JP4487549B2 - Key device, lock control device, and lock control system - Google Patents

Description

  The present invention relates to a key device, a lock control device, and a lock control system, and more particularly to a key device, a lock control device, and a lock control system that control a lock device in a non-contact state using a plurality of key devices. .

  Conventional locking and unlocking of a door is generally performed using a lock portion that is provided on the door and locks and unlocks the door, and a key that operates the lock portion. Specifically, the operation is performed by inserting a key into the keyhole of the lock portion and pushing or turning it.

  However, there is a problem that inserting a key into a keyhole, pushing or turning the key is not convenient for people with low vision or those who are relatively difficult to perform detailed operations. there were.

  As a system for solving this problem, a lock part provided in the door and in a locked / unlocked state, a key means for transmitting a predetermined radio wave signal and switching the locked / unlocked state, provided in the vicinity of the door, There is known a lock operation system for a residential entrance that includes a recognition control unit that receives a signal from a key means and controls the lock unit to perform locking and unlocking operations (see, for example, Patent Document 1).

In this system, when the user presses the switch of the key means, a signal unique to the key means is transmitted from the key means to the recognition control unit. When receiving the radio signal from the key means, the recognition control unit determines whether or not the received signal is registered in advance, and if the received signal is a registered signal, the state of the lock unit is locked. From the state to the unlocked state or from the unlocked state to the locked state, the user can easily lock and unlock the door without using a conventional key. Further, by pressing the switch of the key means from a remote place, a door corresponding to the key means can be easily found among a plurality of doors having the same shape.

  Furthermore, as a system to which such a system is applied, a system using a plurality of keys for the operation of the lock can be considered. For example, a system is possible in which a plurality of keys having a wireless communication function are prepared, and the lock operation is possible only when all keys are prepared or a majority of keys are prepared. Thus, even when keys are dropped, if the number of keys dropped is less than a majority, the lock can be operated using the remaining keys.

  In order to realize a system that uses a plurality of keys for the operation of a lock, a mechanism for distributing secret information used for authentication to a plurality of keys is necessary. The secret sharing method is mentioned as the method. The secret sharing method is: “It is necessary to distribute the original secret information to a plurality of distributed information, and distribute each of the plurality of distributed information to the members who are involved. In some cases, necessary members gather and bring the distributed information distributed and reconstruct the original secret information ”(see, for example, Non-Patent Document 1).

Using such a method, division information obtained by dividing secret information used for authentication is distributed to a plurality of keys by wireless communication from a lock control unit that controls the lock. In order to prevent unauthorized operation of the lock by wireless communication when distributing the division information from the lock control unit to the plurality of key units by a third party around the lock control unit, A system for preventing eavesdropping by providing a control unit and a function for performing encryption communication in all the key units is also conceivable.
JP 2001-132293 A Okamoto Tatsuaki and Yamamoto Hiroshi “Modern Crypto”, Industrial Books, p. 209-219

  However, in a system with a conventional encryption communication function, since it is necessary to provide all the key units with a function for performing highly reliable encryption communication, there is a problem that the cost increases and the power consumption of the key unit increases. There is. Therefore, it is not realistic to provide an encryption communication function for all key parts.

  Further, even if the encryption communication function is provided for all the key parts, since the lock control part and each key part communicate with each other to exchange the divided information, it takes time to complete the communication with all the key parts. There is a problem that it takes. In particular, it takes a long time when the number of key parts is large. Therefore, the user waits for a long time until communication between the lock control unit and all the key units is completed, near the installation location of the lock control unit (that is, an area where the lock control unit and the key unit can communicate). The convenience of the system is significantly reduced.

  The present invention has been proposed in order to solve the above-described problem, and can divide the division information obtained by dividing the authentication information used for authentication into a plurality of pieces of information with high security to a plurality of key devices. Another object is to provide a highly convenient key device, lock control device, and lock control system.

In order to achieve the above object, a key device according to claim 1 of the present invention is obtained by combining communication means for communicating with the outside in a non-contact state and a plurality of pieces of division information received from each of a plurality of key devices. From the lock control device that controls the lock device by performing authentication by comparing the information to be authenticated and the authentication information, generates the authentication information, and encrypts and transmits a plurality of pieces of divided information obtained by dividing the generated authentication information, When the encrypted authentication information is received by the communication means, a decryption means for decrypting the received authentication information, and a storage means for storing specific division information of the plurality of pieces of division information decrypted by the decryption means When a determination means for determining whether or not separated from the location near the lock control device, wherein the division information other than the specific division information after it is determined that the away from the vicinity of the installation location of the lock controller by the determining means The to other key device for transmitting the divided information received by non-contact communication with the lock controller, and transmits via the communication unit without encryption when changing the state of said lock device controls as a control unit for controlling to transmit specific division information stored in the storage unit to the lock control device via the communication means when changing the state of said lock device , Including.
According to a second aspect of the present invention, there is provided a key device that compares communication means for communicating with the outside in a non-contact state, information obtained by combining a plurality of pieces of division information received from each of the plurality of key devices, and authentication information. Authentication information is received when the encrypted authentication information is received by the communication means from the lock control device that generates and encrypts and transmits the authentication information. Decoding means for decoding the authentication information, generating means for generating a plurality of pieces of division information obtained by dividing the authentication information decoded by the decoding means, and storage means for storing specific division information of the plurality of pieces of division information Determination means for determining whether or not the lock control device is located near the installation location; and division information other than the specific division information after the determination means determines that the lock control device is located near the installation location. To the other key device that transmits the division information received to the lock control device by non-contact communication when changing the state of the lock device via the communication means without encryption. And control means for controlling to transmit the specific division information stored in the storage means to the lock control device via the communication means when changing the state of the lock device. And.

The decryption unit of the key device according to claim 1 receives the plurality of pieces of encrypted division information when the communication unit that communicates with the outside in a non-contact state receives the plurality of pieces of division information . The decryption unit of the key device according to claim 2 receives the encrypted authentication information by the communication unit that communicates with the outside in a non-contact state, and decrypts the received authentication information. Then, the generation unit generates a plurality of pieces of division information obtained by dividing the decrypted authentication information into a plurality of pieces. Here, the communication means is not particularly limited as long as it can communicate with the outside in a non-contact state. For example, the communication means may perform communication by radio communication using radio waves, or use infrared rays or the like. Communication may be performed by optical communication. Also, the method for dividing authentication information is not particularly limited, and for example, a secret sharing method can be used.

The storage means, the specific division information for dividing the information of the multiple is stored. In the storage unit, one piece of division information among the plurality of pieces of division information generated may be stored as specific division information, or some pieces of division information may be stored as specific division information.

The control unit performs control so that the division information other than the specific division information stored in the storage unit is transmitted to another key device without being encrypted via the communication unit. That is, the key device may distribute the divided information to other key device. It should be noted that the division information may be transmitted one by one to each destination device, or a plurality of pieces of division information may be transmitted to each device.

  In addition, when changing the state of the lock device, the control means controls to transmit the specific division information stored in the storage means via the communication means. The state of the locking device includes a locked state and an unlocked state. When the state of the locking device is changed, the state of the locking device is changed from the locked state to the unlocked state, or locked from the unlocked state. When changing to a state.

Therefore, according to the key device according to claim 1, it is possible to receive a plurality of pieces of division information from the lock control device and distribute the received plurality of pieces of division information to other key devices. For example, since the authentication information is received from the lock control device, the received authentication information can be divided into a plurality of pieces to generate a plurality of pieces of divided information, which can be distributed to other key devices. In a system that distributes division information to devices and operates the lock device using the plurality of key devices, a plurality of pieces of division information from one key device while the user is carrying and moving the plurality of key devices. Can be distributed to other key devices. As a result, it is not necessary for the user to wait in one place until the division information has been distributed, thereby improving convenience. In addition, since the division information can be distributed during movement, the risk of the division information being wiretapped is reduced, and the division information can be distributed with high safety.

  The key device may further include decryption means for decrypting the received authentication information when encrypted authentication information is received by the communication means.

Further, by providing the key device according to claims 1 and 2 with the decryption means , encrypted communication with the lock control device becomes possible, and the key device can receive the authentication information or the division information with high security. In particular, when receiving authentication information from a device with a fixed installation location, an eavesdropper is placed near the installation location, and there is a high risk of eavesdropping by a third party. Therefore, eavesdropping near the installation location can be prevented by performing encrypted communication with the key device.

