user can copy while carrying the RFID.
[0049]
In the first method, in addition to a reader / writer for reading a document, a second reader / writer for a user is attached to the front side of the copier, for example. Since the document reader / writer and the user reader / writer have different communication areas, they can simultaneously transmit radio waves and start reading. As shown in FIG. 3, the reader / writer antenna for the user is provided at a corner portion 304 where the upper surface and the front surface of the copying machine intersect. As the antenna, an antenna having a communication distance that covers the position of the user's RFID standing in front of the copier (for example, from the user's chest to the waist) may be selected.
[0050]
In the second method, a loop antenna is attached to the front surface of the copying machine. Since loop antennas usually have the same communication area in front and back, one can read the RFID of the document on the copier, and the other communication area can read the RFID of the user sitting on the waist. I can do it. The copying machine is made of metal, and this communication area is affected by the metal. Therefore, sufficient attention must be paid to the communication power, the shape of the antenna, and the installation location. Further, since the toner used for copying is charged, it is necessary to devise so that no radio wave is transmitted to the roller portion to which the toner is applied. For example, a part of the antenna inside the copying machine may be shielded with metal or the like.
[0051]
In the third method, two RFIDs are read in one communication area of the loop antenna (in the second method, two RFIDs are read in two communication areas formed on both sides of the loop antenna). In this method, it is necessary to fully consider the direction of the antenna. Here, the “direction” of the antenna refers to the direction in which the communication distance from the antenna device is maximized. When the antenna has a loop shape, the direction of the antenna is a direction perpendicular to the plane including the loop. If the direction of the antenna is parallel to the RFID carried by the user, the magnetic flux coming from the antenna will not pass through the small antenna of the user's RFID, making it difficult to read the user's RFID (generally on the copy surface). The document is horizontal and the RFID carried by the user is vertical (such as hanging from the neck). Also, if the antenna direction is parallel to the copy surface, the antenna direction becomes parallel to the RFID of the document, and similarly, the RFID of the document becomes difficult to read. Therefore, if the antenna is installed so as not to be parallel to both the direction of the user's RFID and the direction of the copy surface (they are at right angles to each other), the above problem is solved. For example, if the orientation of the antenna is set at an angle of 45 degrees from each of the horizontal plane defined by the copy plane and the vertical plane facing the user standing at the front of the copier, the RFID of both the user and the document will be It will be readable. As shown in FIG. 8, the reader / writer antenna is placed on the horizontal plane defined by the copy surface of the copier 1100 on which the document 1105 to which the RFID 1101 is attached is set and in front (on the operation panel side). What is necessary is just to arrange | position in the direction close | similar to 45 degree | times as much as possible within the range 1103 of the angle of 90 degree | times between the perpendicular | vertical surfaces facing the standing user 1104 (RFID1102).
[0052]
According to this embodiment, a single reader / writer can read the user's RFID and the document's RFID at the same time without complicated operations such as placing the RFID on the copying machine. Confidential operation control is possible.
[0053]
[Embodiment 4]
This embodiment relates to claim 8.
[0054]
Normally, in an entry / exit management system, one user requests a door opening operation by holding a card with a built-in RFID over a reader / writer installed near the entrance door. At this time, the reader / writer reads the RFID security information and sends the information to the security management device (for example, the device 104 in FIG. 1). The management device determines whether or not the ID number in the security information is a valid ID permitted to access the room with reference to a predetermined management database, and the valid ID If so, open the door, otherwise you cannot open the door.
[0055]
This method is a very strict management method, and in some cases, it may be too strict and inconvenient. For example, if you happen to forget the card, you may not be able to enter the secret room 100 and you will not be able to perform the necessary work. In such a case, it is often the case that a temporary ID card is issued to have the user take care of it, but in many cases there are multiple rooms with different security levels in one building. A temporary ID card may not be able to obtain the same security clearance as the person's real ID card, which may be inconvenient.
[0056]
In addition, in the entrance / exit management device, in general, if one person has a valid card, the accompanying person does not have the card, but the person who has the card opens the door so that the accompanying person can enter the room. Is possible. However, even in this case, if there is no specific person (such as a guardman) who has a valid card, it may be inconvenient because a long time is required until the person comes.
[0057]
Now, the number of people who use a highly sensitive room is limited. Therefore, when there are two or more users, mutual credit guarantees can be made without a special administrator. That is, users in a room with high sensitivity often know each other, and can often guarantee mutual trust. Therefore, convenience is achieved while security is ensured by allowing the user to enter the room according to the credibility of a plurality of users. In this embodiment, entry / exit management is performed in accordance with this concept, which achieves both security and convenience to some extent.
