JP4872487B2 - Access restriction management system - Google Patents

Description

  In the communication terminal device such as a personal computer, the present invention is various in using the communication terminal device until the processing is executed when the user does not perform the processing to be executed using the communication terminal device. The present invention relates to an access restriction management system in which usage restrictions are added.

  Conventionally, using a communication terminal device such as a personal computer connected to a computer network, the user is contacted, notified, and notified of various information, and information for training for education is transmitted. is doing.

For example, in order to get employees to acquire the knowledge necessary to do business, use the network to send related information necessary for knowledge acquisition, or send text information for education, After that, send the test question information to confirm whether or not those knowledge has been acquired correctly, and have them send back the answer information to verify whether the employee has sufficiently acquired that knowledge. There is a case to do.
Not only such education but also notifications, notifications, communications, and education using the network can be managed individually and processed efficiently in a short time. It can be used for many employees and is effective.

However, information sent via the network may not be viewed indefinitely due to reasons such as oversight, neglect, or absence due to a long-term business trip, etc. In some cases, reply information or the like may not be sent. In such a case, there is a problem that the person in charge must prompt the user to execute the instructions.
In addition, a system for restricting the use to users on the network is also known, but this is based on a predetermined access authority and is not executed when the requirement is not executed. It is a different system than adding restrictions. (For example, refer to Patent Document 1)

JP 2004-289302 A

  Therefore, the present invention adds a predetermined restriction when the receiver of information such as notification, notification, communication, education, etc. using the network does not execute the requirements of the transmitted information as prescribed. An access restriction management system is provided that facilitates the execution of requirements.

  An access restriction management system according to the present invention includes an IC card having storage means in which unique information is stored, an authentication IC card reader / writer provided in a place where personal authentication is required, and a communication terminal including the IC card reader / writer An access restriction management system comprising a server and a server connected to be able to communicate with the authentication IC card reader / writer and the communication terminal device, wherein the server performs authentication processing based on the unique information; A database registered in association with the specific information, restriction specifying information for specifying a restriction on user authority of the IC card user, and restriction releasing condition information for specifying a condition for releasing the restriction, and the authentication Restriction identification information registered in association with the specific information in the database when authentication is performed by means; Means for transmitting restriction release condition information to the authentication IC card reader / writer, and restriction processing means for performing restriction processing based on the restriction specifying information received from the communication terminal device, the authentication IC card reader / writer Comprises means for reading the unique information from the IC card, and means for writing the restriction specifying information and the restriction release condition information received from the server to the IC card, wherein the communication terminal device comprises the IC card When the display means for displaying the contents of the restriction release condition information read from the IC card by the reader / writer and the process satisfying the restriction release condition specified by the restriction release condition information are executed, the IC card reader The writer has means for deleting the restriction specifying information stored in the storage means of the IC card.

  In the access restriction management system of the present invention, restriction information and restriction release condition information are written in the IC card at the time of authentication. Therefore, when the user of the IC card performs access using the communication terminal device, the restriction is applied. Since restrictions based on information are added, there is an effect that it is possible to promote the execution of these requirements for the recipients of information such as notifications, notifications, communications, and education using the network.

Hereinafter, an access restriction management system according to an embodiment of the present invention will be described in detail with reference to the drawings.
FIG. 1 is a diagram for explaining an outline of the configuration of an access restriction management system according to an embodiment of the present invention, FIG. 2 is a block diagram of the system of an access restriction management system according to an embodiment of the present invention, and FIG. FIG. 4 is a diagram illustrating information registered in a restriction information database used in an access restriction management system according to an embodiment of the invention, and FIG. 4 is a flowchart showing a processing procedure of the system of the access restriction management system according to the embodiment of the invention. It is.

The access restriction management system according to the embodiment of the present invention requires an IC card 2 having storage means for storing unique information such as an employee management number for the user 1 to carry and authentication of the user 1 The authentication IC card reader / writer 3 provided in various places, the communication terminal device 5 provided with the IC card reader / writer 4, and the authentication IC card reader / writer 3 and the communication terminal device 5 communicate with each other via a communication line 8. It consists of a server 6 connected in a possible manner.
In FIG. 1, an authentication IC card reader / writer 3 is provided in the vicinity of an entrance door 7 of a room as a place where personal authentication is required, and when the personal authentication using the IC card 2 is received, the entrance door 7 The door is unlocked and can enter the room.

In the IC card 2, unique information such as employee ID information is registered in advance in the storage means. In addition to this, in the storage means, as shown in FIG. A restriction information database storage area 13 is provided in which restriction information such as a child 10, a release condition ID 11 that is restriction release condition information, and a validity period 12 is written and registered.
The restriction information written in the restriction information database storage area 13 of the storage means of the IC card 2 is stored as necessary when the user 1 uses the IC card 2 to authenticate the IC card reader / writer 3 for authentication. The data is written from the authentication IC card reader / writer 3 to the IC card 2.