Further, as in the invention according to claim 3, the storage means further stores the authentication information received by the communication means, and the authentication information stored in the storage means is stored in the storage means other than the specific division information. It may further include an erasing unit for erasing after the transmission of the division information is completed. Thereby, safety is improved.

The key device according to claim 1 and claim 2 further includes determination means for determining whether or not the lock control device for controlling the lock device has moved away from the vicinity of the place where the lock control device is installed. wherein after it is determined that remote from the vicinity of the installation location of the lock control unit, the division information other than the specific division information that controls to transmit via said communication means through.

  There is a particularly high risk of eavesdropping near the installation location of the lock control device that controls the lock device. Therefore, when it is determined that the key device has moved away from the vicinity of the place where the lock control device is installed, the division information is transmitted, thereby reducing the risk of the division information being wiretapped and improving the safety.

Note that, as in the invention according to claim 4, when the determination unit becomes unable to communicate with the lock control device, a predetermined time has elapsed since the authentication information was received by the communication unit. When the random time has passed since the authentication information was received by the communication means, and when the vibration detecting means provided in advance detects vibration, the installation location of the lock control device It can be judged that it is away from the vicinity.

  That is, when communication with the lock control device becomes impossible, it can be determined that the key device and the lock control device are sufficiently separated from each other so that communication is impossible. In addition, when a preset time has elapsed after the authentication information is received by the communication means, it is highly likely that the user carrying the key device has moved away from the lock control device, and the key device and the lock control device Can be determined to have left. The same applies when a random time has elapsed since the authentication information was received by the communication means. Furthermore, vibration detection means for detecting vibration in advance is provided in the key device, and when the vibration detection means detects vibration, it can be considered that the user carrying the key device has moved (moved). It can be determined that the device and the lock control device are separated.

The lock control device according to claim 5 is a communication unit that communicates with the outside in a non-contact state, an authentication information generation unit that generates authentication information, and a storage unit that stores the authentication information generated by the authentication information generation unit Generating means for generating a plurality of pieces of divided information obtained by dividing the authentication information generated by the authentication information generating means into a plurality of pieces, and encryption means for encrypting the plurality of pieces of divided information generated by the generating means, When a plurality of pieces of division information encrypted by the encryption means are received by non-contact communication, the received division information is decrypted, specific division information is stored among the decoded division information, and the lock control device is installed. A second key for transmitting the division information other than the specific division information after the determination that it is away from the vicinity of the location to the lock control device when the state of the lock device is changed, by non-contact communication. For the device, A first key device that transmits the information by non-contact communication without encoding and transmits the stored specific division information to the lock control device by non-contact communication when the state of the lock device is changed. On the other hand, from each of the plurality of key devices via the communication means, the transmission control means for controlling the plurality of pieces of division information encrypted by the encryption means to be collectively transmitted via the communication means, and information obtained by combining a plurality of received division information, and authenticating means for performing authentication by comparing the stored authentication information in the storage means, based on the authentication result of the authentication means, the locking device And a lock device control means for controlling.

The storage means of the lock control device according to claim 5 stores the authentication information generated by the authentication information generation means . The generation unit generates a plurality of pieces of division information obtained by dividing the authentication information into a plurality of pieces, and the transmission control unit controls the plurality of pieces of division information to be collectively transmitted via the communication unit. Incidentally, the partition information of said plurality of, that sends collectively encrypts the first key device having a function of distributing the divided information and has a decoding device to a second key device.

  The authentication unit performs authentication by comparing information obtained by combining a plurality of pieces of division information input from a plurality of key devices via the communication unit and authentication information stored in the storage unit. For example, a plurality of pieces of division information input from a plurality of key devices are combined and restored to be the original authentication information, and the restored authentication information and the authentication information stored in the storage means are the same or similar If the value is high, the authentication may be successful, and if the two are completely different, the authentication may be failed.

  Note that a plurality of pieces of division information input from a plurality of key devices may be combined and used for authentication, or some of the plurality of pieces of division information input may be used for authentication.

  The lock control means controls the lock device based on the authentication result of the authentication means. For example, if the authentication result of the authentication means is authentication success, the state of the lock device can be controlled to change, and if the authentication fails, the lock device state can be controlled not to change. In addition, no matter what state the lock device is in, if the authentication is successful, the lock device is controlled to be unlocked, and if the authentication is unsuccessful, the lock device is controlled to be locked. Also good.

As described above, since the plurality of pieces of division information obtained by dividing the authentication information into a plurality of pieces are transmitted from the lock control device in a lump, the portable first key device can receive the plurality of pieces of division information and further receive it. The plurality of pieces of division information can be transmitted to the second key device and distributed. For this reason, division information can be transmitted with high safety. In addition, since the process of generating a plurality of pieces of division information consumes a large amount of power, the lock control apparatus, not the key apparatus, performs this process, so that the key apparatus that is carried by the user and has restrictions in terms of power supply can be used. Power consumption can be reduced.

The lock control device according to claim 6 divides the authentication information generated by the authentication information generation means into a plurality of communication means for communicating with the outside in a non-contact state, authentication information generation means for generating authentication information Generating means for generating a plurality of pieces of division information; storage means for storing authentication information generated by the authentication information generation means and first specific division information of the plurality of pieces of division information generated by the generation means ; An encryption unit that encrypts division information other than the first specific division information of a plurality of pieces of division information generated by the generation unit, and a plurality of pieces of division information encrypted by the encryption unit are received And decoding the received division information, storing the second specific division information among the decoded division information, and determining that it is away from the vicinity of the place where the lock control device is installed. The division information To the second key device that transmits the division information received to the lock control device by contactless communication when the state is changed, to be transmitted by contactless communication without being encrypted, and the state of the lock device The divided information encrypted by the encryption means for the first key device that transmits the stored second specific division information to the lock control device by non-contact communication when changing and transmission control means for controlling to transmit collectively via said communication means, division information and the first stored in the storage means is received from each of a plurality of key device via said communication means and information obtained by combining a plurality of specific division information, and authentication means for performing authentication by comparing the stored authentication information in the storage means, based on the authentication result of the authentication means, the locking device A locking device control means for controlling, It has been made.

The lock control device according to claim 6 stores the authentication information generated by the authentication information generation unit and the specific division information of the plurality of division information generated from the authentication information in the storage unit, and the authentication unit includes: Authentication is performed by comparing information obtained by combining a plurality of pieces of division information input from a plurality of key devices via communication means and a plurality of pieces of specific division information stored in the storage means with authentication information stored in the storage means. I do.

  That is, one or several pieces of division information among the generated pieces of division information are stored as specific division information in the storage means of the lock control device, so that the number of key devices to which the division information is distributed is small. That's it.

The claims 5 and lock control device according to claim 6, the plurality of divided information transmitted collectively via said communication means that have been further comprise configure encryption means for encrypting.

In this way, by providing the encryption means in the lock control device, encrypted communication with the first key device that transmits a plurality of pieces of divided information at once is possible, and the divided information can be transmitted with high safety. it can. In particular, the installation location of the lock control device is often fixed, and there is a high risk that an eavesdropper is installed near the installation location and wiretapped by a third party. Therefore, eavesdropping near the installation location can be prevented by performing encrypted communication with the key device.

The lock control system according to claim 7 is a lock control system including a plurality of key devices and a lock control device, wherein the plurality of key devices include a first key device and at least one second key. A first communication device that communicates with the outside in a non-contact state, a decryption device that decrypts encrypted authentication information received by the first communication device, A generating unit that generates a plurality of pieces of division information obtained by dividing the authentication information decoded by the decoding unit, a first storage unit that stores specific division information of the plurality of pieces of division information, and a lock control device. Determination means for determining whether or not the vicinity of the installation location, and after determining that the determination means is away from the vicinity of the installation location of the lock control device without encrypting the division information other than the specific division information via the first communication means Serial controls so as to send the second key device, through the first communication means specific division information stored in the first storage means when changing the state of the lock device having a first control means for controlling to transmit to the lock control unit Te, the second key device, a second communication means for external communication in a non-contact state, said second communication means by the first of the second storage means for storing the divided information received from the key device, and the lock device state the divided information stored in the second storage means and the second when changing the A second control unit configured to control the lock control device to transmit to the lock control device via the communication unit ; the lock control device configured to communicate with the outside in a non-contact state; and the authentication information an authentication information generating means for generating, generated by the authentication information generating means Third storage means and the authentication information and encryption means for encrypting the authentication information generated by the generating means, the encrypted authentication information in said encryption means said third communication means for storing authentication information Transmission control means for controlling transmission to the first key device via the information, information obtained by combining a plurality of pieces of division information received from each of the plurality of key devices via the third communication means, and authenticating means for performing authentication by comparing the stored authentication information in the storage means, based on the authentication result by the authentication unit, and a, a lock device control means for controlling the lock device.