[0058]
In this way, there are many examples in which security is guaranteed if there are two or more people. For example, an old-style bank safe deposit box can be opened only with the principal's key and the bank's key, which is considered a kind of credit guarantee by multiple persons.
[0059]
In addition, when entering a management room for dangerous goods or powerful drugs, only a specific person can use the room, but there are cases where a guard man is asked for permission and a door is opened. In this case, if there are several users, it is possible to enter the room and increase convenience by acquiring mutual credit guarantee. In some cases, the guardman can be abolished to reduce human rights expenses. In hospitals and the like, morphine is sometimes used to suppress the suffering of cancer patients and intractable people. Since this morphine is also seen as a narcotic, only the director can open the safe where morphine is stored. However, morphine may suddenly be needed at night or when there is no director. For example, if you have two doctors, or if you have one doctor and two nurses, you can decide the rule that you can open the safe, and if you can manage according to those rules, the convenience in an emergency will improve Needless to say.
[0060]
In the first, second, and third embodiments, one RFID is attached to a document, while the other is an RFID carried by the user, and the copying machine is installed only when both satisfy the security level. I was able to move it. Both RFIDs hold different attributes (attributes). However, in terms of security control and controller control algorithms, Embodiments 1, 2, and 3 are also managed based on the relationship of security information of a plurality of RFIDs. This can be regarded as a type of system that manages the operation of the target device.
[0061]
There are several levels of security level (confidential access rights) granted to users. Establish rules for how many people at a certain security level can guarantee credit (opening doors, opening safe doors, and other processes are allowed), and reading each person at the same time with a reader / writer Fine security management is possible if the security management device 104 determines whether the RFID security level satisfies the rule and manages processing such as entering a room.
[0062]
As a rule, for example, as a simple example, the highest security level allows one person to enter (or process), and the second level allows more than K (> 1) people to enter the room. There is a rule that entrance is not possible at the following levels. The above is a very simple example, but it is clear that rules can be made using security levels even when one doctor and two or more nurses are allowed to open the safe. . In this embodiment, a mechanism for controlling a predetermined processing operation such as opening / closing of a door based on such a combination of security levels of a plurality of persons is provided.
[0063]
The processing procedure of this embodiment is shown in the flowcharts of FIGS. In the following, the control of the opening / closing device of the entrance door in the entrance management will be described as an example. However, it can be easily understood from the following description that the same security management can be applied to the operation control of the copying machine and other devices requiring security management. It will be.
[0064]
Hereinafter, the algorithm of the present embodiment will be described with reference to the flowcharts of FIGS. Here, since room entry management is taken as an example, see FIG. 1 for the system configuration.
[0065]
As shown in FIG. 9, the reader / writer 103 at the entrance repeatedly transmits an interrogation wave at regular intervals and confirms a response wave from the RFID (step 601). If there is no response wave, the determination in step 601 is negative (N), and the loop is repeated.
[0066]
If there is a response wave, the security management apparatus 104 determines whether or not only one RFID has been confirmed in step 602. If only one RFID can be confirmed, the process proceeds to step 603, where two If the above can be confirmed, the process proceeds to step 604. Details of the procedure in step 603 are described in the flowchart of FIG. 10, and details of the procedure in step 604 are shown in the flowchart of FIG.
[0067]
The detailed procedure of step 603 will be described with reference to FIG. This procedure is a case where the reader / writer has confirmed only one RFID. In this case, in step 701, the security management apparatus 104 determines whether or not the confirmed RFID security level is a level at which permission to open the entrance door can be received.
[0068]
If the permission level is acceptable, an operation permission command is sent to the controller of the device to be controlled (here, the door opening and closing device) (step 702). Otherwise, operation permission is not sent to the target device, and error processing such as warning processing is performed (step 703). In the case of step 703, the door opening / closing device as the target device has not obtained the operation permission, and therefore does not open the door. When step 702 or 703 ends, the process returns to step 601.