Next, the system configuration of the access restriction management system according to the embodiment of the present invention will be described based on FIG.
In the description of this embodiment, the IC card 2 is described as an IC card using a non-contact method. However, the IC card 2 is not limited to the non-contact method, and a contact-type IC card may be used. .
The non-contact IC card 2 includes a storage unit 14, a transmission / reception unit 15, a control unit 16, and the like.
Employee ID information, which is unique information that can identify the user of the IC card 2, is registered in the storage unit 14 in advance.
When the user is a company employee, the IC card 2 is preferably used as an always-held card so as to be used as an employee card.

The IC card reader / writer 4 provided in the communication terminal 5 is provided with a transmission / reception means 17, a storage means 18, a control means 19, an interface (I / F) 20, and the like for communicating with the transmission / reception means 15 of the IC card 2. ing.
The IC card reader / writer 4 is programmed to read the employee ID information, which is unique information stored in the storage unit 14 of the IC card 2, and the restriction information by the transmission / reception unit 15 and transmit the information to the communication terminal 5. Has been.

The communication terminal 5 includes an input unit 21, a storage unit 22, a transmission / reception unit 23, a display unit 24, a restriction information deletion unit 25, a control unit 26, an interface (I / F) 27, a restriction processing unit 34b, and the like. Yes.
The communication terminal 5 uses the release condition ID 11 in the restriction information received from the IC card reader / writer 4, and if the restriction is applied to the user of the communication terminal 5, condition information for releasing the restriction Is displayed on the display means 24.
As the restriction release condition information displayed on the display means 24, what kind of restriction is currently applied to the user who uses the communication terminal 5, and what kind of processing will be performed in the future? An explanation is displayed as to whether or not the restriction is to be lifted.
Then, the user understands what kind of processing he / she should perform by reading the explanation, and can execute the processing necessary for releasing the restriction.

Further, the restriction information deleting means 25, when the user executes correct processing based on the restriction release condition information displayed on the display means 24, the IC card reader / writer 4 applies the IC card 2 to the IC card 2. A signal instructing deletion of the restriction information written in the restriction information database storage area 13 of the storage means of the card 2 is transmitted.
As a result, the restriction information for which necessary processing has been executed is deleted from the storage means 14 of the IC card 2.
When the restriction processing unit 34b receives the restriction information ID read from the IC card 2 by the IC card reader / writer 4, the restriction processing unit 34b has a function of adding restriction items set in advance to the restriction information ID.
The restriction processing unit 34a is also provided in the server 6 and functions when a restriction is imposed on processing on the server 6 side.
By providing the communication terminal 5 with the restriction processing unit 34b, various restrictions based on the restriction information stored in the IC card 2 can be used even when the communication terminal 5 that is not communicably connected to the server 6 is used. To be added.

Next, the authentication IC card reader / writer 3 includes an IC card transmission / reception unit 28 for communicating with the transmission / reception unit 15 of the IC card 2, a storage unit 29, a control unit 30, a transmission / reception unit 31, a locking control unit 32, and the like. Is provided.
The IC card transmitting / receiving means 28 reads the employee ID information, which is unique information stored in the storage means 14 of the IC card 2, and the restriction information received by the authentication IC card reader / writer 3 from the server 6. It has a function of writing in the restriction information database storage area 13 of the storage means 14 of the IC card 2.
In other words, when the user 1 enters the room through the entrance door and uses the IC card 2 to authenticate the user, when the user does not execute the predetermined processing, etc. The system is configured to write the restriction information from the authentication IC card reader / writer 3 to the restriction information database storage area 13 of the storage means 14 of the IC card 2.

  Further, the restriction information is written in the storage means 14 of the IC card 2 according to the execution of the process for each user. However, the restriction information written up to the previous stage is not written repeatedly but written in the past. Only new restriction information that is not present is added and written to the storage means 14 of the IC card 2.

Further, the server 6 includes a transmission / reception means 33, a restriction processing means 34a, a storage means 35, a control means 36, a restriction information transmission means 37, an authentication means 38, a restriction information database 39, and the like.
In the restriction information database 39, as shown in FIG. 3, the restriction information table 45 includes restriction information ID 40 that is restriction specifying information, control target descriptor 41, target device descriptor 42, and release condition ID 43 that is restriction release condition information. Restriction information such as valid period 44 is registered.
Furthermore, as the cancellation condition table 46, a cancellation condition ID 47, a condition type 48, and type-specific information 49 are registered.

When the restriction processing unit 34a receives the restriction information ID or the release condition ID from the communication terminal 5, the restriction processing unit 34a adds a preset restriction item to the ID, or releases the state in which the restriction is added. It has a function to make it.
The restriction information transmission unit 37 has a function of transmitting the restriction information in the restriction information table registered in the restriction information database 39 to the authentication IC card reader / writer 3 in order to write the restriction information in the storage unit 14 of the IC card 2.
The authentication IC card reader / writer 3 receives the restriction information from the server 6 and writes the restriction information to the storage means 14 of the IC card 2 when the user is authenticated using the IC card 2. I do.
The authentication unit 38 has a function of performing an authentication process based on employee ID information read from the IC card 2 by the authentication IC card reader / writer 3.