That is, in the lock control system according to claim 7, transmits the authentication information encrypted from the lock control unit to the first key device. The first key device decrypts the received authentication information, generates a plurality of pieces of division information obtained by dividing the decoded authentication information into a plurality of pieces, stores the specific division information in the first storage means, The division information is transmitted to the second key device after determining that it is away from the vicinity of the place where the lock control device is installed . The lock control device performs authentication by comparing information obtained by combining a plurality of pieces of division information transmitted from a plurality of key devices with previously stored authentication information, and based on the authentication result, the lock device To control.

  In this way, the first key device performs the process of transmitting the division information to the plurality of key devices, so that the user can move the division information to another key while carrying the plurality of key devices. Can be distributed to the device. Compared with a system in which split information is distributed from the lock control device to a plurality of key devices, the time for the user to wait near the installation location of the lock control device is shortened and convenience is improved. In addition, since the division information can be distributed during movement, the risk of the division information being wiretapped is reduced, and the division information can be distributed with high safety.

The lock control system according to claim 8 is a lock control system including a plurality of key devices and a lock control device, wherein the plurality of key devices include a first key device and at least one second key. The first key device includes a first communication unit that communicates with the outside in a non-contact state, and a plurality of encrypted pieces of division information received collectively from the first communication unit. Decoding means for decoding, first storage means for storing specific division information of a plurality of pieces of division information decoded by the decoding means, determination means for judging whether or not the vicinity of the installation location of the lock control device, and After the determination means determines that the lock control device is located away from the vicinity of the place where the lock control device is installed, the division information other than the specific division information is not encrypted and is transmitted to the second key device via the first communication means. and controls to be sent for, tablets Have a first control means for controlling to transmit specific division information stored in the first storage unit to the lock control device via the first communication means when changing the state of the location and said second key unit, non-second communication means for communicating with the outside in contact with, the second for storing divided information received from the first key device by said second communication means storage means, and the divided information stored in the second storage means via said second communication means a second controlling to transmit to the lock control unit when changing the state of said lock device a controlling unit, the lock control unit has a third communication means for communicating with the outside in non-contact state, the authentication information generation means, the authentication information generated by the authentication information generation means for generating authentication information a third storage means for storing, in said authentication information generating means Generating means for generating a done plurality of divided information obtained by dividing the authentication information to the plurality were, encryption means for encrypting the plurality of divided information, the plurality of divided information encrypted by said encryption means dividing received from each of a plurality of key device and transmission control means, via the third communication means for controlling to transmit collectively via said third communication means to said first key device and information obtained by combining a plurality of information, an authentication unit for performing authentication by comparing the third authentication information stored in the storage means, based on the authentication result of the authentication means, controls the lock device It has a locking device controller for, a.

That is, in the lock control system according to the eighth aspect , a plurality of pieces of division information are generated by the lock control device, encrypted to the first key device, and transmitted collectively. The first key device decodes the plurality of pieces of division information received from the lock control device, stores specific division information of the plurality of pieces of division information thus decoded in the first storage means, and locks the other pieces of division information. After determining that it is away from the vicinity of the installation location of the control device, it is transmitted to the second key device. The lock control device performs authentication by comparing information obtained by combining a plurality of pieces of division information transmitted from a plurality of key devices with previously stored authentication information, and based on the authentication result, the lock device To control.

Thereby, the same effect as that of the lock control system according to claim 7 can be obtained. Further, since the lock control device, not the first key device, performs the division information generation processing with large power consumption, the power consumption of the first key device carried by the user and restricted in terms of power supply can be reduced. can do.

The lock control system according to claim 9 is a lock control system including a plurality of key devices and a lock control device, wherein the plurality of key devices include a first key device and at least one second key device. The first key device includes a first communication unit that communicates with the outside in a non-contact state, and decrypts a plurality of pieces of encrypted division information received collectively from the first communication unit. Decoding means, first storage means for storing first specific division information of a plurality of pieces of division information decoded by the decoding means, determination means for determining whether or not the vicinity of an installation location of the lock control device, And after it is judged by the judgment means that it is away from the vicinity of the installation location of the lock control device, the second information via the first communication means without encrypting the division information other than the first specific division information . co be controlled so as to send against the key device , The controls to transmit the first of the first particular division information stored in the storage means when changing the state of the lock device to the lock control device via the first communication means has a first control means, said second key unit, second communication means for external communication in a non-contact state, division information received from the first key device by said second communication means second storage means for storing, and to transmit the divided information stored in the second storage means when changing the state of the lock device to the lock control device via the second communication means a second control means for controlling the said lock control unit has a third communication means for communicating with an external source without contact, and the authentication information generating means for generating authentication information, the authentication information generating means the in division information of multiple obtained by dividing the authentication information to the plurality generated Generating means for forming a third storage means for storing a second specific division information of the plurality of divided information generated by the authentication information generated by the generating means authentication information and said generating means, said generating means encrypting means and, said plurality of divided information encrypted by said encryption means third communication means for encrypting division information other than the second specific division information of the plurality of divided information in generated and transmission control means for controlling to transmit to said first key device collectively via said third communication means split information and the large 3 received from each of a plurality of key device via Authentication means for performing authentication by comparing information obtained by combining a plurality of the second specific division information stored in the storage means and authentication information stored in the third storage means; and the authentication based on the authentication result of the means, control said lock device It has a Gosuru lock device control means.

That is, in the lock control system according to claim 9, stores the first specific division information among the generated plurality of division information a plurality of divided information lock control apparatus in the third storage means, it Other division information is encrypted and transmitted to the first key device in a lump. First key device decodes the divided information received from the lock control unit, the second specific division information of the decoded divided information is stored in the first storage means, other division information the lock control After determining that it is away from the vicinity of the installation location of the device, it is transmitted to the second key device. The second key device receives and stores the division information from the first key device . Lock control apparatus, the information obtained by combining a plurality of first specific division information stored in the split information and a third storage unit that is transmitted from a plurality of key device, authentication stored in advance Authentication is performed by comparing with the information, and the lock device is controlled based on the authentication result.

Thereby, the same effect as that of the lock control system according to claim 8 can be obtained. Further, since the division information is distributed and stored not only in a plurality of key devices but also in the lock control device, the number of key devices to which the division information is distributed can be reduced.

A lock control system according to a tenth aspect is a lock control system including a plurality of key devices and a lock control device, wherein the plurality of key devices include a first key device and at least one second key device. The first key device includes: a first communication unit that communicates with the outside in a non-contact state; a decryption unit that decrypts the encrypted authentication information received by the first communication unit; Generating means for generating a plurality of pieces of division information obtained by dividing the authentication information decrypted by the means, first storage means for storing first specific division information of the plurality of pieces of division information, and the plurality of divisions First control means for controlling to transmit the second specific division information of information to the lock control apparatus via the first communication means, whether or not it is away from the vicinity of the place where the lock control apparatus is installed Judgment means for judging, and the judgment means Lock control device said first and second specific division information other than division information via said first communication means without encryption the second key device after it is determined that remote from the location near the the lock controls to transmit, via said first communication means said first of said first specific division information stored in the storage means when changing the state of the lock device with respect to a second control means for controlling so as to transmit to the control device, the second key device, a second communication means for external communication in a non-contact state, said by the second communication means the second memory means for storing the divided information received from a key device, and said second communication means division information stored in the second storage means when changing the state of said lock device third control that controls to transmit to the lock control device via Has a step, the lock control unit has a third communication means for communicating with an external source without contact, and the authentication information generating means for generating the authentication information, the authentication information generated by the authentication information generating means And third storage means for storing the second specific division information received from the first key device via the third communication means, and authentication information generated by the authentication information generation means. Encryption means for encrypting, transmission control means for controlling the authentication information encrypted by the encryption means to be transmitted to the first key device via the third communication means, and the third split information received via the communication means from each of the plurality of key device, and the information obtained by combining a plurality of the third second specific division information stored in the storage means, said storage Authentication is performed by comparing with authentication information stored in the means Authentication means, based on the authentication result by the authentication unit, and a, a lock device control means for controlling the lock device.