[0069]
The detailed procedure of step 604 will be described with reference to FIG. This procedure is processing when a plurality of RFIDs can be confirmed. In this case, in step 801, the management apparatus 104 determines whether or not the security levels of the plurality of RFIDs that can be simultaneously confirmed satisfy the operation permission condition of the target apparatus (door opening / closing apparatus) registered in the management apparatus 104 in advance. judge. The example of FIG. 11 shows the case of the simple rule (rule that it is sufficient that there are more than K people at a certain level) exemplified earlier. In this case, in step 801, it is determined whether there are K or more RFIDs having a predetermined security level or higher. If so (the result of step 801 is Y), an operation permission command is sent to the controller of the door opening / closing device which is the target device (step 802). This opens the entrance door and allows people to enter the room. If the determination result in step 801 is negative (N), error processing such as warning processing is performed (step 803). In this case, since the door opening / closing device has not obtained the operation permission, the door does not open. When step 802 or 803 ends, the process returns to step 601.
[0070]
Although the above has been described with a simple example, various variations are conceivable for the rule for determining whether the operation is permitted in Step 801. For example, a rule that determines the number of people required for each security level, such as “permit if there are one or more people of level 3 to 5 and two or more people of level 1 to 2”, can be considered. Another possible rule is to consider the security level value as a point, and permit when the total security level of RFIDs read simultaneously exceeds a predetermined threshold.
[0071]
As described above, according to the present embodiment, since the operation of the target device (for example, the door opening / closing device) can be controlled from the relationship between the security levels of a plurality of people, security management is performed based only on the security information of one person. Compared to conventional systems, a more flexible system can be constructed.
[0072]
[Embodiment 5]
This embodiment relates to claim 9.
[0073]
In the entrance / exit management, a visitor (visitor) generally enables entry by an accompanying person having a valid ID card (RFID). Even if the person concerned has forgotten the RFID card, it can be put in a guardman, or a name can be registered at a guardhouse and a badge that cannot be opened or closed can be issued. In any case, someone must open and meet someone at the door. In particular, when the person concerned forgets the ID card, it is inconvenient and productivity is lowered.
[0074]
Therefore, in this embodiment, a mechanism for automatically issuing a temporary RFID to a person who has forgotten the visitor or RFID card and automatically assigning a security level to the temporary card by authentication from another party. provide. In other words, in the present embodiment, if other parties recognize a predetermined number or more, a security level equivalent to that of the parties concerned is automatically given to a visitor or the like. Authentication of other parties is done automatically when the visitor accompanies them and passes within the communication range of the reader / writer. That is, for example, to enter an office or the like, if a person with a temporary RFID and a predetermined number of parties required to authenticate the person come near the reader / writer at the entrance, the reader / writer Detecting and writing information from the reader / writer to the temporary RFID with the same security level as those concerned.
[0075]
This is similar to the case of the fourth embodiment described above. The difference is that if there is another predetermined number of people, the door will not open, but another RFID that can open the door is created (more strictly, the RFID is given a security level that can open the door). .
[0076]
However, if you can copy the security level of any card, you can get a higher security card in some way and copy the level to yours. In order to prevent such unauthorized use, for example, a temporary RFID card may have security property information indicating that it is a temporary card. By doing so, the security level can be copied only to a limited special temporary card. Since the temporary card itself is issued in accordance with a certain procedure at a guardhouse or the like, a considerable level of security is ensured. If the expiration date of the temporary card is limited to, for example, one day only, the security is further improved.
[0077]
The processing of this embodiment is as follows. That is, when the security management apparatus 104 acquires security information of a plurality of RFIDs read simultaneously from a certain reader / writer, it is determined whether or not temporary RFID security information is included therein. Whether or not it is a temporary RFID may be determined by whether or not the property information indicating the temporary card described above is included, or the ID number used for the temporary RFID is limited in advance and registered in the management apparatus 104. The determination may be made based on whether or not the read RFID group has a corresponding one. If there is a provisional RFID in the RFID group read at the same time, the management apparatus 104 writes the value of the other RFID group security level read at the same time into the provisional RFID via the reader / writer.
[0078]
In general, if a person who forgets an RFID can request a person in the same department to accompany the person, the security level almost equivalent to that of his / her own can be copied to the temporary RFID.
[0079]
According to the present embodiment, it is possible to automatically write a security level equivalent to that person to the temporary RFID simply by accompanying a person having an effective RFID, so that a desired security setting is manually performed at the temporary card issuing location, etc. Thus, a provisional RFID capable of realizing desired security can be obtained without the hassle.