Next, the processing procedure of the access restriction management system according to the embodiment of the present invention will be described with reference to the flowchart shown in FIG.
First, in order to receive authentication when the user 1 enters the room, the IC card 2 is brought close to the authentication IC card reader / writer 3 provided near the entrance door 7 of the room and stored in the IC card 2. Employee ID information is read. (Step S1)
The employee ID information is transmitted from the authentication IC card reader / writer 3 to the server 6. (Step S2)
Then, the server 6 performs an authentication process based on the employee ID information received from the authentication IC card reader / writer 3. (Step S3)

When the server 6 authenticates with the received employee ID information, the restriction that has not yet been transmitted from the restriction information given to the employee corresponding to the employee ID information from the registration information of the restriction information database 39 Information is extracted from the restriction information table. (Step S4)
In this case, the restriction information that has already been transmitted is not transmitted again, and only new restriction information registered after the previous transmission is transmitted.
Then, the extracted restriction information is transmitted to the authentication IC card reader / writer 3. (Step S5)
After that, the user can open the entrance door when the authentication is received, and is stored in the IC card 2 by the IC card reader / writer 4 of the communication terminal 5 when entering the room and using the communication terminal 5. Employee ID information and restriction information are read. (Step S6)

The communication terminal 5 displays on the display means the restriction items and the method for releasing the restriction as the contents of the read restriction information. (Step S7)
The user 1 performs the necessary measures for releasing the restriction based on the contents displayed on the display means, so that the restriction information registered in the storage means 14 of the IC card 2 by the IC card reader / writer 4 of the communication terminal 5. Processing to delete is performed. (Step S8)
In addition, when the user 1 does not perform the measures necessary for releasing the restriction, the user 1 performs various processes determined in advance when performing processing using the communication terminal 5 or performing processing using the server 6. Since restrictions are applied, troubles such as inability to perform business operations are caused.

  As described above, the access restriction management system of the present invention can apply various restrictions to the user when the user of the communication terminal 5 does not perform the processing to be performed. Prompt even if the information sent through use is overlooked, ignored, or not viewed due to a long-term business trip, etc. There is no need to do so, and it is possible for the user to perform such processing.

It is a figure explaining the outline | summary of a structure of the access restriction management system which concerns on embodiment of this invention. 1 is a block diagram of a system of an access restriction management system according to an embodiment of the present invention. It is a figure explaining the information registered in the restriction | limiting information database used for the access restriction management system which concerns on embodiment of this invention. It is a flowchart figure which shows the process sequence of the system of the access restriction management system which concerns on embodiment of this invention.

Explanation of symbols

1 user
2 IC card
3 IC card reader / writer for authentication
4 IC card reader / writer
5 Communication terminal equipment
6 servers
7 Entrance door
8 communication lines
9,40 Restricted information ID
10,42 Target device descriptor
11, 43 Cancel condition ID
12,44 Valid period
13 Restriction information database storage area
14, 18, 22, 29, 35 storage means
15, 15, 17, 23, 31, 33 Transmission / reception means
16, 19, 26, 30, 36 Control means
20, 27 Interface (I / F)
21 Input means
24 Display means
25 Restriction information deletion means
28 IC card transmission / reception means
32 Locking control means
34a, 34b Restriction processing means
37 Restriction information transmission means
38 Authentication means
39 Restriction information database
41 Controlled descriptor
45 Restriction information table
46 Release condition table
47 Release condition ID
48 condition types
49 Information by type

Claims (1)

An IC card having storage means for storing unique information; an IC card reader / writer for authentication provided in a place where personal authentication is required; a communication terminal device including an IC card reader / writer; and the IC card reader for authentication An access restriction management system comprising a writer and a server connected to be able to communicate with the communication terminal device,
The server includes an authentication unit that performs authentication processing based on the unique information, the unique information, restriction specifying information that specifies a restriction on a user authority of the IC card user, and a restriction release that specifies a condition for releasing the restriction. A database registered in association with condition information, and restriction specifying information and restriction release condition information registered in association with the unique information in the database when authentication by the authentication unit is performed. And a restriction processing means for performing a restriction process based on restriction specific information received from the communication terminal device,
The authentication IC card reader / writer has means for reading unique information from the IC card, and means for writing the restriction specifying information and the restriction release condition information received from the server to the IC card,
The communication terminal apparatus executes display processing for displaying the contents of the restriction release condition information read from the IC card by the IC card reader / writer, and processing for satisfying the restriction release condition specified by the restriction release condition information An access restriction management system comprising: a means for deleting the restriction specifying information stored in the storage means of the IC card by the IC card reader / writer.

Images