That is, in the lock control system according to the tenth aspect, the authentication information is transmitted after being encrypted from the lock control device to the first key device. The first key device decrypts the received authentication information, generates a plurality of division information obtained by dividing the decoded authentication information into a plurality of pieces, and stores the first specific division information therein in the first storage means. stored advance, and sends the second specific division information to the lock control unit, and transmits the second key device after determining that left the other division information from the vicinity of the installation location of the lock control device. The transmitted division information is stored in the second storage means of the second key device . Further, the second specific division information transmitted to the lock control device is stored in the third storage means of the lock control device. Furthermore, the lock control device, the information obtained by combining a plurality of divided information stored in the split information and a third storage unit that is transmitted from a plurality of key device, the authentication information stored in advance Authentication is performed by comparison, and the lock device is controlled based on the authentication result.

Thereby, the same effect as that of the lock control system according to claim 7 can be obtained. Further, since the division information is distributed and stored not only in a plurality of key devices but also in the lock control device, the number of key devices to which the division information is distributed can be reduced.

In the lock control system according to claims 7 to 10 described above, the first key device and the second key device may each be one or plural.

In the lock control system according to claims 7 to 10 described above, communication performed between the devices is not particularly limited as long as it is communication in a non-contact state. For example, wireless communication using radio waves is possible. Alternatively, optical communication using infrared rays or the like may be used.

Furthermore, when the lock control device of the lock control system according to claims 7 to 10 described above authenticates, a plurality of pieces of division information input from a plurality of key devices may be combined and used for authentication. Some of the plurality of pieces of division information may be combined and used for authentication.

Incidentally, the first key apparatus lock control system according to the claims 7 to 10, includes a determining means for determining whether away from the vicinity of the installation location of the lock control device, the first control It means, after it is determined that remote from the vicinity of the installation location of the lock controller by the determining means, that controls to transmit division information via said first communication means to other key device.

  There is a particularly high risk of eavesdropping near the installation location of the lock control device that controls the lock device. Therefore, when it is determined that the first key device has moved away from the vicinity of the place where the lock control device is installed, the division information is transmitted, thereby reducing the risk of the division information being wiretapped and improving the safety.

As described in claim 11, when the determination unit becomes unable to communicate with the lock control device, a predetermined time has elapsed since the information was received by the first communication unit. When the random time has elapsed since the information was received by the first communication means, and when the vibration detection means provided in advance detects vibration, the lock control device is installed. It can be judged that it is away from the vicinity of the place.

  That is, when communication between the first key device and the lock control device becomes impossible, it can be determined that the plurality of key devices and the lock control device are sufficiently separated. In addition, when a preset time has elapsed since the information was received by the first communication means, there is a high possibility that the user carrying the plurality of key devices has moved away from the lock control device, and the plurality of keys It can be determined that the device and the lock control device are separated. The same applies when a random time has elapsed since the information was received by the first communication means. Furthermore, vibration detection means for detecting vibration in advance is provided in the first key device, and when the vibration detection means detects vibration, it is considered that a user carrying a plurality of key devices has moved (moved). It is possible to determine that the plurality of key devices and the lock control device are separated.

Since it is possible to encrypted communication with the lock controller and the first key device, security is enhanced. In particular, the lock control device is often fixed at an installation location, and the risk of eavesdropping by a third party in the vicinity of the installation location increases, so the first key device and the lock control device as in the present invention. By performing encrypted communication with the device, eavesdropping near the installation location can be prevented.

Further, as described above, since the division information can be distributed from the first key device to another device while the user is carrying and moving a plurality of key devices, it is wiretapped during distribution. Risk is low. For this reason, when the first key device transmits a plurality of pieces of division information to the second device, the division information can be transmitted with high security without being encrypted. Therefore, even if the device (second key device or the like) that receives the division information is not provided with the encryption communication function (decryption function), a highly secure system can be constructed, and the cost can be reduced.

In the lock control system according to any one of claims 7 to 11, the first storage means further stores information transmitted from the lock control apparatus and received by the first communication means, and the first key. The apparatus transmits the information transmitted from the lock control apparatus and received by the first communication means after the transmission of the division information to the second key apparatus is completed by the first control means. An erasing unit for erasing from the storage unit may be further included. This increases safety.

  Division number determining means for determining the number of divisions for dividing the authentication information may be provided in either one of the first key device and the lock control device.

  For example, if the division number determination means is provided on the apparatus side that generates the division information, it is not necessary to perform communication for receiving the division number. Moreover, if the lock control device is provided with the division information determining means, the power consumption of the first key device can be reduced.

  As described above, according to the present invention, instead of the lock control device, one key device transmits the division information obtained by dividing the authentication information used for authentication into a plurality of other key devices. The information can be distributed with high security to a plurality of key devices, and the convenience is improved.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings.

[First Embodiment]
FIG. 1 is a schematic configuration diagram showing a lock control system of the present embodiment.

  This lock control system is carried by a user by a lock unit 40 having a function as a general lock provided in a door or door, a lock control unit 10 provided near the door or door, and controlling the lock unit. And a plurality of key portions for switching the lock / unlock state of the lock portion 40. The plurality of key parts are composed of a high function key part 20 and two low function key parts 30a and 30b.

  The lock unit 40 is connected to the lock control unit 10 and is switched between a locked state and an unlocked state under the control of the lock control unit 10.

  The lock control unit 10 includes a lock operation unit 11, an authentication unit 12, an encryption unit 13, a communication unit 14 to which an antenna 14a is connected, a storage unit 15, a secret information generation unit 16, and a secret information generation start switch. 17.

  The secret information generation start switch 17 is connected to the secret information generation unit 16. Protrusions (not shown) constituting the secret information generation start switch 17 are provided in a state of protruding from the lock control unit 10, and a pair of normally non-contact state is maintained inside the secret information generation start switch 17. An electrode is provided. When the protrusion is pressed by the user, the electrodes inside the secret information generation start switch 17 come into contact with each other and become conductive, and an ON signal is output to the secret information generation unit 16.

  The secret information generation unit 16 is connected to the encryption unit 13, the storage unit 15, and the secret information generation start switch 17. When an ON signal is input from the secret information generation start switch 17, the secret information generation unit 16 generates secret information and generates the generated secret Information is transmitted to the encryption unit 13 and stored in the storage unit 15.

  The storage unit 15 is connected to the authentication unit 12 and the secret information generation unit 16 and stores the secret information generated by the secret information generation unit 16.

  The encryption unit 13 is connected to the communication unit 14 and the secret information generation unit 16, encrypts the secret information generated by the secret information generation unit 16, and outputs the encrypted secret information to the communication unit 14.

  The communication unit 14 is connected to the authentication unit 12 and the encryption unit 13, and transmits the secret information encrypted by the encryption unit 13 to the high function key unit 20 in a non-contact state via the antenna 14a. Division information (described later) is received from the function key unit 20 and the low function key units 30a and 30b in a non-contact state, and the received division information is output to the authentication unit 12.

  The authentication unit 12 is connected to the lock operation unit 11, the communication unit 14, and the storage unit 15, and receives a plurality of pieces of division information received by the communication unit 14 from the high function key unit 20 and the low function key units 30 a and 30 b. The combined secret information is restored to the original secret information, the secret information is read from the storage unit 15, the restored secret information is compared with the secret information read from the storage unit 15, authentication is performed, and the authentication result is locked. To the unit 11.

  The lock operation unit 11 is connected to the authentication unit 12 and the lock unit 40, and switches the state of the lock unit 40 to an unlocked state or a locked state based on the authentication result input from the authentication unit 12.

  In addition, each component of the lock operation unit 11, the authentication unit 12, the encryption unit 13, and the secret information generation unit 16 described above may be configured with a microcomputer having these functions, or have each function. You may comprise with hardware.

  FIG. 2 is a configuration diagram showing a detailed configuration of the high function key unit 20. As shown in the figure, the high function key unit 20 includes a communication unit 21 to which an antenna 21 a is connected, a decryption unit 22, a secret information division unit 23, a storage unit 24, and a secret information division number determination unit 25. It is configured.