[0080]
[Embodiment 6]
This embodiment relates to claim 10. In the first, second, and third embodiments, copying is not performed when the security level of the user is lower than the security level of the document. In this case, in this embodiment, an error code indicating that the copy permission condition is not satisfied is sent from the security management apparatus 104 to the copying machine 106. Upon receiving this error code, the controller of the copying machine 106 displays a message indicating that copying cannot be performed, for example, as shown in FIG. 12 corresponding to the code on a liquid crystal display device of an operation panel provided in the copying machine. . Instead of visual display, an audio generation device may be attached to the copying machine 106 to notify the user that copying cannot be performed by audio.
[0081]
According to this embodiment, the user can know why the copying machine cannot be used, and the waste of time caused by not knowing can be saved.
[Brief description of the drawings]
FIG. 1 is a diagram showing a configuration of a secret room to which copy management according to the present invention is applied.
FIG. 2 is a diagram showing users and confidential documents and their RFIDs.
FIG. 3 is a diagram showing an outline of a copier equipped with a reader / writer.
FIG. 4 is a diagram illustrating an example of a data structure of security information possessed by an RFID.
FIG. 5 is a flowchart showing a security control procedure of the copying machine by the security management apparatus.
FIG. 6 is a diagram illustrating an example of a table of permission conditions for a copying operation.
FIG. 7 is a diagram illustrating an example of antenna arrangement of the reader / writer according to the second embodiment.
FIG. 8 is a diagram illustrating an example of an antenna arrangement of a reader / writer according to a third embodiment.
FIG. 9 is a flowchart illustrating an overall processing procedure of the system according to the fourth embodiment.
FIG. 10 is a flowchart showing processing when only one RFID is detected in the system of the fourth embodiment.
FIG. 11 is a flowchart illustrating processing when two or more RFIDs are detected in the system according to the fourth embodiment.
FIG. 12 is a diagram illustrating an example of a display indicating that copying is not possible in the sixth embodiment.
[Explanation of symbols]
100 confidential room, 102, 103, 109 reader / writer, 104 security management device, 105 storage device, 106 copier, 107 door, 108 book shelf, 201, 203 RFID, 300 copier, 301 copy surface, 302 cover, 303 reader ·lighter.

Claims (6)

A system for managing the security operations of copying machines ,
RFID communication means provided in the vicinity of the copier , for communicating with the RFID to obtain security information held by the RFID,
Determining means for determining whether security information acquired substantially simultaneously from two or more RFIDs by the RFID communication means satisfies a pre-registered permission condition for the security-required operation of the copying machine ;
Only when it is determined by the determination means that the permission condition is satisfied, operation control means for permitting the copying machine to execute the security-required operation;
Equipped with a,
The determination unit determines whether or not a combination of security information acquired from an RFID attached to a document set on the copying machine and security information acquired from a user's RFID satisfies the permission condition. And
The RFID communication means includes one antenna for simultaneously reading the RFID of the user and the RFID of the document, and the antenna faces the user standing on the horizontal plane defined by the document reading surface of the copier and the copier front surface. device security management systems that characterized in that it is installed so as not parallel to both the vertical plane. The permission condition is a condition indicating whether the execution of the security action is permitted when the relationship between the security level of the security action target object and the security level of the user instructing the action is permitted.
The determination means obtains each security level from the security information acquired from the RFID attached to the target set in the target device and the security information acquired from the RFID carried by the user. 2. The apparatus security management system according to claim 1, wherein it is determined whether or not a relationship satisfies the permission condition. The permission condition is information indicating correspondence between identification information of the target object and identification information of a user who permits the operation on the target object for each target of the security-required operation,
The determination means obtains identification information from security information acquired from an RFID attached to an object set in the target device and security information acquired from an RFID carried by a user, and the identification information is the permission 2. The apparatus security management system according to claim 1, wherein it is determined whether or not a condition is satisfied. The permission condition is a condition that stipulates the case where the operation requiring security is permitted from the relationship between the number of RFIDs simultaneously communicated by the RFID communication means and the security level of each RFID.
  The apparatus security management system according to claim 1, wherein the determination unit determines whether information of one or more RFIDs simultaneously acquired by the RFID communication unit satisfies the permission condition. The RFID communication means is
  When a specific RFID including property information indicating that the security level can be copied is read simultaneously with a predetermined number of normal RFIDs including security level information, the security level of the normal RFID with respect to the specific RFID The apparatus security management system according to claim 1, wherein: The apparatus security management system according to claim 1, further comprising a notification unit that notifies the user when the permission condition is not satisfied by the determination by the determination unit.

Images