  The communication unit 21 is connected to the secret information division unit 23 and the decryption unit 22, receives encrypted secret information from the lock control unit 10 via the antenna 14a in a non-contact state, and receives the received secret Information is output to the decryption unit 22, or the division information generated by the secret information division unit 23 is transmitted to the low function key units 30a and 30b in a non-contact state.

  The decryption unit 22 is connected to the communication unit 21 and the storage unit 24, decrypts the encrypted secret information received by the communication unit 21, and transmits the decrypted secret information to the storage unit 24.

  The storage unit 24 is connected to the secret information division unit 23 and the decryption unit 22 and stores the secret information input from the decryption unit 22 and the division information generated by the secret information division unit 23.

  The secret information division unit 23 is connected to the communication unit 21 and the storage unit 24, reads the secret information stored in the storage unit 24, and determines the number of divisions determined by the secret information division number determination unit 25. A plurality of pieces of division information are generated, and the generated division information is transmitted to another key unit via the communication unit 21.

  The secret information division number determination unit 25 is connected to the secret information division unit 23 and the communication unit 21, transmits a weak radio wave using the communication unit 21, and counts the number of responses to the transmitted radio wave. Thus, the number of other surrounding key parts is detected, the detected number is determined as the number of divisions for dividing the secret information, and is output to the secret information dividing unit 23.

  Each component of the decryption unit 22, the secret information division unit 23, and the secret information division number determination unit 25 described above may be configured by a microcomputer having these functions, or a hardware having each function. You may comprise by wear.

  FIG. 3 is a configuration diagram showing a detailed configuration of the low function key unit 30a. As illustrated, the low function key unit 30 a includes a communication unit 31 and a storage unit 32.

  The communication unit 31 receives the division information transmitted from the high function key unit 20 via the antenna 31a in a non-contact state, or receives the division information stored in the storage unit 32 to the lock control unit 10 in a non-contact state. Or send.

  The storage unit 32 stores the division information generated by the high function key unit 20 and received by the communication unit 31.

  Since the configuration of the low function key unit 30b is the same as that of the low function key unit 30a, description thereof is omitted.

  In the present embodiment, the communication performed by the lock control unit 10, the high function key unit 20, and the low function key units 30a and 30b via the respective communication units is wireless communication performed by weak electromagnetic waves, Communication by various known communication methods can be applied. For communication, IEEE802.15.4, UWB, Bluetooth, ZigBee, weak wireless, or the like may be used.

  Hereinafter, the operation of the lock control system of the present embodiment will be described with reference to FIG.

  The user holds the high function key unit 20 and the low function key units 30a and 30b near the place where the lock control unit 10 is installed. Here, when the user presses the protrusion of the secret information generation start switch 17 of the lock control unit 10, an ON signal is output from the secret information generation start switch 17 to the secret information generation unit 16.

  In step 100, an ON signal is input from the secret information generation start switch 17 to the secret information generation unit 16, and the secret information generation unit 16 starts generating secret information. When the secret information generation unit 16 generates the secret information, the secret information generation unit 16 outputs the generated secret information to the encryption unit 13 and stores it in the storage unit 15.

  In step 102, the encryption unit 13 encrypts the secret information generated by the secret information generation unit 16 and outputs it to the communication unit 14.

  In step 104, the encrypted secret information is transmitted from the communication unit 14 to the high function key unit 20.

  In step 200, the communication unit 21 of the high function key unit 20 receives the encrypted secret information. The communication unit 21 outputs the received secret information to the decryption unit 22.

  In step 202, when the decryption unit 22 inputs the secret information, the decryption unit 22 decrypts the secret information, and stores the decrypted secret information in the storage unit 24.

  In step 204, the secret information dividing unit 23 reads the secret information from the storage unit 24 and divides the secret information into the number of divisions determined by the secret information division number determining unit 25 to generate a plurality of pieces of division information. Here, a secret sharing method is used as a secret information dividing method. The number of divisions may be determined at any time as long as the secret information division unit 23 does not divide the secret information in step 203. The secret information dividing unit 23 stores specific division information of the generated plurality of pieces of division information in the storage unit 24.

  In steps 206 and 208, of the generated division information, division information excluding specific division information is distributed from the communication unit 21 to the low function key units 30a and 30b and transmitted.

  In step 300, the division information transmitted toward the low function key unit 30 a is received by the low function key unit 30 a and stored in the storage unit 32.

  In step 400, the division information transmitted toward the low function key unit 30b is received by the low function key unit 30b and stored in the storage unit 32.

  Next, the operation of the system when the user unlocks the locked door using these key portions in a state where the division information is distributed to the respective key portions in this way will be described.

  A user holding a plurality of key parts (high function key part 20, low function key parts 30a, 30b) moves near the place where the lock control part 10 is installed, and the divided information stored in each key part is transferred to the lock control part. 10 to send. Specifically, when the communication unit of each key unit receives the division information request signal transmitted from the communication unit 31 of the lock control unit 10, the storage unit of each key unit automatically responds to the division information request signal. The division information stored in is transmitted.

  When receiving the division information transmitted from each key unit, the communication unit 14 of the lock control unit 10 outputs the division information to the authentication unit 12. The authentication unit 12 combines the received plurality of pieces of division information to restore the original secret information, and performs authentication by comparing with the secret information stored in the storage unit 15. The authentication unit 12 outputs the authentication result to the lock operation unit 11.

  When the authentication result of the authentication unit 12 is successful, the lock operation unit 11 outputs a control signal for switching from the locked state to the unlocked state to the lock unit 40. Thereby, since the lock | rock part 40 switches to an unlocking state, the user can unlock the locked door.

  When the authentication result of the authentication unit 12 is authentication failure, the lock operation unit 11 does not output a control signal to the lock unit 40. Thereby, the locked part 40 is maintained in the locked state, and the user cannot open the door.

  As described above, according to the present embodiment, the secret information generated by the lock control unit 10 is transmitted to the high function key unit 20, and the high function key unit 20 that has received the secret information divides the secret information. Since the split information is generated by the above and the split information is distributed and transmitted to the other key parts (low function key parts 30a and 30b), the secret information is stored while the user holding the key part is moving. Division and distributed transmission can be performed. Thereby, as compared with the case where the lock control unit 10 transmits the divided information to each key unit in a distributed manner, the lock control unit 10 can transmit with high safety, and the time for the user to wait near the installation location of the lock control unit 10 is shortened. Convenience is improved. Furthermore, since the total time required for communication between the lock control unit 10 and the key unit is shortened, the power consumption of the key unit is reduced and the battery replacement period can be extended.

  In addition, since the encrypted secret information is transmitted from the lock control unit 10 to the high function key unit 20, the security level in the vicinity of the installation location of the lock control unit 10 having a high risk of eavesdropping increases.

  In the present embodiment, the example in which the division information generated by the high function key unit 20 is transmitted only to the low function key units 30 a and 30 b has been described, but may be transmitted to the lock control unit 10. In addition, when there are a plurality of high function key parts, the generated division information can be transmitted to other high function key parts. Thereby, the security of the system can be ensured without increasing the number of low function key units.

  In the present embodiment, an example in which the secret information is stored in the storage unit 24 even after the high function key unit 20 generates and transmits the division information has been described. However, the secret information is stored in the high function key unit 20. In addition, a deletion function for deleting the secret information may be provided, and the secret information in the storage unit 24 may be deleted after the division information is transmitted. Thereby, the safety | security of a system can be improved more.

[Second Embodiment]
In the first embodiment, the example in which the secret information dividing unit is provided in the high-function key unit has been described. However, in the present embodiment, an example in which the secret information dividing unit is provided in the lock control unit will be described. In addition, about the structure similar to 1st Embodiment, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  FIG. 5 is a schematic configuration diagram showing the lock control system of the present embodiment. As shown in the figure, the system configuration includes a lock unit 40, a lock control unit 50, a high function key unit 60, and two low function key units 30a and 30b, as in the first embodiment. ing. However, part of the configuration of the lock control unit 50 and the high function key unit 60 is different from that of the first embodiment. Hereinafter, the configuration of the lock control unit 50 and the high function key unit 60 will be described.

  As shown in FIG. 5, the lock control unit 50 in the present embodiment is provided with a secret information dividing unit 18 that divides secret information. The secret information division unit 18 is connected to the encryption unit 13, the communication unit 14, and the secret information generation unit 16. The secret information dividing unit 18 generates a plurality of pieces of divided information by dividing the secret information generated by the secret information generating unit 16 by the number of divisions received by the communication unit 14, and the generated divided information is encrypted. 13 is output.

  FIG. 6 is a configuration diagram showing a detailed configuration of the high function key unit 60 in the present embodiment. As shown in the figure, the high function key unit 60 in this embodiment is provided with a secret information division number determining unit 25 that determines the number of divisions of secret information. There is no secret information dividing unit to be generated.

  The secret information dividing unit consumes a large amount of power, and the high function key unit 60 is carried by the user. Therefore, the high function key unit 60 is more easily supplied than the lock control unit 50 fixed at the installation location. In many cases, there are restrictions. Therefore, by providing the secret information dividing unit in the lock control unit 50 instead of the high function key unit 60, the power consumption of the high function key unit 50 can be reduced and the power life of the high function key unit 60 can be extended. .

  The secret information division number determination unit 25 is connected to the communication unit 21. The secret information division number determination unit 25 transmits weak radio waves using the communication unit 21, and counts the number of responses to the transmitted radio waves, thereby counting other key units in the vicinity. , The detected number is determined as the division number, and the division number is transmitted to the lock control unit 50 via the communication unit 21.

  Hereinafter, the operation of the lock control system of the present embodiment will be described with reference to FIG. In addition, about the process substantially the same as 1st Embodiment, the same code | symbol is attached | subjected and description is simplified.

  As in the first embodiment, when the user presses the protrusion of the secret information generation start switch 17 of the lock control unit 10, an ON signal is sent from the secret information generation start switch 17 to the secret information generation unit 16 in step 100. The secret information generation unit 16 generates the secret information and stores the generated secret information in the storage unit 15 and outputs it to the secret information division unit 18. Although not shown in the figure, the fact that secret information has been generated is transmitted to the high function key unit 60 via the communication unit 21. The number of divisions determined by the number determination unit 25 is transmitted to the lock control unit 50. The number of divisions may be determined when it is received that secret information has been generated, or may be determined in advance before that.

  In step 101, the secret information division unit 18 divides the generated secret information into the number of divisions received by the communication unit 14, generates a plurality of pieces of division information, and outputs them to the encryption unit 13.

  In step 102, the encryption unit 13 collectively encrypts a plurality of pieces of division information and outputs them to the communication unit 14.

  In step 104, the communication unit 14 transmits the plurality of encrypted pieces of division information to the high function key unit 60 in a lump.

  In step 200, the high function key unit 60 that has received the plurality of pieces of division information decrypts the division information received in step 202 by the decryption unit 22, and stores the decrypted pieces of division information together in the storage unit 24. Further, after storing specific division information among the plurality of pieces of division information stored in other areas of the storage unit 24 as division information of the high function key unit 60, the remaining division information is reduced in Step 206 and Step 208. The function key units 30a and 30b are distributed and transmitted.

  The subsequent processes and the process in which the user operates the lock unit 40 using a plurality of key units are the same as those in the first embodiment.

  As described above, according to the present embodiment, the secret information generated by the lock control unit 10 is divided to generate a plurality of pieces of divided information, and the plurality of pieces of divided information are transmitted to the high function key unit 20, Since the high function key unit 20 transmits the divided information to the other key parts (low function key parts 30a and 30b), the user holding the key part moves as in the first embodiment. During this time, the secret information can be divided and distributedly transmitted. Thereby, as compared with the case where the lock control unit 10 transmits the divided information to each key unit in a distributed manner, the lock control unit 10 can transmit with high safety, and the time for the user to wait near the installation location of the lock control unit 10 is shortened. Convenience is improved. Furthermore, since the total time required for communication between the lock control unit 10 and the key unit is shortened, the power consumption of the key unit is reduced and the battery replacement period can be extended.

  Further, since the secret information dividing unit that generates a plurality of pieces of divided information by dividing the secret information is provided not in the high function key unit 60 but in the lock control unit 50, the power consumption of the high function key unit 60 is reduced. The power life of the high function key unit 60 can be extended.

  In the present embodiment, the example in which the division information generated by the lock control unit 50 is stored only in the high function key unit 60 and the low function key units 30a and 30b has been described. May be stored. Further, when there are a plurality of high function key parts, the division information can be transmitted and stored to other high function key parts. Thereby, the security of the system can be ensured without increasing the number of low function key units.

  In the present embodiment, an example in which a plurality of pieces of division information are stored in the storage unit 24 even after the high function key unit 60 transmits the division information to another key unit has been described. 60 is provided with a deletion function for deleting the division information stored in the storage unit 24, and after the division information is transmitted to another key unit, the division information other than the specific division information is deleted from the storage unit 24. You can also. Thereby, the safety | security of a system can be improved more.

  In this embodiment, the example in which the secret information division number determining unit 25 is provided in the high function key unit 60 has been described. However, the secret information division number determining unit 25 may be provided in the lock control unit 50. Thereby, the power consumption of the high function key part 60 can be reduced more.

[Third Embodiment]
In the present embodiment, an example will be described in which division information is transmitted to another key unit after it is determined that the high function key unit has moved away from the vicinity of the lock control unit installation location.

  The lock control system of the present embodiment is the same as that of the first embodiment except for the configuration of the high function key unit. Therefore, the same components as those in the first embodiment are denoted by the same reference numerals and description thereof is omitted.

  FIG. 8 is a configuration diagram showing a detailed configuration of the high function key unit 70 in the present embodiment. As shown in the figure, the high function key unit 70 is provided with a movement detection unit 26.

  The movement detection unit 26 is connected to the secret information division unit 23, and the user carrying the high function key unit 70 and the low function key units 30a and 30b has moved away from the vicinity of the place where the lock control unit 10 is installed. That is, it is detected that a plurality of key parts have moved away from the vicinity of the place where the lock control unit 10 is installed, and a detection signal is output to notify the secret information dividing unit 23 of the fact.

  Hereinafter, the operation of the lock control system of the present embodiment will be described with reference to FIG. In addition, about the process same as 1st Embodiment, the same code | symbol is attached | subjected and description is simplified.

  The user holds the high function key unit 20 and the low function key units 30 a and 30 b in the vicinity of the place where the lock control unit 10 is installed. As in the first embodiment, in step 100 to step 103, the lock control unit 10 generates secret information, encrypts it, and transmits it to the high function key unit 70. When the high function key unit 70 receives the secret information in step 200, the secret information is decrypted by the decryption unit 22 in step 202 and stored in the storage unit 24.

  In step 203, when the movement detection unit 26 detects that it has moved away from the vicinity of the installation location of the lock control unit 10, it outputs a detection signal to the secret information division unit 23. Here, the movement detection unit 26 periodically communicates with the lock control unit 10 via the communication unit 21, and a detection signal is output when communication becomes impossible.

  In step 204, when a detection signal is input to the secret information dividing unit 23, the secret information dividing unit 23 determines that it is away from the vicinity of the place where the lock control unit 10 is installed, and the secret information is determined by the secret information division number determining unit 25. After dividing into the number of divisions generated, division information is generated, specific division information among the generated division information is stored in the storage unit 24, and then distributed to the low function key units 30a and 30b in step 206 and step 208. To send.

  That is, in the high function key unit 70, the division information is not generated / transmitted until it is determined by the movement detection unit 26 that it is away from the vicinity of the place where the lock control unit 10 is installed.

  Wiretapping is usually performed by placing a wiretap near a place where communication is likely to occur. Accordingly, in order to eavesdrop on wireless communication performed between the high-function key unit 70 and the low-function key units 30a and 30b, a wiretap is arranged near the place where the lock control unit 10 is installed (for example, near the door). There is a high possibility of being. In particular, since the communication between the high function key unit 70 and the low function key units 30a and 30b is not encrypted, the risk of eavesdropping increases.

  Therefore, as in the present embodiment, when it is determined that the lock control unit 10 has a high risk of eavesdropping, the communication between the high function key unit 70 and the low function key units 30a and 30b is determined. If this is performed, it is possible to reduce the risk of the division information being wiretapped by a third party.

  In the present embodiment, an example in which the movement detection unit 26 periodically communicates with the lock control unit 10 via the communication unit 21 and a detection signal is output when communication becomes impossible has been described. Without being limited thereto, when a preset time has elapsed since the reception of the authentication information, when a random time has elapsed since the reception of the authentication information, and previously provided with vibration detecting means in the high function key unit 70 Alternatively, the detection signal may be output at any time when the vibration detection means detects vibration.

  Moreover, although this Embodiment demonstrated the example which provided the movement detection part in the high function key part 70 of 1st Embodiment, a movement detection part was added to the high function key part 60 of 2nd Embodiment. It can also be provided. In this case, the movement detection unit is connected to the communication unit 21 of the high function key unit 60 of the second example, and processing is performed in the same manner as in this embodiment. Thereby, the same effect as the present embodiment can be obtained.

  Further, in the present embodiment, the example in which the division information is generated and transmitted after it is determined that the lock control unit 10 is separated from the vicinity of the installation location has been described. The division information may be generated in advance, and the generated division information may be transmitted after determining that it is away from the vicinity of the place where the lock control unit 10 is installed.

  The present invention is not limited to the first, second, and third embodiments described above, and various design changes can be made within the scope described in the claims. it can.

  For example, the high function key unit does not have to be a device dedicated to the lock control system. For example, instead of the high function key unit, a PDA or a mobile phone having a function capable of communicating with the low function key unit or the lock control unit is used. May be. Thereby, an equivalent function can be realized.

  Further, in each of the above-described embodiments, the example in which the division information is generated using the secret sharing method has been described. However, the present invention is not limited to this, and any method can be used as long as the lock control unit can restore the original secret information. The distributed information may be generated using a simple method.

  Further, in each of the above-described embodiments, the example in which the number of divisions of secret information is determined by the high function key unit detecting the number of other surrounding key units using the communication unit has been described. Without limitation, for example, an arbitrary numerical value may be input to the high function key part by hand in advance, and the input numerical value may be determined as the division number.

  Further, in each of the above-described embodiments, the example in which the division information of each key part is transmitted to the lock control unit when unlocking the locked door has been described. However, the division is performed to lock the unlocked door. Information may be transmitted.

  Further, in each of the above-described embodiments, when the user operates the lock unit using a plurality of key units, the communication unit of each key unit receives the division information request signal transmitted from the communication unit of the lock control unit. However, the present invention is not limited to this. For example, each key unit is provided with a switch or the like, and the user can set each division information stored in the storage unit of each key unit automatically. By pressing the switch or any one of the switches, the division information may be transmitted from each key unit to the lock control unit.

  Further, in each of the above-described embodiments, encryption is not performed in communication between the high function key unit and the low function key unit. However, an encryption function is provided in the low function key unit, and the high function key unit and the low function key unit are provided. In the meantime, encrypted communication equivalent to or lighter than the encrypted communication between the high function key unit and the lock control unit can be performed. Thereby, safety can be further improved.

It is a schematic block diagram which shows the lock control system of 1st and 3rd embodiment. It is the block diagram which showed the detailed structure of the high function key part of 1st Embodiment. It is the block diagram which showed the detailed structure of the low function key part. It is the figure which showed the operation | movement sequence of the lock control part, the high function key part, and the low function key part in the lock control system which concerns on 1st Embodiment. It is a schematic block diagram which shows the lock control system of 2nd Embodiment. It is the block diagram which showed the detailed structure of the high function key part in 2nd Embodiment. It is the figure which showed the operation | movement sequence of the lock control part in the lock control system which concerns on 2nd Embodiment, a high function key part, and a low function key part. It is the block diagram which showed the detailed structure of the high function key part in 3rd Embodiment. It is the figure which showed the operation | movement sequence of the lock control part in the lock control system which concerns on 3rd Embodiment, a high function key part, and a low function key part.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10, 50 Lock control part 11 Lock operation part 12 Authentication part 13 Encryption part 14 Communication part 15 Storage part 16 Secret information generation part 18 Secret information division | segmentation part 20, 60, 70 High function key part 21 Communication part 22 Decryption part 23 Secret information Division unit 24 Storage unit 25 Secret information division number determination unit 26 Movement detection unit 30a, 30b Low function key unit 31 Communication unit 32 Storage unit

Claims (13)

A communication means for communicating with the outside in a non-contact state;
The authentication information is generated by comparing the information obtained by combining a plurality of pieces of division information received from each of the plurality of key devices with the authentication information to control the lock device and generate the authentication information. A decryption unit that decrypts the received authentication information when the communication unit receives the encrypted authentication information from the lock control device that encrypts and transmits the plurality of divided pieces of information;
Storage means for storing specific division information of a plurality of pieces of division information decoded by the decoding means ;
Determining means for determining whether or not the lock control device is away from the vicinity of the installation location;
The division information received by the lock control device when the state of the lock device is changed after the determination means determines that the lock control device has been separated from the vicinity of the installation location when changing the state of the lock device. to other key device for transmitting information in a non-contact communication, storage controls to transmit via said communication means without encryption, in the storage means when changing the state of said lock device Control means for controlling to transmit the specified division information to the lock control device via the communication means;
Key device including A communication means for communicating with the outside in a non-contact state;
A lock that controls authentication by comparing information obtained by combining a plurality of pieces of division information received from each of a plurality of key devices and authentication information to control the lock device, and also generates, encrypts and transmits the authentication information. Decryption means for decrypting the received authentication information when the communication means receives the encrypted authentication information from the control device;
Generating means for generating a plurality of pieces of division information obtained by dividing the authentication information decrypted by the decryption means ;
Storage means for storing specific division information of the plurality of division information;
Determining means for determining whether or not the lock control device is away from the vicinity of the installation location;
The division information received by the lock control device when the state of the lock device is changed after the determination means determines that the lock control device has been separated from the vicinity of the installation location when changing the state of the lock device. to other key device for transmitting information in a non-contact communication, storage controls to transmit via said communication means without encryption, in the storage means when changing the state of said lock device Control means for controlling to transmit the specified division information to the lock control device via the communication means;
Key device including The storage means further stores authentication information received by the communication means,
It has been the authentication information stored in the storage means, the specific further comprising Claim 2 Symbol placing the key device erasing means for erasing after transmission is completed division information other than division information. Said determination means, when communication with the lock control device could not, when the time the authentication information is previously set from being received has passed by the communication unit, the authentication information by the communication means It is determined that when the random time has elapsed since the reception and when the vibration detection means provided in advance detects vibration, the position is determined to be away from the vicinity of the installation location of the lock control device . The key device according to claim 3 . A communication means for communicating with the outside in a non-contact state;
Authentication information generating means for generating authentication information;
Storage means for storing authentication information generated by the authentication information generating means ;
Generating means for generating a plurality of pieces of divided information obtained by dividing the authentication information generated by the authentication information generating means into a plurality of pieces;
Encryption means for encrypting a plurality of pieces of division information generated by the generation means;
When a plurality of pieces of division information encrypted by the encryption means are received by non-contact communication, the received division information is decrypted, specific division information is stored among the decoded division information, and the lock control device is installed. A second key for transmitting the division information other than the specific division information after the determination that it is away from the vicinity of the location to the lock control device when the state of the lock device is changed, by non-contact communication. A non-encrypted communication is transmitted to the device, and the stored specific division information is transmitted to the lock control device by a non-contact communication when the state of the lock device is changed. Transmission control means for controlling a plurality of pieces of division information encrypted by the encryption means to be collectively transmitted to the one key device via the communication means;
Authentication means for performing authentication by comparing information obtained by combining a plurality of pieces of division information received from each of a plurality of key devices via the communication means and authentication information stored in the storage means;
Based on the authentication result of the authentication unit, and the locking device control means for controlling the lock device,
Including a lock control device. A communication means for communicating with the outside in a non-contact state;
Authentication information generating means for generating authentication information;
Generating means for generating a plurality of pieces of divided information obtained by dividing the authentication information generated by the authentication information generating means into a plurality of pieces;
Storage means for storing authentication information generated by the authentication information generation means and first specific division information of a plurality of pieces of division information generated by the generation means ;
Encryption means for encrypting division information other than the first specific division information of the plurality of division information generated by the generation means;
When a plurality of pieces of division information encrypted by the encryption means are received, the received division information is decrypted, second specific division information is stored among the decoded division information, and the lock control device is installed Secondly, after the division information is determined to be away from the vicinity, the division information other than the second specific division information is transmitted to the lock control device when the state of the lock device is changed. The key device is transmitted by non-contact communication without encryption, and when the state of the lock device is changed, the stored second specific division information is transmitted to the lock control device by non-contact communication. Transmission control means for controlling the first key device to be transmitted to transmit the division information encrypted by the encryption means collectively through the communication means;
Information obtained by combining a plurality of division information received from each of a plurality of key devices via the communication means and a plurality of the first specific division information stored in the storage means, and stored in the storage means Authentication means for performing authentication by comparing with the authentication information,
Based on the authentication result of the authentication unit, and the locking device control means for controlling the lock device,
Including a lock control device. A lock control system including a plurality of key devices and a lock control device,
The plurality of key devices include a first key device and at least one second key device;
The first key device includes a first communication unit that communicates with the outside in a non-contact state, a decryption unit that decrypts encrypted authentication information received by the first communication unit, and a decryption unit. A generating unit that generates a plurality of pieces of division information obtained by dividing the decrypted authentication information into a plurality of pieces, a first storage unit that stores specific division information of the plurality of pieces of division information, and the vicinity of the place where the lock control device is installed Determining means for determining whether or not the first communication is performed without encrypting division information other than the specific division information after it is determined by the determination means that the lock control device has been separated from the vicinity of the installation location; controls so as to send to said second key device via the means, specific division information the first stored in the first storage means when changing the state of the lock device The lock control via communication means Having a first control means for controlling to transmit the location,
Said second key unit, second communication means for external communication in a non-contact state, the second storage means for storing the divided information received from the first key device by said second communication means and second control means for controlling so as to transmit the divided information stored in the second storage means when changing the state of the lock device to the lock control device via the second communication means Have
The lock control device includes:
A third communication means for communicating with the outside in a non-contact state;
Authentication information generating means for generating the authentication information;
Third storage means for storing authentication information generated by the authentication information generation means ;
Encryption means for encrypting the authentication information generated by the authentication information generation means;
Transmission control means for controlling the authentication information encrypted by the encryption means to be transmitted to the first key device via the third communication means;
Authentication means for performing authentication by comparing information obtained by combining a plurality of pieces of division information received from each of a plurality of key devices via the third communication means and authentication information stored in the storage means; ,
Based on the authentication result by the authentication unit, and the locking device control means for controlling the lock device,
Having a lock control system. A lock control system including a plurality of key devices and a lock control device,
The plurality of key devices include a first key device and at least one second key device;
The first key device includes a first communication unit that communicates with the outside in a non-contact state, and a decryption unit that decrypts a plurality of pieces of encrypted division information received collectively from the first communication unit. A first storage unit that stores specific division information of the plurality of pieces of division information decoded by the decoding unit, a determination unit that determines whether or not the vicinity of the installation location of the lock control device, and the determination unit sent to the lock control device the specific division information other than division information via said first communication means without encryption the second key device after it is determined that remote from the location near the And control to transmit the specific division information stored in the first storage means to the lock control device via the first communication means when changing the state of the lock device. having a first control means for,
Said second key unit, second communication means for external communication in a non-contact state, the second storage means for storing the divided information received from the first key device by said second communication means and second control means for controlling so as to transmit the divided information stored in the second storage means when changing the state of the lock device to the lock control device via the second communication means Have
The lock control device includes:
A third communication means for communicating with the outside in a non-contact state;
Authentication information generating means for generating authentication information;
Third storage means for storing authentication information generated by the authentication information generation means ;
Generating means for generating a plurality of pieces of divided information obtained by dividing the authentication information generated by the authentication information generating means into a plurality of pieces;
An encryption means for encrypting the plurality of pieces of division information;
And transmission control means for controlling so that the plurality of divided encrypted information collectively via said third communication means for transmitting to said first key device by said encryption means,
Authentication is performed by comparing information obtained by combining a plurality of pieces of division information received from each of a plurality of key devices via the third communication means and authentication information stored in the third storage means. Authentication means to perform;
Based on the authentication result of the authentication unit, and the locking device control means for controlling the lock device,
Having a lock control system. A lock control system including a plurality of key devices and a lock control device,
The plurality of key devices include a first key device and at least one second key device;
The first key device includes a first communication unit that communicates with the outside in a non-contact state, and a decryption unit that decrypts a plurality of pieces of encrypted division information received collectively from the first communication unit. , a first particular first memory means for storing divided information, the lock control unit determining means determines whether or not remote from the location near the plurality of divided information decoded by said decoding means, and said After the determination means determines that the lock control device is located away from the vicinity of the installation location, the second key is transmitted via the first communication means without encrypting the division information other than the first specific division information. controls so as to send to the device, via the first communication means said first of said first specific division information stored in the storage means when changing the state of the lock device A first control for transmitting to the lock control device; It has a control means,
Said second key unit, second communication means for external communication in a non-contact state, the second storage means for storing the divided information received from the first key device by said second communication means and second control means for controlling so as to transmit the divided information stored in the second storage means when changing the state of the lock device to the lock control device via the second communication means Have
The lock control device includes:
A third communication means for communicating with the outside in a non-contact state;
Authentication information generating means for generating authentication information;
A generating means for generating division information of multiple obtained by dividing the authentication information generated by the authentication information generating means into a plurality,
Third storage means for storing authentication information generated by the authentication information generation means and second specific division information of a plurality of pieces of division information generated by the generation means;
Encryption means for encrypting division information other than the second specific division information of the plurality of division information generated by the generation means;
And transmission control means for controlling so that the plurality of divided encrypted information collectively via said third communication means for transmitting to said first key device by said encryption means,
And information obtained by combining a plurality of respective divided information and the said second specific division information stored in the large third storage means received from the plurality of key device via said third communication means, Authentication means for performing authentication by comparing with authentication information stored in the third storage means;
Based on the authentication result of the authentication unit, and the locking device control means for controlling the lock device,
Having a lock control system. A lock control system including a plurality of key devices and a lock control device,
The plurality of key devices include a first key device and at least one second key device;
The first key device includes a first communication unit that communicates with the outside in a non-contact state, a decryption unit that decrypts encrypted authentication information received by the first communication unit, and a decryption unit. Generating means for generating a plurality of pieces of division information obtained by dividing the decrypted authentication information into a plurality of pieces, first storage means for storing first specific division information of the plurality of pieces of division information, and First control means for controlling the second specific division information to be transmitted to the lock control apparatus via the first communication means, and determining whether or not it is away from the vicinity of the place where the lock control apparatus is installed The first communication unit without encrypting the division information other than the first and second specific division information after the determination unit and the determination unit determine that the lock control device has been separated from the vicinity of the installation location. with respect to the second key device via Controls such that signal, the lock control device via the first communication means said first of said first specific division information stored in the storage means when changing the state of the lock device a second control means for controlling to transmit,
Said second key unit, second communication means for external communication in a non-contact state, the second storage means for storing the divided information received from the first key device by said second communication means and third control means for controlling so as to transmit the divided information stored in the second storage means when changing the state of the lock device to the lock control device via the second communication means Have
The lock control device includes:
A third communication means for communicating with the outside in a non-contact state;
Authentication information generating means for generating the authentication information;
Third storage means for storing the authentication information generated by the authentication information generation means and the second specific division information received from the first key device via the third communication means;
Encryption means for encrypting the authentication information generated by the authentication information generation means;
Transmission control means for controlling the authentication information encrypted by the encryption means to be transmitted to the first key device via the third communication means;
Said third split information received via the communication means from each of the plurality of key device, and information obtained by combining a plurality of the third second specific division information stored in the storage means Authentication means for performing authentication by comparing the authentication information stored in the storage means;
Based on the authentication result by the authentication unit, and the locking device control means for controlling the lock device,
Having a lock control system. The determination unit is configured to execute communication with the lock control device when the communication with the lock control device is disabled, or when a predetermined time has elapsed after information is received by the first communication unit. Claims that when the random time has elapsed since the information was received and when the vibration detecting means provided in advance detects vibration, the position is determined to be away from the vicinity of the lock control device. The lock control system according to any one of 7 to 10 . The first storage means further stores information transmitted from the lock control device and received by the first communication means,
The first key device stores information transmitted from the lock control device and received by the first communication means after the transmission of the division information to the second key device is completed. The lock control system according to any one of claims 7 to 11 , further comprising erasing means for erasing from the means. The lock control system according to any one of claims 7 to 12 , wherein division number determination means for determining the number of divisions for dividing the authentication information is provided in one of the first key device and the lock control device.

Images